├── .github └── workflows │ └── commitlint.yml ├── .gitignore ├── .gitlab-ci.yml ├── .pre-commit-config.yaml ├── .rstcheck.cfg ├── .rubocop.yml ├── .salt-lint ├── .travis.yml ├── .yamllint ├── AUTHORS.md ├── CHANGELOG.md ├── CODEOWNERS ├── FORMULA ├── Gemfile ├── Gemfile.lock ├── LICENSE ├── bin ├── install-hooks └── kitchen ├── commitlint.config.js ├── docs ├── AUTHORS.rst ├── CHANGELOG.rst └── README.rst ├── haproxy ├── _mapdata │ ├── _mapdata.jinja │ └── init.sls ├── config.sls ├── files │ ├── haproxy-debian-package-default.cfg │ ├── haproxy-init-disable │ ├── haproxy-init-enable │ └── haproxy.cfg ├── init.sls ├── install.sls ├── map.jinja ├── service.sls └── templates │ └── haproxy.jinja ├── kitchen.yml ├── pillar.example ├── pre-commit_semantic-release.sh ├── release-rules.js ├── release.config.js └── test ├── integration ├── default │ ├── README.md │ ├── controls │ │ ├── config.rb │ │ ├── package.rb │ │ └── service.rb │ └── inspec.yml └── share │ ├── README.md │ ├── inspec.yml │ └── libraries │ └── system.rb └── salt ├── pillar ├── default.sls └── hosts.sls └── salt └── hosts └── init.sls /.github/workflows/commitlint.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: Commitlint 5 | 'on': [pull_request] 6 | 7 | jobs: 8 | lint: 9 | runs-on: ubuntu-latest 10 | env: 11 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 12 | steps: 13 | - uses: actions/checkout@v2 14 | with: 15 | fetch-depth: 0 16 | - uses: wagoid/commitlint-github-action@v1 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a packager 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .kitchen 49 | .kitchen.local.yml 50 | kitchen.local.yml 51 | junit-*.xml 52 | 53 | # Translations 54 | *.mo 55 | *.pot 56 | 57 | # Django stuff: 58 | *.log 59 | local_settings.py 60 | 61 | # Flask stuff: 62 | instance/ 63 | .webassets-cache 64 | 65 | # Scrapy stuff: 66 | .scrapy 67 | 68 | # Sphinx documentation 69 | docs/_build/ 70 | 71 | # PyBuilder 72 | target/ 73 | 74 | # Jupyter Notebook 75 | .ipynb_checkpoints 76 | 77 | # pyenv 78 | .python-version 79 | 80 | # celery beat schedule file 81 | celerybeat-schedule 82 | 83 | # SageMath parsed files 84 | *.sage.py 85 | 86 | # dotenv 87 | .env 88 | 89 | # virtualenv 90 | .venv 91 | venv/ 92 | ENV/ 93 | 94 | # visual studio 95 | .vs/ 96 | 97 | # Spyder project settings 98 | .spyderproject 99 | .spyproject 100 | 101 | # Rope project settings 102 | .ropeproject 103 | 104 | # mkdocs documentation 105 | /site 106 | 107 | # mypy 108 | .mypy_cache/ 109 | 110 | # Bundler 111 | .bundle/ 112 | 113 | # copied `.md` files used for conversion to `.rst` using `m2r` 114 | docs/*.md 115 | 116 | # Vim 117 | *.sw? 118 | 119 | ## Collected when centralising formulas (check and sort) 120 | # `collectd-formula` 121 | .pytest_cache/ 122 | /.idea/ 123 | Dockerfile.*_* 124 | ignore/ 125 | tmp/ 126 | 127 | # `salt-formula` -- Vagrant Specific files 128 | .vagrant 129 | top.sls 130 | !test/salt/pillar/top.sls 131 | 132 | # `suricata-formula` -- Platform binaries 133 | *.rpm 134 | *.deb 135 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | ############################################################################### 5 | # Define all YAML node anchors 6 | ############################################################################### 7 | .node_anchors: 8 | # `only` (also used for `except` where applicable) 9 | only_branch_master_parent_repo: &only_branch_master_parent_repo 10 | - 'master@saltstack-formulas/haproxy-formula' 11 | # `stage` 12 | stage_lint: &stage_lint 'lint' 13 | stage_release: &stage_release 'release' 14 | stage_test: &stage_test 'test' 15 | # `image` 16 | image_commitlint: &image_commitlint 'myii/ssf-commitlint:11' 17 | image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3' 18 | image_precommit: &image_precommit 19 | name: 'myii/ssf-pre-commit:2.9.2' 20 | entrypoint: ['/bin/bash', '-c'] 21 | image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest' 22 | image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14' 23 | # `services` 24 | services_docker_dind: &services_docker_dind 25 | - 'docker:dind' 26 | # `variables` 27 | # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3 28 | # https://bundler.io/v1.16/bundle_config.html 29 | variables_bundler: &variables_bundler 30 | BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler' 31 | BUNDLE_WITHOUT: 'production' 32 | # `cache` 33 | cache_bundler: &cache_bundler 34 | key: '${CI_JOB_STAGE}' 35 | paths: 36 | - '${BUNDLE_CACHE_PATH}' 37 | 38 | ############################################################################### 39 | # Define stages and global variables 40 | ############################################################################### 41 | stages: 42 | - *stage_lint 43 | - *stage_test 44 | - *stage_release 45 | variables: 46 | DOCKER_DRIVER: 'overlay2' 47 | 48 | ############################################################################### 49 | # `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed) 50 | ############################################################################### 51 | commitlint: 52 | stage: *stage_lint 53 | image: *image_commitlint 54 | script: 55 | # Add `upstream` remote to get access to `upstream/master` 56 | - 'git remote add upstream 57 | https://gitlab.com/saltstack-formulas/haproxy-formula.git' 58 | - 'git fetch --all' 59 | # Set default commit hashes for `--from` and `--to` 60 | - 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"' 61 | - 'export COMMITLINT_TO="${CI_COMMIT_SHA}"' 62 | # `coqbot` adds a merge commit to test PRs on top of the latest commit in 63 | # the repo; amend this merge commit message to avoid failure 64 | - | 65 | if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \ 66 | && [ "${CI_COMMIT_BRANCH}" != "master" ]; then 67 | git commit --amend -m \ 68 | 'chore: reword coqbot merge commit message for commitlint' 69 | export COMMITLINT_TO=HEAD 70 | fi 71 | # Run `commitlint` 72 | - 'commitlint --from "${COMMITLINT_FROM}" 73 | --to "${COMMITLINT_TO}" 74 | --verbose' 75 | 76 | pre-commit: 77 | stage: *stage_lint 78 | image: *image_precommit 79 | # https://pre-commit.com/#gitlab-ci-example 80 | variables: 81 | PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit' 82 | cache: 83 | key: '${CI_JOB_NAME}' 84 | paths: 85 | - '${PRE_COMMIT_HOME}' 86 | script: 87 | - 'pre-commit run --all-files --color always --verbose' 88 | 89 | # Use a separate job for `rubocop` other than the one potentially run by `pre-commit` 90 | # - The `pre-commit` check will only be available for formulas that pass the default 91 | # `rubocop` check -- and must continue to do so 92 | # - This job is allowed to fail, so can be used for all formulas 93 | # - Furthermore, this job uses all of the latest `rubocop` features & cops, 94 | # which will help when upgrading the `rubocop` linter used in `pre-commit` 95 | rubocop: 96 | allow_failure: true 97 | stage: *stage_lint 98 | image: *image_rubocop 99 | script: 100 | - 'rubocop -d -P -S --enable-pending-cops' 101 | 102 | ############################################################################### 103 | # Define `test` template 104 | ############################################################################### 105 | .test_instance: &test_instance 106 | stage: *stage_test 107 | image: *image_dindruby 108 | services: *services_docker_dind 109 | variables: *variables_bundler 110 | cache: *cache_bundler 111 | before_script: 112 | # TODO: This should work from the env vars above automatically 113 | - 'bundle config set path "${BUNDLE_CACHE_PATH}"' 114 | - 'bundle config set without "${BUNDLE_WITHOUT}"' 115 | - 'bundle install' 116 | script: 117 | # Alternative value to consider: `${CI_JOB_NAME}` 118 | - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"' 119 | 120 | ############################################################################### 121 | # Define `test` template (`allow_failure: true`) 122 | ############################################################################### 123 | .test_instance_failure_permitted: 124 | <<: *test_instance 125 | allow_failure: true 126 | 127 | ############################################################################### 128 | # `test` stage: each instance below uses the `test` template above 129 | ############################################################################### 130 | ## Define the rest of the matrix based on Kitchen testing 131 | # Make sure the instances listed below match up with 132 | # the `platforms` defined in `kitchen.yml` 133 | # yamllint disable rule:line-length 134 | # default-debian-11-tiamat-py3: {extends: '.test_instance'} 135 | # default-debian-10-tiamat-py3: {extends: '.test_instance'} 136 | # default-debian-9-tiamat-py3: {extends: '.test_instance'} 137 | # default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'} 138 | # default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'} 139 | # default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'} 140 | # default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'} 141 | # default-centos-7-tiamat-py3: {extends: '.test_instance'} 142 | # default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'} 143 | # default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'} 144 | # default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'} 145 | # default-almalinux-8-tiamat-py3: {extends: '.test_instance'} 146 | # default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} 147 | default-debian-11-master-py3: {extends: '.test_instance'} 148 | default-debian-10-master-py3: {extends: '.test_instance'} 149 | default-debian-9-master-py3: {extends: '.test_instance'} 150 | default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'} 151 | default-ubuntu-2004-master-py3: {extends: '.test_instance'} 152 | default-ubuntu-1804-master-py3: {extends: '.test_instance'} 153 | default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'} 154 | default-centos-7-master-py3: {extends: '.test_instance'} 155 | default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'} 156 | default-fedora-35-master-py3: {extends: '.test_instance'} 157 | default-opensuse-leap-153-master-py3: {extends: '.test_instance'} 158 | default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'} 159 | default-amazonlinux-2-master-py3: {extends: '.test_instance'} 160 | default-oraclelinux-8-master-py3: {extends: '.test_instance'} 161 | default-oraclelinux-7-master-py3: {extends: '.test_instance'} 162 | default-arch-base-latest-master-py3: {extends: '.test_instance'} 163 | # default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} 164 | # default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} 165 | default-almalinux-8-master-py3: {extends: '.test_instance'} 166 | default-rockylinux-8-master-py3: {extends: '.test_instance'} 167 | # default-debian-11-3004-1-py3: {extends: '.test_instance'} 168 | # default-debian-10-3004-1-py3: {extends: '.test_instance'} 169 | # default-debian-9-3004-1-py3: {extends: '.test_instance'} 170 | # default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'} 171 | # default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'} 172 | # default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'} 173 | # default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'} 174 | # default-centos-7-3004-1-py3: {extends: '.test_instance'} 175 | # default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'} 176 | # default-fedora-35-3004-1-py3: {extends: '.test_instance'} 177 | # default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'} 178 | # default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'} 179 | # default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'} 180 | # default-arch-base-latest-3004-1-py3: {extends: '.test_instance'} 181 | # default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'} 182 | # default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'} 183 | # default-almalinux-8-3004-1-py3: {extends: '.test_instance'} 184 | # default-rockylinux-8-3004-1-py3: {extends: '.test_instance'} 185 | # default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'} 186 | # default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'} 187 | # default-debian-10-3003-4-py3: {extends: '.test_instance'} 188 | # default-debian-9-3003-4-py3: {extends: '.test_instance'} 189 | # default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'} 190 | # default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'} 191 | # default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'} 192 | # default-centos-7-3003-4-py3: {extends: '.test_instance'} 193 | # default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'} 194 | # default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'} 195 | # default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'} 196 | # default-almalinux-8-3003-4-py3: {extends: '.test_instance'} 197 | # yamllint enable rule:line-length 198 | 199 | ############################################################################### 200 | # `release` stage: `semantic-release` 201 | ############################################################################### 202 | semantic-release: 203 | only: *only_branch_master_parent_repo 204 | stage: *stage_release 205 | image: *image_semanticrelease 206 | variables: 207 | MAINTAINER_TOKEN: '${GH_TOKEN}' 208 | script: 209 | # Update `AUTHORS.md` 210 | - '${HOME}/go/bin/maintainer contributor' 211 | # Run `semantic-release` 212 | - 'semantic-release' 213 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # See https://pre-commit.com for more information 5 | # See https://pre-commit.com/hooks.html for more hooks 6 | ci: 7 | autofix_commit_msg: | 8 | ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks 9 | 10 | For more information, see https://pre-commit.ci 11 | autofix_prs: true 12 | autoupdate_branch: '' 13 | autoupdate_commit_msg: | 14 | ci(pre-commit.ci): perform `pre-commit` autoupdate 15 | autoupdate_schedule: quarterly 16 | skip: [] 17 | submodules: false 18 | default_stages: [commit] 19 | repos: 20 | - repo: https://github.com/dafyddj/commitlint-pre-commit-hook 21 | rev: v2.3.0 22 | hooks: 23 | - id: commitlint 24 | name: Check commit message using commitlint 25 | description: Lint commit message against @commitlint/config-conventional rules 26 | stages: [commit-msg] 27 | additional_dependencies: ['@commitlint/config-conventional@8.3.4'] 28 | - id: commitlint-travis 29 | stages: [manual] 30 | additional_dependencies: ['@commitlint/config-conventional@8.3.4'] 31 | always_run: true 32 | - repo: https://github.com/rubocop-hq/rubocop 33 | rev: v1.30.1 34 | hooks: 35 | - id: rubocop 36 | name: Check Ruby files with rubocop 37 | args: [--debug] 38 | always_run: true 39 | pass_filenames: false 40 | - repo: https://github.com/shellcheck-py/shellcheck-py 41 | rev: v0.8.0.4 42 | hooks: 43 | - id: shellcheck 44 | name: Check shell scripts with shellcheck 45 | files: ^.*\.(sh|bash|ksh)$ 46 | types: [] 47 | - repo: https://github.com/adrienverge/yamllint 48 | rev: v1.26.3 49 | hooks: 50 | - id: yamllint 51 | name: Check YAML syntax with yamllint 52 | args: [--strict, '.'] 53 | always_run: true 54 | pass_filenames: false 55 | - repo: https://github.com/warpnet/salt-lint 56 | rev: v0.8.0 57 | hooks: 58 | - id: salt-lint 59 | name: Check Salt files using salt-lint 60 | files: ^.*\.(sls|jinja|j2|tmpl|tst)$ 61 | - repo: https://github.com/myint/rstcheck 62 | rev: 3f929574 63 | hooks: 64 | - id: rstcheck 65 | name: Check reST files using rstcheck 66 | exclude: 'docs/CHANGELOG.rst' 67 | - repo: https://github.com/saltstack-formulas/mirrors-rst-lint 68 | rev: v1.3.2 69 | hooks: 70 | - id: rst-lint 71 | name: Check reST files using rst-lint 72 | exclude: | 73 | (?x)^( 74 | docs/CHANGELOG.rst| 75 | docs/TOFS_pattern.rst| 76 | )$ 77 | additional_dependencies: [pygments==2.9.0] 78 | -------------------------------------------------------------------------------- /.rstcheck.cfg: -------------------------------------------------------------------------------- 1 | [rstcheck] 2 | report=info 3 | ignore_language=rst 4 | ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$) 5 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # General overrides used across formulas in the org 5 | Layout/LineLength: 6 | # Increase from default of `80` 7 | # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) 8 | Max: 88 9 | Metrics/BlockLength: 10 | IgnoredMethods: 11 | - control 12 | - describe 13 | # Increase from default of `25` 14 | Max: 30 15 | Security/YAMLLoad: 16 | Exclude: 17 | - test/integration/**/_mapdata.rb 18 | 19 | # General settings across all cops in this formula 20 | AllCops: 21 | NewCops: enable 22 | 23 | # Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` 24 | -------------------------------------------------------------------------------- /.salt-lint: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | exclude_paths: [] 5 | rules: 6 | 204: 7 | ignore: 'haproxy/templates/haproxy.jinja' 8 | skip_list: 9 | # Using `salt-lint` for linting other files as well, such as Jinja macros/templates 10 | - 205 # Use ".sls" as a Salt State file extension 11 | # Skipping `207` and `208` because `210` is sufficient, at least for the time-being 12 | # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` 13 | - 207 # File modes should always be encapsulated in quotation marks 14 | - 208 # File modes should always contain a leading zero 15 | tags: [] 16 | verbosity: 1 17 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | ################################################################################ 5 | # NOTE: This file is UNMAINTAINED; it is provided for references purposes only. 6 | # No guarantees are tendered that this structure will work after 2020. 7 | ################################################################################ 8 | # * https://en.wikipedia.org/wiki/Travis_CI: 9 | # - "... free open-source plans were removed in [sic] the end of 2020" 10 | # - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing 11 | # - https://ropensci.org/technotes/2020/11/19/moving-away-travis/ 12 | ################################################################################ 13 | ## Machine config 14 | os: 'linux' 15 | arch: 'amd64' 16 | dist: 'bionic' 17 | version: '~> 1.0' 18 | 19 | ## Language and cache config 20 | language: 'ruby' 21 | cache: 'bundler' 22 | 23 | ## Services config 24 | services: 25 | - docker 26 | 27 | ## Script to run for the test stage 28 | script: 29 | - bin/kitchen verify "${INSTANCE}" 30 | 31 | ## Stages and jobs matrix 32 | stages: 33 | - test 34 | # # As part of the switch away from Travis CI, ensure that the `release` stage 35 | # # is not run inadvertently 36 | # - name: 'release' 37 | # if: 'branch = master AND type != pull_request' 38 | jobs: 39 | include: 40 | ## Define the test stage that runs the linters (and testing matrix, if applicable) 41 | 42 | # Run all of the linters in a single job 43 | - language: 'node_js' 44 | node_js: 'lts/*' 45 | env: 'Lint' 46 | name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint' 47 | before_install: 'skip' 48 | script: 49 | # Install and run `salt-lint` 50 | - pip install --user salt-lint 51 | - git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst' 52 | | xargs salt-lint 53 | # Install and run `yamllint` 54 | # Need at least `v1.17.0` for the `yaml-files` setting 55 | - pip install --user yamllint>=1.17.0 56 | - yamllint -s . 57 | # Install and run `rubocop` 58 | - gem install rubocop 59 | - rubocop -d 60 | # Run `shellcheck` (already pre-installed in Travis) 61 | - shellcheck --version 62 | - git ls-files -- '*.sh' '*.bash' '*.ksh' 63 | | xargs shellcheck 64 | # Install and run `commitlint` 65 | - npm i -D @commitlint/config-conventional 66 | @commitlint/travis-cli 67 | - commitlint-travis 68 | 69 | # Run `pre-commit` linters in a single job 70 | - language: 'python' 71 | env: 'Lint_pre-commit' 72 | name: 'Lint: pre-commit' 73 | before_install: 'skip' 74 | cache: 75 | directories: 76 | - $HOME/.cache/pre-commit 77 | script: 78 | # Install and run `pre-commit` 79 | - pip install pre-commit==2.7.1 80 | - pre-commit run --all-files --color always --verbose 81 | - pre-commit run --color always --hook-stage manual --verbose commitlint-travis 82 | 83 | ## Define the rest of the matrix based on Kitchen testing 84 | # Make sure the instances listed below match up with 85 | # the `platforms` defined in `kitchen.yml` 86 | # - env: INSTANCE=default-debian-11-tiamat-py3 87 | # - env: INSTANCE=default-debian-10-tiamat-py3 88 | # - env: INSTANCE=default-debian-9-tiamat-py3 89 | # - env: INSTANCE=default-ubuntu-2204-tiamat-py3 90 | # - env: INSTANCE=default-ubuntu-2004-tiamat-py3 91 | # - env: INSTANCE=default-ubuntu-1804-tiamat-py3 92 | # - env: INSTANCE=default-centos-stream8-tiamat-py3 93 | # - env: INSTANCE=default-centos-7-tiamat-py3 94 | # - env: INSTANCE=default-amazonlinux-2-tiamat-py3 95 | # - env: INSTANCE=default-oraclelinux-8-tiamat-py3 96 | # - env: INSTANCE=default-oraclelinux-7-tiamat-py3 97 | # - env: INSTANCE=default-almalinux-8-tiamat-py3 98 | # - env: INSTANCE=default-rockylinux-8-tiamat-py3 99 | - env: INSTANCE=default-debian-11-master-py3 100 | - env: INSTANCE=default-debian-10-master-py3 101 | - env: INSTANCE=default-debian-9-master-py3 102 | - env: INSTANCE=default-ubuntu-2204-master-py3 103 | - env: INSTANCE=default-ubuntu-2004-master-py3 104 | - env: INSTANCE=default-ubuntu-1804-master-py3 105 | - env: INSTANCE=default-centos-stream8-master-py3 106 | - env: INSTANCE=default-centos-7-master-py3 107 | - env: INSTANCE=default-fedora-36-master-py3 108 | - env: INSTANCE=default-fedora-35-master-py3 109 | - env: INSTANCE=default-opensuse-leap-153-master-py3 110 | - env: INSTANCE=default-opensuse-tmbl-latest-master-py3 111 | - env: INSTANCE=default-amazonlinux-2-master-py3 112 | - env: INSTANCE=default-oraclelinux-8-master-py3 113 | - env: INSTANCE=default-oraclelinux-7-master-py3 114 | - env: INSTANCE=default-arch-base-latest-master-py3 115 | # - env: INSTANCE=default-gentoo-stage3-latest-master-py3 116 | # - env: INSTANCE=default-gentoo-stage3-systemd-master-py3 117 | - env: INSTANCE=default-almalinux-8-master-py3 118 | - env: INSTANCE=default-rockylinux-8-master-py3 119 | # - env: INSTANCE=default-debian-11-3004-1-py3 120 | # - env: INSTANCE=default-debian-10-3004-1-py3 121 | # - env: INSTANCE=default-debian-9-3004-1-py3 122 | # - env: INSTANCE=default-ubuntu-2204-3004-1-py3 123 | # - env: INSTANCE=default-ubuntu-2004-3004-1-py3 124 | # - env: INSTANCE=default-ubuntu-1804-3004-1-py3 125 | # - env: INSTANCE=default-centos-stream8-3004-1-py3 126 | # - env: INSTANCE=default-centos-7-3004-1-py3 127 | # - env: INSTANCE=default-fedora-36-3004-1-py3 128 | # - env: INSTANCE=default-fedora-35-3004-1-py3 129 | # - env: INSTANCE=default-amazonlinux-2-3004-1-py3 130 | # - env: INSTANCE=default-oraclelinux-8-3004-1-py3 131 | # - env: INSTANCE=default-oraclelinux-7-3004-1-py3 132 | # - env: INSTANCE=default-arch-base-latest-3004-1-py3 133 | # - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3 134 | # - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3 135 | # - env: INSTANCE=default-almalinux-8-3004-1-py3 136 | # - env: INSTANCE=default-rockylinux-8-3004-1-py3 137 | # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3 138 | # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3 139 | # - env: INSTANCE=default-debian-10-3003-4-py3 140 | # - env: INSTANCE=default-debian-9-3003-4-py3 141 | # - env: INSTANCE=default-ubuntu-2004-3003-4-py3 142 | # - env: INSTANCE=default-ubuntu-1804-3003-4-py3 143 | # - env: INSTANCE=default-centos-stream8-3003-4-py3 144 | # - env: INSTANCE=default-centos-7-3003-4-py3 145 | # - env: INSTANCE=default-amazonlinux-2-3003-4-py3 146 | # - env: INSTANCE=default-oraclelinux-8-3003-4-py3 147 | # - env: INSTANCE=default-oraclelinux-7-3003-4-py3 148 | # - env: INSTANCE=default-almalinux-8-3003-4-py3 149 | 150 | ## Define the release stage that runs `semantic-release` 151 | - stage: 'release' 152 | language: 'node_js' 153 | node_js: 'lts/*' 154 | env: 'Release' 155 | name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA' 156 | before_install: 'skip' 157 | script: 158 | # Update `AUTHORS.md` 159 | - export MAINTAINER_TOKEN=${GH_TOKEN} 160 | - go get github.com/myii/maintainer 161 | - maintainer contributor 162 | 163 | # Install all dependencies required for `semantic-release` 164 | - npm i -D @semantic-release/changelog@3 165 | @semantic-release/exec@3 166 | @semantic-release/git@7 167 | deploy: 168 | provider: 'script' 169 | # Opt-in to `dpl v2` to complete the Travis build config validation (beta) 170 | # * https://docs.travis-ci.com/user/build-config-validation 171 | # Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default 172 | edge: true 173 | # Run `semantic-release` 174 | script: 'npx semantic-release@15.14' 175 | 176 | # Notification options: `always`, `never` or `change` 177 | notifications: 178 | webhooks: 179 | if: 'repo = saltstack-formulas/haproxy-formula' 180 | urls: 181 | - https://saltstack-formulas.zulipchat.com/api/v1/external/travis?api_key=HsIq3o5QmLxdnVCKF9is0FUIpkpAY79P&stream=CI&topic=saltstack-formulas%2Fhaproxy-formula&ignore_pull_requests=true 182 | on_success: always # default: always 183 | on_failure: always # default: always 184 | on_start: always # default: never 185 | on_cancel: always # default: always 186 | on_error: always # default: always 187 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # Extend the `default` configuration provided by `yamllint` 5 | extends: 'default' 6 | 7 | # Files to ignore completely 8 | # 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally 9 | # 2. All YAML files under directory `.cache/`, introduced during the CI run 10 | # 3. All YAML files under directory `.git/` 11 | # 4. All YAML files under directory `node_modules/`, introduced during the CI run 12 | # 5. Any SLS files under directory `test/`, which are actually state files 13 | # 6. Any YAML files under directory `.kitchen/`, introduced during local testing 14 | # 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax 15 | ignore: | 16 | .bundle/ 17 | .cache/ 18 | .git/ 19 | node_modules/ 20 | test/**/states/**/*.sls 21 | .kitchen/ 22 | kitchen.vagrant.yml 23 | test/salt/salt/hosts/init.sls 24 | 25 | yaml-files: 26 | # Default settings 27 | - '*.yaml' 28 | - '*.yml' 29 | - .salt-lint 30 | - .yamllint 31 | # SaltStack Formulas additional settings 32 | - '*.example' 33 | - test/**/*.sls 34 | 35 | rules: 36 | empty-values: 37 | forbid-in-block-mappings: true 38 | forbid-in-flow-mappings: true 39 | line-length: 40 | # Increase from default of `80` 41 | # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) 42 | max: 88 43 | octal-values: 44 | forbid-implicit-octal: true 45 | forbid-explicit-octal: true 46 | -------------------------------------------------------------------------------- /AUTHORS.md: -------------------------------------------------------------------------------- 1 | # Authors 2 | 3 | This list is sorted by the number of commits per contributor in _descending_ order. 4 | 5 | Avatar|Contributor|Contributions 6 | :-:|---|:-: 7 | @myii|[@myii](https://github.com/myii)|82 8 | @johnkeates|[@johnkeates](https://github.com/johnkeates)|29 9 | @gravyboat|[@gravyboat](https://github.com/gravyboat)|28 10 | @bigbosst|[@bigbosst](https://github.com/bigbosst)|11 11 | @daks|[@daks](https://github.com/daks)|8 12 | @puneetk|[@puneetk](https://github.com/puneetk)|8 13 | @nmadhok|[@nmadhok](https://github.com/nmadhok)|7 14 | @hoonetorg|[@hoonetorg](https://github.com/hoonetorg)|7 15 | @boltronics|[@boltronics](https://github.com/boltronics)|6 16 | @aboe76|[@aboe76](https://github.com/aboe76)|6 17 | @morsik|[@morsik](https://github.com/morsik)|6 18 | @ticosax|[@ticosax](https://github.com/ticosax)|4 19 | @thatch45|[@thatch45](https://github.com/thatch45)|4 20 | @abednarik|[@abednarik](https://github.com/abednarik)|4 21 | @bneqld|[@bneqld](https://github.com/bneqld)|3 22 | @dafyddj|[@dafyddj](https://github.com/dafyddj)|3 23 | @noelmcloughlin|[@noelmcloughlin](https://github.com/noelmcloughlin)|3 24 | @javierbertoli|[@javierbertoli](https://github.com/javierbertoli)|2 25 | @kjkeane|[@kjkeane](https://github.com/kjkeane)|2 26 | @stp-ip|[@stp-ip](https://github.com/stp-ip)|2 27 | @liunich|[@liunich](https://github.com/liunich)|2 28 | @mymasse|[@mymasse](https://github.com/mymasse)|2 29 | @ze42|[@ze42](https://github.com/ze42)|1 30 | @aminet|[@aminet](https://github.com/aminet)|1 31 | @iggy|[@iggy](https://github.com/iggy)|1 32 | @stenstad|[@stenstad](https://github.com/stenstad)|1 33 | @baby-gnu|[@baby-gnu](https://github.com/baby-gnu)|1 34 | @ingben|[@ingben](https://github.com/ingben)|1 35 | @kti-richard|[@kti-richard](https://github.com/kti-richard)|1 36 | @msciciel|[@msciciel](https://github.com/msciciel)|1 37 | @whiteinge|[@whiteinge](https://github.com/whiteinge)|1 38 | @genuss|[@genuss](https://github.com/genuss)|1 39 | @davidkarlsen|[@davidkarlsen](https://github.com/davidkarlsen)|1 40 | @davidwalter0|[@davidwalter0](https://github.com/davidwalter0)|1 41 | 42 | --- 43 | 44 | Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-04-08. 45 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | # [0.18.0](https://github.com/saltstack-formulas/haproxy-formula/compare/v0.17.1...v0.18.0) (2022-04-08) 4 | 5 | 6 | ### Continuous Integration 7 | 8 | * **kitchen+gitlab:** update for new pre-salted images [skip ci] ([eb1dfad](https://github.com/saltstack-formulas/haproxy-formula/commit/eb1dfad99d02a3bb8b7fd27b81a6433dbd778e80)) 9 | * update linters to latest versions [skip ci] ([668fcd0](https://github.com/saltstack-formulas/haproxy-formula/commit/668fcd078479b962f0a058e9e2599db9eef5508e)) 10 | * **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([dd43437](https://github.com/saltstack-formulas/haproxy-formula/commit/dd43437343ae825a65d0b220ef615218894300a9)) 11 | * **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] ([07ffdfe](https://github.com/saltstack-formulas/haproxy-formula/commit/07ffdfe3c87ff9733408e38599aa6e2d4ec14db0)) 12 | * **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([df108e6](https://github.com/saltstack-formulas/haproxy-formula/commit/df108e6114b9809a544b9e94e3be22be3983643d)) 13 | * **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([7a79c5b](https://github.com/saltstack-formulas/haproxy-formula/commit/7a79c5bd4af4967ba3e347f835c73112d893ec4d)) 14 | * **kitchen+ci:** update with `3004` pre-salted images/boxes [skip ci] ([9458feb](https://github.com/saltstack-formulas/haproxy-formula/commit/9458febc34151b3b2c67e654264b9ebea11ca319)) 15 | * **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([8edd6ac](https://github.com/saltstack-formulas/haproxy-formula/commit/8edd6acdacc1bc098d5067323e23a45dbb8e69aa)) 16 | * **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([39e8288](https://github.com/saltstack-formulas/haproxy-formula/commit/39e8288821a044705aadb0e29ef715d6913f468f)) 17 | * **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([c16996b](https://github.com/saltstack-formulas/haproxy-formula/commit/c16996bc7a454b2c799f4fd44e4f8586cfb58d56)) 18 | * **kitchen+gitlab:** update for new pre-salted images [skip ci] ([ff5224a](https://github.com/saltstack-formulas/haproxy-formula/commit/ff5224ad5241f918ecd53412c66247c4d135f993)) 19 | * add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([ac38984](https://github.com/saltstack-formulas/haproxy-formula/commit/ac38984da71bd427433ae92f0ecce6d4919f2fc1)) 20 | * **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([0bfccc2](https://github.com/saltstack-formulas/haproxy-formula/commit/0bfccc2515481a135e66fe4e0702bcce1d883460)) 21 | * add `arch-master` to matrix and update `.travis.yml` [skip ci] ([14f640a](https://github.com/saltstack-formulas/haproxy-formula/commit/14f640ad44eaa0abde7dc7d1cf2c7c3146c05bff)) 22 | * **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([2fb3a67](https://github.com/saltstack-formulas/haproxy-formula/commit/2fb3a67082513c199d1c713ba1836338cec0ba97)) 23 | 24 | 25 | ### Features 26 | 27 | * **httpchecks:** support multiple httpcheck lines ([1187532](https://github.com/saltstack-formulas/haproxy-formula/commit/1187532cc26e0b79c1b3e8e1fc8718454ffb7730)) 28 | 29 | 30 | ### Tests 31 | 32 | * **default:** add `httpcheck` & `httpchecks` values to test pillar ([8977843](https://github.com/saltstack-formulas/haproxy-formula/commit/897784372d51d5bef0b1c12d189f5905746937a9)) 33 | * **system:** add `build_platform_codename` [skip ci] ([9f90d8a](https://github.com/saltstack-formulas/haproxy-formula/commit/9f90d8a84738cba0f34474976a225be639a23451)) 34 | * standardise use of `share` suite & `_mapdata` state [skip ci] ([9989cb5](https://github.com/saltstack-formulas/haproxy-formula/commit/9989cb5080cca8889f37b48c134e7bc6d2deb09f)) 35 | 36 | ## [0.17.1](https://github.com/saltstack-formulas/haproxy-formula/compare/v0.17.0...v0.17.1) (2021-03-04) 37 | 38 | 39 | ### Bug Fixes 40 | 41 | * **config:** ensure `haproxy:global:chroot:path` is created if provided ([92831b6](https://github.com/saltstack-formulas/haproxy-formula/commit/92831b6d2f6889759f8e49aa9c56cf0062b56155)) 42 | * **templates/haproxy.jinja:** replace deprecated `reqadd` ([8c6c855](https://github.com/saltstack-formulas/haproxy-formula/commit/8c6c85593659c3ffa37c44651049f0104c63af3a)), closes [/github.com/haproxy/haproxy/blob/31dd393da0e6c20bf65ea833d10635a8b26cb355/src/cfgparse-listen.c#L2843-L2845](https://github.com//github.com/haproxy/haproxy/blob/31dd393da0e6c20bf65ea833d10635a8b26cb355/src/cfgparse-listen.c/issues/L2843-L2845) 43 | 44 | 45 | ### Continuous Integration 46 | 47 | * **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([c80fa08](https://github.com/saltstack-formulas/haproxy-formula/commit/c80fa08e2ab7ad220bad0182935d0e8cde582ae7)) 48 | * **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([db31f52](https://github.com/saltstack-formulas/haproxy-formula/commit/db31f527d7e7bfab0aed5964c16e4f68c5c598fa)) 49 | * **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([1792404](https://github.com/saltstack-formulas/haproxy-formula/commit/1792404822afe8117ea9c2e5c38db8041fce7e77)) 50 | * **gitlab-ci:** use GitLab CI as Travis CI replacement ([17911ca](https://github.com/saltstack-formulas/haproxy-formula/commit/17911caf56eda9d025c0833e6c6714b3fb6b7eaf)) 51 | * **kitchen+gitlab-ci:** use latest pre-salted images ([ae579a7](https://github.com/saltstack-formulas/haproxy-formula/commit/ae579a77d61afb5aaa15bf7d52e71e59dc7a5d11)) 52 | * **pre-commit:** add to formula [skip ci] ([649b533](https://github.com/saltstack-formulas/haproxy-formula/commit/649b533c21d5f4b9d8b48f4cbea16fc6210392e1)) 53 | * **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([79ec26d](https://github.com/saltstack-formulas/haproxy-formula/commit/79ec26d59f9a1aa9550aa3c5cd3a24bfb4436dd0)) 54 | * **pre-commit:** finalise `rstcheck` configuration [skip ci] ([0792e26](https://github.com/saltstack-formulas/haproxy-formula/commit/0792e2614b87ab2ea30f25af9b0387075fb83497)) 55 | * **pre-commit:** update hook for `rubocop` [skip ci] ([a73b49f](https://github.com/saltstack-formulas/haproxy-formula/commit/a73b49f432000f45ee08352d7607ffdeaaab7986)) 56 | 57 | 58 | ### Tests 59 | 60 | * **pillar:** provide `default` pillar working on all platforms ([12be6ff](https://github.com/saltstack-formulas/haproxy-formula/commit/12be6ff15c0c23d385ebed308ad953a399b86b3f)) 61 | 62 | # [0.17.0](https://github.com/saltstack-formulas/haproxy-formula/compare/v0.16.0...v0.17.0) (2020-06-16) 63 | 64 | 65 | ### Bug Fixes 66 | 67 | * **rubocop:** fix violations using `rubocop -a` ([98076d3](https://github.com/saltstack-formulas/haproxy-formula/commit/98076d3bb952f6731f3aa1170bb4ebe86708f6de)) 68 | 69 | 70 | ### Code Refactoring 71 | 72 | * **kitchen:** prefer `kitchen.yml` to `.kitchen.yml` ([47eabab](https://github.com/saltstack-formulas/haproxy-formula/commit/47eababd780a08ebe888d174d640cf90c059745a)) 73 | 74 | 75 | ### Continuous Integration 76 | 77 | * **salt-lint:** fix ([60e8d19](https://github.com/saltstack-formulas/haproxy-formula/commit/60e8d19f0357051d4dfcac8339872443b936498e)) 78 | * **yamlint:** fix ([1072b1d](https://github.com/saltstack-formulas/haproxy-formula/commit/1072b1d8125289e118fc4dc2a7b61ee6f3e1f931)) 79 | 80 | 81 | ### Documentation 82 | 83 | * **readme:** merge with original `README` ([870474e](https://github.com/saltstack-formulas/haproxy-formula/commit/870474e53a7c45fee3cd7cd897375fea7bf6028b)) 84 | 85 | 86 | ### Features 87 | 88 | * implement semantic release ([d921a49](https://github.com/saltstack-formulas/haproxy-formula/commit/d921a49bda6743c839f81a3e22b3ba54c6ad99d8)) 89 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | 3 | # SECTION: Owner(s) for everything in the repo, unless a later match takes precedence 4 | # FILE PATTERN OWNER(S) 5 | * @saltstack-formulas/wg 6 | 7 | # SECTION: Owner(s) for specific directories 8 | # FILE PATTERN OWNER(S) 9 | 10 | # SECTION: Owner(s) for files/directories related to `semantic-release` 11 | # FILE PATTERN OWNER(S) 12 | /.github/workflows/ @saltstack-formulas/ssf 13 | /bin/install-hooks @saltstack-formulas/ssf 14 | /bin/kitchen @saltstack-formulas/ssf 15 | /docs/AUTHORS.rst @saltstack-formulas/ssf 16 | /docs/CHANGELOG.rst @saltstack-formulas/ssf 17 | /docs/TOFS_pattern.rst @saltstack-formulas/ssf 18 | /*/_mapdata/ @saltstack-formulas/ssf 19 | /*/libsaltcli.jinja @saltstack-formulas/ssf 20 | /*/libtofs.jinja @saltstack-formulas/ssf 21 | /test/integration/**/_mapdata.rb @saltstack-formulas/ssf 22 | /test/integration/**/libraries/system.rb @saltstack-formulas/ssf 23 | /test/integration/**/inspec.yml @saltstack-formulas/ssf 24 | /test/integration/**/README.md @saltstack-formulas/ssf 25 | /test/salt/pillar/top.sls @saltstack-formulas/ssf 26 | /.gitignore @saltstack-formulas/ssf 27 | /.cirrus.yml @saltstack-formulas/ssf 28 | /.gitlab-ci.yml @saltstack-formulas/ssf 29 | /.pre-commit-config.yaml @saltstack-formulas/ssf 30 | /.rstcheck.cfg @saltstack-formulas/ssf 31 | /.rubocop.yml @saltstack-formulas/ssf 32 | /.salt-lint @saltstack-formulas/ssf 33 | /.travis.yml @saltstack-formulas/ssf 34 | /.yamllint @saltstack-formulas/ssf 35 | /AUTHORS.md @saltstack-formulas/ssf 36 | /CHANGELOG.md @saltstack-formulas/ssf 37 | /CODEOWNERS @saltstack-formulas/ssf 38 | /commitlint.config.js @saltstack-formulas/ssf 39 | /FORMULA @saltstack-formulas/ssf 40 | /Gemfile @saltstack-formulas/ssf 41 | /Gemfile.lock @saltstack-formulas/ssf 42 | /kitchen.yml @saltstack-formulas/ssf 43 | /kitchen.vagrant.yml @saltstack-formulas/ssf 44 | /kitchen.windows.yml @saltstack-formulas/ssf 45 | /pre-commit_semantic-release.sh @saltstack-formulas/ssf 46 | /release-rules.js @saltstack-formulas/ssf 47 | /release.config.js @saltstack-formulas/ssf 48 | 49 | # SECTION: Owner(s) for specific files 50 | # FILE PATTERN OWNER(S) 51 | -------------------------------------------------------------------------------- /FORMULA: -------------------------------------------------------------------------------- 1 | name: haproxy 2 | os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Amazon, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, Windows, MacOS 3 | os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, Windows, MacOS 4 | version: 0.18.0 5 | release: 1 6 | minimum_version: 2017.7 7 | summary: haproxy formula 8 | description: Formula to use as a template for other formulas 9 | top_level_dir: haproxy 10 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org') 4 | 5 | # Install the `inspec` gem using `git` because versions after `4.22.22` 6 | # suppress diff output; this version fixes this for our uses. 7 | # rubocop:disable Layout/LineLength 8 | gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf' 9 | # rubocop:enable Layout/LineLength 10 | 11 | # Install the `kitchen-docker` gem using `git` in order to gain a performance 12 | # improvement: avoid package installations which are already covered by the 13 | # `salt-image-builder` (i.e. the pre-salted images that we're using) 14 | # rubocop:disable Layout/LineLength 15 | gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf' 16 | # rubocop:enable Layout/LineLength 17 | 18 | gem 'kitchen-inspec', '>= 2.5.0' 19 | gem 'kitchen-salt', '>= 0.7.2' 20 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GIT 2 | remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec 3 | revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c 4 | branch: ssf 5 | specs: 6 | inspec (5.18.15) 7 | cookstyle 8 | faraday_middleware (>= 0.12.2, < 1.1) 9 | inspec-core (= 5.18.15) 10 | mongo (= 2.13.2) 11 | progress_bar (~> 1.3.3) 12 | rake 13 | train (~> 3.10) 14 | train-aws (~> 0.2) 15 | train-habitat (~> 0.1) 16 | train-winrm (~> 0.2) 17 | inspec-core (5.18.15) 18 | addressable (~> 2.4) 19 | chef-telemetry (~> 1.0, >= 1.0.8) 20 | faraday (>= 0.9.0, < 1.5) 21 | faraday_middleware (~> 1.0) 22 | hashie (>= 3.4, < 5.0) 23 | license-acceptance (>= 0.2.13, < 3.0) 24 | method_source (>= 0.8, < 2.0) 25 | mixlib-log (~> 3.0) 26 | multipart-post (~> 2.0) 27 | parallel (~> 1.9) 28 | parslet (>= 1.5, < 2.0) 29 | pry (~> 0.13) 30 | rspec (>= 3.9, <= 3.11) 31 | rspec-its (~> 1.2) 32 | rubyzip (>= 1.2.2, < 3.0) 33 | semverse (~> 3.0) 34 | sslshake (~> 1.2) 35 | thor (>= 0.20, < 2.0) 36 | tomlrb (>= 1.2, < 2.1) 37 | train-core (~> 3.10) 38 | tty-prompt (~> 0.17) 39 | tty-table (~> 0.10) 40 | 41 | GIT 42 | remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker 43 | revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82 44 | branch: ssf 45 | specs: 46 | kitchen-docker (2.12.0) 47 | test-kitchen (>= 1.0.0) 48 | 49 | GEM 50 | remote: https://rubygems.org/ 51 | specs: 52 | activesupport (7.0.3.1) 53 | concurrent-ruby (~> 1.0, >= 1.0.2) 54 | i18n (>= 1.6, < 2) 55 | minitest (>= 5.1) 56 | tzinfo (~> 2.0) 57 | addressable (2.8.0) 58 | public_suffix (>= 2.0.2, < 5.0) 59 | ast (2.4.2) 60 | aws-eventstream (1.2.0) 61 | aws-partitions (1.607.0) 62 | aws-sdk-alexaforbusiness (1.56.0) 63 | aws-sdk-core (~> 3, >= 3.127.0) 64 | aws-sigv4 (~> 1.1) 65 | aws-sdk-amplify (1.32.0) 66 | aws-sdk-core (~> 3, >= 3.120.0) 67 | aws-sigv4 (~> 1.1) 68 | aws-sdk-apigateway (1.78.0) 69 | aws-sdk-core (~> 3, >= 3.127.0) 70 | aws-sigv4 (~> 1.1) 71 | aws-sdk-apigatewayv2 (1.42.0) 72 | aws-sdk-core (~> 3, >= 3.127.0) 73 | aws-sigv4 (~> 1.1) 74 | aws-sdk-applicationautoscaling (1.51.0) 75 | aws-sdk-core (~> 3, >= 3.112.0) 76 | aws-sigv4 (~> 1.1) 77 | aws-sdk-athena (1.55.0) 78 | aws-sdk-core (~> 3, >= 3.127.0) 79 | aws-sigv4 (~> 1.1) 80 | aws-sdk-autoscaling (1.63.0) 81 | aws-sdk-core (~> 3, >= 3.112.0) 82 | aws-sigv4 (~> 1.1) 83 | aws-sdk-batch (1.47.0) 84 | aws-sdk-core (~> 3, >= 3.112.0) 85 | aws-sigv4 (~> 1.1) 86 | aws-sdk-budgets (1.50.0) 87 | aws-sdk-core (~> 3, >= 3.127.0) 88 | aws-sigv4 (~> 1.1) 89 | aws-sdk-cloudformation (1.70.0) 90 | aws-sdk-core (~> 3, >= 3.127.0) 91 | aws-sigv4 (~> 1.1) 92 | aws-sdk-cloudfront (1.65.0) 93 | aws-sdk-core (~> 3, >= 3.127.0) 94 | aws-sigv4 (~> 1.1) 95 | aws-sdk-cloudhsm (1.39.0) 96 | aws-sdk-core (~> 3, >= 3.127.0) 97 | aws-sigv4 (~> 1.1) 98 | aws-sdk-cloudhsmv2 (1.42.0) 99 | aws-sdk-core (~> 3, >= 3.127.0) 100 | aws-sigv4 (~> 1.1) 101 | aws-sdk-cloudtrail (1.49.0) 102 | aws-sdk-core (~> 3, >= 3.127.0) 103 | aws-sigv4 (~> 1.1) 104 | aws-sdk-cloudwatch (1.64.0) 105 | aws-sdk-core (~> 3, >= 3.127.0) 106 | aws-sigv4 (~> 1.1) 107 | aws-sdk-cloudwatchevents (1.46.0) 108 | aws-sdk-core (~> 3, >= 3.112.0) 109 | aws-sigv4 (~> 1.1) 110 | aws-sdk-cloudwatchlogs (1.53.0) 111 | aws-sdk-core (~> 3, >= 3.127.0) 112 | aws-sigv4 (~> 1.1) 113 | aws-sdk-codecommit (1.51.0) 114 | aws-sdk-core (~> 3, >= 3.127.0) 115 | aws-sigv4 (~> 1.1) 116 | aws-sdk-codedeploy (1.49.0) 117 | aws-sdk-core (~> 3, >= 3.127.0) 118 | aws-sigv4 (~> 1.1) 119 | aws-sdk-codepipeline (1.53.0) 120 | aws-sdk-core (~> 3, >= 3.127.0) 121 | aws-sigv4 (~> 1.1) 122 | aws-sdk-cognitoidentity (1.31.0) 123 | aws-sdk-core (~> 3, >= 3.112.0) 124 | aws-sigv4 (~> 1.1) 125 | aws-sdk-cognitoidentityprovider (1.53.0) 126 | aws-sdk-core (~> 3, >= 3.112.0) 127 | aws-sigv4 (~> 1.1) 128 | aws-sdk-configservice (1.79.0) 129 | aws-sdk-core (~> 3, >= 3.127.0) 130 | aws-sigv4 (~> 1.1) 131 | aws-sdk-core (3.131.2) 132 | aws-eventstream (~> 1, >= 1.0.2) 133 | aws-partitions (~> 1, >= 1.525.0) 134 | aws-sigv4 (~> 1.1) 135 | jmespath (~> 1, >= 1.6.1) 136 | aws-sdk-costandusagereportservice (1.40.0) 137 | aws-sdk-core (~> 3, >= 3.127.0) 138 | aws-sigv4 (~> 1.1) 139 | aws-sdk-databasemigrationservice (1.53.0) 140 | aws-sdk-core (~> 3, >= 3.112.0) 141 | aws-sigv4 (~> 1.1) 142 | aws-sdk-dynamodb (1.75.0) 143 | aws-sdk-core (~> 3, >= 3.127.0) 144 | aws-sigv4 (~> 1.1) 145 | aws-sdk-ec2 (1.322.0) 146 | aws-sdk-core (~> 3, >= 3.127.0) 147 | aws-sigv4 (~> 1.1) 148 | aws-sdk-ecr (1.56.0) 149 | aws-sdk-core (~> 3, >= 3.127.0) 150 | aws-sigv4 (~> 1.1) 151 | aws-sdk-ecrpublic (1.12.0) 152 | aws-sdk-core (~> 3, >= 3.127.0) 153 | aws-sigv4 (~> 1.1) 154 | aws-sdk-ecs (1.100.0) 155 | aws-sdk-core (~> 3, >= 3.127.0) 156 | aws-sigv4 (~> 1.1) 157 | aws-sdk-efs (1.54.0) 158 | aws-sdk-core (~> 3, >= 3.127.0) 159 | aws-sigv4 (~> 1.1) 160 | aws-sdk-eks (1.75.0) 161 | aws-sdk-core (~> 3, >= 3.127.0) 162 | aws-sigv4 (~> 1.1) 163 | aws-sdk-elasticache (1.78.0) 164 | aws-sdk-core (~> 3, >= 3.127.0) 165 | aws-sigv4 (~> 1.1) 166 | aws-sdk-elasticbeanstalk (1.51.0) 167 | aws-sdk-core (~> 3, >= 3.127.0) 168 | aws-sigv4 (~> 1.1) 169 | aws-sdk-elasticloadbalancing (1.40.0) 170 | aws-sdk-core (~> 3, >= 3.127.0) 171 | aws-sigv4 (~> 1.1) 172 | aws-sdk-elasticloadbalancingv2 (1.78.0) 173 | aws-sdk-core (~> 3, >= 3.127.0) 174 | aws-sigv4 (~> 1.1) 175 | aws-sdk-elasticsearchservice (1.65.0) 176 | aws-sdk-core (~> 3, >= 3.127.0) 177 | aws-sigv4 (~> 1.1) 178 | aws-sdk-emr (1.53.0) 179 | aws-sdk-core (~> 3, >= 3.121.2) 180 | aws-sigv4 (~> 1.1) 181 | aws-sdk-eventbridge (1.24.0) 182 | aws-sdk-core (~> 3, >= 3.112.0) 183 | aws-sigv4 (~> 1.1) 184 | aws-sdk-firehose (1.48.0) 185 | aws-sdk-core (~> 3, >= 3.127.0) 186 | aws-sigv4 (~> 1.1) 187 | aws-sdk-glue (1.88.0) 188 | aws-sdk-core (~> 3, >= 3.112.0) 189 | aws-sigv4 (~> 1.1) 190 | aws-sdk-guardduty (1.58.0) 191 | aws-sdk-core (~> 3, >= 3.127.0) 192 | aws-sigv4 (~> 1.1) 193 | aws-sdk-iam (1.69.0) 194 | aws-sdk-core (~> 3, >= 3.127.0) 195 | aws-sigv4 (~> 1.1) 196 | aws-sdk-kafka (1.50.0) 197 | aws-sdk-core (~> 3, >= 3.127.0) 198 | aws-sigv4 (~> 1.1) 199 | aws-sdk-kinesis (1.41.0) 200 | aws-sdk-core (~> 3, >= 3.127.0) 201 | aws-sigv4 (~> 1.1) 202 | aws-sdk-kms (1.57.0) 203 | aws-sdk-core (~> 3, >= 3.127.0) 204 | aws-sigv4 (~> 1.1) 205 | aws-sdk-lambda (1.84.0) 206 | aws-sdk-core (~> 3, >= 3.127.0) 207 | aws-sigv4 (~> 1.1) 208 | aws-sdk-mq (1.40.0) 209 | aws-sdk-core (~> 3, >= 3.120.0) 210 | aws-sigv4 (~> 1.1) 211 | aws-sdk-networkfirewall (1.17.0) 212 | aws-sdk-core (~> 3, >= 3.127.0) 213 | aws-sigv4 (~> 1.1) 214 | aws-sdk-networkmanager (1.24.0) 215 | aws-sdk-core (~> 3, >= 3.127.0) 216 | aws-sigv4 (~> 1.1) 217 | aws-sdk-organizations (1.59.0) 218 | aws-sdk-core (~> 3, >= 3.112.0) 219 | aws-sigv4 (~> 1.1) 220 | aws-sdk-ram (1.26.0) 221 | aws-sdk-core (~> 3, >= 3.112.0) 222 | aws-sigv4 (~> 1.1) 223 | aws-sdk-rds (1.148.0) 224 | aws-sdk-core (~> 3, >= 3.127.0) 225 | aws-sigv4 (~> 1.1) 226 | aws-sdk-redshift (1.84.0) 227 | aws-sdk-core (~> 3, >= 3.127.0) 228 | aws-sigv4 (~> 1.1) 229 | aws-sdk-route53 (1.63.0) 230 | aws-sdk-core (~> 3, >= 3.127.0) 231 | aws-sigv4 (~> 1.1) 232 | aws-sdk-route53domains (1.40.0) 233 | aws-sdk-core (~> 3, >= 3.127.0) 234 | aws-sigv4 (~> 1.1) 235 | aws-sdk-route53resolver (1.37.0) 236 | aws-sdk-core (~> 3, >= 3.127.0) 237 | aws-sigv4 (~> 1.1) 238 | aws-sdk-s3 (1.114.0) 239 | aws-sdk-core (~> 3, >= 3.127.0) 240 | aws-sdk-kms (~> 1) 241 | aws-sigv4 (~> 1.4) 242 | aws-sdk-s3control (1.43.0) 243 | aws-sdk-core (~> 3, >= 3.122.0) 244 | aws-sigv4 (~> 1.1) 245 | aws-sdk-secretsmanager (1.46.0) 246 | aws-sdk-core (~> 3, >= 3.112.0) 247 | aws-sigv4 (~> 1.1) 248 | aws-sdk-securityhub (1.67.0) 249 | aws-sdk-core (~> 3, >= 3.127.0) 250 | aws-sigv4 (~> 1.1) 251 | aws-sdk-servicecatalog (1.60.0) 252 | aws-sdk-core (~> 3, >= 3.112.0) 253 | aws-sigv4 (~> 1.1) 254 | aws-sdk-ses (1.41.0) 255 | aws-sdk-core (~> 3, >= 3.120.0) 256 | aws-sigv4 (~> 1.1) 257 | aws-sdk-shield (1.48.0) 258 | aws-sdk-core (~> 3, >= 3.127.0) 259 | aws-sigv4 (~> 1.1) 260 | aws-sdk-signer (1.32.0) 261 | aws-sdk-core (~> 3, >= 3.120.0) 262 | aws-sigv4 (~> 1.1) 263 | aws-sdk-simpledb (1.29.0) 264 | aws-sdk-core (~> 3, >= 3.120.0) 265 | aws-sigv2 (~> 1.0) 266 | aws-sdk-sms (1.40.0) 267 | aws-sdk-core (~> 3, >= 3.127.0) 268 | aws-sigv4 (~> 1.1) 269 | aws-sdk-sns (1.53.0) 270 | aws-sdk-core (~> 3, >= 3.127.0) 271 | aws-sigv4 (~> 1.1) 272 | aws-sdk-sqs (1.51.1) 273 | aws-sdk-core (~> 3, >= 3.127.0) 274 | aws-sigv4 (~> 1.1) 275 | aws-sdk-ssm (1.137.0) 276 | aws-sdk-core (~> 3, >= 3.127.0) 277 | aws-sigv4 (~> 1.1) 278 | aws-sdk-states (1.39.0) 279 | aws-sdk-core (~> 3, >= 3.112.0) 280 | aws-sigv4 (~> 1.1) 281 | aws-sdk-synthetics (1.19.0) 282 | aws-sdk-core (~> 3, >= 3.121.2) 283 | aws-sigv4 (~> 1.1) 284 | aws-sdk-transfer (1.34.0) 285 | aws-sdk-core (~> 3, >= 3.112.0) 286 | aws-sigv4 (~> 1.1) 287 | aws-sdk-waf (1.43.0) 288 | aws-sdk-core (~> 3, >= 3.122.0) 289 | aws-sigv4 (~> 1.1) 290 | aws-sigv2 (1.1.0) 291 | aws-sigv4 (1.5.0) 292 | aws-eventstream (~> 1, >= 1.0.2) 293 | azure_graph_rbac (0.17.2) 294 | ms_rest_azure (~> 0.12.0) 295 | azure_mgmt_key_vault (0.17.7) 296 | ms_rest_azure (~> 0.12.0) 297 | azure_mgmt_resources (0.18.2) 298 | ms_rest_azure (~> 0.12.0) 299 | azure_mgmt_security (0.19.0) 300 | ms_rest_azure (~> 0.12.0) 301 | azure_mgmt_storage (0.23.0) 302 | ms_rest_azure (~> 0.12.0) 303 | bcrypt_pbkdf (1.1.0) 304 | bson (4.15.0) 305 | builder (3.2.4) 306 | chef-config (17.10.0) 307 | addressable 308 | chef-utils (= 17.10.0) 309 | fuzzyurl 310 | mixlib-config (>= 2.2.12, < 4.0) 311 | mixlib-shellout (>= 2.0, < 4.0) 312 | tomlrb (~> 1.2) 313 | chef-telemetry (1.1.1) 314 | chef-config 315 | concurrent-ruby (~> 1.0) 316 | chef-utils (17.10.0) 317 | concurrent-ruby 318 | coderay (1.1.3) 319 | concurrent-ruby (1.1.10) 320 | cookstyle (7.32.1) 321 | rubocop (= 1.25.1) 322 | declarative (0.0.20) 323 | diff-lcs (1.5.0) 324 | docker-api (2.2.0) 325 | excon (>= 0.47.0) 326 | multi_json 327 | domain_name (0.5.20190701) 328 | unf (>= 0.0.5, < 1.0.0) 329 | ed25519 (1.3.0) 330 | erubi (1.10.0) 331 | excon (0.92.3) 332 | faraday (1.4.3) 333 | faraday-em_http (~> 1.0) 334 | faraday-em_synchrony (~> 1.0) 335 | faraday-excon (~> 1.1) 336 | faraday-net_http (~> 1.0) 337 | faraday-net_http_persistent (~> 1.1) 338 | multipart-post (>= 1.2, < 3) 339 | ruby2_keywords (>= 0.0.4) 340 | faraday-cookie_jar (0.0.7) 341 | faraday (>= 0.8.0) 342 | http-cookie (~> 1.0.0) 343 | faraday-em_http (1.0.0) 344 | faraday-em_synchrony (1.0.0) 345 | faraday-excon (1.1.0) 346 | faraday-net_http (1.0.1) 347 | faraday-net_http_persistent (1.2.0) 348 | faraday_middleware (1.0.0) 349 | faraday (~> 1.0) 350 | ffi (1.15.5) 351 | fuzzyurl (0.9.0) 352 | google-api-client (0.52.0) 353 | addressable (~> 2.5, >= 2.5.1) 354 | googleauth (~> 0.9) 355 | httpclient (>= 2.8.1, < 3.0) 356 | mini_mime (~> 1.0) 357 | representable (~> 3.0) 358 | retriable (>= 2.0, < 4.0) 359 | rexml 360 | signet (~> 0.12) 361 | googleauth (0.14.0) 362 | faraday (>= 0.17.3, < 2.0) 363 | jwt (>= 1.4, < 3.0) 364 | memoist (~> 0.16) 365 | multi_json (~> 1.11) 366 | os (>= 0.9, < 2.0) 367 | signet (~> 0.14) 368 | gssapi (1.3.1) 369 | ffi (>= 1.0.1) 370 | gyoku (1.4.0) 371 | builder (>= 2.1.2) 372 | rexml (~> 3.0) 373 | hashie (4.1.0) 374 | highline (2.0.3) 375 | http-cookie (1.0.5) 376 | domain_name (~> 0.5) 377 | httpclient (2.8.3) 378 | i18n (1.12.0) 379 | concurrent-ruby (~> 1.0) 380 | inifile (3.0.0) 381 | jmespath (1.6.1) 382 | json (2.6.2) 383 | jwt (2.4.1) 384 | kitchen-inspec (2.6.1) 385 | hashie (>= 3.4, <= 5.0) 386 | inspec (>= 2.2.64, < 7.0) 387 | test-kitchen (>= 2.7, < 4) 388 | kitchen-salt (0.7.2) 389 | hashie (>= 3.5) 390 | test-kitchen (>= 1.4) 391 | license-acceptance (2.1.13) 392 | pastel (~> 0.7) 393 | tomlrb (>= 1.2, < 3.0) 394 | tty-box (~> 0.6) 395 | tty-prompt (~> 0.20) 396 | little-plugger (1.1.4) 397 | logging (2.3.1) 398 | little-plugger (~> 1.1) 399 | multi_json (~> 1.14) 400 | memoist (0.16.2) 401 | method_source (1.0.0) 402 | mini_mime (1.1.2) 403 | minitest (5.16.2) 404 | mixlib-config (3.0.27) 405 | tomlrb 406 | mixlib-install (3.12.19) 407 | mixlib-shellout 408 | mixlib-versioning 409 | thor 410 | mixlib-log (3.0.9) 411 | mixlib-shellout (3.2.7) 412 | chef-utils 413 | mixlib-versioning (1.2.12) 414 | mongo (2.13.2) 415 | bson (>= 4.8.2, < 5.0.0) 416 | ms_rest (0.7.6) 417 | concurrent-ruby (~> 1.0) 418 | faraday (>= 0.9, < 2.0.0) 419 | timeliness (~> 0.3.10) 420 | ms_rest_azure (0.12.0) 421 | concurrent-ruby (~> 1.0) 422 | faraday (>= 0.9, < 2.0.0) 423 | faraday-cookie_jar (~> 0.0.6) 424 | ms_rest (~> 0.7.6) 425 | multi_json (1.15.0) 426 | multipart-post (2.2.3) 427 | net-scp (3.0.0) 428 | net-ssh (>= 2.6.5, < 7.0.0) 429 | net-ssh (6.1.0) 430 | net-ssh-gateway (2.0.0) 431 | net-ssh (>= 4.0.0) 432 | nori (2.6.0) 433 | options (2.3.2) 434 | os (1.1.4) 435 | parallel (1.22.1) 436 | parser (3.1.2.0) 437 | ast (~> 2.4.1) 438 | parslet (1.8.2) 439 | pastel (0.8.0) 440 | tty-color (~> 0.5) 441 | progress_bar (1.3.3) 442 | highline (>= 1.6, < 3) 443 | options (~> 2.3.0) 444 | pry (0.14.1) 445 | coderay (~> 1.1) 446 | method_source (~> 1.0) 447 | public_suffix (4.0.7) 448 | rainbow (3.1.1) 449 | rake (13.0.6) 450 | regexp_parser (2.5.0) 451 | representable (3.2.0) 452 | declarative (< 0.1.0) 453 | trailblazer-option (>= 0.1.1, < 0.2.0) 454 | uber (< 0.2.0) 455 | retriable (3.1.2) 456 | rexml (3.2.5) 457 | rspec (3.11.0) 458 | rspec-core (~> 3.11.0) 459 | rspec-expectations (~> 3.11.0) 460 | rspec-mocks (~> 3.11.0) 461 | rspec-core (3.11.0) 462 | rspec-support (~> 3.11.0) 463 | rspec-expectations (3.11.0) 464 | diff-lcs (>= 1.2.0, < 2.0) 465 | rspec-support (~> 3.11.0) 466 | rspec-its (1.3.0) 467 | rspec-core (>= 3.0.0) 468 | rspec-expectations (>= 3.0.0) 469 | rspec-mocks (3.11.1) 470 | diff-lcs (>= 1.2.0, < 2.0) 471 | rspec-support (~> 3.11.0) 472 | rspec-support (3.11.0) 473 | rubocop (1.25.1) 474 | parallel (~> 1.10) 475 | parser (>= 3.1.0.0) 476 | rainbow (>= 2.2.2, < 4.0) 477 | regexp_parser (>= 1.8, < 3.0) 478 | rexml 479 | rubocop-ast (>= 1.15.1, < 2.0) 480 | ruby-progressbar (~> 1.7) 481 | unicode-display_width (>= 1.4.0, < 3.0) 482 | rubocop-ast (1.19.1) 483 | parser (>= 3.1.1.0) 484 | ruby-progressbar (1.11.0) 485 | ruby2_keywords (0.0.5) 486 | rubyntlm (0.6.3) 487 | rubyzip (2.3.2) 488 | semverse (3.0.2) 489 | signet (0.17.0) 490 | addressable (~> 2.8) 491 | faraday (>= 0.17.5, < 3.a) 492 | jwt (>= 1.5, < 3.0) 493 | multi_json (~> 1.10) 494 | sslshake (1.3.1) 495 | strings (0.2.1) 496 | strings-ansi (~> 0.2) 497 | unicode-display_width (>= 1.5, < 3.0) 498 | unicode_utils (~> 1.4) 499 | strings-ansi (0.2.0) 500 | test-kitchen (3.3.1) 501 | bcrypt_pbkdf (~> 1.0) 502 | chef-utils (>= 16.4.35) 503 | ed25519 (~> 1.2) 504 | license-acceptance (>= 1.0.11, < 3.0) 505 | mixlib-install (~> 3.6) 506 | mixlib-shellout (>= 1.2, < 4.0) 507 | net-scp (>= 1.1, < 4.0) 508 | net-ssh (>= 2.9, < 7.0) 509 | net-ssh-gateway (>= 1.2, < 3.0) 510 | thor (>= 0.19, < 2.0) 511 | winrm (~> 2.0) 512 | winrm-elevated (~> 1.0) 513 | winrm-fs (~> 1.1) 514 | thor (1.2.1) 515 | timeliness (0.3.10) 516 | tomlrb (1.3.0) 517 | trailblazer-option (0.1.2) 518 | train (3.10.1) 519 | activesupport (>= 6.0.3.1) 520 | azure_graph_rbac (~> 0.16) 521 | azure_mgmt_key_vault (~> 0.17) 522 | azure_mgmt_resources (~> 0.15) 523 | azure_mgmt_security (~> 0.18) 524 | azure_mgmt_storage (~> 0.18) 525 | docker-api (>= 1.26, < 3.0) 526 | google-api-client (>= 0.23.9, <= 0.52.0) 527 | googleauth (>= 0.6.6, <= 0.14.0) 528 | inifile (~> 3.0) 529 | train-core (= 3.10.1) 530 | train-winrm (~> 0.2) 531 | train-aws (0.2.24) 532 | aws-sdk-alexaforbusiness (~> 1.0) 533 | aws-sdk-amplify (~> 1.32.0) 534 | aws-sdk-apigateway (~> 1.0) 535 | aws-sdk-apigatewayv2 (~> 1.0) 536 | aws-sdk-applicationautoscaling (>= 1.46, < 1.52) 537 | aws-sdk-athena (~> 1.0) 538 | aws-sdk-autoscaling (>= 1.22, < 1.64) 539 | aws-sdk-batch (>= 1.36, < 1.48) 540 | aws-sdk-budgets (~> 1.0) 541 | aws-sdk-cloudformation (~> 1.0) 542 | aws-sdk-cloudfront (~> 1.0) 543 | aws-sdk-cloudhsm (~> 1.0) 544 | aws-sdk-cloudhsmv2 (~> 1.0) 545 | aws-sdk-cloudtrail (~> 1.8) 546 | aws-sdk-cloudwatch (~> 1.13) 547 | aws-sdk-cloudwatchevents (>= 1.36, < 1.47) 548 | aws-sdk-cloudwatchlogs (~> 1.13) 549 | aws-sdk-codecommit (~> 1.0) 550 | aws-sdk-codedeploy (~> 1.0) 551 | aws-sdk-codepipeline (~> 1.0) 552 | aws-sdk-cognitoidentity (>= 1.26, < 1.32) 553 | aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54) 554 | aws-sdk-configservice (~> 1.21) 555 | aws-sdk-core (~> 3.0) 556 | aws-sdk-costandusagereportservice (~> 1.6) 557 | aws-sdk-databasemigrationservice (>= 1.42, < 1.54) 558 | aws-sdk-dynamodb (~> 1.31) 559 | aws-sdk-ec2 (~> 1.70) 560 | aws-sdk-ecr (~> 1.18) 561 | aws-sdk-ecrpublic (~> 1.3) 562 | aws-sdk-ecs (~> 1.30) 563 | aws-sdk-efs (~> 1.0) 564 | aws-sdk-eks (~> 1.9) 565 | aws-sdk-elasticache (~> 1.0) 566 | aws-sdk-elasticbeanstalk (~> 1.0) 567 | aws-sdk-elasticloadbalancing (~> 1.8) 568 | aws-sdk-elasticloadbalancingv2 (~> 1.0) 569 | aws-sdk-elasticsearchservice (~> 1.0) 570 | aws-sdk-emr (~> 1.53.0) 571 | aws-sdk-eventbridge (~> 1.24.0) 572 | aws-sdk-firehose (~> 1.0) 573 | aws-sdk-glue (>= 1.71, < 1.89) 574 | aws-sdk-guardduty (~> 1.31) 575 | aws-sdk-iam (~> 1.13) 576 | aws-sdk-kafka (~> 1.0) 577 | aws-sdk-kinesis (~> 1.0) 578 | aws-sdk-kms (~> 1.13) 579 | aws-sdk-lambda (~> 1.0) 580 | aws-sdk-mq (~> 1.40.0) 581 | aws-sdk-networkfirewall (>= 1.6.0) 582 | aws-sdk-networkmanager (>= 1.13.0) 583 | aws-sdk-organizations (>= 1.17, < 1.60) 584 | aws-sdk-ram (>= 1.21, < 1.27) 585 | aws-sdk-rds (~> 1.43) 586 | aws-sdk-redshift (~> 1.0) 587 | aws-sdk-route53 (~> 1.0) 588 | aws-sdk-route53domains (~> 1.0) 589 | aws-sdk-route53resolver (~> 1.0) 590 | aws-sdk-s3 (~> 1.30) 591 | aws-sdk-s3control (~> 1.43.0) 592 | aws-sdk-secretsmanager (>= 1.42, < 1.47) 593 | aws-sdk-securityhub (~> 1.0) 594 | aws-sdk-servicecatalog (>= 1.48, < 1.61) 595 | aws-sdk-ses (~> 1.41.0) 596 | aws-sdk-shield (~> 1.30) 597 | aws-sdk-signer (~> 1.32.0) 598 | aws-sdk-simpledb (~> 1.29.0) 599 | aws-sdk-sms (~> 1.0) 600 | aws-sdk-sns (~> 1.9) 601 | aws-sdk-sqs (~> 1.10) 602 | aws-sdk-ssm (~> 1.0) 603 | aws-sdk-states (>= 1.35, < 1.40) 604 | aws-sdk-synthetics (~> 1.19.0) 605 | aws-sdk-transfer (>= 1.26, < 1.35) 606 | aws-sdk-waf (~> 1.43.0) 607 | train-core (3.10.1) 608 | addressable (~> 2.5) 609 | ffi (!= 1.13.0) 610 | json (>= 1.8, < 3.0) 611 | mixlib-shellout (>= 2.0, < 4.0) 612 | net-scp (>= 1.2, < 4.0) 613 | net-ssh (>= 2.9, < 7.0) 614 | train-habitat (0.2.22) 615 | train-winrm (0.2.13) 616 | winrm (>= 2.3.6, < 3.0) 617 | winrm-elevated (~> 1.2.2) 618 | winrm-fs (~> 1.0) 619 | tty-box (0.7.0) 620 | pastel (~> 0.8) 621 | strings (~> 0.2.0) 622 | tty-cursor (~> 0.7) 623 | tty-color (0.6.0) 624 | tty-cursor (0.7.1) 625 | tty-prompt (0.23.1) 626 | pastel (~> 0.8) 627 | tty-reader (~> 0.8) 628 | tty-reader (0.9.0) 629 | tty-cursor (~> 0.7) 630 | tty-screen (~> 0.8) 631 | wisper (~> 2.0) 632 | tty-screen (0.8.1) 633 | tty-table (0.12.0) 634 | pastel (~> 0.8) 635 | strings (~> 0.2.0) 636 | tty-screen (~> 0.8) 637 | tzinfo (2.0.4) 638 | concurrent-ruby (~> 1.0) 639 | uber (0.1.0) 640 | unf (0.1.4) 641 | unf_ext 642 | unf_ext (0.0.8.2) 643 | unicode-display_width (2.2.0) 644 | unicode_utils (1.4.0) 645 | winrm (2.3.6) 646 | builder (>= 2.1.2) 647 | erubi (~> 1.8) 648 | gssapi (~> 1.2) 649 | gyoku (~> 1.0) 650 | httpclient (~> 2.2, >= 2.2.0.2) 651 | logging (>= 1.6.1, < 3.0) 652 | nori (~> 2.0) 653 | rubyntlm (~> 0.6.0, >= 0.6.3) 654 | winrm-elevated (1.2.3) 655 | erubi (~> 1.8) 656 | winrm (~> 2.0) 657 | winrm-fs (~> 1.0) 658 | winrm-fs (1.3.5) 659 | erubi (~> 1.8) 660 | logging (>= 1.6.1, < 3.0) 661 | rubyzip (~> 2.0) 662 | winrm (~> 2.0) 663 | wisper (2.0.1) 664 | 665 | PLATFORMS 666 | ruby 667 | 668 | DEPENDENCIES 669 | inspec! 670 | kitchen-docker! 671 | kitchen-inspec (>= 2.5.0) 672 | kitchen-salt (>= 0.7.2) 673 | 674 | BUNDLED WITH 675 | 2.1.2 676 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /bin/install-hooks: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -o nounset # Treat unset variables as an error and immediately exit 3 | set -o errexit # If a command fails exit the whole script 4 | 5 | if [ "${DEBUG:-false}" = "true" ]; then 6 | set -x # Run the entire script in debug mode 7 | fi 8 | 9 | if ! command -v pre-commit >/dev/null 2>&1; then 10 | echo "pre-commit not found: please install or check your PATH" >&2 11 | echo "See https://pre-commit.com/#installation" >&2 12 | exit 1 13 | fi 14 | 15 | pre-commit install --install-hooks 16 | pre-commit install --hook-type commit-msg --install-hooks 17 | -------------------------------------------------------------------------------- /bin/kitchen: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # 5 | # This file was generated by Bundler. 6 | # 7 | # The application 'kitchen' is installed as part of a gem, and 8 | # this file is here to facilitate running it. 9 | # 10 | 11 | require 'pathname' 12 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', 13 | Pathname.new(__FILE__).realpath) 14 | 15 | bundle_binstub = File.expand_path('bundle', __dir__) 16 | 17 | if File.file?(bundle_binstub) 18 | if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ 19 | load(bundle_binstub) 20 | else 21 | abort( 22 | 'Your `bin/bundle` was not generated by Bundler, ' \ 23 | 'so this binstub cannot run. Replace `bin/bundle` by running ' \ 24 | '`bundle binstubs bundler --force`, then run this command again.' 25 | ) 26 | end 27 | end 28 | 29 | require 'rubygems' 30 | require 'bundler/setup' 31 | 32 | load Gem.bin_path('test-kitchen', 'kitchen') 33 | -------------------------------------------------------------------------------- /commitlint.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | extends: ['@commitlint/config-conventional'], 3 | rules: { 4 | 'body-max-line-length': [2, 'always', 120], 5 | 'footer-max-line-length': [2, 'always', 120], 6 | 'header-max-length': [2, 'always', 72], 7 | }, 8 | }; 9 | -------------------------------------------------------------------------------- /docs/AUTHORS.rst: -------------------------------------------------------------------------------- 1 | .. role:: raw-html-m2r(raw) 2 | :format: html 3 | 4 | 5 | Authors 6 | ======= 7 | 8 | This list is sorted by the number of commits per contributor in *descending* order. 9 | 10 | .. list-table:: 11 | :header-rows: 1 12 | 13 | * - Avatar 14 | - Contributor 15 | - Contributions 16 | * - :raw-html-m2r:`@myii` 17 | - `@myii `_ 18 | - 82 19 | * - :raw-html-m2r:`@johnkeates` 20 | - `@johnkeates `_ 21 | - 29 22 | * - :raw-html-m2r:`@gravyboat` 23 | - `@gravyboat `_ 24 | - 28 25 | * - :raw-html-m2r:`@bigbosst` 26 | - `@bigbosst `_ 27 | - 11 28 | * - :raw-html-m2r:`@daks` 29 | - `@daks `_ 30 | - 8 31 | * - :raw-html-m2r:`@puneetk` 32 | - `@puneetk `_ 33 | - 8 34 | * - :raw-html-m2r:`@nmadhok` 35 | - `@nmadhok `_ 36 | - 7 37 | * - :raw-html-m2r:`@hoonetorg` 38 | - `@hoonetorg `_ 39 | - 7 40 | * - :raw-html-m2r:`@boltronics` 41 | - `@boltronics `_ 42 | - 6 43 | * - :raw-html-m2r:`@aboe76` 44 | - `@aboe76 `_ 45 | - 6 46 | * - :raw-html-m2r:`@morsik` 47 | - `@morsik `_ 48 | - 6 49 | * - :raw-html-m2r:`@ticosax` 50 | - `@ticosax `_ 51 | - 4 52 | * - :raw-html-m2r:`@thatch45` 53 | - `@thatch45 `_ 54 | - 4 55 | * - :raw-html-m2r:`@abednarik` 56 | - `@abednarik `_ 57 | - 4 58 | * - :raw-html-m2r:`@bneqld` 59 | - `@bneqld `_ 60 | - 3 61 | * - :raw-html-m2r:`@dafyddj` 62 | - `@dafyddj `_ 63 | - 3 64 | * - :raw-html-m2r:`@noelmcloughlin` 65 | - `@noelmcloughlin `_ 66 | - 3 67 | * - :raw-html-m2r:`@javierbertoli` 68 | - `@javierbertoli `_ 69 | - 2 70 | * - :raw-html-m2r:`@kjkeane` 71 | - `@kjkeane `_ 72 | - 2 73 | * - :raw-html-m2r:`@stp-ip` 74 | - `@stp-ip `_ 75 | - 2 76 | * - :raw-html-m2r:`@liunich` 77 | - `@liunich `_ 78 | - 2 79 | * - :raw-html-m2r:`@mymasse` 80 | - `@mymasse `_ 81 | - 2 82 | * - :raw-html-m2r:`@ze42` 83 | - `@ze42 `_ 84 | - 1 85 | * - :raw-html-m2r:`@aminet` 86 | - `@aminet `_ 87 | - 1 88 | * - :raw-html-m2r:`@iggy` 89 | - `@iggy `_ 90 | - 1 91 | * - :raw-html-m2r:`@stenstad` 92 | - `@stenstad `_ 93 | - 1 94 | * - :raw-html-m2r:`@baby-gnu` 95 | - `@baby-gnu `_ 96 | - 1 97 | * - :raw-html-m2r:`@ingben` 98 | - `@ingben `_ 99 | - 1 100 | * - :raw-html-m2r:`@kti-richard` 101 | - `@kti-richard `_ 102 | - 1 103 | * - :raw-html-m2r:`@msciciel` 104 | - `@msciciel `_ 105 | - 1 106 | * - :raw-html-m2r:`@whiteinge` 107 | - `@whiteinge `_ 108 | - 1 109 | * - :raw-html-m2r:`@genuss` 110 | - `@genuss `_ 111 | - 1 112 | * - :raw-html-m2r:`@davidkarlsen` 113 | - `@davidkarlsen `_ 114 | - 1 115 | * - :raw-html-m2r:`@davidwalter0` 116 | - `@davidwalter0 `_ 117 | - 1 118 | 119 | 120 | ---- 121 | 122 | Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2022-04-08. 123 | -------------------------------------------------------------------------------- /docs/CHANGELOG.rst: -------------------------------------------------------------------------------- 1 | 2 | Changelog 3 | ========= 4 | 5 | `0.18.0 `_ (2022-04-08) 6 | ------------------------------------------------------------------------------------------------------------ 7 | 8 | Continuous Integration 9 | ^^^^^^^^^^^^^^^^^^^^^^ 10 | 11 | 12 | * **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `eb1dfad `_\ ) 13 | * update linters to latest versions [skip ci] (\ `668fcd0 `_\ ) 14 | * **3003.1:** update inc. AlmaLinux, Rocky & ``rst-lint`` [skip ci] (\ `dd43437 `_\ ) 15 | * **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] (\ `07ffdfe `_\ ) 16 | * **gemfile+lock:** use ``ssf`` customised ``inspec`` repo [skip ci] (\ `df108e6 `_\ ) 17 | * **kitchen:** move ``provisioner`` block & update ``run_command`` [skip ci] (\ `7a79c5b `_\ ) 18 | * **kitchen+ci:** update with ``3004`` pre-salted images/boxes [skip ci] (\ `9458feb `_\ ) 19 | * **kitchen+ci:** update with latest ``3003.2`` pre-salted images [skip ci] (\ `8edd6ac `_\ ) 20 | * **kitchen+ci:** update with latest CVE pre-salted images [skip ci] (\ `39e8288 `_\ ) 21 | * **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] (\ `c16996b `_\ ) 22 | * **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `ff5224a `_\ ) 23 | * add Debian 11 Bullseye & update ``yamllint`` configuration [skip ci] (\ `ac38984 `_\ ) 24 | * **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] (\ `0bfccc2 `_\ ) 25 | * add ``arch-master`` to matrix and update ``.travis.yml`` [skip ci] (\ `14f640a `_\ ) 26 | * **kitchen+gitlab:** adjust matrix to add ``3003`` [skip ci] (\ `2fb3a67 `_\ ) 27 | 28 | Features 29 | ^^^^^^^^ 30 | 31 | 32 | * **httpchecks:** support multiple httpcheck lines (\ `1187532 `_\ ) 33 | 34 | Tests 35 | ^^^^^ 36 | 37 | 38 | * **default:** add ``httpcheck`` & ``httpchecks`` values to test pillar (\ `8977843 `_\ ) 39 | * **system:** add ``build_platform_codename`` [skip ci] (\ `9f90d8a `_\ ) 40 | * standardise use of ``share`` suite & ``_mapdata`` state [skip ci] (\ `9989cb5 `_\ ) 41 | 42 | `0.17.1 `_ (2021-03-04) 43 | ------------------------------------------------------------------------------------------------------------ 44 | 45 | Bug Fixes 46 | ^^^^^^^^^ 47 | 48 | 49 | * **config:** ensure ``haproxy:global:chroot:path`` is created if provided (\ `92831b6 `_\ ) 50 | * **templates/haproxy.jinja:** replace deprecated ``reqadd`` (\ `8c6c855 `_\ ), closes `/github.com/haproxy/haproxy/blob/31dd393da0e6c20bf65ea833d10635a8b26cb355/src/cfgparse-listen.c#L2843-L2845 `_ 51 | 52 | Continuous Integration 53 | ^^^^^^^^^^^^^^^^^^^^^^ 54 | 55 | 56 | * **commitlint:** ensure ``upstream/master`` uses main repo URL [skip ci] (\ `c80fa08 `_\ ) 57 | * **gemfile+lock:** use ``ssf`` customised ``kitchen-docker`` repo [skip ci] (\ `db31f52 `_\ ) 58 | * **gitlab-ci:** add ``rubocop`` linter (with ``allow_failure``\ ) [skip ci] (\ `1792404 `_\ ) 59 | * **gitlab-ci:** use GitLab CI as Travis CI replacement (\ `17911ca `_\ ) 60 | * **kitchen+gitlab-ci:** use latest pre-salted images (\ `ae579a7 `_\ ) 61 | * **pre-commit:** add to formula [skip ci] (\ `649b533 `_\ ) 62 | * **pre-commit:** enable/disable ``rstcheck`` as relevant [skip ci] (\ `79ec26d `_\ ) 63 | * **pre-commit:** finalise ``rstcheck`` configuration [skip ci] (\ `0792e26 `_\ ) 64 | * **pre-commit:** update hook for ``rubocop`` [skip ci] (\ `a73b49f `_\ ) 65 | 66 | Tests 67 | ^^^^^ 68 | 69 | 70 | * **pillar:** provide ``default`` pillar working on all platforms (\ `12be6ff `_\ ) 71 | 72 | `0.17.0 `_ (2020-06-16) 73 | ------------------------------------------------------------------------------------------------------------ 74 | 75 | Bug Fixes 76 | ^^^^^^^^^ 77 | 78 | 79 | * **rubocop:** fix violations using ``rubocop -a`` (\ `98076d3 `_\ ) 80 | 81 | Code Refactoring 82 | ^^^^^^^^^^^^^^^^ 83 | 84 | 85 | * **kitchen:** prefer ``kitchen.yml`` to ``.kitchen.yml`` (\ `47eabab `_\ ) 86 | 87 | Continuous Integration 88 | ^^^^^^^^^^^^^^^^^^^^^^ 89 | 90 | 91 | * **salt-lint:** fix (\ `60e8d19 `_\ ) 92 | * **yamlint:** fix (\ `1072b1d `_\ ) 93 | 94 | Documentation 95 | ^^^^^^^^^^^^^ 96 | 97 | 98 | * **readme:** merge with original ``README`` (\ `870474e `_\ ) 99 | 100 | Features 101 | ^^^^^^^^ 102 | 103 | 104 | * implement semantic release (\ `d921a49 `_\ ) 105 | -------------------------------------------------------------------------------- /docs/README.rst: -------------------------------------------------------------------------------- 1 | .. _readme: 2 | 3 | haproxy-formula 4 | =============== 5 | 6 | |img_travis| |img_sr| 7 | 8 | .. |img_travis| image:: https://travis-ci.com/saltstack-formulas/haproxy-formula.svg?branch=master 9 | :alt: Travis CI Build Status 10 | :scale: 100% 11 | :target: https://travis-ci.com/saltstack-formulas/haproxy-formula 12 | .. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg 13 | :alt: Semantic Release 14 | :scale: 100% 15 | :target: https://github.com/semantic-release/semantic-release 16 | 17 | Install, configure and run ``haproxy``. 18 | 19 | .. contents:: **Table of Contents** 20 | :depth: 1 21 | 22 | General notes 23 | ------------- 24 | 25 | See the full `SaltStack Formulas installation and usage instructions 26 | `_. 27 | 28 | If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section 29 | `_. 30 | 31 | If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, 32 | which contains the currently released version. This formula is versioned according to `Semantic Versioning `_. 33 | 34 | See `Formula Versioning Section `_ for more details. 35 | 36 | If you need (non-default) configuration, please pay attention to the ``pillar.example`` file and/or `Special notes`_ section. 37 | 38 | Contributing to this repo 39 | ------------------------- 40 | 41 | **Commit message formatting is significant!!** 42 | 43 | Please see `How to contribute `_ for more details. 44 | 45 | Special notes 46 | ------------- 47 | 48 | Use the supplied haproxy.cfg for a flat file approach, 49 | or the jinja template and the pillar for a salt approach. 50 | 51 | Available states 52 | ---------------- 53 | 54 | .. contents:: 55 | :local: 56 | 57 | ``haproxy`` 58 | ^^^^^^^^^^^^ 59 | 60 | *Meta-state (This is a state that includes other states)*. 61 | 62 | This installs the haproxy package, 63 | manages the haproxy configuration file and then 64 | starts the associated haproxy service. 