haproxy for swift doesn't provide httplog as well as X-Forwarded-Proto
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Sergii Golovatiuk |
Bug Description
Digging into swift issues I found that current configuration doesn't provide any haproxy logs for swift backend as well as doesn't set X-Forwarded-Proto which may cause problems such as https:/
Steps to reproduce
==================
Deploy overcloud.
Check haproxy configuration by running
docker exec -it `docker ps --filter name=haproxy --format "{{.ID}}"` cat /etc/haproxy/
Check swift backend
Expected results
================
listen swift_proxy_server
bind 10.0.0.5:13808 transparent ssl crt /etc/pki/
bind 172.16.1.4:8080 transparent
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk GET /healthcheck
option httplog
timeout client 2m
timeout server 2m
server overcloud-
Actual result
=============
listen swift_proxy_server
bind 10.0.0.5:13808 transparent ssl crt /etc/pki/
bind 172.16.1.4:8080 transparent
option httpchk GET /healthcheck
timeout client 2m
timeout server 2m
server overcloud-
Environment
===========
1 ctrl + 1 compute Rocky
1 ctrl + 1 compute Queens
Changed in tripleo: | |
status: | New → Confirmed |
importance: | Undecided → High |
assignee: | nobody → Sergii Golovatiuk (sgolovatiuk) |
milestone: | none → rocky-1 |
Changed in tripleo: | |
status: | Confirmed → In Progress |
no longer affects: | tripleo/queens |
tags: | added: queens-backport-potential |
Reviewed: https:/ /review. openstack. org/561898 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=c5131729e76 2535e8ec778432e 84d82238168388
Committed: https:/
Submitter: Zuul
Branch: master
commit c5131729e762535 e8ec778432e84d8 2238168388
Author: Sergii Golovatiuk <email address hidden>
Date: Tue Apr 17 12:25:59 2018 +0200
Merge default_listen with swift_proxy_ server_ listen_ options
Currently haproxy for swift doesn't have default setting. This generates config
such as
listen swift_proxy_server tls/private/ overcloud_ endpoint. pem controller- 0.storage. localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2
bind 10.0.0.5:13808 transparent ssl crt /etc/pki/
bind 172.16.1.4:8080 transparent
option httpchk GET /healthcheck
timeout client 2m
timeout server 2m
server overcloud-
without
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httplog
This makes really hard to debug in case of issues.
This patch merges default_ listen_ options with swift to have config which is
more reliable for debugging
Closes-Bug: #1764731 ba39db33d6468c2 61c58ee373d
Change-Id: I6716499b4a10f3