Add 'absent' service state
Allow deprecation of haproxy endpoints by setting the state of the service to 'absent'. It will also now clean up any config files when there are no backends, or the service is disabled. Change-Id: I1db5932c559b5e04d330c114164869dd43c1cbb2
This commit is contained in:
parent
baa46072ea
commit
972ebbe5db
@ -38,6 +38,8 @@ haproxy_stats_refresh_interval: 60
|
|||||||
# defined for each service.
|
# defined for each service.
|
||||||
haproxy_backup_nodes: []
|
haproxy_backup_nodes: []
|
||||||
|
|
||||||
|
haproxy_service_configs: []
|
||||||
|
# Example:
|
||||||
# haproxy_service_configs:
|
# haproxy_service_configs:
|
||||||
# - service:
|
# - service:
|
||||||
# haproxy_service_name: haproxy_all
|
# haproxy_service_name: haproxy_all
|
||||||
|
@ -13,21 +13,38 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: "Create haproxy service config files"
|
- name: Create haproxy service config files
|
||||||
template:
|
template:
|
||||||
src: service.j2
|
src: service.j2
|
||||||
dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
|
dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
|
||||||
with_items: "{{ haproxy_service_configs | default([]) }}"
|
with_items: "{{ haproxy_service_configs }}"
|
||||||
when:
|
when:
|
||||||
- (item.service.haproxy_backend_nodes is defined and
|
- (item.service.haproxy_backend_nodes is defined and
|
||||||
item.service.haproxy_backend_nodes | length > 0) or
|
item.service.haproxy_backend_nodes | length > 0) or
|
||||||
(item.service.haproxy_backup_nodes is defined and
|
(item.service.haproxy_backup_nodes is defined and
|
||||||
item.service.haproxy_backup_nodes | length > 0)
|
item.service.haproxy_backup_nodes | length > 0)
|
||||||
- item.service.haproxy_service_enabled | default('True') | bool
|
- (item.service.haproxy_service_enabled | default('True')) | bool
|
||||||
|
- (item.service.state is not defined or item.service.state != 'absent')
|
||||||
notify: Regenerate haproxy configuration
|
notify: Regenerate haproxy configuration
|
||||||
tags:
|
tags:
|
||||||
- haproxy-service-config
|
- haproxy-service-config
|
||||||
|
|
||||||
|
- name: Remove haproxy service config files for absent services
|
||||||
|
file:
|
||||||
|
path: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
|
||||||
|
state: absent
|
||||||
|
notify: Regenerate haproxy configuration
|
||||||
|
with_items: "{{ haproxy_service_configs }}"
|
||||||
|
when:
|
||||||
|
- ((item.service.haproxy_backend_nodes is defined and
|
||||||
|
item.service.haproxy_backend_nodes | length == 0) and
|
||||||
|
(item.service.haproxy_backup_nodes is defined and
|
||||||
|
item.service.haproxy_backup_nodes | length == 0)) or
|
||||||
|
(not ((item.service.haproxy_service_enabled | default('True')) | bool)) or
|
||||||
|
(item.service.state is defined and item.service.state == 'absent')
|
||||||
|
tags:
|
||||||
|
- haproxy-service-config
|
||||||
|
|
||||||
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
|
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
|
||||||
seboolean:
|
seboolean:
|
||||||
name: haproxy_connect_any
|
name: haproxy_connect_any
|
||||||
|
@ -31,3 +31,11 @@ haproxy_service_configs:
|
|||||||
haproxy_backend_ca: False
|
haproxy_backend_ca: False
|
||||||
haproxy_ssl: False
|
haproxy_ssl: False
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
|
- service:
|
||||||
|
haproxy_service_name: test_absent_service
|
||||||
|
haproxy_backend_nodes:
|
||||||
|
- name: "localhost"
|
||||||
|
ip_addr: "127.0.0.1"
|
||||||
|
haproxy_port: 65535
|
||||||
|
haproxy_balance_type: tcp
|
||||||
|
state: "{{ absent_service_state }}"
|
||||||
|
@ -18,7 +18,50 @@
|
|||||||
connection: local
|
connection: local
|
||||||
user: root
|
user: root
|
||||||
become: true
|
become: true
|
||||||
roles:
|
|
||||||
- role: "haproxy_server"
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- test-vars.yml
|
- test-vars.yml
|
||||||
|
tasks:
|
||||||
|
- name: Create marker file for idempotence
|
||||||
|
copy:
|
||||||
|
content: mark
|
||||||
|
dest: /tmp/haproxy_pass1
|
||||||
|
register: haproxy_pass1
|
||||||
|
|
||||||
|
- name: Set fact for idempotence test
|
||||||
|
set_fact:
|
||||||
|
idempotence_pass_1: "{{ haproxy_pass1 is changed }}"
|
||||||
|
|
||||||
|
- name: Set fact for absent service state
|
||||||
|
set_fact:
|
||||||
|
absent_service_state: "{{ (haproxy_pass1 is changed) | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
|
- name: Run the haproxy_server role
|
||||||
|
include_role:
|
||||||
|
name: "haproxy_server"
|
||||||
|
|
||||||
|
- name: Run role again on first pass
|
||||||
|
when:
|
||||||
|
- "idempotence_pass_1 | bool"
|
||||||
|
block:
|
||||||
|
- name: Ensure the absent service is present
|
||||||
|
stat:
|
||||||
|
path: "/etc/haproxy/conf.d/test_absent_service"
|
||||||
|
register: absent_services
|
||||||
|
failed_when: not absent_services.stat.exists
|
||||||
|
|
||||||
|
- name: Set fact for absent service state
|
||||||
|
set_fact:
|
||||||
|
absent_service_state: "absent"
|
||||||
|
|
||||||
|
- name: Run the haproxy_server role (again)
|
||||||
|
include_role:
|
||||||
|
name: "haproxy_server"
|
||||||
|
|
||||||
|
- name: Ensure the absent service is missing
|
||||||
|
stat:
|
||||||
|
path: "/etc/haproxy/conf.d/test_absent_service"
|
||||||
|
register: absent_services
|
||||||
|
when:
|
||||||
|
- "not (idempotence_pass_1 | bool)"
|
||||||
|
failed_when: absent_services.stat.exists
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user