Compare commits
10 commits
Author | SHA1 | Date | |
---|---|---|---|
3e96c6fd97 | |||
8e3497fbd3 | |||
e9255a168a | |||
9b7ee14b13 | |||
c43442b7a0 | |||
7e4781cb4b | |||
40f7e11be9 | |||
f1744f2bc8 | |||
6ca8c29386 | |||
90d77d0945 |
13 changed files with 204 additions and 79 deletions
18
.forgejo/workflows/molecule.yml
Normal file
18
.forgejo/workflows/molecule.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
on: [push]
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: ansible-lint .
|
||||||
|
- run: yamllint .
|
||||||
|
molecule:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: molecule test
|
10
.gitlab-ci.yml
Normal file
10
.gitlab-ci.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
image: nishiki/molecule:docker
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- molecule --version
|
||||||
|
|
||||||
|
molecule:
|
||||||
|
stage: test
|
||||||
|
script:
|
||||||
|
- molecule test
|
|
@ -2,11 +2,11 @@
|
||||||
extends: default
|
extends: default
|
||||||
|
|
||||||
ignore: |
|
ignore: |
|
||||||
.kitchen/*
|
.kitchen*
|
||||||
vendor/
|
vendor/
|
||||||
|
.forgejo/
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
line-length:
|
line-length:
|
||||||
max: 120
|
max: 120
|
||||||
level: warning
|
level: warning
|
||||||
truthy: false
|
|
||||||
|
|
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -5,6 +5,21 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- add support alpn in bind option
|
||||||
|
- add error files
|
||||||
|
- use multiple ssl certificates on one frontend
|
||||||
|
- test: add support debian 12
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- test: use personal docker registry
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
- test: remove support debian 10
|
||||||
|
|
||||||
## v1.1.0 - 2021-08-15
|
## v1.1.0 - 2021-08-15
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
50
README.md
50
README.md
|
@ -1,16 +1,17 @@
|
||||||
# Ansible role: Haproxy
|
# Ansible role: Haproxy
|
||||||
|
|
||||||
[![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/releases)
|
[![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-haproxy/releases)
|
||||||
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/src/branch/master/LICENSE)
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-haproxy/src/branch/main/LICENSE)
|
||||||
|
[![Build](https://code.waks.be/nishiki/ansible-role-haproxy/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-haproxy/actions?workflow=molecule.yml)
|
||||||
|
|
||||||
Install and configure haproxy
|
Install and configure haproxy
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* Ansible >= 2.9
|
- Ansible >= 2.10
|
||||||
* Debian
|
- Debian
|
||||||
* Buster
|
- Bullseye
|
||||||
* Bullseye
|
- Bookworm
|
||||||
|
|
||||||
## Role variables
|
## Role variables
|
||||||
|
|
||||||
|
@ -90,6 +91,9 @@ Install and configure haproxy
|
||||||
ip: '*'
|
ip: '*'
|
||||||
port: 443
|
port: 443
|
||||||
ssl:
|
ssl:
|
||||||
|
cert:
|
||||||
|
- /etc/haproxy/ssl1.pem
|
||||||
|
- /etc/haproxy/ssl2.pem
|
||||||
default_backend: backend-app
|
default_backend: backend-app
|
||||||
frontend-http:
|
frontend-http:
|
||||||
bind:
|
bind:
|
||||||
|
@ -159,6 +163,32 @@ Install and configure haproxy
|
||||||
.....
|
.....
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- `haproxy_http_errors` - hash with http error groups
|
||||||
|
|
||||||
|
```
|
||||||
|
test:
|
||||||
|
503: test-503
|
||||||
|
```
|
||||||
|
|
||||||
|
- `haproxy_http_errors_file` - hash with http error files
|
||||||
|
|
||||||
|
```
|
||||||
|
test-503: |
|
||||||
|
HTTP/1.1 503 Service Unavailable
|
||||||
|
Cache-Control: no-cache
|
||||||
|
Connection: close
|
||||||
|
Content-Type: text/html
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<body>
|
||||||
|
<main>
|
||||||
|
This is my custom 503 page
|
||||||
|
</main>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
```
|
||||||
|
|
||||||
## How to use
|
## How to use
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -171,10 +201,10 @@ Install and configure haproxy
|
||||||
|
|
||||||
### Test with molecule and docker
|
### Test with molecule and docker
|
||||||
|
|
||||||
* install [docker](https://docs.docker.com/engine/installation/)
|
- install [docker](https://docs.docker.com/engine/installation/)
|
||||||
* install `python3` and `python3-pip`
|
- install `python3` and `python3-pip`
|
||||||
* install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
|
- install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
|
||||||
* run `molecule test`
|
- run `molecule test`
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
haproxy_apt_release: '{{ ansible_distribution_release }}'
|
haproxy_apt_release: "{{ ansible_distribution_release }}"
|
||||||
haproxy_stats_username: admin
|
haproxy_stats_username: admin
|
||||||
haproxy_stats_password: secret
|
haproxy_stats_password: secret
|
||||||
haproxy_global: {}
|
haproxy_global: {}
|
||||||
|
@ -12,7 +12,7 @@ haproxy_default_global:
|
||||||
group: haproxy
|
group: haproxy
|
||||||
daemon: true
|
daemon: true
|
||||||
stats: socket /var/lib/haproxy/stats group haproxy mode 660
|
stats: socket /var/lib/haproxy/stats group haproxy mode 660
|
||||||
haproxy_full_global: '{{ haproxy_default_global|combine(haproxy_global) }}'
|
haproxy_full_global: "{{ haproxy_default_global | combine(haproxy_global) }}"
|
||||||
|
|
||||||
haproxy_defaults: {}
|
haproxy_defaults: {}
|
||||||
haproxy_default_defaults:
|
haproxy_default_defaults:
|
||||||
|
@ -34,7 +34,7 @@ haproxy_default_defaults:
|
||||||
- http-keep-alive 10s
|
- http-keep-alive 10s
|
||||||
- check 10s
|
- check 10s
|
||||||
maxconn: 4096
|
maxconn: 4096
|
||||||
haproxy_full_defaults: '{{ haproxy_default_defaults|combine(haproxy_defaults) }}'
|
haproxy_full_defaults: "{{ haproxy_default_defaults | combine(haproxy_defaults) }}"
|
||||||
|
|
||||||
haproxy_listen_stats: {}
|
haproxy_listen_stats: {}
|
||||||
haproxy_default_listen_stats:
|
haproxy_default_listen_stats:
|
||||||
|
@ -49,12 +49,12 @@ haproxy_default_listen_stats:
|
||||||
- connect 30s
|
- connect 30s
|
||||||
- queue 30s
|
- queue 30s
|
||||||
stats:
|
stats:
|
||||||
- 'refresh 5s'
|
- "refresh 5s"
|
||||||
- 'show-node'
|
- "show-node"
|
||||||
- 'realm Haproxy\ Statistics'
|
- "realm Haproxy\ Statistics"
|
||||||
- 'auth {{ haproxy_stats_username }}:{{ haproxy_stats_password }}'
|
- "auth {{ haproxy_stats_username }}:{{ haproxy_stats_password }}"
|
||||||
- 'uri /haproxy_stats'
|
- "uri /haproxy_stats"
|
||||||
haproxy_full_listen_stats: '{{ haproxy_default_listen_stats|combine(haproxy_listen_stats, recursive=True) }}'
|
haproxy_full_listen_stats: "{{ haproxy_default_listen_stats | combine(haproxy_listen_stats, recursive=True) }}"
|
||||||
|
|
||||||
haproxy_frontends: {}
|
haproxy_frontends: {}
|
||||||
haproxy_backends: {}
|
haproxy_backends: {}
|
||||||
|
@ -62,3 +62,5 @@ haproxy_ssl_certificates: {}
|
||||||
haproxy_ips_lists: {}
|
haproxy_ips_lists: {}
|
||||||
haproxy_resolvers: {}
|
haproxy_resolvers: {}
|
||||||
haproxy_userlists: {}
|
haproxy_userlists: {}
|
||||||
|
haproxy_http_errors: {}
|
||||||
|
haproxy_http_error_files: {}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: reload haproxy
|
- name: Reload haproxy
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
@ -1,18 +1,19 @@
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
role_name: haproxy
|
role_name: haproxy
|
||||||
|
namespace: nishiki
|
||||||
author: Adrien Waksberg
|
author: Adrien Waksberg
|
||||||
description: Install and configure Haproxy
|
description: Install and configure Haproxy
|
||||||
company: Adrien Waksberg
|
company: Adrien Waksberg
