ansible-role-haproxy/molecule/default/converge.yml

---
- name: Converge
  hosts: all
  roles:
    - ansible-role-haproxy
  vars:
    haproxy_ssl_certificates:
      www-example-com: |
        -----BEGIN CERTIFICATE-----
        test
    haproxy_ips_lists:
      blacklist:
        - 172.10.0.0/16
        - 192.168.1.1
    haproxy_resolvers:
      dns:
        nameserver: dns1 127.0.0.1:53
    haproxy_userlists:
      restricted:
        group:
          - admin
        user:
          - admin insecure-password password groups admin
    haproxy_frontends:
      main:
        bind:
          ip: '*'
          port: 5000
        acl:
          - url_static path_beg -i /static /images /javascript /stylesheets
          - url_static path_end -i .jpg .gif .png .css .js
      frontend-test-https:
        bind:
          ip: '*'
          port: 80
        mode: http
        default_backend: backend-test-https
        option:
          - 'forwardfor except 127.0.0.0/8'
          - 'httplog'
          - 'http-server-close'
        acl:
          - acl_test1-https hdr(host) test1.example.net
          - acl_test2-https hdr(host) test2.example.net
          - acl_blacklist src -f /etc/haproxy/blacklist.list
          - acl_auth_path path -i /auth/
          - acl_auth http_auth(restricted)
        http-request:
          - auth realm restricted if acl_auth_path !acl_auth
          - return status 200 content-type "text/plain" string "Good" if acl_auth_path
        use_backend:
          - backend-test-https if acl_test1-https
          - backend-test-resolver if acl_test2-https
          - backend-test-https if acl_test1-https acl_blacklist
    haproxy_backends:
      backend-test-https:
        mode: http
        balance: roundrobin
        stick-table: type ip size 512k expire 30m
        stick: on src
        option:
          - 'ssl-hello-chk'
          - 'tcp-check'
          - 'log-health-checks'
          - 'forwardfor header X-Forwarded-For'
        server:
          - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
          - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
      backend-test-resolver:
        mode: http
        balance: roundrobin
        stick-table: type ip size 512k expire 30m
        stick: on src
        option:
          - 'ssl-hello-chk'
        server:
          - google.fr google.com:443 ssl verify none check resolvers dns init-addr none

  pre_tasks:
    - name: add backports repository
      ansible.builtin.apt_repository:
        repo: 'deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main'

    - name: update apt cache
      ansible.builtin.apt:
        update_cache: true
first version 2019-11-08 21:29:11 +00:00			`---`
test: replace kitchen to molecule 2020-03-28 17:31:46 +00:00			`- name: Converge`
			`hosts: all`
			`roles:`
			`- ansible-role-haproxy`
first version 2019-11-08 21:29:11 +00:00			`vars:`
			`haproxy_ssl_certificates:`
			`www-example-com: \|`
			`-----BEGIN CERTIFICATE-----`
			`test`
feat: add IPs lists 2020-04-11 13:34:20 +00:00			`haproxy_ips_lists:`
			`blacklist:`
			`- 172.10.0.0/16`
			`- 192.168.1.1`
feat: add resolvers configuration 2021-08-15 11:00:28 +00:00			`haproxy_resolvers:`
			`dns:`
			`nameserver: dns1 127.0.0.1:53`
feat: add userlist 2021-08-15 15:44:40 +00:00			`haproxy_userlists:`
			`restricted:`
			`group:`
			`- admin`
			`user:`
			`- admin insecure-password password groups admin`
first version 2019-11-08 21:29:11 +00:00			`haproxy_frontends:`
			`main:`
			`bind:`
			`ip: '*'`
			`port: 5000`
			`acl:`
			`- url_static path_beg -i /static /images /javascript /stylesheets`
			`- url_static path_end -i .jpg .gif .png .css .js`
			`frontend-test-https:`
			`bind:`
test: replace kitchen to molecule 2020-03-28 17:31:46 +00:00			`ip: '*'`
first version 2019-11-08 21:29:11 +00:00			`port: 80`
			`mode: http`
			`default_backend: backend-test-https`
			`option:`
			`- 'forwardfor except 127.0.0.0/8'`
			`- 'httplog'`
			`- 'http-server-close'`
			`acl:`
			`- acl_test1-https hdr(host) test1.example.net`
			`- acl_test2-https hdr(host) test2.example.net`
feat: add IPs lists 2020-04-11 13:34:20 +00:00			`- acl_blacklist src -f /etc/haproxy/blacklist.list`
feat: add userlist 2021-08-15 15:44:40 +00:00			`- acl_auth_path path -i /auth/`
			`- acl_auth http_auth(restricted)`
			`http-request:`
			`- auth realm restricted if acl_auth_path !acl_auth`
			`- return status 200 content-type "text/plain" string "Good" if acl_auth_path`
first version 2019-11-08 21:29:11 +00:00			`use_backend:`
			`- backend-test-https if acl_test1-https`
feat: add resolvers configuration 2021-08-15 11:00:28 +00:00			`- backend-test-resolver if acl_test2-https`
feat: add IPs lists 2020-04-11 13:34:20 +00:00			`- backend-test-https if acl_test1-https acl_blacklist`
first version 2019-11-08 21:29:11 +00:00			`haproxy_backends:`
			`backend-test-https:`
			`mode: http`
			`balance: roundrobin`
			`stick-table: type ip size 512k expire 30m`
			`stick: on src`
			`option:`
			`- 'ssl-hello-chk'`
			`- 'tcp-check'`
			`- 'log-health-checks'`
			`- 'forwardfor header X-Forwarded-For'`
			`server:`
			`- host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s`
			`- host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s`
feat: add resolvers configuration 2021-08-15 11:00:28 +00:00			`backend-test-resolver:`
			`mode: http`
			`balance: roundrobin`
			`stick-table: type ip size 512k expire 30m`
			`stick: on src`
			`option:`
			`- 'ssl-hello-chk'`
			`server:`
			`- google.fr google.com:443 ssl verify none check resolvers dns init-addr none`
feat: add debian 11 support 2021-08-15 10:36:58 +00:00
			`pre_tasks:`
feat: can install other haproxy release 2021-08-15 15:41:47 +00:00			`- name: add backports repository`
			`ansible.builtin.apt_repository:`
			`repo: 'deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main'`

feat: add debian 11 support 2021-08-15 10:36:58 +00:00			`- name: update apt cache`
			`ansible.builtin.apt:`
			`update_cache: true`