Add Debian Support for HAProxy role

Signed-off-by: Norman Ziegner <[email protected]>

.github/workflows/haproxy.yml

@@ -42,6 +42,9 @@ jobs:
         image:
           - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
           - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+          - "ghcr.io/hifis-net/debian-systemd:10"
+          - "ghcr.io/hifis-net/debian-systemd:11"
+          - "ghcr.io/hifis-net/debian-systemd:12"
 
     steps:
       - name: "Check out the codebase."

molecule/haproxy/prepare.yml

@@ -14,6 +14,7 @@
           - "iproute2"                    # for gathering network facts
           - "gnupg2"                      # for use with "apt-key export"
           - "software-properties-common"  # for use with "apt-repository"
+          - "python3-debian"
           - "python3-cryptography"        # for use with openssl modules
           - "python3-openssl"             # for use to create p12 files
         update_cache: true

roles/haproxy/README.md

@@ -16,13 +16,16 @@ Currently [supported platforms](meta/main.yml) are:
 
 - Ubuntu 22.04 LTS
 - Ubuntu 20.04 LTS
+- Debian 10 (Buster)
+- Debian 11 (Bullseye)
+- Debian 12 (Bookworm)
 
 This role is tested against the two latest LTS versions of HAProxy.
 Currently, this results in official support for the HAProxy release series:
 
-- `2.8`
+- `2.8` (not supported on Debian 10)
 - `2.6`
-- `2.4`
+- `2.4` (not supported on Debian 12)
 
 Other versions are known to work as well but are not automatically tested.
 

roles/haproxy/tasks/main.yml

@@ -14,6 +14,12 @@
     success_msg: "All mandatory variables are set."
   when: "haproxy_config_template == 'haproxy.cfg.j2'"
 
+- name: "Stop role for unsupported HAProxy / Debian combinations"
+  ansible.builtin.meta: "end_host"
+  when: >-
+    ansible_facts.distribution_release | lower == 'bookworm' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.4', '==') or
+    ansible_facts.distribution_release | lower == 'buster' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.8', '==')
+
 - name: "Enable ip_forward."
   become: true
   ansible.posix.sysctl:
@@ -39,15 +45,31 @@
     state: "present"
     update_cache: true
 
+- name: "Add HAProxy Debian repository"
+  when: "ansible_facts.distribution == 'Debian'"
+  become: true
+  ansible.builtin.deb822_repository:
+    name: "haproxy"
+    types: "deb"
+    uris: "http://haproxy.debian.net"
+    suites: "{{ ansible_facts.distribution_release | lower }}-backports-{{ haproxy_version | regex_search('\\d+\\.\\d+') }}"
+    components: "main"
+    signed_by: "https://haproxy.debian.net/bernat.debian.org.gpg"
+    state: "present"
+    enabled: true
+  register: "deb_repo"
+
 - name: "Add PPA for HAProxy"
+  when:
+    - "ansible_facts.distribution == 'Ubuntu'"
+    - "haproxy_ppa_version | length > 0"
   become: true
   ansible.builtin.apt_repository:
     repo: "{{ haproxy_ppa_version }}"
     state: "present"
     validate_certs: true
     mode: "0644"
   register: "ppa"
-  when: "haproxy_ppa_version | length > 0"
 
 - name: "Check whether wildcard character is contained in version string."
   ansible.builtin.set_fact:
@@ -81,7 +103,7 @@
 
 - name: "Determine if errors in check mode can be ignored"
   ansible.builtin.set_fact:
-    ignore_errors_in_check_mode: "{{ ansible_check_mode and ppa.changed }}"
+    ignore_errors_in_check_mode: "{{ ansible_check_mode and (ppa.changed or deb_repo.changed) }}"
 
 - name: "Install and configure HAProxy"
   ignore_errors: "{{ ignore_errors_in_check_mode }}"  # noqa ignore-errors