diff --git a/handlers/main.yaml b/handlers/main.yaml index d4ca4f3..411a86a 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1,7 +1,14 @@ --- - name: Reload HAProxy systemd: - name: haproxy + name: "{{ haproxy_unit_name }}" + state: reloaded + daemon_reload: yes + when: haproxy_enable_and_start.changed + +- name: Restart HAProxy + systemd: + name: "{{ haproxy_unit_name }}" state: reloaded daemon_reload: yes when: haproxy_enable_and_start.changed diff --git a/tasks/Debian.yaml b/tasks/Debian.yaml new file mode 100644 index 0000000..7ff4629 --- /dev/null +++ b/tasks/Debian.yaml @@ -0,0 +1,124 @@ +--- +- name: Gather packages + package_facts: + manager: auto + +- name: Set fact about HAProxy package + set_fact: + haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}" + when: haproxy_package_name in ansible_facts.packages + +- name: Print installed HAProxy version + debug: + msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}" + verbosity: 2 + when: haproxy_installed_package is defined + +- name: Mask HAProxy before install + ansible.builtin.systemd: + name: "{{ haproxy_unit_name }}" + masked: yes + when: haproxy_package_name not in ansible_facts.packages or ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) + +- name: "Install {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" + apt: + name: "{{ haproxy_package }}" + update_cache: yes + register: haproxy_setup + when: haproxy_package_name not in ansible_facts.packages + +- name: "Update {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" + apt: + name: "{{ haproxy_package }}" + update_cache: yes + register: haproxy_update + notify: Restart HAProxy + when: + - haproxy_package_name in ansible_facts.packages + - ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) + +- name: Install python3-cryptography + package: + name: python3-cryptography + +- block: + - name: Check net.ipv4.ip_nonlocal_bind + ansible.posix.sysctl: + name: net.ipv4.ip_nonlocal_bind + value: '1' + sysctl_set: no + state: present + register: sysctl_result + + - name: Set net.ipv4.ip_nonlocal_bind = 1 + ansible.posix.sysctl: + name: net.ipv4.ip_nonlocal_bind + value: '1' + sysctl_set: yes + state: present + reload: yes + sysctl_file: /etc/sysctl.d/99-haproxy.conf + when: sysctl_result.changed + +- name: Apply default config + block: + - name: Merge config for HAProxy + set_fact: + haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}" + + - name: Add HAProxy config + template: + src: "haproxy.cfg.j2" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: + - haproxy_config_override is not defined + - haproxy_config_base64_override is not defined + +- name: Override with config in plain text + block: + - set_fact: + haproxy_config: "{{ haproxy_config_override }}" + + - name: Override HAParoxy config in plain text + copy: + content: "{{ haproxy_config }}" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: haproxy_config_override is defined + +- name: Override with base64 config + block: + - set_fact: + haproxy_config: "{{ haproxy_config_base64_override | b64decode }}" + + - name: Override HAParoxy with config in base64 + copy: + content: "{{ haproxy_config }}" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: haproxy_config_base64_override is defined + +- name: Add maps for HAProxy + include_tasks: map.yaml + when: haproxy_map is defined + +- name: Add lua code for HAProxy + include_tasks: lua.yaml + when: haproxy_lua is defined + +- name: Add certificate for HAProxy + include_tasks: cert.yaml + when: haproxy_ssl + +- name: Enable and start HAProxy service + systemd: + name: "{{ haproxy_unit_name }}" + state: started + enabled: yes + daemon_reload: yes + masked: no + register: haproxy_enable_and_start diff --git a/tasks/RedHat.yaml b/tasks/RedHat.yaml new file mode 100644 index 0000000..2f06865 --- /dev/null +++ b/tasks/RedHat.yaml @@ -0,0 +1,144 @@ +--- +- name: Gather packages + package_facts: + manager: auto + +- name: Set fact about HAProxy package + set_fact: + haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}" + when: haproxy_package_name in ansible_facts.packages + +- name: Print installed HAProxy version + debug: + msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}" + verbosity: 2 + when: haproxy_installed_package is defined + +- name: Mask HAProxy before install + ansible.builtin.systemd: + name: "{{ haproxy_unit_name }}" + masked: yes + when: haproxy_package_name not in ansible_facts.packages or ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) + +- name: "Install {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" + dnf: + name: "{{ haproxy_package }}" + update_cache: yes + register: haproxy_setup + when: haproxy_package_name not in ansible_facts.packages + +- name: "Update {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" + dnf: + name: "{{ haproxy_package }}" + update_cache: yes + register: haproxy_update + notify: Restart HAProxy + when: + - haproxy_package_name in ansible_facts.packages + - ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) + +- name: Install python2-cryptography + package: + name: python2-cryptography + when: + - ansible_facts['os_family'] == 'RedHat' + - ansible_facts['distribution_major_version'] <= '7' + - haproxy_self_signed_cert + +- name: Install python3-cryptography + package: + name: python3-cryptography + when: + - ansible_facts['os_family'] == 'RedHat' + - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9' + - haproxy_self_signed_cert + +- name: Set haproxy_connect_any flag on and keep it persistent across reboots + ansible.posix.seboolean: + name: haproxy_connect_any + state: yes + persistent: yes + notify: + - Reload HAProxy + when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled' + +- block: + - name: Check net.ipv4.ip_nonlocal_bind + ansible.posix.sysctl: + name: net.ipv4.ip_nonlocal_bind + value: '1' + sysctl_set: no + state: present + register: sysctl_result + + - name: Set net.ipv4.ip_nonlocal_bind = 1 + ansible.posix.sysctl: + name: net.ipv4.ip_nonlocal_bind + value: '1' + sysctl_set: yes + state: present + reload: yes + sysctl_file: /etc/sysctl.d/99-haproxy.conf + when: sysctl_result.changed + +- name: Apply default config + block: + - name: Merge config for HAProxy + set_fact: + haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}" + + - name: Add HAProxy config + template: + src: "haproxy.cfg.j2" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: + - haproxy_config_override is not defined + - haproxy_config_base64_override is not defined + +- name: Override with config in plain text + block: + - set_fact: + haproxy_config: "{{ haproxy_config_override }}" + + - name: Override HAParoxy config in plain text + copy: + content: "{{ haproxy_config }}" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: haproxy_config_override is defined + +- name: Override with base64 config + block: + - set_fact: + haproxy_config: "{{ haproxy_config_base64_override | b64decode }}" + + - name: Override HAParoxy with config in base64 + copy: + content: "{{ haproxy_config }}" + dest: "/etc/haproxy/haproxy.cfg" + notify: + - Reload HAProxy + when: haproxy_config_base64_override is defined + +- name: Add maps for HAProxy + include_tasks: map.yaml + when: haproxy_map is defined + +- name: Add lua code for HAProxy + include_tasks: lua.yaml + when: haproxy_lua is defined + +- name: Add certificate for HAProxy + include_tasks: cert.yaml + when: haproxy_ssl + +- name: Enable and start HAProxy service + systemd: + name: haproxy + state: started + enabled: yes + daemon_reload: yes + register: haproxy_enable_and_start diff --git a/tasks/main.yaml b/tasks/main.yaml index 6a9541c..998952c 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,113 +1,21 @@ --- -- name: Install HAProxy - package: - name: haproxy - state: present +- name: Make sure handlers are flushed immediately + meta: flush_handlers -- name: Install python2-cryptography and libsemanage-python - yum: - name: - - python2-cryptography - - libsemanage-python - when: - - ansible_facts['os_family'] == 'RedHat' - - ansible_facts['distribution_major_version'] <= '7' +- name: Load a variable file based on the OS type + include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: + - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml" + - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yaml" + - "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml" + - "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yaml" + - "{{ ansible_facts['distribution'] }}.yaml" + - "{{ ansible_facts['os_family'] }}.yaml" + paths: + - "vars" + tags: haproxy_vars -- name: Install python3-cryptography and python3-libsemanage - dnf: - name: - - python3-cryptography - - python3-libsemanage - when: - - ansible_facts['os_family'] == 'RedHat' - - ansible_facts['distribution_major_version'] >= '8' - -- name: Set haproxy_connect_any flag on and keep it persistent across