openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes

Use management address when available

Browse Source 
In case of defining different IP address for SSH and Management
network in metal scenario, as described in [1], you get SSH address
defined as `ansible_host`, which results in HAProxy configuring
backends on SSH address rather then management one, where
service is actually listening.

We use `ansible_host` as a fallback for non-OSA usage of the role.

[1] https://docs.openstack.org/openstack-ansible/latest/reference/inventory/configure-inventory.html#having-ssh-network-different-from-openstack-management-network

Change-Id: Id35480d5d0cf6316e31fe1b287421bfb56e20685
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
This commit is contained in:
Dmitriy Rabotyagov
2025-06-27 20:56:31 +02:00
parent 4ba235fc58
commit eaa81c11fc
3 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@@ -215,7 +215,7 @@ haproxy_ssl_letsencrypt_enable: false
haproxy_ssl_letsencrypt_certbot_binary: "certbot"
haproxy_ssl_letsencrypt_certbot_backend_port: 8888
haproxy_ssl_letsencrypt_pre_hook_timeout: 5
haproxy_ssl_letsencrypt_certbot_bind_address: "{{ ansible_host }}"
haproxy_ssl_letsencrypt_certbot_bind_address: "{{ management_address | default(ansible_host) }}"
haproxy_ssl_letsencrypt_certbot_challenge: "http-01"
haproxy_ssl_letsencrypt_email: "example@example.com"
haproxy_ssl_letsencrypt_config_path: "/etc/letsencrypt/live"

10
releasenotes/notes/certbot_bind_address_is_management-ccc23e9ca30f4688.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
upgrade:
- |
Default value of ``haproxy_ssl_letsencrypt_certbot_bind_address`` has
changed from ``ansible_host``, which could vary based on the deployment
scenario, to ``management_address``, which will be set to the IP of the
management network.
The fallback to ``ansible_host`` is present to avoid failures when
``management_address`` is not defined.

4
templates/service.j2
View File

@@ -132,7 +132,7 @@ backend {{ service.haproxy_service_name }}-back
{% for host_name in service.haproxy_backend_nodes %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %}
{% set __host_name = host_name.name | default(host_name) | string %}
{% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
{% set __check_port = host_name.check_port | default(haproxy_check_port) | string %}
@@ -180,7 +180,7 @@ backend {{ service.haproxy_service_name }}-back
{% endfor %}
{% for host_name in service.haproxy_backup_nodes | default([]) %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %}
{% set __host_name = host_name.name | default(host_name) | string %}
{% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
{% set __check_port = host_name.check_port | default(haproxy_check_port) | string %}