fix: Haproxy readyz check must force ssl

examples/tui/src/main.rs

@@ -8,7 +8,7 @@ use harmony::{
         load_balancer::LoadBalancerScore,
     },
     topology::{
-        BackendServer, DummyInfra, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancerService,
+        BackendServer, DummyInfra, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancerService, SSL,
     },
 };
 use harmony_macros::ipv4;
@@ -47,6 +47,7 @@ fn build_large_score() -> LoadBalancerScore {
                 .to_string(),
             HttpMethod::GET,
             HttpStatusCode::Success2xx,
+            SSL::Disabled,
         )),
     };
     LoadBalancerScore {

harmony/src/domain/topology/load_balancer.rs

@@ -102,8 +102,17 @@ pub enum HttpStatusCode {
     ServerError5xx,
 }
 
+
+#[derive(Debug, Clone, PartialEq, Serialize)]
+pub enum SSL {
+    SSL,
+    Disabled,
+    Default,
+    SNI,
+}
+
 #[derive(Debug, Clone, PartialEq, Serialize)]
 pub enum HealthCheck {
-    HTTP(String, HttpMethod, HttpStatusCode),
+    HTTP(String, HttpMethod, HttpStatusCode, SSL),
     TCP(Option<u16>),
 }

harmony/src/infra/opnsense/load_balancer.rs

@@ -1,6 +1,6 @@
 use async_trait::async_trait;
 use log::{debug, info, warn};
-use opnsense_config_xml::{Frontend, HAProxy, HAProxyBackend, HAProxyHealthCheck, HAProxyServer};
+use opnsense_config_xml::{Frontend, HAProxy, HAProxyBackend, HAProxyHealthCheck, HAProxyServer, MaybeString};
 use uuid::Uuid;
 
 use crate::{
@@ -241,7 +241,13 @@ pub(crate) fn harmony_load_balancer_service_to_haproxy_xml(
     // frontend points to backend
     let healthcheck = if let Some(health_check) = &service.health_check {
         match health_check {
-            HealthCheck::HTTP(path, http_method, _http_status_code) => {
+            HealthCheck::HTTP(path, http_method, _http_status_code, ssl) => {
+                let ssl: MaybeString = match ssl {
+                    crate::topology::SSL::SSL => "ssl".into(),
+                    crate::topology::SSL::SNI => "sslni".into(),
+                    crate::topology::SSL::Disabled => "nossl".into(),
+                    crate::topology::SSL::Default => "".into(),
+                };
                 let haproxy_check = HAProxyHealthCheck {
                     name: format!("HTTP_{http_method}_{path}"),
                     uuid: Uuid::new_v4().to_string(),
@@ -249,6 +255,7 @@ pub(crate) fn harmony_load_balancer_service_to_haproxy_xml(
                     health_check_type: "http".to_string(),
                     http_uri: path.clone().into(),
                     interval: "2s".to_string(),
+                    ssl,
                     ..Default::default()
                 };
 

harmony/src/modules/okd/bootstrap_load_balancer.rs

@@ -8,7 +8,7 @@ use crate::{
     score::Score,
     topology::{
         BackendServer, HAClusterTopology, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancer,
-        LoadBalancerService, Topology,
+        LoadBalancerService, Topology, SSL,
     },
 };
 
@@ -44,6 +44,7 @@ impl OKDBootstrapLoadBalancerScore {
                     "/readyz".to_string(),
                     HttpMethod::GET,
                     HttpStatusCode::Success2xx,
+                    SSL::SSL
                 )),
             },
         ];

harmony/src/modules/okd/ipxe.rs

@@ -28,7 +28,7 @@ impl<T: Topology + DhcpServer + TftpServer + HttpServer + Router> Score<T> for O
     }
 
     fn name(&self) -> String {
-        "OKDIpxeScore".to_string()
+        "OKDipxeScore".to_string()
     }
 }
 

harmony/src/modules/okd/load_balancer.rs

@@ -8,7 +8,7 @@ use crate::{
     score::Score,
     topology::{
         BackendServer, HAClusterTopology, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancer,
-        LoadBalancerService, Topology,
+        LoadBalancerService, Topology, SSL,
     },
 };
 
@@ -62,6 +62,7 @@ impl OKDLoadBalancerScore {
                     "/readyz".to_string(),
                     HttpMethod::GET,
                     HttpStatusCode::Success2xx,
+                    SSL::SSL,
                 )),
             },
         ];