chore: add current provisioning state before migration

taskservs/proxy/default/env-proxy.j2

@@ -0,0 +1,9 @@
+PROXY_VERSION="{{taskserv.proxy_version}}"
+PROXY_RUN_MODE=local
+PROXY_SYSTEMCTL_MODE=enabled
+PROXY_ETC_PATH=/etc/haproxy
+PROXY_CONFIG_FILE={{taskserv.proxy_cfg_file}}
+PROXY_LIB={{taskserv.proxy_lib}}
+PROXY_RUN_USER={{taskserv.run_user}}
+PROXY_RUN_GROUP={{taskserv.run_group}}
+PROXY_RUN_USER_HOME={{taskserv.run_user_home}}

taskservs/proxy/default/errors/400.http

@@ -0,0 +1,9 @@
+HTTP/1.0 400 Bad request
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>400 Bad request</h1>
+Your browser sent an invalid request.
+</body></html>
+

taskservs/proxy/default/errors/403.http

@@ -0,0 +1,9 @@
+HTTP/1.0 403 Forbidden
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>403 Forbidden</h1>
+Request forbidden by administrative rules.
+</body></html>
+

taskservs/proxy/default/errors/408.http

@@ -0,0 +1,9 @@
+HTTP/1.0 408 Request Time-out
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>408 Request Time-out</h1>
+Your browser didn't send a complete request in time.
+</body></html>
+

taskservs/proxy/default/errors/500.http

@@ -0,0 +1,9 @@
+HTTP/1.0 500 Internal Server Error
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>500 Internal Server Error</h1>
+An internal server error occurred.
+</body></html>
+

taskservs/proxy/default/errors/502.http

@@ -0,0 +1,9 @@
+HTTP/1.0 502 Bad Gateway
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>502 Bad Gateway</h1>
+The server returned an invalid or incomplete response.
+</body></html>
+

taskservs/proxy/default/errors/503.http

@@ -0,0 +1,9 @@
+HTTP/1.0 503 Service Unavailable
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>503 Service Unavailable</h1>
+No server is available to handle this request.
+</body></html>
+

taskservs/proxy/default/errors/504.http

@@ -0,0 +1,9 @@
+HTTP/1.0 504 Gateway Time-out
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>504 Gateway Time-out</h1>
+The server didn't respond in time.
+</body></html>
+

taskservs/proxy/default/haproxy.cfg.j2

@@ -0,0 +1,79 @@
+{%- if server %} 
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user {{taskserv.run_user}}
+	group {{taskserv.run_group}}
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+    timeout connect 5000
+    timeout client  50000
+    timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+frontend https-in
+{%- for bind in taskserv.https_in_binds %} 
+  {%- if bind.ip == "$network_private_ip" %}
+  bind {{server.network_private_ip}}:{{bind.port}}
+  {%- elif bind.ip == "$network_public_ip" and settings[server_pos] and settings[server_pos].ip_addresses.pub %}
+  bind {{settings[server_pos].ip_addresses.pub}}:{{bind.port}}
+  {%- elif bind.ip == "$network_internal_ip" and settings[server_pos] and settings[server_pos].ip_addresses.int %}
+  bind {{settings[server_pos].ip_addresses.int}}:{{bind.port}}
+  {%- elif bind.ip != "$network_internal_ip" %}
+  bind {{bind.ip}}:{{bind.port}}
+  {%- endif %}
+{%- endfor %}
+  mode tcp
+{%- for option in taskserv.https_options %} 
+  option {{option}}
+{%- endfor %}
+  #option tcplog
+  #option dontlognull
+  #log-format "%H %ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
+  log-format "{{taskserv.https_log_format}}"
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req_ssl_hello_type 1 }
+{%- for backend in taskserv.backends %} 
+  use_backend {{backend.name}} if { req_ssl_sni -i {{backend.ssl_sni}} }
+{%- endfor %}
+
+{%- for backend in taskserv.backends %} 
+backend {{backend.name}} 
+  mode {{backend.mode}} 
+  balance {{backend.balance}} 
+  option {{backend.option}} 
+  {% if backend.server_host_ip == "$network_private_ip" -%}
+  server {{backend.server_name}} {{server.network_private_ip}}:{{backend.server_port}} {{backend.server_ops}} 
+  {%- elif backend.server_host_ip == "$network_public_ip" and settings[server_pos] and settings[server_pos].ip_addresses.pub -%}
+  server {{backend.server_name}} {{settings[server_pos].ip_addresses.pub}}:{{backend.server_port}} {{backend.server_ops}} 
+  {%- elif backend.server_host_ip == "$network_internal_ip" and settings[server_pos] and settings[server_pos].ip_addresses.int -%}
+  server {{backend.server_name}} {{settings[server_pos].ip_addresses.int}}:{{backend.server_port}} {{backend.server_ops}} 
+  {%- else -%}
+  server {{backend.server_name}} {{backend.server_host_ip}}:{{backend.server_port}} {{backend.server_ops}} 
+  {%- endif %}
+{%- endfor %}
+
+{%- endif %}

taskservs/proxy/default/install-proxy.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+# Info: Script to install proxy
+# Author: JesusPerezLorenzo  
+# Release: 1.0 
+# Date: 12-12-2023
+
+USAGE="install-proxy.sh "
+[ "$1" == "-h"  ] && echo "$USAGE"  && exit 1
+
+[ -r "global.sh" ] && . ./global.sh
+[ -r "env-proxy" ] && . ./env-proxy
+
+VERSION=${PROXY_VERSION:-2.9}
+
+CMD_TSKSRVC=${1:-install}
+
+PROXY_RUN_USER=${PROXY_RUN_USER:-haproxy}
+PROXY_RUN_GROUP=${PROXY_RUN_GROUP:-haproxy}
+PROXY_RUN_USER_HOME="${PROXY_RUN_USER_HOME:-/home/haproxy}" 
+
+export LC_CTYPE=C.UTF-8 
+export LANG=C.UTF-8
+
+_init() {
+  [ -z "$VERSION" ] && exit 1
+  curr_vers=$(haproxy -v 2>/dev/null | grep HA-Proxy | cut -f3 -d" " | cut -f1-2 -d".")
+  [ "$curr_vers" == "$VERSION" ] && return
+   curl -s https://haproxy.debian.net/bernat.debian.org.gpg \
+      | sudo gpg --dearmor | sudo tee /usr/share/keyrings/haproxy.debian.net.gpg >/dev/null
+  sudo echo deb "[signed-by=/usr/share/keyrings/haproxy.debian.net.gpg]" \
+      http://haproxy.debian.net bookworm-backports-${VERSION} main \
+  #     > /etc/apt/sources.list.d/haproxy.list
+  #sudo add-apt-repository -y ppa:vbernat/haproxy-${VERSION}
+  #local codename=$(grep VERSION_CODENAME /etc/os-release | cut -f2 -d"=" ) 
+  #if [ "$codename"  == "bookworm" ] ; then 
+  #  su -c 'echo "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";" > /etc/apt/apt.conf.d/no-bookworm-firmware.conf'
+  #fi
+  # Create the file repository configuration:
+  # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split
+  sudo DEBIAN_FRONTEND=noninteractive apt-get update 
+  # sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
+  #sudo DEBIAN_FRONTEND=noninteractive apt install -y haproxy=${VERSION}.\\* >/dev/null 2>&1 
+  sudo DEBIAN_FRONTEND=noninteractive apt install -y haproxy >/dev/null 2>&1 
+}
+
+_config_proxy() {
+  # started via /etc/rc2.d/S01haproxy
+  # if not user/group haproxy created
+  local has_user=""
+  has_user=$(grep "$PROXY_RUN_USER" /etc/passwd)
+  if [ -z "$has_user" ] ; then 
+	  sudo adduser \
+			--system \
+			--shell /bin/bash \
+			--gecos 'Haproxy' \
+			--group \
+			--disabled-password \
+			--home /home/haproxy \
+			"${PROXY_RUN_USER}"
+  fi
+  if [ ! -d "$PROXY_RUN_USER_HOME" ] ; then
+    sudo mkdir -p "$PROXY_RUN_USER_HOME"
+		sudo chown -R "$PROXY_RUN_USER":"$PROXY_RUN_GROUP" "$PROXY_RUN_USER_HOME"
+	fi
+  [ -d "errors" ] && sudo cp -pr errors ${PROXY_ETC_PATH} && sudo chown "${PROXY_RUN_USER}:${PROXY_RUN_GROUP}" "${PROXY_ETC_PATH}"/errors
+  [ -r "haproxy.cfg" ] && sudo cp haproxy.cfg "$PROXY_ETC_PATH/$PROXY_CONFIG_FILE" && sudo chown "${PROXY_RUN_USER}:${PROXY_RUN_GROUP}" "$PROXY_ETC_PATH/$PROXY_CONFIG_FILE"
+}
+
+_stop_proxy() {
+  sudo timeout -k 10 20 systemctl stop haproxy >/dev/null 2>&1
+  sudo timeout -k 10 20 systemctl disable haproxy >/dev/null 2>&1
+}
+
+_remove_proxy() {
+  sudo timeout -k 10 20 systemctl stop haproxy  >/dev/null 2>&1
+  sudo timeout -k 10 20 systemctl disable haproxy >/dev/null 2>&1
+  sudo apt remove -y haproxy
+}
+
+_start_proxy() {
+  sudo timeout -k 10 20 systemctl enable haproxy >/dev/null 2>&1
+  sudo timeout -k 10 20 systemctl restart haproxy >/dev/null 2>&1
+}
+
+_restart_proxy() {
+  sudo timeout -k 10 20 systemctl restart haproxy.service >/dev/null 2>&1
+  sudo timeout -k 10 20 systemctl status haproxy.service >/dev/null 2>&1
+}
+
+if [ "$CMD_TSKSRVC" == "remove" ] ; then
+  _remove_proxy
+  exit
+fi
+if ! _init ; then
+  echo "error proxy init"
+  exit 1
+fi
+[ "$CMD_TSKSRVC"  == "update" ] &&  _restart_proxy && exit 0
+if ! _config_proxy ; then 
+  echo "error proxy config"
+  exit 1
+fi
+if ! _start_proxy ; then 
+  echo "error proxy start"
+  exit 1
+fi
+exit 0