feat(tls):remount chroot in containers, change logging params for container tests

defaults/main.yml

@@ -71,4 +71,3 @@ deploy_haproxy_listen:
       - acl health_check_ok nbsrv() ge 1
       - monitor-uri /health
       - http-request use-service prometheus-exporter if { path /metrics }
-      - 'http-response return 200 ''{"status": "ok"}'' if { path /health }'

molecule/default_vagrant/group_vars/all.yml

@@ -11,8 +11,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
-  - log /dev/log local1 notice
+  - log stdout format raw daemon debug
   - stats socket {{ deploy_haproxy_socket }} level admin
   - chroot {{ deploy_haproxy_chroot }}
   - daemon

molecule/with_tls_enabled_vagrant/group_vars/all.yml

@@ -4,6 +4,7 @@ deploy_haproxy_version: "2.8"
 
 deploy_haproxy_env_variables: {}
 deploy_haproxy_start_service: true
+deploy_haproxy_cert_dir: "/tmp/haproxy-cert"
 
 # docker-only options
 deploy_haproxy_extra_container_volumes: []
@@ -11,8 +12,7 @@ deploy_haproxy_extra_container_volumes: []
 # Options from the "default" config block in haproxy.cfg
 # The default values here are usually set, but you can change any of them.
 deploy_haproxy_global:
-  - log /dev/log local0
-  - log /dev/log local1 notice
+  - log stdout format raw daemon debug
   - stats socket {{ deploy_haproxy_socket }} level admin
   - chroot {{ deploy_haproxy_chroot }}
   - daemon
@@ -53,7 +53,7 @@ deploy_haproxy_backends:
 deploy_haproxy_listen:
   - name: monitoring
     options:
-      - bind :9000
+      - bind :9000 ssl crt /var/lib/haproxy/certs/cert.pem
       - mode http
       - option httpchk
       - stats enable

molecule/with_tls_enabled_vagrant/prepare.yml

@@ -17,17 +17,17 @@
           ansible.builtin.file:
             path: "/tmp/haproxy-cert"
             state: directory
-            owner: "root"
-            group: "root"
+            owner: "1000"
+            group: "1000"
             mode: "0777"
 
         - name: "Create private key"
           community.crypto.openssl_privatekey:
-            path: /tmp/haproxy-cert.key
+            path: /tmp/haproxy-cert/cert.pem.key
 
         - name: "Create certificate signing request"
           community.crypto.openssl_csr_pipe:
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
             common_name: haproxy.ansible.test
             organization_name: Ansible, Inc.
           register: csr
@@ -36,5 +36,5 @@
           community.crypto.x509_certificate:
             path: /tmp/haproxy-cert/cert.pem
             csr_content: "{{ csr.csr }}"
-            privatekey_path: /tmp/haproxy-cert.key
+            privatekey_path: /tmp/haproxy-cert/cert.pem.key
             provider: selfsigned

tasks/configure.yml

@@ -36,7 +36,7 @@
     - name: "Copy TLS certificates"
       ansible.builtin.template:
         src: "{{ item }}"
-        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename).split('.')[:-1] | join('.')}}"
+        dest: "{{ deploy_haproxy_cert_dir_dst }}/{{ (item | basename) }}"
         owner: "{{ deploy_haproxy_user }}"
         group: "{{ deploy_haproxy_group }}"
         mode: "0600"

vars/main.yml

@@ -12,7 +12,7 @@ deploy_haproxy_version_map:
   latest: "2.9"
 deploy_haproxy_container_volume_map:
   - "{{ deploy_haproxy_config_dir }}:/usr/local/etc/haproxy"
-  # - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
+  - "{{ deploy_haproxy_chroot }}:{{ deploy_haproxy_chroot }}"
 
 deploy_haproxy_repository:
   debian: