{"id":295,"sha1":"d5934e669993e387086c2dc911edadc53b4e3853","playbook":{"id":3,"items":{"plays":37,"tasks":374,"results":364,"hosts":2,"files":208,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:33:24.432723Z","ended":"2025-12-08T13:39:38.483304Z","duration":"00:06:14.050581","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2023, Cleura AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\nhaproxy_ssl: true\nhaproxy_ssl_all_vips: false\n\nhaproxy_allowlist_networks:\n  - 192.168.0.0/16\n  - 172.16.0.0/12\n  - 10.0.0.0/8\n\nhaproxy_stick_table_allowlist_networks: \"{{ haproxy_allowlist_networks }}\"\n\n# haproxy default stick table\n# returns 429 when more than 20 4xx responses per 10 second window\n# from external IP addresses. Override as necessary.\nopenstack_haproxy_stick_table:\n  - \"stick-table  type ipv6  size 256k  expire 10s  store http_err_rate(10s)\"\n  - \"http-request track-sc0 src\"\n  - \"http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 } !{ src {{ haproxy_stick_table_allowlist_networks | join(' } !{ src ') }} }\"\n\n# CA used by haproxy to verify backend certificate.\n# It can contain CA path or a boolean:\n# (true = use system CA, false = cert validation disabled)\nopenstack_haproxy_backend_ca: True\n\n# apply the stick table as default for all backends\nhaproxy_stick_table: \"{{ openstack_haproxy_stick_table }}\"\n","created":"2025-12-08T13:33:32.454955Z","updated":"2025-12-08T13:33:32.454998Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/group_vars/all/haproxy.yml"}