Add support for haproxy_acl_files

And split tasks.yml
Oefenweb · Nov 4, 2017 · e9256d4 · e9256d4
1 parent b9deb5b
commit e9256d4
Show file tree

Hide file tree

Showing 11 changed files with 120 additions and 99 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -7,6 +7,7 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.4.1.0
   - ANSIBLE_VERSION=2.4.0.0
   - ANSIBLE_VERSION=2.3.2.0
   - ANSIBLE_VERSION=2.3.1.0

diff --git a/README.md b/README.md
@@ -242,6 +242,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set**
 * `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to
 
+* `haproxy_acl_files`: [default: `[]`]: ACL file declarations
+* `haproxy_acl_files.{n}.dest`: [required]: The remote path of the file (e.g. `/etc/haproxy/acl/api.map`)
+* `haproxy_acl_files.{n}.content`: [default: `[]`]: The content (lines) of the file (e.g. `['v1.0 be_alpha', 'v1.1 be_bravo']`)
+
 ## Dependencies
 
 None

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -74,8 +74,5 @@ haproxy_backend: []
 # user-lists section
 haproxy_userlists: []
 
-# ACL list files
-haproxy_acl_list_files: []
-
-# ACL list files
-haproxy_acl_map_files: []
+# ACL files
+haproxy_acl_files: []
diff --git a/tasks/acl.yml b/tasks/acl.yml
@@ -0,0 +1,24 @@
+# tasks file for haproxy
+---
+- name: acl | create directories
+  file:
+    path: "{{ item.dest | dirname }}"
+    state: directory
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: 0750
+  with_items: "{{ haproxy_acl_files }}"
+  tags:
+    - haproxy-acl-create-directories
+
+- name: acl | update files
+  template:
+    src: etc/haproxy/acl.j2
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0640') }}"
+  with_items: "{{ haproxy_acl_files }}"
+  notify: restart haproxy
+  tags:
+    - haproxy-acl-update-files
diff --git a/tasks/certificates.yml b/tasks/certificates.yml
@@ -0,0 +1,24 @@
+# tasks file for haproxy
+---
+- name: certificates | create directories
+  file:
+    path: "{{ item.dest | dirname }}"
+    state: directory
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: 0750
+  with_items: "{{ haproxy_ssl_map }}"
+  tags:
+    - haproxy-certificates-create-directories
+
+- name: certificates | copy files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0640') }}"
+  with_items: "{{ haproxy_ssl_map }}"
+  notify: restart haproxy
+  tags:
+    - haproxy-certificates-copy-files
diff --git a/tasks/configuration.yml b/tasks/configuration.yml
@@ -0,0 +1,13 @@
+# tasks file for haproxy
+---
+- name: configuration | update file
+  template:
+    src: etc/haproxy/haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    owner: root
+    group: root
+    mode: 0640
+    validate: 'haproxy -f %s -c'
+  notify: restart haproxy
+  tags:
+    - haproxy-configuration-update-file
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -0,0 +1,24 @@
+# tasks file for haproxy
+---
+- name: install | add repository from PPA and install its signing key
+  apt_repository:
+    repo: "{{ haproxy_ppa }}"
+    update_cache: true
+  tags:
+    - haproxy-install-add-repository
+
+- name: install | dependencies
+  apt:
+    name: "{{ item.name }}"
+    state: "{{ item.state }}"
+  with_items: "{{ haproxy_dependencies }}"
+  tags:
+    - haproxy-install-dependencies
+
+- name: install | additional
+  apt:
+    name: "{{ item }}"
+    state: "{{ apt_install_state | default('latest') }}"
+  with_items: "{{ haproxy_install }}"
+  tags:
+    - haproxy-install-additional
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -9,73 +9,25 @@
     - haproxy
     - haproxy-check-version-support
 
