From 0389eece178dcb2c5e4ab561135ccc8b3fc96e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Andr=C3=A9?= Date: Tue, 29 Aug 2017 15:04:25 +0200 Subject: [PATCH] Make curl healthchecks work with internal TLS Implement a new get_url_from_vhost bash function that parses the given vhost configuration file and returns the URL on which the service can be checked. Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97 Closes-Bug: #1713689 --- .../tripleo_kolla_template_overrides.j2 | 2 +- healthcheck/common.sh | 13 +++++++++++++ healthcheck/glance-api | 1 + healthcheck/heat-api | 5 ++--- healthcheck/heat-api-cfn | 5 ++--- healthcheck/ironic-api | 5 ++--- healthcheck/keystone-admin | 5 ++--- healthcheck/keystone-public | 5 ++--- healthcheck/nova-api | 5 ++--- healthcheck/swift-account-server | 1 + healthcheck/swift-container-server | 1 + healthcheck/swift-object-server | 1 + healthcheck/swift-proxy | 1 + 13 files changed, 31 insertions(+), 19 deletions(-) diff --git a/container-images/tripleo_kolla_template_overrides.j2 b/container-images/tripleo_kolla_template_overrides.j2 index a171ea1ec..f1c47a3e8 100644 --- a/container-images/tripleo_kolla_template_overrides.j2 +++ b/container-images/tripleo_kolla_template_overrides.j2 @@ -161,7 +161,7 @@ HEALTHCHECK CMD /openstack/healthcheck {% block heat_api_cfn_footer %} RUN mkdir -p /openstack && \ - ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cnf /openstack/healthcheck && \ + ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && \ chmod -R a+rx /openstack HEALTHCHECK CMD /openstack/healthcheck {% endblock %} diff --git a/healthcheck/common.sh b/healthcheck/common.sh index 9bc272ffc..02443f354 100644 --- a/healthcheck/common.sh +++ b/healthcheck/common.sh @@ -24,3 +24,16 @@ healthcheck_port () { get_config_val () { crudini --get "$1" "$2" "$3" 2> /dev/null || echo "$4" } + +# apachectl -S is slightly harder to parse and doesn't say if the vhost is serving SSL +get_url_from_vhost () { + vhost_file=$1 + server_name=$(awk '/ServerName/ {print $2}' $vhost_file) + ssl_enabled=$(awk '/SSLEngine/ {print $2}' $vhost_file) + bind_port=$(grep -h "" $vhost_file | sed 's//\1/') + proto=http + if [[ $ssl_enabled == "on" ]]; then + proto=https + fi + echo ${proto}://${server_name}:${bind_port}/ +} diff --git a/healthcheck/glance-api b/healthcheck/glance-api index e68e9d1f7..594e9d5ad 100755 --- a/healthcheck/glance-api +++ b/healthcheck/glance-api @@ -5,4 +5,5 @@ bind_host=$(get_config_val /etc/glance/glance-api.conf DEFAULT bind_host 127.0.0.1) bind_port=$(get_config_val /etc/glance/glance-api.conf DEFAULT bind_port 9292) +# glance-api is still eventlet healthcheck_curl http://${bind_host}:${bind_port}/ diff --git a/healthcheck/heat-api b/healthcheck/heat-api index c0cd786e4..d4463339e 100755 --- a/healthcheck/heat-api +++ b/healthcheck/heat-api @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/heat/heat.conf heat_api bind_host 127.0.0.1) -bind_port=$(get_config_val /etc/heat/heat.conf heat_api bind_port 8004) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-heat_api_wsgi.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/heat-api-cfn b/healthcheck/heat-api-cfn index f852ad93d..0e553a338 100755 --- a/healthcheck/heat-api-cfn +++ b/healthcheck/heat-api-cfn @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/heat/heat.conf heat_api_cfn bind_host 127.0.0.1) -bind_port=$(get_config_val /etc/heat/heat.conf heat_api_cfn bind_port 8000) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-heat_api_cfn_wsgi.