feat: modernise cookbook structure and ChefSpec

.github/workflows/ci.yml

@@ -18,36 +18,26 @@ jobs:
 
   integration:
     needs: lint-unit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         os:
-          - "debian-11"
-          - "debian-12"
-          - "ubuntu-2004"
-          - "ubuntu-2204"
+          - "fedora-latest"
+          - "almalinux-9"
+          - "almalinux-10"
           - "centos-stream-9"
           - "centos-stream-10"
-          - "fedora-latest"
+          - "debian-12"
+          - "debian-13"
+          - "opensuse-leap-15"
+          - "ubuntu-2204"
+          - "ubuntu-2404"
         suite:
-          - config-2
-          # - config-3
-          - config-acl
-          - config-array
-          - config-backend-search
-          - config-custom-template
-          - config-fastcgi
-          - config-resolver
-          - config-ssl-redirect
+          - "default"
           - "package"
-          - "source-24"
-          - "source-26"
           - "source-28"
-          - "source-lua"
           - "source-default"
-          # - "source-openssl"
-          # OpenSSSL libraries are not currently compiling correctly
-          # see https://github.com/sous-chefs/haproxy/issues/503
+          - "source-openssl"
       fail-fast: false
 
     steps:
@@ -72,9 +62,8 @@ jobs:
         os:
           - "amazonlinux-2023"
         suite:
+          - "default"
           - "package"
-          - "source-24"
-          - "source-26"
           - "source-28"
           - "source-default"
       fail-fast: false
@@ -83,23 +72,23 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v6
       - name: Install Chef
-        uses: actionshub/chef-install@6.0.0
+        uses: actionshub/chef-install@main
       - name: Dokken
-        uses: actionshub/test-kitchen@3.0.0
+        uses: actionshub/test-kitchen@main
         env:
           CHEF_LICENSE: accept-no-persist
           KITCHEN_LOCAL_YAML: kitchen.dokken.yml
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
 
-  lua_test:
+  lua-test:
     needs: lint-unit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         os:
-          - "centos-stream-9"
+          - "centos-stream-10"
         suite:
           - "source-lua"
       fail-fast: false
@@ -108,43 +97,41 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v6
       - name: Install Chef
-        uses: actionshub/chef-install@6.0.0
+        uses: actionshub/chef-install@main
       - name: Dokken
-        uses: actionshub/test-kitchen@3.0.0
+        uses: actionshub/test-kitchen@main
         env:
           CHEF_LICENSE: accept-no-persist
           KITCHEN_LOCAL_YAML: kitchen.dokken.yml
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
 
-  configtest:
+  config-test:
     needs: lint-unit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         os:
-          - "centos-stream-9"
+          - "centos-stream-10"
         suite:
           - "config-2"
-          # - "config-3"
-          - "config-backend-search"
           - "config-acl"
-          - "config-resolver"
-          - "config-ssl-redirect"
-          - "config-custom-template"
-          - "config-custom-template"
           - "config-array"
+          - "config-backend-search"
+          - "config-custom-template"
           - "config-fastcgi"
+          - "config-resolver"
+          - "config-ssl-redirect"
       fail-fast: false
 
     steps:
       - name: Check out code
         uses: actions/checkout@v6
       - name: Install Chef
-        uses: actionshub/chef-install@6.0.0
+        uses: actionshub/chef-install@main
       - name: Dokken
-        uses: actionshub/test-kitchen@3.0.0
+        uses: actionshub/test-kitchen@main
         env:
           CHEF_LICENSE: accept-no-persist
           KITCHEN_LOCAL_YAML: kitchen.dokken.yml

Berksfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://supermarket.chef.io'
 
 metadata

LIMITATIONS.md

@@ -0,0 +1,72 @@
+# Limitations
+
+## Package Availability
+
+HAProxy is available as a package on all major Linux distributions. The version
+available depends on the distribution release.
+
+### APT (Debian/Ubuntu)
+
+- **Debian 11 (Bullseye)**: HAProxy 2.2 (default), 2.4–2.8 via haproxy.debian.net
+- **Debian 12 (Bookworm)**: HAProxy 2.6 (default), 2.8–3.0 via haproxy.debian.net
+- **Ubuntu 20.04 (Focal)**: HAProxy 2.0 (default), newer via PPA `ppa:vbernat/haproxy-X.Y`
+- **Ubuntu 22.04 (Jammy)**: HAProxy 2.4 (default), newer via PPA
+- **Ubuntu 24.04 (Noble)**: HAProxy 2.8 (default), newer via PPA
+
+Architectures: amd64, arm64, i386 (varies by release).
+
+### DNF/YUM (RHEL family)
+
+- **RHEL 8 / AlmaLinux 8 / Rocky 8 / Oracle 8**: HAProxy 1.8 (base), newer via EPEL or AppStream
+- **RHEL 9 / AlmaLinux 9 / Rocky 9 / Oracle 9**: HAProxy 2.4 (AppStream)
+- **AlmaLinux 10 / CentOS Stream 10**: HAProxy 3.0+ (AppStream)
+- **CentOS Stream 9**: HAProxy 2.4 (AppStream)
+- **Amazon Linux 2023**: HAProxy 2.8 (default repos)
+- **Fedora**: Latest stable (default repos)
+
+Architectures: x86_64, aarch64.
+
+EPEL is required for RHEL-family platforms when the base/AppStream version is insufficient.
+The `yum-epel` cookbook dependency handles this.
+
+### Zypper (SUSE)
+
+- **openSUSE Leap 15**: HAProxy 2.x (default repos)
+
+Architectures: x86_64.
+
+## Source/Compiled Installation
+
+HAProxy can be compiled from source on all supported platforms. The cookbook supports
+source installation with configurable version, build flags, and optional features
+(Lua, OpenSSL, PCRE, Prometheus exporter).
+
+### Build Dependencies
+
+| Platform Family | Packages                                                              |
+|-----------------|-----------------------------------------------------------------------|
+| Debian          | build-essential, libpcre3-dev, libssl-dev, zlib1g-dev, libsystemd-dev |
+| RHEL (< 10)     | pcre-devel, openssl-devel, zlib-devel, systemd-devel, tar             |
+| RHEL (>= 10)    | pcre2-devel, openssl-devel, zlib-devel, systemd-devel, tar            |
+| SUSE            | pcre-devel, libopenssl-devel, zlib-devel, systemd-devel               |
+
+### Optional Build Dependencies
+
+| Feature   | Debian              | RHEL           |
+|-----------|---------------------|----------------|
+| Lua       | liblua5.3-dev       | lua-devel      |
+| OpenSSL 3 | libssl-dev (>= 3.0) | openssl3-devel |
+
+## Architecture Limitations
+
+- All platforms provide amd64/x86_64 packages
+- arm64/aarch64 packages available on Debian 11+, Ubuntu 20.04+, RHEL 9+
+- Source compilation works on all architectures with appropriate cross-compiler
+
+## Known Issues
+
+- PCRE1 (`pcre-devel`) is deprecated on RHEL/CentOS/AlmaLinux/Rocky >= 10; the cookbook
+  automatically selects PCRE2 (`pcre2-devel`) on those platforms
+- IUS repository support is limited to RHEL 6/7 (both EOL) and should be considered deprecated
+- OpenSSL source compilation has known issues (see [#503](https://github.com/sous-chefs/haproxy/issues/503))
+- The `haproxy-systemd-wrapper` binary is only used for HAProxy versions < 1.8

kitchen.dokken.yml

@@ -1,3 +1,4 @@
+---
 driver:
   name: dokken
   privileged: true
@@ -47,6 +48,11 @@ platforms:
       image: dokken/debian-12
       pid_one_command: /bin/systemd
 
