diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml index 83998996a6..ef6639191b 100644 --- a/playbooks/inventory/group_vars/hosts.yml +++ b/playbooks/inventory/group_vars/hosts.yml @@ -226,3 +226,6 @@ swift_system_shell: /bin/bash swift_system_comment: swift system user swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" swift_service_region: "{{ service_region }}" + +## HAProxy +haproxy_bind_on_non_local: "{% if groups.haproxy_hosts[1] is defined and internal_lb_vip_address != external_lb_vip_address %}True{% else %}False{% endif %}" diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml index bab6861a15..161dab0ac2 100644 --- a/playbooks/roles/haproxy_server/defaults/main.yml +++ b/playbooks/roles/haproxy_server/defaults/main.yml @@ -67,6 +67,7 @@ haproxy_backup_nodes: [] # - "httplog" galera_monitoring_user: monitoring +haproxy_bind_on_non_local: False ## haproxy SSL haproxy_ssl: no diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml index 4226bdde56..9e78269ce1 100644 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml @@ -24,7 +24,7 @@ tags: - haproxy-apt-packages -- name: Install HAPRoxy Packages +- name: Install HAProxy Packages apt: pkg: "{{ item }}" state: latest diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml index 7bf26033f8..5105021aa7 100644 --- a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml @@ -13,6 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Make haproxy bindable on non local addresses + sysctl: + name: net.ipv4.ip_nonlocal_bind + value: 1 + sysctl_set: yes + state: present + when: haproxy_bind_on_non_local | bool + - name: Drop base haproxy config template: src: "{{ item }}"