182 lines
7.2 KiB
YAML
182 lines
7.2 KiB
YAML
---
|
|
- name: Verify
|
|
hosts: all
|
|
gather_facts: true
|
|
become: true
|
|
tasks:
|
|
- name: "Test: haproxy user and group"
|
|
block:
|
|
- name: "Getent user haproxy"
|
|
ansible.builtin.getent:
|
|
database: passwd
|
|
key: haproxy
|
|
register: haproxy_user
|
|
|
|
- name: "Getent group haproxy"
|
|
ansible.builtin.getent:
|
|
database: group
|
|
key: haproxy
|
|
register: haproxy_group
|
|
|
|
- name: "Verify haproxy user and group"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- not haproxy_user.failed
|
|
- not haproxy_group.failed
|
|
- "'haproxy' in haproxy_user.ansible_facts.getent_passwd.keys()"
|
|
- "'/var/lib/haproxy' in haproxy_user.ansible_facts.getent_passwd['haproxy']"
|
|
- "'/bin/false' in haproxy_user.ansible_facts.getent_passwd['haproxy']"
|
|
- "'haproxy' in haproxy_group.ansible_facts.getent_group.keys()"
|
|
|
|
- name: "Test: directory /etc/haproxy"
|
|
block:
|
|
- name: "Stat directory /etc/haproxy"
|
|
ansible.builtin.stat:
|
|
path: "/etc/haproxy"
|
|
register: stat_etc_haproxy
|
|
|
|
- name: "Stat file /etc/haproxy/haproxy.env"
|
|
ansible.builtin.stat:
|
|
path: "/etc/haproxy/haproxy.env"
|
|
register: stat_etc_haproxy_haproxy_env
|
|
|
|
- name: "Stat file /etc/haproxy/haproxy.cfg"
|
|
ansible.builtin.stat:
|
|
path: "/etc/haproxy/haproxy.cfg"
|
|
register: stat_etc_haproxy_haproxy_cfg
|
|
|
|
- name: "Slurp file /etc/haproxy/haproxy.cfg"
|
|
ansible.builtin.slurp:
|
|
src: "/etc/haproxy/haproxy.cfg"
|
|
register: slurp_etc_haproxy_haproxy_cfg
|
|
|
|
- name: "Verify directory /etc/haproxy"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- stat_etc_haproxy.stat.exists
|
|
- stat_etc_haproxy.stat.isdir
|
|
- stat_etc_haproxy.stat.pw_name == 'haproxy'
|
|
- stat_etc_haproxy.stat.gr_name == 'haproxy'
|
|
- stat_etc_haproxy.stat.mode == '0755'
|
|
- stat_etc_haproxy_haproxy_env.stat.exists
|
|
- stat_etc_haproxy_haproxy_env.stat.isreg
|
|
- stat_etc_haproxy_haproxy_env.stat.pw_name == 'haproxy'
|
|
- stat_etc_haproxy_haproxy_env.stat.gr_name == 'haproxy'
|
|
- stat_etc_haproxy_haproxy_env.stat.mode == '0600'
|
|
- stat_etc_haproxy_haproxy_cfg.stat.exists
|
|
- stat_etc_haproxy_haproxy_cfg.stat.isreg
|
|
- stat_etc_haproxy_haproxy_cfg.stat.pw_name == 'haproxy'
|
|
- stat_etc_haproxy_haproxy_cfg.stat.gr_name == 'haproxy'
|
|
- stat_etc_haproxy_haproxy_cfg.stat.mode == '0600'
|
|
- slurp_etc_haproxy_haproxy_cfg.content != ''
|
|
|
|
- name: "Test: directory /var/lib/haproxy"
|
|
block:
|
|
- name: "Stat directory /var/lib/haproxy"
|
|
ansible.builtin.stat:
|
|
path: "/var/lib/haproxy"
|
|
register: stat_var_lib_haproxy
|
|
|
|
- name: "Stat socket /var/lib/haproxy/stats"
|
|
ansible.builtin.stat:
|
|
path: "/var/lib/haproxy/stats"
|
|
register: stat_var_lib_haproxy_stats
|
|
|
|
- name: "Verify directory /var/lib/haproxy"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- stat_var_lib_haproxy.stat.exists
|
|
- stat_var_lib_haproxy.stat.isdir
|
|
- stat_var_lib_haproxy.stat.pw_name == 'haproxy'
|
|
- stat_var_lib_haproxy.stat.gr_name == 'haproxy'
|
|
- stat_var_lib_haproxy.stat.mode == '0755'
|
|
