openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/inventory/group_vars/cinder_all.yml
Damian Dabrowski e9445504f4 Add support for TLS backends 
This patch allows haproxy to communicate with service backends over TLS.

It's disabled by default and each service role needs to have TLS backend
support implemented to get it working.

For example, TLS support for glance was added in [1]

[1] https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/821011

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/880872

Change-Id: I5fc507f4031dcf63ed95dae307c30d9f436ef3da
2023-04-25 15:24:24 +02:00

45 lines
2.2 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If there are Swift hosts in the environment, then enable cinder backups to it
cinder_service_backup_program_enabled: "{{ hostvars['localhost']['cinder_service_backup_program_enabled'] }}"
# These are here rather than in cinder_all because
# both the os_ceilometer and os_cinder roles require them
# If there are Swift hosts in the environment, then use it as the default Glance store
# This is specifically duplicated from glance_all for the cinder_glance_api_version
# setting below.
glance_default_store: "{{ ((groups['swift_all'] is defined) and (groups['swift_all'] | length > 0)) | ternary('swift', 'file') }}"
# cinder_backend_lvm_inuse: True if current host has an lvm backend
cinder_backend_lvm_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.lvm.LVMVolumeDriver") != -1 }}'
haproxy_cinder_api_service:
haproxy_service_name: cinder_api
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_port: 8776
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_service_enabled: "{{ groups['cinder_api'] is defined and groups['cinder_api'] | length > 0 }}"
cinder_haproxy_services:
- "{{ haproxy_cinder_api_service | combine(haproxy_cinder_api_service_overrides | default({})) }}"
View Git Blame Copy Permalink