Rename haproxy_tls_vip_binds to haproxy_vip_binds

Effectively haproxy_tls_vip_binds was influencing not only TLS-related
binds but also non-TLS ones. It's naming was picked in a misleading way
from start, as a lot of logic for the variable was around TLS
implementation. Though it has a global effect and this should be
reflected in it's name.

Change-Id: I2f28d0ab033eff96cc2bc09db917bedb387013e8
This commit is contained in:
Dmitriy Rabotyagov 2024-11-10 17:18:04 +01:00
parent 8018155a3d
commit 7e4ecd10b3
5 changed files with 14 additions and 7 deletions

@ -287,13 +287,13 @@ haproxy_bind_internal_lb_vip_interface:
# Option to override haproxy frontend binds
# Example:
# haproxy_tls_vip_binds:
# haproxy_vip_binds:
# - address: '*'
# interface: bond0
# - address: '192.168.0.10'
# pki_san_records:
# - internal.cloud
haproxy_tls_vip_binds: "{{ _haproxy_tls_vip_binds }}"
haproxy_vip_binds: "{{ haproxy_tls_vip_binds | default(_haproxy_vip_binds) }}"
# Make the log socket available to the chrooted filesystem
haproxy_log_socket: "/dev/log"

@ -21,7 +21,7 @@
item_interface: "{{ item['interface'] | default('') }}"
item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item_interface, item['address']) }}"
item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
with_items: "{{ haproxy_tls_vip_binds }}"
with_items: "{{ haproxy_vip_binds }}"
listen:
- haproxy cert installed

@ -0,0 +1,7 @@
---
deprecations:
- |
Variable ``haproxy_tls_vip_binds`` has been renamed to
``haproxy_vip_binds`` to better reflect variable purpose.
Old variable name is still respected but it's usage is
descouraged and old naming will be removed in the future.

@ -15,7 +15,7 @@
{% if service.haproxy_bind is defined %}
{% set vip_binds = service.haproxy_bind %}
{% else %}
{% set vip_binds = haproxy_tls_vip_binds + extra_lb_vip_addresses %}
{% set vip_binds = haproxy_vip_binds + extra_lb_vip_addresses %}
{% endif %}
{% if not service.haproxy_backend_only | default(false) %}

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
_haproxy_tls_vip_binds: |
_haproxy_vip_binds: |
{% set vip_binds = [{'address': haproxy_bind_external_lb_vip_address, 'interface': haproxy_bind_external_lb_vip_interface}] %}
{% if haproxy_bind_internal_lb_vip_address != haproxy_bind_external_lb_vip_address or
haproxy_bind_external_lb_vip_interface != haproxy_bind_internal_lb_vip_interface %}
@ -26,7 +26,7 @@ _haproxy_tls_vip_binds: |
_haproxy_pki_certificates: |
{% set _pki_certs = [] %}
{% for vip in haproxy_tls_vip_binds %}
{% for vip in haproxy_vip_binds %}
{% set _vip_interface = vip['interface'] | default('') %}
{% set san = ['DNS:' ~ ansible_facts['hostname'], 'DNS:' ~ ansible_facts['fqdn']] %}
{% if vip['address'] != '*' %}
@ -55,7 +55,7 @@ _haproxy_pki_certificates: |
_haproxy_pki_install_certificates: |
{% set _pki_install = [] %}
{% for vip in haproxy_tls_vip_binds %}
{% for vip in haproxy_vip_binds %}
{% set _vip_interface = vip['interface'] | default('') %}
{% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(
vip['address'] ~ '-' ~ _vip_interface, vip['address'])