nishiki/ansible-role-haproxy
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity Actions

feat: add resolvers configuration

Browse source
This commit is contained in:
Adrien Waksberg 2021-08-15 13:00:28 +02:00 committed by Adrien Waksberg
parent 128abd0988
commit 26cb8de38e
6 changed files with 37 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -7,6 +7,7 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
### Added ### Added
- add resolvers configuration
- add debian11 support - add debian11 support
- add IPs lists - add IPs lists

8
README.md
View file

@ -73,6 +73,14 @@ Install and configure haproxy
- 'uri /haproxy_stats' - 'uri /haproxy_stats'
``` ```
- `haproxy_resolvers` - hash with the resolvers configuration
```
dns:
local:
- dns1 127.0.0.1:53
```
- `haproxy_frontends` - hash with the frontends configuration - `haproxy_frontends` - hash with the frontends configuration
``` ```

1
defaults/main.yml
View file

@ -60,3 +60,4 @@ haproxy_frontends: {}
haproxy_backends: {} haproxy_backends: {}
haproxy_ssl_certificates: {} haproxy_ssl_certificates: {}
haproxy_ips_lists: {} haproxy_ips_lists: {}
haproxy_resolvers: {}

14
molecule/default/converge.yml
View file

@ -12,6 +12,9 @@
blacklist: blacklist:
- 172.10.0.0/16 - 172.10.0.0/16
- 192.168.1.1 - 192.168.1.1
haproxy_resolvers:
dns:
nameserver: dns1 127.0.0.1:53
haproxy_frontends: haproxy_frontends:
main: main:
bind: bind:
@ -36,7 +39,7 @@
- acl_blacklist src -f /etc/haproxy/blacklist.list - acl_blacklist src -f /etc/haproxy/blacklist.list
use_backend: use_backend:
- backend-test-https if acl_test1-https - backend-test-https if acl_test1-https
- backend-test-https if acl_test2-https - backend-test-resolver if acl_test2-https
- backend-test-https if acl_test1-https acl_blacklist - backend-test-https if acl_test1-https acl_blacklist
haproxy_backends: haproxy_backends:
backend-test-https: backend-test-https:
@ -52,6 +55,15 @@
server: server:
- host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
- host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s
backend-test-resolver:
mode: http
balance: roundrobin
stick-table: type ip size 512k expire 30m
stick: on src
option:
- 'ssl-hello-chk'
server:
- google.fr google.com:443 ssl verify none check resolvers dns init-addr none
pre_tasks: pre_tasks:
- name: update apt cache - name: update apt cache

1
molecule/default/tests/test_default.py
View file

@ -12,6 +12,7 @@ def test_config_file(host):
assert path.group == 'root' assert path.group == 'root'
assert path.mode == 0o640 assert path.mode == 0o640
assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s') assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s')
assert path.contains('resolvers dns')
def test_certificate_file(host): def test_certificate_file(host):
path = host.file('/etc/haproxy/www-example-com.pem') path = host.file('/etc/haproxy/www-example-com.pem')

13
templates/haproxy.cfg.j2
View file

@ -41,6 +41,19 @@ listen stats
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for resolver, config in haproxy_resolvers.items() %}
resolvers {{ resolver }}
{% for key, value in config.items() %}
{% if value is iterable and value is not string %}
{% for option in value %}
{{ key }} {{ option }}
{% endfor %}
{% else %}
{{ key }} {{ value }}
{% endif %}
{% endfor %}
{% endfor %}
{% for frontend, config in haproxy_frontends.items() %} {% for frontend, config in haproxy_frontends.items() %}
frontend {{ frontend }} frontend {{ frontend }}
{% for key, value in config.items()|sort if key != 'acl' and key != 'use_backend' %} {% for key, value in config.items()|sort if key != 'acl' and key != 'use_backend' %}