commit 45f5c283e32e4753360c4e4c9627043b20a30e24
Author: Michele Baldessari <email address hidden>
Date: Sat May 18 21:18:48 2019 +0200
Fix haproxy stats network binding
a) The haproxy.stats stanza in haproxy config file has pretty much remained the same since newton:
listen haproxy.stats
bind 192.168.24.8:1993 transparent
mode http
stats enable
stats uri /
stats auth admin:tRJre6PnQuN4ZwqKYUygTJArB
b) what we do today with the haproxy stats makes little sense:
- we bind it to the VIP running on the control-plane network on all controller nodes
- de facto we allow to look at the haproxy stat info via web only on the node holding the ctlplane VIP
- since haproxy does not share stats across nodes, we're effectively
limited at looking at the stats info on a single node.
Now imagine ctrl-0 holding the internal_api VIP and ctrl-1 holding the
ctlplane VIP. Basically now the only stats you will be able to see are
the ones relative to keystone_admin (which for other silly reasons has
been moved to ctlplane by default) and very little else.
Tested this and am able to bind the haproxy stat to another network
and to have it listen to the IP of the node on said network (in addition
to the ctrlplane vip which we do not remove as it might break stuff):
Reviewed: https:/ /review. opendev. org/659925 /git.openstack. org/cgit/ openstack/ tripleo- heat-templates/ commit/ ?id=45f5c283e32 e4753360c4e4c96 27043b20a30e24
Committed: https:/
Submitter: Zuul
Branch: master
commit 45f5c283e32e475 3360c4e4c962704 3b20a30e24
Author: Michele Baldessari <email address hidden>
Date: Sat May 18 21:18:48 2019 +0200
Fix haproxy stats network binding
a) The haproxy.stats stanza in haproxy config file has pretty much remained the same since newton: uN4ZwqKYUygTJAr B
listen haproxy.stats
bind 192.168.24.8:1993 transparent
mode http
stats enable
stats uri /
stats auth admin:tRJre6PnQ
b) what we do today with the haproxy stats makes little sense:
- we bind it to the VIP running on the control-plane network on all controller nodes
- de facto we allow to look at the haproxy stat info via web only on the node holding the ctlplane VIP
- since haproxy does not share stats across nodes, we're effectively
limited at looking at the stats info on a single node.
Now imagine ctrl-0 holding the internal_api VIP and ctrl-1 holding the
ctlplane VIP. Basically now the only stats you will be able to see are
the ones relative to keystone_admin (which for other silly reasons has
been moved to ctlplane by default) and very little else.
Tested this and am able to bind the haproxy stat to another network
and to have it listen to the IP of the node on said network (in addition
to the ctrlplane vip which we do not remove as it might break stuff):
listen haproxy.stats fd00:2000: :16:1993 transparent
bind fd00:fd00:
bind 192.168.24.15:1993 transparent
mode http
stats enable
stats uri /
stats auth admin:password
Closes-Bug: #1830334
Depends-On: Iab5f11c3065ff3 4a3543621554e7f 05161d069f2
Change-Id: If2ee15f1e0fcf6 d077cba524fad75 dec7e1144b6