Do not resolve all host_vars when haproxy_backend_node is a mapping 

We do allow to supply haproxy_backend_nodes as list of mappings rather
the regular list, which supports `ip_addr`, `name` and `backend_port` keys.
However, we do verify hostvars[host_name] and try to set ip_addr regardless
if this needed or not.
During hostvars[host_name] request Ansible tries to fetch all host variables
and resolve some of them, which not always can be possible or preffered
in some scenarios.
Good example of that would be Mozilla SOPS [1] encrypted variables for
specific host or group, which can not be decrypted by some operators.
In the meanwhile they can be eligible to configure haproxy frontend/backend
for this service. So we should have a way to avoid asking for specific
hostvars when it's not needed, and backend_nodes are already contain
all required information.
[1] https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html
Change-Id: I17a7f2421cd31b37bbda4f9c85971b1825e54891
This commit is contained in:
Dmitriy Rabotyagov
2024年03月21日 20:22:09 +01:00
parent 9a1c483381
commit 373b9bb0f2

View File

@@ -132,22 +132,23 @@ backend {{ service.haproxy_service_name }}-back
{% for host_name in service.haproxy_backend_nodes %}
{% if hostvars[host_name] is defined %}
{% set ip_addr = hostvars[host_name]['ansible_host'] %}
{% endif %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
{% set __host_name = host_name.name | default(host_name) | string %}
{% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
{% set __check_port = host_name.check_port | default(haproxy_check_port) | string %}
{% set entry = [] %}
{% set _ = entry.append("server") %}
{% set _ = entry.append((host_name.name | default(host_name)) | string) %}
{% set _ = entry.append((host_name.ip_addr | default(ip_addr)) + ":" + (host_name.backend_port | default(haproxy_backend_port)) | string) %}
{% set _ = entry.append(__host_name) %}
{% set _ = entry.append(__ip_addr + ":" + __backend_port) %}
{% set _ = entry.append("check") %}
{% set _ = entry.append("port") %}
{% set _ = entry.append(host_name.backend_port | default(haproxy_check_port) | string) %}
{% set _ = entry.append(__check_port) %}
{% set _ = entry.append("inter") %}
{% set _ = entry.append(service.interval | default(haproxy_interval) | string) %}
{% set _ = entry.append("rise") %}
{% set _ = entry.append(service.backend_rise | default(haproxy_rise | string)) %}
{% set _ = entry.append(service.backend_rise | default(haproxy_rise) | string) %}
{% set _ = entry.append("fall") %}
{% set _ = entry.append(service.backend_fall | default(haproxy_fall | string)) %}
{% set _ = entry.append(service.backend_fall | default(haproxy_fall) | string) %}
{% if service.haproxy_backend_ssl | default(False) %}
{% set _ = entry.append("ssl") %}
{% if service.haproxy_backend_ssl_check | default(service.haproxy_backend_ssl) %}
@@ -178,23 +179,24 @@ backend {{ service.haproxy_service_name }}-back
{{ entry | join(' ') }}
{% endfor %}
{% for host_name in service.haproxy_backup_nodes|default([]) %}
{% if hostvars[host_name] is defined %}
{% set ip_addr = hostvars[host_name]['ansible_host'] %}
{% endif %}
{% for host_name in service.haproxy_backup_nodes | default([]) %}
{% set __ip_addr = host_name.ip_addr | default(hostvars[host_name]['ansible_host']) %}
{% set __host_name = host_name.name | default(host_name) | string %}
{% set __backend_port = host_name.backend_port | default(haproxy_backend_port) | string %}
{% set __check_port = host_name.check_port | default(haproxy_check_port) | string %}
{% set entry = [] %}
{% set _ = entry.append("server") %}
{% set _ = entry.append((host_name.name | default(host_name)) | string) %}
{% set _ = entry.append((host_name.ip_addr | default(ip_addr)) + ":" + haproxy_backend_port | string) %}
{% set _ = entry.append(__host_name) %}
{% set _ = entry.append(__ip_addr + ":" + __backend_port) %}
{% set _ = entry.append("check") %}
{% set _ = entry.append("port") %}
{% set _ = entry.append(haproxy_check_port | string) %}
{% set _ = entry.append(__check_port) %}
{% set _ = entry.append("inter") %}
{% set _ = entry.append(haproxy_interval | string) %}
{% set _ = entry.append(service.interval | default(haproxy_interval) | string) %}
{% set _ = entry.append("rise") %}
{% set _ = entry.append(service.backup_rise|default(haproxy_rise | string)) %}
{% set _ = entry.append(service.backup_rise | default(haproxy_rise) | string) %}
{% set _ = entry.append("fall") %}
{% set _ = entry.append(service.backup_fall|default(haproxy_fall | string)) %}
{% set _ = entry.append(service.backup_fall | default(haproxy_fall) | string) %}
{% set _ = entry.append("backup") %}
{% if service.haproxy_backend_ssl | default(False) %}
{% set _ = entry.append("ssl") %}
Reference in New Issue
openstack/openstack-ansible-haproxy_server
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.

The note is not visible to the blocked user.