From 8dd276eafa6508a7c23c882b20223bd60d8af718 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 11:55:41 +0200 Subject: [PATCH 01/12] add html errorfiles --- files/400.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/403.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/405.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/408.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/429.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/500.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/502.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/503.http | 41 +++++++++++++++++++++++++++++++++++++++++ files/504.http | 41 +++++++++++++++++++++++++++++++++++++++++ tasks/configure.yml | 5 +++++ 10 files changed, 374 insertions(+) create mode 100644 files/400.http create mode 100644 files/403.http create mode 100644 files/405.http create mode 100644 files/408.http create mode 100644 files/429.http create mode 100644 files/500.http create mode 100644 files/502.http create mode 100644 files/503.http create mode 100644 files/504.http diff --git a/files/400.http b/files/400.http new file mode 100644 index 0000000..5934978 --- /dev/null +++ b/files/400.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (400).

+
+ + diff --git a/files/403.http b/files/403.http new file mode 100644 index 0000000..e05b697 --- /dev/null +++ b/files/403.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (403).

+
+ + diff --git a/files/405.http b/files/405.http new file mode 100644 index 0000000..5785420 --- /dev/null +++ b/files/405.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (405).

+
+ + diff --git a/files/408.http b/files/408.http new file mode 100644 index 0000000..37d2a65 --- /dev/null +++ b/files/408.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (408).

+
+ + diff --git a/files/429.http b/files/429.http new file mode 100644 index 0000000..5785420 --- /dev/null +++ b/files/429.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (405).

+
+ + diff --git a/files/500.http b/files/500.http new file mode 100644 index 0000000..4d4b866 --- /dev/null +++ b/files/500.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (500).

+
+ + diff --git a/files/502.http b/files/502.http new file mode 100644 index 0000000..2dd114a --- /dev/null +++ b/files/502.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (502).

+
+ + diff --git a/files/503.http b/files/503.http new file mode 100644 index 0000000..e0786c3 --- /dev/null +++ b/files/503.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (503).

+
+ + diff --git a/files/504.http b/files/504.http new file mode 100644 index 0000000..4eb5263 --- /dev/null +++ b/files/504.http @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (504).

+
+ + diff --git a/tasks/configure.yml b/tasks/configure.yml index 39c0780..961a750 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -7,6 +7,11 @@ state: present when: haproxy_bind_on_non_local | bool +-name: Copy errorfiles + copy: + src: files/ + dest: /etc/haproxy/errors + - name: Drop base haproxy config template: src: "haproxy.cfg.j2" From 283612e13e9a42fc4a14dfc69cc35522c19d9fbc Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 12:27:27 +0200 Subject: [PATCH 02/12] add task for copying files --- files/405.html | 41 +++++++++++++++++++++++++++++++++++++++++ tasks/configure.yml | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 files/405.html diff --git a/files/405.html b/files/405.html new file mode 100644 index 0000000..5785420 --- /dev/null +++ b/files/405.html @@ -0,0 +1,41 @@ + +
Service unavailable
+ + +
+ + +

Service you are trying to reach is unavailable (405).

+
+ + diff --git a/tasks/configure.yml b/tasks/configure.yml index 961a750..f1ed6a6 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -10,7 +10,7 @@ -name: Copy errorfiles copy: src: files/ - dest: /etc/haproxy/errors + dest: /etc/haproxy/errors/ - name: Drop base haproxy config template: From 4cb8a7f67027e2fd937d9f73926506d3d3302909 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 12:32:24 +0200 Subject: [PATCH 03/12] bugfix --- files/405.html | 41 ----------------------------------------- tasks/configure.yml | 2 +- 2 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 files/405.html diff --git a/files/405.html b/files/405.html deleted file mode 100644 index 5785420..0000000 --- a/files/405.html +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (405).