65 | 66 | ``haproxy.install`` 67 | ^^^^^^^^^^^^^^^^^^^^ 68 | 69 | This state will install the haproxy package only. 70 | 71 | ``haproxy.config`` 72 | ^^^^^^^^^^^^^^^^^^^ 73 | 74 | This state will configure the haproxy service and has a dependency on ``haproxy.install`` 75 | via include list. 76 | 77 | Currently, only a handful of options can be set using the pillar: 78 | 79 | - Global 80 | 81 | + stats: enable stats, currently only via a unix socket which can be set to a path with custom permissions and optional extra bind arguments 82 | + user: sets the user haproxy shall run as 83 | + group: sets the group haproxy shall run as 84 | + chroot: allows you to turn on chroot and set a directory 85 | + daemon: allows you to turn daemon mode on and off 86 | 87 | - Default 88 | 89 | + log: set the default log 90 | + mode: sets the mode (i.e. http) 91 | + retries: sets the number of retries 92 | + options: an array of options that is simply looped with no special treatment 93 | + timeouts: an array of timeouts that is simply looped with no special treatment 94 | + errorfiles: an array of k:v errorfiles to point to the correct file matching an HTTP error code 95 | 96 | - Frontend; Frontend(s) is a list of the frontends you desire to have in your haproxy setup 97 | Per frontend you can set: 98 | 99 | + name: the name haproxy will use for the frontend 100 | + bind: the bind string: this allows you to set the IP, Port and other paramters for the bind 101 | + redirect: add a redirect line, an unparsed string like in the backend 102 | + reqadd: an array of reqadd statements. Looped over and put in the configuration, no parsing 103 | + default_backend: sets the default backend 104 | + acls: a list of acls, not parsed, simply looped and put in to the configuration 105 | + blocks: a list of block statements, not parsed, simply looped and put in to the configuration 106 | + use_backends: a list of use_backend statements, looped over, not parsed 107 | 108 | - Backend; Backend(s) is a list of the backends you desire to have in your haproxy setup, per backend you can set: 109 | 110 | + name: set the backend name, used in the frontend references by haproxy 111 | + balance: set the balance type, string 112 | + redirect: if set, can be used to redirect; simply a string, not parsed 113 | + servers: a list of servers this backend will contact, is looped over; per server you can set: 114 | 115 | + name: name of the server for haproxy 116 | + host: the host to be contacted 117 | + port: the port to contact the server on 118 | + check: set to check to enable checking 119 | 120 | - For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above. 121 | 122 | ``haproxy.service`` 123 | ^^^^^^^^^^^^^^^^^^^^ 124 | 125 | This state will start the haproxy service and has a dependency on ``haproxy.config`` 126 | via include list. 127 | 128 | Testing 129 | ------- 130 | 131 | Linux testing is done with ``kitchen-salt``. 132 | 133 | Requirements 134 | ^^^^^^^^^^^^ 135 | 136 | * Ruby 137 | * Docker 138 | 139 | .. code-block:: bash 140 | 141 | $ gem install bundler 142 | $ bundle install 143 | $ bin/kitchen test [platform] 144 | 145 | Where ``[platform]`` is the platform name defined in ``kitchen.yml``, 146 | e.g. ``debian-9-2019-2-py3``. 147 | 148 | ``bin/kitchen converge`` 149 | ^^^^^^^^^^^^^^^^^^^^^^^^ 150 | 151 | Creates the docker instance and runs the ``haproxy`` main state, ready for testing. 152 | 153 | ``bin/kitchen verify`` 154 | ^^^^^^^^^^^^^^^^^^^^^^ 155 | 156 | Runs the ``inspec`` tests on the actual instance. 157 | 158 | ``bin/kitchen destroy`` 159 | ^^^^^^^^^^^^^^^^^^^^^^^ 160 | 161 | Removes the docker instance. 162 | 163 | ``bin/kitchen test`` 164 | ^^^^^^^^^^^^^^^^^^^^ 165 | 166 | Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. 167 | 168 | ``bin/kitchen login`` 169 | ^^^^^^^^^^^^^^^^^^^^^ 170 | 171 | Gives you SSH access to the instance for manual testing. 172 | 173 | -------------------------------------------------------------------------------- /haproxy/_mapdata/_mapdata.jinja: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # {{ grains.get("osfinger", grains.os) }} 3 | --- 4 | {#- use salt.slsutil.serialize to avoid encoding errors on some platforms #} 5 | {{ salt["slsutil.serialize"]( 6 | "yaml", 7 | map, 8 | default_flow_style=False, 9 | allow_unicode=True, 10 | ) 11 | | regex_replace("^\s+'$", "'", multiline=True) 12 | | trim 13 | }} 14 | -------------------------------------------------------------------------------- /haproxy/_mapdata/init.sls: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=sls 3 | --- 4 | {#- Get the `tplroot` from `tpldir` #} 5 | {%- set tplroot = tpldir.split("/")[0] %} 6 | {%- from tplroot ~ "/map.jinja" import haproxy with context %} 7 | 8 | {%- set _mapdata = { 9 | "values": haproxy, 10 | } %} 11 | {%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %} 12 | 13 | {%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %} 14 | {%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %} 15 | 16 | {{ tplroot }}-mapdata-dump: 17 | file.managed: 18 | - name: {{ output_file }} 19 | - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja 20 | - template: jinja 21 | - context: 22 | map: {{ _mapdata | yaml }} 23 | -------------------------------------------------------------------------------- /haproxy/config.sls: -------------------------------------------------------------------------------- 1 | {% from tpldir ~ "/map.jinja" import haproxy with context %} 2 | 3 | {% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %} 4 | haproxy.config: 5 | file.managed: 6 | - name: {{ config_file }} 7 | - source: {{ haproxy.config_file_source }} 8 | - template: jinja 9 | - user: {{ haproxy.user }} 10 | - group: {{ haproxy.group }} 11 | - mode: 644 12 | - require_in: 13 | - service: haproxy.service 14 | - watch_in: 15 | - service: haproxy.service 16 | {% if salt['pillar.get']('haproxy:overwrite', default=True) == False %} 17 | - unless: 18 | - test -e {{ config_file }} 19 | {% endif %} 20 | 21 | {% if salt['pillar.get']('haproxy:global:chroot:enable', False) and 22 | salt['pillar.get']('haproxy:global:chroot:path', '') %} 23 | haproxy-chroot-directory: 24 | file.directory: 25 | - name: {{ salt['pillar.get']('haproxy:global:chroot:path') }} 26 | - user: {{ haproxy.user }} 27 | - group: {{ haproxy.group }} 28 | - dir_mode: 755 29 | - require_in: 30 | - service: haproxy.service 31 | {% endif %} 32 | -------------------------------------------------------------------------------- /haproxy/files/haproxy-debian-package-default.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log /dev/log local0 3 | log /dev/log local1 notice 4 | chroot /var/lib/haproxy 5 | user haproxy 6 | group haproxy 7 | daemon 8 | 9 | defaults 10 | log global 11 | mode http 12 | option httplog 13 | option dontlognull 14 | contimeout 5000 15 | clitimeout 50000 16 | srvtimeout 50000 17 | errorfile 400 /etc/haproxy/errors/400.http 18 | errorfile 403 /etc/haproxy/errors/403.http 19 | errorfile 408 /etc/haproxy/errors/408.http 20 | errorfile 500 /etc/haproxy/errors/500.http 21 | errorfile 502 /etc/haproxy/errors/502.http 22 | errorfile 503 /etc/haproxy/errors/503.http 23 | errorfile 504 /etc/haproxy/errors/504.http -------------------------------------------------------------------------------- /haproxy/files/haproxy-init-disable: -------------------------------------------------------------------------------- 1 | # **** DO NOT EDIT THIS FILE **** 2 | # 3 | # This file is managed by Salt. 4 | # Any changes will be overwritten. 5 | 6 | ENABLED=0 -------------------------------------------------------------------------------- /haproxy/files/haproxy-init-enable: -------------------------------------------------------------------------------- 1 | # **** DO NOT EDIT THIS FILE **** 2 | # 3 | # This file is managed by Salt. 4 | # Any changes will be overwritten. 5 | 6 | ENABLED=1 -------------------------------------------------------------------------------- /haproxy/files/haproxy.cfg: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt 6 | # 7 | #--------------------------------------------------------------------- 8 | 9 | #--------------------------------------------------------------------- 10 | # Global settings 11 | #--------------------------------------------------------------------- 12 | global 13 | # to have these messages end up in /var/log/haproxy.log you will 14 | # need to: 15 | # 16 | # 1) configure syslog to accept network log events. This is done 17 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 18 | # /etc/sysconfig/syslog 19 | # 20 | # 2) configure local2 events to go to the /var/log/haproxy.log 21 | # file. A line like the following can be added to 22 | # /etc/sysconfig/syslog 23 | # 24 | # local2.* /var/log/haproxy.log 25 | # 26 | log 127.0.0.1 local2 27 | 28 | chroot /var/lib/haproxy 29 | pidfile /var/run/haproxy.pid 30 | maxconn 4000 31 | user haproxy 32 | group haproxy 33 | daemon 34 | 35 | # turn on stats unix socket 36 | stats socket /var/lib/haproxy/stats 37 | 38 | #--------------------------------------------------------------------- 39 | # common defaults that all the 'listen' and 'backend' sections will 40 | # use if not designated in their block 41 | #--------------------------------------------------------------------- 42 | defaults 43 | mode http 44 | log global 45 | option httplog 46 | option dontlognull 47 | option http-server-close 48 | option forwardfor except 127.0.0.0/8 49 | option redispatch 50 | retries 3 51 | timeout http-request 10s 52 | timeout queue 1m 53 | timeout connect 10s 54 | timeout client 1m 55 | timeout server 1m 56 | timeout http-keep-alive 10s 57 | timeout check 10s 58 | maxconn 3000 59 | 60 | #--------------------------------------------------------------------- 61 | # main frontend which proxys to the backends 62 | #--------------------------------------------------------------------- 63 | frontend main *:5000 64 | acl url_static path_beg -i /static /images /javascript /stylesheets 65 | acl url_static path_end -i .jpg .gif .png .css .js 66 | 67 | use_backend static if url_static 68 | default_backend app 69 | 70 | #--------------------------------------------------------------------- 71 | # static backend for serving up images, stylesheets and such 72 | #--------------------------------------------------------------------- 73 | backend static 74 | balance roundrobin 75 | server static 127.0.0.1:4331 check 76 | 77 | #--------------------------------------------------------------------- 78 | # round robin balancing between the various backends 79 | #--------------------------------------------------------------------- 80 | backend app 81 | balance roundrobin 82 | server app1 127.0.0.1:5001 check 83 | server app2 127.0.0.1:5002 check 84 | server app3 127.0.0.1:5003 check 85 | server app4 127.0.0.1:5004 check 86 | 87 | -------------------------------------------------------------------------------- /haproxy/init.sls: -------------------------------------------------------------------------------- 1 | # haproxy 2 | # 3 | # Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo) 4 | 5 | include: 6 | {%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %} 7 | {%- for item in haproxy_items %} 8 | - {{ item }} 9 | {%- endfor %} 10 | - haproxy.install 11 | - haproxy.service 12 | - haproxy.config 13 | -------------------------------------------------------------------------------- /haproxy/install.sls: -------------------------------------------------------------------------------- 1 | {% from tpldir ~ "/map.jinja" import haproxy with context %} 2 | 3 | haproxy.install: 4 | pkg.installed: 5 | - name: {{ haproxy.package }} 6 | {% if salt['pillar.get']('haproxy:require') %} 7 | - require: 8 | {% for item in salt['pillar.get']('haproxy:require') %} 9 | - {{ item }} 10 | {% endfor %} 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /haproxy/map.jinja: -------------------------------------------------------------------------------- 1 | {% set haproxy = salt['grains.filter_by']({ 2 | 'default': { 3 | 'package': 'haproxy', 4 | 'config_file': '/etc/haproxy/haproxy.cfg', 5 | 'config_file_source': 'salt://haproxy/templates/haproxy.jinja', 6 | 'user': 'root', 7 | 'group': 'root', 8 | 'service': 'haproxy', 9 | }, 10 | 'FreeBSD': { 11 | 'config_file': '/usr/local/etc/haproxy.conf', 12 | 'group': 'wheel', 13 | }, 14 | }, merge=salt['pillar.get']('haproxy:lookup'), base='default') %} 15 | 16 | -------------------------------------------------------------------------------- /haproxy/service.sls: -------------------------------------------------------------------------------- 1 | {% from tpldir ~ "/map.jinja" import haproxy with context %} 2 | 3 | haproxy.service: 4 | {% if salt['pillar.get']('haproxy:enable', True) %} 5 | service.running: 6 | - name: {{ haproxy.service }} 7 | - enable: True 8 | - reload: True 9 | - require: 10 | - pkg: haproxy.install 11 | {% if salt['grains.get']('os_family') == 'Debian' %} 12 | - file: haproxy.service 13 | {% endif %} 14 | {% else %} 15 | service.dead: 16 | - name: {{ haproxy.service }} 17 | - enable: False 18 | {% endif %} 19 | {% if salt['grains.get']('os_family') == 'Debian' %} 20 | file.replace: 21 | - name: /etc/default/haproxy 22 | {% if salt['pillar.get']('haproxy:enabled', True) %} 23 | - pattern: ENABLED=0$ 24 | - repl: ENABLED=1 25 | {% else %} 26 | - pattern: ENABLED=1$ 27 | - repl: ENABLED=0 28 | {% endif %} 29 | - show_changes: True 30 | {% endif %} 31 | -------------------------------------------------------------------------------- /haproxy/templates/haproxy.jinja: -------------------------------------------------------------------------------- 1 | # HAProxy configuration 2 | # 3 | # **** DO NOT EDIT THIS FILE **** 4 | # 5 | # This file is managed by Salt. 6 | # Any changes will be overwritten. 7 | 8 | {%- macro render_list_of_dictionaries(name, list, indent = ' ', infix = ' ', postfix = '\t') %} 9 | {%- if list is not iterable or list is string %} 10 | {{ indent ~ name ~ postfix ~ list }} 11 | {%- else %}{% for item in list %} 12 | {%- if item is not iterable or item is string %} 13 | {{ indent ~ name ~ postfix ~ item }} 14 | {%- else %}{% for key, value in item.items() %} 15 | {{- render_list_of_dictionaries(indent ~ name ~ infix ~ key, value, '', infix, postfix) }} 16 | {%- endfor %} 17 | {%- endif %} 18 | {%- endfor %} 19 | {%- endif %} 20 | {%- endmacro %} 21 | 22 | #------------------ 23 | # Global settings 24 | #------------------ 25 | global 26 | {%- if salt['pillar.get']('haproxy:global:log', []) != [] %} 27 | {%- for log in salt['pillar.get']('haproxy:global:log') %} 28 | log {{ log }} 29 | {%- endfor %} 30 | {%- else %} 31 | log /dev/log local0 32 | log /dev/log local1 notice 33 | {%- endif %} 34 | {%- if salt['pillar.get']('haproxy:global:log-tag') %} 35 | log-tag {{ salt['pillar.get']('haproxy:global:log-tag', 'haproxy') }} 36 | {%- endif %} 37 | {%- if salt['pillar.get']('haproxy:global:log-send-hostname') %} 38 | log-send-hostname {{ salt['pillar.get']('haproxy:global:log-send-hostname') }} 39 | {%- endif %} 40 | user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }} 41 | group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} 42 | {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} 43 | chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} 44 | {%- endif %} 45 | {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} 46 | daemon 47 | {%- endif %} 48 | {%- for socket, socket_config in salt['pillar.get']('haproxy:global:stats', {}).items() %} 49 | stats socket {{ socket }} mode {{ socket_config.get('mode', '0600') }} level {{ socket_config.get('level', 'user') }} user {{ socket_config.get('user', 'haproxy') }} group {{ socket_config.get('group', 'haproxy') }} 50 | {%- endfor %} 51 | {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} 52 | maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} 53 | {%- endif %} 54 | {%- if 'maxpipes' in salt['pillar.get']('haproxy:global', {}) %} 55 | maxpipes {{ salt['pillar.get']('haproxy:global:maxpipes') }} 56 | {%- endif %} 57 | {%- if 'spreadchecks' in salt['pillar.get']('haproxy:global', {}) %} 58 | spread-checks {{ salt['pillar.get']('haproxy:global:spreadchecks') }} 59 | {%- endif %} 60 | {%- if 'tune' in salt['pillar.get']('haproxy:global', {}) %} 61 | {{- render_list_of_dictionaries('tune', salt['pillar.get']('haproxy:global:tune'), ' ','.') }} 62 | {%- endif %} 63 | {%- if 'tune.ssl.default-dh-param' in salt['pillar.get']('haproxy:global', {}) %} 64 | {{- render_list_of_dictionaries('tune.ssl.default-dh-param', salt['pillar.get']('haproxy:global:tune.ssl.default-dh-param'), ' ','.') }} 65 | {%- endif %} 66 | {%- if 'ca-base' in salt['pillar.get']('haproxy:global', {}) %} 67 | {{- render_list_of_dictionaries('ca-base', salt['pillar.get']('haproxy:global:ca-base'), ' ','.') }} 68 | {%- endif %} 69 | {%- if 'crt-base' in salt['pillar.get']('haproxy:global', {}) %} 70 | {{- render_list_of_dictionaries('crt-base', salt['pillar.get']('haproxy:global:crt-base'), ' ','.') }} 71 | {%- endif %} 72 | {%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} 73 | {{- render_list_of_dictionaries('ssl-default-bind-ciphers', salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers')) }} 74 | {%- endif %} 75 | {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} 76 | {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }} 77 | {%- endif %} 78 | {%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %} 79 | {%- if salt['pillar.get']('haproxy:global:extra', {}) is string %} 80 | {{ salt['pillar.get']('haproxy:global:extra') }} 81 | {%- else %} 82 | {%- for line in salt['pillar.get']('haproxy:global:extra') %} 83 | {{ line }} 84 | {%- endfor %} 85 | {%- endif %} 86 | {%- endif %} 87 | 88 | {%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %} 89 | #------------------ 90 | # Global Userlists 91 | #------------------ 92 | userlist {{ id }} 93 | {%- for id, entry in userlist|dictsort %} 94 | {%- if id == "groups" %} 95 | {%- for group_name, group in entry|dictsort %} 96 | group {{ group_name }} {{ group }} 97 | {%- endfor %} 98 | {% endif %} 99 | {%- if id == "users" %} 100 | {%- for user_name, user in entry|dictsort %} 101 | user {{ user_name }} {{ user }} 102 | {%- endfor %} 103 | {% endif %} 104 | {%- endfor %} 105 | {% endfor %} 106 | 107 | #------------------ 108 | # common defaults that all the 'listen' and 'backend' sections will 109 | # use- if not designated in their block 110 | #------------------ 111 | defaults 112 | log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }} 113 | {%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %} 114 | mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} 115 | {%- endif %} 116 | {%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %} 117 | retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} 118 | {%- endif %} 119 | {%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %} 120 | balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} 