{"id":211,"sha1":"f3c756f462925b8173d0189c9e9068f25b6f5b88","playbook":{"id":3,"items":{"plays":37,"tasks":589,"results":576,"hosts":7,"files":222,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:50:33.014895Z","ended":"2025-12-08T13:57:00.819740Z","duration":"00:06:27.804845","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Make haproxy bindable on non local addresses\n  ansible.posix.sysctl:\n    name: \"{{ item }}\"\n    value: 1\n    sysctl_set: true\n    sysctl_file: \"{{ haproxy_sysctl_file }}\"\n    state: present\n  when: haproxy_bind_on_non_local | bool\n  with_items:\n    - \"net.ipv4.ip_nonlocal_bind\"\n    - \"net.ipv6.ip_nonlocal_bind\"\n  tags:\n    - haproxy-non-local-bind-config\n\n# NOTE (noonedeadpunk) Debian/Ubuntu haproxy packages configure rsyslog\n# to handle log collection and log file rotation. This is not needed since\n# journald is used for this purpose\n- name: Delete rsyslog and logrotate configs\n  ansible.builtin.file:\n    path: \"{{ item }}\"\n    state: absent\n  with_items:\n    - /etc/rsyslog.d/49-haproxy.conf\n    - /etc/logrotate.d/haproxy\n    - /etc/rsyslog.d/10-haproxy-local-logging.conf\n  notify: Restart rsyslog\n  tags:\n    - haproxy-logging-config\n\n- name: Drop base haproxy config\n  ansible.builtin.template:\n    src: \"haproxy.cfg.j2\"\n    dest: \"/etc/haproxy/conf.d/00-haproxy\"\n    mode: \"0640\"\n    owner: haproxy\n    group: haproxy\n  notify: Regenerate haproxy configuration\n  tags:\n    - haproxy-base-config\n\n- name: Including haproxy_service_config tasks\n  ansible.builtin.include_tasks: haproxy_service_config.yml\n  args:\n    apply:\n      tags:\n        - haproxy-service-config\n  tags:\n    - haproxy-service-config\n\n- name: Create log directory if it does not exist\n  ansible.builtin.file:\n    path: \"{{ haproxy_log_mount_point | dirname }}\"\n    state: directory\n    mode: \"0755\"\n    owner: \"haproxy\"\n    group: \"haproxy\"\n\n# NOTE(jrosser) The next task fails on Centos without this,\n# an empty directory rather than a file is made and the bind mount fails\n- name: Ensure empty file is availble to bind mount log socket\n  ansible.builtin.file:\n    state: touch\n    path: \"{{ haproxy_log_mount_point }}\"\n    access_time: preserve\n    modification_time: preserve\n    mode: \"0666\"\n\n- name: Make log socket available to chrooted filesystem\n  ansible.posix.mount:\n    src: \"{{ haproxy_log_socket }}\"\n    path: \"{{ haproxy_log_mount_point }}\"\n    opts: bind\n    state: mounted\n    fstype: none\n\n- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports\n  ansible.posix.seboolean:\n    name: haproxy_connect_any\n    state: true\n    persistent: true\n  tags:\n    - haproxy-service-config\n  notify:\n    - Reload haproxy\n  when:\n    - ansible_facts['selinux']['status'] == \"enabled\"\n","created":"2025-12-08T13:50:34.456876Z","updated":"2025-12-08T13:50:34.456889Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-haproxy_server/tasks/haproxy_post_install.yml"}