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/ironic-api b/healthcheck/ironic-api index 4d4afadfc..7853d8e2b 100644 --- a/healthcheck/ironic-api +++ b/healthcheck/ironic-api @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/ironic/ironic.conf api host_ip 127.0.0.1) -bind_port=$(get_config_val /etc/ironic/ironic.conf api port 6385) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-ironic_wsgi.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/keystone-admin b/healthcheck/keystone-admin index a88789463..314126088 100755 --- a/healthcheck/keystone-admin +++ b/healthcheck/keystone-admin @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/keystone/keystone.conf DEFAULT admin_bind_host 127.0.0.1) -bind_port=$(get_config_val /etc/keystone/keystone.conf DEFAULT admin_port 5000) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-keystone_wsgi_admin.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/keystone-public b/healthcheck/keystone-public index add5371e2..2bf07146f 100755 --- a/healthcheck/keystone-public +++ b/healthcheck/keystone-public @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/keystone/keystone.conf DEFAULT public_bind_host 127.0.0.1) -bind_port=$(get_config_val /etc/keystone/keystone.conf DEFAULT public_port 5000) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-keystone_wsgi_main.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/nova-api b/healthcheck/nova-api index fc8ca6117..03204b680 100755 --- a/healthcheck/nova-api +++ b/healthcheck/nova-api @@ -2,6 +2,5 @@ . ${HEALTHCHECK_SCRIPTS:-/usr/share/openstack-tripleo-common/healthcheck}/common.sh -bind_host=$(get_config_val /etc/nova/nova.conf DEFAULT osapi_compute_listen 127.0.0.1) -bind_port=$(get_config_val /etc/nova/nova.conf DEFAULT osapi_compute_listen_port 8774) -healthcheck_curl http://${bind_host}:${bind_port}/ +check_url=$(get_url_from_vhost /etc/httpd/conf.d/10-nova_api_wsgi.conf) +healthcheck_curl ${check_url} diff --git a/healthcheck/swift-account-server b/healthcheck/swift-account-server index bdaf6a401..63195ac6e 100755 --- a/healthcheck/swift-account-server +++ b/healthcheck/swift-account-server @@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then exit 0 fi +# swift-account-server is still eventlet bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1) bind_port=$(get_config_val $conf DEFAULT bind_port 6002) healthcheck_curl http://${bind_host}:${bind_port}/healthcheck diff --git a/healthcheck/swift-container-server b/healthcheck/swift-container-server index f1a96128c..3cde3129c 100755 --- a/healthcheck/swift-container-server +++ b/healthcheck/swift-container-server @@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then exit 0 fi +# swift-container-server is still eventlet bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1) bind_port=$(get_config_val $conf DEFAULT bind_port 6001) healthcheck_curl http://${bind_host}:${bind_port}/healthcheck diff --git a/healthcheck/swift-object-server b/healthcheck/swift-object-server index 1803625cd..d3b79b62c 100755 --- a/healthcheck/swift-object-server +++ b/healthcheck/swift-object-server @@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then exit 0 fi +# swift-object-server is still eventlet bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1) bind_port=$(get_config_val $conf DEFAULT bind_port 6000) healthcheck_curl http://${bind_host}:${bind_port}/healthcheck diff --git a/healthcheck/swift-proxy b/healthcheck/swift-proxy index 1e903d84c..ed7b53d45 100755 --- a/healthcheck/swift-proxy +++ b/healthcheck/swift-proxy @@ -9,6 +9,7 @@ if ! crudini --get $conf pipeline:main pipeline | grep -q healthcheck; then exit 0 fi +# swift-proxy is still eventlet bind_host=$(get_config_val $conf DEFAULT bind_ip 127.0.0.1) bind_port=$(get_config_val $conf DEFAULT bind_port 8080) healthcheck_curl http://${bind_host}:${bind_port}/healthcheck