From 049b479b65a700815bd4bbec165e72e33a8fe627 Mon Sep 17 00:00:00 2001
From: Magnus Bergman <mb@citynetwork.se>
Date: Mon, 2 Mar 2020 13:48:43 +0100
Subject: [PATCH] Add options to override which addresses haproxy binds to

Adding options to be able to override the default behaviour of
haproxy binding to external_lb_vip_address and internal_lb_vip_address.

The default behaviour stays the same after this change.

Change-Id: I76044aea498d73e97087719279ba0a37a9eb28e9
---
 defaults/main.yml                |  6 ++++++
 doc/source/configure-haproxy.rst | 16 ++++++++++++++++
 templates/service.j2             |  6 +++---
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 7b7c199..596b026 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -130,6 +130,12 @@ extra_lb_vip_addresses: []
 # Add extra TLS VIPs to all services
 extra_lb_tls_vip_addresses: []
 
+# Option to override which address haproxy binds to for external vip.
+haproxy_bind_external_lb_vip_address: "{{ external_lb_vip_address }}"
+
+# Option to override which address haproxy binds to for internal vip.
+haproxy_bind_internal_lb_vip_address: "{{ internal_lb_vip_address }}"
+
 # Make the log socket available to the chrooted filesystem
 haproxy_log_socket: "/dev/log"
 haproxy_log_mount_point: "/var/lib/haproxy/dev/log"
diff --git a/doc/source/configure-haproxy.rst b/doc/source/configure-haproxy.rst
index 57128df..3897839 100644
--- a/doc/source/configure-haproxy.rst
+++ b/doc/source/configure-haproxy.rst
@@ -236,6 +236,22 @@ defined in the ``user_variables.yml`` file:
      - 10.0.0.10
      - 192.168.0.10
 
+Overriding the address haproxy will bind to
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In some cases you may want to override the default of having haproxy
+bind to the addresses specified in ``external_lb_vip_address`` and
+``internal_lb_vip_address``. For example if those are hostnames and you
+want haproxy to bind to IP addresses while preserving the names for TLS-
+certificates and endpoint URIs.
+
+This can be set in the ``user_variables.yml`` file:
+
+.. code-block:: yaml
+
+   haproxy_bind_external_lb_vip_address: 10.0.0.10
+   haproxy_bind_internal_lb_vip_address: 192.168.0.10
+
 Adding Access Control Lists to HAProxy front end
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/templates/service.j2 b/templates/service.j2
index e381897..4bf34a2 100644
--- a/templates/service.j2
+++ b/templates/service.j2
@@ -12,9 +12,9 @@
   {% set haproxy_check_port = item.service.haproxy_check_port %}
 {% endif -%}
 
-{% set vip_binds = [external_lb_vip_address] -%}
-{%- if internal_lb_vip_address not in vip_binds %}
-  {% set _ = vip_binds.append(internal_lb_vip_address) %}
+{% set vip_binds = [haproxy_bind_external_lb_vip_address] -%}
+{%- if haproxy_bind_internal_lb_vip_address not in vip_binds %}
+  {% set _ = vip_binds.append(haproxy_bind_internal_lb_vip_address) %}
 {% endif -%}
 
 {% for vip_address in extra_lb_vip_addresses %}