--- - name: Gather packages package_facts: manager: auto - name: Set fact about HAProxy package set_fact: haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}" when: haproxy_package_name in ansible_facts.packages - name: Print installed HAProxy version debug: msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}" verbosity: 2 when: haproxy_installed_package is defined - name: "Install {{ haproxy_package }}" dnf: name: "{{ haproxy_package }}" state: "{{ 'latest' if haproxy_version == 'latest' else 'present' }}" update_cache: yes register: haproxy_setup notify: - Restart HAProxy - name: Install python2-cryptography package: name: python2-cryptography when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] <= '7' - haproxy_self_signed_cert - name: Install python3-cryptography package: name: python3-cryptography when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] > '8' - haproxy_self_signed_cert - name: Set haproxy_connect_any flag on and keep it persistent across reboots ansible.posix.seboolean: name: haproxy_connect_any state: yes persistent: yes notify: - Reload HAProxy when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled' - block: - name: Check net.ipv4.ip_nonlocal_bind ansible.posix.sysctl: name: net.ipv4.ip_nonlocal_bind value: '1' sysctl_set: no state: present register: sysctl_result - name: Set net.ipv4.ip_nonlocal_bind = 1 ansible.posix.sysctl: name: net.ipv4.ip_nonlocal_bind value: '1' sysctl_set: yes state: present reload: yes sysctl_file: /etc/sysctl.d/99-haproxy.conf when: sysctl_result.changed - name: Apply default config when: - haproxy_config_override is not defined or haproxy_config_override | length <= 0 - haproxy_config_base64_override is not defined or haproxy_config_base64_override | length <= 0 - not haproxy_dataplaneapi or not haproxy_config_file_exists block: - name: Merge config for HAProxy set_fact: haproxy_combined_config: "{{ haproxy_default_config | combine(haproxy_config | default({}), recursive=true) }}" - name: Add HAProxy config template: src: "haproxy.cfg.j2" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy - name: Override with config in plain text when: - haproxy_config_override is defined - haproxy_config_override | length > 0 - not haproxy_dataplaneapi or not haproxy_config_file_exists block: - set_fact: haproxy_config: "{{ haproxy_config_override }}" - name: Override HAProxy config in plain text copy: content: "{{ haproxy_config }}" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy - name: Override with base64 config when: - haproxy_config_base64_override is defined - haproxy_config_base64_override | length > 0 - not haproxy_dataplaneapi or not haproxy_config_file_exists block: - set_fact: haproxy_config: "{{ haproxy_config_base64_override | b64decode }}" - name: Override HAProxy with config in base64 copy: content: "{{ haproxy_config }}" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy - name: Add maps for HAProxy include_tasks: maps.yaml when: - haproxy_maps is defined - name: Add lua code for HAProxy include_tasks: lua.yaml when: - haproxy_lua is defined - name: Add certificate for HAProxy include_tasks: cert.yaml when: - haproxy_ssl - name: Enable and start HAProxy service systemd: name: "{{ haproxy_unit_name }}" state: started enabled: yes daemon_reload: yes masked: no register: haproxy_enable_and_start