With review 42476 patched and below knobs in by instances.yml

contrail_configuration:
  METADATA_SSL_ENABLE: True

kolla_config:
  kolla_globals:
    metadata_ssl_enable: "yes"
    tls_bind_info_internal: "yes"


**********************************************
**********************************************
**********************************************


I am hitting haproxy bring up error


TASK [haproxy : Copying over haproxy.cfg] **********************************************************************************************************************************************************
failed: [10.204.217.131] (item=/root/contrail-kolla-ansible/ansible/roles/haproxy/templates/haproxy.cfg.j2) => {"changed": false, "item": "/root/contrail-kolla-ansible/ansible/roles/haproxy/templates/haproxy.cfg.j2", "msg": "AnsibleError: template error while templating string: expected token ':', got '}'. String: {% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %}\n{% set tls_bind_info_internal = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal | bool else '' %}\n{% set tls_bind_info_nova_metadata = {{ tls_bind_info_internal }} if metadata_ssl_enable | bool else '' %}\nglobal\n  chroot /var/lib/haproxy\n  user haproxy\n  group haproxy\n  daemon\n{% if orchestration_engine != 'KUBERNETES' %}\n  log {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ fluentd_syslog_port }} local1\n{% endif %}\n  maxconn 4000\n  stats socket /var/lib/kolla/haproxy/haproxy.sock\n{% if kolla_enable_tls_external | bool %}\n  ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES\n  ssl-default-bind-options no-sslv3 no-tlsv10\n  tune.ssl.default-dh-param 4096\n{% endif %}\n\ndefaults\n  log global\n  mode http\n  option redispatch\n  option httplog\n  option forwardfor\n  retries 3\n  timeout http-request 10s\n  timeout queue 1m\n  timeout connect 10s\n  timeout client {{ haproxy_client_timeout }}\n  timeout server {{ haproxy_server_timeout }}\n  timeout check 10s\n\nlisten stats\n   bind {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ haproxy_stats_port }}\n   mode http\n   stats enable\n   stats uri /\n   stats refresh 15s\n   stats realm Haproxy\\ Stats\n   stats auth {{ haproxy_user }}:{{ haproxy_password }}\n\n{% if enable_rabbitmq | bool %}\nlisten rabbitmq_management\n  bind {{ kolla_internal_vip_address }}:{{ rabbitmq_management_port }}\n{% for host in groups['rabbitmq'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_management_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_mongodb | bool %}\nlisten mongodb\n  bind {{ kolla_internal_vip_address }}:{{ mongodb_port }}\n{% for host in groups['mongodb'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mongodb_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_keystone | bool %}\nlisten keystone_internal\n  bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['keystone'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten keystone_external\n  bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['keystone'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\nlisten keystone_admin\n  bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['keystone'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_glance | bool %}\nlisten glance_registry\n  bind {{ kolla_internal_vip_address }}:{{ glance_registry_port }}\n{% for host in groups['glance-registry'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten glance_api\n  bind {{ kolla_internal_vip_address }}:{{ glance_api_port }}\n  timeout client {{ haproxy_glance_api_client_timeout }}\n  timeout server {{ haproxy_glance_api_server_timeout }}\n{% for host in groups['glance-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten glance_api_external\n  bind {{ kolla_external_vip_address }}:{{ glance_api_port }} {{ tls_bind_info }}\n{% for host in groups['glance-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_nova | bool %}\nlisten nova_api\n  bind {{ kolla_internal_vip_address }}:{{ nova_api_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['nova-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten nova_metadata\n  bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info_nova_metadata }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten placement_api\n  bind {{ kolla_internal_vip_address }}:{{ placement_api_port }}\n  http-request del-header X-Forwarded-Proto\n{% for host in groups['placement-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\n{% if nova_console == 'novnc' %}\nlisten nova_novncproxy\n  bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-novncproxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% elif nova_console == 'spice' %}\nlisten nova_spicehtml5proxy\n  bind {{ kolla_internal_vip_address }}:{{ nova_spicehtml5proxy_port }}\n{% for host in groups['nova-spicehtml5proxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_nova_serialconsole_proxy | bool %}\nlisten nova_serialconsole_proxy\n  bind {{ kolla_internal_vip_address }}:{{ nova_serialproxy_port }}\n{% for host in groups['nova-serialproxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_serialproxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten nova_api_external\n  bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten nova_metadata_external\n  bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten placement_api_external\n  bind {{ kolla_external_vip_address }}:{{ placement_api_port }}\n  http-request del-header X-Forwarded-Proto\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['placement-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\n{% if nova_console == 'novnc' %}\nlisten nova_novncproxy_external\n  bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-novncproxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% elif nova_console == 'spice' %}\nlisten nova_spicehtml5proxy_external\n  bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-spicehtml5proxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_nova_serialconsole_proxy | bool %}\nlisten nova_serialconsole_proxy_external\n  bind {{ kolla_external_vip_address }}:{{ nova_serialproxy_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['nova-serialproxy'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_serialproxy_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n{% endif %}\n\n{% if enable_neutron | bool %}\nlisten neutron_server\n  bind {{ kolla_internal_vip_address }}:{{ neutron_server_port }}\n{% for host in groups['neutron-server'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten neutron_server_external\n  bind {{ kolla_external_vip_address }}:{{ neutron_server_port }} {{ tls_bind_info }}\n{% for host in groups['neutron-server'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_horizon | bool %}\nlisten horizon\n  bind {{ kolla_internal_vip_address }}:{{ horizon_port }}\n  balance source\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['horizon'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\n{% if haproxy_enable_external_vip | bool %}\n{% if kolla_enable_tls_external | bool %}\nlisten horizon_external\n  bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }}\n  balance source\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['horizon'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nfrontend horizon_external_redirect\n   bind {{ kolla_external_vip_address }}:{{ horizon_port }}\n   redirect scheme https code 301 if !{ ssl_fc }\n{% else %}\nlisten horizon_external\n  bind {{ kolla_external_vip_address }}:{{ horizon_port }}\n{% for host in groups['horizon'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n{% endif %}\n\n{% if enable_cinder | bool %}\nlisten cinder_api\n  bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['cinder-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten cinder_api_external\n  bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['cinder-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_cloudkitty | bool %}\nlisten cloudkitty_api\n  bind {{ kolla_internal_vip_address }}:{{ cloudkitty_api_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['cloudkitty-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten cloudkitty_api_external\n  bind {{ kolla_external_vip_address }}:{{ cloudkitty_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['cloudkitty-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_octavia | bool %}\nlisten octavia_api\n  bind {{ kolla_internal_vip_address }}:{{ octavia_api_port }}\n  http-request del-header X-Forwarded-Proto\n{% for host in groups['octavia-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ octavia_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\n{% if haproxy_enable_external_vip | bool %}\nlisten octavia_api_external\n  bind {{ kolla_external_vip_address }}:{{ octavia_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['octavia-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ octavia_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_panko | bool %}\nlisten panko_api\n  bind {{ kolla_internal_vip_address }}:{{ panko_api_port }}\n  http-request del-header X-Forwarded-Proto\n{% for host in groups['panko-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten panko_api_external\n  bind {{ kolla_external_vip_address }}:{{ panko_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['panko-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_heat | bool %}\nlisten heat_api\n  bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['heat-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten heat_api_cfn\n  bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['heat-api-cfn'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten heat_api_external\n  bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['heat-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten heat_api_cfn_external\n  bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['heat-api-cfn'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_grafana | bool %}\nlisten grafana_server\n  bind {{ kolla_internal_vip_address }}:{{ grafana_server_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['grafana'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ grafana_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten grafana_server_external\n  bind {{ kolla_external_vip_address }}:{{ grafana_server_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['grafana'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ grafana_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_ironic | bool %}\nlisten ironic_api\n  bind {{ kolla_internal_vip_address }}:{{ ironic_api_port }}\n{% for host in groups['ironic-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\nlisten ironic_inspector\n  bind {{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}\n{% for host in groups['ironic-inspector'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten ironic_api_external\n  bind {{ kolla_external_vip_address }}:{{ ironic_api_port }} {{ tls_bind_info }}\n{% for host in groups['ironic-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\nlisten ironic_inspector_external\n  bind {{ kolla_external_vip_address }}:{{ ironic_inspector_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['ironic-inspector'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_karbor | bool %}\nlisten karbor_api\n  bind {{ kolla_internal_vip_address }}:{{ karbor_api_port }}\n{% for host in groups['karbor-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten karbor_api_external\n  bind {{ kolla_external_vip_address }}:{{ karbor_api_port }} {{ tls_bind_info }}\n{% for host in groups['karbor-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n\n{% if enable_freezer | bool %}\nlisten freezer_api\n  bind {{ kolla_internal_vip_address }}:{{ freezer_api_port }}\n{% for host in groups['freezer-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten freezer_api_external\n  bind {{ kolla_external_vip_address }}:{{ freezer_api_port }} {{ tls_bind_info }}\n{% for host in groups['freezer-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n\n{% if enable_senlin | bool %}\nlisten senlin_api\n  bind {{ kolla_internal_vip_address }}:{{ senlin_api_port }}\n{% for host in groups['senlin-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten senlin_api_external\n  bind {{ kolla_external_vip_address }}:{{ senlin_api_port }} {{ tls_bind_info }}\n{% for host in groups['senlin-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_solum | bool %}\nlisten solum_application_deployment\n  bind {{ kolla_internal_vip_address }}:{{ solum_application_deployment_port }}\n{% for host in groups['solum-application-deployment'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_application_deployment_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten solum_image_builder\n  bind {{ kolla_internal_vip_address }}:{{ solum_image_builder_port }}\n{% for host in groups['solum-image-builder'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten solum_application_deployment_external\n  bind {{ kolla_external_vip_address }}:{{ solum_application_deployment_port }} {{ tls_bind_info }}\n{% for host in groups['solum-application-deployment'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_application_deployment_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n\nlisten solum_image_builder_external\n  bind {{ kolla_external_vip_address }}:{{ solum_image_builder_port }} {{ tls_bind_info }}\n{% for host in groups['solum-image-builder'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_swift | bool %}\nlisten swift_api\n  bind {{ kolla_internal_vip_address }}:{{ swift_proxy_server_port }}\n{% for host in groups['swift-proxy-server'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten swift_api_external\n  bind {{ kolla_external_vip_address }}:{{ swift_proxy_server_port }} {{ tls_bind_info }}\n{% for host in groups['swift-proxy-server'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_murano | bool %}\nlisten murano_api\n  bind {{ kolla_internal_vip_address }}:{{ murano_api_port }}\n{% for host in groups['murano-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten murano_api_external\n  bind {{ kolla_external_vip_address }}:{{ murano_api_port }} {{ tls_bind_info }}\n{% for host in groups['murano-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_manila | bool %}\nlisten manila_api\n  bind {{ kolla_internal_vip_address }}:{{ manila_api_port }}\n{% for host in groups['manila-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten manila_api_external\n  bind {{ kolla_external_vip_address }}:{{ manila_api_port }} {{ tls_bind_info }}\n{% for host in groups['manila-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_magnum | bool %}\nlisten magnum_api\n  bind {{ kolla_internal_vip_address }}:{{ magnum_api_port }}\n{% for host in groups['magnum-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten magnum_api_external\n  bind {{ kolla_external_vip_address }}:{{ magnum_api_port }} {{ tls_bind_info }}\n{% for host in groups['magnum-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_watcher | bool and enable_ceilometer | bool %}\nlisten watcher_api\n  bind {{ kolla_internal_vip_address }}:{{ watcher_api_port }}\n{% for host in groups['watcher-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten watcher_api_external\n  bind {{ kolla_external_vip_address }}:{{ watcher_api_port }} {{ tls_bind_info }}\n{% for host in groups['watcher-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_sahara | bool %}\nlisten sahara_api\n  bind {{ kolla_internal_vip_address }}:{{ sahara_api_port }}\n{% for host in groups['sahara-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ sahara_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten sahara_api_external\n  bind {{ kolla_external_vip_address }}:{{ sahara_api_port }} {{ tls_bind_info }}\n{% for host in groups['sahara-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ sahara_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_searchlight | bool %}\nlisten searchlight_api\n  bind {{ kolla_internal_vip_address }}:{{ searchlight_api_port }}\n{% for host in groups['searchlight-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ searchlight_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten searchlight_api_external\n  bind {{ kolla_external_vip_address }}:{{ searchlight_api_port }} {{ tls_bind_info }}\n{% for host in groups['searchlight-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ searchlight_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_ceph | bool and enable_ceph_rgw | bool %}\nlisten radosgw\n  bind {{ kolla_internal_vip_address }}:{{ rgw_port }}\n{% for host in groups['ceph-rgw'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten radosgw_external\n  bind {{ kolla_external_vip_address }}:{{ rgw_port }} {{ tls_bind_info }}\n{% for host in groups['ceph-rgw'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_kibana | bool %}\n\nuserlist kibanauser\n  user {{ kibana_user }} insecure-password {{ kibana_password }}\n\nlisten kibana\n  bind {{ kolla_internal_vip_address }}:{{ kibana_server_port }}\n  acl auth_acl http_auth(kibanauser)\n  http-request auth realm basicauth unless auth_acl\n{% for host in groups['kibana'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten kibana_external\n  bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n  acl auth_acl http_auth(kibanauser)\n  http-request auth realm basicauth unless auth_acl\n{% for host in groups['kibana'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_gnocchi | bool %}\nlisten gnocchi_api\n  bind {{ kolla_internal_vip_address }}:{{ gnocchi_api_port }}\n{% for host in groups['gnocchi-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ gnocchi_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten gnocchi_api_external\n  bind {{ kolla_external_vip_address }}:{{ gnocchi_api_port }} {{ tls_bind_info }}\n{% for host in groups['gnocchi-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ gnocchi_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_elasticsearch | bool %}\nlisten elasticsearch\n  option dontlog-normal\n  bind {{ kolla_internal_vip_address }}:{{ elasticsearch_port }}\n{% for host in groups['elasticsearch'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ elasticsearch_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n\n{% if enable_barbican | bool %}\nlisten barbican_api\n  bind {{ kolla_internal_vip_address }}:{{ barbican_api_port }}\n{% for host in groups['barbican-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ barbican_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten barbican_api_external\n  bind {{ kolla_external_vip_address }}:{{ barbican_api_port }} {{ tls_bind_info }}\n{% for host in groups['barbican-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ barbican_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_ceilometer | bool %}\nlisten ceilometer_api\n  bind {{ kolla_internal_vip_address }}:{{ ceilometer_api_port }}\n{% for host in groups['ceilometer-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ceilometer_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten ceilometer_api_external\n  bind {{ kolla_external_vip_address }}:{{ ceilometer_api_port }} {{ tls_bind_info }}\n{% for host in groups['ceilometer-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ceilometer_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_aodh | bool %}\nlisten aodh_api\n  bind {{ kolla_internal_vip_address }}:{{ aodh_api_port }}\n{% for host in groups['aodh-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ aodh_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten aodh_api_external\n  bind {{ kolla_external_vip_address }}:{{ aodh_api_port }} {{ tls_bind_info }}\n{% for host in groups['aodh-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ aodh_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_trove | bool %}\nlisten trove_api\n  bind {{ kolla_internal_vip_address }}:{{ trove_api_port }}\n{% for host in groups['trove-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ trove_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten trove_api_external\n  bind {{ kolla_external_vip_address }}:{{ trove_api_port }} {{ tls_bind_info }}\n{% for host in groups['trove-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ trove_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_congress | bool %}\nlisten congress_api\n  bind {{ kolla_internal_vip_address }}:{{ congress_api_port }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n{% for host in groups['congress-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten congress_api_external\n  bind {{ kolla_external_vip_address }}:{{ congress_api_port }} {{ tls_bind_info }}\n  http-request del-header X-Forwarded-Proto if { ssl_fc }\n  http-request set-header X-Forwarded-Proto https if { ssl_fc }\n{% for host in groups['congress-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_designate | bool %}\nlisten designate_api\n  bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}\n{% for host in groups['designate-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten designate_api_external\n  bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}\n{% for host in groups['designate-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_mistral | bool %}\nlisten mistral_api\n  bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}\n{% for host in groups['mistral-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mistral_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten mistral_api_external\n  bind {{ kolla_external_vip_address }}:{{ mistral_api_port }} {{ tls_bind_info }}\n{% for host in groups['mistral-api'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mistral_api_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n{% if enable_tacker | bool %}\nlisten tacker_server\n  bind {{ kolla_internal_vip_address }}:{{ tacker_server_port }}\n{% for host in groups['tacker'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% if haproxy_enable_external_vip | bool %}\n\nlisten tacker_server_external\n  bind {{ kolla_external_vip_address }}:{{ tacker_server_port }} {{ tls_bind_info }}\n{% for host in groups['tacker'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5\n{% endfor %}\n{% endif %}\n{% endif %}\n\n# (NOTE): This defaults section deletes forwardfor as recommended by:\n#         https://marc.info/?l=haproxy&m=141684110710132&w=1\n\ndefaults\n  log global\n  mode http\n  option redispatch\n  option httplog\n  retries 3\n  timeout http-request 10s\n  timeout queue 1m\n  timeout connect 10s\n  timeout client 1m\n  timeout server 1m\n  timeout check 10s\n\n{% if enable_mariadb | bool %}\nlisten mariadb\n  mode tcp\n  timeout client 3600s\n  timeout server 3600s\n  option tcplog\n  option tcpka\n  option mysql-check user haproxy post-41\n  bind {{ kolla_internal_vip_address }}:{{ mariadb_port }}\n{% for host in groups['mariadb'] %}\n  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}\n\n{% endfor %}\n{% endif %}\n"}