{"id":379,"sha1":"4d7ef111f11422e38715ed66b7c722c7efa4728a","playbook":{"id":4,"items":{"plays":104,"tasks":1377,"results":1365,"hosts":2,"files":504,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:39:52.478534Z","ended":"2025-12-08T14:14:54.510371Z","duration":"00:35:02.031837","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2021, City Network International AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n_haproxy_vip_binds: |\n {% set vip_binds = [{'address': haproxy_bind_external_lb_vip_address, 'interface': haproxy_bind_external_lb_vip_interface, 'type': 'external'}] %}\n {% if haproxy_bind_internal_lb_vip_address != haproxy_bind_external_lb_vip_address or\n haproxy_bind_external_lb_vip_interface != haproxy_bind_internal_lb_vip_interface %}\n {% set _ = vip_binds.append({'address': haproxy_bind_internal_lb_vip_address, 'interface': haproxy_bind_internal_lb_vip_interface, 'type': 'internal'}) %}\n {% endif %}\n {% for vip_address in extra_lb_tls_vip_addresses %}\n {% set _ = vip_binds.append({'address': vip_address, 'type': 'external'}) %}\n {% endfor %}\n {{ vip_binds }}\n\n_haproxy_pki_certificates: |\n {% set _pki_certs = [] %}\n {% for vip in haproxy_vip_binds %}\n {% set _vip_interface = vip['interface'] | default('') %}\n {% set san = ['DNS:' ~ ansible_facts['hostname'], 'DNS:' ~ ansible_facts['fqdn']] %}\n {% if vip['address'] != '*' %}\n {% set _ = san.append((vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address']) %}\n {% endif %}\n {% if vip['address'] == haproxy_bind_internal_lb_vip_address and not (internal_lb_vip_address | ansible.utils.ipaddr) %}\n {% set _ = san.append('DNS:' ~ internal_lb_vip_address) %}\n {% endif %}\n {% if vip['address'] == haproxy_bind_external_lb_vip_address and not (external_lb_vip_address | ansible.utils.ipaddr) %}\n {% set _ = san.append('DNS:' ~ external_lb_vip_address) %}\n {% endif %}\n {% for record in vip.get('pki_san_records', []) %}\n {% set _ = san.append((record | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ record) %}\n {% endfor %}\n {% set _ = _pki_certs.append(\n {\n 'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),\n 'provider': 'ownca',\n 'cn': ansible_facts['hostname'],\n 'san': san | join(','),\n 'signed_by': haproxy_pki_intermediate_cert_name,\n }\n ) %}\n {% endfor %}\n {{ _pki_certs }}\n\n_haproxy_pki_install_certificates: |\n {% set _pki_install = [] %}\n {% for vip in haproxy_vip_binds %}\n {% set _vip_interface = vip['interface'] | default('') %}\n {% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(\n vip['address'] ~ '-' ~ _vip_interface, vip['address'])\n %}\n {% set _ = _pki_install.append(\n {\n 'src': haproxy_user_ssl_cert | default(haproxy_pki_certs_path ~ _cert_basename ~ '.crt'),\n 'dest': haproxy_ssl_temp_path ~ _cert_basename ~ '.crt',\n 'owner': 'root',\n 'group': 'haproxy',\n 'mode': '0644'\n }\n )\n %}\n {% set _ = _pki_install.append(\n {\n 'src': haproxy_user_ssl_key | default(haproxy_pki_keys_path ~ _cert_basename ~ '.key.pem'),\n 'dest': haproxy_ssl_temp_path ~ _cert_basename ~ '.key',\n 'owner': 'root',\n 'group': 'haproxy',\n 'mode': '0640'\n }\n )\n %}\n {# We need to put CA only when it's provided by user or internal CA is used and user certs are not provided #}\n {% if (haproxy_user_ssl_cert is not defined and haproxy_user_ssl_key is not defined) or haproxy_user_ssl_ca_cert is defined %}\n {% set _ = _pki_install.append(\n {\n 'src': haproxy_user_ssl_ca_cert | default(haproxy_pki_intermediate_cert_path),\n 'dest': haproxy_ssl_temp_path ~ _cert_basename ~ '-ca.crt',\n 'owner': 'root',\n 'group': 'haproxy',\n 'mode': '0644'\n })\n %}\n {% endif %}\n {% endfor %}\n {{ _pki_install }}\n\n# In case CSP is enabled, on newer haproxy versions, header size\n# fill more than bufsize-maxrewrite, which results in 500\n# See: https://github.com/haproxy/haproxy/issues/1597\n_haproxy_default_tuning_params:\n tune.maxrewrite: 1280\n","created":"2025-12-08T13:39:53.244667Z","updated":"2025-12-08T13:39:53.244707Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-haproxy_server/vars/main.yml"}