OpenStack-Ansible

haproxy play fails when switching haproxy_ssl from false to true

Bug #1475597 reported by Jesse Pretorius on 2015-07-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack-Ansible	Fix Released	Low	Jesse Pretorius
Kilo	Fix Released	Low	Jesse Pretorius	OpenStack-Ansible 11.1.0
Trunk	Fix Released	Low	Jesse Pretorius

Bug Description

NOTIFIED: [haproxy_server | Restart haproxy] **********************************
failed: [aio1] => {"failed": true}
msg: [ALERT] 197/110845 (10613) : parsing [/etc/haproxy/conf.d/keystone_service:4] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 197/110845 (10613) : Error(s) found in configuration file : /etc/haproxy/conf.d/keystone_service
[ALERT] 197/110845 (10613) : Fatal errors found in configuration.

FATAL: all hosts have already failed -- aborting

This is due to the fact that the apt installation task only requires the package to be 'present', not 'latest' - so the haproxy apt package isn't upgraded to the version that can handle SSL.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-17: Fix proposed to os-ansible-deployment (master)

Fix proposed to branch: master
Review: https://review.openstack.org/202981

Changed in openstack-ansible:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-19: Fix merged to os-ansible-deployment (master)

Reviewed: https://review.openstack.org/202981
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=ba7587267a24db33039948712751c3f7cd6a2eb0
Submitter: Jenkins
Branch: master

commit ba7587267a24db33039948712751c3f7cd6a2eb0
Author: Jesse Pretorius <email address hidden>
Date: Fri Jul 17 12:13:31 2015 +0100

Set haproxy install to use latest packages

    This patch changes the apt task for installing haproxy packages
    from only checking for presence to always checking for the
    latest package version.

This is essential to allow a deployer to switch from a
configuration that does not implement SSL to one that does.

Change-Id: Iaf6eaedba835a332920336b1cb66190924537301
Closes-Bug: #1475597

Changed in openstack-ansible:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-20: Fix proposed to os-ansible-deployment (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/203523

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-20: Fix merged to os-ansible-deployment (kilo)

Reviewed: https://review.openstack.org/203523
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=776abcb09b143b7cf9124b6e1499f17c1bc242d7
Submitter: Jenkins
Branch: kilo

commit 776abcb09b143b7cf9124b6e1499f17c1bc242d7
Author: Jesse Pretorius <email address hidden>
Date: Fri Jul 17 12:13:31 2015 +0100

Set haproxy install to use latest packages

    This patch changes the apt task for installing haproxy packages
    from only checking for presence to always checking for the
    latest package version.

This is essential to allow a deployer to switch from a
configuration that does not implement SSL to one that does.

    Change-Id: Iaf6eaedba835a332920336b1cb66190924537301
    Closes-Bug: #1475597
    (cherry picked from commit ba7587267a24db33039948712751c3f7cd6a2eb0)