bc1291e2e3
This step appears to be unnecessary and was left over from
a time before the PKI role was called from within the HAProxy
role. See https://review.opendev.org/c/openstack/openstack-ansible/+/788031/3..4/tests/roles/bootstrap-host/files/user_variables_pki.yml
At present, the lack of a pki_dir variable in this step results
in writes to '/etc/pki' which requires elevated privileges.
Other than creating directories, the default variables do not
result in any certificates being generated in this step.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/811742/
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/813198
Change-Id: Id4228b8a587c22583bd0f9253665dcf58db88a5a
(cherry picked from commit 1c75669df4
)
57 lines
1.8 KiB
YAML
57 lines
1.8 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather haproxy facts
|
|
hosts: haproxy
|
|
gather_facts: "{{ osa_gather_facts | default(True) }}"
|
|
tags:
|
|
- always
|
|
|
|
- name: haproxy base config
|
|
hosts: haproxy
|
|
gather_facts: false
|
|
serial: "50%"
|
|
user: root
|
|
pre_tasks:
|
|
- include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
|
|
when: not is_metal
|
|
- include_tasks: common-tasks/unbound-clients.yml
|
|
when:
|
|
- hostvars['localhost']['resolvconf_enabled'] | bool
|
|
- name: Remove legacy haproxy configuration files
|
|
file:
|
|
dest: "/etc/haproxy/conf.d/{{ item.name }}"
|
|
state: "absent"
|
|
with_items:
|
|
- name: "keystone_internal"
|
|
when: "internal_lb_vip_address == external_lb_vip_address"
|
|
- name: "heat_api_cloudwatch"
|
|
when: "yes"
|
|
when:
|
|
- "item.when | bool"
|
|
tags:
|
|
- haproxy-config # this tag is present because the task is ONLY a config task
|
|
roles:
|
|
- role: "keepalived"
|
|
when: haproxy_use_keepalived | bool
|
|
tags:
|
|
- keepalived
|
|
- role: "haproxy_server"
|
|
haproxy_service_configs: "{{ haproxy_default_services + haproxy_extra_services|default([]) }}"
|
|
environment: "{{ deployment_environment_variables | default({}) }}"
|
|
tags:
|
|
- haproxy-config
|
|
- haproxy
|