4bc410c6ca
Use case: exposing single external https frontend and load balancing services using FQDNs. Support different ports for internal and external endpoints. Introduced kolla_url filter to normalize urls like: - https://magnum.external:443/v1 - http://magnum.external:80/v1 Change-Id: I9fb03fe1cebce5c7198d523e015280c69f139cd0 Co-Authored-By: Jakub Darmach <jakub@stackhpc.com>
73 lines
2.6 KiB
YAML
73 lines
2.6 KiB
YAML
---
|
|
- name: "Copying over {{ project_name }} haproxy config"
|
|
vars:
|
|
service: "{{ item.value }}"
|
|
haproxy_templates:
|
|
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ item.key }}.cfg"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ item.key }}.cfg"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ haproxy_service_template }}"
|
|
- "{{ node_custom_config }}/haproxy-config/{{ haproxy_service_template }}"
|
|
- "templates/{{ haproxy_service_template }}"
|
|
template_file: "{{ query('first_found', haproxy_templates) | first }}"
|
|
template:
|
|
src: "{{ template_file }}"
|
|
dest: "{{ node_config_directory }}/haproxy/services.d/{{ item.key }}.cfg"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- service.enabled | bool
|
|
- service.haproxy is defined
|
|
- enable_haproxy | bool
|
|
with_dict: "{{ project_services }}"
|
|
notify:
|
|
- Restart haproxy container
|
|
|
|
- name: "Add configuration for {{ project_name }} when using single external frontend"
|
|
vars:
|
|
service: "{{ item.value }}"
|
|
blockinfile:
|
|
create: yes
|
|
path: "{{ node_config_directory }}/haproxy/external-frontend-map"
|
|
insertafter: EOF
|
|
marker: "# {mark} {{ item.key }}"
|
|
mode: "0660"
|
|
block: |
|
|
{%- set haproxy = service.haproxy | default({}) %}
|
|
{%- for haproxy_name, haproxy_service in haproxy.items() %}
|
|
{% set external = haproxy_service.external | default(false) | bool %}
|
|
{% set enabled = haproxy_service.enabled | default(false) | bool %}
|
|
{% set with_frontend = haproxy_service.with_frontend | default(true) | bool %}
|
|
{% set mode = haproxy_service.mode | default('http') %}
|
|
{%- if external and with_frontend and enabled and mode == 'http' %}
|
|
{{ haproxy_service.external_fqdn }} {{ haproxy_name }}_back
|
|
{% endif -%}
|
|
{%- endfor -%}
|
|
become: true
|
|
with_dict: "{{ project_services }}"
|
|
when:
|
|
- haproxy_single_external_frontend | bool
|
|
- service.enabled | bool
|
|
- service.haproxy is defined
|
|
- enable_haproxy | bool
|
|
notify:
|
|
- Restart haproxy container
|
|
|
|
- name: "Configuring firewall for {{ project_name }}"
|
|
firewalld:
|
|
offline: "yes"
|
|
permanent: "yes"
|
|
port: "{{ item.value.port }}/tcp"
|
|
state: "enabled"
|
|
zone: "{{ external_api_firewalld_zone }}"
|
|
become: true
|
|
when:
|
|
- enable_haproxy | bool
|
|
- item.value.enabled | bool
|
|
- item.value.port is defined
|
|
- item.value.external | default('false') | bool
|
|
- enable_external_api_firewalld | bool
|
|
- kolla_action != "config"
|
|
with_dict: "{{ project_services | extract_haproxy_services }}"
|
|
notify:
|
|
- "Reload firewalld"
|