From 65a8c2413e1e8f91fd6d712cb84af2ab01784299 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 5 Jan 2021 13:45:41 +0200 Subject: [PATCH] Add haproxy_*_service variables This aims to ease override of the specific service listen port or other haproxy frontend/backend setting without override of all backends. Change-Id: I051539fc3bbd3bfcddc30048348c571dd6a5c7e1 --- inventory/group_vars/haproxy/haproxy.yml | 993 ++++++++++-------- ...xy_service_variables-ffd7958b20dfe92c.yaml | 7 + 2 files changed, 539 insertions(+), 461 deletions(-) create mode 100644 releasenotes/notes/haproxy_service_variables-ffd7958b20dfe92c.yaml diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml index 7cc19c8cbf..087ec49bda 100644 --- a/inventory/group_vars/haproxy/haproxy.yml +++ b/inventory/group_vars/haproxy/haproxy.yml @@ -40,465 +40,536 @@ haproxy_security_txt_acl: rule: "path_end /security.txt" backend_name: keystone_service +haproxy_adjutant_api_service: + haproxy_service_name: adjutant_api + haproxy_backend_nodes: "{{ groups['adjutant_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 5050 + haproxy_balance_type: http + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['adjutant_api'] is defined and groups['adjutant_api'] | length > 0 }}" + +haproxy_aodh_api_service: + haproxy_service_name: aodh_api + haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8042 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['aodh_api'] is defined and groups['aodh_api'] | length > 0 }}" + +haproxy_barbican_service: + haproxy_service_name: barbican + haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9311 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['barbican_api'] is defined and groups['barbican_api'] | length > 0 }}" + +haproxy_ceph_rgw_service: + haproxy_service_name: ceph-rgw + haproxy_backend_nodes: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) | ternary(groups['ceph-rgw'], ceph_rgws) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_alg: source + haproxy_port: "{{ radosgw_service_port | default(7980) }}" + haproxy_balance_type: http + haproxy_backend_options: + - httpchk HEAD / + haproxy_backend_httpcheck_options: + - expect rstatus 200|405 + haproxy_service_enabled: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) or (ceph_rgws | length > 0) }}" + +haproxy_cinder_api_service: + haproxy_service_name: cinder_api + haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8776 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['cinder_api'] is defined and groups['cinder_api'] | length > 0 }}" + +haproxy_designate_api_service: + haproxy_service_name: designate_api + haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9001 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + - "httplog" + haproxy_service_enabled: "{{ groups['designate_api'] is defined and groups['designate_api'] | length > 0 }}" + +haproxy_galera_service: + haproxy_service_name: galera + haproxy_backend_nodes: "{{ (groups['galera_all'] | default([]))[:1] }}" # list expected + haproxy_backup_nodes: "{{ (groups['galera_all'] | default([]))[1:] }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 3306 + haproxy_check_port: 9200 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" + haproxy_service_enabled: "{{ groups['galera_all'] is defined and groups['galera_all'] | length > 0 }}" + +haproxy_glance_api_service: + haproxy_service_name: glance_api + haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9292 + haproxy_balance_type: http + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['glance_api'] is defined and groups['glance_api'] | length > 0 }}" + +haproxy_gnocchi_service: + haproxy_service_name: gnocchi + haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" + haproxy_port: 8041 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" + +haproxy_heat_api_cfn_service: + haproxy_service_name: heat_api_cfn + haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" + haproxy_port: 8000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['heat_api_cfn'] is defined and groups['heat_api_cfn'] | length > 0 }}" + +haproxy_heat_api_service: + haproxy_service_name: heat_api + haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" + haproxy_port: 8004 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['heat_api'] is defined and groups['heat_api'] | length > 0 }}" + +haproxy_horizon_service: + haproxy_service_name: horizon + haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: true + haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" + haproxy_backend_port: 80 + haproxy_redirect_http_port: 80 + haproxy_balance_type: http + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}" + haproxy_redirect_scheme: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary('https if !{ ssl_fc } !{ path_beg /.well-known/acme-challenge/ }', 'https if !