openstack/validations-common
Code Issues Proposed changes

Remove haproxy validation from validations-common

Browse Source 
This validation is currently moving back to tripleo-validations[1] as it
turns out it is not generic at all and is fully tripleo centric.

[1] https://review.opendev.org/c/openstack/tripleo-validations/+/787941

Closes-Bug: #1926024
Change-Id: Id332eac4d3187cded8cd753d45c6d2d6e1f95ec2
This commit is contained in:
Michele Baldessari 2021-04-24 18:43:10 +02:00 committed by Jiri Podivin
parent 4b87cf203b
commit e6c6cc8b53
11 changed files with 0 additions and 368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.zuul.yaml
View File

@ -107,7 +107,6 @@
- validations-common-centos-8-molecule-advanced_format_512e_support
- validations-common-centos-8-molecule-check_latest_packages_version
- validations-common-centos-8-molecule-dns
- validations-common-centos-8-molecule-haproxy
- validations-common-centos-8-molecule-ntp
- validations-common-centos-8-molecule-service_status
- validations-common-centos-8-molecule-check_cpu
@ -120,7 +119,6 @@
jobs:
- validations-common-centos-8-molecule-check_latest_packages_version
- validations-common-centos-8-molecule-dns
- validations-common-centos-8-molecule-haproxy
- validations-common-centos-8-molecule-check_cpu
- validations-common-centos-8-molecule-check_disk_space
- validations-common-centos-8-molecule-check_ram
@ -185,17 +183,6 @@
parent: validations-common-centos-8-base
vars:
validations_common_role_name: dns
- job:
files:
- ^validations_common/roles/haproxy/.*
- ^tests/prepare-test-host.yml
- ^playbooks/molecule/pre.yml
- ^playbooks/molecule/run.yml
- ^molecule-requirements.txt
name: validations-common-centos-8-molecule-haproxy
parent: validations-common-centos-8-base
vars:
validations_common_role_name: haproxy
- job:
files:
- ^validations_common/roles/check_cpu/.*

14
doc/source/modules/modules-haproxy_conf.rst
View File

@ -1,14 +0,0 @@
=====================
Module - haproxy_conf
=====================
This module provides for the following ansible plugin:
* haproxy_conf
.. ansibleautoplugin::
:module: validations_common/library/haproxy_conf.py
:documentation: true
:examples: true

6
doc/source/roles/role-haproxy.rst
View File

@ -1,6 +0,0 @@
=======
haproxy
=======
.. ansibleautoplugin::
:role: validations_common/roles/haproxy

87
validations_common/library/haproxy_conf.py
View File

@ -1,87 +0,0 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import re
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: haproxy_conf
short_description: Gather the HAProxy config
description:
- Gather the HAProxy config
options:
path:
required: true
description:
- file path to the config file
type: str
author: "Tomas Sedovic"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Gather the HAProxy config
haproxy_conf: path=/etc/haproxy/haproxy.cfg
'''
# ConfigParser chokes on both mariadb and haproxy files. Luckily They have
# a syntax approaching ini config file so they are relatively easy to parse.
# This generic ini style config parser is not perfect -- it can ignore some
# valid options -- but good enough for our use case.
def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
config = {}
current_section = None
with open(file_path) as config_file:
for line in config_file:
match_section = re.match(section_regex, line)
if match_section:
current_section = match_section.group(1)
config[current_section] = {}
match_option = re.match(option_regex, line)
if match_option and current_section:
option = re.sub(r'\s+', ' ', match_option.group(1))
config[current_section][option] = match_option.group(2)
return config
def parse_haproxy_conf(file_path):
section_regex = r'^(\w+)'
option_regex = r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
return generic_ini_style_conf_parser(file_path, section_regex,
option_regex)
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
haproxy_conf_path = module.params.get('path')
try:
config = parse_haproxy_conf(haproxy_conf_path)
except IOError:
module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
haproxy_conf_path)
module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})
if __name__ == '__main__':
main()

17
validations_common/playbooks/haproxy.yaml
View File

@ -1,17 +0,0 @@
---
- hosts: all
vars:
metadata:
name: HAProxy configuration
description: Verify the HAProxy configuration has recommended values.
groups:
- post-deployment
config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'
roles:
- haproxy

42
validations_common/roles/haproxy/README.md
View File

@ -1,42 +0,0 @@
haproxy
=======
An Ansible role to check if the HAProxy configuration has recommended values.
Requirements
------------
This role requires an Up and Running Overcloud
Role Variables
--------------
- config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
- global_maxconn_min: 20480
- defaults_maxconn_min: 4096
- defaults_timeout_queue: '2m'
- defaults_timeout_client: '2m'
- defaults_timeout_server: '2m'
- defaults_timeout_check: '10s'
Dependencies
------------
No dependencies
Example Playbook
----------------
- hosts: undercloud
roles:
- { role: haproxy }
License
-------
Apache
Author Information
------------------
Red Hat TripleO Validations Team.

