---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- hosts: haproxy_hosts
  vars_files:
    - "{{ haproxy_keepalived_vars_file | default('vars/configs/keepalived_haproxy.yml')}}"
  roles:
    - role: "keepalived"
      keepalived_sync_groups: "{{ keepalived_master_sync_groups }}"
      keepalived_scripts: "{{ keepalived_master_scripts }}"
      keepalived_instances: "{{ keepalived_master_instances }}"
      when: >
        haproxy_use_keepalived|bool and
        inventory_hostname in groups['haproxy_hosts'][0]
    - role: "keepalived"
      keepalived_sync_groups: "{{ keepalived_backup_sync_groups }}"
      keepalived_scripts: "{{ keepalived_backup_scripts }}"
      keepalived_instances: "{{ keepalived_backup_instances }}"
      when: >
        haproxy_use_keepalived|bool and
        inventory_hostname in groups['haproxy_hosts'][1:]

- name: Install haproxy
  hosts: haproxy_hosts
  max_fail_percentage: 20
  user: root
  pre_tasks:
    - name: Remove legacy haproxy configuration files
      file:
        dest: "/etc/haproxy/conf.d/{{ item }}"
        state: "absent"
      with_items:
        - "keystone_internal"
      when: internal_lb_vip_address == external_lb_vip_address
      tags:
        - haproxy-service-config
  post_tasks:
    - name: Add keystone internal endpoint config
      include: roles/haproxy_server/tasks/haproxy_service_config.yml
      when: internal_lb_vip_address != external_lb_vip_address
      vars_files:
         - vars/configs/haproxy_config.yml
      vars:
        haproxy_service_configs:
          - service:
              haproxy_service_name: keystone_internal
              haproxy_backend_nodes: "{{ groups['keystone_all'] }}"
              haproxy_bind: "{{ internal_lb_vip_address }}"
              haproxy_port: 5000
              haproxy_ssl: "{% if haproxy_ssl | bool and keystone_service_internaluri_proto == 'https' %}true{% else %}false{% endif %}"
              haproxy_balance_type: "{{ (keystone_ssl_internal | bool) | ternary('tcp','http') }}"
              haproxy_balance_alg: "{{ (keystone_ssl_internal | bool) | ternary('source', 'leastconn') }}"
              haproxy_backend_options: "{{ (keystone_ssl_internal | bool) | ternary(haproxy_backend_options_https, haproxy_backend_options_http) }}"
      tags:
        - haproxy-service-config
  roles:
    - { role: "haproxy_server", tags: [ "haproxy-server" ] }
  vars_files:
    - vars/configs/haproxy_config.yml
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"