diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 72c2727a..c62e8db0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,36 +18,26 @@ jobs: integration: needs: lint-unit - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: os: - - "debian-11" - - "debian-12" - - "ubuntu-2004" - - "ubuntu-2204" + - "fedora-latest" + - "almalinux-9" + - "almalinux-10" - "centos-stream-9" - "centos-stream-10" - - "fedora-latest" + - "debian-12" + - "debian-13" + - "opensuse-leap-15" + - "ubuntu-2204" + - "ubuntu-2404" suite: - - config-2 - # - config-3 - - config-acl - - config-array - - config-backend-search - - config-custom-template - - config-fastcgi - - config-resolver - - config-ssl-redirect + - "default" - "package" - - "source-24" - - "source-26" - "source-28" - - "source-lua" - "source-default" - # - "source-openssl" - # OpenSSSL libraries are not currently compiling correctly - # see https://github.com/sous-chefs/haproxy/issues/503 + - "source-openssl" fail-fast: false steps: @@ -72,9 +62,8 @@ jobs: os: - "amazonlinux-2023" suite: + - "default" - "package" - - "source-24" - - "source-26" - "source-28" - "source-default" fail-fast: false @@ -83,9 +72,9 @@ jobs: - name: Check out code uses: actions/checkout@v6 - name: Install Chef - uses: actionshub/chef-install@6.0.0 + uses: actionshub/chef-install@main - name: Dokken - uses: actionshub/test-kitchen@3.0.0 + uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml @@ -93,13 +82,13 @@ jobs: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - lua_test: + lua-test: needs: lint-unit - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: os: - - "centos-stream-9" + - "centos-stream-10" suite: - "source-lua" fail-fast: false @@ -108,9 +97,9 @@ jobs: - name: Check out code uses: actions/checkout@v6 - name: Install Chef - uses: actionshub/chef-install@6.0.0 + uses: actionshub/chef-install@main - name: Dokken - uses: actionshub/test-kitchen@3.0.0 + uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml @@ -118,33 +107,31 @@ jobs: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - configtest: + config-test: needs: lint-unit - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: os: - - "centos-stream-9" + - "centos-stream-10" suite: - "config-2" - # - "config-3" - - "config-backend-search" - "config-acl" - - "config-resolver" - - "config-ssl-redirect" - - "config-custom-template" - - "config-custom-template" - "config-array" + - "config-backend-search" + - "config-custom-template" - "config-fastcgi" + - "config-resolver" + - "config-ssl-redirect" fail-fast: false steps: - name: Check out code uses: actions/checkout@v6 - name: Install Chef - uses: actionshub/chef-install@6.0.0 + uses: actionshub/chef-install@main - name: Dokken - uses: actionshub/test-kitchen@3.0.0 + uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml diff --git a/Berksfile b/Berksfile index 5a7274b5..4c37302a 100644 --- a/Berksfile +++ b/Berksfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://supermarket.chef.io' metadata diff --git a/LIMITATIONS.md b/LIMITATIONS.md new file mode 100644 index 00000000..61d6f49e --- /dev/null +++ b/LIMITATIONS.md @@ -0,0 +1,72 @@ +# Limitations + +## Package Availability + +HAProxy is available as a package on all major Linux distributions. The version +available depends on the distribution release. + +### APT (Debian/Ubuntu) + +- **Debian 11 (Bullseye)**: HAProxy 2.2 (default), 2.4–2.8 via haproxy.debian.net +- **Debian 12 (Bookworm)**: HAProxy 2.6 (default), 2.8–3.0 via haproxy.debian.net +- **Ubuntu 20.04 (Focal)**: HAProxy 2.0 (default), newer via PPA `ppa:vbernat/haproxy-X.Y` +- **Ubuntu 22.04 (Jammy)**: HAProxy 2.4 (default), newer via PPA +- **Ubuntu 24.04 (Noble)**: HAProxy 2.8 (default), newer via PPA + +Architectures: amd64, arm64, i386 (varies by release). + +### DNF/YUM (RHEL family) + +- **RHEL 8 / AlmaLinux 8 / Rocky 8 / Oracle 8**: HAProxy 1.8 (base), newer via EPEL or AppStream +- **RHEL 9 / AlmaLinux 9 / Rocky 9 / Oracle 9**: HAProxy 2.4 (AppStream) +- **AlmaLinux 10 / CentOS Stream 10**: HAProxy 3.0+ (AppStream) +- **CentOS Stream 9**: HAProxy 2.4 (AppStream) +- **Amazon Linux 2023**: HAProxy 2.8 (default repos) +- **Fedora**: Latest stable (default repos) + +Architectures: x86_64, aarch64. + +EPEL is required for RHEL-family platforms when the base/AppStream version is insufficient. +The `yum-epel` cookbook dependency handles this. + +### Zypper (SUSE) + +- **openSUSE Leap 15**: HAProxy 2.x (default repos) + +Architectures: x86_64. + +## Source/Compiled Installation + +HAProxy can be compiled from source on all supported platforms. The cookbook supports +source installation with configurable version, build flags, and optional features +(Lua, OpenSSL, PCRE, Prometheus exporter). + +### Build Dependencies + +| Platform Family | Packages | +|-----------------|-----------------------------------------------------------------------| +| Debian | build-essential, libpcre3-dev, libssl-dev, zlib1g-dev, libsystemd-dev | +| RHEL (< 10) | pcre-devel, openssl-devel, zlib-devel, systemd-devel, tar | +| RHEL (>= 10) | pcre2-devel, openssl-devel, zlib-devel, systemd-devel, tar | +| SUSE | pcre-devel, libopenssl-devel, zlib-devel, systemd-devel | + +### Optional Build Dependencies + +| Feature | Debian | RHEL | +|-----------|---------------------|----------------| +| Lua | liblua5.3-dev | lua-devel | +| OpenSSL 3 | libssl-dev (>= 3.0) | openssl3-devel | + +## Architecture Limitations + +- All platforms provide amd64/x86_64 packages +- arm64/aarch64 packages available on Debian 11+, Ubuntu 20.04+, RHEL 9+ +- Source compilation works on all architectures with appropriate cross-compiler + +## Known Issues + +- PCRE1 (`pcre-devel`) is deprecated on RHEL/CentOS/AlmaLinux/Rocky >= 10; the cookbook + automatically selects PCRE2 (`pcre2-devel`) on those platforms +- IUS repository support is limited to RHEL 6/7 (both EOL) and should be considered deprecated +- OpenSSL source compilation has known issues (see [#503](https://github.com/sous-chefs/haproxy/issues/503)) +- The `haproxy-systemd-wrapper` binary is only used for HAProxy versions < 1.8 diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 998bb20c..8c37fde6 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -1,3 +1,4 @@ +--- driver: name: dokken privileged: true @@ -47,6 +48,11 @@ platforms: image: dokken/debian-12 pid_one_command: /bin/systemd + - name: debian-13 + driver: + image: dokken/debian-13 + pid_one_command: /usr/lib/systemd/systemd + - name: fedora-latest driver: image: dokken/fedora-latest diff --git a/kitchen.yml b/kitchen.yml index b70cf4d7..d0b71f34 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -3,12 +3,12 @@ driver: name: vagrant provisioner: - name: chef_zero - deprecations_as_errors: true - chef_license: accept + name: chef_infra product_name: chef product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> - install_strategy: always + channel: stable + chef_license: accept + deprecations_as_errors: true log_level: <%= ENV['CHEF_LOG_LEVEL'] || 'auto' %> verifier: @@ -16,63 +16,79 @@ verifier: platforms: - name: amazonlinux-2023 - - name: centos-stream-8 + - name: fedora-latest + - name: almalinux-9 + - name: almalinux-10 - name: centos-stream-9 - - name: debian-11 + - name: centos-stream-10 - name: debian-12 - - name: ubuntu-20.04 + - name: debian-13 - name: ubuntu-22.04 - - name: fedora-latest + - name: ubuntu-24.04 + - name: opensuse-leap-15 + +# Reusable YAML anchors for run_lists +x-run_lists: + default: &default_run_list + - recipe[test::default] + package: &package_run_list + - recipe[test::package] + +# Reusable YAML anchors for verifiers +x-verifiers: + default: &default_verifier + inspec_tests: + - path: test/integration/default + package: &package_verifier + inspec_tests: + - path: test/integration/package suites: + - name: default + run_list: *default_run_list + verifier: *default_verifier - name: package - run_list: - - recipe[test::package] - - name: source-2.4 - run_list: - - recipe[test::source_24] - - name: source_2.6 - run_list: - - recipe[test::source_26] - - name: source_2.8 + run_list: *package_run_list + verifier: *package_verifier + - name: source-2.8 run_list: - recipe[test::source_28] - - name: source_default + - name: source-default run_list: - recipe[test::source] - - name: source_lua + - name: source-lua run_list: - recipe[test::source_lua] - - name: source_openssl + - name: source-openssl run_list: - recipe[test::source_openssl] - - name: config_2 + verifier: + inspec_tests: + - path: test/integration/source_openssl + - name: config-2 run_list: - recipe[test::config_2] - - name: config_3 + - name: config-3 run_list: - recipe[test::config_3] - - name: config_4 - run_list: - - recipe[test::config_4] - - name: config_backend_search + - name: config-backend-search run_list: - recipe[test::config_backend_search] - - name: config_acl + - name: config-acl run_list: - recipe[test::config_acl] - - name: config_resolver + - name: config-resolver run_list: - recipe[test::config_resolver] - - name: config_ssl_redirect + - name: config-ssl-redirect run_list: - recipe[test::config_ssl_redirect] - - name: config_custom_template + - name: config-custom-template run_list: - recipe[test::config_custom_template] - - name: config_array + - name: config-array run_list: - recipe[test::config_array] - - name: config_fastcgi + - name: config-fastcgi run_list: - recipe[test::config_fastcgi] diff --git a/libraries/helpers.rb b/libraries/helpers.rb index 570960d3..c21008c0 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Haproxy module Cookbook module Helpers @@ -16,10 +18,16 @@ def pcre_package_name end end + def debian_pcre_package_name + # Debian 13+ (trixie) dropped libpcre3-dev, use libpcre2-dev + # Ubuntu still ships libpcre3-dev, so only check actual Debian + platform?('debian') && platform_version.to_i >= 13 ? 'libpcre2-dev' : 'libpcre3-dev' + end + def source_package_list case node['platform_family'] when 'debian' - %w(libpcre3-dev libssl-dev zlib1g-dev libsystemd-dev) + [debian_pcre_package_name, 'libssl-dev', 'zlib1g-dev', 'libsystemd-dev'] when 'rhel', 'amazon', 'fedora' [pcre_package_name, 'openssl-devel', 'zlib-devel', 'systemd-devel', 'tar'] when 'suse' diff --git a/libraries/resource.rb b/libraries/resource.rb index 9d5f7c90..8f03ef84 100644 --- a/libraries/resource.rb +++ b/libraries/resource.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Haproxy module Cookbook module ResourceHelpers diff --git a/libraries/template.rb b/libraries/template.rb index 7b6d151e..ad3b21b7 100644 --- a/libraries/template.rb +++ b/libraries/template.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Haproxy module Cookbook module TemplateHelpers diff --git a/mise.toml b/mise.toml index 43fe9b0a..c8751336 100644 --- a/mise.toml +++ b/mise.toml @@ -1,2 +1,3 @@ [env] _.path = "/opt/chef-workstation/bin" +KITCHEN_LOCAL_YAML = "kitchen.dokken.yml" diff --git a/resources/acl.rb b/resources/acl.rb index 1a88bcde..6d6b1f8f 100644 --- a/resources/acl.rb +++ b/resources/acl.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_acl + use 'partial/_config_file' property :acl, [String, Array], diff --git a/resources/backend.rb b/resources/backend.rb index 1da26dca..96ebadc7 100644 --- a/resources/backend.rb +++ b/resources/backend.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_backend + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/cache.rb b/resources/cache.rb index 8e7b7d23..63708f0d 100644 --- a/resources/cache.rb +++ b/resources/cache.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_cache + use 'partial/_config_file' property :cache_name, String, diff --git a/resources/config_defaults.rb b/resources/config_defaults.rb index 501880b9..c1b4a6dc 100644 --- a/resources/config_defaults.rb +++ b/resources/config_defaults.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_config_defaults + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/config_global.rb b/resources/config_global.rb index e74f319c..22aac66a 100644 --- a/resources/config_global.rb +++ b/resources/config_global.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_config_global + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/fastcgi.rb b/resources/fastcgi.rb index eb7313e3..2dfebdf5 100644 --- a/resources/fastcgi.rb +++ b/resources/fastcgi.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_fastcgi + use 'partial/_config_file' property :fastcgi, String, diff --git a/resources/frontend.rb b/resources/frontend.rb index 0f2d5ff3..7666a68c 100644 --- a/resources/frontend.rb +++ b/resources/frontend.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_frontend + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/install.rb b/resources/install.rb index 8a7ea896..6bb4298a 100644 --- a/resources/install.rb +++ b/resources/install.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_install + include Haproxy::Cookbook::Helpers use 'partial/_config_file' @@ -31,13 +35,13 @@ # Source property :source_version, String, - default: '2.8.5' + default: '3.2.14' property :source_url, String, default: lazy { "https://www.haproxy.org/download/#{source_version.to_f}/src/haproxy-#{source_version}.tar.gz" } property :source_checksum, String, - default: '3f5459c5a58e0b343a32eaef7ed5bed9d3fc29d8aa9e14b36c92c969fc2a60d9' + default: 'b21f50a790aa8cb0cf8dc505f1f8d849799eafe4d31c14b86a34409ccf4ae5e4' property :source_target_cpu, String, default: lazy { node['kernel']['machine'] } @@ -86,10 +90,6 @@ unified_mode true -action_class do - include Haproxy::Cookbook::ResourceHelpers -end - action_class do include Haproxy::Cookbook::Helpers include Haproxy::Cookbook::ResourceHelpers @@ -99,8 +99,12 @@ def compile_make_boolean(bool) end def pcre_make_flag - # Use PCRE2 for RHEL/CentOS/AlmaLinux/Rocky >= 10, PCRE for < 10 and other platforms - pcre_package_name.include?('pcre2') ? 'USE_PCRE2' : 'USE_PCRE' + # Use PCRE2 for RHEL >= 10 and Debian >= 13, PCRE for older and other platforms + if platform_family?('debian') + debian_pcre_package_name.include?('pcre2') ? 'USE_PCRE2' : 'USE_PCRE' + else + pcre_package_name.include?('pcre2') ? 'USE_PCRE2' : 'USE_PCRE' + end end end diff --git a/resources/listen.rb b/resources/listen.rb index 6eb30d41..895ac459 100644 --- a/resources/listen.rb +++ b/resources/listen.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_listen + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/mailer.rb b/resources/mailer.rb index 0d4b3c7b..fe4dcd40 100644 --- a/resources/mailer.rb +++ b/resources/mailer.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_mailer + use 'partial/_config_file' property :mailer, [String, Array], diff --git a/resources/peer.rb b/resources/peer.rb index c0c27c6b..94d88351 100644 --- a/resources/peer.rb +++ b/resources/peer.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_peer + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/resolver.rb b/resources/resolver.rb index 7eee0458..d2ea7442 100644 --- a/resources/resolver.rb +++ b/resources/resolver.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_resolver + use 'partial/_config_file' use 'partial/_extra_options' diff --git a/resources/service.rb b/resources/service.rb index 014198c2..0991c77b 100644 --- a/resources/service.rb +++ b/resources/service.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_service + include Haproxy::Cookbook::Helpers use 'partial/_config_file' diff --git a/resources/use_backend.rb b/resources/use_backend.rb index 0464043e..ec8ba3ab 100644 --- a/resources/use_backend.rb +++ b/resources/use_backend.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_use_backend + use 'partial/_config_file' property :use_backend, [String, Array], diff --git a/resources/userlist.rb b/resources/userlist.rb index 5e9b2bdb..f1b1e19a 100644 --- a/resources/userlist.rb +++ b/resources/userlist.