121 | {%- endif %} 122 | {%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %} 123 | monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }} 124 | {%- endif %} 125 | {%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %} 126 | hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }} 127 | {%- endif %} 128 | {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%} 129 | {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }} 130 | {%- endif %} 131 | {%- if 'logformat' in salt['pillar.get']('haproxy:defaults', {}) %} 132 | log-format {{ salt['pillar.get']('haproxy:defaults:logformat') }} 133 | {%- endif %} 134 | {%- if 'maxconn' in salt['pillar.get']('haproxy:defaults', {}) %} 135 | maxconn {{ salt['pillar.get']('haproxy:defaults:maxconn') }} 136 | {%- endif %} 137 | {%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %} 138 | {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} 139 | timeout {{ timeout }} 140 | {%- endfor %} 141 | {%- else %} 142 | timeout client 1m 143 | timeout connect 10s 144 | timeout server 1m 145 | {%- endif %} 146 | {%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%} 147 | {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }} 148 | {%- endif %} 149 | {%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %} 150 | {%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %} 151 | {{ salt['pillar.get']('haproxy:defaults:extra') }} 152 | {%- else %} 153 | {%- for line in salt['pillar.get']('haproxy:defaults:extra') %} 154 | {{ line }} 155 | {%- endfor %} 156 | {%- endif %} 157 | {%- endif %} 158 | {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} 159 | {%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %} 160 | errorfile {{ errorfile_name }} {{ errorfile }} 161 | {%- endfor %} 162 | {% endif %} 163 | {%- if salt['pillar.get']('haproxy:resolvers') %} 164 | 165 | 166 | #------------------ 167 | # DNS resolvers 168 | #------------------ 169 | {%- for resolver_name, resolver in salt['pillar.get']('haproxy:resolvers', {})|dictsort %} 170 | resolvers {{ resolver_name }} 171 | {%- if 'options' in resolver %} 172 | {%- for option in resolver.options %} 173 | {{ option }} 174 | {%- endfor %} 175 | {%- endif %} 176 | {%- endfor %} 177 | {%- endif %} 178 | {%- if 'listens' in salt['pillar.get']('haproxy', {}) %} 179 | 180 | #------------------ 181 | # listen instances 182 | #------------------ 183 | {%- for listener_name, listener in salt['pillar.get']('haproxy:listens', {})|dictsort %} 184 | listen {{ listener.get('name', listener_name) }} 185 | {%- if 'bind' in listener %} 186 | {%- if listener.bind is string %} 187 | bind {{ listener.bind }} 188 | {%- else %} 189 | {%- for socket in listener.bind %} 190 | bind {{ socket }} 191 | {%- endfor %} 192 | {%- endif %} 193 | {%- endif %} 194 | {%- if 'log' in listener %} 195 | log {{ listener.log }} 196 | {%- endif %} 197 | {%- if 'mode' in listener %} 198 | mode {{ listener.mode }} 199 | {%- endif %} 200 | {%- if 'hashtype' in listener %} 201 | hash-type {{ listener.hashtype }} 202 | {%- endif %} 203 | {%- if 'logformat' in listener %} 204 | log-format {{ listener.logformat }} 205 | {%- endif %} 206 | {%- if 'uniqueidformat' in listener %} 207 | unique-id-format {{ listener.uniqueidformat }} 208 | {%- endif %} 209 | {%- if 'uniqueidheader' in listener %} 210 | unique-id-header {{ listener.uniqueidheader }} 211 | {%- endif %} 212 | {%- if 'sticktable' in listener %} 213 | stick-table {{ listener.sticktable }} 214 | {%- endif %} 215 | {%- if 'captures' in listener %} 216 | {%- if listener.captures is string %} 217 | capture {{ listener.captures }} 218 | {%- else %} 219 | {%- for capture in listener.captures %} 220 | capture {{ capture }} 221 | {%- endfor %} 222 | {%- endif %} 223 | {%- endif %} 224 | {%- if 'acls' in listener %} 225 | {%- if listener.acls is string %} 226 | acl {{ listener.acls }} 227 | {%- else %} 228 | {%- for acl in listener.acls %} 229 | acl {{ acl }} 230 | {%- endfor %} 231 | {%- endif %} 232 | {%- endif %} 233 | {%- if 'monitoruri' in listener %} 234 | monitor-uri {{ listener.monitoruri }} 235 | {%- endif %} 236 | {%- if 'monitor' in listener %} 237 | monitor {{ listener.monitor }} 238 | {%- endif %} 239 | {%- if 'tcprequests' in listener %} 240 | {%- if listener.tcprequests is string %} 241 | tcp-request {{ listener.tcprequests }} 242 | {%- else %} 243 | {%- for tcprequest in listener.tcprequests %} 244 | tcp-request {{ tcprequest }} 245 | {%- endfor %} 246 | {%- endif %} 247 | {%- endif %} 248 | {%- if 'tcpresponses' in listener %} 249 | {%- if listener.tcpresponses is string %} 250 | tcp-response {{ listener.tcpresponses }} 251 | {%- else %} 252 | {%- for tcpresponse in listener.tcpresponses %} 253 | tcp-response {{ tcpresponse }} 254 | {%- endfor %} 255 | {%- endif %} 256 | {%- endif %} 257 | {%- if 'httprequests' in listener %} 258 | {%- if listener.httprequests is string %} 259 | http-request {{ listener.httprequests }} 260 | {%- else %} 261 | {%- for httprequest in listener.httprequests %} 262 | http-request {{ httprequest }} 263 | {%- endfor %} 264 | {%- endif %} 265 | {%- endif %} 266 | {%- if 'httpchecks' in listener %} 267 | {%- if listener.httpchecks is string %} 268 | http-check {{ listener.httpchecks }} 269 | {%- else %} 270 | {%- for httpcheck in listener.httpchecks %} 271 | http-check {{ httpcheck }} 272 | {%- endfor %} 273 | {%- endif %} 274 | {%- elif 'httpcheck' in listener %}{# deprecated: but for compatibility #} 275 | {%- if listener.httpcheck is string %} 276 | http-check {{ listener.httpcheck }} 277 | {%- endif %} 278 | {%- endif %} 279 | {%- if 'tcpchecks' in listener %} 280 | {%- if listener.tcpchecks is string %} 281 | tcp-check {{ listener.tcpchecks }} 282 | {%- else %} 283 | {%- for tcpcheck in listener.tcpchecks %} 284 | tcp-check {{ tcpcheck }} 285 | {%- endfor %} 286 | {%- endif %} 287 | {%- endif %} 288 | {%- if 'reqadds' in listener %} 289 | {%- if listener.reqadds is string %} 290 | http-request add-header {{ listener.reqadds }} 291 | {%- else %} 292 | {%- for reqadd in listener.reqadds %} 293 | http-request add-header {{ reqadd }} 294 | {%- endfor %} 295 | {%- endif %} 296 | {%- endif %} 297 | {%- if 'redirects' in listener %} 298 | {%- if listener.redirects is string %} 299 | redirect {{ listener.redirects }} 300 | {%- else %} 301 | {%- for redirect in listener.redirects %} 302 | redirect {{ redirect }} 303 | {%- endfor %} 304 | {%- endif %} 305 | {%- endif %} 306 | {%- if 'stickons' in listener %} 307 | {%- if listener.stickons is string %} 308 | stick on {{ listener.stickons }} 309 | {%- else %} 310 | {%- for stickon in listener.stickons %} 311 | stick on {{ stickon }} 312 | {%- endfor %} 313 | {%- endif %} 314 | {%- endif %} 315 | {%- if 'default_backend' in listener %} 316 | default_backend {{ listener.default_backend }} 317 | {%- endif %} 318 | {%- if 'use_backends' in listener %} 319 | {%- if listener.use_backends is string %} 320 | use_backend {{ listener.use_backends }} 321 | {%- else %} 322 | {%- for use_backend in listener.use_backends %} 323 | use_backend {{ use_backend }} 324 | {%- endfor %} 325 | {%- endif %} 326 | {%- endif %} 327 | {%- if 'balance' in listener %} 328 | balance {{ listener.balance }} 329 | {%- endif %} 330 | {%- if 'maxconn' in listener %} 331 | maxconn {{ listener.maxconn }} 332 | {%- endif %} 333 | {%- if 'timeouts' in listener %} 334 | {%- for timeout in listener.timeouts %} 335 | timeout {{ timeout }} 336 | {%- endfor %} 337 | {%- endif %} 338 | {%- if 'options' in listener %} 339 | {%- if listener.options is string %} 340 | option {{ listener.options }} 341 | {%- else %} 342 | {%- for option in listener.options %} 343 | option {{ option }} 344 | {%- endfor %} 345 | {%- endif %} 346 | {%- endif %} 347 | {%- if 'cookie' in listener %} 348 | cookie {{ listener.cookie }} 349 | {%- endif %} 350 | {%- if 'stats' in listener %} 351 | {%- for option, value in listener.stats|dictsort %} 352 | {%- if option == 'enable' and value %} 353 | stats enable 354 | {%- else %} 355 | stats {{ option }} {{ value }} 356 | {%- endif %} 357 | {%- endfor %} 358 | {%- endif %} 359 | {%- if 'appsession' in listener %} 360 | {%- if listener.appsession is string %} 361 | appsession {{ listener.appsession }} 362 | {%- else %} 363 | appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %} 364 | {%- endif %} 365 | {%- endif %} 366 | {%- if 'extra' in listener %} 367 | {%- if listener.extra is string %} 368 | {{ listener.extra }} 369 | {%- else %} 370 | {%- for line in listener.extra %} 371 | {{ line }} {%- endfor %} 372 | {%- endif %} 373 | {%- endif %} 374 | {%- if 'defaultserver' in listener %} 375 | default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} 376 | {%- endif %} 377 | {%- if 'servers' in listener %} 378 | {%- for server_name, server in listener.servers|dictsort %} 379 | {%- set name = server.get('name', server_name) %} 380 | server {{ name }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }} 381 | {%- endfor %} 382 | {%- endif %} 383 | {% endfor %} 384 | {% endif %} 385 | {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} 386 | 387 | #------------------ 388 | # frontend instances 389 | #------------------ 390 | {%- for frontend_name, frontend in salt['pillar.get']('haproxy:frontends', {})|dictsort %} 391 | frontend {{ frontend.get('name', frontend_name) }} 392 | {%- if 'bind' in frontend %} 393 | {{- render_list_of_dictionaries('bind', frontend.bind) }} 394 | {%- endif %} 395 | {%- if 'log' in frontend %} 396 | log {{ frontend.log }} 397 | {%- endif %} 398 | {%- if 'logformat' in frontend %} 399 | log-format {{ frontend.logformat }} 400 | {%- endif %} 401 | {%- if 'mode' in frontend %} 402 | mode {{ frontend.mode }} 403 | {%- endif %} 404 | {%- if 'maxconn' in frontend %} 405 | maxconn {{ frontend.maxconn }} 406 | {%- endif %} 407 | {%- if 'timeouts' in frontend %} 408 | {%- for timeout in frontend.timeouts %} 409 | timeout {{ timeout }} 410 | {%- endfor %} 411 | {%- endif %} 412 | {%- if 'options' in frontend %} 413 | {{- render_list_of_dictionaries('option', frontend.options) }} 414 | {%- endif %} 415 | {%- if 'uniqueidformat' in frontend %} 416 | unique-id-format {{ frontend.uniqueidformat }} 417 | {%- endif %} 418 | {%- if 'uniqueidheader' in frontend %} 419 | unique-id-header {{ frontend.uniqueidheader }} 420 | {%- endif %} 421 | {%- if 'sticktable' in frontend %} 422 | stick-table {{ frontend.sticktable }} 423 | {%- endif %} 424 | {%- if 'captures' in frontend %} 425 | {{- render_list_of_dictionaries('capture', frontend.captures) }} 426 | {%- endif %} 427 | {%- if 'acls' in frontend %} 428 | {{- render_list_of_dictionaries('acl', frontend.acls) }} 429 | {%- endif %} 430 | {%- if 'blocks' in frontend %} 431 | {{- render_list_of_dictionaries('block', frontend.blocks) }} 432 | {%- endif %} 433 | {%- if 'monitoruri' in frontend %} 434 | monitor-uri {{ frontend.monitoruri }} 435 | {%- endif %} 436 | {%- if 'monitor' in frontend %} 437 | monitor {{ frontend.monitor }} 438 | {%- endif %} 439 | {%- if 'tcprequests' in frontend %} 440 | {{- render_list_of_dictionaries('tcp-request', frontend.tcprequests) }} 441 | {%- endif %} 442 | {%- if 'tcpresponses' in frontend %} 443 | {{- render_list_of_dictionaries('tcp-response', frontend.tcpresponses) }} 444 | {%- endif %} 445 | {%- if 'httprequests' in frontend %} 446 | {{- render_list_of_dictionaries('http-request', frontend.httprequests) }} 447 | {%- endif %} 448 | {%- if 'httpresponses' in frontend %} 449 | {{- render_list_of_dictionaries('http-response', frontend.httpresponses) }} 450 | {%- endif %} 451 | {%- if 'rspadds' in frontend %} 452 | {{- render_list_of_dictionaries('rspadd', frontend.rspadds) }} 453 | {%- endif %} 454 | {%- if 'reqreps' in frontend %} 455 | {{- render_list_of_dictionaries('reqrep', frontend.reqreps) }} 456 | {%- endif %} 457 | {%- if 'reqadds' in frontend %} 458 | {{- render_list_of_dictionaries('http-request add-header', frontend.reqadds) }} 459 | {%- endif %} 460 | {%- if 'redirects' in frontend %} 461 | {{- render_list_of_dictionaries('redirect', frontend.redirects) }} 462 | {%- endif %} 463 | {%- if 'stickons' in frontend %} 464 | {{- render_list_of_dictionaries('stickon', frontend.stickons) }} 465 | {%- endif %} 466 | {%- if 'extra' in frontend %} 467 | {%- if frontend.extra is string %} 468 | {{ frontend.extra }} 469 | {%- else %} 470 | {%- for line in frontend.extra %} 471 | {{ line }} 472 | {%- endfor %} 473 | {%- endif %} 474 | {%- endif %} 475 | {%- if 'default_backend' in frontend %} 476 | default_backend {{ frontend.default_backend }} 477 | {%- endif %} 478 | {%- if 'use_backends' in frontend %} 479 | {{- render_list_of_dictionaries('use_backend', frontend.use_backends) }} 480 | {%- endif %} 481 | {% endfor %} 482 | {% endif %} 483 | {%- if 'backends' in salt['pillar.get']('haproxy', {}) %} 484 | 485 | #------------------ 486 | # backend instances 487 | #------------------ 488 | {%- for backend_name, backend in salt['pillar.get']('haproxy:backends', {})|dictsort %} 489 | backend {{ backend.get('name', backend_name) }} 490 | {%- if 'mode' in backend %} 491 | mode {{ backend.mode }} 492 | {%- endif %} 493 | {%- if 'hashtype' in backend %} 494 | hash-type {{ backend.hashtype }} 495 | {%- endif %} 496 | {%- if 'balance' in backend %} 497 | balance {{ backend.balance }} 498 | {%- endif %} 499 | {%- if 'timeouts' in backend %} 500 | {%- for timeout in backend.timeouts %} 501 | timeout {{ timeout }} 502 | {%- endfor %} 503 | {%- endif %} 504 | {%- if 'options' in backend %} 505 | {%- if backend.options is string %} 506 | option {{ backend.options }} 507 | {%- else %} 508 | {%- for option in backend.options %} 509 | option {{ option }} 510 | {%- endfor %} 511 | {%- endif %} 512 | {%- endif %} 513 | {%- if 'sticktable' in backend %} 514 | stick-table {{ backend.sticktable }} 515 | {%- endif %} 516 | {%- if 'acls' in backend %} 517 | {{- render_list_of_dictionaries('acl', backend.acls) }} 518 | {%- endif %} 519 | {%- if 'tcprequests' in backend %} 520 | {%- if backend.tcprequests is string %} 521 | tcp-request {{ backend.tcprequests }} 522 | {%- else %} 523 | {%- for tcprequest in backend.tcprequests %} 524 | tcp-request {{ tcprequest }} 525 | {%- endfor %} 526 | {%- endif %} 527 | {%- endif %} 528 | {%- if 'tcpresponses' in backend %} 529 | {%- if backend.tcpresponses is string %} 530 | tcp-response {{ backend.tcpresponses }} 531 | {%- else %} 532 | {%- for tcpresponse in backend.tcpresponses %} 533 | tcp-response {{ tcpresponse }} 534 | {%- endfor %} 535 | {%- endif %} 536 | {%- endif %} 537 | {%- if 'tcpchecks' in backend %} 538 | {%- if backend.tcpchecks is string %} 539 | tcp-check {{ backend.tcpchecks }} 540 | {%- else %} 541 | {%- for tcpcheck in backend.tcpchecks %} 542 | tcp-check {{ tcpcheck }} 543 | {%- endfor %} 544 | {%- endif %} 545 | {%- endif %} 546 | {%- if 'httprequests' in backend %} 547 | {%- if backend.httprequests is string %} 548 | http-request {{ backend.httprequests }} 549 | {%- else %} 550 | {%- for httprequest in backend.httprequests %} 551 | http-request {{ httprequest }} 552 | {%- endfor %} 553 | {%- endif %} 554 | {%- endif %} 555 | {%- if 'httpchecks' in backend %} 556 | {%- if backend.httpchecks is string %} 557 | http-check {{ backend.httpchecks }} 558 | {%- else %} 559 | {%- for httpcheck in backend.httpchecks %} 560 | http-check {{ httpcheck }} 561 | {%- endfor %} 562 | {%- endif %} 563 | {%- elif 'httpcheck' in backend %}{# deprecated: but for compatibility #} 564 | {%- if backend.httpcheck is string %} 565 | http-check {{ backend.httpcheck }} 566 | {%- endif %} 567 | {%- endif %} 568 | {%- if 'redirects' in backend %} 569 | {%- if backend.redirects is string %} 570 | redirect {{ backend.redirects }} 571 | {%- else %} 572 | {%- for redirect in backend.redirects %} 573 | redirect {{ redirect }} 574 | {%- endfor %} 575 | {%- endif %} 576 | {%- endif %} 577 | {%- if 'stickons' in backend %} 578 | {%- if backend.stickons is string %} 579 | stick on {{ backend.stickons }} 580 | {%- else %} 581 | {%- for stickon in backend.stickons %} 582 | stick on {{ stickon }} 583 | {%- endfor %} 584 | {%- endif %} 585 | {%- endif %} 586 | {%- if 'cookie' in backend %} 587 | cookie {{ backend.cookie }} 588 | {%- endif %} 589 | {%- if 'stats' in backend %} 590 | {%- for option, value in backend.stats|dictsort %} 591 | {%- if option == 'enable' and value %} 592 | stats enable 593 | {%- else %} 594 | stats {{ option }} {{ value }} 595 | {%- endif %} 596 | {%- endfor %} 597 | {%- endif %} 598 | {%- if 'appsession' in backend %} 599 | {%- if backend.appsession is string %} 600 | appsession {{ backend.appsession }} 601 | {%- else %} 602 | appsession {%- for option in backend.appsession %} {{ option }} {%- endfor %} 603 | {%- endif %} 604 | {%- endif %} 605 | {%- if 'reqreps' in backend %} 606 | {{- render_list_of_dictionaries('reqrep', backend.reqreps) }} 607 | {%- endif %} 608 | {%- if 'extra' in backend %} 609 | {%- if backend.extra is string %} 610 | {{ backend.extra }} 611 | {%- else %} 612 | {%- for line in backend.extra %} 613 | {{ line }} 614 | {%- endfor %} 615 | {%- endif %} 616 | {%- endif %} 617 | {%- if 'defaultserver' in backend %} 618 | default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} 619 | {%- endif %} 620 | {%- if 'servers' in backend %} 621 | {%- for server_name, server in backend.servers|dictsort %} 622 | server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }} 623 | {%- endfor %} 624 | {%- endif %} 625 | {% endfor %} 626 | {%- endif %} 627 | -------------------------------------------------------------------------------- /kitchen.