1 heat_template_version: pike
4 HAproxy service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
30 description: Password for HAProxy stats endpoint
34 description: User for HAProxy stats endpoint
39 description: Syslog address where HAproxy will send its log
42 description: The password for Redis
45 MonitoringSubscriptionHaproxy:
46 default: 'overcloud-haproxy'
49 default: '/etc/ipa/ca.crt'
51 description: Specifies the default CA cert to use if TLS is used for
52 services in the internal network.
57 type: OS::TripleO::Services::HAProxyPublicTLS
59 ServiceNetMap: {get_param: ServiceNetMap}
60 DefaultPasswords: {get_param: DefaultPasswords}
61 EndpointMap: {get_param: EndpointMap}
62 RoleName: {get_param: RoleName}
63 RoleParameters: {get_param: RoleParameters}
66 type: OS::TripleO::Services::HAProxyInternalTLS
68 ServiceNetMap: {get_param: ServiceNetMap}
69 DefaultPasswords: {get_param: DefaultPasswords}
70 EndpointMap: {get_param: EndpointMap}
71 RoleName: {get_param: RoleName}
72 RoleParameters: {get_param: RoleParameters}
76 description: Role data for the HAproxy role.
79 monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
82 - get_attr: [HAProxyPublicTLS, role_data, config_settings]
83 - get_attr: [HAProxyInternalTLS, role_data, config_settings]
84 - tripleo.haproxy.firewall_rules:
87 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
88 tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
89 tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
90 tripleo::haproxy::redis_password: {get_param: RedisPassword}
91 tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
92 tripleo::profile::base::haproxy::certificates_specs:
94 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
95 - get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
97 include ::tripleo::profile::base::haproxy
99 - name: Check if haproxy is deployed
100 command: systemctl is-enabled haproxy
103 register: haproxy_enabled
104 - name: "PreUpgrade step0,validation: Check service haproxy is running"
105 shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
106 when: haproxy_enabled.rc == 0
107 tags: step0,validation
108 - name: Stop haproxy service
110 when: haproxy_enabled.rc == 0
111 service: name=haproxy state=stopped
112 - name: Start haproxy service
113 tags: step4 # Needed at step 4 for mysql
114 when: haproxy_enabled.rc == 0
115 service: name=haproxy state=started
118 - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
119 - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}