feat(tls):remount chroot in containers, change logging params for container tests
This commit is contained in:
parent
aae5f3bb83
commit
6903225edd
@ -71,4 +71,3 @@ deploy_haproxy_listen:
|
||||
- acl health_check_ok nbsrv() ge 1
|
||||
- monitor-uri /health
|
||||
- http-request use-service prometheus-exporter if { path /metrics }
|
||||
- 'http-response return 200 ''{"status": "ok"}'' if { path /health }'
|
||||
|
@ -11,8 +11,7 @@ deploy_haproxy_extra_container_volumes: []
|
||||
# Options from the "default" config block in haproxy.cfg
|
||||
# The default values here are usually set, but you can change any of them.
|
||||
deploy_haproxy_global:
|
||||
- log /dev/log local0
|
||||
- log /dev/log local1 notice
|
||||
- log stdout format raw daemon debug
|
||||
- stats socket {{ deploy_haproxy_socket }} level admin
|
||||
- chroot {{ deploy_haproxy_chroot }}
|
||||
- daemon
|
||||
|
@ -4,6 +4,7 @@ deploy_haproxy_version: "2.8"
|
||||
|
||||
deploy_haproxy_env_variables: {}
|
||||
deploy_haproxy_start_service: true
|
||||
deploy_haproxy_cert_dir: "/tmp/haproxy-cert"
|
||||
|
||||
# docker-only options
|
||||
deploy_haproxy_extra_container_volumes: []
|
||||
@ -11,8 +12,7 @@ deploy_haproxy_extra_container_volumes: []
|
||||
# Options from the "default" config block in haproxy.cfg
|
||||
# The default values here are usually set, but you can change any of them.
|
||||
deploy_haproxy_global:
|
||||
- log /dev/log local0
|
||||
- log /dev/log local1 notice
|
||||
- log stdout format raw daemon debug
|
||||
- stats socket {{ deploy_haproxy_socket }} level admin
|
||||
- chroot {{ deploy_haproxy_chroot }}
|
||||
- daemon
|
||||
@ -53,7 +53,7 @@ deploy_haproxy_backends:
|
||||
deploy_haproxy_listen:
|
||||
- name: monitoring
|
||||
options:
|
||||
- bind :9000
|
||||
- bind :9000 ssl crt /var/lib/haproxy/certs/cert.pem
|
||||
- mode http
|
||||
- option httpchk
|
||||
- stats enable
|
||||
|
@ -17,17 +17,17 @@
|
||||
ansible.builtin.file:
|
||||
path: "/tmp/haproxy-cert"
|
||||
state: directory
|
||||
owner: "root"
|
||||
group: "root"
|
||||
owner: "1000"
|
||||
group: "1000"
|
||||
mode: "0777"
|
||||
|
||||
- name: "Create private key"
|
||||
community.crypto.openssl_privatekey:
|
||||
path: /tmp/haproxy-cert.key
|
||||
path: /tmp/haproxy-cert/cert.pem.key
|
||||
|
||||
- name: "Create certificate signing request"
|
||||
community.crypto.openssl_csr_pipe:
|
||||
privatekey_path: /tmp/haproxy-cert.key
|
||||
privatekey_path: /tmp/haproxy-cert/cert.pem.key
|
||||
common_name: haproxy.ansible.test
|
||||
organization_name: Ansible, Inc.
|
||||
register: csr
|
||||
@ -36,5 +36,5 @@
|
||||
community.crypto.x509_certificate:
|
||||
path: /tmp/haproxy-cert/cert.pem
|
||||
csr_content: "{{ csr.csr }}"
|
||||
privatekey_path: /tmp/haproxy-cert.key
|
||||
privatekey_path: /tmp/haproxy-cert/cert.pem.key
|
||||
provider: selfsigned
|
||||
|
@ -36,7 +36,7 @@
|
||||
- name: "Copy TLS certificates"
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename).split('.')[:-1] | join('.')}}"
|
||||
dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename) }}"
|
||||
owner: "{{ deploy_haproxy_user }}"
|
||||
group: "{{ deploy_haproxy_group }}"
|
||||
mode: "0600"
|
||||
|
@ -12,7 +12,7 @@ deploy_haproxy_version_map:
|
||||
latest: "2.9"
|
||||
deploy_haproxy_container_volume_map:
|
||||
- "{{ deploy_haproxy_config_dir }}:/usr/local/etc/haproxy"
|
||||
# - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
|
||||
- "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
|
||||
|
||||
deploy_haproxy_repository:
|
||||
debian:
|
||||
|
Loading…
Reference in New Issue
Block a user