{ ssl_fc }') }}" + haproxy_frontend_acls: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary(haproxy_ssl_letsencrypt_acl, {}) }}" + haproxy_acls: "{{ keystone_security_txt_content is defined | ternary(haproxy_security_txt_acl, {}) }}" + +haproxy_ironic_api_service: + haproxy_service_name: ironic_api + haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 6385 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['ironic_api'] is defined and groups['ironic_api'] | length > 0 }}" + +haproxy_ironic_inspector_service: + haproxy_service_name: ironic_inspector + haproxy_backend_nodes: "{{ groups['ironic_inspector'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 5050 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['ironic_inspector'] is defined and groups['ironic_inspector'] | length > 0 }}" + +haproxy_keystone_service: + haproxy_service_name: keystone_service + haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" + haproxy_port: 5000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: "http" + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['keystone_all'] is defined and groups['keystone_all'] | length > 0 }}" + +haproxy_letsencrypt_service: + haproxy_service_name: letsencrypt + haproxy_backend_nodes: "{{ groups['haproxy_all'] }}" + backend_rise: 1 + backend_fall: 2 + haproxy_bind: + - 127.0.0.1 + haproxy_port: "{{ haproxy_ssl_letsencrypt_certbot_backend_port }}" + haproxy_balance_type: http + haproxy_service_enabled: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) }}" + +haproxy_magnum_service: + haproxy_service_name: magnum + haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9511 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['magnum_all'] is defined and groups['magnum_all'] | length > 0 }}" + +haproxy_manila_service: + haproxy_service_name: manila + haproxy_backend_nodes: "{{ groups['manila_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8786 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['manila_api'] is defined and groups['manila_api'] | length > 0 }}" + +haproxy_masakari_api_service: + haproxy_service_name: masakari_api + haproxy_backend_nodes: "{{ groups['masakari_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 15868 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['masakari_api'] is defined and groups['masakari_api'] | length > 0 }}" + +haproxy_mistral_service: + haproxy_service_name: mistral + haproxy_backend_nodes: "{{ groups['mistral_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8989 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['mistral_all'] is defined and groups['mistral_all'] | length > 0 }}" + +haproxy_murano_service: + haproxy_service_name: murano + haproxy_backend_nodes: "{{ groups['murano_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8082 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - "expect status 401" + haproxy_service_enabled: "{{ groups['murano_all'] is defined and groups['murano_all'] | length > 0 }}" + +haproxy_neutron_server_service: + haproxy_service_name: neutron_server + haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" + haproxy_port: 9696 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['neutron_server'] is defined and groups['neutron_server'] | length > 0 }}" + +haproxy_nova_api_metadata_service: + haproxy_service_name: nova_api_metadata + haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8775 + haproxy_ssl: "{{ haproxy_ssl_all_vips }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" + haproxy_service_enabled: "{{ groups['nova_api_metadata'] is defined and groups['nova_api_metadata'] | length > 0 }}" + +haproxy_nova_api_compute_service: + haproxy_service_name: nova_api_os_compute + haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8774 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['nova_api_os_compute'] is defined and groups['nova_api_os_compute'] | length > 0 }}" + +haproxy_nova_console_service: + haproxy_service_name: nova_console + haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: "{{ hostvars[(groups['nova_console'] | default(['localhost']))[0] | default('localhost')]['nova_console_port'] | default(6082) }}" + haproxy_balance_type: http + haproxy_timeout_client: 60m + haproxy_timeout_server: 60m + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD {{ hostvars[(groups['nova_console'] | default(['localhost']))[0] | default('localhost')]['nova_console_path'] | default('/spice_auto.html') }} HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - "expect status 200" + haproxy_service_enabled: "{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 }}" + +haproxy_octavia_service: + haproxy_service_name: octavia + haproxy_backend_nodes: "{{ groups['octavia_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9876 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['octavia_all'] is defined and groups['octavia_all'] | length > 0 }}" + +haproxy_opendaylight_neutron_service: + haproxy_service_name: opendaylight-neutron + haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8180 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}" + haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}" + +haproxy_opendaylight_websocket_service: + haproxy_service_name: opendaylight-websocket + haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8185 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}" + haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}" + +haproxy_ovn_northbound_service: + haproxy_service_name: neutron_ovn_northd_northbound + haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" # list expected + haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" + haproxy_port: 6641 + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_balance_type: tcp + haproxy_timeout_client: 90m + haproxy_timeout_server: 90m + haproxy_backend_options: + - tcpka + haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" + +haproxy_ovn_southbound_service: + haproxy_service_name: neutron_ovn_northd_southbound + haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" + haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" + haproxy_port: 6642 + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_balance_type: tcp + haproxy_timeout_client: 90m + haproxy_timeout_server: 90m + haproxy_backend_options: + - tcpka + haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" + +haproxy_ovn_ovsdb_service: + haproxy_service_name: neutron_ovn_ovsdb_server + haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" + haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" + haproxy_port: 6640 + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_balance_type: tcp + haproxy_timeout_client: 90m + haproxy_timeout_server: 90m + haproxy_backend_options: + - tcpka + haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" + +haproxy_panko_api_service: + haproxy_service_name: panko_api + haproxy_backend_nodes: "{{ groups['panko_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8777 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + - "httplog" + haproxy_service_enabled: "{{ groups['panko_all'] is defined and groups['panko_all'] | length > 0 }}" + +haproxy_placement_service: + haproxy_service_name: placement + haproxy_backend_nodes: "{{ groups['placement_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8780 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['placement_all'] is defined and groups['placement_all'] | length > 0 }}" + +haproxy_rabbitmq_service: + haproxy_service_name: rabbitmq_mgmt + haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" + haproxy_ssl: False + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 15672 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" + haproxy_service_enabled: "{{ groups['rabbitmq'] is defined and groups['rabbitmq'] | length > 0 }}" + +haproxy_repo_service: + haproxy_service_name: repo_all + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8181 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /repo_sync_complete HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - "expect status 200" + haproxy_service_enabled: "{{ groups['repo_all'] is defined and groups['repo_all'] | length > 0 }}" + +haproxy_sahara_api_service: + haproxy_service_name: sahara_api + haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_alg: source + haproxy_port: 8386 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['sahara_api'] is defined and groups['sahara_api'] | length > 0 }}" + +haproxy_senlin_api_service: + haproxy_service_name: senlin_api + haproxy_backend_nodes: "{{ groups['senlin_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8778 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['senlin_api'] is defined and groups['senlin_api'] | length > 0 }}" + +haproxy_swift_proxy_service: + haproxy_service_name: swift_proxy + haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_balance_alg: source + haproxy_port: 8080 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['swift_proxy'] is defined and groups['swift_proxy'] | length > 0 }}" + +haproxy_tacker_service: + haproxy_service_name: tacker + haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9890 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + - "httplog" + haproxy_service_enabled: "{{ groups['tacker_all'] is defined and groups['tacker_all'] | length > 0 }}" + +haproxy_trove_service: + haproxy_service_name: trove + haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 8779 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['trove_api'] is defined and groups['trove_api'] | length > 0 }}" + +haproxy_zun_api_service: + haproxy_service_name: zun_api + haproxy_backend_nodes: "{{ groups['zun_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" + haproxy_port: 9517 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}" + haproxy_default_services: - - service: - haproxy_service_name: galera - haproxy_backend_nodes: "{{ (groups['galera_all'] | default([]))[:1] }}" # list expected - haproxy_backup_nodes: "{{ (groups['galera_all'] | default([]))[1:] }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 3306 - haproxy_check_port: 9200 - haproxy_balance_type: tcp - haproxy_timeout_client: 5000s - haproxy_timeout_server: 5000s - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" - haproxy_service_enabled: "{{ groups['galera_all'] is defined and groups['galera_all'] | length > 0 }}" - - service: - haproxy_service_name: repo_git - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 9418 - haproxy_balance_type: tcp - haproxy_backend_options: - - tcp-check - haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}" - haproxy_service_enabled: "{{ groups['repo_all'] is defined and groups['repo_all'] | length > 0 }}" - state: absent - - service: - haproxy_service_name: repo_all - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8181 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /repo_sync_complete HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_backend_httpcheck_options: - - "expect status 200" - haproxy_service_enabled: "{{ groups['repo_all'] is defined and groups['repo_all'] | length > 0 }}" - - service: - haproxy_service_name: glance_api - haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9292 - haproxy_balance_type: http - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['glance_api'] is defined and groups['glance_api'] | length > 0 }}" - - service: - haproxy_service_name: gnocchi - haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" - haproxy_port: 8041 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" - - service: - haproxy_service_name: heat_api_cfn - haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" - haproxy_port: 8000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['heat_api_cfn'] is defined and groups['heat_api_cfn'] | length > 0 }}" - - service: - haproxy_service_name: heat_api - haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" - haproxy_port: 8004 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['heat_api'] is defined and groups['heat_api'] | length > 0 }}" - - service: - haproxy_service_name: keystone_service - haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" - haproxy_port: 5000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['keystone_all'] is defined and groups['keystone_all'] | length > 0 }}" - - service: - haproxy_service_name: neutron_server - haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" - haproxy_port: 9696 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['neutron_server'] is defined and groups['neutron_server'] | length > 0 }}" - - service: - haproxy_service_name: nova_api_metadata - haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8775 - haproxy_ssl: "{{ haproxy_ssl_all_vips }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" - haproxy_service_enabled: "{{ groups['nova_api_metadata'] is defined and groups['nova_api_metadata'] | length > 0 }}" - - service: - haproxy_service_name: nova_api_os_compute - haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8774 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['nova_api_os_compute'] is defined and groups['nova_api_os_compute'] | length > 0 }}" - - service: - haproxy_service_name: placement - haproxy_backend_nodes: "{{ groups['placement_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8780 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['placement_all'] is defined and groups['placement_all'] | length > 0 }}" - - service: - haproxy_service_name: nova_console - haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: "{{ hostvars[(groups['nova_console'] | default(['localhost']))[0] | default('localhost')]['nova_console_port'] | default(6082) }}" - haproxy_balance_type: http - haproxy_timeout_client: 60m - haproxy_timeout_server: 60m - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD {{ hostvars[(groups['nova_console'] | default(['localhost']))[0] | default('localhost')]['nova_console_path'] | default('/spice_auto.html') }} HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_backend_httpcheck_options: - - "expect status 200" - haproxy_service_enabled: "{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 }}" - - service: - haproxy_service_name: cinder_api - haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8776 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['cinder_api'] is defined and groups['cinder_api'] | length > 0 }}" - - service: - haproxy_service_name: horizon - haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: true - haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" - haproxy_backend_port: 80 - haproxy_redirect_http_port: 80 - haproxy_balance_type: http - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}" - haproxy_redirect_scheme: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary('https if !{ ssl_fc } !{ path_beg /.well-known/acme-challenge/ }', 'https if !{ ssl_fc }') }}" - haproxy_frontend_acls: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary(haproxy_ssl_letsencrypt_acl, {}) }}" - haproxy_acls: "{{ keystone_security_txt_content is defined | ternary(haproxy_security_txt_acl, {}) }}" - - service: - haproxy_service_name: letsencrypt - haproxy_backend_nodes: "{{ groups['haproxy_all'] }}" - backend_rise: 1 - backend_fall: 2 - haproxy_bind: - - 127.0.0.1 - haproxy_port: "{{ haproxy_ssl_letsencrypt_certbot_backend_port }}" - haproxy_balance_type: http - haproxy_service_enabled: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) }}" - - service: - haproxy_service_name: sahara_api - haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_alg: source - haproxy_port: 8386 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['sahara_api'] is defined and groups['sahara_api'] | length > 0 }}" - - service: - haproxy_service_name: senlin_api - haproxy_backend_nodes: "{{ groups['senlin_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8778 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['senlin_api'] is defined and groups['senlin_api'] | length > 0 }}" - - service: - haproxy_service_name: swift_proxy - haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_alg: source - haproxy_port: 8080 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['swift_proxy'] is defined and groups['swift_proxy'] | length > 0 }}" - - service: - haproxy_service_name: adjutant_api - haproxy_backend_nodes: "{{ groups['adjutant_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 5050 - haproxy_balance_type: http - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['adjutant_api'] is defined and groups['adjutant_api'] | length > 0 }}" - - service: - haproxy_service_name: aodh_api - haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8042 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['aodh_api'] is defined and groups['aodh_api'] | length > 0 }}" - - service: - haproxy_service_name: ironic_api - haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 6385 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['ironic_api'] is defined and groups['ironic_api'] | length > 0 }}" - - service: - haproxy_service_name: ironic_inspector - haproxy_backend_nodes: "{{ groups['ironic_inspector'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 5050 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['ironic_inspector'] is defined and groups['ironic_inspector'] | length > 0 }}" - - service: - haproxy_service_name: rabbitmq_mgmt - haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" - haproxy_ssl: False - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 15672 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" - haproxy_service_enabled: "{{ groups['rabbitmq'] is defined and groups['rabbitmq'] | length > 0 }}" - - service: - haproxy_service_name: magnum - haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9511 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['magnum_all'] is defined and groups['magnum_all'] | length > 0 }}" - - service: - haproxy_service_name: manila - haproxy_backend_nodes: "{{ groups['manila_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8786 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['manila_api'] is defined and groups['manila_api'] | length > 0 }}" - - service: - haproxy_service_name: masakari_api - haproxy_backend_nodes: "{{ groups['masakari_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 15868 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['masakari_api'] is defined and groups['masakari_api'] | length > 0 }}" - - service: - haproxy_service_name: mistral - haproxy_backend_nodes: "{{ groups['mistral_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8989 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['mistral_all'] is defined and groups['mistral_all'] | length > 0 }}" - - service: - haproxy_service_name: murano - haproxy_backend_nodes: "{{ groups['murano_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8082 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_backend_httpcheck_options: - - "expect status 401" - haproxy_service_enabled: "{{ groups['murano_all'] is defined and groups['murano_all'] | length > 0 }}" - - service: - haproxy_service_name: trove - haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8779 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['trove_api'] is defined and groups['trove_api'] | length > 0 }}" - - service: - haproxy_service_name: barbican - haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9311 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['barbican_api'] is defined and groups['barbican_api'] | length > 0 }}" - - service: - haproxy_service_name: designate_api - haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9001 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - - "httplog" - haproxy_service_enabled: "{{ groups['designate_api'] is defined and groups['designate_api'] | length > 0 }}" - - service: - haproxy_service_name: octavia - haproxy_backend_nodes: "{{ groups['octavia_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9876 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['octavia_all'] is defined and groups['octavia_all'] | length > 0 }}" - - service: - haproxy_service_name: tacker - haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9890 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - - "httplog" - haproxy_service_enabled: "{{ groups['tacker_all'] is defined and groups['tacker_all'] | length > 0 }}" - - service: - haproxy_service_name: opendaylight-neutron - haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8180 - haproxy_balance_type: tcp - haproxy_timeout_client: 5000s - haproxy_timeout_server: 5000s - haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}" - haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}" - - service: - haproxy_service_name: opendaylight-websocket - haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8185 - haproxy_balance_type: tcp - haproxy_timeout_client: 5000s - haproxy_timeout_server: 