- stat_var_lib_haproxy_stats.stat.exists
|
|
- stat_var_lib_haproxy_stats.stat.issock
|
|
|
|
- name: "Test: service haproxy"
|
|
block:
|
|
- name: "Get service haproxy"
|
|
ansible.builtin.service_facts:
|
|
|
|
- name: "Stat file /etc/systemd/system/haproxy.service"
|
|
ansible.builtin.stat:
|
|
path: "/etc/systemd/system/haproxy.service"
|
|
register: stat_etc_systemd_system_haproxy_service
|
|
|
|
- name: "Slurp file /etc/systemd/system/haproxy.service"
|
|
ansible.builtin.slurp:
|
|
src: "/etc/systemd/system/haproxy.service"
|
|
register: slurp_etc_systemd_system_haproxy_service
|
|
|
|
- name: "Verify service haproxy"
|
|
vars:
|
|
haproxy_expected_service_file: |
|
|
# Ansible managed: Do NOT edit this file manually!
|
|
[Unit]
|
|
Description=HAProxy Load Balancer
|
|
Documentation=man:haproxy(1)
|
|
Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
|
|
ConditionFileNotEmpty=/etc/haproxy/haproxy.cfg
|
|
After=network-online.target rsyslog.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
EnvironmentFile=-/etc/default/haproxy
|
|
EnvironmentFile=-/etc/haproxy/haproxy.env
|
|
BindReadOnlyPaths=/dev/log:/var/lib/haproxy/dev/log
|
|
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
|
|
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
|
|
ExecReload=/usr/sbin/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
|
|
ExecReload=/bin/kill -USR2 $MAINPID
|
|
KillMode=mixed
|
|
Restart=always
|
|
SuccessExitStatus=143
|
|
Type=notify
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
ansible.builtin.assert:
|
|
that:
|
|
- stat_etc_systemd_system_haproxy_service.stat.exists
|
|
- stat_etc_systemd_system_haproxy_service.stat.isreg
|
|
- stat_etc_systemd_system_haproxy_service.stat.pw_name == 'root'
|
|
- stat_etc_systemd_system_haproxy_service.stat.gr_name == 'root'
|
|
- stat_etc_systemd_system_haproxy_service.stat.mode == '0644'
|
|
- (slurp_etc_systemd_system_haproxy_service.content|b64decode) == haproxy_expected_service_file
|
|
- ansible_facts.services['haproxy.service'] is defined
|
|
- ansible_facts.services['haproxy.service']['source'] == 'systemd'
|
|
- ansible_facts.services['haproxy.service']['state'] == 'running'
|
|
- ansible_facts.services['haproxy.service']['status'] == 'enabled'
|
|
|
|
- name: "Test: haproxy endpoints"
|
|
block:
|
|
- name: "Get haproxy /health"
|
|
ansible.builtin.uri:
|
|
url: "https://127.0.0.1:9000/health"
|
|
method: GET
|
|
validate_certs: false
|
|
register: haproxy_health_endpoint
|
|
|
|
- name: "Get haproxy /stats"
|
|
ansible.builtin.uri:
|
|
url: "https://127.0.0.1:9000/stats"
|
|
method: GET
|
|
force_basic_auth: true
|
|
url_username: admin
|
|
url_password: password
|
|
validate_certs: false
|
|
register: haproxy_stats_endpoint
|
|
|
|
- name: "Get haproxy /metrics"
|
|
ansible.builtin.uri:
|
|
url: "https://127.0.0.1:9000/metrics"
|
|
method: GET
|
|
validate_certs: false
|
|
register: haproxy_metrics_endpoint
|
|
|
|
- name: "Verify haproxy endpoints"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- haproxy_health_endpoint.status == 200
|
|
- haproxy_stats_endpoint.status == 200
|
|
- haproxy_metrics_endpoint.status == 200 |