Fix tripleo::haproxy::stats to be more correct and flexible

In this change we do three things:
1) We make the class parameter 'ip' also be a list so that multiple
   bind addresses are possible
2) We remove the hard coded 1993 and move it to a parameter
3) Instead of passing only the controller_virtual_ip as the only bind
   address on all controllers which makes no sense (see linked LP)
   we also bind to the IP specified in the hiera key
   'tripleo::haproxy::haproxy_stats_bind_address'.

Tested this change with the accompanying THT patch and correctly
got the haproxy stats on a custom network (internal_api and the
controller vip):

listen haproxy.stats
  bind fd00:fd00:fd00:2000::16:1993 transparent
  bind 192.168.24.15:1993 transparent
  mode http
  stats enable
  stats uri /
  stats auth admin:password

I did not remove the controller_virtual_ip binding as that might be
a breaking change for operators. We could think about deprecating it
and removing it eventually.

Related-Bug: #1830334
Change-Id: Iab5f11c3065ff34a3543621554e7f05161d069f2

manifests/haproxy.pp

@@ -113,6 +113,12 @@
 #  A string.
 #  Defaults to undef
 #
+# [*haproxy_stats_bind_address*]
+#  Bind address for where the haproxy stats web interface should listen on in addition
+#  to the controller_virtual_ip
+#  A string.or an array
+#  Defaults to undef
+#
 # [*service_certificate*]
 #  Filename of an HAProxy-compatible certificate and key file
 #  When set, enables SSL on the public API endpoints using the specified file.
@@ -601,6 +607,7 @@ class tripleo::haproxy (
   $haproxy_socket_access_level = 'user',
   $haproxy_stats_user          = 'admin',
   $haproxy_stats_password      = undef,
+  $haproxy_stats_bind_address  = undef,
   $manage_firewall             = hiera('tripleo::firewall::manage_firewall', true),
   $controller_hosts            = hiera('controller_node_ips'),
   $controller_hosts_names      = hiera('controller_node_names', undef),
@@ -886,9 +893,12 @@ class tripleo::haproxy (
     } else {
       $haproxy_stats_certificate_real = undef
     }
+    $haproxy_stats_ips_raw = union(any2array($controller_virtual_ip), any2array($haproxy_stats_bind_address))
+    $haproxy_stats_ips = delete_undef_values($haproxy_stats_ips_raw)
+
     class { '::tripleo::haproxy::stats':
       haproxy_listen_bind_param => $haproxy_listen_bind_param,
-      ip                        => $controller_virtual_ip,
+      ip                        => $haproxy_stats_ips,
       password                  => $haproxy_stats_password,
       certificate               => $haproxy_stats_certificate_real,
       user                      => $haproxy_stats_user,

manifests/haproxy/stats.pp

@@ -21,8 +21,12 @@
 #  A list of params to be added to the HAProxy listener bind directive.
 #
 # [*ip*]
-#  IP Address on which the stats interface is listening on. This right now
-#  assumes that it's in the ctlplane network.
+#  IP Address(es) on which the stats interface is listening on.
+#  Can be a string or a list of ip addresses
+#
+# [*port*]
+#  Port on which to listen to for haproxy stats web interface
+#  Defaults to '1993'
 #
 # [*password*]
 #  Password for haproxy stats authentication.  When set, authentication is
@@ -43,20 +47,19 @@
 class tripleo::haproxy::stats (
   $haproxy_listen_bind_param,
   $ip,
+  $port        = '1993',
   $password    = undef,
   $certificate = undef,
   $user        = 'admin'
 ) {
   if $certificate {
-    $haproxy_stats_bind_opts = {
-      "${ip}:1993" => union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate]),
-    }
+    $opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate])
   } else {
-    $haproxy_stats_bind_opts = {
-      "${ip}:1993" => $haproxy_listen_bind_param,
-    }
+    $opts = $haproxy_listen_bind_param
   }
 
+  $haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts)
+
   $stats_base = ['enable', 'uri /']
   if $password {
     $stats_config = union($stats_base, ["auth ${user}:${password}"])