Merge pull request #3 from SoInteractive/haproxy_refactor

Haproxy refactor
SoInteractive · Jul 21, 2017 · cbd87cd · cbd87cd
2 parents 7bcb7a4 + eee3844
commit cbd87cd
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 7 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -11,6 +11,17 @@ haproxy_install_hatop: True
 
 haproxy_metrics: true
 
+haproxy_errors:
+  - { code: 400, short: "Bad request", long: "Bad request (400)" }
+  - { code: 403, short: "Forbidden", long: "Forbidden. You may not have necessary permissions (403)" }
+  - { code: 405, short: "Method Not Allowed", long: "Requested method is not supported for this resource (405)" }
+  - { code: 408, short: "Request timeout", long: "Server timed out waiting for the request (408)" }
+  - { code: 429, short: "Too many requests", long: "You may have sent too many requests (429)" }
+  - { code: 500, short: "Internal Server Error", long: "Server has experienced an internal error (500)" }
+  - { code: 502, short: "Bad Gateway", long: "Bad Gateway (502)" }
+  - { code: 503, short: "Service Unavailable", long: "Service you are trying to reach is unavailable (503)" }
+  - { code: 504, short: "Gateway Timeout", long: "Gateway Timeout (504)" }
+
 haproxy_timeouts:
   - { type: "connect", value: 5000 }
   - { type: "client",  value: 50000 }

diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -7,6 +7,18 @@
     state: present
   when: haproxy_bind_on_non_local | bool
 
+- name: Create errorfiles dir
+  file:
+    path: "/etc/haproxy/errors"
+    state: directory
+  when: ansible_distribution == 'CentOS'
+
+- name: Copy errorfiles
+  template:
+    src: "error_codes.j2"
+    dest: "/etc/haproxy/errors/{{ item.code }}.http"
+  with_items: "{{ haproxy_errors }}"
+
 - name: Drop base haproxy config
   template:
     src: "haproxy.cfg.j2"

diff --git a/templates/error_codes.j2 b/templates/error_codes.j2
@@ -0,0 +1,41 @@
+<html>
+<header><title> {{ item.short }} </title></header>
+<style>
+  body {
+    background: #582583 }
+  div.container {
+    height: 100%;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center }
+  div.container h2 {
+    color: white; 
+    margin: 1em }
+</style>
+<body>
+<div class="container">
+  <canvas id="soi" width="200" height="200"></canvas>
+  <script>
+    var canvas = document.getElementById('soi');
+    var ctx = canvas.getContext('2d');
+    ctx.beginPath();
+    ctx.moveTo(0,0);
+    ctx.lineTo(180,0);
+    ctx.lineTo(180,180);
+    ctx.lineTo(120,180);
+    ctx.lineTo(120,120);
+    ctx.lineTo(60,120);
+    ctx.lineTo(60,180);
+    ctx.lineTo(0,180);
+    ctx.lineTo(0,120);
+    ctx.lineTo(60,120);
+    ctx.lineTo(60,60);
+    ctx.lineTo(0,60);
+    ctx.fillStyle = 'white';
+    ctx.fill();
+  </script>
+  <h2>{{ item.long }}</h2>
+</div>
+</body>
+</html>
diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2
@@ -15,6 +15,7 @@ global
     ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 {% endif %}
 
+
 defaults
     log     global
     mode    http
@@ -24,6 +25,10 @@ defaults
     timeout {{ timeout.type }} {{ timeout.value }}
 {% endfor %}
 
+{% for error in haproxy_errors %}
+    errorfile {{ error.code }} /etc/haproxy/errors/{{ error.code }}.http
+{% endfor %}
+
 {% if haproxy_stats_enabled | bool %}
 listen haproxy_stats
     bind {{ haproxy_stats_address }}:{{ haproxy_stats_port }}

diff --git a/tests/test_default.py b/tests/test_default.py
@@ -8,7 +8,8 @@ def test_directories(File):
         "/etc/haproxy",
         "/etc/haproxy/conf.d",
         "/var/lib/haproxy",
-        "/run/haproxy"
+        "/run/haproxy",
+        "/opt/haproxy_exporter"
     ]
     if present:
         for directory in present:
@@ -20,7 +21,8 @@ def test_directories(File):
 def test_files(File):
     present = [
         "/etc/haproxy/haproxy.cfg",
-        "/etc/haproxy/conf.d/00-haproxy"
+        "/etc/haproxy/conf.d/00-haproxy",
+        "etc/systemd/system/haproxy_exporter.service"
     ]
     if present:
         for file in present:
@@ -37,12 +39,23 @@ def test_service(Service):
         for service in present:
             s = Service(service)
             assert s.is_enabled
+            assert s.is_running
 
 
-def test_packages(Package):
-    present = [
-        "haproxy"
-    ]
+def test_packages(Package, SystemInfo):
+    present = []
+    if SystemInfo.distribution == 'ubuntu':
+        present = [
+            "haproxy",
+            "vim-haproxy",
+            "psmisc"
+        ]
+    elif SystemInfo.distribution == 'centos':
+        present = [
+            "haproxy",
+            "libselinux-python",
+            "libsemanage-python"
+        ]
     if present:
         for package in present:
             p = Package(package)
@@ -52,8 +65,14 @@ def test_packages(Package):
 def test_socket(Socket):
     present = [
         # "unix:///run/haproxy/admin.sock",
-        "tcp://127.0.0.1:1936"
+        "tcp://127.0.0.1:1936",
+        "tcp://127.0.0.1:8080",
+        "tcp://127.0.0.1:5672"
     ]
     for socket in present:
         s = Socket(socket)
         assert s.is_listening
+
+
+def test_sysctl_vars(Sysctl):
+    assert Sysctl("net.ipv4.ip_nonlocal_bind")