diff --git a/.gitignore b/.gitignore index 3a77206..c46a9ec 100644 --- a/.gitignore +++ b/.gitignore @@ -45,6 +45,7 @@ logs/* # OS generated files # ###################### ._* +.ansible .tox *.egg-info .eggs diff --git a/defaults/main.yml b/defaults/main.yml index b1c9eef..c8aa61d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,7 +15,7 @@ # Validate Certificates when downloading hatop. May be set to "no" when proxy server # is intercepting the certificates. -haproxy_hatop_download_validate_certs: yes +haproxy_hatop_download_validate_certs: true # Set the package install state for distribution packages # Options are 'present' and 'latest' @@ -27,7 +27,7 @@ haproxy_fall: 3 haproxy_interval: 12000 ## Haproxy Stats -haproxy_stats_enabled: False +haproxy_stats_enabled: false haproxy_stats_bind_address: 127.0.0.1 haproxy_stats_port: 1936 haproxy_stats_ssl: "{{ haproxy_ssl }}" @@ -38,7 +38,7 @@ haproxy_stats_password: secrete haproxy_stats_refresh_interval: 60 # Prometheus stats are supported from HAProxy v2 # Stats must be enabled above before this can be used -haproxy_stats_prometheus_enabled: False +haproxy_stats_prometheus_enabled: false # Default haproxy backup nodes to empty list so this doesn't have to be # defined for each service. @@ -51,8 +51,8 @@ haproxy_frontend_redirect_extra_raw: "{{ haproxy_frontend_extra_raw }}" # Default values for enabling HTTP/2 support # Note, that while HTTP/2 will be enabled on frontends that are covered with TLS, # backends can be configured to use HTTP/2 regardless of TLS. -haproxy_frontend_h2: True -haproxy_backend_h2: False +haproxy_frontend_h2: true +haproxy_backend_h2: false haproxy_service_configs: [] # Example: @@ -134,7 +134,7 @@ haproxy_service_configs: [] # /api/bar 40 galera_monitoring_user: monitoring -haproxy_bind_on_non_local: False +haproxy_bind_on_non_local: false ## haproxy SSL haproxy_ssl: true @@ -159,7 +159,7 @@ haproxy_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}" # Create a certificate authority if one does not already exist haproxy_pki_create_ca: "{{ openstack_pki_authorities is not defined | bool }}" -haproxy_pki_regen_ca: '' +haproxy_pki_regen_ca: "" haproxy_pki_authorities: - name: "HAProxyRoot" country: "GB" @@ -200,7 +200,7 @@ haproxy_pki_certs_path: "{{ haproxy_pki_dir ~ '/certs/certs/' }}" haproxy_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('HAProxyIntermediate') }}" haproxy_pki_intermediate_cert_path:>- {{ haproxy_pki_dir ~ '/roots/' ~ haproxy_pki_intermediate_cert_name ~ '/certs/' ~ haproxy_pki_intermediate_cert_name ~ '.crt' }} -haproxy_pki_regen_cert: '' +haproxy_pki_regen_cert: "" haproxy_pki_certificates: "{{ _haproxy_pki_certificates }}" # SSL certificate creation @@ -211,7 +211,7 @@ haproxy_pki_install_certificates: "{{ _haproxy_pki_install_certificates }}" # activate letsencrypt option haproxy_ssl_letsencrypt_enable: false -haproxy_ssl_letsencrypt_certbot_binary: 'certbot' +haproxy_ssl_letsencrypt_certbot_binary: "certbot" haproxy_ssl_letsencrypt_certbot_backend_port: 8888 haproxy_ssl_letsencrypt_pre_hook_timeout: 5 haproxy_ssl_letsencrypt_certbot_bind_address: "{{ ansible_host }}" @@ -252,8 +252,7 @@ haproxy_server_timeout: "50s" # Set the HTTP keepalive mode to use # Disable persistent connections by default because they can cause issues when the server side closes the connection # at the same time a request is sent. -haproxy_keepalive_mode: 'httpclose' - +haproxy_keepalive_mode: "httpclose" ## haproxy tuning params haproxy_maxconn: 4096 @@ -318,7 +317,7 @@ haproxy_security_txt_headers: | Connection: close Content-Type: text/plain; charset=utf-8 -haproxy_security_txt_content: '' +haproxy_security_txt_content: "" # haproxy_security_txt_content: | # # Please see https://securitytxt.org/ for details of the specification of this file diff --git a/examples/playbook.yml b/examples/playbook.yml index 