-
- - diff --git a/tasks/configure.yml b/tasks/configure.yml index f1ed6a6..b0937f2 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -7,7 +7,7 @@ state: present when: haproxy_bind_on_non_local | bool --name: Copy errorfiles +- name: Copy errorfiles copy: src: files/ dest: /etc/haproxy/errors/ From a2c67510d070dd8cb05313fe8e06ffc3de8157a7 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 13:32:25 +0200 Subject: [PATCH 04/12] add errorfiles configuration --- templates/haproxy.cfg.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2 index 695fad7..1080770 100644 --- a/templates/haproxy.cfg.j2 +++ b/templates/haproxy.cfg.j2 @@ -15,6 +15,7 @@ global ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA {% endif %} + defaults log global mode http @@ -24,6 +25,18 @@ defaults timeout {{ timeout.type }} {{ timeout.value }} {% endfor %} +{% if ansible_os_family == 'Debian' %} + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 405 /etc/haproxy/errors/405.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 429 /etc/haproxy/errors/400.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http +{% endif %} + {% if haproxy_stats_enabled | bool %} listen haproxy_stats bind {{ haproxy_stats_address }}:{{ haproxy_stats_port }} From 2ac832224b4d437edd62e21537e9b40ebd8782bd Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 13:58:40 +0200 Subject: [PATCH 05/12] add more tests --- tests/test_default.py | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/tests/test_default.py b/tests/test_default.py index 0bc8b7a..75e0020 100644 --- a/tests/test_default.py +++ b/tests/test_default.py @@ -8,7 +8,8 @@ def test_directories(File): "/etc/haproxy", "/etc/haproxy/conf.d", "/var/lib/haproxy", - "/run/haproxy" + "/run/haproxy", + "/opt/haproxy_exporter" ] if present: for directory in present: @@ -20,7 +21,8 @@ def test_directories(File): def test_files(File): present = [ "/etc/haproxy/haproxy.cfg", - "/etc/haproxy/conf.d/00-haproxy" + "/etc/haproxy/conf.d/00-haproxy", + "etc/systemd/system/haproxy_exporter.service" ] if present: for file in present: @@ -37,12 +39,23 @@ def test_service(Service): for service in present: s = Service(service) assert s.is_enabled + assert s.is_running -def test_packages(Package): - present = [ - "haproxy" - ] +def test_packages(Package, SystemInfo): + present = [] + if SystemInfo.distribution == 'ubuntu': + present = [ + "haproxy", + "vim-haproxy", + "psmisc" + ] + elif SystemInfo.distribution == 'centos': + present = [ + "haproxy", + "libselinux-python", + "libsemanage-python" + ] if present: for package in present: p = Package(package) @@ -52,8 +65,14 @@ def test_packages(Package): def test_socket(Socket): present = [ # "unix:///run/haproxy/admin.sock", - "tcp://127.0.0.1:1936" + "tcp://127.0.0.1:1936", + "tcp://127.0.0.1:8080", + "tcp://127.0.0.1:5672" ] for socket in present: s = Socket(socket) assert s.is_listening + + +def test_sysctl_vars(Sysctl): + assert Sysctl("net.ipv4.ip_nonlocal_bind") From cfc229b8567463380e0afb6482815f4462f396e4 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 14:05:09 +0200 Subject: [PATCH 06/12] cleanup --- templates/haproxy.cfg.j2 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2 index 1080770..4a0448e 100644 --- a/templates/haproxy.cfg.j2 +++ b/templates/haproxy.cfg.j2 @@ -26,15 +26,15 @@ defaults {% endfor %} {% if ansible_os_family == 'Debian' %} - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 405 /etc/haproxy/errors/405.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 429 /etc/haproxy/errors/400.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 405 /etc/haproxy/errors/405.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 429 /etc/haproxy/errors/400.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http {% endif %} {% if haproxy_stats_enabled | bool %} From 90b582894ad4e3a91cde15b3c12b375e5ae8e1e8 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 14:31:35 +0200 Subject: [PATCH 07/12] bugfix --- templates/haproxy.cfg.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2 index 4a0448e..1d2fc65 100644 --- a/templates/haproxy.cfg.j2 +++ b/templates/haproxy.cfg.j2 @@ -25,7 +25,6 @@ defaults timeout {{ timeout.type }} {{ timeout.value }} {% endfor %} -{% if ansible_os_family == 'Debian' %} errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 405 /etc/haproxy/errors/405.http @@ -35,7 +34,6 @@ defaults errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http -{% endif %} {% if haproxy_stats_enabled | bool %} listen haproxy_stats From ffd96adb88f7c43385ebc8d893440b891f7a0c7f Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 14:49:43 +0200 Subject: [PATCH 08/12] add error code templates --- templates/error_codes.j2 | 41 ++++++++++++++++++++++++++++++++++++++++ templates/haproxy.cfg.j2 | 12 +++--------- 2 files changed, 44 insertions(+), 9 deletions(-) create mode 100644 templates/error_codes.j2 diff --git a/templates/error_codes.j2 b/templates/error_codes.j2 new file mode 100644 index 0000000..f19222b --- /dev/null +++ b/templates/error_codes.j2 @@ -0,0 +1,41 @@ + +
{{ haproxy_errors.short }}
+ + +
+ + +