+  - name: debian-13
+    driver:
+      image: dokken/debian-13
+      pid_one_command: /usr/lib/systemd/systemd
+
   - name: fedora-latest
     driver:
       image: dokken/fedora-latest

kitchen.yml

@@ -3,76 +3,92 @@ driver:
   name: vagrant
 
 provisioner:
-  name: chef_zero
-  deprecations_as_errors: true
-  chef_license: accept
+  name: chef_infra
   product_name: chef
   product_version: <%= ENV['CHEF_VERSION'] || 'latest' %>
-  install_strategy: always
+  channel: stable
+  chef_license: accept
+  deprecations_as_errors: true
   log_level: <%= ENV['CHEF_LOG_LEVEL'] || 'auto' %>
 
 verifier:
   name: inspec
 
 platforms:
   - name: amazonlinux-2023
-  - name: centos-stream-8
+  - name: fedora-latest
+  - name: almalinux-9
+  - name: almalinux-10
   - name: centos-stream-9
-  - name: debian-11
+  - name: centos-stream-10
   - name: debian-12
-  - name: ubuntu-20.04
+  - name: debian-13
   - name: ubuntu-22.04
-  - name: fedora-latest
+  - name: ubuntu-24.04
+  - name: opensuse-leap-15
+
+# Reusable YAML anchors for run_lists
+x-run_lists:
+  default: &default_run_list
+    - recipe[test::default]
+  package: &package_run_list
+    - recipe[test::package]
+
+# Reusable YAML anchors for verifiers
+x-verifiers:
+  default: &default_verifier
+    inspec_tests:
+      - path: test/integration/default
+  package: &package_verifier
+    inspec_tests:
+      - path: test/integration/package
 
 suites:
+  - name: default
+    run_list: *default_run_list
+    verifier: *default_verifier
   - name: package
-    run_list:
-      - recipe[test::package]
-  - name: source-2.4
-    run_list:
-      - recipe[test::source_24]
-  - name: source_2.6
-    run_list:
-      - recipe[test::source_26]
-  - name: source_2.8
+    run_list: *package_run_list
+    verifier: *package_verifier
+  - name: source-2.8
     run_list:
       - recipe[test::source_28]
-  - name: source_default
+  - name: source-default
     run_list:
       - recipe[test::source]
-  - name: source_lua
+  - name: source-lua
     run_list:
       - recipe[test::source_lua]
-  - name: source_openssl
+  - name: source-openssl
     run_list:
       - recipe[test::source_openssl]
-  - name: config_2
+    verifier:
+      inspec_tests:
+        - path: test/integration/source_openssl
+  - name: config-2
     run_list:
       - recipe[test::config_2]
-  - name: config_3
+  - name: config-3
     run_list:
       - recipe[test::config_3]
-  - name: config_4
-    run_list:
-      - recipe[test::config_4]
-  - name: config_backend_search
+  - name: config-backend-search
     run_list:
       - recipe[test::config_backend_search]
-  - name: config_acl
+  - name: config-acl
     run_list:
       - recipe[test::config_acl]
-  - name: config_resolver
+  - name: config-resolver
     run_list:
       - recipe[test::config_resolver]
-  - name: config_ssl_redirect
+  - name: config-ssl-redirect
     run_list:
       - recipe[test::config_ssl_redirect]
-  - name: config_custom_template
+  - name: config-custom-template
     run_list:
       - recipe[test::config_custom_template]
-  - name: config_array
+  - name: config-array
     run_list:
       - recipe[test::config_array]
-  - name: config_fastcgi
+  - name: config-fastcgi
     run_list:
       - recipe[test::config_fastcgi]

libraries/helpers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Haproxy
   module Cookbook
     module Helpers
@@ -16,10 +18,16 @@ def pcre_package_name
         end
       end
 
+      def debian_pcre_package_name
+        # Debian 13+ (trixie) dropped libpcre3-dev, use libpcre2-dev
+        # Ubuntu still ships libpcre3-dev, so only check actual Debian
+        platform?('debian') && platform_version.to_i >= 13 ? 'libpcre2-dev' : 'libpcre3-dev'
+      end
+
       def source_package_list
         case node['platform_family']
         when 'debian'
-          %w(libpcre3-dev libssl-dev zlib1g-dev libsystemd-dev)
+          [debian_pcre_package_name, 'libssl-dev', 'zlib1g-dev', 'libsystemd-dev']
         when 'rhel', 'amazon', 'fedora'
           [pcre_package_name, 'openssl-devel', 'zlib-devel', 'systemd-devel', 'tar']
         when 'suse'

libraries/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Haproxy
   module Cookbook
     module ResourceHelpers

libraries/template.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Haproxy
   module Cookbook
     module TemplateHelpers