global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    maxconn 5000
    user haproxy
    group haproxy
    daemon
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode http
    option tcpka
    option tcplog
    option dontlognull
    timeout connect 10s
    timeout client 60s
    timeout server 120s
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

listen stats
    bind *:1993
    stats enable
    stats uri /stats
    stats auth root:{{ openstack_password }}
    stats refresh 30s
    stats show-node
    stats hide-version
    log global

listen galera
    bind *:3306
    mode tcp
    balance first
    maxconn 2000
    option httpchk
    default-server check port 9200 inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server galera-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:3306 check
{% endfor %}

listen glance_api
    bind *:9292
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9292 check
{% endfor %}

listen glance_registry
    bind *:9191
    balance first
    option httpchk
    option forwardfor
    http-check expect status 401
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9191 check
{% endfor %}

listen keystone_public_internal
    bind *:5000
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:5000 check
{% endfor %}

listen nova_compute_api
    bind *:8774
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8774 check
{% endfor %}

listen nova_placement_api
    bind *:8778
    balance first
    option tcplog
    http-request del-header X-Forwarded-Proto
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8778 check
{% endfor %}

listen nova_metadata_api
    bind *:8775
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8775 check
{% endfor %}

listen nova_vncproxy
    bind *:6080
    balance first
    option forwardfor
    option httpchk GET /vnc_auto.html HTTP/1.1\r\nUser-Agent:\ curl/7.35.0\r\nAccept:\ */*
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:6080 check
{% endfor %}

listen cinder_api
    bind *:8776
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8776 check
{% endfor %}

listen neutron_api
    bind *:9696
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9696 check
{% endfor %}

listen memcached
    bind *:11211
    balance first
    mode tcp
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:11211 check
{% endfor %}

listen rabbitmq
    bind *:5672
    balance first
    mode tcp
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:5672 check
{% endfor %}

listen rabbitmq:ui
    bind *:15672
    balance first
    option httpchk
    option forwardfor
    default-server inter 3s fall 1 rise 1
{% for host in groups["controller"] %}
    server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:15672 check
{% endfor %}