# This file managed by Puppet global daemon group haproxy log /dev/log local0 maxconn 20480 pidfile /var/run/haproxy.pid ssl-default-bind-ciphers !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES ssl-default-bind-options no-sslv3 no-tlsv10 stats socket /var/lib/haproxy/stats mode 600 level user stats timeout 2m user haproxy defaults log global maxconn 4096 mode tcp retries 3 timeout http-request 10s timeout queue 2m timeout connect 10s timeout client 2m timeout server 2m timeout check 10s listen aodh bind 192.168.24.2:13042 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8042 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:8042 check fall 5 inter 2000 rise 2 listen docker-registry bind 192.168.24.2:13787 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8787 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog server 192.168.24.1 192.168.24.1:8787 check fall 5 inter 2000 rise 2 listen glance_api bind 192.168.24.2:13292 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:9292 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk GET /healthcheck redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:9292 check fall 5 inter 2000 rise 2 listen gnocchi bind 192.168.24.2:13041 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8041 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:8041 check fall 5 inter 2000 rise 2 listen haproxy.stats bind 192.168.24.3:1993 transparent mode http stats enable stats uri / stats auth admin:c2affebe23d5dfe2a26eb0f2ec888cc3088d0ea2 listen heat_api bind 192.168.24.2:13004 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8004 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://192.168.24.2(.*) Location:\ https://192.168.24.2\1 timeout client 10m timeout server 10m server 192.168.24.1 192.168.24.1:8004 check fall 5 inter 2000 rise 2 listen ironic bind 192.168.24.2:13385 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:6385 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog server 192.168.24.1 192.168.24.1:6385 check fall 5 inter 2000 rise 2 listen ironic-inspector bind 192.168.24.2:13050 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:5050 transparent http-check expect rstring .*200.* server 192.168.24.1 192.168.24.1:5050 check fall 5 inter 2000 rise 2 listen keystone_admin bind 192.168.24.3:35357 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk GET /v3 server 192.168.24.1 192.168.24.1:35357 check fall 5 inter 2000 rise 2 listen keystone_public bind 192.168.24.2:13000 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:5000 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk GET /v3 redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:5000 check fall 5 inter 2000 rise 2 listen mistral bind 192.168.24.2:13989 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8989 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog server 192.168.24.1 192.168.24.1:8989 check fall 5 inter 2000 rise 2 listen neutron bind 192.168.24.2:13696 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:9696 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:9696 check fall 5 inter 2000 rise 2 listen nova_metadata bind 192.168.24.3:8775 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog server 192.168.24.1 192.168.24.1:8775 check fall 5 inter 2000 rise 2 listen nova_osapi bind 192.168.24.2:13774 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8774 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:8774 check fall 5 inter 2000 rise 2 listen nova_placement bind 192.168.24.2:13778 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8778 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:8778 check fall 5 inter 2000 rise 2 listen panko bind 192.168.24.2:13977 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8977 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog server 192.168.24.1 192.168.24.1:8977 check fall 5 inter 2000 rise 2 listen rabbitmq bind 192.168.24.3:5672 transparent option tcpka option tcplog timeout client 0 timeout server 0 server 192.168.24.1 192.168.24.1:5672 check fall 5 inter 2000 rise 2 listen swift_proxy_server bind 192.168.24.2:13808 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8080 transparent http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk GET /healthcheck timeout client 2m timeout server 2m server 192.168.24.1 192.168.24.1:8080 check fall 5 inter 2000 rise 2 listen ui bind 192.168.24.2:443 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:3000 transparent mode http option forwardfor redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 timeout tunnel 3600s server 192.168.24.1 192.168.24.1:3000 check fall 5 inter 2000 rise 2 listen zaqar_api bind 192.168.24.2:13888 transparent ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:8888 transparent mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] option httpchk option httplog redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 server 192.168.24.1 192.168.24.1:8888 check fall 5 inter 2000 rise 2 listen zaqar_ws bind 192.168.24.2:9000 ssl crt /etc/pki/tls/certs/undercloud-192.168.24.2.pem bind 192.168.24.3:9000 mode http option forwardfor redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc } rsprep ^Location:\ http://(.*) Location:\ https://\1 timeout connect 5s timeout client 25s timeout server 25s timeout tunnel 3600s server 192.168.24.1 192.168.24.1:9000 check fall 5 inter 2000 rise 2