initial commit

tasks/cert.yaml

@@ -0,0 +1,40 @@
+- name: Check if ssl dir exist
+  file: 
+    name: "{{ haproxy_ssl_path }}"
+    state: directory
+  when: haproxy_ssl
+
+- name: Add predefined ssl cert for HAProxy
+  copy:
+    src: "{{ haproxy_cert_name }}"
+    dest: "{{ haproxy_ssl_path }}/{{ haproxy_cert_name }}"
+  notify: Reload HAProxy
+  when: haproxy_cert is defined
+
+- block:
+  - name: Check if temp ssl dir exist
+    file: 
+      name: "{{ haproxy_self_signed_cert_gen_path }}"
+      state: directory
+
+  - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
+    community.crypto.openssl_privatekey:
+      path: "{{ haproxy_self_signed_cert_gen_path }}/key.pem"
+    when: haproxy_cert is not defined
+    register: haproxy_key_gen
+  
+  - name: Generate a Self Signed OpenSSL certificate
+    community.crypto.x509_certificate:
+      path: "{{ haproxy_self_signed_cert_gen_path }}/cert.crt"
+      privatekey_path: "{{ haproxy_self_signed_cert_gen_path }}/key.pem"
+      provider: selfsigned
+    when: haproxy_cert is not defined
+    register: haproxy_cert_gen
+  
+  - name: Cat cert and key to single file for HAProxy
+    ansible.builtin.shell: |
+      cat {{ haproxy_self_signed_cert_gen_path }}/cert.crt > {{ haproxy_ssl_path }}/{{ haproxy_cert_name }}
+      cat {{ haproxy_self_signed_cert_gen_path }}/key.pem >> {{ haproxy_ssl_path }}/{{ haproxy_cert_name }}
+    when: haproxy_cert_gen.changed or haproxy_key_gen.changed
+    notify: Reload HAProxy
+  when: haproxy_self_signed_cert

tasks/lua.yaml

@@ -0,0 +1,13 @@
+---
+- name: Create lua dir for HAProxy
+  file:
+    path: "{{ haproxy_lua_path }}"
+    state: directory
+
+- name: Write lua files for HAProxy
+  copy:
+    dest: "{{ haproxy_lua_path }}/{{ item.key }}" 
+    content: "{{ item.value }}"
+  loop: "{{ haproxy_lua | dict2items }}"
+  notify: 
+    - Reload HAProxy

tasks/main.yaml

@@ -0,0 +1,111 @@
+---
+- name: Install HAProxy
+  package:
+    name: haproxy
+    state: present
+
+- name: Install python2-cryptography
+  package:
+    name: python2-cryptography
+  when:
+    - ansible_facts['os_family'] == 'RedHat'
+    - ansible_facts['distribution_major_version'] <= '7'
+    - haproxy_self_signed_cert 
+
+- name: Install python3-cryptography
+  package: 
+   name: python3-cryptography
+  when:
+    - ansible_facts['os_family'] == 'RedHat'
+    - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'
+    - haproxy_self_signed_cert
+
+- name: Set haproxy_connect_any flag on and keep it persistent across reboots
+  ansible.posix.seboolean:
+    name: haproxy_connect_any
+    state: yes
+    persistent: yes
+  notify:
+    - Reload HAProxy
+  when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled'
+
+- block:
+  - name: Check net.ipv4.ip_nonlocal_bind
+    ansible.posix.sysctl:
+      name: net.ipv4.ip_nonlocal_bind
+      value: '1'
+      sysctl_set: no
+      state: present
+    register: sysctl_result
+
+  - name: Set net.ipv4.ip_nonlocal_bind = 1
+    ansible.posix.sysctl:
+      name: net.ipv4.ip_nonlocal_bind
+      value: '1'
+      sysctl_set: yes
+      state: present
+      reload: yes
+      sysctl_file: /etc/sysctl.d/99-haproxy.conf
+    when: sysctl_result.changed
+
+- name: Apply default config
+  block:
+    - name: Merge config for HAProxy
+      set_fact:
+        haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}"
+
+    - name: Add HAProxy config
+      template:
+        src: "haproxy.cfg.j2"
+        dest: "/etc/haproxy/haproxy.cfg"
+      notify:
+        - Reload HAProxy
+  when:
+    - haproxy_config_override is not defined
+    - haproxy_config_base64_override is not defined
+
+- name: Override with config in plain text
+  block:
+    - set_fact:
+        haproxy_config: "{{ haproxy_config_override }}"
+
+    - name: Override HAParoxy config in plain text
+      copy:
+        content: "{{ haproxy_config }}"
+        dest: "/etc/haproxy/haproxy.cfg"
+      notify:
+        - Reload HAProxy
+  when: haproxy_config_override is defined
+
+- name: Override with base64 config
+  block:
+    - set_fact:
+        haproxy_config: "{{ haproxy_config_base64_override | b64decode }}"
+
+    - name: Override HAParoxy with config in base64
+      copy:
+        content: "{{ haproxy_config }}"
+        dest: "/etc/haproxy/haproxy.cfg"
+      notify:
+        - Reload HAProxy
+  when: haproxy_config_base64_override is defined
+
+- name: Add maps for HAProxy
+  include_tasks: map.yaml
+  when: haproxy_map is defined
+
+- name: Add lua code for HAProxy
+  include_tasks: lua.yaml
+  when: haproxy_lua is defined
+
+- name: Add certificate for HAProxy
+  include_tasks: cert.yaml
+  when: haproxy_ssl
+
+- name: Enable and start HAProxy service
+  systemd:
+    name: haproxy
+    state: started
+    enabled: yes
+    daemon_reload: yes
+  register: haproxy_enable_and_start

tasks/map.yaml

@@ -0,0 +1,8 @@
+---
+- name: Write maps for HAProxy
+  copy:
+    dest: "{{ haproxy_path }}/{{ item.key }}" 
+    content: "{{ item.value }}"
+  loop: "{{ haproxy_map | dict2items }}"
+  notify: 
+    - Reload HAProxy