reboots - ansible.posix.seboolean: - name: haproxy_connect_any - state: yes - persistent: yes - notify: - - Reload HAProxy - when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled' - -- block: - - name: Check net.ipv4.ip_nonlocal_bind - ansible.posix.sysctl: - name: net.ipv4.ip_nonlocal_bind - value: '1' - sysctl_set: no - state: present - register: sysctl_result - - - name: Set net.ipv4.ip_nonlocal_bind = 1 - ansible.posix.sysctl: - name: net.ipv4.ip_nonlocal_bind - value: '1' - sysctl_set: yes - state: present - reload: yes - sysctl_file: /etc/sysctl.d/99-haproxy.conf - when: sysctl_result.changed - -- name: Apply default config - block: - - name: Merge config for HAProxy - set_fact: - haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}" - - - name: Add HAProxy config - template: - src: "haproxy.cfg.j2" - dest: "/etc/haproxy/haproxy.cfg" - notify: - - Reload HAProxy - when: - - haproxy_config_override is not defined - - haproxy_config_base64_override is not defined - -- name: Override with config in plain text - block: - - set_fact: - haproxy_config: "{{ haproxy_config_override }}" - - - name: Override HAParoxy config in plain text - copy: - content: "{{ haproxy_config }}" - dest: "/etc/haproxy/haproxy.cfg" - notify: - - Reload HAProxy - when: haproxy_config_override is defined - -- name: Override with base64 config - block: - - set_fact: - haproxy_config: "{{ haproxy_config_base64_override | b64decode }}" - - - name: Override HAParoxy with config in base64 - copy: - content: "{{ haproxy_config }}" - dest: "/etc/haproxy/haproxy.cfg" - notify: - - Reload HAProxy - when: haproxy_config_base64_override is defined - -- name: Add maps for HAProxy - include_tasks: map.yaml - when: haproxy_map is defined - -- name: Add lua code for HAProxy - include_tasks: lua.yaml - when: haproxy_lua is defined - -- name: Add certificate for HAProxy - include_tasks: cert.yaml - when: haproxy_ssl - -- name: Enable and start HAProxy service - systemd: - name: haproxy - state: started - enabled: yes - daemon_reload: yes - register: haproxy_enable_and_start +- name: Include HAProxy install + include_tasks: "{{ ansible_facts['os_family'] }}.yaml" diff --git a/vars/Debian-11.yaml b/vars/Debian-11.yaml new file mode 100644 index 0000000..b6f1405 --- /dev/null +++ b/vars/Debian-11.yaml @@ -0,0 +1,6 @@ +haproxy_package_name: "haproxy" +haproxy_version: "2.6.9" +haproxy_version_build: "1~bpo11+1" +haproxy_package: "{{ haproxy_package_name }}={{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_package_name_regex: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_unit_name: "{{ haproxy_package_name }}" diff --git a/vars/RedHat-8.yaml b/vars/RedHat-8.yaml new file mode 100644 index 0000000..3890bde --- /dev/null +++ b/vars/RedHat-8.yaml @@ -0,0 +1,7 @@ +haproxy_package_name: "haproxy" +haproxy_version: "1.8.27" +haproxy_version_build: "5" +haproxy_package: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_package_name_regex: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_unit_name: "{{ haproxy_package_name }}" + diff --git a/vars/RedHat-9.yaml b/vars/RedHat-9.yaml new file mode 100644 index 0000000..283a78e --- /dev/null +++ b/vars/RedHat-9.yaml @@ -0,0 +1,7 @@ +haproxy_package_name: "haproxy" +haproxy_version: "2.4.17" +haproxy_version_build: "3" +haproxy_package: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_package_name_regex: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_unit_name: "{{ haproxy_package_name }}" + diff --git a/vars/Ubuntu-20.04.yaml b/vars/Ubuntu-20.04.yaml new file mode 100644 index 0000000..a3ac1c1 --- /dev/null +++ b/vars/Ubuntu-20.04.yaml @@ -0,0 +1,6 @@ +haproxy_package_name: "haproxy" +haproxy_version: "2.0.29" +haproxy_version_build: "0ubuntu1.3" +haproxy_package: "{{ haproxy_package_name }}={{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_package_name_regex: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_unit_name: "{{ haproxy_package_name }}" diff --git a/vars/Ubuntu-22.04.yaml b/vars/Ubuntu-22.04.yaml new file mode 100644 index 0000000..5d0430d --- /dev/null +++ b/vars/Ubuntu-22.04.yaml @@ -0,0 +1,6 @@ +haproxy_package_name: "haproxy" +haproxy_version: "2.4.18" +haproxy_version_build: "0ubuntu1.3" +haproxy_package: "{{ haproxy_package_name }}={{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_package_name_regex: "{{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" +haproxy_unit_name: "{{ haproxy_package_name }}"