From dd3256e188adaeb1ebeca497f012c8f17652ec14 Mon Sep 17 00:00:00 2001
From: "grace.yu" <xinyu@huawei.com>
Date: Wed, 19 Nov 2014 16:33:33 -0800
Subject: [PATCH] fixed haproxy to support OpenStack H/A

Change-Id: I02a6a024dc57f491555616529c20324cb3b1bfce
---
 chef/cookbooks/haproxy/attributes/default.rb     | 16 ++++++++++------
 chef/cookbooks/haproxy/recipes/tcp_lb.rb         |  2 +-
 .../openstack-dashboard/recipes/server.rb        |  2 +-
 .../openstack-identity/recipes/server.rb         | 11 ++++++-----
 4 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/chef/cookbooks/haproxy/attributes/default.rb b/chef/cookbooks/haproxy/attributes/default.rb
index 1272be3..78bc91f 100644
--- a/chef/cookbooks/haproxy/attributes/default.rb
+++ b/chef/cookbooks/haproxy/attributes/default.rb
@@ -50,8 +50,8 @@ default['haproxy']['ssl_incoming_port'] = 443
 default['haproxy']['ssl_member_port'] = 8443
 default['haproxy']['httpchk'] = nil
 default['haproxy']['ssl_httpchk'] = nil
-default['haproxy']['enable_admin'] = true
-default['haproxy']['admin']['address_bind'] = "10.145.88.152"
+default['haproxy']['enable_admin'] = false
+default['haproxy']['admin']['address_bind'] = "127.0.0.1"
 default['haproxy']['admin']['port'] = 22002
 default['haproxy']['enable_stats_socket'] = false
 default['haproxy']['stats_socket_path'] = "/var/run/haproxy.sock"
@@ -97,6 +97,7 @@ default['haproxy']['enabled_services'] = [
   "dashboard_http",
   "dashboard_https",
   "glance_api",
+  "glance_registry_cluster",
   "keystone_admin",
   "keystone_public_internal",
   "nova_compute_api",
@@ -127,7 +128,8 @@ default['haproxy']['roles'] = {
     "neutron_api"
   ],
   "os-image" => [
-    "glance_api"
+    "glance_api",
+    "glance_registry_cluster"
   ]
 }
 
@@ -145,10 +147,12 @@ default['haproxy']['services'] = {
     "options" => [ "capture  cookie vgnvisitor= len 32", \
                    "cookie  SERVERID insert indirect nocache", \
                    "mode  http", \
+                   "balance source", \
                    "option  forwardfor", \
-                   "option  httpchk", \
+                   "option  httpchk OPTIONS / HTTP/1.1", \
+                   "http-check expect status 400", \
                    "option  http-server-close", \
-                   'rspidel  ^Set-cookie:\ IP='
+                   "rspidel  ^Set-cookie:\ IP="
                   # "appsession csrftoken len 42  timeout 1h"
                  ]
   },
@@ -169,7 +173,7 @@ default['haproxy']['services'] = {
     "role" => "os-image-registry",
     "frontend_port" => "9191",
     "backend_port" => "9191",
-    "options" => [ "option tcpka", "option  httpchk", "option  tcplog", "balance leastconn" ]
+    "options" => [ "option tcpka", "option  httpchk", "option  tcplog", "balance leastconn", "http-check expect status 401" ]
   },
   "keystone_admin" => {
     "role" => "os-identity",
diff --git a/chef/cookbooks/haproxy/recipes/tcp_lb.rb b/chef/cookbooks/haproxy/recipes/tcp_lb.rb
index 7b3d325..cac4a3a 100644
--- a/chef/cookbooks/haproxy/recipes/tcp_lb.rb
+++ b/chef/cookbooks/haproxy/recipes/tcp_lb.rb
@@ -35,7 +35,7 @@ node['haproxy']['services'].each do |name, service|
 
   if node['haproxy']['choose_backend'].eql?("prefeed")
     pool_members = []
-    if node['haproxy'].has_attribute?(:node_mapping)
+    if node['haproxy'].attribute?("node_mapping")
       node['haproxy']['node_mapping'].each do |nodename, nodeinfo|
         if nodeinfo['roles'].include?(service['role'])
           pool_members << nodename
diff --git a/chef/cookbooks/openstack-dashboard/recipes/server.rb b/chef/cookbooks/openstack-dashboard/recipes/server.rb
index 1d1479e..71594ba 100644
--- a/chef/cookbooks/openstack-dashboard/recipes/server.rb
+++ b/chef/cookbooks/openstack-dashboard/recipes/server.rb
@@ -90,7 +90,7 @@ if node['openstack']['dashboard']['session_backend'] == 'memcached'
   end
 end
 
-memcached = memcached_servers
+memcached = memcached_servers('os-ops-caching')
 
 # delete the openstack-dashboard.conf before reload apache2 service on fedora, redhat and centos
 # since this file is not valid on those platforms for the apache2 service.
diff --git a/chef/cookbooks/openstack-identity/recipes/server.rb b/chef/cookbooks/openstack-identity/recipes/server.rb
index 4824f08..6a9a213 100644
--- a/chef/cookbooks/openstack-identity/recipes/server.rb
+++ b/chef/cookbooks/openstack-identity/recipes/server.rb
@@ -108,9 +108,6 @@ if node['openstack']['auth']['strategy'] == 'pki'
 
   if certfile_url.nil? || keyfile_url.nil? || ca_certs_url.nil?
     keygen_node = node_election('os-identity', 'keystone_keygen')
-    if keygen_node.nil?
-      keygen_node = node
-    end
     if node.name.eql?(keygen_node.name)
       execute 'keystone-manage pki_setup' do
         user  node['openstack']['identity']['user']
@@ -130,7 +127,7 @@ if node['openstack']['auth']['strategy'] == 'pki'
       end
 
     else
-      if keygen_node['openstack']['identity']['signing'].attribute?("#{name}_data")
+      if keygen_node['openstack']['identity']['signing'].attribute?("ca_certs_data")
         %w{certfile keyfile ca_certs}.each do |name|
           file node['openstack']['identity']['signing']["#{name}"] do
             content keygen_node['openstack']['identity']['signing']["#{name}_data"]
@@ -196,7 +193,11 @@ if node['openstack']['identity']['token']['backend'].eql?('memcache')
   memcache_servers = memcached_servers('os-ops-caching').join ','  # from openstack-common lib
   # number of seconds to wait before sockets timeout when the memcached server is down
   # the default number is 3, here is going to set it as 0.1
-  `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py`
+  ruby_block "Set memcache socket timeout" do
+    block do
+      `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py`
+    end
+  end
 end
 
 # These configuration endpoints must not have the path (v2.0, etc)