From ac80a42330c7b312a5fbaf95849976d5ffb793d2 Mon Sep 17 00:00:00 2001 From: Logan V Date: Mon, 14 Aug 2017 22:03:32 -0500 Subject: [PATCH 1/2] Add userlist support --- README.md | 6 ++++++ defaults/main.yml | 3 +++ templates/etc/haproxy/haproxy.cfg.j2 | 2 ++ templates/etc/haproxy/userlist.cfg.j2 | 21 +++++++++++++++++++++ tests/test.yml | 14 ++++++++++++++ 5 files changed, 46 insertions(+) create mode 100644 templates/etc/haproxy/userlist.cfg.j2 diff --git a/README.md b/README.md index 32fe23d3..cd0f4195 100644 --- a/README.md +++ b/README.md @@ -218,6 +218,12 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.server.{n}.name`: [required]: The internal name assigned to this server * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports * `haproxy_backend.{n}.server.{n}.param`: [optional]: A list of parameters for this server +* `haproxy_userlists.{n}.name`: [required]: The name of an haproxy userlist +* `haproxy_userlists.{n}.users.{n}`: [required] List of users to add to the userlist +* `haproxy_userlists.{n}.users.{n}.name`: [required] The username to set for this user. +* `haproxy_userlists.{n}.users.{n}.password`: [optional] Password hash to set for the user. One of `password` or `insecure_password` must be set for each user. +* `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password to set for the user. One of `password` or `insecure_password` must be set for each user. +* `haproxy_userlists.{n}.users.{n}.groups.{n}`: [optional] List of groups to add the user to ## Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 33c2547b..8218ec6a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -70,3 +70,6 @@ haproxy_frontend: [] # back-end section haproxy_backend: [] + +# user-lists to be used for HTTP basic auth +haproxy_userlists: [] diff --git a/templates/etc/haproxy/haproxy.cfg.j2 b/templates/etc/haproxy/haproxy.cfg.j2 index eca0a8c4..e4097111 100644 --- a/templates/etc/haproxy/haproxy.cfg.j2 +++ b/templates/etc/haproxy/haproxy.cfg.j2 @@ -6,6 +6,8 @@ global defaults {% include 'defaults.cfg.j2' %} +{% include 'userlist.cfg.j2' %} + {% include 'listen.cfg.j2' %} {% include 'frontend.cfg.j2' %} diff --git a/templates/etc/haproxy/userlist.cfg.j2 b/templates/etc/haproxy/userlist.cfg.j2 new file mode 100644 index 00000000..68549756 --- /dev/null +++ b/templates/etc/haproxy/userlist.cfg.j2 @@ -0,0 +1,21 @@ +{% for ul in haproxy_userlists %} +{% set groups = [] %} +userlist {{ ul.name }} +{% for user in ul.users %} +{% if user['groups'] is defined %} +{% set _ = groups.extend(user['groups']) %} +{% set user_groups = ' groups ' ~ user['groups'] | join(',') %} +{% else %} +{% set user_groups = '' %} +{% endif %} +{% if user['password'] is defined %} + user {{ user.name }} password {{ user.password }}{{ user_groups }} +{% elif user['insecure_password'] is defined %} + user {{ user.name }} insecure-password {{ user.insecure_password }}{{ user_groups }} +{% endif %} +{% endfor %} +{% for group in groups | unique %} + group {{ group }} +{% endfor %} + +{% endfor %} diff --git a/tests/test.yml b/tests/test.yml index 134301a1..92429b00 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -23,3 +23,17 @@ - forwardfor - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost' server: [] + + haproxy_userlists: + - name: test_userlist + users: + - name: testuser1 + # secrete + password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq. + groups: + - test_grp1 + - test_grp2 + - name: testuser2 + insecure_password: secrete + groups: + - test_grp2 From c7518b1eeb2a86a0ee9c356b048b55a61f43858c Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Mon, 9 Oct 2017 21:13:59 +0200 Subject: [PATCH 2/2] Consistency changes --- Dockerfile | 20 ++++++++++++++++++++ README.md | 14 ++++++++------ defaults/main.yml | 2 +- templates/etc/haproxy/userlist.cfg.j2 | 6 +++--- tests/test.yml | 1 + 5 files changed, 33 insertions(+), 10 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..d9adf963 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM ubuntu:16.04 +MAINTAINER Mischa ter Smitten + +# python +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \ + apt-get clean +RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python - +RUN rm -rf $HOME/.cache + +# ansible +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \ + apt-get clean +RUN pip install ansible==2.3.2.0 +RUN rm -rf $HOME/.cache + +# provision +COPY . /etc/ansible/roles/ansible-role +WORKDIR /etc/ansible/roles/ansible-role +RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local diff --git a/README.md b/README.md index cd0f4195..7e729054 100644 --- a/README.md +++ b/README.md @@ -218,12 +218,14 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.server.{n}.name`: [required]: The internal name assigned to this server * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports * `haproxy_backend.{n}.server.{n}.param`: [optional]: A list of parameters for this server -* `haproxy_userlists.{n}.name`: [required]: The name of an haproxy userlist -* `haproxy_userlists.{n}.users.{n}`: [required] List of users to add to the userlist -* `haproxy_userlists.{n}.users.{n}.name`: [required] The username to set for this user. -* `haproxy_userlists.{n}.users.{n}.password`: [optional] Password hash to set for the user. One of `password` or `insecure_password` must be set for each user. -* `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password to set for the user. One of `password` or `insecure_password` must be set for each user. -* `haproxy_userlists.{n}.users.{n}.groups.{n}`: [optional] List of groups to add the user to + +* `haproxy_userlists`: [default: `[]`]: Userlist declarations +* `haproxy_userlists.{n}.name`: [required]: The name of the userlist +* `haproxy_userlists.{n}.users`: [required] Userlist users declarations +* `haproxy_userlists.{n}.users.{n}.name`: [required] The username of this user +* `haproxy_userlists.{n}.users.{n}.password`: [optional] Password hash of this user. **One of `password` or `insecure_password` must be set** +* `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set** +* `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to ## Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 8218ec6a..9bede7e4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -71,5 +71,5 @@ haproxy_frontend: [] # back-end section haproxy_backend: [] -# user-lists to be used for HTTP basic auth +# user-lists section haproxy_userlists: [] diff --git a/templates/etc/haproxy/userlist.cfg.j2 b/templates/etc/haproxy/userlist.cfg.j2 index 68549756..22c8d909 100644 --- a/templates/etc/haproxy/userlist.cfg.j2 +++ b/templates/etc/haproxy/userlist.cfg.j2 @@ -1,7 +1,7 @@ -{% for ul in haproxy_userlists %} +{% for userlist in haproxy_userlists %} {% set groups = [] %} -userlist {{ ul.name }} -{% for user in ul.users %} +userlist {{ userlist.name }} +{% for user in userlist.users %} {% if user['groups'] is defined %} {% set _ = groups.extend(user['groups']) %} {% set user_groups = ' groups ' ~ user['groups'] | join(',') %} diff --git a/tests/test.yml b/tests/test.yml index 92429b00..398f8dda 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -24,6 +24,7 @@ - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost' server: [] + # user-lists section haproxy_userlists: - name: test_userlist users: