fix selinux and make default config working with haproxy up to v2.6.10

2024-11-25 00:16:39 +00:00 · 2023-03-12 20:44:33 +03:00 · 2023-03-12 20:44:33 +03:00 · e230bae808
commit e230bae808
parent 1aeb3158b5
2 changed files with 11 additions and 11 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -14,7 +14,6 @@ haproxy_default_config:
    daemon:
    chroot: /var/lib/haproxy
    maxconn: 200000
-    nbproc: "{{ '2' if ansible_facts['processor_nproc'] > 1 }}"
    user: haproxy
    group: haproxy
    pidfile: /var/run/haproxy.pid
@ -22,7 +21,6 @@ haproxy_default_config:
      - "127.0.0.1 local0"
    stats:
      - "socket /var/lib/haproxy/stats mode 0660 level admin"
-      - "bind-process {{ '2' if ansible_facts['processor_nproc'] > 1 }}"
    'tune.ssl.default-dh-param': 2048
  defaults:
    log:
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -4,21 +4,23 @@
    name: haproxy
    state: present

- name: Install python2-cryptography
-  package:
-    name: python2-cryptography
+- name: Install python2-cryptography and libsemanage-python
+  yum:
+    name:
+      - python2-cryptography
+      - libsemanage-python
  when:
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['distribution_major_version'] <= '7'
-    - haproxy_self_signed_cert 

- name: Install python3-cryptography
-  package: 
-   name: python3-cryptography
+- name: Install python3-cryptography and python3-libsemanage
+  dnf:
+   name:
+     - python3-cryptography
+     - python3-libsemanage
  when:
    - ansible_facts['os_family'] == 'RedHat'
-    - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'
-    - haproxy_self_signed_cert
+    - ansible_facts['distribution_major_version'] >= '8'

 - name: Set haproxy_connect_any flag on and keep it persistent across reboots
  ansible.posix.seboolean: