1 heat_template_version: pike
4 HAproxy service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
35 description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
38 description: Password for HAProxy stats endpoint
42 description: User for HAProxy stats endpoint
47 description: Syslog address where HAproxy will send its log
51 description: Whether or not to enable the HAProxy stats interface.
54 description: The password for the redis service account.
57 MonitoringSubscriptionHaproxy:
58 default: 'overcloud-haproxy'
63 The content of the SSL certificate (without Key) in PEM format.
65 DeployedSSLCertificatePath:
66 default: '/etc/pki/tls/private/overcloud_endpoint.pem'
68 The filepath of the certificate as it will be stored in the controller.
71 default: '/etc/ipa/ca.crt'
73 description: Specifies the default CA cert to use if TLS is used for
74 services in the internal network.
75 InternalTLSCRLPEMFile:
76 default: '/etc/pki/CA/crl/overcloud-crl.pem'
78 description: Specifies the default CRL PEM file to use for revocation if
79 TLS is used for services in the internal network.
86 - {get_param: SSLCertificate}
92 type: OS::TripleO::Services::HAProxyPublicTLS
94 ServiceData: {get_param: ServiceData}
95 ServiceNetMap: {get_param: ServiceNetMap}
96 DefaultPasswords: {get_param: DefaultPasswords}
97 EndpointMap: {get_param: EndpointMap}
98 RoleName: {get_param: RoleName}
99 RoleParameters: {get_param: RoleParameters}
102 type: OS::TripleO::Services::HAProxyInternalTLS
104 ServiceData: {get_param: ServiceData}
105 ServiceNetMap: {get_param: ServiceNetMap}
106 DefaultPasswords: {get_param: DefaultPasswords}
107 EndpointMap: {get_param: EndpointMap}
108 RoleName: {get_param: RoleName}
109 RoleParameters: {get_param: RoleParameters}
113 description: Role data for the HAproxy role.
115 service_name: haproxy
116 monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
119 - tripleo.haproxy.firewall_rules:
122 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
123 tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
124 tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
125 tripleo::haproxy::redis_password: {get_param: RedisPassword}
126 tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
127 tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
128 tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
129 enable_load_balancer: {get_param: EnableLoadBalancer}
130 tripleo::profile::base::haproxy::certificates_specs:
132 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
133 - get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
136 - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
138 - get_attr: [HAProxyPublicTLS, role_data, config_settings]
139 - get_attr: [HAProxyInternalTLS, role_data, config_settings]
141 include ::tripleo::profile::base::haproxy
143 - name: Check if haproxy is deployed
144 command: systemctl is-enabled haproxy
147 register: haproxy_enabled
148 - name: "PreUpgrade step0,validation: Check service haproxy is running"
149 shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
150 when: haproxy_enabled.rc == 0
151 tags: step0,validation
152 - name: Stop haproxy service
154 when: haproxy_enabled.rc == 0
155 service: name=haproxy state=stopped
156 - name: Start haproxy service
157 tags: step4 # Needed at step 4 for mysql
158 when: haproxy_enabled.rc == 0
159 service: name=haproxy state=started
162 - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
163 - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}