--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Install haproxy hosts: haproxy_hosts max_fail_percentage: 20 user: root pre_tasks: - name: Remove legacy haproxy configuration files file: dest: "/etc/haproxy/conf.d/{{ item }}" state: "absent" with_items: - "keystone_internal" when: internal_lb_vip_address == external_lb_vip_address tags: - haproxy-service-config post_tasks: - name: Add keystone internal endpoint config include: roles/haproxy_server/tasks/haproxy_service_config.yml when: internal_lb_vip_address != external_lb_vip_address vars_files: - vars/configs/haproxy_config.yml vars: haproxy_service_configs: - service: haproxy_service_name: keystone_internal haproxy_backend_nodes: "{{ groups['keystone_all'] }}" haproxy_bind: "{{ internal_lb_vip_address }}" haproxy_port: 5000 haproxy_ssl: "{% if haproxy_ssl | bool and keystone_service_internaluri_proto == 'https' %}true{% else %}false{% endif %}" haproxy_balance_type: "{{ (keystone_ssl_internal | bool) | ternary('tcp','http') }}" haproxy_balance_alg: "{{ (keystone_ssl_internal | bool) | ternary('source', 'leastconn') }}" haproxy_backend_options: "{{ (keystone_ssl_internal | bool) | ternary(haproxy_backend_options_https, haproxy_backend_options_http) }}" tags: - haproxy-service-config roles: - { role: "haproxy_server", tags: [ "haproxy-server" ] } vars_files: - vars/configs/haproxy_config.yml vars: is_metal: "{{ properties.is_metal|default(false) }}"