Put etcd behind HTTP loadbalancer

etcd-compatible tooz drivers do not support multiple endpoints via
backend_url. We can put a loadbalancer in front of etcd and configure
backend_url to use the VIP instead. The issue with hard coding the first
host is that we break coordination if we take this host offline. In the
case of cinder, we would not be able to perform any volume related
operations.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: Ib684501ba03c386dc5ac71e5cbea05c99f191665

ansible/roles/etcd/defaults/main.yml

@@ -23,7 +23,13 @@ etcd_services:
     image: "{{ etcd_image_full }}"
     volumes: "{{ etcd_default_volumes + etcd_extra_volumes }}"
     dimensions: "{{ etcd_dimensions }}"
-
+    haproxy:
+      etcd:
+        enabled: true
+        mode: "http"
+        external: false
+        port: "{{ etcd_client_port }}"
+        tls_backend: "{{ etcd_enable_tls | bool }}"
 
 ####################
 # Docker

ansible/roles/etcd/tasks/loadbalancer.yml

@@ -0,0 +1,7 @@
+---
+- name: "Configure loadbalancer for {{ project_name }}"
+  import_role:
+    name: loadbalancer-config
+  vars:
+    project_services: "{{ etcd_services }}"
+  tags: always

ansible/site.yml

@@ -150,6 +150,11 @@
             tasks_from: loadbalancer
           tags: designate
           when: enable_designate | bool
+        - include_role:
+            name: etcd
+            tasks_from: loadbalancer
+          tags: etcd
+          when: enable_etcd | bool
         - include_role:
             name: freezer
             tasks_from: loadbalancer

releasenotes/notes/etcd-tcp-loadbalancer-08d9332ee3be9a8b.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    etcd is now exposed internally via HAProxy on ``etcd_client_port``.