From b9deb5b556967a2dc8f45404f64dcd2891447d9a Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Fri, 3 Nov 2017 21:21:28 +0100 Subject: [PATCH 1/2] Add support for HAProxy map --- defaults/main.yml | 6 ++++++ tests/vagrant.yml | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 9bede7e4..6405aa02 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -73,3 +73,9 @@ haproxy_backend: [] # user-lists section haproxy_userlists: [] + +# ACL list files +haproxy_acl_list_files: [] + +# ACL list files +haproxy_acl_map_files: [] diff --git a/tests/vagrant.yml b/tests/vagrant.yml index b4f13968..d71bec31 100644 --- a/tests/vagrant.yml +++ b/tests/vagrant.yml @@ -5,3 +5,43 @@ become: true roles: - ../../ + vars: + # front-end section + haproxy_frontend: + - name: http + bind: + - listen: '0.0.0.0:80' + mode: http + default_backend: webservers + + # back-end section + haproxy_backend: + - name: webservers + mode: http + balance: roundrobin + option: + - forwardfor + - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost' + server: [] + + # user-lists section + haproxy_userlists: + - name: test_userlist + users: + - name: testuser1 + # secrete + password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq. + groups: + - test_grp1 + - test_grp2 + - name: testuser2 + insecure_password: secrete + groups: + - test_grp2 + + # ACL list files + haproxy_acl_list_files: + - + + # ACL list files + haproxy_acl_map_files: [] From e9256d4f0cfcdf4df6c6c72db1d2650cf5cc05f6 Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Sat, 4 Nov 2017 21:34:57 +0100 Subject: [PATCH 2/2] Add support for haproxy_acl_files And split tasks.yml --- .travis.yml | 1 + README.md | 4 +++ defaults/main.yml | 7 ++--- tasks/acl.yml | 24 +++++++++++++++ tasks/certificates.yml | 24 +++++++++++++++ tasks/configuration.yml | 13 ++++++++ tasks/install.yml | 24 +++++++++++++++ tasks/main.yml | 60 ++++-------------------------------- templates/etc/haproxy/acl.j2 | 5 +++ tests/test.yml | 17 ++++++++++ tests/vagrant.yml | 40 ------------------------ 11 files changed, 120 insertions(+), 99 deletions(-) create mode 100644 tasks/acl.yml create mode 100644 tasks/certificates.yml create mode 100644 tasks/configuration.yml create mode 100644 tasks/install.yml create mode 100644 templates/etc/haproxy/acl.j2 diff --git a/.travis.yml b/.travis.yml index 5c89f18a..a7cfc0e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ python: "2.7" env: - ANSIBLE_VERSION=latest + - ANSIBLE_VERSION=2.4.1.0 - ANSIBLE_VERSION=2.4.0.0 - ANSIBLE_VERSION=2.3.2.0 - ANSIBLE_VERSION=2.3.1.0 diff --git a/README.md b/README.md index 66093963..bf41f9e5 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set** * `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to +* `haproxy_acl_files`: [default: `[]`]: ACL file declarations +* `haproxy_acl_files.{n}.dest`: [required]: The remote path of the file (e.g. `/etc/haproxy/acl/api.map`) +* `haproxy_acl_files.{n}.content`: [default: `[]`]: The content (lines) of the file (e.g. `['v1.0 be_alpha', 'v1.1 be_bravo']`) + ## Dependencies None diff --git a/defaults/main.yml b/defaults/main.yml index 6405aa02..e9633944 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -74,8 +74,5 @@ haproxy_backend: [] # user-lists section haproxy_userlists: [] -# ACL list files -haproxy_acl_list_files: [] - -# ACL list files -haproxy_acl_map_files: [] +# ACL files +haproxy_acl_files: [] diff --git a/tasks/acl.yml b/tasks/acl.yml new file mode 100644 index 00000000..5db1b9d5 --- /dev/null +++ b/tasks/acl.yml @@ -0,0 +1,24 @@ +# tasks file for haproxy +--- +- name: acl | create directories + file: + path: "{{ item.dest | dirname }}" + state: directory + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: 0750 + with_items: "{{ haproxy_acl_files }}" + tags: + - haproxy-acl-create-directories + +- name: acl | update files + template: + src: etc/haproxy/acl.j2 + dest: "{{ item.dest }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0640') }}" + with_items: "{{ haproxy_acl_files }}" + notify: restart haproxy + tags: + - haproxy-acl-update-files diff --git a/tasks/certificates.yml b/tasks/certificates.yml new file mode 100644 index 00000000..947d9948 --- /dev/null +++ b/tasks/certificates.yml @@ -0,0 +1,24 @@ +# tasks file for haproxy +--- +- name: certificates | create directories + file: + path: "{{ item.dest | dirname }}" + state: directory + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: 0750 + with_items: "{{ haproxy_ssl_map }}" + tags: + - haproxy-certificates-create-directories + +- name: certificates | copy files + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0640') }}" + with_items: "{{ haproxy_ssl_map }}" + notify: restart haproxy + tags: + - haproxy-certificates-copy-files diff --git a/tasks/configuration.yml b/tasks/configuration.yml new file mode 100644 index 00000000..6670353a --- /dev/null +++ b/tasks/configuration.yml @@ -0,0 +1,13 @@ +# tasks file for haproxy +--- +- name: configuration | update file + template: + src: etc/haproxy/haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + owner: root + group: root + mode: 0640 + validate: 'haproxy -f %s -c' + notify: restart haproxy + tags: + - haproxy-configuration-update-file diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 00000000..2ba5f759 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,24 @@ +# tasks file for haproxy +--- +- name: install | add repository from PPA and install its signing key + apt_repository: + repo: "{{ haproxy_ppa }}" + update_cache: true + tags: + - haproxy-install-add-repository + +- name: install | dependencies + apt: + name: "{{ item.name }}" + state: "{{ item.state }}" + with_items: "{{ haproxy_dependencies }}" + tags: + - haproxy-install-dependencies + +- name: install | additional + apt: + name: "{{ item }}" + state: "{{ apt_install_state | default('latest') }}" + with_items: "{{ haproxy_install }}" + tags: + - haproxy-install-additional diff --git a/tasks/main.yml b/tasks/main.yml index 56fd5700..ff4ca2bf 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,73 +9,25 @@ - haproxy - haproxy-check-version-support -- name: add repository from PPA and install its signing key - apt_repository: - repo: "{{ haproxy_ppa }}" - update_cache: true - tags: - - configuration - - haproxy - - haproxy-add-repository - -- name: install dependencies - apt: - name: "{{ item.name }}" - state: "{{ item.state }}" - with_items: "{{ haproxy_dependencies }}" - tags: - - configuration - - haproxy - - haproxy-dependencies - -- name: install - apt: - name: "{{ item }}" - state: "{{ apt_install_state | default('latest') }}" - with_items: "{{ haproxy_install }}" +- include: install.yml tags: - configuration - haproxy - haproxy-install -- name: create certificate files directories - file: - path: "{{ item.dest | dirname }}" - state: directory - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default('root') }}" - mode: 0750 - with_items: "{{ haproxy_ssl_map }}" +- include: certificates.yml tags: - configuration - haproxy - - haproxy-configuration - - haproxy-configuration-ssl + - haproxy-certificates -- name: copy certificate files - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default('root') }}" - mode: "{{ item.mode | default('0640') }}" - with_items: "{{ haproxy_ssl_map }}" - notify: restart haproxy +- include: acl.yml tags: - configuration - haproxy - - haproxy-configuration - - haproxy-configuration-ssl + - haproxy-acl -- name: update configuration file - template: - src: etc/haproxy/haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0640 - validate: 'haproxy -f %s -c' - notify: restart haproxy +- include: configuration.yml tags: - configuration - haproxy diff --git a/templates/etc/haproxy/acl.j2 b/templates/etc/haproxy/acl.j2 new file mode 100644 index 00000000..0b8c0e02 --- /dev/null +++ b/templates/etc/haproxy/acl.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for content in item.content | default([]) %} +{{ content }} +{% endfor %} diff --git a/tests/test.yml b/tests/test.yml index 398f8dda..d7203190 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -38,3 +38,20 @@ insecure_password: secrete groups: - test_grp2 + + # ACL files + haproxy_acl_files: + - dest: /etc/haproxy/acl/ported-paths.list + content: + - | + ^/users/add_player$ + ^/users/view.*$ + + - dest: /etc/haproxy/acl/api.map + content: + - | + v1.0 be_alpha + v1.1 be_bravo + v2.5 be_charlie + v2.2 be_alpha + v1.1 be_delta diff --git a/tests/vagrant.yml b/tests/vagrant.yml index d71bec31..b4f13968 100644 --- a/tests/vagrant.yml +++ b/tests/vagrant.yml @@ -5,43 +5,3 @@ become: true roles: - ../../ - vars: - # front-end section - haproxy_frontend: - - name: http - bind: - - listen: '0.0.0.0:80' - mode: http - default_backend: webservers - - # back-end section - haproxy_backend: - - name: webservers - mode: http - balance: roundrobin - option: - - forwardfor - - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost' - server: [] - - # user-lists section - haproxy_userlists: - - name: test_userlist - users: - - name: testuser1 - # secrete - password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq. - groups: - - test_grp1 - - test_grp2 - - name: testuser2 - insecure_password: secrete - groups: - - test_grp2 - - # ACL list files - haproxy_acl_list_files: - - - - # ACL list files - haproxy_acl_map_files: []