From 6903225edd46ad02111102dfa1a09e1f7ea9f66f Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Fri, 2 Feb 2024 23:42:53 +0100
Subject: [PATCH] feat(tls):remount chroot in containers, change logging params
 for container tests

---
 defaults/main.yml                                    |  1 -
 molecule/default_vagrant/group_vars/all.yml          |  3 +--
 molecule/with_tls_enabled_vagrant/group_vars/all.yml |  6 +++---
 molecule/with_tls_enabled_vagrant/prepare.yml        | 10 +++++-----
 tasks/configure.yml                                  |  2 +-
 vars/main.yml                                        |  2 +-
 6 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 12bf2d9..452e5c7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -71,4 +71,3 @@ deploy_haproxy_listen:
       - acl health_check_ok nbsrv() ge 1
       - monitor-uri /health
       - http-request use-service prometheus-exporter if { path /metrics }
-      - 'http-response return 200 ''{"status": "ok"}'' if { path /health }'
diff --git a/molecule/default_vagrant/group_vars/all.yml b/molecule/default_vagrant/group_vars/all.yml
index 46d6165..019cbb1 100644
--- a/molecule/default_vagrant/group_vars/all.yml
+++ b/molecule/default_vagrant/group_vars/all.yml
@@ -11,8 +11,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
-  - log /dev/log local1 notice
+  - log stdout format raw daemon debug
   - stats socket {{ deploy_haproxy_socket }} level admin
   - chroot {{ deploy_haproxy_chroot }}
   - daemon
diff --git a/molecule/with_tls_enabled_vagrant/group_vars/all.yml b/molecule/with_tls_enabled_vagrant/group_vars/all.yml
index 46d6165..2e607c0 100644
--- a/molecule/with_tls_enabled_vagrant/group_vars/all.yml
+++ b/molecule/with_tls_enabled_vagrant/group_vars/all.yml
@@ -4,6 +4,7 @@ deploy_haproxy_version: "2.8"
 
 deploy_haproxy_env_variables: {}
 deploy_haproxy_start_service: true
+deploy_haproxy_cert_dir: "/tmp/haproxy-cert"
 
 # docker-only options
 deploy_haproxy_extra_container_volumes: []
@@ -11,8 +12,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
-  - log /dev/log local1 notice
+  - log stdout format raw daemon debug
   - stats socket {{ deploy_haproxy_socket }} level admin
   - chroot {{ deploy_haproxy_chroot }}
   - daemon
@@ -53,7 +53,7 @@ deploy_haproxy_backends:
 deploy_haproxy_listen:
   - name: monitoring
     options:
-      - bind :9000
+      - bind :9000 ssl crt /var/lib/haproxy/certs/cert.pem
       - mode http
       - option httpchk
       - stats enable
diff --git a/molecule/with_tls_enabled_vagrant/prepare.yml b/molecule/with_tls_enabled_vagrant/prepare.yml
index 23cc548..0e11fd8 100644
--- a/molecule/with_tls_enabled_vagrant/prepare.yml
+++ b/molecule/with_tls_enabled_vagrant/prepare.yml
@@ -17,17 +17,17 @@
           ansible.builtin.file:
             path: "/tmp/haproxy-cert"
             state: directory
-            owner: "root"
-            group: "root"
+            owner: "1000"
+            group: "1000"
             mode: "0777"
 
         - name: "Create private key"
           community.crypto.openssl_privatekey:
-            path: /tmp/haproxy-cert.key
+            path: /tmp/haproxy-cert/cert.pem.key
 
         - name: "Create certificate signing request"
           community.crypto.openssl_csr_pipe:
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
             common_name: haproxy.ansible.test
             organization_name: Ansible, Inc.
           register: csr
@@ -36,5 +36,5 @@
           community.crypto.x509_certificate:
             path: /tmp/haproxy-cert/cert.pem
             csr_content: "{{ csr.csr }}"
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
             provider: selfsigned
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 583b9b0..83abf05 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -36,7 +36,7 @@
     - name: "Copy TLS certificates"
       ansible.builtin.template:
         src: "{{ item }}"
-        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename).split('.')[:-1] | join('.')}}"
+        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename) }}"
         owner: "{{ deploy_haproxy_user }}"
         group: "{{ deploy_haproxy_group }}"
         mode: "0600"
diff --git a/vars/main.yml b/vars/main.yml
index c8229ba..a126e18 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -12,7 +12,7 @@ deploy_haproxy_version_map:
   latest: "2.9"
 deploy_haproxy_container_volume_map:
   - "{{ deploy_haproxy_config_dir }}:/usr/local/etc/haproxy"
-  # - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
+  - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
 
 deploy_haproxy_repository:
   debian: