fix selinux and make default config working with haproxy up to v2.6.10

This commit is contained in:
ace 2023-03-12 20:44:33 +03:00
parent 1aeb3158b5
commit e230bae808
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
2 changed files with 11 additions and 11 deletions

View File

@ -14,7 +14,6 @@ haproxy_default_config:
daemon: daemon:
chroot: /var/lib/haproxy chroot: /var/lib/haproxy
maxconn: 200000 maxconn: 200000
nbproc: "{{ '2' if ansible_facts['processor_nproc'] > 1 }}"
user: haproxy user: haproxy
group: haproxy group: haproxy
pidfile: /var/run/haproxy.pid pidfile: /var/run/haproxy.pid
@ -22,7 +21,6 @@ haproxy_default_config:
- "127.0.0.1 local0" - "127.0.0.1 local0"
stats: stats:
- "socket /var/lib/haproxy/stats mode 0660 level admin" - "socket /var/lib/haproxy/stats mode 0660 level admin"
- "bind-process {{ '2' if ansible_facts['processor_nproc'] > 1 }}"
'tune.ssl.default-dh-param': 2048 'tune.ssl.default-dh-param': 2048
defaults: defaults:
log: log:

View File

@ -4,21 +4,23 @@
name: haproxy name: haproxy
state: present state: present
- name: Install python2-cryptography - name: Install python2-cryptography and libsemanage-python
package: yum:
name: python2-cryptography name:
- python2-cryptography
- libsemanage-python
when: when:
- ansible_facts['os_family'] == 'RedHat' - ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] <= '7' - ansible_facts['distribution_major_version'] <= '7'
- haproxy_self_signed_cert
- name: Install python3-cryptography - name: Install python3-cryptography and python3-libsemanage
package: dnf:
name: python3-cryptography name:
- python3-cryptography
- python3-libsemanage
when: when:
- ansible_facts['os_family'] == 'RedHat' - ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9' - ansible_facts['distribution_major_version'] >= '8'
- haproxy_self_signed_cert
- name: Set haproxy_connect_any flag on and keep it persistent across reboots - name: Set haproxy_connect_any flag on and keep it persistent across reboots
ansible.posix.seboolean: ansible.posix.seboolean: