when configuring haproxy, give each backend a unique name (#271)

previously we used the service name, not node name, which conflicts with haproxy's desire to have a unique name per backend server (also configures all necessary dummy tls certs for dev)
python · Aug 1, 2022 · 049a130 · 049a130
1 parent 987c17c
commit 049a130
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 5 deletions.
diff --git a/pillar/dev/secrets/tls/certs/loadbalancer.sls b/pillar/dev/secrets/tls/certs/loadbalancer.sls
@@ -52,7 +52,7 @@ tls:
       YLxxZ6CalQ4dVAPOYmjmgQ26jetwMGpL53PqXLBd8Yfoi1gr
       -----END CERTIFICATE-----
 
-    ev.python.org: |
+    star.pypa.io: |
       -----BEGIN PRIVATE KEY-----
       MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCufZjZfjZTAEL+
       X7nWz0haEhSNT9WKYRVa1U1BnEgZlUnXcXNXKKNQU5QWZaSk/uR/HYG1eX37bxpJ
@@ -102,7 +102,7 @@ tls:
       YLxxZ6CalQ4dVAPOYmjmgQ26jetwMGpL53PqXLBd8Yfoi1gr
       -----END CERTIFICATE-----
 
-    hg.python.org: |
+    speed.pypy.org: |
       -----BEGIN PRIVATE KEY-----
       MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCufZjZfjZTAEL+
       X7nWz0haEhSNT9WKYRVa1U1BnEgZlUnXcXNXKKNQU5QWZaSk/uR/HYG1eX37bxpJ
@@ -152,7 +152,107 @@ tls:
       YLxxZ6CalQ4dVAPOYmjmgQ26jetwMGpL53PqXLBd8Yfoi1gr
       -----END CERTIFICATE-----
 
