--- - import_role: name: service-precheck vars: service_precheck_services: "{{ loadbalancer_services }}" service_name: "{{ project_name }}" - name: Get container facts become: true kolla_container_facts: name: - haproxy - keepalived register: container_facts - name: Group hosts by whether they are running keepalived group_by: key: "keepalived_running_{{ container_facts['keepalived'] is defined }}" changed_when: false when: - enable_keepalived | bool - inventory_hostname in groups['loadbalancer'] - name: Group hosts by whether they are running HAProxy group_by: key: "haproxy_running_{{ container_facts['haproxy'] is defined }}" changed_when: false when: - enable_haproxy | bool - inventory_hostname in groups['loadbalancer'] - name: Set facts about whether we can run HAProxy and keepalived VIP prechecks vars: # NOTE(mgoddard): We can only reliably run this precheck if all hosts in # the haproxy group are included in the batch. This may not be the case if # using --limit or --serial. all_hosts_in_batch: "{{ groups['loadbalancer'] | difference(ansible_play_batch) | list | length == 0 }}" set_fact: keepalived_vip_prechecks: "{{ all_hosts_in_batch and groups['keepalived_running_True'] is not defined }}" haproxy_vip_prechecks: "{{ all_hosts_in_batch and groups['haproxy_running_True'] is not defined }}" - name: Checking if external haproxy certificate exists run_once: true stat: path: "{{ kolla_external_fqdn_cert }}" delegate_to: localhost register: haproxy_cert_file changed_when: false when: - not kolla_externally_managed_cert | bool - kolla_enable_tls_external | bool - name: Fail if external haproxy certificate is absent run_once: true fail: msg: "External haproxy certificate file is not found. It is configured via 'kolla_external_fqdn_cert'" when: - not kolla_externally_managed_cert | bool - kolla_enable_tls_external | bool - not haproxy_cert_file.stat.exists - name: Checking if internal haproxy certificate exists run_once: true stat: path: "{{ kolla_internal_fqdn_cert }}" delegate_to: localhost register: haproxy_internal_cert_file changed_when: false when: - not kolla_externally_managed_cert | bool - kolla_enable_tls_internal | bool - name: Fail if internal haproxy certificate is absent run_once: true fail: msg: "Internal haproxy certificate file is not found. It is configured via 'kolla_internal_fqdn_cert'" when: - not kolla_externally_managed_cert | bool - kolla_enable_tls_internal | bool - not haproxy_internal_cert_file.stat.exists - name: Checking the kolla_external_vip_interface is present fail: "msg='Please check the kolla_external_vip_interface property - interface {{ kolla_external_vip_interface }} not found'" when: - haproxy_enable_external_vip | bool - kolla_external_vip_interface not in ansible_facts.interfaces - name: Checking the kolla_external_vip_interface is active fail: "msg='Please check the kolla_external_vip_interface settings - interface {{ kolla_external_vip_interface }} is not active'" when: - haproxy_enable_external_vip | bool - not hostvars[inventory_hostname].ansible_facts[kolla_external_vip_interface]['active'] - name: Checking if kolla_internal_vip_address and kolla_external_vip_address are not pingable from any node command: "{{ item.command }} -c 3 {{ item.address }}" register: ping_output changed_when: false failed_when: ping_output.rc != 1 with_items: - address: "{{ kolla_internal_vip_address }}" command: "{{ 'ping' if kolla_internal_vip_address|ipv4 else 'ping6' }}" - address: "{{ kolla_external_vip_address }}" command: "{{ 'ping' if kolla_external_vip_address|ipv4 else 'ping6' }}" when: - enable_keepalived | bool - keepalived_vip_prechecks - enable_haproxy | bool - name: Checking free port for HAProxy stats wait_for: host: "{{ api_interface_address }}" port: "{{ haproxy_stats_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_haproxy | bool - container_facts['haproxy'] is not defined - inventory_hostname in groups['loadbalancer'] - name: Checking free port for HAProxy monitor (api interface) wait_for: host: "{{ api_interface_address }}" port: "{{ haproxy_monitor_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_haproxy | bool - container_facts['haproxy'] is not defined - inventory_hostname in groups['loadbalancer'] - name: Checking free port for HAProxy monitor (vip interface) wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ haproxy_monitor_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_haproxy | bool - haproxy_vip_prechecks - inventory_hostname in groups['loadbalancer'] - api_interface_address != kolla_internal_vip_address # FIXME(yoctozepto): this req seems arbitrary, they need not be, just routable is fine - name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes become: true command: ip -o addr show dev {{ api_interface }} register: ip_addr_output changed_when: false failed_when: >- ( ip_addr_output is failed or kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none) when: - enable_haproxy | bool - enable_keepalived | bool - container_facts['keepalived'] is not defined - inventory_hostname in groups['loadbalancer'] - name: Getting haproxy stat shell: echo "show stat" | docker exec -i haproxy socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio # noqa 306 register: haproxy_stat_shell changed_when: false failed_when: false when: container_facts['haproxy'] is defined - name: Setting haproxy stat fact set_fact: haproxy_stat: "{{ haproxy_stat_shell.stdout|default('') }}" - name: Checking free port for Aodh API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ aodh_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_aodh | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('aodh_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Barbican API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ barbican_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_barbican | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('barbican_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Blazar API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ blazar_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_blazar | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('blazar_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Ceph RadosGW HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ ceph_rgw_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_ceph_rgw | bool - enable_ceph_rgw_loadbalancer | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('radosgw') == -1 - haproxy_vip_prechecks - name: Checking free port for Cinder API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ cinder_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_cinder | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('cinder_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Cloudkitty API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ cloudkitty_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_cloudkitty | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('cloudkitty_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Cyborg API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ cyborg_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_cyborg | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('cyborg_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Designate API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ designate_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_designate | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('designate_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Elasticsearch HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ elasticsearch_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_elasticsearch | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('elasticsearch') == -1 - haproxy_vip_prechecks - name: Checking free port for Glance API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ glance_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_glance | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('glance_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Gnocchi API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ gnocchi_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_gnocchi | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('gnocchi_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Freezer API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ freezer_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_freezer | bool - haproxy_stat.find('freezer_api') == -1 - inventory_hostname in groups['loadbalancer'] - haproxy_vip_prechecks - name: Checking free port for Grafana server HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ grafana_server_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_grafana | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('grafana_server') == -1 - haproxy_vip_prechecks - name: Checking free port for Heat API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ heat_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_heat | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('heat_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Heat API CFN HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ heat_api_cfn_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_heat | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('heat_api_cfn') == -1 - haproxy_vip_prechecks - name: Checking free port for Horizon HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ horizon_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_horizon | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('horizon') == -1 - haproxy_vip_prechecks - name: Checking free port for Ironic API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ ironic_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_ironic | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('ironic_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Ironic Inspector HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ ironic_inspector_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_ironic | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('ironic_inspector') == -1 - haproxy_vip_prechecks - name: Checking free port for Keystone Admin HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ keystone_admin_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_keystone | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('keystone_admin') == -1 - haproxy_vip_prechecks - name: Checking free port for Keystone Internal HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ keystone_public_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_keystone | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('keystone_internal') == -1 - haproxy_vip_prechecks - name: Checking free port for Keystone Public HAProxy wait_for: host: "{{ kolla_external_vip_address }}" port: "{{ keystone_public_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - haproxy_enable_external_vip | bool - enable_keystone | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('keystone_external') == -1 - haproxy_vip_prechecks - name: Checking free port for Kibana HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ kibana_server_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_kibana | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('kibana') == -1 - haproxy_vip_prechecks - name: Checking free port for Magnum API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ magnum_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_magnum | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('magnum_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Manila API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ manila_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_manila | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('manila_api') == -1 - haproxy_vip_prechecks - name: Checking free port for MariaDB HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ database_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_mariadb | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('mariadb') == -1 - haproxy_vip_prechecks - name: Checking free port for Masakari API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ masakari_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_masakari | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('masakari_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Mistral API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ mistral_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_mistral | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('mistral_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Monasca API internal HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ monasca_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_monasca | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('monasca_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Monasca API public HAProxy wait_for: host: "{{ kolla_external_vip_address }}" port: "{{ monasca_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - haproxy_enable_external_vip | bool - enable_monasca | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('monasca_api_external') == -1 - haproxy_vip_prechecks - name: Checking free port for Monasca Log API internal HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ monasca_log_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_monasca | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('monasca_log_api') == -1 - haproxy_vip_prechecks - monasca_log_api_port != monasca_api_port - name: Checking free port for Monasca Log API public HAProxy wait_for: host: "{{ kolla_external_vip_address }}" port: "{{ monasca_log_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - haproxy_enable_external_vip | bool - enable_monasca | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('monasca_log_api_external') == -1 - haproxy_vip_prechecks - monasca_log_api_port != monasca_api_port - name: Checking free port for Murano API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ murano_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_murano | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('murano_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Neutron Server HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ neutron_server_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_neutron | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('neutron_server') == -1 - haproxy_vip_prechecks - name: Checking free port for Nova API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ nova_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('nova_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Nova Metadata HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ nova_metadata_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('nova_metadata') == -1 - haproxy_vip_prechecks - name: Checking free port for Nova NoVNC HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ nova_novncproxy_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - nova_console == 'novnc' - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('nova_novncproxy') == -1 - haproxy_vip_prechecks - name: Checking free port for Nova Serial Proxy HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ nova_serialproxy_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - haproxy_stat.find('nova_serialconsole_proxy') == -1 - enable_nova_serialconsole_proxy | bool - inventory_hostname in groups['loadbalancer'] - haproxy_vip_prechecks - name: Checking free port for Nova Spice HTML5 HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ nova_spicehtml5proxy_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - nova_console == 'spice' - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('nova_spicehtml5proxy') == -1 - haproxy_vip_prechecks - name: Checking free port for Nova Placement API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ placement_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_nova | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('placement_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Octavia API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ octavia_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_octavia | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('octavia_api') == -1 - haproxy_vip_prechecks - name: Checking free port for RabbitMQ Management HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ rabbitmq_management_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_rabbitmq | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('rabbitmq_management') == -1 - haproxy_vip_prechecks - name: Checking free port for outward RabbitMQ Management HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ outward_rabbitmq_management_port }}" connect_timeout: 1 state: stopped when: - enable_outward_rabbitmq | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('outward_rabbitmq_management') == -1 - haproxy_vip_prechecks - name: Checking free port for Sahara API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ sahara_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_sahara | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('sahara_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Senlin API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ senlin_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_senlin | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('senlin_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Solum Application Deployment HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ solum_application_deployment_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_solum | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('solum_application_deployment') == -1 - haproxy_vip_prechecks - name: Checking free port for Solum Image Builder HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ solum_image_builder_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_solum | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('solum_image_builder') == -1 - haproxy_vip_prechecks - name: Checking free port for Swift Proxy Server HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ swift_proxy_server_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_swift | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('swift_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Tacker Server HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ tacker_server_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_tacker | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('tacker_server') == -1 - haproxy_vip_prechecks - name: Checking free port for Trove API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ trove_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_trove | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('trove_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Watcher API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ watcher_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_watcher | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('watcher_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Zun API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ zun_api_port }}" connect_timeout: 1 timeout: 1 state: stopped when: - enable_zun | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('zun_api') == -1 - haproxy_vip_prechecks - name: Checking free port for Vitrage API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ vitrage_api_port }}" connect_timeout: 1 state: stopped when: - enable_vitrage | bool - inventory_hostname in groups['loadbalancer'] - haproxy_stat.find('vitrage_api') == -1 - haproxy_vip_prechecks