The 'netcat' package is no longer installable directly.
Package netcat is a virtual package provided by:
netcat-openbsd 1.219-1
netcat-traditional 1.10-47
You should explicitly select one to install.
E: Package 'netcat' has no installation candidate
Change-Id: Ic708a7fd2223d1ba40ccacbd2b6863187fad0da9
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I8c316dd62ac22ccd9578bb0199ab8f25c0104f9a
The ternary options appear to be getting evaluated whether they
are used or not, so item['interface'] is always accessed.
This patch aims to check for the key's presence before performing
ternary operations, or use Ansible variables to postpone evaluation
until absolutely necessary.
Change-Id: Ib1462c04d1a0820a37998f989e2ed16566f71f54
In some user scenarious (like implementing DNS RR) it might be useful to
bind on 0.0.0.0 but at the same time do not conflict with other services
that are binded to the same ports. For that, we can specify a specific
interface, on which haproxy will be binded to 0.0.0.0.
In netstat it would be represented like `0.0.0.0%br-mgmt:5000`.
With that we also allow to fully override `vip_binds` if assumtions
that role make are not valid for some reason.
Change-Id: Ic4c58ef53abc5f454b6fbebbd87292a932d173ae
Instead of hardcoding specific supported tunable options, we
just pass key as an option to haproxy config.
This change might break deployments during upgrades, since format of
values in variable has changed, but appropriate release note was written
We also increase maxrewrite by default, as otherwise usage of CSP leads
to 500 error.
Change-Id: I949960420ed5dbd6d58f0de7dae0ac629a85b7fc
Related-Bug: https://github.com/haproxy/haproxy/issues/1597
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/844815
If haproxy_backend_ca set to true, default to using system CA
so you dont have to specify the exact CA to use.
Change-Id: I536c32a0b152a2b754787e07574472ecfaebd7e7
We're providing an option to have an IP address per VIP
address. Currently it's used only for creating self-signed
SSLs signed with internal CA per each VIP. With follow-up
patches that will also allow to provide user certificates
per VIP, making possible to cover internal and external
endpoints with different non-wildcard certs.
Change-Id: I0a9eb7689eb42b50daf5c94c874bb7429b271efe
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: If9dfa6aaa1e90856c6a4c074fd33b8e49b57a5fc
This patch allows a certbot package from a distro repository to be
used instead of the certbot-auto script. For ubuntu the distro package
takes care of setting up all the necessary directories in /etc/letsencrypt
and creates a systemd service for running the renewal. This avoids
needing to manage those aspects of the installation in this ansible role.
Change-Id: If7c5bcde299362bb3d2a136db659ca319e22e35b
This patch aims to migrate service from usage of rsyslog to journald.
By this we mean dropping rsyslog client installation and
set log address to /dev/log, which is served by journald.
Change-Id: I80dccb129e73fd58f7211bd56d36e55b55603c6a
This patch adds the Debian jobs for this role to make sure
it's always passing as well as updates the meta to reflect
it's support of Debian accordingly.
It also clean-up an old variable which is carried for upgrades
that is no longer relevant now.
A new variable has been added to ensure pre-packages, which
have been generally assumed to be installed as a base OS
package, have been installed before installing the application
or configuring the system via the role.
Depends-On: I135ea73604890eae5e9e2a7cdcab81b2b39ad426
Change-Id: I19094b540aff81b7aa029880e404a2990f82e538
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
* Install haproxy-logging.cfg numerically before Ubuntu's
/etc/rsyslog.d/49-haproxy.conf so its logging directives see HAProxy
logs before they are discarded by 49-haproxy.conf.
* Set owner of /var/log/haproxy to rsyslog's `syslog` user so rsyslog
can write to it on Ubuntu.
* Limit HAProxy-related rsyslog processing to HAProxy log messages
instead of any/all log messages with the local0 or local1 facility
and assuming HAProxy is the only application using those facilities.
Change-Id: Ic259abc281619ba5ee8f020ac68373858a06e94d
Closes-Bug: #1783886
openSUSE ships a HAProxy profile which prevents the creation of the
/run/haproxy.stat file.
profile="/usr/sbin/haproxy" name="/run/haproxy.stat.21697.tmp" pid=21697 comm="haproxy" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
As such, lets follow the common pattern across OSA roles to disable the
profile instead of trying to manage it.
Change-Id: Iaacb628f4cc78687c95034e81ed924807a3018bd
Now that bionic testing is added into the tests repos, we can
start testing it in the repo.
Depends-On: https://review.openstack.org/#/c/566959/
Change-Id: I4fa2d7a793a2d410049879384a27c82779d9bac7
The repo/keys are left over from Newton/Trusty and
were not removed when Trusty support was removed.
The required packages were only necessary in order
to facilitate the repo addition.
The var haproxy_distro_packages is defined in all
distro-specific vars files, so its presence in
defaults is unnecessary.
The apt pinning meta dependency is no longer
required - it's another leftover from Ubuntu Trusty.
A task is included to remove the old config files.
Change-Id: I912cd170d05c4a9befe3420971ddf68ff2ddde2b
In order to support the use of the Ansible
haproxy module to enable/disable backends
during the execution of configuration and/or
software changes, the required [1] netcat
package is installed.
[1] http://docs.ansible.com/ansible/haproxy_module.html#notes
Change-Id: Id80dfc8f75f2efdb35b19c4e6bb899475623d824
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.
This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.
Change-Id: Id9a356f78162a77edc27209be215f04380a631dc
This change implements CentOS7 and Ubuntu 16.04 support for the HAProxy
role. Because RHEL does not package HATop the installation of HATop has
been moved to a source installation so that it can be used universally.
Implements: blueprint multi-platform-host
Change-Id: Ib4f33185202b694b9611cc5fd6323c30a1c8d489
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Jonathan Rosser