test: add forgejo workflow

test: use personal docker registry
test: fix syntax
2024-05-09 11:44:10 +02:00 · 2024-05-07 08:45:36 +02:00 · 2024-03-13 21:19:38 +01:00 · 2024-03-13 21:19:38 +01:00 · 2024-03-13 21:19:37 +01:00 · 2024-03-13 21:19:36 +01:00
13 changed files with 204 additions and 79 deletions
--- a/.forgejo/workflows/molecule.yml
+++ b/.forgejo/workflows/molecule.yml
@ -0,0 +1,18 @@
+---
+on: [push]
+jobs:
+  lint:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: ansible-lint .
+      - run: yamllint .
+  molecule:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: molecule test
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,10 @@
+---
+image: nishiki/molecule:docker
+
+before_script:
+  - molecule --version
+
+molecule:
+  stage: test
+  script:
+    - molecule test
--- a/.yamllint
+++ b/.yamllint
@ -2,11 +2,11 @@
 extends: default

 ignore: |
-  .kitchen/*
+  .kitchen*
  vendor/
+  .forgejo/

 rules:
  line-length:
    max: 120
    level: warning
-  truthy: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,21 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)

 ## [Unreleased]

+### Added
+
+- add support alpn in bind option
+- add error files
+- use multiple ssl certificates on one frontend
+- test: add support debian 12
+
+### Changed
+
+- test: use personal docker registry
+
+### Removed
+
+- test: remove support debian 10
+
 ## v1.1.0 - 2021-08-15

 ### Added
--- a/README.md
+++ b/README.md
@ -1,16 +1,17 @@
 # Ansible role: Haproxy

-[![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/releases)
-[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/src/branch/master/LICENSE)
+[![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-haproxy/releases)
+[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-haproxy/src/branch/main/LICENSE)
+[![Build](https://code.waks.be/nishiki/ansible-role-haproxy/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-haproxy/actions?workflow=molecule.yml)

 Install and configure haproxy

 ## Requirements

-* Ansible >= 2.9
-* Debian
-  * Buster
-  * Bullseye
+- Ansible >= 2.10
+- Debian
+  - Bullseye
+  - Bookworm

 ## Role variables

@ -82,7 +83,7 @@ Install and configure haproxy
      - dns1 127.0.0.1:53
 ```

- `haproxy_frontends` -  hash with the frontends configuration
+- `haproxy_frontends` - hash with the frontends configuration

 ```
  fontend-https:
@ -90,6 +91,9 @@ Install and configure haproxy
      ip: '*'
      port: 443
      ssl:
+        cert:
+          - /etc/haproxy/ssl1.pem
+          - /etc/haproxy/ssl2.pem
    default_backend: backend-app
  frontend-http:
    bind:
@ -159,6 +163,32 @@ Install and configure haproxy
 		.....
 ```

+- `haproxy_http_errors` - hash with http error groups
+
+```
+  test:
+    503: test-503
+```
+
+- `haproxy_http_errors_file` - hash with http error files
+
+```
+  test-503: |
+    HTTP/1.1 503 Service Unavailable
+    Cache-Control: no-cache
+    Connection: close
+    Content-Type: text/html
+
+    <!DOCTYPE html>
+    <html lang="en">
+        <body>
+            <main>
+                This is my custom 503 page
+            </main>
+        </body>
+    </html>
+```
+
 ## How to use

 ```
@ -171,10 +201,10 @@ Install and configure haproxy

 ### Test with molecule and docker

-* install [docker](https://docs.docker.com/engine/installation/)
-* install `python3` and `python3-pip`
-* install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
-* run `molecule test`
+- install [docker](https://docs.docker.com/engine/installation/)
+- install `python3` and `python3-pip`
+- install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
+- run `molecule test`