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +provides :haproxy_userlist + use 'partial/_config_file' property :group, Hash, diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 773d5579..cbf71819 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'chefspec' require 'chefspec/berkshelf' diff --git a/spec/unit/recipes/cache_spec.rb b/spec/unit/resources/cache_spec.rb similarity index 97% rename from spec/unit/recipes/cache_spec.rb rename to spec/unit/resources/cache_spec.rb index 53da0f76..96da7253 100644 --- a/spec/unit/recipes/cache_spec.rb +++ b/spec/unit/resources/cache_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_cache' do diff --git a/spec/unit/recipes/defaults_spec.rb b/spec/unit/resources/defaults_spec.rb similarity index 95% rename from spec/unit/recipes/defaults_spec.rb rename to spec/unit/resources/defaults_spec.rb index 005e6590..d21f2a5e 100644 --- a/spec/unit/recipes/defaults_spec.rb +++ b/spec/unit/resources/defaults_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_config_defaults' do diff --git a/spec/unit/recipes/fastcgi_spec.rb b/spec/unit/resources/fastcgi_spec.rb similarity index 98% rename from spec/unit/recipes/fastcgi_spec.rb rename to spec/unit/resources/fastcgi_spec.rb index 2cef46b2..c61b8ec4 100644 --- a/spec/unit/recipes/fastcgi_spec.rb +++ b/spec/unit/resources/fastcgi_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_fastcgi' do diff --git a/spec/unit/recipes/frontend_backend_spec.rb b/spec/unit/resources/frontend_backend_spec.rb similarity index 97% rename from spec/unit/recipes/frontend_backend_spec.rb rename to spec/unit/resources/frontend_backend_spec.rb index 46199ac8..26b08970 100644 --- a/spec/unit/recipes/frontend_backend_spec.rb +++ b/spec/unit/resources/frontend_backend_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_frontend' do diff --git a/spec/unit/recipes/global_spec.rb b/spec/unit/resources/global_spec.rb similarity index 94% rename from spec/unit/recipes/global_spec.rb rename to spec/unit/resources/global_spec.rb index fd4cc041..680cb391 100644 --- a/spec/unit/recipes/global_spec.rb +++ b/spec/unit/resources/global_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_config_global' do diff --git a/spec/unit/recipes/install_spec.rb b/spec/unit/resources/install_spec.rb similarity index 77% rename from spec/unit/recipes/install_spec.rb rename to spec/unit/resources/install_spec.rb index 8fd354ba..ef71a880 100644 --- a/spec/unit/recipes/install_spec.rb +++ b/spec/unit/resources/install_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_install' do @@ -24,13 +26,27 @@ end end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return('2.8.5') + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') end it { is_expected.to install_package(%w(libpcre3-dev libssl-dev zlib1g-dev libsystemd-dev)) } it { is_expected.not_to install_package('pcre-devel') } end + context 'compile HAProxy on Debian 13 (uses PCRE2)' do + platform 'debian', '13' + + recipe do + haproxy_install 'source' + end + before(:each) do + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') + end + + it { is_expected.to install_package(%w(libpcre2-dev libssl-dev zlib1g-dev libsystemd-dev)) } + it { is_expected.not_to install_package('libpcre3-dev') } + end + context 'compile HAProxy on AlmaLinux 9' do platform 'almalinux', '9' @@ -38,21 +54,21 @@ haproxy_install 'source' end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return('2.8.5') + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') end it { is_expected.to install_package(%w(pcre-devel openssl-devel zlib-devel systemd-devel tar)) } it { is_expected.not_to install_package('pcre2-devel') } end - context 'compile HAProxy on AlmaLinux 10 (uses PCRE2)' do + context 'compile HAProxy on AlmaLinux >= 10 (uses PCRE2)' do platform 'almalinux', '10' recipe do haproxy_install 'source' end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return('2.8.5') + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') end it { is_expected.to install_package(%w(pcre2-devel openssl-devel zlib-devel systemd-devel tar)) } @@ -66,7 +82,7 @@ haproxy_install 'source' end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return('2.8.5') + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') end it { is_expected.to install_package(%w(pcre-devel openssl-devel zlib-devel systemd-devel tar)) } @@ -80,7 +96,7 @@ haproxy_install 'source' end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return('2.8.5') + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return('3.2.14') end it { is_expected.to install_package(%w(pcre-devel openssl-devel zlib-devel systemd-devel tar)) } @@ -96,7 +112,7 @@ end end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return(false) + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return(false) end # When PCRE is disabled, we still install the package (for dependencies) @@ -122,7 +138,7 @@ end end before(:each) do - stub_command('/usr/sbin/haproxy -v | grep 2.8.5').and_return(false) + stub_command('/usr/sbin/haproxy -v | grep 3.2.14').and_return(false) end it 'includes RPATH in the compilation command' do diff --git a/spec/unit/recipes/listen_spec.rb b/spec/unit/resources/listen_spec.rb similarity index 99% rename from spec/unit/recipes/listen_spec.rb rename to spec/unit/resources/listen_spec.rb index ec035307..6fdda2db 100644 --- a/spec/unit/recipes/listen_spec.rb +++ b/spec/unit/resources/listen_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_listen' do diff --git a/spec/unit/recipes/mailer_spec.rb b/spec/unit/resources/mailer_spec.rb similarity index 97% rename from spec/unit/recipes/mailer_spec.rb rename to spec/unit/resources/mailer_spec.rb index 752effde..1fcdc650 100644 --- a/spec/unit/recipes/mailer_spec.rb +++ b/spec/unit/resources/mailer_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_mailer' do diff --git a/spec/unit/recipes/peer_spec.rb b/spec/unit/resources/peer_spec.rb similarity index 97% rename from spec/unit/recipes/peer_spec.rb rename to spec/unit/resources/peer_spec.rb index d146ba61..ec994122 100644 --- a/spec/unit/recipes/peer_spec.rb +++ b/spec/unit/resources/peer_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'haproxy_peer' do diff --git a/test/cookbooks/test/recipes/default.rb b/test/cookbooks/test/recipes/default.rb new file mode 100644 index 00000000..85dbd814 --- /dev/null +++ b/test/cookbooks/test/recipes/default.rb @@ -0,0 +1,20 @@ +apt_update + +haproxy_install 'package' + +haproxy_config_global '' + +haproxy_config_defaults '' + +haproxy_frontend 'http-in' do + default_backend 'servers' +end + +haproxy_backend 'servers' do + server ['server1 127.0.0.1:8000 maxconn 32'] + notifies :restart, 'haproxy_service[haproxy]', :immediately +end + +haproxy_service 'haproxy' do + action %i(create enable start) +end diff --git a/test/cookbooks/test/recipes/source_24.rb b/test/cookbooks/test/recipes/source_24.rb deleted file mode 100644 index b9efc2cb..00000000 --- a/test/cookbooks/test/recipes/source_24.rb +++ /dev/null @@ -1,24 +0,0 @@ -# renovate: datasource=endoflife-date depName=haproxy versioning=semver -version = '2.4.25' - -haproxy_install 'source' do - source_url "https://www.haproxy.org/download/#{version.to_f}/src/haproxy-#{version}.tar.gz" - source_checksum '44b035bdc9ffd4935f5292c2dfd4a1596c048dc59c5b25a0c6d7689d64f50b99' - source_version version - use_libcrypt true - use_pcre true - use_openssl true - use_zlib true - use_promex true - use_linux_tproxy true - use_linux_splice true -end - -haproxy_config_global '' - -haproxy_config_defaults '' - -haproxy_service 'haproxy' do - action :create - delayed_action %i(enable start) -end diff --git a/test/cookbooks/test/recipes/source_26.rb b/test/cookbooks/test/recipes/source_26.rb deleted file mode 100644 index 906ee393..00000000 --- a/test/cookbooks/test/recipes/source_26.rb +++ /dev/null @@ -1,22 +0,0 @@ -# renovate: datasource=endoflife-date depName=haproxy versioning=semver -version = '2.6.16' - -haproxy_install 'source' do - source_url "https://www.haproxy.org/download/#{version.to_f}/src/haproxy-#{version}.tar.gz" - source_checksum 