diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..d9adf963 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM ubuntu:16.04 +MAINTAINER Mischa ter Smitten + +# python +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \ + apt-get clean +RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python - +RUN rm -rf $HOME/.cache + +# ansible +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \ + apt-get clean +RUN pip install ansible==2.3.2.0 +RUN rm -rf $HOME/.cache + +# provision +COPY . /etc/ansible/roles/ansible-role +WORKDIR /etc/ansible/roles/ansible-role +RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local diff --git a/README.md b/README.md index a677514d..0b37716a 100644 --- a/README.md +++ b/README.md @@ -219,6 +219,14 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports * `haproxy_backend.{n}.server.{n}.param`: [optional]: A list of parameters for this server +* `haproxy_userlists`: [default: `[]`]: Userlist declarations +* `haproxy_userlists.{n}.name`: [required]: The name of the userlist +* `haproxy_userlists.{n}.users`: [required] Userlist users declarations +* `haproxy_userlists.{n}.users.{n}.name`: [required] The username of this user +* `haproxy_userlists.{n}.users.{n}.password`: [optional] Password hash of this user. **One of `password` or `insecure_password` must be set** +* `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set** +* `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to + ## Dependencies None diff --git a/defaults/main.yml b/defaults/main.yml index 33c2547b..9bede7e4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -70,3 +70,6 @@ haproxy_frontend: [] # back-end section haproxy_backend: [] + +# user-lists section +haproxy_userlists: [] diff --git a/templates/etc/haproxy/haproxy.cfg.j2 b/templates/etc/haproxy/haproxy.cfg.j2 index eca0a8c4..e4097111 100644 --- a/templates/etc/haproxy/haproxy.cfg.j2 +++ b/templates/etc/haproxy/haproxy.cfg.j2 @@ -6,6 +6,8 @@ global defaults {% include 'defaults.cfg.j2' %} +{% include 'userlist.cfg.j2' %} + {% include 'listen.cfg.j2' %} {% include 'frontend.cfg.j2' %} diff --git a/templates/etc/haproxy/userlist.cfg.j2 b/templates/etc/haproxy/userlist.cfg.j2 new file mode 100644 index 00000000..22c8d909 --- /dev/null +++ b/templates/etc/haproxy/userlist.cfg.j2 @@ -0,0 +1,21 @@ +{% for userlist in haproxy_userlists %} +{% set groups = [] %} +userlist {{ userlist.name }} +{% for user in userlist.users %} +{% if user['groups'] is defined %} +{% set _ = groups.extend(user['groups']) %} +{% set user_groups = ' groups ' ~ user['groups'] | join(',') %} +{% else %} +{% set user_groups = '' %} +{% endif %} +{% if user['password'] is defined %} + user {{ user.name }} password {{ user.password }}{{ user_groups }} +{% elif user['insecure_password'] is defined %} + user {{ user.name }} insecure-password {{ user.insecure_password }}{{ user_groups }} +{% endif %} +{% endfor %} +{% for group in groups | unique %} + group {{ group }} +{% endfor %} + +{% endfor %} diff --git a/tests/test.yml b/tests/test.yml index 134301a1..398f8dda 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -23,3 +23,18 @@ - forwardfor - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost' server: [] + + # user-lists section + haproxy_userlists: + - name: test_userlist + users: + - name: testuser1 + # secrete + password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq. + groups: + - test_grp1 + - test_grp2 + - name: testuser2 + insecure_password: secrete + groups: + - test_grp2