{{ haproxy_errors.long }}

+
+ + diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2 index 1d2fc65..dbf6183 100644 --- a/templates/haproxy.cfg.j2 +++ b/templates/haproxy.cfg.j2 @@ -25,15 +25,9 @@ defaults timeout {{ timeout.type }} {{ timeout.value }} {% endfor %} - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 405 /etc/haproxy/errors/405.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 429 /etc/haproxy/errors/400.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http +{% for error in haproxy_errors %} + errorfile {{ error.code }} /etc/haproxy/errors/{{ error.code }}.http +{% endfor %} {% if haproxy_stats_enabled | bool %} listen haproxy_stats From ffb7546338bc2e928d15de28d1f4106ed72d3dc0 Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 14:50:22 +0200 Subject: [PATCH 09/12] add default error codes --- defaults/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 10d899d..aff3a1b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,6 +11,17 @@ haproxy_install_hatop: True haproxy_metrics: true +haproxy_errors: + - {code: 400, short: "Bad request", long: "Bad request (400)"} + - {code: 403, short: "Forbidden", long: "Forbidden. You may not have necessary permissions (403)"} + - {code: 405, short: "Method Not Allowed", long: "Requested method is not supported for this resource (405)"} + - {code: 408, short: "Request timeout", long: "Server timed out waiting for the request (408)"} + - {code: 429, short: "Too many requests", long: "You may have sent too many requests (429)"} + - {code: 500, short: "Internal Server Error", long: "Server has experienced an internal error (500)"} + - {code: 502, short: "Bad Gateway", long: "Bad Gateway (502)"} + - {code: 503, short: "Service Unavailable", long: "Service you are trying to reach is unavailable (503)"} + - {code: 504, short: "Gateway Timeout", long: "Gateway Timeout (504)"} + haproxy_timeouts: - { type: "connect", value: 5000 } - { type: "client", value: 50000 } From 6e61ae8074e9f86c154699d17ccc11d64ed12b5a Mon Sep 17 00:00:00 2001 From: Jakub Krol Date: Thu, 20 Jul 2017 15:14:34 +0200 Subject: [PATCH 10/12] fix template, add template-based configuration --- defaults/main.yml | 18 +++++++++--------- tasks/configure.yml | 7 ++++--- templates/error_codes.j2 | 4 ++-- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index aff3a1b..fe107ee 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,15 +12,15 @@ haproxy_install_hatop: True haproxy_metrics: true haproxy_errors: - - {code: 400, short: "Bad request", long: "Bad request (400)"} - - {code: 403, short: "Forbidden", long: "Forbidden. You may not have necessary permissions (403)"} - - {code: 405, short: "Method Not Allowed", long: "Requested method is not supported for this resource (405)"} - - {code: 408, short: "Request timeout", long: "Server timed out waiting for the request (408)"} - - {code: 429, short: "Too many requests", long: "You may have sent too many requests (429)"} - - {code: 500, short: "Internal Server Error", long: "Server has experienced an internal error (500)"} - - {code: 502, short: "Bad Gateway", long: "Bad Gateway (502)"} - - {code: 503, short: "Service Unavailable", long: "Service you are trying to reach is unavailable (503)"} - - {code: 504, short: "Gateway Timeout", long: "Gateway Timeout (504)"} + - { code: 400, short: "Bad request", long: "Bad request (400)" } + - { code: 403, short: "Forbidden", long: "Forbidden. You may not have necessary permissions (403)" } + - { code: 405, short: "Method Not Allowed", long: "Requested method is not supported for this resource (405)" } + - { code: 408, short: "Request timeout", long: "Server timed out waiting for the request (408)" } + - { code: 429, short: "Too many requests", long: "You may have sent too many requests (429)" } + - { code: 500, short: "Internal Server Error", long: "Server has experienced an internal error (500)" } + - { code: 502, short: "Bad Gateway", long: "Bad Gateway (502)" } + - { code: 503, short: "Service Unavailable", long: "Service you are trying to reach is unavailable (503)" } + - { code: 504, short: "Gateway Timeout", long: "Gateway Timeout (504)" } haproxy_timeouts: - { type: "connect", value: 5000 } diff --git a/tasks/configure.yml b/tasks/configure.yml index b0937f2..a0a86c2 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -8,9 +8,10 @@ when: haproxy_bind_on_non_local | bool - name: Copy errorfiles - copy: - src: files/ - dest: /etc/haproxy/errors/ + template: + src: "error_codes.j2" + dest: "/etc/haproxy/errors/{{ item.code }}.http" + with_items: "{{ haproxy_errors }}" - name: Drop base haproxy config template: diff --git a/templates/error_codes.j2 b/templates/error_codes.j2 index f19222b..d9592fa 100644 --- a/templates/error_codes.j2 +++ b/templates/error_codes.j2 @@ -1,5 +1,5 @@ -
{{ haproxy_errors.short }}
+
{{ item.short }}
- -
- - -

