Use management address when available

In case of defining different IP address for SSH and Management
network in metal scenario, as described in [1], you get SSH address
defined as `ansible_host`, which results in HAProxy configuring
backends on SSH address rather then management one, where
service is actually listening.

We use `ansible_host` as a fallback for non-OSA usage of the role.

[1] https://docs.openstack.org/openstack-ansible/latest/reference/inventory/configure-inventory.html#having-ssh-network-different-from-openstack-management-network

Change-Id: Id35480d5d0cf6316e31fe1b287421bfb56e20685
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

defaults/main.yml

@@ -215,7 +215,7 @@ haproxy_ssl_letsencrypt_enable: false
 haproxy_ssl_letsencrypt_certbot_binary: "certbot"
 haproxy_ssl_letsencrypt_certbot_backend_port: 8888
 haproxy_ssl_letsencrypt_pre_hook_timeout: 5
-haproxy_ssl_letsencrypt_certbot_bind_address: "{{ ansible_host }}"
+haproxy_ssl_letsencrypt_certbot_bind_address: "{{ management_address | default(ansible_host) }}"
 haproxy_ssl_letsencrypt_certbot_challenge: "http-01"
 haproxy_ssl_letsencrypt_email: "example@example.com"
 haproxy_ssl_letsencrypt_config_path: "/etc/letsencrypt/live"

releasenotes/notes/certbot_bind_address_is_management-ccc23e9ca30f4688.yaml

@@ -0,0 +1,10 @@
+---
+
+upgrade:
+  - |
+    Default value of ``haproxy_ssl_letsencrypt_certbot_bind_address`` has
+    changed from ``ansible_host``, which could vary based on the deployment
+    scenario, to ``management_address``, which will be set to the IP of the
+    management network.
+    The fallback to ``ansible_host`` is present to avoid failures when
+    ``management_address`` is not defined.

templates/service.j2

@@ -132,7 +132,7 @@ backend {{ service.haproxy_service_name }}-back
 
 
 {%   for host_name in service.haproxy_backend_nodes %}
-{%     set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
+{%     set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %}
 {%     set __host_name = host_name.name | default(host_name) | string %}
 {%     set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
 {%     set __check_port = host_name.check_port | default(haproxy_check_port) | string %}
@@ -180,7 +180,7 @@ backend {{ service.haproxy_service_name }}-back
 {%   endfor %}
 
 {%   for host_name in service.haproxy_backup_nodes | default([]) %}
-{%     set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
+{%     set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %}
 {%     set __host_name = host_name.name | default(host_name) | string %}
 {%     set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
 {%     set __check_port = host_name.check_port | default(haproxy_check_port) | string %}