Validate haproxy configuration values
Unit testing will happen in a separate commit, see: https://bugs.launchpad.net/tripleo/+bug/1594785 Change-Id: I531bb19f5e1a12f3bb88e93816e1047a5bd05055 Co-Authored-By: Martin André <m.andre@redhat.com>
This commit is contained in:
parent
e522256f3b
commit
29de0e23d8
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- hosts: controller
|
||||
vars:
|
||||
metadata:
|
||||
name: HAProxy configuration
|
||||
description: Verify the HAProxy configuration has recommended values.
|
||||
groups:
|
||||
- post-deployment
|
||||
config_file: '/etc/haproxy/haproxy.cfg'
|
||||
global_maxconn_min: 20480
|
||||
defaults_maxconn_min: 4096
|
||||
defaults_timeout_queue: '1m'
|
||||
defaults_timeout_client: '1m'
|
||||
defaults_timeout_server: '1m'
|
||||
defaults_timeout_check: '10s'
|
||||
tasks:
|
||||
- name: Gather the HAProxy config
|
||||
haproxy_conf: path="{{ config_file }}"
|
||||
- name: Verify global maxconn
|
||||
fail: msg="The 'global maxconn' value '{{ haproxy_conf.global.maxconn}}' must be greater than {{ global_maxconn_min }}"
|
||||
failed_when: "{{ haproxy_conf.global.maxconn}} < {{ global_maxconn_min }}"
|
||||
- name: Verify defaults maxconn
|
||||
fail: msg="The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}' must be greater than {{ defaults_maxconn_min }}"
|
||||
failed_when: "{{ haproxy_conf.defaults.maxconn }} < {{ defaults_maxconn_min }}"
|
||||
- name: Verify defaults timeout queue
|
||||
fail: msg="The 'timeout queue' option in 'defaults' is '{{ haproxy_conf.defaults['timeout queue'] }}', but must be set to {{ defaults_timeout_queue }}"
|
||||
failed_when: "'{{ haproxy_conf.defaults['timeout queue'] }}' != '{{ defaults_timeout_queue }}'"
|
||||
- name: Verify defaults timeout client
|
||||
fail: msg="The 'timeout client' option in 'defaults' is '{{ haproxy_conf.defaults['timeout client'] }}', but must be set to {{ defaults_timeout_client }}"
|
||||
failed_when: "'{{ haproxy_conf.defaults['timeout client'] }}' != '{{ defaults_timeout_client }}'"
|
||||
- name: Verify defaults timeout server
|
||||
fail: msg="The 'timeout server' option in 'defaults' is '{{ haproxy_conf.defaults['timeout server'] }}', but must be set to {{ defaults_timeout_server }}"
|
||||
failed_when: "'{{ haproxy_conf.defaults['timeout server'] }}' != '{{ defaults_timeout_server }}'"
|
||||
- name: Verify defaults timeout check
|
||||
fail: msg="The 'timeout check' option in 'defaults' is '{{ haproxy_conf.defaults['timeout check'] }}', but must be set to {{ defaults_timeout_check }}"
|
||||
failed_when: "'{{ haproxy_conf.defaults['timeout check'] }}' != '{{ defaults_timeout_check }}'"
|
|
@ -0,0 +1,66 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
# -*- coding: utf-8 -*-
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import re
|
||||
|
||||
from ansible.module_utils.basic import * # NOQA
|
||||
|
||||
|
||||
# ConfigParser chokes on both mariadb and haproxy files. Luckily They have
|
||||
# a syntax approaching ini config file so they are relatively easy to parse.
|
||||
# This generic ini style config parser is not perfect -- it can ignore some
|
||||
# valid options -- but good enough for our use case.
|
||||
def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
|
||||
config = {}
|
||||
current_section = None
|
||||
with open(file_path) as config_file:
|
||||
for line in config_file:
|
||||
match_section = re.match(section_regex, line)
|
||||
if match_section:
|
||||
current_section = match_section.group(1)
|
||||
config[current_section] = {}
|
||||
match_option = re.match(option_regex, line)
|
||||
if match_option and current_section:
|
||||
option = re.sub('\s+', ' ', match_option.group(1))
|
||||
config[current_section][option] = match_option.group(2)
|
||||
return config
|
||||
|
||||
|
||||
def parse_haproxy_conf(file_path):
|
||||
section_regex = '^(\w+)'
|
||||
option_regex = '^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
|
||||
return generic_ini_style_conf_parser(file_path, section_regex,
|
||||
option_regex)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(argument_spec=dict(
|
||||
path=dict(required=True, type='str'),
|
||||
))
|
||||
|
||||
haproxy_conf_path = module.params.get('path')
|
||||
|
||||
try:
|
||||
config = parse_haproxy_conf(haproxy_conf_path)
|
||||
except IOError:
|
||||
module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
|
||||
haproxy_conf_path)
|
||||
|
||||
module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue