10.5.1 #125
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -20,6 +20,16 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Security
|
||||
|
||||
## [10.5.1] 2021-04-13
|
||||
|
||||
### Added
|
||||
|
||||
* haproxy: dedicated internal address/binding (without SSL)
|
||||
|
||||
### Changed
|
||||
|
||||
* etc-git: commit in /usr/share/scripts when there's an active repository
|
||||
|
||||
## [10.5.0] 2021-04-01
|
||||
|
||||
### Added
|
||||
|
|
|
@ -1,57 +1,27 @@
|
|||
---
|
||||
- name: is /etc clean?
|
||||
command: git status --porcelain
|
||||
args:
|
||||
chdir: /etc
|
||||
changed_when: False
|
||||
register: git_status
|
||||
when: not ansible_check_mode
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
|
||||
- debug:
|
||||
var: git_status
|
||||
verbosity: 3
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
- name: Is /etc a git repository
|
||||
stat:
|
||||
path: /etc/.git
|
||||
register: _etc_git
|
||||
|
||||
- name: fetch current Git user.email
|
||||
git_config:
|
||||
name: user.email
|
||||
repo: /etc
|
||||
register: git_config_user_email
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
|
||||
- name: "set commit author"
|
||||
set_fact:
|
||||
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
||||
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
|
||||
- name: "/etc modifications are committed"
|
||||
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
||||
args:
|
||||
chdir: /etc
|
||||
register: etc_commit_end_run
|
||||
- include: do_commit.yml
|
||||
vars:
|
||||
git_folder: "/etc"
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- git_status.stdout
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
- _etc_git.stat.exists
|
||||
- _etc_git.stat.isdir
|
||||
|
||||
- debug:
|
||||
var: etc_commit_end_run
|
||||
verbosity: 4
|
||||
tags:
|
||||
- etc-git
|
||||
- commit-etc
|
||||
|
||||
|
||||
- name: Is /usr/share/scripts a git repository
|
||||
stat:
|
||||
path: /usr/share/scripts/.git
|
||||
register: _usr_share_scripts_git
|
||||
|
||||
- include: do_commit.yml
|
||||
vars:
|
||||
git_folder: "/usr/share/scripts"
|
||||
when:
|
||||
- _usr_share_scripts_git.stat.exists
|
||||
- _usr_share_scripts_git.stat.isdir
|
||||
|
|
64
etc-git/tasks/do_commit.yml
Normal file
64
etc-git/tasks/do_commit.yml
Normal file
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
include_role:
|
||||
name: remount-usr
|
||||
when: git_folder is match('/usr/.*')
|
||||
|
||||
|
||||
- name: "is {{ git_folder }} clean?"
|
||||
command: git status --porcelain
|
||||
args:
|
||||
chdir: "{{ git_folder }}"
|
||||
changed_when: False
|
||||
register: git_status
|
||||
when: not ansible_check_mode
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- debug:
|
||||
var: git_status
|
||||
verbosity: 3
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: fetch current Git user.email
|
||||
git_config:
|
||||
name: user.email
|
||||
repo: "{{ git_folder }}"
|
||||
register: git_config_user_email
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: "set commit author"
|
||||
set_fact:
|
||||
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
||||
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: "{{ git_folder }} modifications are committed"
|
||||
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
||||
args:
|
||||
chdir: "{{ git_folder }}"
|
||||
register: commit_end_run
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- git_status.stdout
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- debug:
|
||||
var: commit_end_run
|
||||
verbosity: 4
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
|
@ -1,34 +1,36 @@
|
|||
---
|
||||
|
||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||
|
||||
# backward compatibility with a previously used variable
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_ssl: True
|
||||
haproxy_stats_host: "*"
|
||||
haproxy_stats_port: "8080"
|
||||
haproxy_stats_path: "/"
|
||||
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
||||
|
||||
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||
haproxy_stats_internal_enable: True
|
||||
haproxy_stats_internal_host: "127.0.0.1"
|
||||
haproxy_stats_internal_port: "8081"
|
||||
|
||||
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||
|
||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||
haproxy_update_config: True
|
||||
haproxy_force_config: True
|
||||
|
||||
haproxy_socket: /run/haproxy/admin.sock
|
||||
haproxy_chroot: /var/lib/haproxy
|
||||
|
||||
haproxy_stats_access_ips: []
|
||||
haproxy_stats_admin_ips: []
|
||||
haproxy_stats_users: []
|
||||
## use crypt(8) password encryption
|
||||
# haproxy_stats_users:
|
||||
# - { login: "", password: "" }
|
||||
|
||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||
haproxy_update_config: True
|
||||
haproxy_force_config: True
|
||||
|
||||
haproxy_socket: /run/haproxy/admin.sock
|
||||
haproxy_chroot: /var/lib/haproxy
|
||||
haproxy_maintenance_ips: []
|
||||
haproxy_deny_ips: []
|
||||
|
||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
||||
|
||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||
haproxy_backports_packages_buster: haproxy
|
||||
|
|
|
@ -45,6 +45,9 @@ userlist stats_users
|
|||
listen stats
|
||||
mode http
|
||||
bind {{ haproxy_stats_bind_directive }}
|
||||
{% if haproxy_stats_internal_enable %}
|
||||
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
|
||||
{% endif %}
|
||||
|
||||
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||
|
|
|
@ -1,2 +1,4 @@
|
|||
[haproxy_*]
|
||||
env.url {{ haproxy_stats_internal_url }};csv;norefresh
|
||||
{% if haproxy_stats_internal_enable %}
|
||||
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue