Accept both HTTP and HTTPS also for external VIP during upgrade

openstack/openstack-ansible-haproxy_server

Code Issues Proposed changes

In change [1] we have added functionality to accept both HTTP and
HTTPS during an upgrade.
However it's only limited to internal VIP. I see no reason not to
implement this also for external VIP. Some people may find it useful.
[1] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/829899
Change-Id: I672016b75d4b514d87dbb47119ff549bbc4e923e

This commit is contained in:

Damian Dabrowski

2022年11月16日 19:10:15 +01:00

committed by Dmitriy Rabotyagov

parent 445b15f9c3

commit a30ecbee08

1 changed files with 1 additions and 1 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2
templates/service.j2

View File

@@ -45,7 +45,7 @@ bind {{ vip_address }}:{{ item.service.haproxy_redirect_http_port }}{{ (vip_inte

{# TODO: remove if and section inside if after HTTPS upgrade #}

{# During an upgrade of internal frontends from HTTP to HTTPS, need to accept both HTTP and HTTPS until client config has been changed #}

{% if (item.service.haproxy_tcp_upgrade_frontend | default(false)) and not (loop.index == 1 or vip_address in extra_lb_tls_vip_addresses) and (item.service.haproxy_ssl_all_vips | default(false)) %}

{% if (item.service.haproxy_tcp_upgrade_frontend | default(false)) and (item.service.haproxy_ssl_all_vips | default(false)) %}

{% include 'service-redirect.j2' %}

{% else %}

frontend {{ item.service.haproxy_service_name }}-front-{{ loop.index }}

Accept both HTTP and HTTPS also for external VIP during upgrade

2 templates/service.j2 Unescape Escape View File

2
templates/service.j2

View File