-    star.pypa.io: |
+    pypy.org: |
+      -----BEGIN PRIVATE KEY-----
+      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCufZjZfjZTAEL+
+      X7nWz0haEhSNT9WKYRVa1U1BnEgZlUnXcXNXKKNQU5QWZaSk/uR/HYG1eX37bxpJ
+      Kwh2bNcPHMuNIzfRZ/xhl8ce1vNwu+3MCeUf+3KliNOKQQlron2bALZsJ0ewDrd/
+      KT+0N+EorCG8Nl1o4g1L48ndQDe8RdFp5ddsBVXpB7vxmh+joffQY5+bH7fFrJ4g
+      qCW6+SG7+6OS+glukck6pb2mTmtexEL6zl+vnvK5L1ex2alM8Z0c6vZNZZWHjOQi
+      wFekCsl0XNZ4r9hqJ4P78Ff4WwVztV6CI7MKpIL1NrLRIMS+qdR12UTV2RFaB8Df
+      /fIQHodjAgMBAAECggEALa4Zxs6A4EfQQhHDcBYB5fqXwMrmp3x0/7uZpxSH15K6
+      qxk7TdUItC29NgPUD5HfNdv+qgitT5atdfw7Ee26e21ZaJCQu1SSwOXgLhWt05SP
+      U3w/rJjCUc25O5d9JN18LokIONYrsU6ZAURGNiLu4hv2FPTSjXOocXan0TFPpgze
+      AuoSmHI8OckIg1DlEQ1SQwtBF1Zt/iUmpr7C/IFInGiPtYDlp1haX82vWEFEbB/o
+      IOOto+sdLgK82XG/C0p3TNFC0fs+ZV39CnvYiho1N6vEVtzMqHDFh28yJtJMMRLl
+      9MfwTZ1EALfKtydnLmU8iOklXrzuejiAmfr2eQjgKQKBgQDnPRWQvSh3UESBC4Ka
+      QOWg2qL3bN9XD+XRhdGgbN0RJFCwlJABTvk+aRPCWMh/LIm3ofbOdQdfBM0t4F8V
+      rx9cpFznmCewv73Isc6a0oMNLkg/u34PfLd7AUrglQa+GHuzoEBv5K9vaHOJKTqj
+      DgpVXpQRTptLmFDev1wiw7Q2vQKBgQDBLOMN11TDzFsMCqRt8g+vECuE8Xw8ad8E
+      43PSeQDoJWo4VLGEGT1KGpPy8qzAgGjx5vuMhRTeCg+qxyjU/CT3FcjG7yoLB2WM
+      vpCtDDfnN+A3Q9Ml4cNTHltBX6blcGWYNL7p1nMa5ChpCopCAwpgdLITZ7GZ5sse
+      bljmHN8onwKBgE8qfYiZChKXG2zmqObwku0YDTUSRABFhBPQca0vuBuXSDy8D/Uy
+      uWghh09BIBtR/zAsNhgGvuhL94beSw9cbitEZj4vvF7ptirQnQAqVA2eK8QOB6F7
+      vEFTdvQecTmBnlAn7AeizmEg7HUn9Vg/hVAm2iB2vfoKgp1P/FY2lCstAoGAfh70
+      TwEbkopFl2MLX8z+eGmyQCX52ue0d9iYsf3Wnbpv0z9YdsqTvWIE3kWajERKQEVy
+      TphEu4MOH43QFt5YtAlBAMD9Th4SKwXwJ0sm5IsSlIJvxPfVMttK8S+mI35yliE5
+      1CnzFMeJqqr7AYZCrB8EdK7qwXRxgPjCidqnyDkCgYEAlHeIAnzKc0xqEBvT4sgR
+      88q/tpSkaFzEz/zy+GhWJ++Fcm4ZYGR8gatx9xA6cydp/+dn2oDAhO0c2WS5hf31
+      LAf8zgummZcylTuZTs6BD7TL409/5QJR4vhzFHremfG0YzAiaRBNVnhyIwQgs11e
+      WefW+UEXxwURvDqAb+PWodY=
+      -----END PRIVATE KEY-----
+      -----BEGIN CERTIFICATE-----
+      MIIDUDCCAjgCCQCRyxZmH+gqmTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJV
+      UzELMAkGA1UECAwCTkgxEjAQBgNVBAcMCVdvbGZlYm9ybzEjMCEGA1UECgwaUHl0
+      aG9uIFNvZnR3YXJlIEZvdW5kYXRpb24xFTATBgNVBAMMDCoucHl0aG9uLm9yZzAe
+      Fw0xNDEwMTAyMTA3MzFaFw0yNDEwMDcyMTA3MzFaMGoxCzAJBgNVBAYTAlVTMQsw
+      CQYDVQQIDAJOSDESMBAGA1UEBwwJV29sZmVib3JvMSMwIQYDVQQKDBpQeXRob24g
+      U29mdHdhcmUgRm91bmRhdGlvbjEVMBMGA1UEAwwMKi5weXRob24ub3JnMIIBIjAN
+      BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn2Y2X42UwBC/l+51s9IWhIUjU/V
+      imEVWtVNQZxIGZVJ13FzVyijUFOUFmWkpP7kfx2BtXl9+28aSSsIdmzXDxzLjSM3
+      0Wf8YZfHHtbzcLvtzAnlH/typYjTikEJa6J9mwC2bCdHsA63fyk/tDfhKKwhvDZd
+      aOINS+PJ3UA3vEXRaeXXbAVV6Qe78Zofo6H30GOfmx+3xayeIKgluvkhu/ujkvoJ
+      bpHJOqW9pk5rXsRC+s5fr57yuS9XsdmpTPGdHOr2TWWVh4zkIsBXpArJdFzWeK/Y
+      aieD+/BX+FsFc7VegiOzCqSC9Tay0SDEvqnUddlE1dkRWgfA3/3yEB6HYwIDAQAB
+      MA0GCSqGSIb3DQEBCwUAA4IBAQAJ+NsXFG1ik2wds9D0AuIBw9lxPHq4xPzdPPna
+      X3hZFAtx25EB7PEZwkaPUkYbtv5qiE+B9cA0nLeR5ZueINP5ACCWpR8ku8meFulj
+      AIMpw+juR8eAYIA33h607B7wUMvUGaTssvKRlqx9Jp3oQbV2FGQDoJ5QihTXQSV/
+      6UwzfdzSPA82pCMdDGbXmcNMoQaUQH456SSEsQZBx2pYmHTVK2xSxG+MYh5neIFK
+      HPZLJpVwmkcOBtQ8YaXpc43vWlMZhxDjth5eaQgIo0+j5ItJ4N6/noR9wLjhdgvk
+      YLxxZ6CalQ4dVAPOYmjmgQ26jetwMGpL53PqXLBd8Yfoi1gr
+      -----END CERTIFICATE-----
+
+    www.pycon.org: |
+      -----BEGIN PRIVATE KEY-----
+      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCufZjZfjZTAEL+
+      X7nWz0haEhSNT9WKYRVa1U1BnEgZlUnXcXNXKKNQU5QWZaSk/uR/HYG1eX37bxpJ
+      Kwh2bNcPHMuNIzfRZ/xhl8ce1vNwu+3MCeUf+3KliNOKQQlron2bALZsJ0ewDrd/
+      KT+0N+EorCG8Nl1o4g1L48ndQDe8RdFp5ddsBVXpB7vxmh+joffQY5+bH7fFrJ4g
+      qCW6+SG7+6OS+glukck6pb2mTmtexEL6zl+vnvK5L1ex2alM8Z0c6vZNZZWHjOQi
+      wFekCsl0XNZ4r9hqJ4P78Ff4WwVztV6CI7MKpIL1NrLRIMS+qdR12UTV2RFaB8Df
+      /fIQHodjAgMBAAECggEALa4Zxs6A4EfQQhHDcBYB5fqXwMrmp3x0/7uZpxSH15K6
+      qxk7TdUItC29NgPUD5HfNdv+qgitT5atdfw7Ee26e21ZaJCQu1SSwOXgLhWt05SP
+      U3w/rJjCUc25O5d9JN18LokIONYrsU6ZAURGNiLu4hv2FPTSjXOocXan0TFPpgze
+      AuoSmHI8OckIg1DlEQ1SQwtBF1Zt/iUmpr7C/IFInGiPtYDlp1haX82vWEFEbB/o
+      IOOto+sdLgK82XG/C0p3TNFC0fs+ZV39CnvYiho1N6vEVtzMqHDFh28yJtJMMRLl
+      9MfwTZ1EALfKtydnLmU8iOklXrzuejiAmfr2eQjgKQKBgQDnPRWQvSh3UESBC4Ka
+      QOWg2qL3bN9XD+XRhdGgbN0RJFCwlJABTvk+aRPCWMh/LIm3ofbOdQdfBM0t4F8V
+      rx9cpFznmCewv73Isc6a0oMNLkg/u34PfLd7AUrglQa+GHuzoEBv5K9vaHOJKTqj
+      DgpVXpQRTptLmFDev1wiw7Q2vQKBgQDBLOMN11TDzFsMCqRt8g+vECuE8Xw8ad8E
+      43PSeQDoJWo4VLGEGT1KGpPy8qzAgGjx5vuMhRTeCg+qxyjU/CT3FcjG7yoLB2WM
+      vpCtDDfnN+A3Q9Ml4cNTHltBX6blcGWYNL7p1nMa5ChpCopCAwpgdLITZ7GZ5sse
+      bljmHN8onwKBgE8qfYiZChKXG2zmqObwku0YDTUSRABFhBPQca0vuBuXSDy8D/Uy
+      uWghh09BIBtR/zAsNhgGvuhL94beSw9cbitEZj4vvF7ptirQnQAqVA2eK8QOB6F7
+      vEFTdvQecTmBnlAn7AeizmEg7HUn9Vg/hVAm2iB2vfoKgp1P/FY2lCstAoGAfh70
+      TwEbkopFl2MLX8z+eGmyQCX52ue0d9iYsf3Wnbpv0z9YdsqTvWIE3kWajERKQEVy
+      TphEu4MOH43QFt5YtAlBAMD9Th4SKwXwJ0sm5IsSlIJvxPfVMttK8S+mI35yliE5
+      1CnzFMeJqqr7AYZCrB8EdK7qwXRxgPjCidqnyDkCgYEAlHeIAnzKc0xqEBvT4sgR
+      88q/tpSkaFzEz/zy+GhWJ++Fcm4ZYGR8gatx9xA6cydp/+dn2oDAhO0c2WS5hf31
+      LAf8zgummZcylTuZTs6BD7TL409/5QJR4vhzFHremfG0YzAiaRBNVnhyIwQgs11e
+      WefW+UEXxwURvDqAb+PWodY=
+      -----END PRIVATE KEY-----
+      -----BEGIN CERTIFICATE-----
+      MIIDUDCCAjgCCQCRyxZmH+gqmTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJV
+      UzELMAkGA1UECAwCTkgxEjAQBgNVBAcMCVdvbGZlYm9ybzEjMCEGA1UECgwaUHl0
+      aG9uIFNvZnR3YXJlIEZvdW5kYXRpb24xFTATBgNVBAMMDCoucHl0aG9uLm9yZzAe
+      Fw0xNDEwMTAyMTA3MzFaFw0yNDEwMDcyMTA3MzFaMGoxCzAJBgNVBAYTAlVTMQsw
+      CQYDVQQIDAJOSDESMBAGA1UEBwwJV29sZmVib3JvMSMwIQYDVQQKDBpQeXRob24g
+      U29mdHdhcmUgRm91bmRhdGlvbjEVMBMGA1UEAwwMKi5weXRob24ub3JnMIIBIjAN
+      BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn2Y2X42UwBC/l+51s9IWhIUjU/V
+      imEVWtVNQZxIGZVJ13FzVyijUFOUFmWkpP7kfx2BtXl9+28aSSsIdmzXDxzLjSM3
+      0Wf8YZfHHtbzcLvtzAnlH/typYjTikEJa6J9mwC2bCdHsA63fyk/tDfhKKwhvDZd
+      aOINS+PJ3UA3vEXRaeXXbAVV6Qe78Zofo6H30GOfmx+3xayeIKgluvkhu/ujkvoJ
+      bpHJOqW9pk5rXsRC+s5fr57yuS9XsdmpTPGdHOr2TWWVh4zkIsBXpArJdFzWeK/Y
+      aieD+/BX+FsFc7VegiOzCqSC9Tay0SDEvqnUddlE1dkRWgfA3/3yEB6HYwIDAQAB
+      MA0GCSqGSIb3DQEBCwUAA4IBAQAJ+NsXFG1ik2wds9D0AuIBw9lxPHq4xPzdPPna
+      X3hZFAtx25EB7PEZwkaPUkYbtv5qiE+B9cA0nLeR5ZueINP5ACCWpR8ku8meFulj
+      AIMpw+juR8eAYIA33h607B7wUMvUGaTssvKRlqx9Jp3oQbV2FGQDoJ5QihTXQSV/
+      6UwzfdzSPA82pCMdDGbXmcNMoQaUQH456SSEsQZBx2pYmHTVK2xSxG+MYh5neIFK
+      HPZLJpVwmkcOBtQ8YaXpc43vWlMZhxDjth5eaQgIo0+j5ItJ4N6/noR9wLjhdgvk
+      YLxxZ6CalQ4dVAPOYmjmgQ26jetwMGpL53PqXLBd8Yfoi1gr
+      -----END CERTIFICATE-----
+
+    jython.org: |
       -----BEGIN PRIVATE KEY-----
       MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCufZjZfjZTAEL+
       X7nWz0haEhSNT9WKYRVa1U1BnEgZlUnXcXNXKKNQU5QWZaSk/uR/HYG1eX37bxpJ