8ebfed6..8379974 100644 --- a/examples/playbook.yml +++ b/examples/playbook.yml @@ -18,4 +18,4 @@ - "httpchk" - "httplog" haproxy_backend_arguments: - - 'http-check expect string OK' + - "http-check expect string OK" diff --git a/handlers/main.yml b/handlers/main.yml index aa844c2..0723744 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -56,8 +56,8 @@ service: name: "rsyslog" state: "restarted" - enabled: yes - daemon_reload: yes + enabled: true + daemon_reload: true when: - "'rsyslog' in ansible_facts.packages" @@ -65,8 +65,8 @@ service: name: "haproxy" state: "reloaded" - enabled: yes - daemon_reload: yes + enabled: true + daemon_reload: true listen: - Regen pem - Regenerate maps diff --git a/tasks/haproxy_install.yml b/tasks/haproxy_install.yml index cc50471..6ee574b 100644 --- a/tasks/haproxy_install.yml +++ b/tasks/haproxy_install.yml @@ -48,7 +48,7 @@ unarchive: src: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename }}" dest: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}" - remote_src: yes + remote_src: true extra_opts: - --strip-components=1 @@ -57,5 +57,5 @@ src: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}/bin/hatop" dest: /usr/local/bin/hatop mode: "0755" - remote_src: yes + remote_src: true when: haproxy_hatop_install | bool diff --git a/tasks/haproxy_post_install.yml b/tasks/haproxy_post_install.yml index b8b1d4b..f0581a3 100644 --- a/tasks/haproxy_post_install.yml +++ b/tasks/haproxy_post_install.yml @@ -17,7 +17,7 @@ sysctl: name: "{{ item }}" value: 1 - sysctl_set: yes + sysctl_set: true state: present when: haproxy_bind_on_non_local | bool with_items: @@ -65,9 +65,9 @@ file: path: "{{ haproxy_log_mount_point | dirname }}" state: directory - mode: '0755' - owner: 'haproxy' - group: 'haproxy' + mode: "0755" + owner: "haproxy" + group: "haproxy" # NOTE(jrosser) The next task fails on Centos without this, # an empty directory rather than a file is made and the bind mount fails @@ -90,8 +90,8 @@ - name: Prevent SELinux from preventing haproxy from binding to arbitrary ports seboolean: name: haproxy_connect_any - state: yes - persistent: yes + state: true + persistent: true tags: - haproxy-service-config notify: diff --git a/tasks/haproxy_pre_install.yml b/tasks/haproxy_pre_install.yml index c7ca5ea..be08f3e 100644 --- a/tasks/haproxy_pre_install.yml +++ b/tasks/haproxy_pre_install.yml @@ -64,4 +64,4 @@ when: - (item.condition | default(True)) loop: "{{ haproxy_static_files }}" - no_log: True + no_log: true diff --git a/tasks/haproxy_service_config.yml b/tasks/haproxy_service_config.yml index 747f644..4c82695 100644 --- a/tasks/haproxy_service_config.yml +++ b/tasks/haproxy_service_config.yml @@ -35,8 +35,8 @@ owner: root group: haproxy mode: "0640" -# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced -# with haproxy_service_configs in 2024.1. + # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced + # with haproxy_service_configs in 2024.1. loop: "{{ _haproxy_service_configs_simplified }}" loop_control: loop_var: service @@ -55,14 +55,13 @@ path: "/etc/haproxy/conf.d/{{ service.haproxy_service_name }}" state: absent notify: Regenerate haproxy configuration -# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced -# with haproxy_service_configs in 2024.1. + # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced + # with haproxy_service_configs in 2024.1. loop: "{{ _haproxy_service_configs_simplified }}" loop_control: loop_var: service when: - - ((service.haproxy_service_enabled | default('True')) | bool) is falsy or - (service.state is defined and service.state == 'absent') + - ((service.haproxy_service_enabled | default('True')) | bool) is falsy or (service.state is defined and service.state == 'absent') ########################################################################### # Map files assembled from fragments from each service into