'faac6f9564caf6e106fe22c77a1fb35406afc8cd484c35c2c844aaf0d7a097fb' - source_version version - use_libcrypt true - use_pcre true - use_openssl true - use_zlib true - use_linux_tproxy true - use_linux_splice true -end - -haproxy_config_global '' - -haproxy_config_defaults '' - -haproxy_service 'haproxy' do - action %i(create enable start) -end diff --git a/test/cookbooks/test/recipes/source_28.rb b/test/cookbooks/test/recipes/source_28.rb index 5ca0d236..2c41f94f 100644 --- a/test/cookbooks/test/recipes/source_28.rb +++ b/test/cookbooks/test/recipes/source_28.rb @@ -1,9 +1,11 @@ +apt_update + # renovate: datasource=endoflife-date depName=haproxy versioning=semver -version = '2.8.5' +version = '3.2.14' haproxy_install 'source' do source_url "https://www.haproxy.org/download/#{version.to_f}/src/haproxy-#{version}.tar.gz" - source_checksum '3f5459c5a58e0b343a32eaef7ed5bed9d3fc29d8aa9e14b36c92c969fc2a60d9' + source_checksum 'b21f50a790aa8cb0cf8dc505f1f8d849799eafe4d31c14b86a34409ccf4ae5e4' source_version version use_libcrypt true use_pcre true diff --git a/test/cookbooks/test/recipes/source_lua.rb b/test/cookbooks/test/recipes/source_lua.rb index 4e6284c7..aaf57517 100644 --- a/test/cookbooks/test/recipes/source_lua.rb +++ b/test/cookbooks/test/recipes/source_lua.rb @@ -1,3 +1,5 @@ +apt_update + build_essential 'compilation tools' # install lua dependencies diff --git a/test/cookbooks/test/recipes/source_openssl.rb b/test/cookbooks/test/recipes/source_openssl.rb index 78bffc8b..bdc9613c 100644 --- a/test/cookbooks/test/recipes/source_openssl.rb +++ b/test/cookbooks/test/recipes/source_openssl.rb @@ -1,11 +1,21 @@ -build_essential 'compilation tools' - -# package %w(build-essential zlib1g-dev) if platform_family?('debian') +apt_update -# Install perl modules for OpenSSL configure script on RHEL/CentOS >= 10 -package %w(perl-FindBin perl-lib perl-File-Compare perl-File-Copy perl-IPC-Cmd perl-Pod-Html) if platform_family?('rhel', 'fedora') && node['platform_version'].to_i >= 10 +build_essential 'compilation tools' -# package %w(make gcc perl pcre-devel zlib-devel perl-core) if platform_family?('rhel') +# Install dependencies needed by OpenSSL Configure and compilation +case node['platform_family'] +when 'rhel', 'fedora' + if node['platform_version'].to_i >= 9 + package %w(perl-FindBin perl-lib perl-File-Compare perl-File-Copy perl-IPC-Cmd perl-Pod-Html perl-Time-Piece) + else + # EL8 bundles perl modules in perl-core, individual packages don't exist + package %w(perl-core perl-IPC-Cmd) + end +when 'debian' + package %w(perl zlib1g-dev) +when 'suse' + package %w(perl zlib-devel) +end # override environment variable ruby_block 'Pre-load OpenSSL path' do @@ -14,12 +24,12 @@ end end -openssl_version = '3.2.1' +openssl_version = '3.5.5' # download openssl remote_file "#{Chef::Config[:file_cache_path]}/openssl-#{openssl_version}.tar.gz" do - source "https://www.openssl.org/source/openssl-#{openssl_version}.tar.gz" - checksum '83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39' + source "https://github.com/openssl/openssl/releases/download/openssl-#{openssl_version}/openssl-#{openssl_version}.tar.gz" + checksum 'b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89' end # extract openssl diff --git a/test/cookbooks/test/recipes/source_28_pcre2.rb b/test/cookbooks/test/recipes/source_pcre2.rb similarity index 72% rename from test/cookbooks/test/recipes/source_28_pcre2.rb rename to test/cookbooks/test/recipes/source_pcre2.rb index b8cbddb4..74fb7769 100644 --- a/test/cookbooks/test/recipes/source_28_pcre2.rb +++ b/test/cookbooks/test/recipes/source_pcre2.rb @@ -1,9 +1,12 @@ -version = '2.8.5' +apt_update + +# renovate: datasource=endoflife-date depName=haproxy versioning=semver +version = '3.2.14' # Test recipe for RHEL/CentOS platforms version 10 and above (uses PCRE2) haproxy_install 'source' do source_url "https://www.haproxy.org/download/#{version.to_f}/src/haproxy-#{version}.tar.gz" - source_checksum '3f5459c5a58e0b343a32eaef7ed5bed9d3fc29d8aa9e14b36c92c969fc2a60d9' + source_checksum 'b21f50a790aa8cb0cf8dc505f1f8d849799eafe4d31c14b86a34409ccf4ae5e4' source_version version # Rely on auto-detection for PCRE2 on RHEL >= 10 use_libcrypt true diff --git a/test/integration/source_2.6/controls/source_spec.rb b/test/integration/default/controls/default_spec.rb similarity index 100% rename from test/integration/source_2.6/controls/source_spec.rb rename to test/integration/default/controls/default_spec.rb diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml new file mode 100644 index 00000000..ae4bad9e --- /dev/null +++ b/test/integration/default/inspec.yml @@ -0,0 +1,9 @@ +--- +name: haproxy-default +title: HAProxy Default Suite +summary: HAProxy default tests using package installation +supports: + - os-family: linux +depends: + - name: haproxy-common + path: test/integration/common diff --git a/test/integration/source_2.4/controls/source_spec.rb b/test/integration/source_2.4/controls/source_spec.rb deleted file mode 100644 index 77ff540e..00000000 --- a/test/integration/source_2.4/controls/source_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -include_controls 'haproxy-common' - -describe command('haproxy -vv') do - its('stdout') { should match(/Built with the Prometheus exporter as a service/) } -end diff --git a/test/integration/source_2.4/inspec.yml b/test/integration/source_2.4/inspec.yml deleted file mode 100644 index 5f9adb80..00000000 --- a/test/integration/source_2.4/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: haproxy-source-2.4 -title: HAProxy Source Suite -summary: HAProxy tests using example configuration -supports: - - os-family: linux - - os-family: bsd -depends: - - name: haproxy-common - path: test/integration/common diff --git a/test/integration/source_2.6/inspec.yml b/test/integration/source_2.6/inspec.yml deleted file mode 100644 index 6c094f54..00000000 --- a/test/integration/source_2.6/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: haproxy-source-2.6 -title: HAProxy Source Suite -summary: HAProxy tests using example configuration -supports: - - os-family: linux - - os-family: bsd -depends: - - name: haproxy-common - path: test/integration/common diff --git a/test/integration/source_2.9/controls/source_spec.rb b/test/integration/source_2.9/controls/source_spec.rb deleted file mode 100644 index 67a82c01..00000000 --- a/test/integration/source_2.9/controls/source_spec.rb +++ /dev/null @@ -1 +0,0 @@ -include_controls 'haproxy-common' diff --git a/test/integration/source_2.9/inspec.yml b/test/integration/source_2.9/inspec.yml deleted file mode 100644 index fa522a8d..00000000 --- a/test/integration/source_2.9/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: haproxy-source-2.9 -title: HAProxy Source Suite -summary: HAProxy tests using example configuration -supports: - - os-family: linux - - os-family: bsd -depends: - - name: haproxy-common - path: test/integration/common diff --git a/test/integration/source_openssl/controls/openssl_spec.rb b/test/integration/source_openssl/controls/openssl_spec.rb index 29ec3a52..7ed70339 100644 --- a/test/integration/source_openssl/controls/openssl_spec.rb +++ b/test/integration/source_openssl/controls/openssl_spec.rb @@ -1,5 +1,3 @@ -include_controls 'haproxy-common' - describe file '/usr/bin/openssl' do it { should exist } end @@ -9,5 +7,5 @@ end describe command('haproxy -vv') do - its('stdout') { should match(/OpenSSL version : OpenSSL 3.2.1/) } + its('stdout') { should match(/OpenSSL version : OpenSSL 3.5.5/) } end diff --git a/test/integration/source_openssl/inspec.yml b/test/integration/source_openssl/inspec.yml index ae510e42..a9ca57e8 100644 --- a/test/integration/source_openssl/inspec.yml +++ b/test/integration/source_openssl/inspec.yml @@ -5,6 +5,4 @@ summary: HAProxy tests using example configuration supports: - os-family: linux - os-family: bsd -depends: - - name: haproxy-common - path: test/integration/common +depends: []