From 89e4849f20c9c30d569abbee0ead7795525c76da Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sun, 6 Mar 2016 09:31:40 +0100
Subject: [PATCH] Enhance haproxy installation

---
 defaults/main.yml       |  1 +
 tasks/configure.yml     | 10 +++++-----
 templates/blacklist     |  4 +++-
 templates/haproxy_cfg   | 26 ++++++++++++--------------
 templates/host_list     |  2 +-
 templates/host_ssl_list |  2 +-
 6 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 180921e..a341945 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,4 @@
 default_proxy: ''
 proxy_default_backend: ''
+proxy_certificates: []
 proxy_blacklist_ips: []
diff --git a/tasks/configure.yml b/tasks/configure.yml
index cf93f3b..dd4d792 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -13,7 +13,7 @@
             owner=root
             group=root
             mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
   with_items: '{{ groups.all }}'
   notify: 'Proxy | Restart HAProxy'
 
@@ -23,7 +23,7 @@
             owner=root
             group=root
             mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
   with_items: '{{ groups.all }}'
   notify: 'Proxy | Restart HAProxy'
 
@@ -33,7 +33,7 @@
         group=root
         mode=644
         state=touch
-  when: scope == 'all'
+  #when: scope == 'all'
   with_items: '{{ groups.all }}'
   notify: 'Proxy | Restart HAProxy'
 
@@ -43,7 +43,7 @@
             owner=root
             group=root
             mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
   notify: 'Proxy | Restart HAProxy'
 
 - name: "Proxy | Install update php script"
@@ -74,5 +74,5 @@
             owner=root
             group=root
             mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
   notify: 'Proxy | Restart HAProxy'
diff --git a/templates/blacklist b/templates/blacklist
index ef4547e..61d6308 100644
--- a/templates/blacklist
+++ b/templates/blacklist
@@ -1,3 +1,5 @@
-{% for line in hostvars[item]['proxy_blacklist_ips'] %}
+{% for host in groups['all'] %}
+{% for line in hostvars[host].proxy_blacklist_ips|default([]) %}
 {{line}}
 {% endfor %}
+{% endfor %}
diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index 2bad328..5bef2d6 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -46,55 +46,53 @@ frontend http-in
   acl blockedip src  -i -f /etc/haproxy/blacklist
   http-request deny if blockedip
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host].proxy_redirect|default([]) %}
   redirect prefix http://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
 {% endfor %}
-{% endif %}
 {% endfor %}
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_domains'] %}
+{% if hostvars[host].proxy_domains is defined %}
   acl domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
   use_backend backend_{{host}} if domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
+{% if hostvars[host].proxy_crm_domains is defined %}
   acl crm_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.crm.list
   use_backend backend_{{host}} if crm_domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
+{% if hostvars[host].proxy_ssl_domains is defined %}
   acl redirect_ssl_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_redirect_ssl if redirect_ssl_{{host}}
 {% endif %}
 {% endfor %}
 
+{% for cert in proxy_certificates %}
 frontend https-in
-  bind :443 ssl crt /etc/haproxy/certs/s-verein.de.pem no-sslv3
+  bind :443 ssl crt /etc/haproxy/certs/{{ cert }} no-sslv3
   acl blockedip src  -i -f /etc/haproxy/blacklist
   http-request deny if blockedip
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host].proxy_redirect|default([]) %}
   redirect prefix https://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
 {% endfor %}
-{% endif %}
 {% endfor %}
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
+{% if hostvars[host].proxy_ssl_domains is defined %}
   acl ssl_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_{{host}} if ssl_domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_domains'] %}
+{% if hostvars[host].proxy_domains is defined %}
   acl redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
   use_backend backend_redirect if redirect_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
+{% if hostvars[host].proxy_crm_domains is defined %}
   acl crm_redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
   use_backend backend_redirect if crm_redirect_{{host}}
 {% endif %}
 {% endfor %}
+{% endfor %}
 
 {% for host in groups['all'] %}
-{% if (hostvars[host]['proxy_domains']) or (hostvars[host]['proxy_ssl_domains']) or (hostvars[host]['proxy_crm_domains']) %}
+{% if (hostvars[host].proxy_domains is defined) or (hostvars[host].proxy_ssl_domains is defined) or (hostvars[host].proxy_crm_domains is defined) %}
 backend backend_{{host}}
   server server_{{host}} {{hostvars[host]['ansible_default_ipv4']['address']|default(hostvars[host]['static_ipv4'])}}:80 maxconn 32
 
diff --git a/templates/host_list b/templates/host_list
index 286b086..56d67eb 100644
--- a/templates/host_list
+++ b/templates/host_list
@@ -1,3 +1,3 @@
-{% for domain in hostvars[item]['proxy_domains'] %}
+{% for domain in hostvars[item].proxy_domains|default([]) %}
 {{domain}}
 {% endfor %}
diff --git a/templates/host_ssl_list b/templates/host_ssl_list
index 86e88b5..ee5bc3f 100644
--- a/templates/host_ssl_list
+++ b/templates/host_ssl_list
@@ -1,3 +1,3 @@
-{% for domain in hostvars[item]['proxy_ssl_domains'] %}
+{% for domain in hostvars[item].proxy_ssl_domains|default([]) %}
 {{domain}}
 {% endfor %}
-- 
GitLab