--- - name: Gather packages package_facts: manager: auto - name: Set fact about HAProxy package set_fact: haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}" when: haproxy_package_name in ansible_facts.packages - name: Print installed HAProxy version debug: msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}" verbosity: 2 when: haproxy_installed_package is defined - name: Mask HAProxy before install ansible.builtin.systemd: name: "{{ haproxy_unit_name }}" masked: yes when: haproxy_package_name not in ansible_facts.packages or ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) - name: "Install {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" dnf: name: "{{ haproxy_package }}" update_cache: yes register: haproxy_setup when: haproxy_package_name not in ansible_facts.packages - name: "Update {{ haproxy_package_name }}-{{ haproxy_version }}-{{ haproxy_version_build }}" dnf: name: "{{ haproxy_package }}" update_cache: yes register: haproxy_update notify: Restart HAProxy when: - haproxy_package_name in ansible_facts.packages - ansible_facts.packages[haproxy_package_name][0]['version'] != (haproxy_version|string + "-" + haproxy_version_build|string) - name: Install python2-cryptography package: name: python2-cryptography when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] <= '7' - haproxy_self_signed_cert - name: Install python3-cryptography package: name: python3-cryptography when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9' - haproxy_self_signed_cert - name: Set haproxy_connect_any flag on and keep it persistent across reboots ansible.posix.seboolean: name: haproxy_connect_any state: yes persistent: yes notify: - Reload HAProxy when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled' - block: - name: Check net.ipv4.ip_nonlocal_bind ansible.posix.sysctl: name: net.ipv4.ip_nonlocal_bind value: '1' sysctl_set: no state: present register: sysctl_result - name: Set net.ipv4.ip_nonlocal_bind = 1 ansible.posix.sysctl: name: net.ipv4.ip_nonlocal_bind value: '1' sysctl_set: yes state: present reload: yes sysctl_file: /etc/sysctl.d/99-haproxy.conf when: sysctl_result.changed - name: Apply default config block: - name: Merge config for HAProxy set_fact: haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}" - name: Add HAProxy config template: src: "haproxy.cfg.j2" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy when: - haproxy_config_override is not defined - haproxy_config_base64_override is not defined - name: Override with config in plain text block: - set_fact: haproxy_config: "{{ haproxy_config_override }}" - name: Override HAParoxy config in plain text copy: content: "{{ haproxy_config }}" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy when: haproxy_config_override is defined - name: Override with base64 config block: - set_fact: haproxy_config: "{{ haproxy_config_base64_override | b64decode }}" - name: Override HAParoxy with config in base64 copy: content: "{{ haproxy_config }}" dest: "/etc/haproxy/haproxy.cfg" notify: - Reload HAProxy when: haproxy_config_base64_override is defined - name: Add maps for HAProxy include_tasks: map.yaml when: haproxy_map is defined - name: Add lua code for HAProxy include_tasks: lua.yaml when: haproxy_lua is defined - name: Add certificate for HAProxy include_tasks: cert.yaml when: haproxy_ssl - name: Enable and start HAProxy service systemd: name: haproxy state: started enabled: yes daemon_reload: yes register: haproxy_enable_and_start