ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rgw-loadbalancer: Update haproxy.cfg.j2 

haproxy gets an AVC when configured to connect to port 8081

This commit adds a snippet regarding haproxy in a selinux environment

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1923890

Signed-off-by: Kaleb S KEITHLEY <kkeithle@redhat.com>
(cherry picked from commit 9e7f22a071)
pull/6437/head
kalebskeithley 2021-03-09 16:10:35 -05:00 committed by Guillaume Abrioux
parent 21fa7f31b4
commit ef99ac623e
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
roles/ceph-rgw-loadbalancer/templates/haproxy.cfg.j2
View File

@ -40,6 +40,18 @@ frontend rgw-frontend
{% endif %} {% endif %}
default_backend rgw-backend default_backend rgw-backend
# when running in an selinux environment, selinux restricts the ports that haproxy can
# connect to to:
# * 80, 81, 443, 488, 8008, 8009, 8443, 9000 (http_port_t) and,
# * 8080, 8118, 8123, 10001-10010 (http_cache_port_t)
#
# Practically speaking, it would be preferable (and perhaps easier) to configure the
# rgw daemons to listen on ports 10001-10010 and configure haproxy here to match.
#
# Alternatively you can add other unused ports to http_port_t or http_cache_port_t
# with, e.g.: `semanage port -a -t http_cache_port_t -p tcp 8085`
# (Note that ports 8081-8084 are already taken and can't be used for haproxy.)
#
backend rgw-backend backend rgw-backend
option forwardfor option forwardfor
balance static-rr balance static-rr