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # For help on this file's format, see https://kitchen.ci/ 5 | driver: 6 | name: docker 7 | use_sudo: false 8 | privileged: true 9 | run_command: /usr/lib/systemd/systemd 10 | 11 | provisioner: 12 | name: salt_solo 13 | log_level: debug 14 | salt_install: none 15 | require_chef: false 16 | formula: haproxy 17 | salt_copy_filter: 18 | - .kitchen 19 | - .git 20 | 21 | platforms: 22 | ## SALT `tiamat` 23 | - name: debian-11-tiamat-py3 24 | driver: 25 | image: saltimages/salt-tiamat-py3:debian-11 26 | run_command: /lib/systemd/systemd 27 | - name: debian-10-tiamat-py3 28 | driver: 29 | image: saltimages/salt-tiamat-py3:debian-10 30 | run_command: /lib/systemd/systemd 31 | - name: debian-9-tiamat-py3 32 | driver: 33 | image: saltimages/salt-tiamat-py3:debian-9 34 | run_command: /lib/systemd/systemd 35 | - name: ubuntu-2204-tiamat-py3 36 | driver: 37 | image: saltimages/salt-tiamat-py3:ubuntu-22.04 38 | run_command: /lib/systemd/systemd 39 | - name: ubuntu-2004-tiamat-py3 40 | driver: 41 | image: saltimages/salt-tiamat-py3:ubuntu-20.04 42 | run_command: /lib/systemd/systemd 43 | - name: ubuntu-1804-tiamat-py3 44 | driver: 45 | image: saltimages/salt-tiamat-py3:ubuntu-18.04 46 | run_command: /lib/systemd/systemd 47 | - name: centos-stream8-tiamat-py3 48 | driver: 49 | image: saltimages/salt-tiamat-py3:centos-stream8 50 | - name: centos-7-tiamat-py3 51 | driver: 52 | image: saltimages/salt-tiamat-py3:centos-7 53 | - name: amazonlinux-2-tiamat-py3 54 | driver: 55 | image: saltimages/salt-tiamat-py3:amazonlinux-2 56 | - name: oraclelinux-8-tiamat-py3 57 | driver: 58 | image: saltimages/salt-tiamat-py3:oraclelinux-8 59 | - name: oraclelinux-7-tiamat-py3 60 | driver: 61 | image: saltimages/salt-tiamat-py3:oraclelinux-7 62 | - name: almalinux-8-tiamat-py3 63 | driver: 64 | image: saltimages/salt-tiamat-py3:almalinux-8 65 | - name: rockylinux-8-tiamat-py3 66 | driver: 67 | image: saltimages/salt-tiamat-py3:rockylinux-8 68 | 69 | ## SALT `master` 70 | - name: debian-11-master-py3 71 | driver: 72 | image: saltimages/salt-master-py3:debian-11 73 | run_command: /lib/systemd/systemd 74 | - name: debian-10-master-py3 75 | driver: 76 | image: saltimages/salt-master-py3:debian-10 77 | run_command: /lib/systemd/systemd 78 | - name: debian-9-master-py3 79 | driver: 80 | image: saltimages/salt-master-py3:debian-9 81 | run_command: /lib/systemd/systemd 82 | - name: ubuntu-2204-master-py3 83 | driver: 84 | image: saltimages/salt-master-py3:ubuntu-22.04 85 | run_command: /lib/systemd/systemd 86 | - name: ubuntu-2004-master-py3 87 | driver: 88 | image: saltimages/salt-master-py3:ubuntu-20.04 89 | run_command: /lib/systemd/systemd 90 | - name: ubuntu-1804-master-py3 91 | driver: 92 | image: saltimages/salt-master-py3:ubuntu-18.04 93 | run_command: /lib/systemd/systemd 94 | - name: centos-stream8-master-py3 95 | driver: 96 | image: saltimages/salt-master-py3:centos-stream8 97 | - name: centos-7-master-py3 98 | driver: 99 | image: saltimages/salt-master-py3:centos-7 100 | - name: fedora-36-master-py3 101 | driver: 102 | image: saltimages/salt-master-py3:fedora-36 103 | - name: fedora-35-master-py3 104 | driver: 105 | image: saltimages/salt-master-py3:fedora-35 106 | - name: opensuse-leap-153-master-py3 107 | driver: 108 | image: saltimages/salt-master-py3:opensuse-leap-15.3 109 | # Workaround to avoid intermittent failures on `opensuse-leap-15.3`: 110 | # => SCP did not finish successfully (255): (Net::SCP::Error) 111 | transport: 112 | max_ssh_sessions: 1 113 | - name: opensuse-tmbl-latest-master-py3 114 | driver: 115 | image: saltimages/salt-master-py3:opensuse-tumbleweed-latest 116 | # Workaround to avoid intermittent failures on `opensuse-tumbleweed`: 117 | # => SCP did not finish successfully (255): (Net::SCP::Error) 118 | transport: 119 | max_ssh_sessions: 1 120 | - name: amazonlinux-2-master-py3 121 | driver: 122 | image: saltimages/salt-master-py3:amazonlinux-2 123 | - name: oraclelinux-8-master-py3 124 | driver: 125 | image: saltimages/salt-master-py3:oraclelinux-8 126 | - name: oraclelinux-7-master-py3 127 | driver: 128 | image: saltimages/salt-master-py3:oraclelinux-7 129 | - name: arch-base-latest-master-py3 130 | driver: 131 | image: saltimages/salt-master-py3:arch-base-latest 132 | - name: gentoo-stage3-latest-master-py3 133 | driver: 134 | image: saltimages/salt-master-py3:gentoo-stage3-latest 135 | run_command: /sbin/init 136 | - name: gentoo-stage3-systemd-master-py3 137 | driver: 138 | image: saltimages/salt-master-py3:gentoo-stage3-systemd 139 | - name: almalinux-8-master-py3 140 | driver: 141 | image: saltimages/salt-master-py3:almalinux-8 142 | - name: rockylinux-8-master-py3 143 | driver: 144 | image: saltimages/salt-master-py3:rockylinux-8 145 | 146 | ## SALT `3004.1` 147 | - name: debian-11-3004-1-py3 148 | driver: 149 | image: saltimages/salt-3004.1-py3:debian-11 150 | run_command: /lib/systemd/systemd 151 | - name: debian-10-3004-1-py3 152 | driver: 153 | image: saltimages/salt-3004.1-py3:debian-10 154 | run_command: /lib/systemd/systemd 155 | - name: debian-9-3004-1-py3 156 | driver: 157 | image: saltimages/salt-3004.1-py3:debian-9 158 | run_command: /lib/systemd/systemd 159 | - name: ubuntu-2204-3004-1-py3 160 | driver: 161 | image: saltimages/salt-3004.1-py3:ubuntu-22.04 162 | run_command: /lib/systemd/systemd 163 | - name: ubuntu-2004-3004-1-py3 164 | driver: 165 | image: saltimages/salt-3004.1-py3:ubuntu-20.04 166 | run_command: /lib/systemd/systemd 167 | - name: ubuntu-1804-3004-1-py3 168 | driver: 169 | image: saltimages/salt-3004.1-py3:ubuntu-18.04 170 | run_command: /lib/systemd/systemd 171 | - name: centos-stream8-3004-1-py3 172 | driver: 173 | image: saltimages/salt-3004.1-py3:centos-stream8 174 | - name: centos-7-3004-1-py3 175 | driver: 176 | image: saltimages/salt-3004.1-py3:centos-7 177 | - name: fedora-36-3004-1-py3 178 | driver: 179 | image: saltimages/salt-3004.1-py3:fedora-36 180 | - name: fedora-35-3004-1-py3 181 | driver: 182 | image: saltimages/salt-3004.1-py3:fedora-35 183 | - name: amazonlinux-2-3004-1-py3 184 | driver: 185 | image: saltimages/salt-3004.1-py3:amazonlinux-2 186 | - name: oraclelinux-8-3004-1-py3 187 | driver: 188 | image: saltimages/salt-3004.1-py3:oraclelinux-8 189 | - name: oraclelinux-7-3004-1-py3 190 | driver: 191 | image: saltimages/salt-3004.1-py3:oraclelinux-7 192 | - name: arch-base-latest-3004-1-py3 193 | driver: 194 | image: saltimages/salt-3004.1-py3:arch-base-latest 195 | - name: gentoo-stage3-latest-3004-1-py3 196 | driver: 197 | image: saltimages/salt-3004.1-py3:gentoo-stage3-latest 198 | run_command: /sbin/init 199 | - name: gentoo-stage3-systemd-3004-1-py3 200 | driver: 201 | image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd 202 | - name: almalinux-8-3004-1-py3 203 | driver: 204 | image: saltimages/salt-3004.1-py3:almalinux-8 205 | - name: rockylinux-8-3004-1-py3 206 | driver: 207 | image: saltimages/salt-3004.1-py3:rockylinux-8 208 | 209 | ## SALT `3004.0` 210 | - name: opensuse-leap-153-3004-0-py3 211 | driver: 212 | image: saltimages/salt-3004.0-py3:opensuse-leap-15.3 213 | # Workaround to avoid intermittent failures on `opensuse-leap-15.3`: 214 | # => SCP did not finish successfully (255): (Net::SCP::Error) 215 | transport: 216 | max_ssh_sessions: 1 217 | - name: opensuse-tmbl-latest-3004-0-py3 218 | driver: 219 | image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest 220 | # Workaround to avoid intermittent failures on `opensuse-tumbleweed`: 221 | # => SCP did not finish successfully (255): (Net::SCP::Error) 222 | transport: 223 | max_ssh_sessions: 1 224 | 225 | ## SALT `3003.4` 226 | - name: debian-10-3003-4-py3 227 | driver: 228 | image: saltimages/salt-3003.4-py3:debian-10 229 | run_command: /lib/systemd/systemd 230 | - name: debian-9-3003-4-py3 231 | driver: 232 | image: saltimages/salt-3003.4-py3:debian-9 233 | run_command: /lib/systemd/systemd 234 | - name: ubuntu-2004-3003-4-py3 235 | driver: 236 | image: saltimages/salt-3003.4-py3:ubuntu-20.04 237 | run_command: /lib/systemd/systemd 238 | - name: ubuntu-1804-3003-4-py3 239 | driver: 240 | image: saltimages/salt-3003.4-py3:ubuntu-18.04 241 | run_command: /lib/systemd/systemd 242 | - name: centos-stream8-3003-4-py3 243 | driver: 244 | image: saltimages/salt-3003.4-py3:centos-stream8 245 | - name: centos-7-3003-4-py3 246 | driver: 247 | image: saltimages/salt-3003.4-py3:centos-7 248 | - name: amazonlinux-2-3003-4-py3 249 | driver: 250 | image: saltimages/salt-3003.4-py3:amazonlinux-2 251 | - name: oraclelinux-8-3003-4-py3 252 | driver: 253 | image: saltimages/salt-3003.4-py3:oraclelinux-8 254 | - name: oraclelinux-7-3003-4-py3 255 | driver: 256 | image: saltimages/salt-3003.4-py3:oraclelinux-7 257 | - name: almalinux-8-3003-4-py3 258 | driver: 259 | image: saltimages/salt-3003.4-py3:almalinux-8 260 | 261 | verifier: 262 | # https://www.inspec.io/ 263 | name: inspec 264 | sudo: true 265 | reporter: 266 | # cli, documentation, html, progress, json, json-min, json-rspec, junit 267 | - cli 268 | 269 | suites: 270 | - name: default 271 | provisioner: 272 | dependencies: 273 | - name: hosts 274 | path: ./test/salt/salt 275 | state_top: 276 | base: 277 | '*': 278 | - haproxy._mapdata 279 | - hosts 280 | - haproxy 281 | pillars: 282 | top.sls: 283 | base: 284 | '*': 285 | - hosts 286 | - haproxy 287 | pillars_from_files: 288 | hosts.sls: test/salt/pillar/hosts.sls 289 | haproxy.sls: test/salt/pillar/default.sls 290 | verifier: 291 | inspec_tests: 292 | - path: test/integration/default 293 | -------------------------------------------------------------------------------- /pillar.example: -------------------------------------------------------------------------------- 1 | # 2 | # Example pillar configuration 3 | # 4 | --- 5 | 6 | haproxy: 7 | # use lookup section to override 'map.jinja' values 8 | # lookup: 9 | # user: 'custom-user' 10 | # group: 'custom-group' 11 | # new setting to override configuration file path 12 | # config_file: /etc/haproxy/haproxy.cfg 13 | enabled: true 14 | # Overwrite an existing config file if present 15 | # (default behaviour unless set to false) 16 | overwrite: true 17 | # old setting to override configuration file path, kept for compatibility 18 | # config_file_path: /etc/haproxy/haproxy.cfg 19 | global: 20 | log: 21 | - 127.0.0.1 local2 22 | - 127.0.0.1 local1 notice 23 | # Option log-tag parameter, sets the tag field in the syslog header 24 | log-tag: haproxy 25 | # Optional log-send-hostname parameter, sets the hostname field in the syslog header 26 | log-send-hostname: localhost 27 | # stats sockets 28 | stats: 29 | /run/haproxy/stats-ro: 30 | # the defaults 31 | level: user 32 | mode: 600 33 | user: haproxy 34 | group: haproxy 35 | /run/haproxy/stats-rw: 36 | # custom example 37 | level: admin 38 | mode: 660 39 | group: sysadmins 40 | # yamllint disable-line rule:line-length 41 | ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" 42 | ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" 43 | 44 | user: haproxy 45 | group: haproxy 46 | chroot: 47 | enable: true 48 | path: /var/lib/haproxy 49 | 50 | daemon: true 51 | 52 | 53 | userlists: 54 | userlist1: 55 | users: 56 | john: insecure-password doe 57 | sam: insecure-password frodo 58 | 59 | defaults: 60 | log: global 61 | mode: http 62 | retries: 3 63 | options: 64 | - httplog 65 | - dontlognull 66 | - forwardfor 67 | - http-server-close 68 | # yamllint disable-line rule:line-length 69 | logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r" 70 | timeouts: 71 | - http-request 10s 72 | - queue 1m 73 | - connect 10s 74 | - client 1m 75 | - server 1m 76 | - http-keep-alive 10s 77 | - check 10s 78 | stats: 79 | - enable 80 | - uri: '/admin?stats' 81 | - realm: 'Haproxy\ Statistics' 82 | - auth: 'admin1:AdMiN123' 83 | 84 | errorfiles: 85 | 400: /etc/haproxy/errors/400.http 86 | 403: /etc/haproxy/errors/403.http 87 | 408: /etc/haproxy/errors/408.http 88 | 500: /etc/haproxy/errors/500.http 89 | 502: /etc/haproxy/errors/502.http 90 | 503: /etc/haproxy/errors/503.http 91 | 504: /etc/haproxy/errors/504.http 92 | 93 | resolvers: 94 | local_dns: 95 | options: 96 | - nameserver resolvconf 127.0.0.1:53 97 | - resolve_retries 3 98 | - timeout retry 1s 99 | - hold valid 10s 100 | 101 | 102 | listens: 103 | stats: 104 | bind: 105 | - "0.0.0.0:8998" 106 | mode: http 107 | options: 108 | - httpchk 109 | httpcheck: disable-on-404 110 | stats: 111 | enable: true 112 | uri: "/admin?stats" 113 | refresh: "20s" 114 | myservice: 115 | bind: 116 | - "*:8888" 117 | options: 118 | - forwardfor 119 | - http-server-close 120 | - httpchk 121 | defaultserver: 122 | slowstart: 60s 123 | maxconn: 256 124 | maxqueue: 128 125 | weight: 100 126 | httpchecks: 127 | - send-state 128 | - expect status 200 129 | servers: 130 | web1: 131 | host: web1.example.com 132 | port: 80 133 | check: check 134 | web2: 135 | host: web2.example.com 136 | port: 18888 137 | check: check 138 | web3: 139 | host: web3.example.com 140 | redis: 141 | bind: 142 | - '*:6379' 143 | balance: roundrobin 144 | defaultserver: 145 | fall: 3 146 | options: 147 | - tcp-check 148 | tcpchecks: 149 | - send PINGrn 150 | - expect string +PONG 151 | - send info replicationrn 152 | - expect string role:master 153 | - send QUITrn 154 | - expect string +OK 155 | servers: 156 | server1: 157 | host: server1 158 | port: 6379 159 | check: check 160 | extra: port 6379 inter 1s 161 | server2: 162 | host: server2 163 | port: 6379 164 | check: check 165 | extra: port 6379 inter 1s backup 166 | frontends: 167 | frontend1: 168 | name: www-http 169 | bind: "*:80" 170 | redirects: 171 | - scheme https if !{ ssl_fc } 172 | reqadds: 173 | - "X-Forwarded-Proto:\\ http" 174 | default_backend: www-backend 175 | 176 | # www-https: 177 | # bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem" 178 | # yamllint disable-line rule:line-length 179 | # logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r\\ ssl_version:%sslv\\ ssl_cipher:%sslc" 180 | # reqadds: 181 | # - "X-Forwarded-Proto:\\ https" 182 | # default_backend: www-backend 183 | # acls: 184 | # - url_static path_beg -i /static /images /javascript /stylesheets 185 | # - url_static path_end -i .jpg .gif .png .css .js 186 | # use_backends: 187 | # - static-backend if url_static 188 | # extra: "rspadd Strict-Transport-Security:\ max-age=15768000" 189 | # some-services: 190 | # bind: 191 | # - "*:8080" 192 | # - "*:8088" 193 | # default_backend: api-backend 194 | 195 | backends: 196 | backend1: 197 | name: www-backend 198 | balance: roundrobin 199 | redirects: 200 | - scheme https if !{ ssl_fc } 201 | extra: "reqidel ^X-Forwarded-For:" 202 | servers: 203 | server1: 204 | name: server1-its-name 205 | host: 192.168.1.213 206 | port: 80 207 | check: check 208 | static-backend: 209 | balance: roundrobin 210 | redirects: 211 | - scheme https if !{ ssl_fc } 212 | options: 213 | - http-server-close 214 | - httpclose 215 | - forwardfor except 127.0.0.0/8 216 | - httplog 217 | cookie: "pm insert indirect" 218 | stats: 219 | enable: true 220 | uri: /url/to/stats 221 | realm: LoadBalancer 222 | auth: "user:password" 223 | servers: 224 | some-server: 225 | host: 123.156.189.111 226 | port: 8080 227 | check: check 228 | another-server: 229 | host: 123.156.189.112 230 | api-backend: 231 | options: 232 | - http-server-close 233 | - forwardfor 234 | servers: 235 | apiserver1: 236 | host: apiserver1.example.com 237 | port: 80 238 | check: check 239 | server2: 240 | name: apiserver2 241 | host: apiserver2.example.com 242 | port: 80 243 | check: check 244 | extra: resolvers local_dns resolve-prefer ipv4 245 | another_www: 246 | mode: tcp 247 | balance: source 248 | sticktable: "type binary len 32 size 30k expire 30m" 249 | acls: 250 | - clienthello req_ssl_hello_type 1 251 | - serverhello rep_ssl_hello_type 2 252 | tcprequests: 253 | - "inspect-delay 5s" 254 | - "content accept if clienthello" 255 | tcpresponses: 256 | - "content accept if serverhello" 257 | stickons: 258 | - "payload_lv(43,1) if clienthello" 259 | reqreps: 260 | - '^([^\ :]*)\ /static/(.*) \1\ \2' 261 | options: "ssl-hello-chk" 262 | -------------------------------------------------------------------------------- /pre-commit_semantic-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ############################################################################### 4 | # (A) Update `FORMULA` with `${nextRelease.version}` 5 | ############################################################################### 6 | sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA 7 | 8 | 9 | ############################################################################### 10 | # (B) Use `m2r2` to convert automatically produced `.md` docs to `.rst` 11 | ############################################################################### 12 | 13 | # Install `m2r2` 14 | pip3 install m2r2 15 | 16 | # Copy and then convert the `.md` docs 17 | cp ./*.md docs/ 18 | cd docs/ || exit 19 | m2r2 --overwrite ./*.md 20 | 21 | # Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` 22 | sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst 23 | sed -i -e '1,4s/-/=/g' CHANGELOG.rst 24 | 25 | # Use for debugging output, when required 26 | # cat AUTHORS.rst 27 | # cat CHANGELOG.rst 28 | 29 | # Return back to the main directory 30 | cd .. 31 | -------------------------------------------------------------------------------- /release-rules.js: -------------------------------------------------------------------------------- 1 | // No release is triggered for the types commented out below. 2 | // Commits using these types will be incorporated into the next release. 3 | // 4 | // NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. 5 | module.exports = [ 6 | {breaking: true, release: 'major'}, 7 | // {type: 'build', release: 'patch'}, 8 | // {type: 'chore', release: 'patch'}, 9 | // {type: 'ci', release: 'patch'}, 10 | {type: 'docs', release: 'patch'}, 11 | {type: 'feat', release: 'minor'}, 12 | {type: 'fix', release: 'patch'}, 13 | {type: 'perf', release: 'patch'}, 14 | {type: 'refactor', release: 'patch'}, 15 | {type: 'revert', release: 'patch'}, 16 | {type: 'style', release: 'patch'}, 17 | {type: 'test', release: 'patch'}, 18 | ]; 19 | -------------------------------------------------------------------------------- /release.