Add options to override which addresses haproxy binds to

Adding options to be able to override the default behaviour of haproxy binding to external_lb_vip_address and internal_lb_vip_address. The default behaviour stays the same after this change. Change-Id: I76044aea498d73e97087719279ba0a37a9eb28e9
2020-03-02 13:48:43 +01:00 · 2020-03-02 13:48:43 +01:00 · 049b479b65
parent 7ddff19aa5
commit 049b479b65
3 changed files with 25 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -130,6 +130,12 @@ extra_lb_vip_addresses: []
 # Add extra TLS VIPs to all services
 extra_lb_tls_vip_addresses: []

+# Option to override which address haproxy binds to for external vip.
+haproxy_bind_external_lb_vip_address: "{{ external_lb_vip_address }}"
+
+# Option to override which address haproxy binds to for internal vip.
+haproxy_bind_internal_lb_vip_address: "{{ internal_lb_vip_address }}"
+
 # Make the log socket available to the chrooted filesystem
 haproxy_log_socket: "/dev/log"
 haproxy_log_mount_point: "/var/lib/haproxy/dev/log"
--- a/doc/source/configure-haproxy.rst
+++ b/doc/source/configure-haproxy.rst
@ -236,6 +236,22 @@ defined in the ``user_variables.yml`` file:
     - 10.0.0.10
     - 192.168.0.10

+Overriding the address haproxy will bind to
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In some cases you may want to override the default of having haproxy
+bind to the addresses specified in ``external_lb_vip_address`` and
+``internal_lb_vip_address``. For example if those are hostnames and you
+want haproxy to bind to IP addresses while preserving the names for TLS-
+certificates and endpoint URIs.
+
+This can be set in the ``user_variables.yml`` file:
+
+.. code-block:: yaml
+
+   haproxy_bind_external_lb_vip_address: 10.0.0.10
+   haproxy_bind_internal_lb_vip_address: 192.168.0.10
+
 Adding Access Control Lists to HAProxy front end
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/templates/service.j2
+++ b/templates/service.j2
@ -12,9 +12,9 @@
  {% set haproxy_check_port = item.service.haproxy_check_port %}
 {% endif -%}

-{% set vip_binds = [external_lb_vip_address] -%}
-{%- if internal_lb_vip_address not in vip_binds %}
-  {% set _ = vip_binds.append(internal_lb_vip_address) %}
+{% set vip_binds = [haproxy_bind_external_lb_vip_address] -%}
+{%- if haproxy_bind_internal_lb_vip_address not in vip_binds %}
+  {% set _ = vip_binds.append(haproxy_bind_internal_lb_vip_address) %}
 {% endif -%}

 {% for vip_address in extra_lb_vip_addresses %}