Comment 4 for bug 1830334

Reviewed: https://review.opendev.org/659925
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=45f5c283e32e4753360c4e4c9627043b20a30e24
Submitter: Zuul
Branch: master

commit 45f5c283e32e4753360c4e4c9627043b20a30e24
Author: Michele Baldessari <email address hidden>
Date: Sat May 18 21:18:48 2019 +0200

    Fix haproxy stats network binding

    a) The haproxy.stats stanza in haproxy config file has pretty much remained the same since newton:
    listen haproxy.stats
      bind 192.168.24.8:1993 transparent
      mode http
      stats enable
      stats uri /
      stats auth admin:tRJre6PnQuN4ZwqKYUygTJArB

    b) what we do today with the haproxy stats makes little sense:
    - we bind it to the VIP running on the control-plane network on all controller nodes
    - de facto we allow to look at the haproxy stat info via web only on the node holding the ctlplane VIP
    - since haproxy does not share stats across nodes, we're effectively
      limited at looking at the stats info on a single node.

    Now imagine ctrl-0 holding the internal_api VIP and ctrl-1 holding the
    ctlplane VIP. Basically now the only stats you will be able to see are
    the ones relative to keystone_admin (which for other silly reasons has
    been moved to ctlplane by default) and very little else.

    Tested this and am able to bind the haproxy stat to another network
    and to have it listen to the IP of the node on said network (in addition
    to the ctrlplane vip which we do not remove as it might break stuff):

        listen haproxy.stats
          bind fd00:fd00:fd00:2000::16:1993 transparent
          bind 192.168.24.15:1993 transparent
          mode http
          stats enable
          stats uri /
          stats auth admin:password

    Closes-Bug: #1830334

    Depends-On: Iab5f11c3065ff34a3543621554e7f05161d069f2

    Change-Id: If2ee15f1e0fcf6d077cba524fad75dec7e1144b6