[haproxy] Adds http/2 support to HAProxy
This change introduces haproxy_enable_http2 to let operators enable http/2 on HAProxy frontends when kolla_enable_tls_external is enabled. Change-Id: I2e00d3e9193a3052d43a228915ea249794490afe Closes-Bug: #1850924
This commit is contained in:
parent
7186f960d9
commit
f64c86de1d
@ -939,6 +939,8 @@ rabbitmq_datadir_volume: "rabbitmq"
|
|||||||
####################
|
####################
|
||||||
haproxy_user: "openstack"
|
haproxy_user: "openstack"
|
||||||
haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
|
haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
|
||||||
|
haproxy_enable_http2: "yes"
|
||||||
|
haproxy_http2_protocol: "alpn h2,http/1.1"
|
||||||
kolla_enable_tls_internal: "no"
|
kolla_enable_tls_internal: "no"
|
||||||
kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
|
kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
|
||||||
kolla_certificates_dir: "{{ node_config }}/certificates"
|
kolla_certificates_dir: "{{ node_config }}/certificates"
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
#jinja2: lstrip_blocks: True
|
#jinja2: lstrip_blocks: True
|
||||||
{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
|
{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
|
||||||
|
{%- set external_tls_bind_info = "%s %s" % (external_tls_bind_info, haproxy_http2_protocol) if kolla_enable_tls_external|bool and haproxy_enable_http2|bool else external_tls_bind_info %}
|
||||||
{%- set internal_tls_bind_info = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal|bool else '' %}
|
{%- set internal_tls_bind_info = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal|bool else '' %}
|
||||||
|
{%- set internal_tls_bind_info = "%s %s" % (internal_tls_bind_info, haproxy_http2_protocol) if kolla_enable_tls_internal|bool and haproxy_enable_http2|bool else external_tls_bind_info %}
|
||||||
|
|
||||||
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
|
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
|
||||||
userlist {{ service_name }}-user
|
userlist {{ service_name }}-user
|
||||||
|
@ -82,3 +82,13 @@ To set weight of backend per service, modify inventory file as below:
|
|||||||
server1 haproxy_nova_api_weight=10
|
server1 haproxy_nova_api_weight=10
|
||||||
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
|
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
|
||||||
server3 haproxy_keystone_admin_weight=50
|
server3 haproxy_keystone_admin_weight=50
|
||||||
|
|
||||||
|
HTTP/2 Support
|
||||||
|
---------------
|
||||||
|
|
||||||
|
HAProxy with HTTP/2 frontend support is enabled by default. It may be
|
||||||
|
disabled by setting the following in ``/etc/kolla/globals.yml``:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
haproxy_enable_http2: "no"
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds http/2 support to HAProxy frontends.
|
Loading…
Reference in New Issue
Block a user