From 73496e1454eb7e9032b46a9336a8041a3ec7f661 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20THEROND=20=28Fl1nt=29?=
 <gael.therond@bitswalk.com>
Date: Thu, 21 Mar 2024 15:32:39 +0100
Subject: [PATCH] Fix keystone configuration for haproxy.

* Use proper balancing mode when federation is enabled.

Closes-Bug: #2058656
Change-Id: Ia81a6efc38ec2bdc1355d058c03568cf740fdac5
(cherry picked from commit 33d03a4267c9c64d774e1cf90c402326ac2de6d1)
---
 ansible/roles/keystone/defaults/main.yml             | 8 ++++++--
 releasenotes/notes/bug-2058656-ad68bb260327a267.yaml | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/bug-2058656-ad68bb260327a267.yaml

diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index a6bc099f1c..59275d658f 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -16,7 +16,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
-        backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
       keystone_external:
         enabled: "{{ enable_keystone }}"
         mode: "http"
@@ -24,7 +25,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
-        backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
       # NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
       # TODO(yoctozepto): Remove after Zed.
       keystone_admin:
@@ -34,6 +36,8 @@ keystone_services:
         tls_backend: "{{ keystone_enable_tls_backend }}"
         port: "{{ keystone_admin_port }}"
         listen_port: "{{ keystone_admin_listen_port }}"
+        backend_http_extra:
+          - balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
   keystone-ssh:
     container_name: "keystone_ssh"
     group: "keystone"
diff --git a/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml
new file mode 100644
index 0000000000..33b4e2c73f
--- /dev/null
+++ b/releasenotes/notes/bug-2058656-ad68bb260327a267.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes keystone service configuration for haproxy when using federation.
+    `LP#2058656 <https://bugs.launchpad.net/kolla-ansible/+bug/2058656>`__