Merge "Add options to override which addresses haproxy binds to"

defaults/main.yml

@@ -130,6 +130,12 @@ extra_lb_vip_addresses: []
 # Add extra TLS VIPs to all services
 extra_lb_tls_vip_addresses: []
 
+# Option to override which address haproxy binds to for external vip.
+haproxy_bind_external_lb_vip_address: "{{ external_lb_vip_address }}"
+
+# Option to override which address haproxy binds to for internal vip.
+haproxy_bind_internal_lb_vip_address: "{{ internal_lb_vip_address }}"
+
 # Make the log socket available to the chrooted filesystem
 haproxy_log_socket: "/dev/log"
 haproxy_log_mount_point: "/var/lib/haproxy/dev/log"

doc/source/configure-haproxy.rst

@@ -236,6 +236,22 @@ defined in the ``user_variables.yml`` file:
      - 10.0.0.10
      - 192.168.0.10
 
+Overriding the address haproxy will bind to
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In some cases you may want to override the default of having haproxy
+bind to the addresses specified in ``external_lb_vip_address`` and
+``internal_lb_vip_address``. For example if those are hostnames and you
+want haproxy to bind to IP addresses while preserving the names for TLS-
+certificates and endpoint URIs.
+
+This can be set in the ``user_variables.yml`` file:
+
+.. code-block:: yaml
+
+   haproxy_bind_external_lb_vip_address: 10.0.0.10
+   haproxy_bind_internal_lb_vip_address: 192.168.0.10
+
 Adding Access Control Lists to HAProxy front end
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

templates/service.j2

@@ -12,9 +12,9 @@
   {% set haproxy_check_port = item.service.haproxy_check_port %}
 {% endif -%}
 
-{% set vip_binds = [external_lb_vip_address] -%}
+{% set vip_binds = [haproxy_bind_external_lb_vip_address] -%}
-{%- if internal_lb_vip_address not in vip_binds %}
+{%- if haproxy_bind_internal_lb_vip_address not in vip_binds %}
-  {% set _ = vip_binds.append(internal_lb_vip_address) %}
+  {% set _ = vip_binds.append(haproxy_bind_internal_lb_vip_address) %}
 {% endif -%}
 
 {% for vip_address in extra_lb_vip_addresses %}