[haproxy] optionally set socket to allow admin commands
Allow operators to set haproxy socket to admin level. This is done via the flag haproxy_socket_level_admin which is set to "no" by default. Closes-Bug: 1960215 Signed-off-by: Imran Hussain <ih@imranh.co.uk> Change-Id: Ia0da89288d68f5803ace1934c013053f12343195
This commit is contained in:
parent
a82028e3e8
commit
f4bfab57bd
@ -92,4 +92,7 @@ haproxy_defaults_balance: "roundrobin"
|
||||
# https://bugs.launchpad.net/kolla-ansible/+bug/1917068
|
||||
haproxy_host_ipv4_tcp_retries2: "KOLLA_UNSET"
|
||||
|
||||
# HAProxy socket admin permissions enable
|
||||
haproxy_socket_level_admin: "no"
|
||||
|
||||
kolla_externally_managed_cert: False
|
||||
|
@ -12,7 +12,8 @@ global
|
||||
cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
|
||||
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660{% if haproxy_socket_level_admin | bool %} level admin{% endif %}
|
||||
|
||||
{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
|
||||
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
|
||||
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
|
||||
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Implements the HAProxy Admin Socket.
|
||||
Allows operators to set the flag ``haproxy_socket_level_admin``
|
||||
(default: "no") which adds ``level admin`` to socket that gets created at
|
||||
``/var/lib/kolla/haproxy/haproxy.sock`` inside the HAProxy container.
|
||||
This allows operators to interact with HAProxy, including but not limited
|
||||
to disabling backend servers for controlled maintenance operations.
|
||||
`bug 1960215 <https://bugs.launchpad.net/kolla-ansible/+bug/1960215>`__.
|
Loading…
Reference in New Issue
Block a user