From 26cb8de38e026fd6f0c7a535b1bdd1201c32e355 Mon Sep 17 00:00:00 2001 From: Adrien Waksberg Date: Sun, 15 Aug 2021 13:00:28 +0200 Subject: [PATCH] feat: add resolvers configuration --- CHANGELOG.md | 1 + README.md | 8 ++++++++ defaults/main.yml | 1 + molecule/default/converge.yml | 14 +++++++++++++- molecule/default/tests/test_default.py | 1 + templates/haproxy.cfg.j2 | 13 +++++++++++++ 6 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3baafdc..a6c2d31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/) ### Added +- add resolvers configuration - add debian11 support - add IPs lists diff --git a/README.md b/README.md index d1dc6c4..2270949 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,14 @@ Install and configure haproxy - 'uri /haproxy_stats' ``` +- `haproxy_resolvers` - hash with the resolvers configuration + +``` + dns: + local: + - dns1 127.0.0.1:53 +``` + - `haproxy_frontends` - hash with the frontends configuration ``` diff --git a/defaults/main.yml b/defaults/main.yml index fda52f8..ca27b44 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -60,3 +60,4 @@ haproxy_frontends: {} haproxy_backends: {} haproxy_ssl_certificates: {} haproxy_ips_lists: {} +haproxy_resolvers: {} diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 7f0b88d..f7e5101 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -12,6 +12,9 @@ blacklist: - 172.10.0.0/16 - 192.168.1.1 + haproxy_resolvers: + dns: + nameserver: dns1 127.0.0.1:53 haproxy_frontends: main: bind: @@ -36,7 +39,7 @@ - acl_blacklist src -f /etc/haproxy/blacklist.list use_backend: - backend-test-https if acl_test1-https - - backend-test-https if acl_test2-https + - backend-test-resolver if acl_test2-https - backend-test-https if acl_test1-https acl_blacklist haproxy_backends: backend-test-https: @@ -52,6 +55,15 @@ server: - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s + backend-test-resolver: + mode: http + balance: roundrobin + stick-table: type ip size 512k expire 30m + stick: on src + option: + - 'ssl-hello-chk' + server: + - google.fr google.com:443 ssl verify none check resolvers dns init-addr none pre_tasks: - name: update apt cache diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 2b769f9..9d2f34b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -12,6 +12,7 @@ def test_config_file(host): assert path.group == 'root' assert path.mode == 0o640 assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s') + assert path.contains('resolvers dns') def test_certificate_file(host): path = host.file('/etc/haproxy/www-example-com.pem') diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2 index 29d2280..7058dcc 100644 --- a/templates/haproxy.cfg.j2 +++ b/templates/haproxy.cfg.j2 @@ -41,6 +41,19 @@ listen stats {% endif %} {% endfor %} +{% for resolver, config in haproxy_resolvers.items() %} +resolvers {{ resolver }} +{% for key, value in config.items() %} +{% if value is iterable and value is not string %} +{% for option in value %} + {{ key }} {{ option }} +{% endfor %} +{% else %} + {{ key }} {{ value }} +{% endif %} +{% endfor %} +{% endfor %} + {% for frontend, config in haproxy_frontends.items() %} frontend {{ frontend }} {% for key, value in config.items()|sort if key != 'acl' and key != 'use_backend' %}