Service you are trying to reach is unavailable (400).

-
- - diff --git a/files/403.http b/files/403.http deleted file mode 100644 index e05b697..0000000 --- a/files/403.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (403).

-
- - diff --git a/files/405.http b/files/405.http deleted file mode 100644 index 5785420..0000000 --- a/files/405.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (405).

-
- - diff --git a/files/408.http b/files/408.http deleted file mode 100644 index 37d2a65..0000000 --- a/files/408.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (408).

-
- - diff --git a/files/429.http b/files/429.http deleted file mode 100644 index 5785420..0000000 --- a/files/429.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (405).

-
- - diff --git a/files/500.http b/files/500.http deleted file mode 100644 index 4d4b866..0000000 --- a/files/500.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (500).

-
- - diff --git a/files/502.http b/files/502.http deleted file mode 100644 index 2dd114a..0000000 --- a/files/502.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (502).

-
- - diff --git a/files/503.http b/files/503.http deleted file mode 100644 index e0786c3..0000000 --- a/files/503.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (503).

-
- - diff --git a/files/504.http b/files/504.http deleted file mode 100644 index 4eb5263..0000000 --- a/files/504.http +++ /dev/null @@ -1,41 +0,0 @@ - -
Service unavailable
- - -
- - -

Service you are trying to reach is unavailable (504).

-
- - diff --git a/tasks/configure.yml b/tasks/configure.yml index b0e5a52..c660df0 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -9,7 +9,7 @@ - name: Create errorfiles dir file: - path: "/etc/haproxy/errors/" + path: "/etc/haproxy/errors" state: directory when: ansible_distribution == 'CentOS'