Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/esh_haproxy/recipes/config.rb
Benoit 65be894048 Archive abandoned project
2025-02-15 01:05:58 +09:00

145 lines
3.6 KiB
Ruby
Raw Permalink Blame History

#
# Cookbook:: esh_haproxy
# Recipe:: config
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apt_package %w(haproxy whois)
directory "/etc/haproxy/country" do
owner 'root'
group 'root'
mode '0755'
action :create
end
cookbook_file '/usr/local/bin/haproxy_country' do
owner 'root'
group 'root'
mode '0755'
action :create
end
execute 'haproxy generate country acl' do
command '/usr/local/bin/haproxy_country'
environment ({ 'LICENSE_KEY' => node['esh']['haproxy']['config']['maxmind_key'] })
action :run
not_if { ::File.exist?('/etc/haproxy/country/JP.txt') }
end
remote_file '/etc/haproxy/dhparam' do
source 'https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem'
owner 'root'
group 'root'
mode '0444'
action :create
end
template '/etc/haproxy/haproxy.cfg' do
owner 'root'
group 'root'
mode '0444'
variables acls: node['esh']['haproxy']['config']['acls'],
listen: node['esh']['haproxy']['config']['listen'],
backends: node['esh']['haproxy']['config']['backends'],
stats_password: node['esh']['haproxy']['config']['stats_password']
action :create
end
systemd_unit 'haproxy_country_failure.service' do
content <<~EOU
[Unit]
Description=Notifies HC if haproxy country fail
[Service]
Type=simple
ExecStart=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}/fail
EOU
verify false
action [:create, :enable]
end
systemd_unit 'haproxy_country_success.service' do
content <<~EOU
[Unit]
Description=Notifies HC if haproxy country succeed
[Service]
Type=simple
ExecStart=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}
EOU
verify false
action [:create, :enable]
end
systemd_unit 'haproxy_country.service' do
content <<~EOU
[Unit]
Description=Update haproxy country IP range
OnFailure=haproxy_country_failure.service
OnSuccess=haproxy_country_success.service
[Service]
Type=simple
Environment="LICENSE_KEY=#{node['esh']['haproxy']['config']['maxmind_key']}"
ExecStartPre=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}/start
ExecStart=/usr/local/bin/haproxy_country
EOU
verify false
action [:create, :enable]
end
systemd_unit 'haproxy_country.timer' do
content <<~EOU
[Unit]
Description=Run haproxy_country on Fridays, 12h random
[Timer]
OnCalendar=Fri 00:00
RandomizedDelaySec=12h
[Install]
WantedBy=timers.target
EOU
verify false
action [:create, :enable]
end
apt_package 'ssl-cert'
directory '/etc/haproxy/crt' do
owner 'root'
group 'root'
mode '0755'
action :create
end
execute 'add to haproxy default self-signed certificate' do
command <<~EOT
cat /etc/ssl/certs/ssl-cert-snakeoil.pem \
/etc/ssl/private/ssl-cert-snakeoil.key \
> /etc/haproxy/crt/ssl-cert-snakeoil.pem
EOT
not_if { ::File.exist?('/etc/haproxy/crt/ssl-cert-snakeoil.pem') }
action :run
end
service 'haproxy' do
action :nothing
subscribes :reload, 'template[/etc/haproxy/haproxy.cfg]', :immediately
end
Reference in a new issue View git blame Copy permalink