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | branch: 'master', 3 | repositoryUrl: 'https://github.com/saltstack-formulas/haproxy-formula', 4 | plugins: [ 5 | ['@semantic-release/commit-analyzer', { 6 | preset: 'angular', 7 | releaseRules: './release-rules.js', 8 | }], 9 | '@semantic-release/release-notes-generator', 10 | ['@semantic-release/changelog', { 11 | changelogFile: 'CHANGELOG.md', 12 | changelogTitle: '# Changelog', 13 | }], 14 | ['@semantic-release/exec', { 15 | prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}', 16 | }], 17 | ['@semantic-release/git', { 18 | assets: ['*.md', 'docs/*.rst', 'FORMULA'], 19 | }], 20 | '@semantic-release/github', 21 | ], 22 | generateNotes: { 23 | preset: 'angular', 24 | writerOpts: { 25 | // Required due to upstream bug preventing all types being displayed. 26 | // Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317 27 | // Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410 28 | transform: (commit, context) => { 29 | const issues = [] 30 | 31 | commit.notes.forEach(note => { 32 | note.title = `BREAKING CHANGES` 33 | }) 34 | 35 | // NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. 36 | if (commit.type === `feat`) { 37 | commit.type = `Features` 38 | } else if (commit.type === `fix`) { 39 | commit.type = `Bug Fixes` 40 | } else if (commit.type === `perf`) { 41 | commit.type = `Performance Improvements` 42 | } else if (commit.type === `revert`) { 43 | commit.type = `Reverts` 44 | } else if (commit.type === `docs`) { 45 | commit.type = `Documentation` 46 | } else if (commit.type === `style`) { 47 | commit.type = `Styles` 48 | } else if (commit.type === `refactor`) { 49 | commit.type = `Code Refactoring` 50 | } else if (commit.type === `test`) { 51 | commit.type = `Tests` 52 | } else if (commit.type === `build`) { 53 | commit.type = `Build System` 54 | // } else if (commit.type === `chore`) { 55 | // commit.type = `Maintenance` 56 | } else if (commit.type === `ci`) { 57 | commit.type = `Continuous Integration` 58 | } else { 59 | return 60 | } 61 | 62 | if (commit.scope === `*`) { 63 | commit.scope = `` 64 | } 65 | 66 | if (typeof commit.hash === `string`) { 67 | commit.shortHash = commit.hash.substring(0, 7) 68 | } 69 | 70 | if (typeof commit.subject === `string`) { 71 | let url = context.repository 72 | ? `${context.host}/${context.owner}/${context.repository}` 73 | : context.repoUrl 74 | if (url) { 75 | url = `${url}/issues/` 76 | // Issue URLs. 77 | commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => { 78 | issues.push(issue) 79 | return `[#${issue}](${url}${issue})` 80 | }) 81 | } 82 | if (context.host) { 83 | // User URLs. 84 | commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => { 85 | if (username.includes('/')) { 86 | return `@${username}` 87 | } 88 | 89 | return `[@${username}](${context.host}/${username})` 90 | }) 91 | } 92 | } 93 | 94 | // remove references that already appear in the subject 95 | commit.references = commit.references.filter(reference => { 96 | if (issues.indexOf(reference.issue) === -1) { 97 | return true 98 | } 99 | 100 | return false 101 | }) 102 | 103 | return commit 104 | }, 105 | }, 106 | }, 107 | }; 108 | -------------------------------------------------------------------------------- /test/integration/default/README.md: -------------------------------------------------------------------------------- 1 | # InSpec Profile: `default` 2 | 3 | This shows the implementation of the `default` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). 4 | 5 | ## Verify a profile 6 | 7 | InSpec ships with built-in features to verify a profile structure. 8 | 9 | ```bash 10 | $ inspec check default 11 | Summary 12 | ------- 13 | Location: default 14 | Profile: profile 15 | Controls: 4 16 | Timestamp: 2019-06-24T23:09:01+00:00 17 | Valid: true 18 | 19 | Errors 20 | ------ 21 | 22 | Warnings 23 | -------- 24 | ``` 25 | 26 | ## Execute a profile 27 | 28 | To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. 29 | 30 | ```bash 31 | $ inspec exec default 32 | .. 33 | 34 | Finished in 0.0025 seconds (files took 0.12449 seconds to load) 35 | 8 examples, 0 failures 36 | ``` 37 | 38 | ## Execute a specific control from a profile 39 | 40 | To run one control from the profile use `inspec exec /path/to/profile --controls name`. 41 | 42 | ```bash 43 | $ inspec exec default --controls package 44 | . 45 | 46 | Finished in 0.0025 seconds (files took 0.12449 seconds to load) 47 | 1 examples, 0 failures 48 | ``` 49 | 50 | See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). 51 | -------------------------------------------------------------------------------- /test/integration/default/controls/config.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | title 'Verify haproxy configuration' 4 | 5 | describe file('/etc/haproxy/haproxy.cfg') do 6 | it { should be_file } 7 | its('owner') { should eq 'root' } 8 | its('group') { should eq 'root' } 9 | its('mode') { should cmp '0644' } 10 | end 11 | -------------------------------------------------------------------------------- /test/integration/default/controls/package.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | title 'Verify haproxy installation' 4 | 5 | describe package('haproxy') do 6 | it { should be_installed } 7 | end 8 | -------------------------------------------------------------------------------- /test/integration/default/controls/service.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | title 'Verify haproxy service' 4 | 5 | describe service('haproxy') do 6 | it { should be_installed } 7 | it { should be_enabled } 8 | it { should be_running } 9 | end 10 | -------------------------------------------------------------------------------- /test/integration/default/inspec.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: default 5 | title: haproxy formula 6 | maintainer: SaltStack Formulas 7 | license: Apache-2.0 8 | summary: Verify that the haproxy formula is setup and configured correctly 9 | depends: 10 | - name: share 11 | path: test/integration/share 12 | supports: 13 | - platform-name: debian 14 | - platform-name: ubuntu 15 | - platform-name: centos 16 | - platform-name: fedora 17 | - platform-name: opensuse 18 | - platform-name: suse 19 | - platform-name: freebsd 20 | - platform-name: openbsd 21 | - platform-name: amazon 22 | - platform-name: oracle 23 | - platform-name: arch 24 | - platform-name: gentoo 25 | - platform-name: almalinux 26 | - platform-name: rocky 27 | - platform-name: mac_os_x 28 | - platform: windows 29 | -------------------------------------------------------------------------------- /test/integration/share/README.md: -------------------------------------------------------------------------------- 1 | # InSpec Profile: `share` 2 | 3 | This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). 4 | 5 | Its goal is to share the libraries between all profiles. 6 | 7 | ## Libraries 8 | 9 | ### `system` 10 | 11 | The `system` library provides easy access to system dependent information: 12 | 13 | - `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective 14 | - `system.platform[:family]` provide a family name for Arch and Gentoo 15 | - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows` 16 | - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows: 17 | - `Arch` is always `base-latest` 18 | - `Amazon Linux` release `2018` is resolved as `1` 19 | - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`) 20 | - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format 21 | - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version 22 | - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example) 23 | -------------------------------------------------------------------------------- /test/integration/share/inspec.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: share 5 | title: InSpec shared resources 6 | maintainer: SaltStack Formulas 7 | license: Apache-2.0 8 | summary: shared resources 9 | supports: 10 | - platform-name: debian 11 | - platform-name: ubuntu 12 | - platform-name: centos 13 | - platform-name: fedora 14 | - platform-name: opensuse 15 | - platform-name: suse 16 | - platform-name: freebsd 17 | - platform-name: openbsd 18 | - platform-name: amazon 19 | - platform-name: oracle 20 | - platform-name: arch 21 | - platform-name: gentoo 22 | - platform-name: almalinux 23 | - platform-name: rocky 24 | - platform-name: mac_os_x 25 | - platform: windows 26 | -------------------------------------------------------------------------------- /test/integration/share/libraries/system.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # system.rb -- InSpec resources for system values 4 | # Author: Daniel Dehennin 5 | # Copyright (C) 2020 Daniel Dehennin 6 | 7 | # rubocop:disable Metrics/ClassLength 8 | class SystemResource < Inspec.resource(1) 9 | name 'system' 10 | 11 | attr_reader :platform 12 | 13 | def initialize 14 | super 15 | @platform = build_platform 16 | end 17 | 18 | private 19 | 20 | def build_platform 21 | { 22 | family: build_platform_family, 23 | name: build_platform_name, 24 | release: build_platform_release, 25 | finger: build_platform_finger, 26 | codename: build_platform_codename 27 | } 28 | end 29 | 30 | def build_platform_family 31 | case inspec.platform[:name] 32 | when 'arch', 'gentoo' 33 | inspec.platform[:name] 34 | else 35 | inspec.platform[:family] 36 | end 37 | end 38 | 39 | def build_platform_name 40 | case inspec.platform[:name] 41 | when 'amazon', 'oracle', 'rocky' 42 | "#{inspec.platform[:name]}linux" 43 | when /^windows_/ 44 | inspec.platform[:family] 45 | else 46 | inspec.platform[:name] 47 | end 48 | end 49 | 50 | # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity 51 | def build_platform_release 52 | case inspec.platform[:name] 53 | when 'amazon' 54 | # `2018` relase is named `1` in `kitchen.yml` 55 | inspec.platform[:release].gsub(/2018.*/, '1') 56 | when 'arch' 57 | 'base-latest' 58 | when 'gentoo' 59 | "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}" 60 | when 'mac_os_x' 61 | inspec.command('sw_vers -productVersion').stdout.to_s 62 | when 'opensuse' 63 | # rubocop:disable Style/NumericLiterals,Layout/LineLength 64 | inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release] 65 | # rubocop:enable Style/NumericLiterals,Layout/LineLength 66 | when 'windows_8.1_pro' 67 | '8.1' 68 | when 'windows_server_2022_datacenter' 69 | '2022-server' 70 | when 'windows_server_2019_datacenter' 71 | '2019-server' 72 | when 'windows_server_2016_datacenter' 73 | '2016-server' 74 | else 75 | inspec.platform[:release] 76 | end 77 | end 78 | # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity 79 | 80 | def derive_gentoo_init_system 81 | inspec.command('systemctl').exist? ? 'sysd' : 'sysv' 82 | end 83 | 84 | def build_platform_finger 85 | "#{build_platform_name}-#{build_finger_release}" 86 | end 87 | 88 | def build_finger_release 89 | case inspec.platform[:name] 90 | when 'ubuntu' 91 | build_platform_release.split('.').slice(0, 2).join('.') 92 | else 93 | build_platform_release.split('.')[0] 94 | end 95 | end 96 | 97 | # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity 98 | def build_platform_codename 99 | case build_platform_finger 100 | when 'ubuntu-22.04' 101 | 'jammy' 102 | when 'ubuntu-20.04' 103 | 'focal' 104 | when 'ubuntu-18.04' 105 | 'bionic' 106 | when 'debian-11' 107 | 'bullseye' 108 | when 'debian-10' 109 | 'buster' 110 | when 'debian-9' 111 | 'stretch' 112 | when 'almalinux-8' 113 | "AlmaLinux #{build_platform_release} (Arctic Sphynx)" 114 | when 'amazonlinux-2' 115 | 'Amazon Linux 2' 116 | when 'arch-base-latest' 117 | 'Arch Linux' 118 | when 'centos-7' 119 | 'CentOS Linux 7 (Core)' 120 | when 'centos-8' 121 | 'CentOS Stream 8' 122 | when 'opensuse-tumbleweed' 123 | 'openSUSE Tumbleweed' 124 | when 'opensuse-15' 125 | "openSUSE Leap #{build_platform_release}" 126 | when 'oraclelinux-8', 'oraclelinux-7' 127 | "Oracle Linux Server #{build_platform_release}" 128 | when 'gentoo-2-sysd', 'gentoo-2-sysv' 129 | 'Gentoo/Linux' 130 | when 'rockylinux-8' 131 | "Rocky Linux #{build_platform_release} (Green Obsidian)" 132 | else 133 | '' 134 | end 135 | end 136 | # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity 137 | end 138 | # rubocop:enable Metrics/ClassLength 139 | -------------------------------------------------------------------------------- /test/salt/pillar/default.sls: -------------------------------------------------------------------------------- 1 | --- 2 | haproxy: 3 | # use lookup section to override 'map.jinja' values 4 | # lookup: 5 | # user: 'custom-user' 6 | # group: 'custom-group' 7 | # new setting to override configuration file path 8 | # config_file: /etc/haproxy/haproxy.cfg 9 | enabled: true 10 | # Overwrite an existing config file if present 11 | # (default behaviour unless set to false) 12 | overwrite: true 13 | # old setting to override configuration file path, kept for compatibility 14 | # config_file_path: /etc/haproxy/haproxy.cfg 15 | global: 16 | log: 17 | - 127.0.0.1 local2 18 | - 127.0.0.1 local1 notice 19 | # Option log-tag parameter, sets the tag field in the syslog header 20 | log-tag: haproxy 21 | # Optional log-send-hostname parameter, sets the hostname field in the syslog header 22 | log-send-hostname: localhost 23 | stats: 24 | /run/haproxy/stats-operator: 25 | level: operator 26 | mode: 660 27 | group: users 28 | /run/haproxy/stats-admin: 29 | level: admin 30 | mode: 600 31 | # yamllint disable-line rule:line-length 32 | ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" 33 | ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" 34 | 35 | user: haproxy 36 | group: haproxy 37 | chroot: 38 | enable: true 39 | path: /var/lib/haproxy 40 | 41 | daemon: true 42 | 43 | 44 | userlists: 45 | userlist1: 46 | users: 47 | john: insecure-password doe 48 | sam: insecure-password frodo 49 | 50 | defaults: 51 | log: global 52 | mode: http 53 | retries: 3 54 | options: 55 | - httplog 56 | - dontlognull 57 | - forwardfor 58 | - http-server-close 59 | # yamllint disable-line rule:line-length 60 | logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r" 61 | timeouts: 62 | - http-request 10s 63 | - queue 1m 64 | - connect 10s 65 | - client 1m 66 | - server 1m 67 | - http-keep-alive 10s 68 | - check 10s 69 | stats: 70 | - enable 71 | - uri: '/admin?stats' 72 | - realm: 'Haproxy\ Statistics' 73 | - auth: 'admin1:AdMiN123' 74 | 75 | 76 | listens: 77 | stats: 78 | bind: 79 | - "0.0.0.0:8998" 80 | mode: http 81 | options: 82 | - httpchk 83 | httpcheck: disable-on-404 84 | stats: 85 | enable: true 86 | uri: "/admin?stats" 87 | refresh: "20s" 88 | myservice: 89 | bind: 90 | - "*:8888" 91 | options: 92 | - forwardfor 93 | - http-server-close 94 | - httpchk 95 | defaultserver: 96 | slowstart: 60s 97 | maxconn: 256 98 | maxqueue: 128 99 | weight: 100 100 | httpchecks: 101 | - send-state 102 | - expect status 200 103 | servers: 104 | web1: 105 | host: web1.example.com 106 | port: 80 107 | check: check 108 | web2: 109 | host: web2.example.com 110 | port: 18888 111 | check: check 112 | web3: 113 | host: web3.example.com 114 | redis: 115 | bind: 116 | - '*:6379' 117 | balance: roundrobin 118 | defaultserver: 119 | fall: 3 120 | options: 121 | - tcp-check 122 | tcpchecks: 123 | - send PINGrn 124 | - expect string +PONG 125 | - expect string role:master 126 | - send QUITrn 127 | - expect string +OK 128 | servers: 129 | server1: 130 | host: server1 131 | port: 6379 132 | check: check 133 | extra: port 6379 inter 1s 134 | server2: 135 | host: server2 136 | port: 6379 137 | check: check 138 | extra: port 6379 inter 1s backup 139 | frontends: 140 | frontend1: 141 | name: www-http 142 | bind: "*:80" 143 | redirects: 144 | - scheme https if !{ ssl_fc } 145 | reqadds: 146 | - "X-Forwarded-Proto http" 147 | default_backend: www-backend 148 | 149 | # www-https: 150 | # bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem" 151 | # yamllint disable-line rule:line-length 152 | # logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r\\ ssl_version:%sslv\\ ssl_cipher:%sslc" 153 | # reqadds: 154 | # - "X-Forwarded-Proto https" 155 | # default_backend: www-backend 156 | # acls: 157 | # - url_static path_beg -i /static /images /javascript /stylesheets 158 | # - url_static path_end -i .jpg .gif .png .css .js 159 | # use_backends: 160 | # - static-backend if url_static 161 | # extra: "rspadd Strict-Transport-Security:\ max-age=15768000" 162 | # some-services: 163 | # bind: 164 | # - "*:8080" 165 | # - "*:8088" 166 | # default_backend: api-backend 167 | 168 | backends: 169 | backend1: 170 | name: www-backend 171 | balance: roundrobin 172 | extra: "http-request del-header ^X-Forwarded-For:" 173 | redirects: 174 | - scheme https if !{ ssl_fc } 175 | servers: 176 | server1: 177 | name: server1-its-name 178 | host: 192.168.1.213 179 | port: 80 180 | check: check 181 | static-backend: 182 | balance: roundrobin 183 | redirects: 184 | - scheme https if !{ ssl_fc } 185 | options: 186 | - http-server-close 187 | - httpclose 188 | - forwardfor except 127.0.0.0/8 189 | - httplog 190 | cookie: "pm insert indirect" 191 | stats: 192 | enable: true 193 | uri: /url/to/stats 194 | realm: LoadBalancer 195 | auth: "user:password" 196 | servers: 197 | some-server: 198 | host: 123.156.189.111 199 | port: 8080 200 | check: check 201 | another-server: 202 | host: 123.156.189.112 203 | api-backend: 204 | options: 205 | - http-server-close 206 | - forwardfor 207 | servers: 208 | apiserver1: 209 | host: apiserver1.example.com 210 | port: 80 211 | check: check 212 | -------------------------------------------------------------------------------- /test/salt/pillar/hosts.sls: -------------------------------------------------------------------------------- 1 | --- 2 | hosts: 3 | - server1: 127.0.0.1 4 | - server2: 127.0.0.1 5 | - web1.example.com: 127.0.0.1 6 | - web2.example.com: 127.0.0.1 7 | - web3.example.com: 127.0.0.1 8 | - apiserver1.example.com: 127.0.0.1 9 | - apiserver2.example.com: 127.0.0.1 10 | -------------------------------------------------------------------------------- /test/salt/salt/hosts/init.sls: -------------------------------------------------------------------------------- 1 | {% set hosts = salt['pillar.get']('hosts', []) %} 2 | 3 | {% for host in hosts %} 4 | {% for name, ip in host.items() %} 5 | {{ name }}: 6 | host.present: 7 | - ip: {{ ip }} 8 | {% endfor %} 9 | {% endfor %} 10 | --------------------------------------------------------------------------------