Merge pull request '10.5.1' (#125) from unstable into stable
Reviewed-on: #125
This commit is contained in:
commit
2f4b5b9448
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -20,6 +20,16 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [10.5.1] 2021-04-13
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* haproxy: dedicated internal address/binding (without SSL)
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* etc-git: commit in /usr/share/scripts when there's an active repository
|
||||||
|
|
||||||
## [10.5.0] 2021-04-01
|
## [10.5.0] 2021-04-01
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -1,57 +1,27 @@
|
||||||
---
|
---
|
||||||
- name: is /etc clean?
|
|
||||||
command: git status --porcelain
|
|
||||||
args:
|
|
||||||
chdir: /etc
|
|
||||||
changed_when: False
|
|
||||||
register: git_status
|
|
||||||
when: not ansible_check_mode
|
|
||||||
ignore_errors: yes
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- debug:
|
- name: Is /etc a git repository
|
||||||
var: git_status
|
stat:
|
||||||
verbosity: 3
|
path: /etc/.git
|
||||||
tags:
|
register: _etc_git
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: fetch current Git user.email
|
- include: do_commit.yml
|
||||||
git_config:
|
vars:
|
||||||
name: user.email
|
git_folder: "/etc"
|
||||||
repo: /etc
|
when:
|
||||||
register: git_config_user_email
|
- _etc_git.stat.exists
|
||||||
ignore_errors: yes
|
- _etc_git.stat.isdir
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: "set commit author"
|
|
||||||
set_fact:
|
|
||||||
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
|
||||||
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: "/etc modifications are committed"
|
|
||||||
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
- name: Is /usr/share/scripts a git repository
|
||||||
args:
|
stat:
|
||||||
chdir: /etc
|
path: /usr/share/scripts/.git
|
||||||
register: etc_commit_end_run
|
register: _usr_share_scripts_git
|
||||||
|
|
||||||
|
- include: do_commit.yml
|
||||||
|
vars:
|
||||||
|
git_folder: "/usr/share/scripts"
|
||||||
when:
|
when:
|
||||||
- not ansible_check_mode
|
- _usr_share_scripts_git.stat.exists
|
||||||
- git_status.stdout
|
- _usr_share_scripts_git.stat.isdir
|
||||||
ignore_errors: yes
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: etc_commit_end_run
|
|
||||||
verbosity: 4
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Remount /usr if needed"
|
||||||
|
include_role:
|
||||||
|
name: remount-usr
|
||||||
|
when: git_folder is match('/usr/.*')
|
||||||
|
|
||||||
|
|
||||||
|
- name: "is {{ git_folder }} clean?"
|
||||||
|
command: git status --porcelain
|
||||||
|
args:
|
||||||
|
chdir: "{{ git_folder }}"
|
||||||
|
changed_when: False
|
||||||
|
register: git_status
|
||||||
|
when: not ansible_check_mode
|
||||||
|
ignore_errors: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: git_status
|
||||||
|
verbosity: 3
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
||||||
|
|
||||||
|
- name: fetch current Git user.email
|
||||||
|
git_config:
|
||||||
|
name: user.email
|
||||||
|
repo: "{{ git_folder }}"
|
||||||
|
register: git_config_user_email
|
||||||
|
ignore_errors: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
||||||
|
|
||||||
|
- name: "set commit author"
|
||||||
|
set_fact:
|
||||||
|
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
||||||
|
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
||||||
|
|
||||||
|
- name: "{{ git_folder }} modifications are committed"
|
||||||
|
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
||||||
|
args:
|
||||||
|
chdir: "{{ git_folder }}"
|
||||||
|
register: commit_end_run
|
||||||
|
when:
|
||||||
|
- not ansible_check_mode
|
||||||
|
- git_status.stdout
|
||||||
|
ignore_errors: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: commit_end_run
|
||||||
|
verbosity: 4
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
- commit
|
|
@ -1,34 +1,36 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||||
|
|
||||||
# backward compatibility with a previously used variable
|
# backward compatibility with a previously used variable
|
||||||
|
haproxy_stats_enable: False
|
||||||
haproxy_stats_ssl: True
|
haproxy_stats_ssl: True
|
||||||
haproxy_stats_host: "*"
|
haproxy_stats_host: "*"
|
||||||
haproxy_stats_port: "8080"
|
haproxy_stats_port: "8080"
|
||||||
haproxy_stats_path: "/"
|
haproxy_stats_path: "/"
|
||||||
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
||||||
|
|
||||||
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
haproxy_stats_internal_enable: True
|
||||||
|
haproxy_stats_internal_host: "127.0.0.1"
|
||||||
|
haproxy_stats_internal_port: "8081"
|
||||||
|
|
||||||
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||||
|
|
||||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
|
||||||
haproxy_update_config: True
|
|
||||||
haproxy_force_config: True
|
|
||||||
|
|
||||||
haproxy_socket: /run/haproxy/admin.sock
|
|
||||||
haproxy_chroot: /var/lib/haproxy
|
|
||||||
|
|
||||||
haproxy_stats_access_ips: []
|
haproxy_stats_access_ips: []
|
||||||
haproxy_stats_admin_ips: []
|
haproxy_stats_admin_ips: []
|
||||||
haproxy_stats_users: []
|
haproxy_stats_users: []
|
||||||
## use crypt(8) password encryption
|
## use crypt(8) password encryption
|
||||||
# haproxy_stats_users:
|
# haproxy_stats_users:
|
||||||
# - { login: "", password: "" }
|
# - { login: "", password: "" }
|
||||||
|
|
||||||
|
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||||
|
haproxy_update_config: True
|
||||||
|
haproxy_force_config: True
|
||||||
|
|
||||||
|
haproxy_socket: /run/haproxy/admin.sock
|
||||||
|
haproxy_chroot: /var/lib/haproxy
|
||||||
haproxy_maintenance_ips: []
|
haproxy_maintenance_ips: []
|
||||||
haproxy_deny_ips: []
|
haproxy_deny_ips: []
|
||||||
|
|
||||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
|
||||||
|
|
||||||
haproxy_stats_enable: False
|
|
||||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
|
||||||
|
|
||||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||||
haproxy_backports_packages_buster: haproxy
|
haproxy_backports_packages_buster: haproxy
|
||||||
|
|
|
@ -45,6 +45,9 @@ userlist stats_users
|
||||||
listen stats
|
listen stats
|
||||||
mode http
|
mode http
|
||||||
bind {{ haproxy_stats_bind_directive }}
|
bind {{ haproxy_stats_bind_directive }}
|
||||||
|
{% if haproxy_stats_internal_enable %}
|
||||||
|
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||||
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||||
|
|
|
@ -1,2 +1,4 @@
|
||||||
[haproxy_*]
|
[haproxy_*]
|
||||||
env.url {{ haproxy_stats_internal_url }};csv;norefresh
|
{% if haproxy_stats_internal_enable %}
|
||||||
|
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue