b0ecd8b67c
This review is the first one in a series of patches and it introduces an optional encryption for internal openstack endpoints, implementing part of the add-ssl-internal-network spec. Change-Id: I6589751626486279bf24725f22e71da8cd7f0a43
979 lines
28 KiB
YAML
979 lines
28 KiB
YAML
---
|
|
- name: Get container facts
|
|
become: true
|
|
kolla_container_facts:
|
|
name:
|
|
- haproxy
|
|
- keepalived
|
|
register: container_facts
|
|
|
|
- name: Clearing temp kolla_keepalived_running file
|
|
local_action: file path=/tmp/kolla_keepalived_running state=absent
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
when:
|
|
- enable_keepalived | bool
|
|
|
|
- name: Create empty temp kolla_keepalived_running file
|
|
local_action: copy content=None dest=/tmp/kolla_keepalived_running mode=0644
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
when:
|
|
- enable_keepalived | bool
|
|
|
|
- name: Getting hosts who is running keepalived
|
|
local_action: copy content={{ ansible_hostname }} dest=/tmp/kolla_keepalived_running mode=0644
|
|
changed_when: False
|
|
check_mode: no
|
|
when:
|
|
- inventory_hostname in groups['haproxy']
|
|
- container_facts['keepalived'] is defined
|
|
- enable_keepalived | bool
|
|
|
|
- name: Registering host running keepalived
|
|
set_fact:
|
|
host_running_keepalived: "{{ lookup('file', '/tmp/kolla_keepalived_running') }}"
|
|
when:
|
|
- enable_keepalived | bool
|
|
|
|
- name: Clearing temp kolla_keepalived_running file
|
|
local_action: file path=/tmp/kolla_keepalived_running state=absent
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
when:
|
|
- enable_keepalived | bool
|
|
|
|
- name: Clearing temp kolla_haproxy_running file
|
|
local_action: file path=/tmp/kolla_haproxy_running state=absent
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
|
|
- name: Create empty temp kolla_haproxy_running file
|
|
local_action: copy content=None dest=/tmp/kolla_haproxy_running mode=0644
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
|
|
- name: Getting hosts who is running haproxy
|
|
local_action: copy content={{ ansible_hostname }} dest=/tmp/kolla_haproxy_running mode=0644
|
|
changed_when: False
|
|
check_mode: no
|
|
when:
|
|
- inventory_hostname in groups['haproxy']
|
|
- container_facts['haproxy'] is defined
|
|
- enable_haproxy | bool
|
|
|
|
- name: Registering host running haproxy
|
|
set_fact:
|
|
host_running_haproxy: "{{ lookup('file', '/tmp/kolla_haproxy_running') }}"
|
|
|
|
- name: Clearing temp kolla_haproxy_running file
|
|
local_action: file path=/tmp/kolla_haproxy_running state=absent
|
|
changed_when: False
|
|
check_mode: no
|
|
run_once: true
|
|
|
|
- name: Checking if external haproxy certificate exists
|
|
run_once: true
|
|
local_action: stat path={{ kolla_external_fqdn_cert }}
|
|
register: haproxy_cert_file
|
|
changed_when: false
|
|
when: kolla_enable_tls_external | bool
|
|
|
|
- name: Fail if external haproxy certificate is absent
|
|
run_once: true
|
|
local_action: fail msg="External haproxy certificate file is not found. It is configured via 'kolla_external_fqdn_cert'"
|
|
when:
|
|
- kolla_enable_tls_external | bool
|
|
- haproxy_cert_file.stat.exists == false
|
|
|
|
- name: Checking if internal haproxy certificate exists
|
|
run_once: true
|
|
local_action: stat path={{ kolla_internal_fqdn_cert }}
|
|
register: haproxy_internal_cert_file
|
|
changed_when: false
|
|
when: kolla_enable_tls_internal | bool
|
|
|
|
- name: Fail if internal haproxy certificate is absent
|
|
run_once: true
|
|
local_action: fail msg="Internal haproxy certificate file is not found. It is configured via 'kolla_internal_fqdn_cert'"
|
|
when:
|
|
- kolla_enable_tls_internal | bool
|
|
- haproxy_internal_cert_file.stat.exists == false
|
|
|
|
- name: Checking the kolla_external_vip_interface is present
|
|
fail: "msg='Please check the kolla_external_vip_interface property - interface {{ kolla_external_vip_interface }} not found'"
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- kolla_external_vip_interface not in ansible_interfaces
|
|
|
|
- name: Checking the kolla_external_vip_interface is active
|
|
fail: "msg='Please check the kolla_external_vip_interface settings - interface {{ kolla_external_vip_interface }} is not active'"
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- hostvars[inventory_hostname]['ansible_' + kolla_external_vip_interface]['active'] != True
|
|
|
|
- name: Checking if kolla_internal_vip_address and kolla_external_vip_address are not pingable from any node
|
|
command: "{{ item.command }} -c 3 {{ item.address }}"
|
|
register: ping_output
|
|
changed_when: false
|
|
failed_when: ping_output.rc != 1
|
|
with_items:
|
|
- address: "{{ kolla_internal_vip_address }}"
|
|
command: "{{ 'ping' if kolla_internal_vip_address|ipv4 else 'ping6' }}"
|
|
- address: "{{ kolla_external_vip_address }}"
|
|
command: "{{ 'ping' if kolla_external_vip_address|ipv4 else 'ping6' }}"
|
|
when:
|
|
- enable_keepalived | bool
|
|
- "host_running_keepalived == 'None'"
|
|
- enable_haproxy | bool
|
|
|
|
- name: Checking free port for HAProxy stats
|
|
wait_for:
|
|
host: "{{ api_interface_address }}"
|
|
port: "{{ haproxy_stats_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- container_facts['haproxy'] is not defined
|
|
- inventory_hostname in groups['haproxy']
|
|
|
|
- name: Checking free port for HAProxy monitor (api interface)
|
|
wait_for:
|
|
host: "{{ api_interface_address }}"
|
|
port: "{{ haproxy_monitor_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- container_facts['haproxy'] is not defined
|
|
- inventory_hostname in groups['haproxy']
|
|
|
|
- name: Checking free port for HAProxy monitor (vip interface)
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ haproxy_monitor_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- container_facts['haproxy'] is not defined
|
|
- inventory_hostname in groups['haproxy']
|
|
- api_interface_address != kolla_internal_vip_address
|
|
|
|
- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes
|
|
command: ip -o addr show dev {{ api_interface }}
|
|
register: ip_addr_output
|
|
changed_when: false
|
|
failed_when: >-
|
|
'169.254.' not in kolla_internal_vip_address and
|
|
( ip_addr_output is failed or
|
|
kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none)
|
|
when:
|
|
- enable_haproxy | bool
|
|
- enable_keepalived | bool
|
|
- container_facts['keepalived'] is not defined
|
|
- inventory_hostname in groups['haproxy']
|
|
|
|
- name: Getting haproxy stat
|
|
shell: echo "show stat" | docker exec -i haproxy socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio
|
|
register: haproxy_stat_shell
|
|
changed_when: false
|
|
failed_when: false
|
|
when: container_facts['haproxy'] is defined
|
|
|
|
- set_fact:
|
|
haproxy_stat: "{{ haproxy_stat_shell.stdout|default('') }}"
|
|
|
|
