diff --git a/inventory/group_vars/all/infra.yml b/inventory/group_vars/all/infra.yml index ef06fa0da6..eb5ddb9963 100644 --- a/inventory/group_vars/all/infra.yml +++ b/inventory/group_vars/all/infra.yml @@ -18,7 +18,12 @@ rabbitmq_host_group: "rabbitmq_all" rabbitmq_port: "{{ (rabbitmq_use_ssl | bool) | ternary(5671, 5672) }}" rabbitmq_use_ssl: True -rabbitmq_servers: "{% for host in groups[rabbitmq_host_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}" +rabbitmq_servers: >- + {{ + groups[rabbitmq_host_group] + | map('extract', hostvars, 'ansible_host') + | list | join(',') + }} ## Galera options galera_client_package_state: "{{ package_state }}" @@ -27,4 +32,10 @@ galera_root_user: "root" ## Memcached options memcached_port: 11211 -memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" +memcached_servers: >- + {{ + (groups['memcached_all'] | map('extract', hostvars, 'ansible_host') | list) + | map('regex_replace', '(.*)' ,'\\1:' ~ memcached_port) + | list + | join(',') + }} diff --git a/inventory/group_vars/all/keystone.yml b/inventory/group_vars/all/keystone.yml index bbd1238b6c..b6a24464c0 100644 --- a/inventory/group_vars/all/keystone.yml +++ b/inventory/group_vars/all/keystone.yml @@ -24,31 +24,31 @@ keystone_service_proto: http keystone_service_region: "{{ service_region }}" keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}" -keystone_service_adminuri_insecure: |- - {% set _insecure = false %} - {% if keystone_service_adminuri_proto == 'https' %} - {% set _insecure = not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined) %} - {% endif %} - {{ _insecure }} +keystone_service_adminuri_insecure: >- + {{ + (keystone_service_adminuri_proto == 'https') and + (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined)) + }} + keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}" keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}" -keystone_service_internaluri_insecure: |- - {% set _insecure = false %} - {% if keystone_service_internaluri_proto == 'https' %} - {% set _insecure = not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined) %} - {% endif %} - {{ _insecure }} +keystone_service_internaluri_insecure: >- + {{ + (keystone_service_internaluri_proto == 'https') and + (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined)) + }} + keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}" -keystone_service_publicuri_insecure: |- - {% set _insecure = false %} - {% if keystone_service_publicuri_proto == 'https' %} - {% set _insecure = not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined) %} - {% endif %} - {{ _insecure }} +keystone_service_publicuri_insecure: >- + {{ + (keystone_service_publicuri_proto == 'https') and + (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined)) + }} + keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}" keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3" diff --git a/inventory/group_vars/galera_all.yml b/inventory/group_vars/galera_all.yml index e70a42d97f..08a8da382b 100644 --- a/inventory/group_vars/galera_all.yml +++ b/inventory/group_vars/galera_all.yml @@ -30,7 +30,13 @@ galera_disable_privatedevices: "{{ ((properties.is_metal | default(false)) | boo # By default galera_monitoring xinetd app is open to 0.0.0.0/0 # This makes sure the monitoring is only restricted to the necessary nodes: # the load balancers, and the galera nodes. -galera_monitoring_allowed_source: "{% for node in groups['galera_all'] + groups['haproxy_all'] %}{{ hostvars[node]['ansible_host'] }} {% endfor %} 127.0.0.1" +galera_monitoring_allowed_source: >- + {{ + groups['galera_all'] | union(groups['haproxy_all']) + | map('extract', hostvars, 'ansible_host') + | list + | join(' ') ~ ' 127.0.0.1' + }} # Galera sessions are long lived, so if we do endpoint maintenance we will # force kill the sessions to force a failover to the active endpoint. diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml index 6227d9e9cd..dada5477e1 100644 --- a/inventory/group_vars/haproxy/haproxy.yml +++ b/inventory/group_vars/haproxy/haproxy.yml @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -haproxy_bind_on_non_local: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}" -haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}" +haproxy_bind_on_non_local: "{{ (groups.haproxy | length) > 1 }}" +haproxy_use_keepalived: "{{ (groups.haproxy | length) > 1 }}" keepalived_selinux_compile_rules: - keepalived_ping - keepalived_haproxy_pid_file diff --git a/inventory/group_vars/keystone_all.yml b/inventory/group_vars/keystone_all.yml index 40e395293b..1056ab415e 100644 --- a/inventory/group_vars/keystone_all.yml +++ b/inventory/group_vars/keystone_all.yml @@ -24,7 +24,8 @@ keystone_system_user_name: keystone keystone_external_ssl: "{{ openstack_external_ssl }}" -keystone_cache_servers: "[{% for host in groups['memcached_all'] %}\"{{ hostvars[host]['container_address'] }}:{{ memcached_port }}\"{% if not loop.last %},{% endif %}{% endfor %}]" +keystone_cache_servers: "{{ memcached_servers.split(',') }}" + keystone_service_in_ldap: "{{ service_ldap_backend_enabled }}" # Hosts allowed to override remote IP with X-Forwarded-For