openstack-ansible/playbooks/os-barbican-install.yml
Dmitriy Rabotyagov 9694ae8c23 Ensure disable/enable haproxy backends exists for all services
Right now we ensure that services are enabled/disabled while running
playbooks only for core services. At the same time some services still do
not have this mechanism, that might result in unexpected outages.

So we ensure that all service playbooks will behave in the same way and
disable backends in advance before playbook will do any modifications.

With that, setting variable `haproxy_drain: true` will ensure that moving
backend to the MAINT state will be graceful and all current connections
will close normally unless a timeout is reached, which is 2 min by default.

Closes-Bug: #2047017
Change-Id: I8554defec4df54d14be72ae9a1560907ff1aaddf
2024-01-04 15:33:53 +00:00

82 lines
2.7 KiB
YAML

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather barbican facts
hosts: barbican_all
gather_facts: "{{ osa_gather_facts | default(True) }}"
tasks:
- name: Gather additional facts
include_tasks: "common-tasks/gather-hardware-facts.yml"
when: osa_gather_facts | default(True)
tags:
- always
- name: Configure haproxy services
import_playbook: openstack.osa.haproxy_service_config
vars:
service_group: barbican_api
service_variable: "barbican_haproxy_services"
when: groups[service_group] | length > 0
tags:
- haproxy-service-config
- name: Installation and setup of barbican
hosts: barbican_all
gather_facts: false
serial: "{{ barbican_serial | default(['1','100%']) }}"
user: root
environment: "{{ deployment_environment_variables | default({}) }}"
vars_files:
- "defaults/{{ install_method }}_install.yml"
tags:
- barbican
pre_tasks:
# In order to ensure that any container, software or
# config file changes which causes a container/service
# restart do not cause an unexpected outage, we drain
# the load balancer back end for this container.
- name: Disabling haproxy backends
include_tasks: common-tasks/haproxy-endpoint-manage.yml
vars:
haproxy_backend: barbican-back
haproxy_state: disabled
when:
- "'barbican_api' in group_names"
- "groups['barbican_api'] | length > 1"
- name: Including container-setup tasks
include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
when: not is_metal
- name: Including unbound-clients tasks
include_tasks: common-tasks/unbound-clients.yml
when:
- hostvars['localhost']['resolvconf_enabled'] | bool
roles:
- role: "os_barbican"
post_tasks:
# Now that container changes are done, we can set
# the load balancer back end for this container
# to available again.
- name: Enabling haproxy backends
include_tasks: common-tasks/haproxy-endpoint-manage.yml
vars:
haproxy_backend: barbican-back
haproxy_state: enabled
when:
- "'barbican_api' in group_names"
- "groups['barbican_api'] | length > 1"