openstack-ansible-os_skyline/vars/main.yml

---
# Copyright 2022, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

_skyline_is_first_play_host: >-
  {{
    (skyline_services['skyline-api']['group'] in group_names and inventory_hostname == (
      groups[skyline_services['skyline-api']['group']] | select('in', ansible_play_hosts)) | first) | bool
  }}

skyline_package_list: "{{ skyline_distro_packages }}"

# Compile a list of the services on a host based on whether
# the host is in the host group and the service is enabled.
# The service list is provided in the defined start order.
filtered_skyline_services: |-
  {% set services = [] %}
  {% for key, value in skyline_services.items() %}
  {%   set _ = value.update({'service_key': key}) %}
  {%   set _ = services.append(value) %}
  {% endfor %}
  {{ services | sort(attribute='start_order') }}

skyline_service_mapping:
  baremetal: ironic
  compute: nova
  container: zun
  container-infra: magnum
  database: trove
  dns: designate
  identity: keystone
  image: glance
  instance-ha: masakari
  key-manager: barbican
  load-balancer: octavia
  network: neutron
  object-store: swift
  orchestration: heat
  placement: placement
  sharev2: manilav2
  block-storage: cinder

_skyline_default_locations:
  - path: /api/openstack/skyline/
    options:
      - ProxyPass http://127.0.0.1:8443/
      - ProxyPassReverse Off
      - ProxyPreserveHost On
  - path: /api/v1/
    options:
      - ProxyPass http://127.0.0.1:8443/
      - ProxyPassReverse Off
      - ProxyPreserveHost On

_skyline_service_locations: |-
  {% set locations = [] %}
  {% for endpoint in openstack_service_endpoints %}
  {%   set _region = endpoint["Region"] | lower %}
  {%   set _type = (endpoint["Service Type"] | lower) %}
  {%   set _url = endpoint["URL"] | urlsplit %}
  {%   if _type in skyline_service_mapping %}
  {%     set _service = skyline_service_mapping[_type] %}
  {%     set _ = locations.append({
           'path': '/api/openstack/' ~ _region ~ '/' ~ _service ~ '/',
           'options': [
             'ProxyPass ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/ flushpackets=on',
             'ProxyPassReverse ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/',
             'ProxyPreserveHost On'
           ]
         })
  %}
  {%   endif %}
  {% endfor %}
  {{ locations }}

_skyline_proxy_ssl_options:
  - "SSLProxyEngine On"
  - "SSLProxyCheckPeerName off"
  - "SSLProxyProtocol {{ skyline_ssl_protocol }}"
  - "{{ skyline_ssl_cipher_suite_tls12 | ternary('SSLProxyCipherSuite '  ~ skyline_ssl_cipher_suite_tls12, '') }}"
  - "{{ skyline_ssl_cipher_suite_tls13 | ternary('SSLProxyCipherSuite TLSv1.3 ' ~ skyline_ssl_cipher_suite_tls13, '') }}"

_skyline_httpd_vhost_ssl: |-
  {% set ssl_options = {} %}
  {% if (skyline_user_ssl_cert is defined and skyline_user_ssl_cert) and (skyline_user_ssl_key is defined and skyline_user_ssl_key) %}
  {%   set _ = ssl_options.update({'cert': skyline_user_ssl_cert, 'key': skyline_user_ssl_key}) %}
  {%   if skyline_user_ssl_ca_cert is defined and skyline_user_ssl_ca_cert %}
  {%     set _ = ssl_options.update({'ca': skyline_user_ssl_ca_cert}) %}
  {%   endif %}
  {% else %}
  {%   set _ = ssl_options.update({'san': skyline_pki_san}) %}
  {% endif %}
  {{ ssl_options }}