diff --git a/defaults/main.yml b/defaults/main.yml index 12ea063..8c0ada0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -215,7 +215,7 @@ haproxy_ssl_letsencrypt_enable: false haproxy_ssl_letsencrypt_certbot_binary: "certbot" haproxy_ssl_letsencrypt_certbot_backend_port: 8888 haproxy_ssl_letsencrypt_pre_hook_timeout: 5 -haproxy_ssl_letsencrypt_certbot_bind_address: "{{ ansible_host }}" +haproxy_ssl_letsencrypt_certbot_bind_address: "{{ management_address | default(ansible_host) }}" haproxy_ssl_letsencrypt_certbot_challenge: "http-01" haproxy_ssl_letsencrypt_email: "example@example.com" haproxy_ssl_letsencrypt_config_path: "/etc/letsencrypt/live" diff --git a/releasenotes/notes/certbot_bind_address_is_management-ccc23e9ca30f4688.yaml b/releasenotes/notes/certbot_bind_address_is_management-ccc23e9ca30f4688.yaml new file mode 100644 index 0000000..350e97a --- /dev/null +++ b/releasenotes/notes/certbot_bind_address_is_management-ccc23e9ca30f4688.yaml @@ -0,0 +1,10 @@ +--- + +upgrade: + - | + Default value of ``haproxy_ssl_letsencrypt_certbot_bind_address`` has + changed from ``ansible_host``, which could vary based on the deployment + scenario, to ``management_address``, which will be set to the IP of the + management network. + The fallback to ``ansible_host`` is present to avoid failures when + ``management_address`` is not defined. diff --git a/templates/service.j2 b/templates/service.j2 index 4495713..42396d9 100644 --- a/templates/service.j2 +++ b/templates/service.j2 @@ -132,7 +132,7 @@ backend {{ service.haproxy_service_name }}-back {% for host_name in service.haproxy_backend_nodes %} -{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %} +{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %} {% set __host_name = host_name.name | default(host_name) | string %} {% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %} {% set __check_port = host_name.check_port | default(haproxy_check_port) | string %} @@ -180,7 +180,7 @@ backend {{ service.haproxy_service_name }}-back {% endfor %} {% for host_name in service.haproxy_backup_nodes | default([]) %} -{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %} +{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['management_address'] | default(hostvars[host_name]['ansible_host'])) %} {% set __host_name = host_name.name | default(host_name) | string %} {% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %} {% set __check_port = host_name.check_port | default(haproxy_check_port) | string %}