{"id":101,"sha1":"10851295fa97cadf9d9e0f26ab8e379bc7d9c178","playbook":{"id":2,"items":{"plays":18,"tasks":316,"results":313,"hosts":2,"files":136,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-hosts.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:27:39.675908Z","ended":"2025-12-08T13:33:13.621332Z","duration":"00:05:33.945424","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2023, Cleura AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# By default the nova console service on HAProxy is configured in HTTP mode to\n# allow for more fine grained control. But if the SSL connection is terminated\n# on the nova console container it has to be run in TCP mode.\nhaproxy_nova_console_http_mode: \"{{ not (nova_console_user_ssl_cert is defined\n                                         and nova_console_user_ssl_key is defined) }}\"\n\nhaproxy_nova_metadata_allowlist_networks: \"{{ haproxy_allowlist_networks }}\"\n\nhaproxy_nova_healthcheck_hdr: 'hdr User-Agent \"osa-proxy-healthcheck\"'\n\nhaproxy_nova_api_metadata_service:\n  haproxy_service_name: nova_api_metadata\n  haproxy_backend_nodes: \"{{ groups['nova_api_metadata'] | default([]) }}\"\n  haproxy_bind: >-\n    {{ [{\n          'address': haproxy_bind_internal_lb_vip_address | default(internal_lb_vip_address),\n          'interface': haproxy_bind_internal_lb_vip_interface | default('')\n    }] }}\n  haproxy_port: 8775\n  haproxy_ssl: \"{{ haproxy_ssl_all_vips }}\"\n  haproxy_balance_type: http\n  haproxy_backend_httpcheck_options:\n    - \"{{ 'send ' ~ haproxy_nova_healthcheck_hdr ~  ' meth HEAD' }}\"\n  haproxy_allowlist_networks: \"{{ haproxy_nova_metadata_allowlist_networks }}\"\n  haproxy_backend_ssl: \"{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}\"\n  haproxy_backend_ca: \"{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}\"\n  haproxy_accept_both_protocols: \"{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}\"\n  haproxy_service_enabled: \"{{ groups['nova_api_metadata'] is defined and groups['nova_api_metadata'] | length > 0 }}\"\n\nhaproxy_nova_api_compute_service:\n  haproxy_service_name: nova_api_os_compute\n  haproxy_backend_nodes: \"{{ groups['nova_api_os_compute'] | default([]) }}\"\n  haproxy_ssl: \"{{ haproxy_ssl }}\"\n  haproxy_ssl_all_vips: \"{{ haproxy_ssl_all_vips }}\"\n  haproxy_port: 8774\n  haproxy_balance_type: http\n  haproxy_backend_httpcheck_options:\n    - \"{{ 'send ' ~ haproxy_nova_healthcheck_hdr ~  ' meth HEAD' }}\"\n  haproxy_backend_ssl: \"{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}\"\n  haproxy_backend_ca: \"{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}\"\n  haproxy_accept_both_protocols: \"{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}\"\n  haproxy_service_enabled: \"{{ groups['nova_api_os_compute'] is defined and groups['nova_api_os_compute'] | length > 0 }}\"\n\nhaproxy_nova_spice_console_service:\n  haproxy_service_name: nova_spice_console\n  haproxy_backend_nodes: \"{{ groups['nova_console'] | default([]) }}\"\n  haproxy_ssl: \"{{ haproxy_ssl }}\"\n  haproxy_ssl_all_vips: \"{{ haproxy_ssl_all_vips }}\"\n  haproxy_port: \"{{ nova_spice_html5proxy_base_port | default('6082') }}\"\n  haproxy_balance_type: \"{{ haproxy_nova_console_http_mode | ternary('http', 'tcp') }}\"\n  haproxy_timeout_client: 60m\n  haproxy_timeout_server: 60m\n  haproxy_balance_alg: source\n  haproxy_backend_httpcheck_options: \"{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD uri /spice_auto.html', 'expect status 200'], []) }}\"\n  haproxy_backend_ssl: \"{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}\"\n  haproxy_backend_ca: \"{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}\"\n  haproxy_accept_both_protocols: \"{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}\"\n  haproxy_service_enabled: \"{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'spice' in nova_console_proxy_types }}\"\n  haproxy_frontend_raw:\n    - \"http-request deny if { path,url_dec -m sub /. }\"\n\nhaproxy_nova_serial_console_service:\n  haproxy_service_name: nova_serial_console\n  haproxy_backend_nodes: \"{{ groups['nova_console'] | default([]) + ((ironic_console_type == 'serialconsole') | ternary(groups['ironic_console'] | default([]), [])) }}\"\n  haproxy_ssl: \"{{ haproxy_ssl }}\"\n  haproxy_ssl_all_vips: \"{{ haproxy_ssl_all_vips }}\"\n  haproxy_port: \"{{ nova_serialconsoleproxy_port | default('6083') }}\"\n  haproxy_balance_type: \"{{ haproxy_nova_console_http_mode | ternary('http', 'tcp') }}\"\n  haproxy_timeout_client: 60m\n  haproxy_timeout_server: 60m\n  haproxy_balance_alg: source\n  haproxy_backend_httpcheck_options: \"{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD', 'expect status 405'], []) }}\"\n  haproxy_backend_ssl: \"{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}\"\n  haproxy_backend_ca: \"{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}\"\n  haproxy_accept_both_protocols: \"{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}\"\n  haproxy_service_enabled: \"{{ (groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'serialconsole' in nova_console_proxy_types) or\n                               (groups['ironic_console'] is defined and groups['ironic_console'] | length > 0 and 'serialconsole' in nova_console_proxy_types) }}\"\n  haproxy_frontend_raw:\n    - \"http-request deny if { path,url_dec -m sub /. }\"\n\nhaproxy_nova_novnc_console_service:\n  haproxy_service_name: nova_novnc_console\n  haproxy_backend_nodes: \"{{ groups['nova_console'] | default([]) }}\"\n  haproxy_ssl: \"{{ haproxy_ssl }}\"\n  haproxy_ssl_all_vips: \"{{ haproxy_ssl_all_vips }}\"\n  haproxy_port: \"{{ nova_novncproxy_port | default('6080') }}\"\n  haproxy_balance_type: \"{{ haproxy_nova_console_http_mode | ternary('http', 'tcp') }}\"\n  haproxy_timeout_client: 60m\n  haproxy_timeout_server: 60m\n  haproxy_balance_alg: source\n  haproxy_backend_httpcheck_options: \"{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD uri /vnc.html', 'expect status 200'], []) }}\"\n  haproxy_backend_ssl: \"{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}\"\n  haproxy_backend_ca: \"{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}\"\n  haproxy_accept_both_protocols: \"{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}\"\n  haproxy_service_enabled: \"{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'novnc' in nova_console_proxy_types }}\"\n  haproxy_frontend_raw:\n    - \"http-request deny if { path,url_dec -m sub /. }\"\n\n# NOTE(jrosser) Clean up legacy console haproxy configs from previous releases\nhaproxy_nova_console_service:\n  haproxy_service_name: nova_console\n  haproxy_service_enabled: False\n\nhaproxy_nova_ironic_console_service:\n  haproxy_service_name: nova_ironic_console\n  haproxy_service_enabled: False\n\nnova_haproxy_services:\n  - \"{{ haproxy_nova_api_metadata_service | combine(haproxy_nova_api_metadata_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_api_compute_service | combine(haproxy_nova_api_compute_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_spice_console_service | combine(haproxy_nova_spice_console_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_novnc_console_service | combine(haproxy_nova_novnc_console_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_serial_console_service | combine(haproxy_nova_serial_console_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_console_service | combine(haproxy_nova_console_service_overrides | default({})) }}\"\n  - \"{{ haproxy_nova_ironic_console_service | combine(haproxy_nova_ironic_console_service_overrides | default({})) }}\"\n","created":"2025-12-08T13:28:36.899615Z","updated":"2025-12-08T13:28:36.899644Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/group_vars/nova_all/haproxy_service.yml"}