fix: Haproxy readyz check must force ssl
This commit is contained in:
parent
f31d21f9da
commit
6651194582
@ -8,7 +8,7 @@ use harmony::{
|
||||
load_balancer::LoadBalancerScore,
|
||||
},
|
||||
topology::{
|
||||
BackendServer, DummyInfra, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancerService,
|
||||
BackendServer, DummyInfra, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancerService, SSL,
|
||||
},
|
||||
};
|
||||
use harmony_macros::ipv4;
|
||||
@ -47,6 +47,7 @@ fn build_large_score() -> LoadBalancerScore {
|
||||
.to_string(),
|
||||
HttpMethod::GET,
|
||||
HttpStatusCode::Success2xx,
|
||||
SSL::Disabled,
|
||||
)),
|
||||
};
|
||||
LoadBalancerScore {
|
||||
|
||||
@ -102,8 +102,17 @@ pub enum HttpStatusCode {
|
||||
ServerError5xx,
|
||||
}
|
||||
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Serialize)]
|
||||
pub enum SSL {
|
||||
SSL,
|
||||
Disabled,
|
||||
Default,
|
||||
SNI,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Serialize)]
|
||||
pub enum HealthCheck {
|
||||
HTTP(String, HttpMethod, HttpStatusCode),
|
||||
HTTP(String, HttpMethod, HttpStatusCode, SSL),
|
||||
TCP(Option<u16>),
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
use async_trait::async_trait;
|
||||
use log::{debug, info, warn};
|
||||
use opnsense_config_xml::{Frontend, HAProxy, HAProxyBackend, HAProxyHealthCheck, HAProxyServer};
|
||||
use opnsense_config_xml::{Frontend, HAProxy, HAProxyBackend, HAProxyHealthCheck, HAProxyServer, MaybeString};
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{
|
||||
@ -241,7 +241,13 @@ pub(crate) fn harmony_load_balancer_service_to_haproxy_xml(
|
||||
// frontend points to backend
|
||||
let healthcheck = if let Some(health_check) = &service.health_check {
|
||||
match health_check {
|
||||
HealthCheck::HTTP(path, http_method, _http_status_code) => {
|
||||
HealthCheck::HTTP(path, http_method, _http_status_code, ssl) => {
|
||||
let ssl: MaybeString = match ssl {
|
||||
crate::topology::SSL::SSL => "ssl".into(),
|
||||
crate::topology::SSL::SNI => "sslni".into(),
|
||||
crate::topology::SSL::Disabled => "nossl".into(),
|
||||
crate::topology::SSL::Default => "".into(),
|
||||
};
|
||||
let haproxy_check = HAProxyHealthCheck {
|
||||
name: format!("HTTP_{http_method}_{path}"),
|
||||
uuid: Uuid::new_v4().to_string(),
|
||||
@ -249,6 +255,7 @@ pub(crate) fn harmony_load_balancer_service_to_haproxy_xml(
|
||||
health_check_type: "http".to_string(),
|
||||
http_uri: path.clone().into(),
|
||||
interval: "2s".to_string(),
|
||||
ssl,
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ use crate::{
|
||||
score::Score,
|
||||
topology::{
|
||||
BackendServer, HAClusterTopology, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancer,
|
||||
LoadBalancerService, Topology,
|
||||
LoadBalancerService, Topology, SSL,
|
||||
},
|
||||
};
|
||||
|
||||
@ -44,6 +44,7 @@ impl OKDBootstrapLoadBalancerScore {
|
||||
"/readyz".to_string(),
|
||||
HttpMethod::GET,
|
||||
HttpStatusCode::Success2xx,
|
||||
SSL::SSL
|
||||
)),
|
||||
},
|
||||
];
|
||||
|
||||
@ -28,7 +28,7 @@ impl<T: Topology + DhcpServer + TftpServer + HttpServer + Router> Score<T> for O
|
||||
}
|
||||
|
||||
fn name(&self) -> String {
|
||||
"OKDIpxeScore".to_string()
|
||||
"OKDipxeScore".to_string()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ use crate::{
|
||||
score::Score,
|
||||
topology::{
|
||||
BackendServer, HAClusterTopology, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancer,
|
||||
LoadBalancerService, Topology,
|
||||
LoadBalancerService, Topology, SSL,
|
||||
},
|
||||
};
|
||||
|
||||
@ -62,6 +62,7 @@ impl OKDLoadBalancerScore {
|
||||
"/readyz".to_string(),
|
||||
HttpMethod::GET,
|
||||
HttpStatusCode::Success2xx,
|
||||
SSL::SSL,
|
||||
)),
|
||||
},
|
||||
];
|
||||
|
||||
Loading…
Reference in New Issue
Block a user