ara | File #295: ...openstack/openstack-ansible/inventory/group

/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml

Execution

Date 08 Dec 2025 13:33:24 +0000

Duration 00:06:14.05

Controller aio1.openstack.local

User root

Versions

Ansible 2.18.6

ara 1.7.4 / 1.7.4

Python 3.12.3

Summary

2 Hosts

374 Tasks

364 Results

37 Plays

208 Files

0 Records

check:False tags:all

Date
08 Dec 2025 13:33:24 +0000
Path
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml

Argument	Value
version	None
verbosity	0
private_key_file	None
remote_user	None
connection	openstack.osa.ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	True
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	8
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['setup-infrastructure.yml']

File: /home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/group_vars/all/haproxy.yml

---
# Copyright 2023, Cleura AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

haproxy_ssl: true
haproxy_ssl_all_vips: false

haproxy_allowlist_networks:
  - 192.168.0.0/16
  - 172.16.0.0/12
  - 10.0.0.0/8

haproxy_stick_table_allowlist_networks: "{{ haproxy_allowlist_networks }}"

# haproxy default stick table
# returns 429 when more than 20 4xx responses per 10 second window
# from external IP addresses. Override as necessary.
openstack_haproxy_stick_table:
  - "stick-table  type ipv6  size 256k  expire 10s  store http_err_rate(10s)"
  - "http-request track-sc0 src"
  - "http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 } !{ src {{ haproxy_stick_table_allowlist_networks | join(' } !{ src ') }} }"

# CA used by haproxy to verify backend certificate.
# It can contain CA path or a boolean:
# (true = use system CA, false = cert validation disabled)
openstack_haproxy_backend_ca: True

# apply the stick table as default for all backends
haproxy_stick_table: "{{ openstack_haproxy_stick_table }}"

Playbook #3

File: /home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/group_vars/all/haproxy.yml