openstack
/
openstack-ansible-haproxy_server
Code Issues Proposed changes

Merge "Enable stats to use dedicated server certificate and allow for client cert auth"

This commit is contained in:
Zuul 2023-10-17 04:39:05 +00:00 committed by Gerrit Code Review
parent 07a5545693 04a8f8532a
commit c321f39fc3
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -31,6 +31,8 @@ haproxy_stats_enabled: False
haproxy_stats_bind_address: 127.0.0.1
haproxy_stats_port: 1936
haproxy_stats_ssl: "{{ haproxy_ssl }}"
# haproxy_stats_ssl_cert_path: "{{ haproxy_ssl_cert_path }}/somecustomstatscert.pem"
# haproxy_stats_ssl_client_cert_ca: "{{ haproxy_ssl_cert_path }}/somecustomrootca.pem"
haproxy_username: admin
haproxy_stats_password: secrete
haproxy_stats_refresh_interval: 60

4
templates/haproxy.cfg.j2
View File

@ -39,10 +39,10 @@ defaults
timeout http-request {{ haproxy_http_request_timeout }}
timeout server {{ haproxy_server_timeout }}
maxconn {{ haproxy_maxconn }}
{% if haproxy_stats_enabled | bool %}
{% set haproxy_ssl_path=haproxy_ssl_cert_path + "/haproxy_" + (haproxy_host | default(ansible_facts['hostname'])) + "-" + ((vip_interface is truthy) | ternary(vip_address ~ '-' ~ vip_interface, vip_address)) + ".pem" %}
listen stats
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_stats_ssl_cert_path | default(haproxy_ssl_path) }} {% if haproxy_stats_ssl_client_cert_ca is defined %}verify required ca-file {{ haproxy_stats_ssl_client_cert_ca }}{% endif %}{% endif %}
{% if haproxy_stats_process is defined %}
bind-process {{ haproxy_stats_process }}