From 8c31b0963586de285b6d5c7d402422400fb86660 Mon Sep 17 00:00:00 2001 From: Ivan Anfimov Date: Wed, 16 Apr 2025 08:24:12 +0000 Subject: [PATCH] docs: minor fixes with Geneve and HAProxy Change-Id: Id3b7a0402c521e2a35b9abeb5e0a7cc737f32f28 --- doc/source/user/ceph/full-deploy.rst | 4 ++-- doc/source/user/network-arch/example.rst | 2 +- doc/source/user/prod/haproxy_in_lxc.rst | 6 +++--- doc/source/user/security/security-headers.rst | 8 ++++---- doc/source/user/security/security-txt.rst | 12 ++++++------ 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/doc/source/user/ceph/full-deploy.rst b/doc/source/user/ceph/full-deploy.rst index d94caf4000..eec24fab7c 100644 --- a/doc/source/user/ceph/full-deploy.rst +++ b/doc/source/user/ceph/full-deploy.rst @@ -187,9 +187,9 @@ The ``/etc/openstack_deploy/user_variables.yml`` file defines the global overrides for the default variables. For this example environment, we configure a HA load balancer. -We implement the load balancer (HAProxy) with an HA layer (keepalived) +We implement the load balancer (HAProxy) with an HA layer (Keepalived) on the infrastructure hosts. Your ``/etc/openstack_deploy/user_variables.yml`` must have the -following content to configure haproxy, keepalived and ceph: +following content to configure HAProxy, Keepalived and Ceph: .. literalinclude:: ../../../../etc/openstack_deploy/user_variables.yml.prod-ceph.example diff --git a/doc/source/user/network-arch/example.rst b/doc/source/user/network-arch/example.rst index 188f9a8a05..6163812d52 100644 --- a/doc/source/user/network-arch/example.rst +++ b/doc/source/user/network-arch/example.rst @@ -32,7 +32,7 @@ to interact with the server via SSH. The ``Overlay Network``, also referred to as the ``tunnel network``, provides connectivity between hosts for the purpose of tunnelling -encapsulated traffic using VXLAN, GENEVE, or other protocols. The +encapsulated traffic using VXLAN, Geneve, or other protocols. The ``overlay network`` uses a dedicated VLAN typically connected to the ``br-vxlan`` bridge. diff --git a/doc/source/user/prod/haproxy_in_lxc.rst b/doc/source/user/prod/haproxy_in_lxc.rst index c6051d62f9..16f15a66bc 100644 --- a/doc/source/user/prod/haproxy_in_lxc.rst +++ b/doc/source/user/prod/haproxy_in_lxc.rst @@ -14,7 +14,7 @@ Inventory overrides ~~~~~~~~~~~~~~~~~~~ In order to tell dynamic_inventory to generate a set of containers -for haproxy, you need to create a file +for HAProxy, you need to create a file ``/etc/openstack_deploy/env.d/haproxy.yml`` with the following content: .. code:: yaml @@ -215,7 +215,7 @@ Example bellow shows a possible content in ``user_variables.yml``: haproxy_keepalived_internal_interface: "{{ haproxy_bind_internal_lb_vip_interface }}" Alternatively, you can detect IPs used inside your containers to configure -haproxy binds. This can be done by reffering to ``container_networks`` mapping: +HAProxy binds. This can be done by reffering to ``container_networks`` mapping: .. code:: yaml @@ -226,7 +226,7 @@ haproxy binds. This can be done by reffering to ``container_networks`` mapping: Creating containers ~~~~~~~~~~~~~~~~~~~ -Once all steps above are accomplished, it's time to create our new haproxy +Once all steps above are accomplished, it's time to create our new HAProxy containers. For that run the following command: .. code:: shell diff --git a/doc/source/user/security/security-headers.rst b/doc/source/user/security/security-headers.rst index 465eba52d4..7d08a8ebee 100644 --- a/doc/source/user/security/security-headers.rst +++ b/doc/source/user/security/security-headers.rst @@ -4,12 +4,12 @@ Security Headers Security headers are HTTP headers that can be used to increase the security of a web application by restricting what modern browsers are able to run. -In OpenStack-Ansible, security headers are implemented in haproxy as all the +In OpenStack-Ansible, security headers are implemented in HAProxy as all the public endpoints reside behind it. -The following headers are enabled by default on all the haproxy interfaces +The following headers are enabled by default on all the HAProxy interfaces that implement TLS, but only for the Horizon service. The security headers can -be implemented on other haproxy services, but only services used by +be implemented on other HAProxy services, but only services used by browsers will make use of the headers. HTTP Strict Transport Security @@ -136,7 +136,7 @@ Security Policy to allow access to your authorisation server by overriding the frame-src 'self' {{ external_lb_vip_address }}:{{ nova_spice_html5proxy_base_port }} {{ external_lb_vip_address }}:{{ nova_novncproxy_port }} {{ external_lb_vip_address }}:{{ nova_serialconsoleproxy_port }}; " -It is also possible to set specific security headers for skyline. +It is also possible to set specific security headers for Skyline. .. code-block:: yaml diff --git a/doc/source/user/security/security-txt.rst b/doc/source/user/security/security-txt.rst index e1f1b17d04..07cc340550 100644 --- a/doc/source/user/security/security-txt.rst +++ b/doc/source/user/security/security-txt.rst @@ -1,4 +1,4 @@ -Security.txt +security.txt ============ security.txt is a proposed `IETF standard`_ to allow independent security @@ -8,9 +8,9 @@ legacy compatibility reasons the file might also be placed at "/security.txt". .. _IETF standard: https://datatracker.ietf.org/doc/html/draft-foudil-securitytxt -In OpenStack-Ansible, ``security.txt`` is implemented in haproxy as all public +In OpenStack-Ansible, ``security.txt`` is implemented in HAProxy as all public endpoints reside behind it. It defaults to directing any request paths that -end with ``/security.txt`` to the text file using an ACL rule in haproxy. +end with ``/security.txt`` to the text file using an ACL rule in HAProxy. Enabling security.txt ~~~~~~~~~~~~~~~~~~~~~ @@ -30,7 +30,7 @@ using OpenStack-Ansible: # This is my example security.txt file # Please see https://securitytxt.org/ for details of the specification of this file -#. Update haproxy +#. Update HAProxy .. code-block:: shell-session @@ -39,8 +39,8 @@ using OpenStack-Ansible: Advanced security.txt ACL ~~~~~~~~~~~~~~~~~~~~~~~~~ -In some cases you may need to change the haproxy ACL used to redirect requests +In some cases you may need to change the HAProxy ACL used to redirect requests to the ``security.txt`` file, such as adding extra domains. -The haproxy ACL is updated by overriding the variable +The HAProxy ACL is updated by overriding the variable ``haproxy_map_entries`` inside ``haproxy_security_txt_service``.