2023-04-16 00:27:24 +00:00
|
|
|
---
|
|
|
|
- name: Gather packages
|
|
|
|
package_facts:
|
|
|
|
manager: auto
|
|
|
|
|
|
|
|
- name: Set fact about HAProxy package
|
|
|
|
set_fact:
|
|
|
|
haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}"
|
|
|
|
when: haproxy_package_name in ansible_facts.packages
|
|
|
|
|
|
|
|
- name: Print installed HAProxy version
|
|
|
|
debug:
|
|
|
|
msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}"
|
|
|
|
verbosity: 2
|
|
|
|
when: haproxy_installed_package is defined
|
|
|
|
|
2024-05-16 15:20:18 +00:00
|
|
|
- name: "Install {{ haproxy_package }}"
|
2023-04-16 00:27:24 +00:00
|
|
|
dnf:
|
|
|
|
name: "{{ haproxy_package }}"
|
2024-05-16 15:20:18 +00:00
|
|
|
state: "{{ 'latest' if haproxy_version == 'latest' else 'present' }}"
|
2023-04-16 00:27:24 +00:00
|
|
|
update_cache: yes
|
|
|
|
register: haproxy_setup
|
2024-05-16 15:20:18 +00:00
|
|
|
notify:
|
|
|
|
- Restart HAProxy
|
2023-04-16 00:27:24 +00:00
|
|
|
|
|
|
|
- name: Install python2-cryptography
|
|
|
|
package:
|
|
|
|
name: python2-cryptography
|
|
|
|
when:
|
|
|
|
- ansible_facts['os_family'] == 'RedHat'
|
|
|
|
- ansible_facts['distribution_major_version'] <= '7'
|
|
|
|
- haproxy_self_signed_cert
|
|
|
|
|
|
|
|
- name: Install python3-cryptography
|
|
|
|
package:
|
|
|
|
name: python3-cryptography
|
|
|
|
when:
|
|
|
|
- ansible_facts['os_family'] == 'RedHat'
|
2024-05-16 15:20:18 +00:00
|
|
|
- ansible_facts['distribution_major_version'] > '8'
|
2023-04-16 00:27:24 +00:00
|
|
|
- haproxy_self_signed_cert
|
|
|
|
|
|
|
|
- name: Set haproxy_connect_any flag on and keep it persistent across reboots
|
|
|
|
ansible.posix.seboolean:
|
|
|
|
name: haproxy_connect_any
|
|
|
|
state: yes
|
|
|
|
persistent: yes
|
|
|
|
notify:
|
|
|
|
- Reload HAProxy
|
|
|
|
when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled'
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: Check net.ipv4.ip_nonlocal_bind
|
|
|
|
ansible.posix.sysctl:
|
|
|
|
name: net.ipv4.ip_nonlocal_bind
|
|
|
|
value: '1'
|
|
|
|
sysctl_set: no
|
|
|
|
state: present
|
|
|
|
register: sysctl_result
|
|
|
|
|
|
|
|
- name: Set net.ipv4.ip_nonlocal_bind = 1
|
|
|
|
ansible.posix.sysctl:
|
|
|
|
name: net.ipv4.ip_nonlocal_bind
|
|
|
|
value: '1'
|
|
|
|
sysctl_set: yes
|
|
|
|
state: present
|
|
|
|
reload: yes
|
|
|
|
sysctl_file: /etc/sysctl.d/99-haproxy.conf
|
|
|
|
when: sysctl_result.changed
|
|
|
|
|
|
|
|
- name: Apply default config
|
|
|
|
block:
|
|
|
|
- name: Merge config for HAProxy
|
|
|
|
set_fact:
|
|
|
|
haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}"
|
|
|
|
|
|
|
|
- name: Add HAProxy config
|
|
|
|
template:
|
|
|
|
src: "haproxy.cfg.j2"
|
|
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
|
|
notify:
|
|
|
|
- Reload HAProxy
|
|
|
|
when:
|
|
|
|
- haproxy_config_override is not defined
|
|
|
|
- haproxy_config_base64_override is not defined
|
|
|
|
|
|
|
|
- name: Override with config in plain text
|
|
|
|
block:
|
|
|
|
- set_fact:
|
|
|
|
haproxy_config: "{{ haproxy_config_override }}"
|
|
|
|
|
2023-07-05 09:37:22 +00:00
|
|
|
- name: Override HAProxy config in plain text
|
2023-04-16 00:27:24 +00:00
|
|
|
copy:
|
|
|
|
content: "{{ haproxy_config }}"
|
|
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
|
|
notify:
|
|
|
|
- Reload HAProxy
|
|
|
|
when: haproxy_config_override is defined
|
|
|
|
|
|
|
|
- name: Override with base64 config
|
|
|
|
block:
|
|
|
|
- set_fact:
|
|
|
|
haproxy_config: "{{ haproxy_config_base64_override | b64decode }}"
|
|
|
|
|
2023-07-05 09:37:22 +00:00
|
|
|
- name: Override HAProxy with config in base64
|
2023-04-16 00:27:24 +00:00
|
|
|
copy:
|
|
|
|
content: "{{ haproxy_config }}"
|
|
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
|
|
notify:
|
|
|
|
- Reload HAProxy
|
|
|
|
when: haproxy_config_base64_override is defined
|
|
|
|
|
|
|
|
- name: Add maps for HAProxy
|
|
|
|
include_tasks: map.yaml
|
|
|
|
when: haproxy_map is defined
|
|
|
|
|
|
|
|
- name: Add lua code for HAProxy
|
|
|
|
include_tasks: lua.yaml
|
|
|
|
when: haproxy_lua is defined
|
|
|
|
|
|
|
|
- name: Add certificate for HAProxy
|
|
|
|
include_tasks: cert.yaml
|
|
|
|
when: haproxy_ssl
|
|
|
|
|
|
|
|
- name: Enable and start HAProxy service
|
|
|
|
systemd:
|
2024-05-16 15:20:18 +00:00
|
|
|
name: "{{ haproxy_unit_name }}"
|
2023-04-16 00:27:24 +00:00
|
|
|
state: started
|
|
|
|
enabled: yes
|
|
|
|
daemon_reload: yes
|
2023-05-12 22:20:17 +00:00
|
|
|
masked: no
|
2023-04-16 00:27:24 +00:00
|
|
|
register: haproxy_enable_and_start
|