Merge "Add options to override which addresses haproxy binds to"

openstack/openstack-ansible-haproxy_server

Code Issues Proposed changes

Browse Source

This commit is contained in:

Zuul

2020年03月02日 17:55:45 +00:00

committed by Gerrit Code Review

parent 35eec5482f 049b479b65

commit 805673e9e1

3 changed files with 25 additions and 3 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

6
defaults/main.yml

View File

@@ -130,6 +130,12 @@ extra_lb_vip_addresses: []

# Add extra TLS VIPs to all services

extra_lb_tls_vip_addresses:[]

# Option to override which address haproxy binds to for external vip.

haproxy_bind_external_lb_vip_address:"{{ external_lb_vip_address }}"

# Option to override which address haproxy binds to for internal vip.

haproxy_bind_internal_lb_vip_address:"{{ internal_lb_vip_address }}"

# Make the log socket available to the chrooted filesystem

haproxy_log_socket:"/dev/log"

haproxy_log_mount_point:"/var/lib/haproxy/dev/log"

16
doc/source/configure-haproxy.rst

View File

@@ -236,6 +236,22 @@ defined in the ``user_variables.yml`` file:

- 10.0.0.10

- 192.168.0.10

Overriding the address haproxy will bind to

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In some cases you may want to override the default of having haproxy

bind to the addresses specified in ``external_lb_vip_address`` and

``internal_lb_vip_address``. For example if those are hostnames and you

want haproxy to bind to IP addresses while preserving the names for TLS-

certificates and endpoint URIs.

This can be set in the ``user_variables.yml`` file:

.. code-block:: yaml

haproxy_bind_external_lb_vip_address:10.0.0.10

haproxy_bind_internal_lb_vip_address:192.168.0.10

Adding Access Control Lists to HAProxy front end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6
templates/service.j2

View File

@@ -12,9 +12,9 @@

{% set haproxy_check_port = item.service.haproxy_check_port %}

{% endif -%}

{% set vip_binds = [external_lb_vip_address] -%}

{%- if internal_lb_vip_address not in vip_binds %}

{% set _ = vip_binds.append(internal_lb_vip_address) %}

{% set vip_binds = [haproxy_bind_external_lb_vip_address] -%}

{%- if haproxy_bind_internal_lb_vip_address not in vip_binds %}

{% set _ = vip_binds.append(haproxy_bind_internal_lb_vip_address) %}

{% endif -%}

{% for vip_address in extra_lb_vip_addresses %}