From 9f99d63ea27f51268d1dea727007dee2f5f5a84c Mon Sep 17 00:00:00 2001
From: Sam Yaple <sam@yaple.net>
Date: Sun, 27 Sep 2015 08:46:04 +0000
Subject: [PATCH] Stop haproxy from listening on ports it shouldnt

Haproxy is currently setup to listen on all services, even ones that
aren't being installed (e.g. cinder or swift). This patch places
conditionals around those groups.

Change-Id: Ia1ff873ce075768dfebf442aabf13604076ce637
Closes-Bug: #1500157
---
 ansible/roles/haproxy/templates/haproxy.cfg.j2 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 21cd6261d8..da43239da2 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -22,6 +22,7 @@ listen stats :{{ haproxy_stats_port }}
    stats realm Haproxy\ Stats
    stats auth {{ haproxy_user }}:{{ haproxy_password }}
 
+{% if enable_mariadb | bool %}
 listen mariadb
   mode tcp
   option tcpka
@@ -31,7 +32,9 @@ listen mariadb
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}
 
 {% endfor %}
+{% endif %}
 
+{% if enable_rabbitmq | bool %}
 listen rabbitmq
   mode tcp
   option tcpka
@@ -45,7 +48,9 @@ listen rabbitmq_management
 {% for host in groups['rabbitmq'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ rabbitmq_management_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_keystone | bool %}
 listen keystone_public
   bind {{ kolla_internal_address }}:{{ keystone_public_port }}
 {% for host in groups['keystone'] %}
@@ -57,7 +62,9 @@ listen keystone_admin
 {% for host in groups['keystone'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_glance | bool %}
 listen glance_registry
   bind {{ kolla_internal_address }}:{{ glance_registry_port }}
 {% for host in groups['glance'] %}
@@ -69,7 +76,9 @@ listen glance_api
 {% for host in groups['glance'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_nova | bool %}
 listen nova_api
   bind {{ kolla_internal_address }}:{{ nova_api_port }}
 {% for host in groups['nova-api'] %}
@@ -93,25 +102,33 @@ listen nova_novncproxy
 {% for host in groups['nova-novncproxy'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_neutron | bool %}
 listen neutron_server
   bind {{ kolla_internal_address }}:{{ neutron_server_port }}
 {% for host in groups['neutron-server'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_horizon | bool %}
 listen horizon
   bind {{ kolla_internal_address }}:80
 {% for host in groups['horizon'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_cinder | bool %}
 listen cinder_api
   bind {{ kolla_internal_address }}:{{ cinder_api_port }}
 {% for host in groups['cinder-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
 
+{% if enable_heat | bool %}
 listen heat_api
   bind {{ kolla_internal_address }}:{{ heat_api_port }}
 {% for host in groups['heat-api'] %}
@@ -123,3 +140,4 @@ listen heat_api_cfn
 {% for host in groups['heat-api-cfn'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+{% endif %}
-- 
GitLab