- name: Checking free port for Aodh API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ aodh_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_aodh | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('aodh_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Barbican API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ barbican_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_barbican | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('barbican_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Blazar API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ blazar_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_blazar | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('blazar_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Cinder API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cinder_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cinder | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('cinder_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Cloudkitty API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cloudkitty_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cloudkitty | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('cloudkitty_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Congress API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ congress_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_congress | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('congress_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Cyborg API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cyborg_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cyborg | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('cyborg_api') == -1
|
|
|
|
- name: Checking free port for Designate API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ designate_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_designate | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('designate_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Elasticsearch HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ elasticsearch_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_elasticsearch | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('elasticsearch') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Glance API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ glance_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_glance | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('glance_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Gnocchi API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ gnocchi_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_gnocchi | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('gnocchi_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Freezer API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ freezer_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_freezer | bool
|
|
- haproxy_stat.find('freezer_api') == -1
|
|
- inventory_hostname in groups['haproxy']
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Grafana server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ grafana_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_grafana | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('grafana_server') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Heat API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ heat_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_heat | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('heat_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Heat API CFN HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ heat_api_cfn_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_heat | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('heat_api_cfn') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Horizon HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ horizon_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_horizon | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('horizon') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Ironic API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ ironic_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ironic | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('ironic_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Ironic Inspector HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ ironic_inspector_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ironic | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('ironic_inspector') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Karbor Admin HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ karbor_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_karbor | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('karbor_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Keystone Admin HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ keystone_admin_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_keystone | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('keystone_admin') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Keystone Internal HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ keystone_public_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_keystone | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('keystone_internal') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Keystone Public HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_external_vip_address }}"
|
|
port: "{{ keystone_public_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- enable_keystone | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('keystone_external') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Kibana HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ kibana_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_kibana | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('kibana') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Magnum API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ magnum_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_magnum | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('magnum_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Manila API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ manila_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_manila | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('manila_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for MariaDB HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ database_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_mariadb | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('mariadb') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Masakari API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ masakari_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_masakari | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('masakari_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Mistral API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ mistral_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_mistral | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('mistral_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca API internal HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ monasca_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca API public HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_external_vip_address }}"
|
|
port: "{{ monasca_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_api_external') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca Log API internal HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ monasca_log_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_log_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca Log API public HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_external_vip_address }}"