5000s - haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}" - haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}" - - service: - haproxy_service_name: ceph-rgw - haproxy_backend_nodes: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) | ternary(groups['ceph-rgw'], ceph_rgws) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_balance_alg: source - haproxy_port: "{{ radosgw_service_port | default(7980) }}" - haproxy_balance_type: http - haproxy_backend_options: - - httpchk HEAD / - haproxy_backend_httpcheck_options: - - expect rstatus 200|405 - haproxy_service_enabled: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) or (ceph_rgws | length > 0) }}" - - service: - haproxy_service_name: neutron_ovn_northd_northbound - haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" # list expected - haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" - haproxy_port: 6641 - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_balance_type: tcp - haproxy_timeout_client: 90m - haproxy_timeout_server: 90m - haproxy_backend_options: - - tcpka - haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" - - service: - haproxy_service_name: neutron_ovn_northd_southbound - haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" - haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" - haproxy_port: 6642 - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_balance_type: tcp - haproxy_timeout_client: 90m - haproxy_timeout_server: 90m - haproxy_backend_options: - - tcpka - haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" - - service: - haproxy_service_name: neutron_ovn_ovsdb_server - haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" - haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}" - haproxy_port: 6640 - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_balance_type: tcp - haproxy_timeout_client: 90m - haproxy_timeout_server: 90m - haproxy_backend_options: - - tcpka - haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}" - - service: - haproxy_service_name: panko_api - haproxy_backend_nodes: "{{ groups['panko_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 8777 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - - "httplog" - haproxy_service_enabled: "{{ groups['panko_all'] is defined and groups['panko_all'] | length > 0 }}" - - service: - haproxy_service_name: zun_api - haproxy_backend_nodes: "{{ groups['zun_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" - haproxy_port: 9517 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}" + - service: "{{ haproxy_adjutant_api_service }}" + - service: "{{ haproxy_aodh_api_service }}" + - service: "{{ haproxy_barbican_service }}" + - service: "{{ haproxy_ceph_rgw_service }}" + - service: "{{ haproxy_cinder_api_service }}" + - service: "{{ haproxy_designate_api_service }}" + - service: "{{ haproxy_galera_service }}" + - service: "{{ haproxy_glance_api_service }}" + - service: "{{ haproxy_gnocchi_service }}" + - service: "{{ haproxy_heat_api_cfn_service }}" + - service: "{{ haproxy_heat_api_service }}" + - service: "{{ haproxy_horizon_service }}" + - service: "{{ haproxy_ironic_api_service }}" + - service: "{{ haproxy_ironic_inspector_service }}" + - service: "{{ haproxy_keystone_service }}" + - service: "{{ haproxy_letsencrypt_service }}" + - service: "{{ haproxy_magnum_service }}" + - service: "{{ haproxy_manila_service }}" + - service: "{{ haproxy_masakari_api_service }}" + - service: "{{ haproxy_mistral_service }}" + - service: "{{ haproxy_murano_service }}" + - service: "{{ haproxy_neutron_server_service }}" + - service: "{{ haproxy_nova_api_metadata_service }}" + - service: "{{ haproxy_nova_api_compute_service }}" + - service: "{{ haproxy_nova_console_service }}" + - service: "{{ haproxy_octavia_service }}" + - service: "{{ haproxy_opendaylight_neutron_service }}" + - service: "{{ haproxy_opendaylight_websocket_service }}" + - service: "{{ haproxy_ovn_northbound_service }}" + - service: "{{ haproxy_ovn_southbound_service }}" + - service: "{{ haproxy_ovn_ovsdb_service }}" + - service: "{{ haproxy_panko_api_service }}" + - service: "{{ haproxy_placement_service }}" + - service: "{{ haproxy_rabbitmq_service }}" + - service: "{{ haproxy_repo_service }}" + - service: "{{ haproxy_sahara_api_service }}" + - service: "{{ haproxy_senlin_api_service }}" + - service: "{{ haproxy_swift_proxy_service }}" + - service: "{{ haproxy_tacker_service }}" + - service: "{{ haproxy_trove_service }}" + - service: "{{ haproxy_zun_api_service }}" diff --git a/releasenotes/notes/haproxy_service_variables-ffd7958b20dfe92c.yaml b/releasenotes/notes/haproxy_service_variables-ffd7958b20dfe92c.yaml new file mode 100644 index 0000000000..4874991b35 --- /dev/null +++ b/releasenotes/notes/haproxy_service_variables-ffd7958b20dfe92c.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Created series of variables ``haproxy_*_service`` that contain specific to + the service haproxy configuration block. This allows deployers to + selectively adjust haproxy frontend/backend configuration for specific + service only, without need to override whole haproxy_default_services.