From b1c9db824e915ae27a34ce480f25c6460b2bbbfc Mon Sep 17 00:00:00 2001
From: godog <godog@autistici.org>
Date: Wed, 14 Apr 2021 22:31:58 +0200
Subject: [PATCH] ai3-prober: don't follow redirect and add http probe

Also expect '401' from authenticated (non-sso) services like
backup/rest-server.
---
 roles/ai3-prober/templates/blackbox.yml.j2 | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/ai3-prober/templates/blackbox.yml.j2 b/roles/ai3-prober/templates/blackbox.yml.j2
index 71cf1fb2..960789a0 100644
--- a/roles/ai3-prober/templates/blackbox.yml.j2
+++ b/roles/ai3-prober/templates/blackbox.yml.j2
@@ -29,15 +29,28 @@ modules:
     prober: http
     timeout: 5s
     http:
-      valid_status_codes: [200, 301, 302, 307]
+      valid_status_codes: [200, 301, 302, 307, 401]
       method: GET
       fail_if_ssl: false
       fail_if_not_ssl: true
       preferred_ip_protocol: ip4
+      no_follow_redirects: true
       tls_config:
         ca_file: /etc/ssl/certs/ca-certificates.crt
         insecure_skip_verify: false
 
+  # Generic (enforced) http
+  http:
+    prober: http
+    timeout: 5s
+    http:
+      valid_status_codes: [200, 301, 302, 307]
+      method: GET
+      fail_if_ssl: true
+      fail_if_not_ssl: false
+      preferred_ip_protocol: ip4
+      no_follow_redirects: true
+
   # Standard protocol-oriented probes.
   imap_starttls:
     prober: tcp
-- 
GitLab