64054e4cad
According to the docs [1], there is an ability for HAProxy to bind specifically on IP-address, "while preserving the names for TLS- certificates and endpoint URIs". For internal endpoint this supposed to be done by setting `internal_lb_vip_address` and `haproxy_bind_internal_lb_vip_address` but was broken due to the fact that for: * `haproxy_galera_service` * `haproxy_opendaylight_neutron_service` * `haproxy_opendaylight_websocket_service` * `haproxy_nova_api_metadata_service` * `haproxy_rabbitmq_service` * `haproxy_repo_service` `haproxy_bind` was explicitly set to `[internal_lb_vip_address]` and overriding `haproxy_bind_internal_lb_vip_address` would result in wrong certificate paths (with FQDN in names, which does not exist) for these frontends. [1] https://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#overriding-the-address-haproxy-will-bind-to Change-Id: I92953a14dd311a60b169165c5a8e61dd98466033
58 lines
2.9 KiB
YAML
58 lines
2.9 KiB
YAML
---
|
|
# Copyright 2023, Cleura AB
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
haproxy_opendaylight_allowlist_networks: "{{ haproxy_allowlist_networks }}"
|
|
|
|
haproxy_neutron_server_service:
|
|
haproxy_service_name: neutron_server
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_port: 9696
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}"
|
|
haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
|
haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
|
haproxy_service_enabled: "{{ groups['neutron_server'] is defined and groups['neutron_server'] | length > 0 }}"
|
|
|
|
haproxy_opendaylight_neutron_service:
|
|
haproxy_service_name: opendaylight-neutron
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [haproxy_bind_internal_lb_vip_address | default(internal_lb_vip_address)] }}"
|
|
haproxy_port: 8180
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
|
|
haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
|
|
|
|
haproxy_opendaylight_websocket_service:
|
|
haproxy_service_name: opendaylight-websocket
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [haproxy_bind_internal_lb_vip_address | default(internal_lb_vip_address)] }}"
|
|
haproxy_port: 8185
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
|
|
haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
|
|
|
|
neutron_haproxy_services:
|
|
- "{{ haproxy_neutron_server_service | combine(haproxy_neutron_server_service_overrides | default({})) }}"
|
|
- "{{ haproxy_opendaylight_neutron_service | combine(haproxy_opendaylight_neutron_service_overrides | default({})) }}"
|
|
- "{{ haproxy_opendaylight_websocket_service | combine(haproxy_opendaylight_websocket_service_overrides | default({})) }}"
|