-- name: add repository from PPA and install its signing key
-  apt_repository:
-    repo: "{{ haproxy_ppa }}"
-    update_cache: true
-  tags:
-    - configuration
-    - haproxy
-    - haproxy-add-repository
-
-- name: install dependencies
-  apt:
-    name: "{{ item.name }}"
-    state: "{{ item.state }}"
-  with_items: "{{ haproxy_dependencies }}"
-  tags:
-    - configuration
-    - haproxy
-    - haproxy-dependencies
-
-- name: install
-  apt:
-    name: "{{ item }}"
-    state: "{{ apt_install_state | default('latest') }}"
-  with_items: "{{ haproxy_install }}"
+- include: install.yml
   tags:
     - configuration
     - haproxy
     - haproxy-install
 
-- name: create certificate files directories
-  file:
-    path: "{{ item.dest | dirname }}"
-    state: directory
-    owner: "{{ item.owner | default('root') }}"
-    group: "{{ item.group | default('root') }}"
-    mode: 0750
-  with_items: "{{ haproxy_ssl_map }}"
+- include: certificates.yml
   tags:
     - configuration
     - haproxy
-    - haproxy-configuration
-    - haproxy-configuration-ssl
+    - haproxy-certificates
 
-- name: copy certificate files
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner | default('root') }}"
-    group: "{{ item.group | default('root') }}"
-    mode: "{{ item.mode | default('0640') }}"
-  with_items: "{{ haproxy_ssl_map }}"
-  notify: restart haproxy
+- include: acl.yml
   tags:
     - configuration
     - haproxy
-    - haproxy-configuration
-    - haproxy-configuration-ssl
+    - haproxy-acl
 
-- name: update configuration file
-  template:
-    src: etc/haproxy/haproxy.cfg.j2
-    dest: /etc/haproxy/haproxy.cfg
-    owner: root
-    group: root
-    mode: 0640
-    validate: 'haproxy -f %s -c'
-  notify: restart haproxy
+- include: configuration.yml
   tags:
     - configuration
     - haproxy

diff --git a/templates/etc/haproxy/acl.j2 b/templates/etc/haproxy/acl.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for content in item.content | default([]) %}
+{{ content }}
+{% endfor %}
diff --git a/tests/test.yml b/tests/test.yml
@@ -38,3 +38,20 @@
             insecure_password: secrete
             groups:
               - test_grp2
+
+    # ACL files
+    haproxy_acl_files:
+      - dest: /etc/haproxy/acl/ported-paths.list
+        content:
+          - |
+            ^/users/add_player$
+            ^/users/view.*$
+
+      - dest: /etc/haproxy/acl/api.map
+        content:
+          - |
+            v1.0 be_alpha
+            v1.1 be_bravo
+            v2.5 be_charlie
+            v2.2 be_alpha
+            v1.1 be_delta
diff --git a/tests/vagrant.yml b/tests/vagrant.yml
@@ -5,43 +5,3 @@
   become: true
   roles:
     - ../../
-  vars:
-    # front-end section
-    haproxy_frontend:
-      - name: http
-        bind:
-          - listen: '0.0.0.0:80'
-        mode: http
-        default_backend: webservers
-
-    # back-end section
-    haproxy_backend:
-      - name: webservers
-        mode: http
-        balance: roundrobin
-        option:
-          - forwardfor
-          - 'httpchk HEAD / HTTP/1.1\r\nHost:localhost'
-        server: []
-
-    # user-lists section
-    haproxy_userlists:
-      - name: test_userlist
-        users:
-          - name: testuser1
-            # secrete
-            password: $6$gLMr0TwOYURPhpXh$onP.5aHZGPE3xufyF8U0/wEKHMz71ECFBx4.uiO7t2ypgyvXS6MNFKHTo16qLttYJYObb0WbXyDmoNRsO4jtq.
-            groups:
-              - test_grp1
-              - test_grp2
-          - name: testuser2
-            insecure_password: secrete
-            groups:
-              - test_grp2
-
-    # ACL list files
-    haproxy_acl_list_files:
-      -
-
-    # ACL list files
-    haproxy_acl_map_files: []