Simplify reverseproxy for openshift and setup SSL config for it
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk
parent
a0a625fd08
commit
3ffd179216
3 changed files with 21 additions and 9 deletions
|
|
@ -281,7 +281,7 @@
|
|||
website: bodhi.fedoraproject.org
|
||||
destname: bodhi
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: bodhi
|
||||
|
||||
|
|
@ -313,7 +313,7 @@
|
|||
website: koschei.fedoraproject.org
|
||||
destname: koschei
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: koschei
|
||||
|
||||
|
|
@ -661,6 +661,7 @@
|
|||
website: "os{{ env_suffix }}.fedoraproject.org"
|
||||
destname: os
|
||||
balancer_name: os
|
||||
targettype: openshift
|
||||
balancer_members: "{{ openshift_masters }}"
|
||||
keephost: true
|
||||
tags:
|
||||
|
|
@ -670,7 +671,7 @@
|
|||
website: "app.os{{ env_suffix }}.fedoraproject.org"
|
||||
destname: app.os
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags:
|
||||
- app.os.fedoraproject.org
|
||||
|
|
@ -693,7 +694,7 @@
|
|||
website: greenwave.fedoraproject.org
|
||||
destname: greenwave
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: greenwave
|
||||
|
||||
|
|
@ -701,7 +702,7 @@
|
|||
website: waiverdb.fedoraproject.org
|
||||
destname: waiverdb
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: waiverdb
|
||||
|
||||
|
|
@ -709,7 +710,7 @@
|
|||
website: coreos.fedoraproject.org
|
||||
destname: coreos
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: coreos
|
||||
|
||||
|
|
@ -717,7 +718,7 @@
|
|||
website: silverblue.fedoraproject.org
|
||||
destname: silverblue
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: silverblue
|
||||
|
||||
|
|
@ -725,7 +726,7 @@
|
|||
website: stg.release-monitoring.org
|
||||
destname: stg.release-monitoring
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: release-montoring.org
|
||||
when: env == "staging"
|
||||
|
|
@ -734,7 +735,7 @@
|
|||
website: fpdc.fedoraproject.org
|
||||
destname: fpdc
|
||||
balancer_name: app-os
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
targettype: openshift
|
||||
keephost: true
|
||||
tags: fpdc
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,11 @@
|
|||
# - rewrite
|
||||
# - keephost
|
||||
|
||||
- name: Set OpenShift information if not preconfigured
|
||||
set_fact:
|
||||
balancer_members: "{{ openshift_nodes }}"
|
||||
when: targettype == "openshift" and not defined balancer_members
|
||||
|
||||
- name: Copy in ProxyPassReverse for {{destname}} ({{website}}{{remotepath}})
|
||||
template: >
|
||||
src={{item}}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,12 @@ ProxyPreserveHost On
|
|||
{% if balancer_name is defined %}
|
||||
SSLProxyEngine On
|
||||
|
||||
{% if targettype is defined and targettype == "openshift" %}
|
||||
SSLProxyVerify require
|
||||
SSLProxyCheckPeerName Off
|
||||
SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
|
||||
{% endif %}
|
||||
|
||||
<Proxy "balancer://{{balancer_name}}-websocket">
|
||||
{% for member in balancer_members %}
|
||||
BalancerMember "wss://{{ member }}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue