5581a28253
Add support for automatic provisioning and renewal of HTTPS certificates via LetsEncrypt. Spec is available at: https://etherpad.opendev.org/p/kolla-ansible-letsencrypt-https Depends-On: https://review.opendev.org/c/openstack/kolla/+/887347 Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io> Implements: blueprint letsencrypt-https Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106
854 lines
25 KiB
YAML
854 lines
25 KiB
YAML
---
|
|
- import_role:
|
|
name: service-precheck
|
|
vars:
|
|
service_precheck_services: "{{ loadbalancer_services }}"
|
|
service_name: "{{ project_name }}"
|
|
|
|
- name: Get container facts
|
|
become: true
|
|
kolla_container_facts:
|
|
container_engine: "{{ kolla_container_engine }}"
|
|
name:
|
|
- haproxy
|
|
- proxysql
|
|
- keepalived
|
|
check_mode: false
|
|
register: container_facts
|
|
|
|
- name: Group hosts by whether they are running keepalived
|
|
group_by:
|
|
key: "keepalived_running_{{ container_facts['keepalived'] is defined }}"
|
|
changed_when: false
|
|
check_mode: false
|
|
when:
|
|
- enable_keepalived | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Group hosts by whether they are running HAProxy
|
|
group_by:
|
|
key: "haproxy_running_{{ container_facts['haproxy'] is defined }}"
|
|
changed_when: false
|
|
check_mode: false
|
|
when:
|
|
- enable_haproxy | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Group hosts by whether they are running ProxySQL
|
|
group_by:
|
|
key: "proxysql_running_{{ container_facts['proxysql'] is defined }}"
|
|
changed_when: false
|
|
check_mode: false
|
|
when:
|
|
- enable_proxysql | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Set facts about whether we can run HAProxy and keepalived VIP prechecks
|
|
vars:
|
|
# NOTE(mgoddard): We can only reliably run this precheck if all hosts in
|
|
# the haproxy group are included in the batch. This may not be the case if
|
|
# using --limit or --serial.
|
|
all_hosts_in_batch: "{{ groups['loadbalancer'] | difference(ansible_play_batch) | list | length == 0 }}"
|
|
set_fact:
|
|
keepalived_vip_prechecks: "{{ all_hosts_in_batch and groups['keepalived_running_True'] is not defined }}"
|
|
haproxy_vip_prechecks: "{{ all_hosts_in_batch and groups['haproxy_running_True'] is not defined }}"
|
|
proxysql_vip_prechecks: "{{ all_hosts_in_batch and groups['proxysql_running_True'] is not defined }}"
|
|
|
|
- name: Checking if external haproxy certificate exists
|
|
run_once: true
|
|
stat:
|
|
path: "{{ kolla_external_fqdn_cert }}"
|
|
delegate_to: localhost
|
|
register: haproxy_cert_file
|
|
changed_when: false
|
|
when:
|
|
- not kolla_externally_managed_cert | bool
|
|
- not enable_letsencrypt | bool
|
|
- kolla_enable_tls_external | bool
|
|
|
|
- name: Assert that external haproxy certificate exists
|
|
run_once: true
|
|
assert:
|
|
that: haproxy_cert_file.stat.exists
|
|
fail_msg: "External haproxy certificate file is not found. It is configured via 'kolla_external_fqdn_cert'"
|
|
when:
|
|
- not kolla_externally_managed_cert | bool
|
|
- not enable_letsencrypt | bool
|
|
- kolla_enable_tls_external | bool
|
|
|
|
- name: Checking if internal haproxy certificate exists
|
|
run_once: true
|
|
stat:
|
|
path: "{{ kolla_internal_fqdn_cert }}"
|
|
delegate_to: localhost
|
|
register: haproxy_internal_cert_file
|
|
changed_when: false
|
|
when:
|
|
- not kolla_externally_managed_cert | bool
|
|
- not enable_letsencrypt | bool
|
|
- kolla_enable_tls_internal | bool
|
|
|
|
- name: Assert that internal haproxy certificate exists
|
|
run_once: true
|
|
assert:
|
|
that: haproxy_internal_cert_file.stat.exists
|
|
fail_msg: "Internal haproxy certificate file is not found. It is configured via 'kolla_internal_fqdn_cert'"
|
|
when:
|
|
- not kolla_externally_managed_cert | bool
|
|
- not enable_letsencrypt | bool
|
|
- kolla_enable_tls_internal | bool
|
|
|
|
- name: Checking the kolla_external_vip_interface is present
|
|
assert:
|
|
that: kolla_external_vip_interface in ansible_facts.interfaces
|
|
fail_msg: "Please check the kolla_external_vip_interface property - interface {{ kolla_external_vip_interface }} not found"
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
|
|
- name: Checking the kolla_external_vip_interface is active
|
|
assert:
|
|
that: hostvars[inventory_hostname].ansible_facts[kolla_external_vip_interface]['active']
|
|
fail_msg: "Please check the kolla_external_vip_interface settings - interface {{ kolla_external_vip_interface }} is not active"
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
|
|
# NOTE(hrw): let assume that each supported host OS has ping with ipv4/v6 support
|
|
- name: Checking if kolla_internal_vip_address and kolla_external_vip_address are not pingable from any node
|
|
command: "ping -c 3 {{ item }}"
|
|
register: ping_output
|
|
changed_when: false
|
|
failed_when: ping_output.rc != 1
|
|
check_mode: false
|
|
with_items:
|
|
- "{{ kolla_internal_vip_address }}"
|
|
- "{{ kolla_external_vip_address }}"
|
|
when:
|
|
- enable_keepalived | bool
|
|
- keepalived_vip_prechecks
|
|
- enable_haproxy | bool
|
|
|
|
- name: Checking free port for HAProxy stats
|
|
wait_for:
|
|
host: "{{ api_interface_address }}"
|
|
port: "{{ haproxy_stats_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- container_facts['haproxy'] is not defined
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Checking free port for HAProxy monitor (api interface)
|
|
wait_for:
|
|
host: "{{ api_interface_address }}"
|
|
port: "{{ haproxy_monitor_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- container_facts['haproxy'] is not defined
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Checking free port for HAProxy monitor (vip interface)
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ haproxy_monitor_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_haproxy | bool
|
|
- haproxy_vip_prechecks
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- api_interface_address != kolla_internal_vip_address
|
|
|
|
- name: Checking free port for ProxySQL admin (api interface)
|
|
wait_for:
|
|
host: "{{ api_interface_address }}"
|
|
port: "{{ proxysql_admin_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_proxysql | bool
|
|
- container_facts['proxysql'] is not defined
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Checking free port for ProxySQL admin (vip interface)
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ proxysql_admin_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_proxysql | bool
|
|
- proxysql_vip_prechecks
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- api_interface_address != kolla_internal_vip_address
|
|
|
|
# FIXME(yoctozepto): this req seems arbitrary, they need not be, just routable is fine
|
|
- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes
|
|
become: true
|
|
command: ip -o addr show dev {{ api_interface }}
|
|
register: ip_addr_output
|
|
changed_when: false
|
|
failed_when: >-
|
|
( ip_addr_output is failed or
|
|
kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none)
|
|
check_mode: false
|
|
when:
|
|
- enable_haproxy | bool
|
|
- enable_keepalived | bool
|
|
- container_facts['keepalived'] is not defined
|
|
- inventory_hostname in groups['loadbalancer']
|
|
|
|
- name: Getting haproxy stat
|
|
become: true
|
|
shell: echo "show stat" | {{ kolla_container_engine }} exec -i haproxy socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio # noqa risky-shell-pipe
|
|
register: haproxy_stat_shell
|
|
changed_when: false
|
|
check_mode: false
|
|
when: container_facts['haproxy'] is defined
|
|
|
|
- name: Setting haproxy stat fact
|
|
set_fact:
|
|
haproxy_stat: "{{ haproxy_stat_shell.stdout | default('') }}"
|
|
|
|
- name: Checking free port for Aodh API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ aodh_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_aodh | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('aodh_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Barbican API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ barbican_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_barbican | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('barbican_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Blazar API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ blazar_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_blazar | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('blazar_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Ceph RadosGW HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ ceph_rgw_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ceph_rgw | bool
|
|
- enable_ceph_rgw_loadbalancer | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('radosgw') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Cinder API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cinder_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cinder | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('cinder_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Cloudkitty API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cloudkitty_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cloudkitty | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('cloudkitty_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Cyborg API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ cyborg_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_cyborg | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('cyborg_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Designate API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ designate_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_designate | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('designate_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Glance API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ glance_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_glance | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('glance_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Gnocchi API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ gnocchi_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_gnocchi | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('gnocchi_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Freezer API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ freezer_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_freezer | bool
|
|
- haproxy_stat.find('freezer_api') == -1
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Grafana server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ grafana_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_grafana | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('grafana_server') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Heat API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ heat_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_heat | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('heat_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Heat API CFN HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ heat_api_cfn_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_heat | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('heat_api_cfn') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Horizon HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ horizon_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_horizon | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('horizon') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Ironic API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ ironic_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ironic | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('ironic_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Ironic Inspector HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ ironic_inspector_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_ironic | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('ironic_inspector') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Keystone Internal HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ keystone_public_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_keystone | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('keystone_internal') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Keystone Public HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_external_vip_address }}"
|
|
port: "{{ keystone_public_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- haproxy_enable_external_vip | bool
|
|
- enable_keystone | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('keystone_external') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Magnum API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ magnum_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_magnum | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('magnum_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Manila API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ manila_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_manila | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('manila_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for MariaDB HAProxy/ProxySQL
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ database_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_mariadb | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('mariadb') == -1
|
|
- haproxy_vip_prechecks or proxysql_vip_prechecks
|
|
|
|
- name: Checking free port for Masakari API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ masakari_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_masakari | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('masakari_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Mistral API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ mistral_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_mistral | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('mistral_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Murano API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ murano_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_murano | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('murano_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Neutron Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ neutron_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_neutron | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('neutron_server') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('nova_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova Metadata HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_metadata_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('nova_metadata') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova NoVNC HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_novncproxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- nova_console == 'novnc'
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('nova_novncproxy') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova Serial Proxy HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_serialproxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- haproxy_stat.find('nova_serialconsole_proxy') == -1
|
|
- enable_nova_serialconsole_proxy | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova Spice HTML5 HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ nova_spicehtml5proxy_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- nova_console == 'spice'
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('nova_spicehtml5proxy') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Nova Placement API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ placement_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_nova | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('placement_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Octavia API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ octavia_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_octavia | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('octavia_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for OpenSearch HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ opensearch_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_opensearch | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('opensearch') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for OpenSearch Dashboards HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ opensearch_dashboards_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_opensearch_dashboards | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('opensearch_dashboards') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for RabbitMQ Management HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ rabbitmq_management_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_rabbitmq | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('rabbitmq_management') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for outward RabbitMQ Management HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ outward_rabbitmq_management_port }}"
|
|
connect_timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_outward_rabbitmq | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('outward_rabbitmq_management') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Sahara API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ sahara_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_sahara | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('sahara_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Senlin API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ senlin_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_senlin | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('senlin_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Solum Application Deployment HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ solum_application_deployment_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_solum | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('solum_application_deployment') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Solum Image Builder HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ solum_image_builder_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_solum | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('solum_image_builder') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Swift Proxy Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ swift_proxy_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_swift | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('swift_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Tacker Server HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ tacker_server_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_tacker | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('tacker_server') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Trove API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ trove_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_trove | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('trove_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Watcher API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ watcher_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_watcher | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('watcher_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Zun API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ zun_api_port }}"
|
|
connect_timeout: 1
|
|
timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_zun | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('zun_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Checking free port for Vitrage API HAProxy
|
|
wait_for:
|
|
host: "{{ kolla_internal_vip_address }}"
|
|
port: "{{ vitrage_api_port }}"
|
|
connect_timeout: 1
|
|
state: stopped
|
|
when:
|
|
- enable_vitrage | bool
|
|
- inventory_hostname in groups['loadbalancer']
|
|
- haproxy_stat.find('vitrage_api') == -1
|
|
- haproxy_vip_prechecks
|
|
|
|
- name: Firewalld checks
|
|
block:
|
|
- name: Check if firewalld is running # noqa command-instead-of-module
|
|
become: true
|
|
command:
|
|
cmd: "systemctl is-active firewalld"
|
|
register: firewalld_is_active
|
|
changed_when: false
|
|
failed_when: false
|
|
check_mode: false
|
|
|
|
- name: Fail if firewalld is not running
|
|
fail:
|
|
msg: >-
|
|
firewalld is not running.
|
|
Please install and configure firewalld.
|
|
when:
|
|
- firewalld_is_active.rc != 0
|
|
when:
|
|
- enable_external_api_firewalld | bool
|