1 heat_template_version: pike
4 HAproxy service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
22 description: Password for HAProxy stats endpoint
26 description: User for HAProxy stats endpoint
31 description: Syslog address where HAproxy will send its log
34 description: The password for Redis
37 MonitoringSubscriptionHaproxy:
38 default: 'overcloud-haproxy'
41 default: '/etc/ipa/ca.crt'
43 description: Specifies the default CA cert to use if TLS is used for
44 services in the internal network.
49 type: OS::TripleO::Services::HAProxyPublicTLS
51 ServiceNetMap: {get_param: ServiceNetMap}
52 DefaultPasswords: {get_param: DefaultPasswords}
53 EndpointMap: {get_param: EndpointMap}
56 type: OS::TripleO::Services::HAProxyInternalTLS
58 ServiceNetMap: {get_param: ServiceNetMap}
59 DefaultPasswords: {get_param: DefaultPasswords}
60 EndpointMap: {get_param: EndpointMap}
64 description: Role data for the HAproxy role.
67 monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
70 - get_attr: [HAProxyPublicTLS, role_data, config_settings]
71 - get_attr: [HAProxyInternalTLS, role_data, config_settings]
72 - tripleo.haproxy.firewall_rules:
75 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
76 tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
77 tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
78 tripleo::haproxy::redis_password: {get_param: RedisPassword}
79 tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
80 tripleo::profile::base::haproxy::certificates_specs:
82 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
83 - get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
85 include ::tripleo::profile::base::haproxy
87 - name: Check if haproxy is deployed
88 command: systemctl is-enabled haproxy
91 register: haproxy_enabled
92 - name: "PreUpgrade step0,validation: Check service haproxy is running"
93 shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
94 when: haproxy_enabled.rc == 0
95 tags: step0,validation
96 - name: Stop haproxy service
98 when: haproxy_enabled.rc == 0
99 service: name=haproxy state=stopped
100 - name: Start haproxy service
101 tags: step4 # Needed at step 4 for mysql
102 when: haproxy_enabled.rc == 0
103 service: name=haproxy state=started
106 - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
107 - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}