1 heat_template_version: pike
4 HAproxy service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
34 description: Password for HAProxy stats endpoint
38 description: User for HAProxy stats endpoint
43 description: Syslog address where HAproxy will send its log
47 description: Whether or not to enable the HAProxy stats interface.
50 description: The password for Redis
53 MonitoringSubscriptionHaproxy:
54 default: 'overcloud-haproxy'
57 default: '/etc/ipa/ca.crt'
59 description: Specifies the default CA cert to use if TLS is used for
60 services in the internal network.
61 InternalTLSCRLPEMFile:
62 default: '/etc/pki/CA/crl/overcloud-crl.pem'
64 description: Specifies the default CRL PEM file to use for revocation if
65 TLS is used for services in the internal network.
70 type: OS::TripleO::Services::HAProxyPublicTLS
72 ServiceNetMap: {get_param: ServiceNetMap}
73 DefaultPasswords: {get_param: DefaultPasswords}
74 EndpointMap: {get_param: EndpointMap}
75 RoleName: {get_param: RoleName}
76 RoleParameters: {get_param: RoleParameters}
79 type: OS::TripleO::Services::HAProxyInternalTLS
81 ServiceNetMap: {get_param: ServiceNetMap}
82 DefaultPasswords: {get_param: DefaultPasswords}
83 EndpointMap: {get_param: EndpointMap}
84 RoleName: {get_param: RoleName}
85 RoleParameters: {get_param: RoleParameters}
89 description: Role data for the HAproxy role.
92 monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
95 - get_attr: [HAProxyPublicTLS, role_data, config_settings]
96 - get_attr: [HAProxyInternalTLS, role_data, config_settings]
97 - tripleo.haproxy.firewall_rules:
100 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
101 tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
102 tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
103 tripleo::haproxy::redis_password: {get_param: RedisPassword}
104 tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
105 tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
106 tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
107 enable_load_balancer: {get_param: EnableLoadBalancer}
108 tripleo::profile::base::haproxy::certificates_specs:
110 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
111 - get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
113 include ::tripleo::profile::base::haproxy
115 - name: Check if haproxy is deployed
116 command: systemctl is-enabled haproxy
119 register: haproxy_enabled
120 - name: "PreUpgrade step0,validation: Check service haproxy is running"
121 shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
122 when: haproxy_enabled.rc == 0
123 tags: step0,validation
124 - name: Stop haproxy service
126 when: haproxy_enabled.rc == 0
127 service: name=haproxy state=stopped
128 - name: Start haproxy service
129 tags: step4 # Needed at step 4 for mysql
130 when: haproxy_enabled.rc == 0
131 service: name=haproxy state=started
134 - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
135 - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}