feat: add resolvers configuration

2021-08-15 13:00:28 +02:00 · 2021-08-15 13:00:28 +02:00 · 26cb8de38e
commit 26cb8de38e
parent 128abd0988
6 changed files with 37 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,7 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)

 ### Added

+- add resolvers configuration
 - add debian11 support
 - add IPs lists

--- a/README.md
+++ b/README.md
@ -73,6 +73,14 @@ Install and configure haproxy
    - 'uri /haproxy_stats'
 ```

+- `haproxy_resolvers` - hash with the resolvers configuration
+
+```
+  dns:
+    local:
+      - dns1 127.0.0.1:53
+```
+
 - `haproxy_frontends` -  hash with the frontends configuration

 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -60,3 +60,4 @@ haproxy_frontends: {}
 haproxy_backends: {}
 haproxy_ssl_certificates: {}
 haproxy_ips_lists: {}
+haproxy_resolvers: {}
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -12,6 +12,9 @@
      blacklist:
        - 172.10.0.0/16
        - 192.168.1.1
+    haproxy_resolvers:
+      dns:
+        nameserver: dns1 127.0.0.1:53
    haproxy_frontends:
      main:
        bind:
@ -36,7 +39,7 @@
          - acl_blacklist src -f /etc/haproxy/blacklist.list
        use_backend:
          - backend-test-https if acl_test1-https
-          - backend-test-https if acl_test2-https
+          - backend-test-resolver if acl_test2-https
          - backend-test-https if acl_test1-https acl_blacklist
    haproxy_backends:
      backend-test-https:
@ -52,6 +55,15 @@
        server:
          - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
          - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
+      backend-test-resolver:
+        mode: http
+        balance: roundrobin
+        stick-table: type ip size 512k expire 30m
+        stick: on src
+        option:
+          - 'ssl-hello-chk'
+        server:
+          - google.fr google.com:443 ssl verify none check resolvers dns init-addr none

  pre_tasks:
    - name: update apt cache
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -12,6 +12,7 @@ def test_config_file(host):
  assert path.group == 'root'
  assert path.mode == 0o640
  assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s')
+  assert path.contains('resolvers dns')

 def test_certificate_file(host):
  path = host.file('/etc/haproxy/www-example-com.pem')
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -41,6 +41,19 @@ listen stats
 {% endif %}
 {% endfor %}

+{% for resolver, config in haproxy_resolvers.items() %}
+resolvers {{ resolver }}
+{% for key, value in config.items() %}
+{% if value is iterable and value is not string %}
+{% for option in value %}
+	{{ key }} {{ option }}
+{% endfor %}
+{% else %}
+	{{ key }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+
 {% for frontend, config in haproxy_frontends.items() %}
 frontend {{ frontend }}
 {% for key, value in config.items()|sort if key != 'acl' and key != 'use_backend' %}