From 2a5195078cbd8b332b27e406e2d5eb2f594310a8 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 15 Jun 2020 22:45:22 +0200
Subject: [PATCH] haproxy: split stats variables

---
 CHANGELOG.md                             |  1 +
 haproxy/defaults/main.yml                | 12 +++++++++++-
 haproxy/templates/haproxy.default.cfg.j2 |  6 +++---
 haproxy/templates/munin.conf.j2          |  2 +-
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e153fdd..7e83b8b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,7 @@ The **patch** part changes incrementally at each release.
 * packweb-apache: Don't turn on mod-evasive emails by default
 * haproxy: chroot and socket path are configurable
 * haproxy: adapt backports installed package list to distibution
+* haproxy: split stats variables
 * nginx: read server-status values before changing the config
 * redis: create sudoers file if missing
 * redis: new syntax for match filter
diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml
index 55452db8..42f5483b 100644
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@@ -1,7 +1,15 @@
 ---
 # backward compatibility with a previously used variable
+haproxy_stats_ssl: True
+haproxy_stats_host: "*"
+haproxy_stats_port: "8080"
+haproxy_stats_path: "/"
+haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
+
+haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
+haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
+
 haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
-haproxy_stats_url: "http://127.0.0.1:8080/"
 haproxy_update_config: True
 haproxy_force_config: True
 
@@ -13,6 +21,8 @@ haproxy_stats_admin_ips: []
 haproxy_maintenance_ips: []
 haproxy_deny_ips: []
 
+haproxy_ssl_dir: "/etc/haproxy/ssl/"
+
 haproxy_stats_enable: False
 haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
 
diff --git a/haproxy/templates/haproxy.default.cfg.j2 b/haproxy/templates/haproxy.default.cfg.j2
index 35f8a858..5f1f4ed5 100644
--- a/haproxy/templates/haproxy.default.cfg.j2
+++ b/haproxy/templates/haproxy.default.cfg.j2
@@ -44,11 +44,11 @@ defaults
 {% if haproxy_stats_enable %}
 listen stats
     mode http
-    bind {{ haproxy_stats_bind }}
+    bind {{ haproxy_stats_bind_directive }}
 
     stats enable
     stats refresh 10s
-    stats uri /
+    stats uri {{ haproxy_stats_path }}
     stats show-legends
     stats show-node
     stats admin if { src -f /etc/haproxy/stats_admin_ips }
@@ -59,7 +59,7 @@ listen stats
 
 # frontend http-https
 #     bind 0.0.0.0:80
-#     bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl
+#     bind 0.0.0.0:443 ssl crt {{ haproxy_ssl_dir }}
 # 
 #     capture request header Host len 32
 # 
diff --git a/haproxy/templates/munin.conf.j2 b/haproxy/templates/munin.conf.j2
index c7500521..7a423600 100644
--- a/haproxy/templates/munin.conf.j2
+++ b/haproxy/templates/munin.conf.j2
@@ -1,2 +1,2 @@
 [haproxy_*]
-env.url {{ haproxy_stats_url }};csv;norefresh
+env.url {{ haproxy_stats_internal_url }};csv;norefresh