diff --git a/salt/haproxy/config/haproxy.cfg.jinja b/salt/haproxy/config/haproxy.cfg.jinja
@@ -223,7 +223,7 @@ backend {{ service }}
     {% endfor -%}
 
     {{ "{{" }}range service "{{ service }}@{{ pillar.dc }}" "any"}}
-    {% raw %}server {{.Name}} {{.Address}}:{{.Port}}{% endraw %}{% if config.get("check", True) %} check{% endif %}{% if config.get("tls", True) %} ssl force-tlsv12 verifyhost {{ config.get("verify_host", service + ".psf.io") }} ca-file {{ config.get("ca-file", "PSF_CA.pem") }}{% endif %}{{ "{{end}}" }}
+    {% raw %}server {{.Node}} {{.Address}}:{{.Port}}{% endraw %}{% if config.get("check", True) %} check{% endif %}{% if config.get("tls", True) %} ssl force-tlsv12 verifyhost {{ config.get("verify_host", service + ".psf.io") }} ca-file {{ config.get("ca-file", "PSF_CA.pem") }}{% endif %}{{ "{{end}}" }}
 
 {% endfor %}
 
@@ -241,7 +241,7 @@ listen {{ name }}
     {% endfor %}
 
     {{ "{{" }}range service "{{ config.service }}@{{ pillar.dc }}"}}
-    {% raw %}server {{.Name}} {{.Address}}:{{.Port}} check{{end}}{% endraw %}
+    {% raw %}server {{.Node}} {{.Address}}:{{.Port}} check{{end}}{% endraw %}
 
 {% endfor %}