From 95895d5b06e9460befea3a32a7f749f8b4cb09d9 Mon Sep 17 00:00:00 2001
From: Bartosz Bezak <bartosz@stackhpc.com>
Date: Fri, 27 Jan 2023 12:27:44 +0100
Subject: [PATCH] Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag

neutron_tls_proxy and glance_tls_proxy are using haproxy container
image. Pin them to haproxy_tag directly.

Change-Id: I73142db48ebe6641520d21b560f16de892e07c34
---
 ansible/roles/glance/defaults/main.yml                    | 3 ++-
 ansible/roles/neutron/defaults/main.yml                   | 3 ++-
 .../tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml     | 8 ++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml

diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml
index 114cce55e5..a2f5d52192 100644
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@@ -141,6 +141,7 @@ haproxy_glance_api_server_timeout: "6h"
 ####################
 # Docker
 ####################
+haproxy_tag: "{{ openstack_tag }}"
 glance_tag: "{{ openstack_tag }}"
 
 glance_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/glance-api"
@@ -148,7 +149,7 @@ glance_api_tag: "{{ glance_tag }}"
 glance_api_image_full: "{{ glance_api_image }}:{{ glance_api_tag }}"
 
 glance_tls_proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/haproxy"
-glance_tls_proxy_tag: "{{ glance_tag }}"
+glance_tls_proxy_tag: "{{ haproxy_tag }}"
 glance_tls_proxy_image_full: "{{ glance_tls_proxy_image }}:{{ glance_tls_proxy_tag }}"
 
 glance_api_dimensions: "{{ default_container_dimensions }}"
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index a7d71395b8..1dc174ae3e 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -249,6 +249,7 @@ neutron_database_shard:
 ####################
 # Docker
 ####################
+haproxy_tag: "{{ openstack_tag }}"
 neutron_tag: "{{ openstack_tag }}"
 
 neutron_dhcp_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/neutron-dhcp-agent"
@@ -308,7 +309,7 @@ ironic_neutron_agent_tag: "{{ neutron_tag }}"
 ironic_neutron_agent_image_full: "{{ ironic_neutron_agent_image }}:{{ ironic_neutron_agent_tag }}"
 
 neutron_tls_proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/haproxy"
-neutron_tls_proxy_tag: "{{ neutron_tag }}"
+neutron_tls_proxy_tag: "{{ haproxy_tag }}"
 neutron_tls_proxy_image_full: "{{ neutron_tls_proxy_image }}:{{ neutron_tls_proxy_tag }}"
 
 neutron_agent_dimensions: "{{ default_container_dimensions }}"
diff --git a/releasenotes/notes/tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml b/releasenotes/notes/tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml
new file mode 100644
index 0000000000..8bafef9e35
--- /dev/null
+++ b/releasenotes/notes/tls-proxies-use-haproxy-tag-aa030b5e5df6fbf0.yaml
@@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    Default tags of ``neutron_tls_proxy`` and ``glance_tls_proxy`` have been
+    changed to ``haproxy_tag``, as both services are using ``haproxy``
+    container image.
+    Any custom tag overrides for those services should be altered before
+    upgrade.