Add 'absent' service state

Allow deprecation of haproxy endpoints by setting the state of the
service to 'absent'. It will also now clean up any config files
when there are no backends, or the service is disabled.

Change-Id: I1db5932c559b5e04d330c114164869dd43c1cbb2
This commit is contained in:
Logan V 2018-09-17 09:50:44 -05:00 committed by Jesse Pretorius
parent baa46072ea
commit 972ebbe5db
4 changed files with 75 additions and 5 deletions

View File

@ -38,6 +38,8 @@ haproxy_stats_refresh_interval: 60
# defined for each service. # defined for each service.
haproxy_backup_nodes: [] haproxy_backup_nodes: []
haproxy_service_configs: []
# Example:
# haproxy_service_configs: # haproxy_service_configs:
# - service: # - service:
# haproxy_service_name: haproxy_all # haproxy_service_name: haproxy_all

View File

@ -13,21 +13,38 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: "Create haproxy service config files" - name: Create haproxy service config files
template: template:
src: service.j2 src: service.j2
dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}" dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
with_items: "{{ haproxy_service_configs | default([]) }}" with_items: "{{ haproxy_service_configs }}"
when: when:
- (item.service.haproxy_backend_nodes is defined and - (item.service.haproxy_backend_nodes is defined and
item.service.haproxy_backend_nodes | length > 0) or item.service.haproxy_backend_nodes | length > 0) or
(item.service.haproxy_backup_nodes is defined and (item.service.haproxy_backup_nodes is defined and
item.service.haproxy_backup_nodes | length > 0) item.service.haproxy_backup_nodes | length > 0)
- item.service.haproxy_service_enabled | default('True') | bool - (item.service.haproxy_service_enabled | default('True')) | bool
- (item.service.state is not defined or item.service.state != 'absent')
notify: Regenerate haproxy configuration notify: Regenerate haproxy configuration
tags: tags:
- haproxy-service-config - haproxy-service-config
- name: Remove haproxy service config files for absent services
file:
path: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
state: absent
notify: Regenerate haproxy configuration
with_items: "{{ haproxy_service_configs }}"
when:
- ((item.service.haproxy_backend_nodes is defined and
item.service.haproxy_backend_nodes | length == 0) and
(item.service.haproxy_backup_nodes is defined and
item.service.haproxy_backup_nodes | length == 0)) or
(not ((item.service.haproxy_service_enabled | default('True')) | bool)) or
(item.service.state is defined and item.service.state == 'absent')
tags:
- haproxy-service-config
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports - name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
seboolean: seboolean:
name: haproxy_connect_any name: haproxy_connect_any

View File

@ -31,3 +31,11 @@ haproxy_service_configs:
haproxy_backend_ca: False haproxy_backend_ca: False
haproxy_ssl: False haproxy_ssl: False
haproxy_balance_type: http haproxy_balance_type: http
- service:
haproxy_service_name: test_absent_service
haproxy_backend_nodes:
- name: "localhost"
ip_addr: "127.0.0.1"
haproxy_port: 65535
haproxy_balance_type: tcp
state: "{{ absent_service_state }}"

View File

@ -18,7 +18,50 @@
connection: local connection: local
user: root user: root
become: true become: true
roles:
- role: "haproxy_server"
vars_files: vars_files:
- test-vars.yml - test-vars.yml
tasks:
- name: Create marker file for idempotence
copy:
content: mark
dest: /tmp/haproxy_pass1
register: haproxy_pass1
- name: Set fact for idempotence test
set_fact:
idempotence_pass_1: "{{ haproxy_pass1 is changed }}"
- name: Set fact for absent service state
set_fact:
absent_service_state: "{{ (haproxy_pass1 is changed) | ternary('present', 'absent') }}"
- name: Run the haproxy_server role
include_role:
name: "haproxy_server"
- name: Run role again on first pass
when:
- "idempotence_pass_1 | bool"
block:
- name: Ensure the absent service is present
stat:
path: "/etc/haproxy/conf.d/test_absent_service"
register: absent_services
failed_when: not absent_services.stat.exists
- name: Set fact for absent service state
set_fact:
absent_service_state: "absent"
- name: Run the haproxy_server role (again)
include_role:
name: "haproxy_server"
- name: Ensure the absent service is missing
stat:
path: "/etc/haproxy/conf.d/test_absent_service"
register: absent_services
when:
- "not (idempotence_pass_1 | bool)"
failed_when: absent_services.stat.exists