|
||||||
license: Apache2
|
license: Apache2
|
||||||
|
|
||||||
min_ansible_version: 2.9
|
min_ansible_version: "2.10"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- 10
|
- bullseye
|
||||||
- 11
|
- bookworm
|
||||||
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- haproxy
|
- haproxy
|
||||||
|
|
|
@ -4,6 +4,24 @@
|
||||||
roles:
|
roles:
|
||||||
- ansible-role-haproxy
|
- ansible-role-haproxy
|
||||||
vars:
|
vars:
|
||||||
|
haproxy_http_errors:
|
||||||
|
test:
|
||||||
|
503: test
|
||||||
|
haproxy_http_error_files:
|
||||||
|
test: |
|
||||||
|
HTTP/1.1 503 Service Unavailable
|
||||||
|
Cache-Control: no-cache
|
||||||
|
Connection: close
|
||||||
|
Content-Type: text/html
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<body>
|
||||||
|
<main>
|
||||||
|
This is my custom 503 page
|
||||||
|
</main>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
haproxy_ssl_certificates:
|
haproxy_ssl_certificates:
|
||||||
www-example-com: |
|
www-example-com: |
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
|
@ -26,6 +44,7 @@
|
||||||
bind:
|
bind:
|
||||||
ip: '*'
|
ip: '*'
|
||||||
port: 5000
|
port: 5000
|
||||||
|
alpn: h2,http/1.1
|
||||||
acl:
|
acl:
|
||||||
- url_static path_beg -i /static /images /javascript /stylesheets
|
- url_static path_beg -i /static /images /javascript /stylesheets
|
||||||
- url_static path_end -i .jpg .gif .png .css .js
|
- url_static path_end -i .jpg .gif .png .css .js
|
||||||
|
@ -45,6 +64,7 @@
|
||||||
- acl_blacklist src -f /etc/haproxy/blacklist.list
|
- acl_blacklist src -f /etc/haproxy/blacklist.list
|
||||||
- acl_auth_path path -i /auth/
|
- acl_auth_path path -i /auth/
|
||||||
- acl_auth http_auth(restricted)
|
- acl_auth http_auth(restricted)
|
||||||
|
errorfiles: test
|
||||||
http-request:
|
http-request:
|
||||||
- auth realm restricted if acl_auth_path !acl_auth
|
- auth realm restricted if acl_auth_path !acl_auth
|
||||||
- return status 200 content-type "text/plain" string "Good" if acl_auth_path
|
- return status 200 content-type "text/plain" string "Good" if acl_auth_path
|
||||||
|
|
|
@ -2,30 +2,27 @@
|
||||||
driver:
|
driver:
|
||||||
name: docker
|
name: docker
|
||||||
platforms:
|
platforms:
|
||||||
- name: debian10
|
- name: debian12
|
||||||
image: nishiki/debian10:molecule
|
image: code.waks.be/nishiki/molecule:debian12
|
||||||
privileged: true
|
privileged: true
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
command: /bin/systemd
|
command: /bin/systemd
|
||||||
capabilities:
|
capabilities:
|
||||||
- SYS_ADMIN
|
- SYS_ADMIN
|
||||||
- name: debian11
|
- name: debian11
|
||||||
image: nishiki/debian11:molecule
|
image: code.waks.be/nishiki/molecule:debian11
|
||||||
privileged: true
|
privileged: true
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
command: /bin/systemd
|
command: /bin/systemd
|
||||||
capabilities:
|
capabilities:
|
||||||
- SYS_ADMIN
|
- SYS_ADMIN
|
||||||
provisioner:
|
|
||||||
inventory:
|
|
||||||
host_vars:
|
|
||||||
debian10:
|
|
||||||
haproxy_apt_release: '{{ ansible_distribution_release }}-backports'
|
|
||||||
lint: |
|
lint: |
|
||||||
set -e
|
set -e
|
||||||
yamllint .
|
yamllint .
|
||||||
ansible-lint
|
ansible-lint .
|
||||||
verifier:
|
verifier:
|
||||||
name: testinfra
|
name: testinfra
|
||||||
|
|
|
@ -11,6 +11,7 @@ def test_config_file(host):
|
||||||
assert path.user == 'root'
|
assert path.user == 'root'
|
||||||
assert path.group == 'root'
|
assert path.group == 'root'
|
||||||
assert path.mode == 0o640
|
assert path.mode == 0o640
|
||||||
|
assert path.contains('bind \\*:5000 alpn h2,http/1.1')
|
||||||
assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s')
|
assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s')
|
||||||
assert path.contains('resolvers dns')
|
assert path.contains('resolvers dns')
|
||||||
|
|
||||||
|
@ -49,3 +50,8 @@ def test_auth(host):
|
||||||
cmd = host.run('curl -v -u admin:badpassword http://127.0.0.1/auth/')
|
cmd = host.run('curl -v -u admin:badpassword http://127.0.0.1/auth/')
|
||||||
assert cmd.succeeded
|
assert cmd.succeeded
|
||||||
assert '401 Unauthorized' in cmd.stdout
|
assert '401 Unauthorized' in cmd.stdout
|
||||||
|
|
||||||
|
def test_error_file(host):
|
||||||
|
cmd = host.run('curl -v http://127.0.0.1/')
|
||||||
|
assert cmd.succeeded
|
||||||
|
assert 'This is my custom 503 page' in cmd.stdout
|
||||||
|
|
|
@ -1,51 +1,70 @@
|
||||||
---
|
---
|
||||||
- name: install package
|
- name: Install package
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- haproxy
|
- haproxy
|
||||||
default_release: '{{ haproxy_apt_release }}'
|
default_release: "{{ haproxy_apt_release }}"
|
||||||
retries: 2
|
|
||||||
register: result
|
|
||||||
until: result is succeeded
|
|
||||||
tags: haproxy
|
tags: haproxy
|
||||||
|
|
||||||
- name: copy ssl certificates
|
- name: Copy ssl certificates
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: '{{ item.value }}'
|
content: "{{ item.value }}"
|
||||||
dest: /etc/haproxy/{{ item.key }}.pem
|
dest: "/etc/haproxy/{{ item.key }}.pem"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
loop: '{{ haproxy_ssl_certificates|dict2items }}'
|
loop: "{{ haproxy_ssl_certificates | dict2items }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
notify: reload haproxy
|
notify: Reload haproxy
|
||||||
tags: haproxy
|
tags: haproxy
|
||||||
|
|
||||||
- name: copy IPs lists
|
- name: Copy IPs lists
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ item.value|join('\n') }}"
|
content: "{{ item.value | join('\n') }}"
|
||||||
dest: '/etc/haproxy/{{ item.key }}.list'
|
dest: "/etc/haproxy/{{ item.key }}.list"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ haproxy_ips_lists | dict2items }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.key }}"
|
||||||
|
notify: Reload haproxy
|
||||||
|
tags: haproxy
|
||||||
|
|
||||||
|
- name: Create http errors directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/etc/haproxy/errors"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
state: directory
|
||||||
|
tags: haproxy
|
||||||
|
|
||||||
|
- name: Copy http errors file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
dest: "/etc/haproxy/errors/{{ item.key }}.http"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: '{{ haproxy_ips_lists|dict2items }}'
|
loop: "{{ haproxy_http_error_files | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: '{{ item.key }}'
|
label: "{{ item.key }}"
|
||||||
notify: reload haproxy
|
notify: Reload haproxy
|
||||||
tags: haproxy
|
tags: haproxy
|
||||||
|
|
||||||
- name: copy config file
|
- name: Copy config file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: haproxy.cfg.j2
|
src: haproxy.cfg.j2
|
||||||
dest: /etc/haproxy/haproxy.cfg
|
dest: /etc/haproxy/haproxy.cfg
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
validate: haproxy -c -f %s
|
validate: haproxy -c -f %s
|
||||||
notify: reload haproxy
|
notify: Reload haproxy
|
||||||
tags: haproxy
|
tags: haproxy
|
||||||
|
|
||||||
- name: enable ans start service
|
- name: Enable ans start service
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -53,6 +53,13 @@ resolvers {{ resolver }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
{% for http_error_name, config in haproxy_http_errors.items() %}
|
||||||
|
http-errors {{ http_error_name }}
|
||||||
|
{% for status_code, file in config.items() %}
|
||||||
|
errorfile {{ status_code }} /etc/haproxy/errors/{{ file }}.http
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for userlist, config in haproxy_userlists.items() %}
|
{% for userlist, config in haproxy_userlists.items() %}
|
||||||
userlist {{ userlist }}
|
userlist {{ userlist }}
|
||||||
|
@ -71,7 +78,7 @@ userlist {{ userlist }}
|
||||||
frontend {{ frontend }}
|
frontend {{ frontend }}
|
||||||
{% for key, value in config.items() %}
|
{% for key, value in config.items() %}
|
||||||
{% if key == "bind" %}
|
{% if key == "bind" %}
|
||||||
bind {{ value["ip"] }}:{{ value["port"] }}{% if value["ssl"] is defined %} ssl{% if value["ssl"]["ciphers"] is defined %} ciphers {{ value["ssl"]["ciphers"]|join(':') }}{% endif %}{% if value["ssl"]["crt"]%} crt {{ value["ssl"]["crt"] }}{% endif %}
|
bind {{ value["ip"] }}:{{ value["port"] }}{% if value["alpn"] is defined %} alpn {{ value["alpn"] }}{% endif %}{% if value["ssl"] is defined %} ssl{% if value["ssl"]["ciphers"] is defined %} ciphers {{ value["ssl"]["ciphers"]|join(':') }}{% endif %}{% if value["ssl"]["crt"]%} crt {% if value["ssl"]["crt"] is string %}{{ value["ssl"]["crt"] }}{% else %}{{ value["ssl"]["crt"]|join(' crt ') }}{% endif %}{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% elif value is iterable and value is not string %}
|
{% elif value is iterable and value is not string %}
|
||||||
|
|
Loading…
Reference in a new issue