FIXED: secure proxy configuration issues

codingfuture · Dec 8, 2018 · 7b771b8 · 7b771b8
1 parent 3ebf61b
commit 7b771b8
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - FIXED: to support plain NVMe partitions
 - FIXED: MySQL client host configuration issue with local TCP client
 - FIXED: only-arbitrator-on-host case 
+- FIXED: secure proxy configuration issues
 - NEW: instance memory_min parameter support
 
 ## 1.0.6 (2018-10-24)

diff --git a/lib/puppet/provider/cfdb_haproxy/cfdb.rb b/lib/puppet/provider/cfdb_haproxy/cfdb.rb
@@ -207,10 +207,28 @@ def self.on_config_change(newconf)
                     end
                 rescue
                 end
+
+                host_use_unix_socket = (ip == '127.0.0.1')
+
+                if type === 'elasticsearch'
+                    host_use_unix_socket = false
+                end
+
+                if host_use_unix_socket
+                    server_dst = "unix@/run/cf#{type}-#{cluster}/"
+
+                    if type == 'postgresql'
+                        server_dst += ".s.PGSQL.#{port}"
+                    else
+                        server_dst += 'service.sock'
+                    end
+                else
+                    server_dst = "#{ip}:#{port}"
+                end
 
                 secure_server = sinfo['secure']
 
-                server_config = ["#{ip}:#{port} check fall 2 rise 1 inter #{inter} fastinter #{fastinter}"]
+                server_config = ["#{server_dst} check fall 2 rise 1 inter #{inter} fastinter #{fastinter}"]
 
                 if secure_server
                     server_config << 'weight 10'
@@ -242,7 +260,7 @@ def self.on_config_change(newconf)
                 elsif conf_listeners.has_key? check_listen
                     conf_listeners[check_listen]['maxconn'] += conn_per_check
                 else
-                    check_server_config = ["#{ip}:#{port}"]
+                    check_server_config = ["#{server_dst}"]
 
                     if secure_server
                         check_server_config << 'ssl'

diff --git a/lib/puppet/type/cfdb_access.rb b/lib/puppet/type/cfdb_access.rb
@@ -55,6 +55,9 @@
 
     newproperty(:client_host) do
     end
+
+    newproperty(:use_proxy) do
+    end
 
     newproperty(:config_info) do
         validate do |value|

diff --git a/manifests/access.pp b/manifests/access.pp
@@ -392,6 +392,7 @@
             'dotenv' => $env_file,
             'prefix' => $config_prefix,
         },
+        use_proxy       => $use_proxy_detected,
         require         => [
             File[$access_checker],
         ],

diff --git a/manifests/role.pp b/manifests/role.pp
@@ -48,6 +48,8 @@
 
             if $host == $::trusted['certname'] {
                 $host_index = 'localhost'
+            } elsif $params['use_proxy'] == 'secure' {
+                $host_index = 'localhost'
             } else {
                 $host_index = $host
             }