8
validations_common/roles/haproxy/defaults/main.yml
View File

@ -1,8 +0,0 @@
---
haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'

71
validations_common/roles/haproxy/molecule/default/converge.yml
View File

@ -1,71 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
vars:
haproxy_config_file: /haproxy.cfg
tasks:
- name: create haproxy config file
copy:
dest: /haproxy.cfg
content: |
# This file managed by Puppet
global
daemon
group haproxy
log /dev/log local0
maxconn 100
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
ssl-default-bind-options no-sslv3 no-tlsv10
stats socket /var/lib/haproxy/stats mode 600 level user
stats timeout 1s
user haproxy
defaults
log global
maxconn 100
mode tcp
retries 1
timeout http-request 1s
timeout queue 1s
timeout connect 1s
timeout client 1s
timeout server 1s
timeout check 1s
- block:
- include_role:
name: haproxy
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The haproxy role should have detected issues within haproxy
configuration file!

3
validations_common/roles/haproxy/molecule/default/molecule.yml
View File

@ -1,3 +0,0 @@
---
# inherits tripleo-validations/.config/molecule/config.yml
# To override default values, please take a look at the config.yml.

51
validations_common/roles/haproxy/tasks/main.yml
View File

@ -1,51 +0,0 @@
---
- name: Gather the HAProxy config
become: true
haproxy_conf:
path: "{{ haproxy_config_file }}"
- name: Verify global maxconn
fail:
msg: >-
The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
must be greater than {{ global_maxconn_min }}
failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min
- name: Verify defaults maxconn
fail:
msg: >-
The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
must be greater than {{ defaults_maxconn_min }}
failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min
- name: Verify defaults timeout queue
fail:
msg: >-
The 'timeout queue' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout queue'] }}',
but must be set to {{ defaults_timeout_queue }}
failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"
- name: Verify defaults timeout client
fail:
msg: >-
The 'timeout client' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout client'] }}',
but must be set to {{ defaults_timeout_client }}
failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"
- name: Verify defaults timeout server
fail:
msg: >-
The 'timeout server' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout server'] }}',
but must be set to {{ defaults_timeout_server }}
failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"
- name: Verify defaults timeout check
fail:
msg: >-
The 'timeout check' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout check'] }}',
but must be set to {{ defaults_timeout_check }}
failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"

56
validations_common/tests/library/test_haproxy_conf.py
View File

@ -1,56 +0,0 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
try:
from unittest import mock
except ImportError:
import mock
from validations_common.tests import base
from validations_common.tests import fakes
from validations_common.library import haproxy_conf
class TestHaproxyConf(base.TestCase):
def setUp(self):
super(TestHaproxyConf, self).setUp()
self.h_conf = haproxy_conf
@mock.patch('validations_common.library.haproxy_conf.generic_ini_style_conf_parser')
def test_parse_haproxy_conf(self, mock_generic_ini_style_conf_parser):
""" Despite the appearences this test is not using regex at all.
These are merely raw strings, that it asserts are passed to the `generic_ini_style_conf_parser`.
From the pov of the test it is irrelevant what form they have.
It's the `generic_ini_style_conf_parser` function that is supposed to receive these strings as arguments.
Test is merely checking that the code immediately preceding it's call does what it should do.
The regexes are finally used for parsing haproxy.cfg, which has a rather vague syntax.
In short: The regexes are supposed to match all possibilities described here, and some more:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/load_balancer_administration/ch-haproxy-setup-vsa
"""
file_path = './foo/bar'
args = {
'file_path': file_path,
'section_regex': r'^(\w+)',
'option_regex': r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
}
self.h_conf.parse_haproxy_conf(file_path)
mock_generic_ini_style_conf_parser.assert_called_once_with(
args['file_path'],
args['section_regex'],
args['option_regex']
)