feat(tls):remount chroot in containers, change logging params for container tests

2024-02-02 23:42:53 +01:00 · 2024-02-02 23:42:53 +01:00 · 6903225edd
commit 6903225edd
parent aae5f3bb83
6 changed files with 11 additions and 13 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -71,4 +71,3 @@ deploy_haproxy_listen:
      - acl health_check_ok nbsrv() ge 1
      - monitor-uri /health
      - http-request use-service prometheus-exporter if { path /metrics }
      - 'http-response return 200 ''{"status": "ok"}'' if { path /health }'
--- a/molecule/default_vagrant/group_vars/all.yml
+++ b/molecule/default_vagrant/group_vars/all.yml
@ -11,8 +11,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
+  - log stdout format raw daemon debug
  - log /dev/log local1 notice
  - stats socket {{ deploy_haproxy_socket }} level admin
  - chroot {{ deploy_haproxy_chroot }}
  - daemon
--- a/molecule/with_tls_enabled_vagrant/group_vars/all.yml
+++ b/molecule/with_tls_enabled_vagrant/group_vars/all.yml
@ -4,6 +4,7 @@ deploy_haproxy_version: "2.8"
 deploy_haproxy_env_variables: {}
 deploy_haproxy_start_service: true
 deploy_haproxy_cert_dir: "/tmp/haproxy-cert"
 # docker-only options
 deploy_haproxy_extra_container_volumes: []
@ -11,8 +12,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
+  - log stdout format raw daemon debug
  - log /dev/log local1 notice
  - stats socket {{ deploy_haproxy_socket }} level admin
  - chroot {{ deploy_haproxy_chroot }}
  - daemon
@ -53,7 +53,7 @@ deploy_haproxy_backends:
 deploy_haproxy_listen:
  - name: monitoring
    options:
-      - bind :9000
+      - bind :9000 ssl crt /var/lib/haproxy/certs/cert.pem
      - mode http
      - option httpchk
      - stats enable
--- a/molecule/with_tls_enabled_vagrant/prepare.yml
+++ b/molecule/with_tls_enabled_vagrant/prepare.yml
@ -17,17 +17,17 @@
          ansible.builtin.file:
            path: "/tmp/haproxy-cert"
            state: directory
-            owner: "root"
+            owner: "1000"
-            group: "root"
+            group: "1000"
            mode: "0777"
        - name: "Create private key"
          community.crypto.openssl_privatekey:
-            path: /tmp/haproxy-cert.key
+            path: /tmp/haproxy-cert/cert.pem.key
        - name: "Create certificate signing request"
          community.crypto.openssl_csr_pipe:
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
            common_name: haproxy.ansible.test
            organization_name: Ansible, Inc.
          register: csr
@ -36,5 +36,5 @@
          community.crypto.x509_certificate:
            path: /tmp/haproxy-cert/cert.pem
            csr_content: "{{ csr.csr }}"
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
            provider: selfsigned
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -36,7 +36,7 @@
    - name: "Copy TLS certificates"
      ansible.builtin.template:
        src: "{{ item }}"
-        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename).split('.')[:-1] | join('.')}}"
+        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename) }}"
        owner: "{{ deploy_haproxy_user }}"
        group: "{{ deploy_haproxy_group }}"
        mode: "0600"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -12,7 +12,7 @@ deploy_haproxy_version_map:
  latest: "2.9"
 deploy_haproxy_container_volume_map:
  - "{{ deploy_haproxy_config_dir }}:/usr/local/etc/haproxy"
-  # - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
+  - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
 deploy_haproxy_repository:
  debian: