[haproxy] Adds http/2 support to HAProxy

This change introduces haproxy_enable_http2 to let operators enable
http/2 on HAProxy frontends when kolla_enable_tls_external is enabled.

Change-Id: I2e00d3e9193a3052d43a228915ea249794490afe
Closes-Bug: #1850924
This commit is contained in:
Dincer Celik 2019-11-05 11:29:24 +03:00 committed by Michal Arbet
parent 7186f960d9
commit f64c86de1d
4 changed files with 18 additions and 0 deletions

View File

@ -939,6 +939,8 @@ rabbitmq_datadir_volume: "rabbitmq"
#################### ####################
haproxy_user: "openstack" haproxy_user: "openstack"
haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}" haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
haproxy_enable_http2: "yes"
haproxy_http2_protocol: "alpn h2,http/1.1"
kolla_enable_tls_internal: "no" kolla_enable_tls_internal: "no"
kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}" kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
kolla_certificates_dir: "{{ node_config }}/certificates" kolla_certificates_dir: "{{ node_config }}/certificates"

View File

@ -1,6 +1,8 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: True
{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %} {%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
{%- set external_tls_bind_info = "%s %s" % (external_tls_bind_info, haproxy_http2_protocol) if kolla_enable_tls_external|bool and haproxy_enable_http2|bool else external_tls_bind_info %}
{%- set internal_tls_bind_info = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal|bool else '' %} {%- set internal_tls_bind_info = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal|bool else '' %}
{%- set internal_tls_bind_info = "%s %s" % (internal_tls_bind_info, haproxy_http2_protocol) if kolla_enable_tls_internal|bool and haproxy_enable_http2|bool else external_tls_bind_info %}
{%- macro userlist_macro(service_name, auth_user, auth_pass) %} {%- macro userlist_macro(service_name, auth_user, auth_pass) %}
userlist {{ service_name }}-user userlist {{ service_name }}-user

View File

@ -82,3 +82,13 @@ To set weight of backend per service, modify inventory file as below:
server1 haproxy_nova_api_weight=10 server1 haproxy_nova_api_weight=10
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10 server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
server3 haproxy_keystone_admin_weight=50 server3 haproxy_keystone_admin_weight=50
HTTP/2 Support
---------------
HAProxy with HTTP/2 frontend support is enabled by default. It may be
disabled by setting the following in ``/etc/kolla/globals.yml``:
.. code-block:: yaml
haproxy_enable_http2: "no"

View File

@ -0,0 +1,4 @@
---
features:
- |
Adds http/2 support to HAProxy frontends.