Allow admin access for HAProxy socket
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Cédric Jeanneret deactivated |
Bug Description
Dear Stackers,
In order to get a working let's encrypt web validation, I need to be able to disable backends in HAProxy service so that only the one doing the request is enabled. This would allow the proof to be accessible.
The best way to do that is to send commands to HAProxy socket.
After a quick check, it seems the puppet-tripleo module manages haproxy configuration, at least regarding the socket:
https:/
That line enforces a limited access to the socket (level user) - that level isn't sufficient for sending commends to HAProxy, and must be set to "admin".
Now, I understand that usage is an "advanced" one, and that "admin" access level shouldn't be "by default".
Hence, a new class parameter might be created, something like tripleo:
Would you consider a PR against that project for such a feature? If so, could you link me some doc so that I can make the PR on gerrit?
Thank you :)
Cheers,
C
Changed in tripleo: | |
milestone: | none → queens-1 |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in tripleo: | |
assignee: | nobody → Cédric Jeanneret (cjeanneret-c2c) |
status: | Triaged → New |
Changed in tripleo: | |
status: | New → Triaged |
Fix proposed to branch: master /review. openstack. org/503029
Review: https:/