 ## License

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-haproxy_apt_release: '{{ ansible_distribution_release }}'
+haproxy_apt_release: "{{ ansible_distribution_release }}"
 haproxy_stats_username: admin
 haproxy_stats_password: secret
 haproxy_global: {}
@ -12,7 +12,7 @@ haproxy_default_global:
  group: haproxy
  daemon: true
  stats: socket /var/lib/haproxy/stats group haproxy mode 660
-haproxy_full_global: '{{ haproxy_default_global|combine(haproxy_global) }}'
+haproxy_full_global: "{{ haproxy_default_global | combine(haproxy_global) }}"

 haproxy_defaults: {}
 haproxy_default_defaults:
@ -34,7 +34,7 @@ haproxy_default_defaults:
    - http-keep-alive 10s
    - check 10s
  maxconn: 4096
-haproxy_full_defaults: '{{ haproxy_default_defaults|combine(haproxy_defaults) }}'
+haproxy_full_defaults: "{{ haproxy_default_defaults | combine(haproxy_defaults) }}"

 haproxy_listen_stats: {}
 haproxy_default_listen_stats:
@ -49,12 +49,12 @@ haproxy_default_listen_stats:
    - connect 30s
    - queue 30s
  stats:
-    - 'refresh 5s'
-    - 'show-node'
-    - 'realm Haproxy\ Statistics'
-    - 'auth {{ haproxy_stats_username }}:{{ haproxy_stats_password }}'
-    - 'uri /haproxy_stats'
-haproxy_full_listen_stats: '{{ haproxy_default_listen_stats|combine(haproxy_listen_stats, recursive=True) }}'
+    - "refresh 5s"
+    - "show-node"
+    - "realm Haproxy\ Statistics"
+    - "auth {{ haproxy_stats_username }}:{{ haproxy_stats_password }}"
+    - "uri /haproxy_stats"
+haproxy_full_listen_stats: "{{ haproxy_default_listen_stats | combine(haproxy_listen_stats, recursive=True) }}"

 haproxy_frontends: {}
 haproxy_backends: {}
@ -62,3 +62,5 @@ haproxy_ssl_certificates: {}
 haproxy_ips_lists: {}
 haproxy_resolvers: {}
 haproxy_userlists: {}
+haproxy_http_errors: {}
+haproxy_http_error_files: {}
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,5 +1,5 @@
 ---
- name: reload haproxy
-  service:
+- name: Reload haproxy
+  ansible.builtin.service:
    name: haproxy
    state: reloaded
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,18 +1,19 @@
 ---
 galaxy_info:
  role_name: haproxy
+  namespace: nishiki
  author: Adrien Waksberg
  description: Install and configure Haproxy
  company: Adrien Waksberg
  license: Apache2

-  min_ansible_version: 2.9
+  min_ansible_version: "2.10"

  platforms:
    - name: Debian
      versions:
-        - 10
-        - 11
+        - bullseye
+        - bookworm

  galaxy_tags:
    - haproxy
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -4,6 +4,24 @@
  roles:
    - ansible-role-haproxy
  vars:
+    haproxy_http_errors:
+      test:
+        503: test
+    haproxy_http_error_files:
+      test: |
+        HTTP/1.1 503 Service Unavailable
+        Cache-Control: no-cache
+        Connection: close
+        Content-Type: text/html
+
+        <!DOCTYPE html>
+        <html lang="en">
+            <body>
+                <main>
+                    This is my custom 503 page
+                </main>
+            </body>
+        </html>
    haproxy_ssl_certificates:
      www-example-com: |
        -----BEGIN CERTIFICATE-----
@ -26,6 +44,7 @@
        bind:
          ip: '*'
          port: 5000
+          alpn: h2,http/1.1
        acl:
          - url_static path_beg -i /static /images /javascript /stylesheets
          - url_static path_end -i .jpg .gif .png .css .js
@ -45,6 +64,7 @@
          - acl_blacklist src -f /etc/haproxy/blacklist.list
          - acl_auth_path path -i /auth/
          - acl_auth http_auth(restricted)
+        errorfiles: test
        http-request:
          - auth realm restricted if acl_auth_path !acl_auth
          - return status 200 content-type "text/plain" string "Good" if acl_auth_path
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -2,30 +2,27 @@
 driver:
  name: docker
 platforms:
-  - name: debian10
-    image: nishiki/debian10:molecule
+  - name: debian12
+    image: code.waks.be/nishiki/molecule:debian12
    privileged: true
    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
    command: /bin/systemd
    capabilities:
      - SYS_ADMIN
  - name: debian11
-    image: nishiki/debian11:molecule
+    image: code.waks.be/nishiki/molecule:debian11
    privileged: true
    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
    command: /bin/systemd
    capabilities:
      - SYS_ADMIN
-provisioner:
-  inventory:
-    host_vars:
-      debian10:
-        haproxy_apt_release: '{{ ansible_distribution_release }}-backports'
 lint: |
  set -e
  yamllint .
-  ansible-lint
+  ansible-lint .
 verifier:
  name: testinfra
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -11,6 +11,7 @@ def test_config_file(host):
  assert path.user == 'root'
  assert path.group == 'root'
  assert path.mode == 0o640
+  assert path.contains('bind \\*:5000 alpn h2,http/1.1')
  assert path.contains('server host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s')
  assert path.contains('resolvers dns')

@ -49,3 +50,8 @@ def test_auth(host):
  cmd = host.run('curl -v -u admin:badpassword http://127.0.0.1/auth/')
  assert cmd.succeeded
  assert '401 Unauthorized' in cmd.stdout
+
+def test_error_file(host):
+  cmd = host.run('curl -v http://127.0.0.1/')
+  assert cmd.succeeded
+  assert 'This is my custom 503 page' in cmd.stdout
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,51 +1,70 @@
 ---
- name: install package
+- name: Install package
  ansible.builtin.apt:
    name:
      - haproxy
-    default_release: '{{ haproxy_apt_release }}'
-  retries: 2
-  register: result
-  until: result is succeeded
+    default_release: "{{ haproxy_apt_release }}"
  tags: haproxy

- name: copy ssl certificates
+- name: Copy ssl certificates
  ansible.builtin.copy:
-    content: '{{ item.value }}'
-    dest: /etc/haproxy/{{ item.key }}.pem
+    content: "{{ item.value }}"
+    dest: "/etc/haproxy/{{ item.key }}.pem"
    owner: root
    group: root
-    mode: 0600
-  loop: '{{ haproxy_ssl_certificates|dict2items }}'
+    mode: "0600"
+  loop: "{{ haproxy_ssl_certificates | dict2items }}"
  no_log: true
-  notify: reload haproxy
+  notify: Reload haproxy
  tags: haproxy

- name: copy IPs lists
+- name: Copy IPs lists
  ansible.builtin.copy:
-    content: "{{ item.value|join('\n') }}"
-    dest: '/etc/haproxy/{{ item.key }}.list'
+    content: "{{ item.value | join('\n') }}"
+    dest: "/etc/haproxy/{{ item.key }}.list"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ haproxy_ips_lists | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  notify: Reload haproxy
+  tags: haproxy
+
+- name: Create http errors directory
+  ansible.builtin.file:
+    path: "/etc/haproxy/errors"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  tags: haproxy
+
+- name: Copy http errors file
+  ansible.builtin.copy:
+    content: "{{ item.value }}"
+    dest: "/etc/haproxy/errors/{{ item.key }}.http"
    owner: root
    group: root
    mode: 0644
-  loop: '{{ haproxy_ips_lists|dict2items }}'
+  loop: "{{ haproxy_http_error_files | dict2items }}"
  loop_control:
-    label: '{{ item.key }}'
-  notify: reload haproxy
+    label: "{{ item.key }}"
+  notify: Reload haproxy
  tags: haproxy

- name: copy config file
+- name: Copy config file
  ansible.builtin.template:
    src: haproxy.cfg.j2
    dest: /etc/haproxy/haproxy.cfg
    owner: root
    group: root
-    mode: 0640
+    mode: "0640"
    validate: haproxy -c -f %s
-  notify: reload haproxy
+  notify: Reload haproxy
  tags: haproxy

- name: enable ans start service
+- name: Enable ans start service
  ansible.builtin.service:
    name: haproxy
    enabled: true
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -3,41 +3,41 @@
 global
 {% for key, value in haproxy_full_global.items() %}
 {% if value is sameas true %}
-	{{ key }}
+  {{ key }}
 {% elif value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

 defaults
 {% for key, value in haproxy_full_defaults.items() %}
 {% if value is sameas true %}
-	{{ key }}
+  {{ key }}
 {% elif value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

 listen stats
 {% for key, value in haproxy_full_listen_stats.items() %}
 {% if key == "bind" %}
-	bind {{ value["ip"] }}:{{ value["port"] }}
+  bind {{ value["ip"] }}:{{ value["port"] }}
 {% elif value is sameas true %}
-	{{ key }}
+  {{ key }}
 {% elif value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

@ -46,23 +46,30 @@ resolvers {{ resolver }}
 {% for key, value in config.items() %}
 {% if value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

+{% endfor %}
+{% for http_error_name, config in haproxy_http_errors.items() %}
+http-errors {{ http_error_name }}
+{% for status_code, file in config.items() %}
+  errorfile {{ status_code }} /etc/haproxy/errors/{{ file }}.http
+{% endfor %}
+
 {% endfor %}
 {% for userlist, config in haproxy_userlists.items() %}
 userlist {{ userlist }}
 {% for key, value in config.items() %}
 {% if value is iterable and value is not string %}
 {% for option in value %}
-       {{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-       {{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

@ -71,15 +78,15 @@ userlist {{ userlist }}
 frontend {{ frontend }}
 {% for key, value in config.items() %}
 {% if key == "bind" %}
-	bind {{ value["ip"] }}:{{ value["port"] }}{% if value["ssl"] is defined %} ssl{% if value["ssl"]["ciphers"] is defined %} ciphers {{ value["ssl"]["ciphers"]|join(':') }}{% endif %}{% if value["ssl"]["crt"]%} crt {{ value["ssl"]["crt"] }}{% endif %}
+  bind {{ value["ip"] }}:{{ value["port"] }}{% if value["alpn"] is defined %} alpn {{ value["alpn"] }}{% endif %}{% if value["ssl"] is defined %} ssl{% if value["ssl"]["ciphers"] is defined %} ciphers {{ value["ssl"]["ciphers"]|join(':') }}{% endif %}{% if value["ssl"]["crt"]%} crt {% if value["ssl"]["crt"] is string %}{{ value["ssl"]["crt"] }}{% else %}{{ value["ssl"]["crt"]|join(' crt ') }}{% endif %}{% endif %}
 {% endif %}

 {% elif value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}

@ -89,13 +96,13 @@ frontend {{ frontend }}
 backend {{ backend }}
 {% for key, value in config.items() %}
 {% if value is sameas true %}
-	{{ key }}
+  {{ key }}
 {% elif value is iterable and value is not string %}
 {% for option in value %}
-	{{ key }} {{ option }}
+  {{ key }} {{ option }}
 {% endfor %}
 {% else %}
-	{{ key }} {{ value }}
+  {{ key }} {{ value }}
 {% endif %}
 {% endfor %}
Author	SHA1	Message	Date
Adrien Waksberg	3e96c6fd97	test: add forgejo workflow All checks were successful / lint (push) Successful in 9s Details / molecule (push) Successful in 1m40s Details	2024-05-09 11:44:10 +02:00
Adrien Waksberg	8e3497fbd3	test: use personal docker registry	2024-05-07 08:45:36 +02:00
Adrien Waksberg	e9255a168a	test: fix syntax	2024-03-13 21:19:38 +01:00
Adrien Waksberg	9b7ee14b13	test: add support debian 12	2024-03-13 21:19:38 +01:00
Adrien Waksberg	c43442b7a0	test: add gitlab-ci	2024-03-13 21:19:37 +01:00
Adrien Waksberg	7e4781cb4b	feat: add support alpn in bind option	2024-03-13 21:19:36 +01:00
Adrien Waksberg	40f7e11be9	fix: add notify for task copy http error files	2024-03-13 21:19:35 +01:00
Adrien Waksberg	f1744f2bc8	chore: minor change	2024-03-13 21:19:35 +01:00
Adrien Waksberg	6ca8c29386	feat: add error files	2024-03-13 21:19:34 +01:00
Adrien Waksberg	90d77d0945	feat: use multiple ssl certificates on one frontend	2024-03-13 21:19:31 +01:00