Validate haproxy configuration values

Unit testing will happen in a separate commit, see: https://bugs.launchpad.net/tripleo/+bug/1594785 Change-Id: I531bb19f5e1a12f3bb88e93816e1047a5bd05055 Co-Authored-By: Martin André <m.andre@redhat.com>
2016-08-11 12:09:39 +02:00 · 2016-08-11 12:09:39 +02:00 · 29de0e23d8
parent e522256f3b
commit 29de0e23d8
2 changed files with 102 additions and 0 deletions
--- a/validations/haproxy.yaml
+++ b/validations/haproxy.yaml
@ -0,0 +1,36 @@
+---
+- hosts: controller
+  vars:
+    metadata:
+      name: HAProxy configuration
+      description: Verify the HAProxy configuration has recommended values.
+      groups:
+        - post-deployment
+    config_file: '/etc/haproxy/haproxy.cfg'
+    global_maxconn_min: 20480
+    defaults_maxconn_min: 4096
+    defaults_timeout_queue: '1m'
+    defaults_timeout_client: '1m'
+    defaults_timeout_server: '1m'
+    defaults_timeout_check: '10s'
+  tasks:
+  - name: Gather the HAProxy config
+    haproxy_conf: path="{{ config_file }}"
+  - name: Verify global maxconn
+    fail: msg="The 'global maxconn' value '{{ haproxy_conf.global.maxconn}}' must be greater than {{ global_maxconn_min }}"
+    failed_when: "{{ haproxy_conf.global.maxconn}} < {{ global_maxconn_min }}"
+  - name: Verify defaults maxconn
+    fail: msg="The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}' must be greater than {{ defaults_maxconn_min }}"
+    failed_when: "{{ haproxy_conf.defaults.maxconn }} < {{ defaults_maxconn_min }}"
+  - name: Verify defaults timeout queue
+    fail: msg="The 'timeout queue' option in 'defaults' is '{{ haproxy_conf.defaults['timeout queue'] }}', but must be set to {{ defaults_timeout_queue }}"
+    failed_when: "'{{ haproxy_conf.defaults['timeout queue'] }}' != '{{ defaults_timeout_queue }}'"
+  - name: Verify defaults timeout client
+    fail: msg="The 'timeout client' option in 'defaults' is '{{ haproxy_conf.defaults['timeout client'] }}', but must be set to {{ defaults_timeout_client }}"
+    failed_when: "'{{ haproxy_conf.defaults['timeout client'] }}' != '{{ defaults_timeout_client }}'"
+  - name: Verify defaults timeout server
+    fail: msg="The 'timeout server' option in 'defaults' is '{{ haproxy_conf.defaults['timeout server'] }}', but must be set to {{ defaults_timeout_server }}"
+    failed_when: "'{{ haproxy_conf.defaults['timeout server'] }}' != '{{ defaults_timeout_server }}'"
+  - name: Verify defaults timeout check
+    fail: msg="The 'timeout check' option in 'defaults' is '{{ haproxy_conf.defaults['timeout check'] }}', but must be set to {{ defaults_timeout_check }}"
+    failed_when: "'{{ haproxy_conf.defaults['timeout check'] }}' != '{{ defaults_timeout_check }}'"
--- a/validations/library/haproxy_conf.py
+++ b/validations/library/haproxy_conf.py
@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+# -*- coding: utf-8 -*-
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+
+from ansible.module_utils.basic import *  # NOQA
+
+
+# ConfigParser chokes on both mariadb and haproxy files. Luckily They have
+# a syntax approaching ini config file so they are relatively easy to parse.
+# This generic ini style config parser is not perfect -- it can ignore some
+# valid options --  but good enough for our use case.
+def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
+    config = {}
+    current_section = None
+    with open(file_path) as config_file:
+        for line in config_file:
+            match_section = re.match(section_regex, line)
+            if match_section:
+                current_section = match_section.group(1)
+                config[current_section] = {}
+            match_option = re.match(option_regex, line)
+            if match_option and current_section:
+                option = re.sub('\s+', ' ', match_option.group(1))
+                config[current_section][option] = match_option.group(2)
+    return config
+
+
+def parse_haproxy_conf(file_path):
+    section_regex = '^(\w+)'
+    option_regex = '^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
+    return generic_ini_style_conf_parser(file_path, section_regex,
+                                         option_regex)
+
+
+def main():
+    module = AnsibleModule(argument_spec=dict(
+        path=dict(required=True, type='str'),
+    ))
+
+    haproxy_conf_path = module.params.get('path')
+
+    try:
+        config = parse_haproxy_conf(haproxy_conf_path)
+    except IOError:
+        module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
+                         haproxy_conf_path)
+
+    module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})
+
+
+if __name__ == '__main__':
+    main()