Make curl healthchecks work with internal TLS

Implement a new get_url_from_vhost bash function that parses the given
vhost configuration file and returns the URL on which the service can
be checked.

Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97
Closes-Bug: #1713689
(cherry picked from commit 0389eece17)

container-images/tripleo_kolla_template_overrides.j2

@@ -161,7 +161,7 @@ HEALTHCHECK CMD /openstack/healthcheck
 
 {% block heat_api_cfn_footer %}
 RUN mkdir -p /openstack && \
-    ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cnf /openstack/healthcheck && \
+    ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && \
     chmod -R a+rx /openstack
 HEALTHCHECK CMD /openstack/healthcheck
 {% endblock %}

healthcheck/common.sh

@@ -28,3 +28,16 @@ healthcheck_port () {
 get_config_val () {
   crudini --get "$1" "$2" "$3" 2> /dev/null || echo "$4"
 }
+
+# apachectl -S is slightly harder to parse and doesn't say if the vhost is serving SSL
+get_url_from_vhost () {
+  vhost_file=$1
+  server_name=$(awk '/ServerName/ {print $2}' $vhost_file)
+  ssl_enabled=$(awk '/SSLEngine/ {print $2}' $vhost_file)
+  bind_port=$(grep -h "<VirtualHost .*>" $vhost_file | sed 's/<VirtualHost .*:\(.*\)>/\1/')
+  proto=http
+  if [[ $ssl_enabled == "on" ]]; then
+    proto=https
+  fi
+  echo ${proto}://${server_name}:${bind_port}/
+}

healthcheck/glance-api

@@ -5,4 +5,5 @@
 bind_host=$(get_config_val /etc/glance/glance-api.conf DEFAULT bind_host 127.0.0.1)
 bind_port=$(get_config_val /etc/glance/glance-api.conf DEFAULT bind_port 9292)
 
+# glance-api is still eventlet
 healthcheck_curl http://${bind_host}:${bind_port}/

healthcheck/heat-api

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/heat/heat.conf heat_api bind_host 127.0.0.1)
-bind_port=$(get_config_val /etc/heat/heat.conf heat_api bind_port 8004)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-heat_api_wsgi.conf)
+healthcheck_curl ${check_url}

healthcheck/heat-api-cfn

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/heat/heat.conf heat_api_cfn bind_host 127.0.0.1)
-bind_port=$(get_config_val /etc/heat/heat.conf heat_api_cfn bind_port 8000)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-heat_api_cfn_wsgi.conf)
+healthcheck_curl ${check_url}

healthcheck/ironic-api

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/ironic/ironic.conf api host_ip 127.0.0.1)
-bind_port=$(get_config_val /etc/ironic/ironic.conf api port 6385)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-ironic_wsgi.conf)
+healthcheck_curl ${check_url}

healthcheck/keystone-admin

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/keystone/keystone.conf DEFAULT admin_bind_host 127.0.0.1)
-bind_port=$(get_config_val /etc/keystone/keystone.conf DEFAULT admin_port 5000)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-keystone_wsgi_admin.conf)
+healthcheck_curl ${check_url}

healthcheck/keystone-public

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/keystone/keystone.conf DEFAULT public_bind_host 127.0.0.1)
-bind_port=$(get_config_val /etc/keystone/keystone.conf DEFAULT public_port 5000)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-keystone_wsgi_main.conf)
+healthcheck_curl ${check_url}

healthcheck/nova-api

@@ -2,6 +2,5 @@
 
 . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh
 
-bind_host=$(get_config_val /etc/nova/nova.conf DEFAULT osapi_compute_listen 127.0.0.1)
-bind_port=$(get_config_val /etc/nova/nova.conf DEFAULT osapi_compute_listen_port 8774)
-healthcheck_curl http://${bind_host}:${bind_port}/
+check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-nova_api_wsgi.conf)
+healthcheck_curl ${check_url}

healthcheck/swift-account-server

@@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then
 	exit 0
 fi
 
+# swift-account-server is still eventlet
 bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1)
 bind_port=$(get_config_val $conf DEFAULT bind_port 6002)
 healthcheck_curl http://${bind_host}:${bind_port}/healthcheck

healthcheck/swift-container-server

@@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then
 	exit 0
 fi
 
+# swift-container-server is still eventlet
 bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1)
 bind_port=$(get_config_val $conf DEFAULT bind_port 6001)
 healthcheck_curl http://${bind_host}:${bind_port}/healthcheck

healthcheck/swift-object-server

@@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then
 	exit 0
 fi
 
+# swift-object-server is still eventlet
 bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1)
 bind_port=$(get_config_val $conf DEFAULT bind_port 6000)
 healthcheck_curl http://${bind_host}:${bind_port}/healthcheck

healthcheck/swift-proxy

@@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then
 	exit 0
 fi
 
+# swift-proxy is still eventlet
 bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1)
 bind_port=$(get_config_val $conf DEFAULT bind_port 8080)
 healthcheck_curl http://${bind_host}:${bind_port}/healthcheck