|
|
port: "{{ monasca_log_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_log_api_external') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca Grafana API internal HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ monasca_grafana_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_grafana_server') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Monasca Grafana API public HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_external_vip_address }}"
|
|
port: "{{ monasca_grafana_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- enable_monasca | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('monasca_grafana_server_external') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Mongodb HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ mongodb_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_mongodb | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('mongodb') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Murano API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ murano_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_murano | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('murano_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Neutron Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ neutron_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_neutron | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('neutron_server') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('nova_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova Metadata HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_metadata_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('nova_metadata') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova NoVNC HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_novncproxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- nova_console == 'novnc'
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('nova_novncproxy') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova Serial Proxy HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_serialproxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- haproxy_stat.find('nova_serialconsole_proxy') == -1
|
|
- enable_nova_serialconsole_proxy | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova Spice HTML5 HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_spicehtml5proxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- nova_console == 'spice'
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('nova_spicehtml5proxy') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Nova Placement API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ placement_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('placement_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Octavia API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ octavia_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_octavia | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('octavia_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Panko API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ panko_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_panko | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('panko_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Qinling API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ qinling_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_qinling | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('qinling_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for RabbitMQ Management HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ rabbitmq_management_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_rabbitmq | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('rabbitmq_management') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for outward RabbitMQ Management HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ outward_rabbitmq_management_port }}"
|
|
connect_timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_outward_rabbitmq | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('outward_rabbitmq_management') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for RadosGW HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ rgw_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ceph_rgw | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('radosgw') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Sahara API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ sahara_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_sahara | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('sahara_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Searchlight API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ searchlight_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_searchlight | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('searchlight_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Senlin API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ senlin_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_senlin | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('senlin_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Solum Application Deployment HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ solum_application_deployment_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_solum | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('solum_application_deployment') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Solum Image Builder HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ solum_image_builder_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_solum | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('solum_image_builder') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Swift Proxy Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ swift_proxy_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_swift | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('swift_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Tacker Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ tacker_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_tacker | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('tacker_server') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Trove API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ trove_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_trove | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('trove_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Watcher API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ watcher_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_watcher | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('watcher_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Zun API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ zun_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_zun | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('zun_api') == -1
|
|
- "host_running_haproxy == 'None'"
|
|
|
|
- name: Checking free port for Vitrage API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ vitrage_api_port }}"
|
|
connect_timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_vitrage | bool
|
|
- inventory_hostname in groups['haproxy']
|
|
- haproxy_stat.find('vitrage_api') == -1
|
|
- "host_running_haproxy == 'None'"
|