From a5a2c6e335f4c3bfc611ebc8fc7858e5d8982615 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 6 Apr 2021 14:41:03 +0200
Subject: [PATCH 1/3] haproxy: dedicated internal address/binding (without SSL)

---
 CHANGELOG.md                             |  2 ++
 haproxy/defaults/main.yml                | 28 +++++++++++++-----------
 haproxy/templates/haproxy.default.cfg.j2 |  3 +++
 haproxy/templates/munin.conf.j2          |  4 +++-
 4 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9e6c849..5dd40682 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
 
 ### Added
 
+* haproxy: dedicated internal address/binding (without SSL)
+
 ### Changed
 
 ### Fixed
diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml
index c69f48d3..3e3ec047 100644
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@@ -1,34 +1,36 @@
 ---
+
+haproxy_ssl_dir: "/etc/haproxy/ssl/"
+
 # backward compatibility with a previously used variable
+haproxy_stats_enable: False
 haproxy_stats_ssl: True
 haproxy_stats_host: "*"
 haproxy_stats_port: "8080"
 haproxy_stats_path: "/"
 haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
 
-haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
+haproxy_stats_internal_enable: True
+haproxy_stats_internal_host: "127.0.0.1"
+haproxy_stats_internal_port: "8081"
+
 haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
 
-haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
-haproxy_update_config: True
-haproxy_force_config: True
-
-haproxy_socket: /run/haproxy/admin.sock
-haproxy_chroot: /var/lib/haproxy
-
 haproxy_stats_access_ips: []
 haproxy_stats_admin_ips: []
 haproxy_stats_users: []
 ## use crypt(8) password encryption 
 # haproxy_stats_users:
 #   - { login: "", password: "" }
+
+haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
+haproxy_update_config: True
+haproxy_force_config: True
+
+haproxy_socket: /run/haproxy/admin.sock
+haproxy_chroot: /var/lib/haproxy
 haproxy_maintenance_ips: []
 haproxy_deny_ips: []
 
-haproxy_ssl_dir: "/etc/haproxy/ssl/"
-
-haproxy_stats_enable: False
-haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
-
 haproxy_backports_packages_stretch: haproxy libssl1.0.0
 haproxy_backports_packages_buster: haproxy
diff --git a/haproxy/templates/haproxy.default.cfg.j2 b/haproxy/templates/haproxy.default.cfg.j2
index 1e6f8be1..e33d111a 100644
--- a/haproxy/templates/haproxy.default.cfg.j2
+++ b/haproxy/templates/haproxy.default.cfg.j2
@@ -45,6 +45,9 @@ userlist stats_users
 listen stats
     mode http
     bind {{ haproxy_stats_bind_directive }}
+{% if haproxy_stats_internal_enable %}
+    bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
+{% endif %}
 
     acl stats_access_ips src -f /etc/haproxy/stats_access_ips
     acl stats_admin_ips  src -f /etc/haproxy/stats_admin_ips
diff --git a/haproxy/templates/munin.conf.j2 b/haproxy/templates/munin.conf.j2
index 7a423600..24042f66 100644
--- a/haproxy/templates/munin.conf.j2
+++ b/haproxy/templates/munin.conf.j2
@@ -1,2 +1,4 @@
 [haproxy_*]
-env.url {{ haproxy_stats_internal_url }};csv;norefresh
+{% if haproxy_stats_internal_enable %}
+env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
+{% endif %}

From 0f8804a8ab3e4c07b039484716e4fd01f48c3000 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 8 Apr 2021 16:07:19 +0200
Subject: [PATCH 2/3] etc-git: commit in /usr/share/scripts when there's an
 active repository

---
 CHANGELOG.md                |  2 ++
 etc-git/tasks/commit.yml    | 72 +++++++++++--------------------------
 etc-git/tasks/do_commit.yml | 64 +++++++++++++++++++++++++++++++++
 3 files changed, 87 insertions(+), 51 deletions(-)
 create mode 100644 etc-git/tasks/do_commit.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5dd40682..0dffcfd4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ The **patch** part changes incrementally at each release.
 
 ### Changed
 
+* etc-git: commit in /usr/share/scripts when there's an active repository
+
 ### Fixed
 
 ### Removed
diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml
index 58aee384..9833601e 100644
--- a/etc-git/tasks/commit.yml
+++ b/etc-git/tasks/commit.yml
@@ -1,57 +1,27 @@
 ---
-- name: is /etc clean?
-  command: git status --porcelain
-  args:
-    chdir: /etc
-  changed_when: False
-  register: git_status
-  when: not ansible_check_mode
-  ignore_errors: yes
-  tags:
-    - etc-git
-    - commit-etc
 
-- debug:
-    var: git_status
-    verbosity: 3
-  tags:
-    - etc-git
-    - commit-etc
+- name: Is /etc a git repository
+  stat:
+    path: /etc/.git
+  register: _etc_git
 
-- name: fetch current Git user.email
-  git_config:
-    name: user.email
-    repo: /etc
-  register: git_config_user_email
-  ignore_errors: yes
-  tags:
-    - etc-git
-    - commit-etc
+- include: do_commit.yml
+  vars:
+    git_folder: "/etc"
+  when: 
+  - _etc_git.stat.exists
+  - _etc_git.stat.isdir
 
-- name: "set commit author"
-  set_fact:
-    commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
-    commit_email:  '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
-  tags:
-    - etc-git
-    - commit-etc
 
-- name: "/etc modifications are committed"
-  shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
-  args:
-    chdir: /etc
-  register: etc_commit_end_run
+
+- name: Is /usr/share/scripts a git repository
+  stat:
+    path: /usr/share/scripts/.git
+  register: _usr_share_scripts_git
+
+- include: do_commit.yml
+  vars:
+    git_folder: "/usr/share/scripts"
   when:
-    - not ansible_check_mode
-    - git_status.stdout
-  ignore_errors: yes
-  tags:
-    - etc-git
-    - commit-etc
-
-- debug:
-    var: etc_commit_end_run
-    verbosity: 4
-  tags:
-    - etc-git
-    - commit-etc
+  - _usr_share_scripts_git.stat.exists 
+  - _usr_share_scripts_git.stat.isdir
diff --git a/etc-git/tasks/do_commit.yml b/etc-git/tasks/do_commit.yml
new file mode 100644
index 00000000..f13c7e50
--- /dev/null
+++ b/etc-git/tasks/do_commit.yml
@@ -0,0 +1,64 @@
+---
+
+- name: "Remount /usr if needed"
+  include_role:
+    name: remount-usr
+  when: git_folder is match('/usr/.*')
+
+
+- name: "is {{ git_folder }} clean?"
+  command: git status --porcelain
+  args:
+    chdir: "{{ git_folder }}"
+  changed_when: False
+  register: git_status
+  when: not ansible_check_mode
+  ignore_errors: yes
+  tags:
+    - etc-git
+    - commit
+
+- debug:
+    var: git_status
+    verbosity: 3
+  tags:
+    - etc-git
+    - commit
+
+- name: fetch current Git user.email
+  git_config:
+    name: user.email
+    repo: "{{ git_folder }}"
+  register: git_config_user_email
+  ignore_errors: yes
+  tags:
+    - etc-git
+    - commit
+
+- name: "set commit author"
+  set_fact:
+    commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
+    commit_email:  '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
+  tags:
+    - etc-git
+    - commit
+
+- name: "{{ git_folder }} modifications are committed"
+  shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
+  args:
+    chdir: "{{ git_folder }}"
+  register: commit_end_run
+  when:
+    - not ansible_check_mode
+    - git_status.stdout
+  ignore_errors: yes
+  tags:
+    - etc-git
+    - commit
+
+- debug:
+    var: commit_end_run
+    verbosity: 4
+  tags:
+    - etc-git
+    - commit

From 5e0ca0e3ffb09d9f452aad0f47e764848f998c13 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 13 Apr 2021 15:56:09 +0200
Subject: [PATCH 3/3] Release 10.5.1

---
 CHANGELOG.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0dffcfd4..11b4a350 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,18 +12,24 @@ The **patch** part changes incrementally at each release.
 
 ### Added
 
-* haproxy: dedicated internal address/binding (without SSL)
-
 ### Changed
 
-* etc-git: commit in /usr/share/scripts when there's an active repository
-
 ### Fixed
 
 ### Removed
 
 ### Security
 
+## [10.5.1] 2021-04-13
+
+### Added
+
+* haproxy: dedicated internal address/binding (without SSL)
+
+### Changed
+
+* etc-git: commit in /usr/share/scripts when there's an active repository
+
 ## [10.5.0] 2021-04-01
 
 ### Added