haproxy-stats (#7): MVP of HAProxy status page based on alb_ vars

fititnt · Nov 8, 2019 · 8bfafcd · 8bfafcd
1 parent ee92a0e
commit 8bfafcd
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 2 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -5,6 +5,18 @@ alb_name: "AP Application Load Balancer"
 alb_hide_alb: yes
 alb_forcedebug: no
 
+alb_superuser_auth:
+#  - username: Admin1
+#    password: "plain-password"
+#  - username: Admin2
+#    password: "plain-password2"
+#  - username: SuperUser2
+#    password: "!vault |...." # You can use Ansible Vault (encripted values) https://docs.ansible.com/ansible/latest/user_guide/vault.html
+alb_superuser_ip: null
+alb_superuser_autodiscoveripnull: yes
+
+### APPs _______________________________________________________________________
+
 alb_apps: []
 
 alb_letsencrypt_allow_domain_whitelist:

diff --git a/example/playbook-complex.yml b/example/playbook-complex.yml
@@ -9,7 +9,15 @@
     alb_name: "MyALBName/2.0"
     alb_forcedebug: yes
 
-    alb_haproxy_stats_port: 8404
+    alb_haproxy_stats_enabled: yes
+
+    alb_superuser_auth:
+     - username: Admin1
+       password: "plain-password"
+     - username: Admin2
+       password: "plain-password2"
+    alb_superuser_ip: 123.123.123.123
+    # alb_superuser_autodiscoveripnull: yes Not implemented yet
 
     # /opt/alb/remoteadmins
     alb_ips_remoteadmins:

diff --git a/templates/nlb-strategy/partials/haproxy-stats.cfg.j2 b/templates/nlb-strategy/partials/haproxy-stats.cfg.j2
@@ -8,4 +8,23 @@ frontend stats
     stats enable
     stats uri {{ alb_haproxy_stats_uri | default('/haproxy?stats') }}
     stats refresh 10s
-    # stats admin if TRUE
+{% if (alb_superuser_ip is defined) %}
+# alb_superuser_ip is defined
+{% if (alb_superuser_ip[0] is defined) %}
+    acl network_allowed src 127.0.0.1 {{ alb_superuser_ip }}
+{% else %}
+    acl network_allowed src 127.0.0.1 {{ alb_superuser_ip | join(' ') }}
+{% endif %}
+    block if !network_allowed
+{% else %}
+# alb_superuser_ip is not defined
+{% endif %}
+
+{% if (alb_superuser_auth is defined and alb_superuser_auth[0] is defined) %}
+# alb_superuser_auth is defined
+{% for userandpassword in alb_superuser_auth %}
+      stats auth    {{ userandpassword.username }}:{{ userandpassword.password }}
+{% endfor %}
+{% else %}
+# alb_superuser_auth is not defined
+{% endif %}