mirror of
https://gitea.0xace.cc/ansible-galaxy/haproxy.git
synced 2024-11-25 00:16:39 +00:00
114 lines
2.9 KiB
YAML
114 lines
2.9 KiB
YAML
---
|
|
- name: Install HAProxy
|
|
package:
|
|
name: haproxy
|
|
state: present
|
|
|
|
- name: Install python2-cryptography and libsemanage-python
|
|
yum:
|
|
name:
|
|
- python2-cryptography
|
|
- libsemanage-python
|
|
when:
|
|
- ansible_facts['os_family'] == 'RedHat'
|
|
- ansible_facts['distribution_major_version'] <= '7'
|
|
|
|
- name: Install python3-cryptography and python3-libsemanage
|
|
dnf:
|
|
name:
|
|
- python3-cryptography
|
|
- python3-libsemanage
|
|
when:
|
|
- ansible_facts['os_family'] == 'RedHat'
|
|
- ansible_facts['distribution_major_version'] >= '8'
|
|
|
|
- name: Set haproxy_connect_any flag on and keep it persistent across reboots
|
|
ansible.posix.seboolean:
|
|
name: haproxy_connect_any
|
|
state: yes
|
|
persistent: yes
|
|
notify:
|
|
- Reload HAProxy
|
|
when: ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled'
|
|
|
|
- block:
|
|
- name: Check net.ipv4.ip_nonlocal_bind
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_nonlocal_bind
|
|
value: '1'
|
|
sysctl_set: no
|
|
state: present
|
|
register: sysctl_result
|
|
|
|
- name: Set net.ipv4.ip_nonlocal_bind = 1
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_nonlocal_bind
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
sysctl_file: /etc/sysctl.d/99-haproxy.conf
|
|
when: sysctl_result.changed
|
|
|
|
- name: Apply default config
|
|
block:
|
|
- name: Merge config for HAProxy
|
|
set_fact:
|
|
haproxy_combined_config: "{{ haproxy_config | default({}) | combine(haproxy_default_config, recursive=true) }}"
|
|
|
|
- name: Add HAProxy config
|
|
template:
|
|
src: "haproxy.cfg.j2"
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
notify:
|
|
- Reload HAProxy
|
|
when:
|
|
- haproxy_config_override is not defined
|
|
- haproxy_config_base64_override is not defined
|
|
|
|
- name: Override with config in plain text
|
|
block:
|
|
- set_fact:
|
|
haproxy_config: "{{ haproxy_config_override }}"
|
|
|
|
- name: Override HAParoxy config in plain text
|
|
copy:
|
|
content: "{{ haproxy_config }}"
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
notify:
|
|
- Reload HAProxy
|
|
when: haproxy_config_override is defined
|
|
|
|
- name: Override with base64 config
|
|
block:
|
|
- set_fact:
|
|
haproxy_config: "{{ haproxy_config_base64_override | b64decode }}"
|
|
|
|
- name: Override HAParoxy with config in base64
|
|
copy:
|
|
content: "{{ haproxy_config }}"
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
notify:
|
|
- Reload HAProxy
|
|
when: haproxy_config_base64_override is defined
|
|
|
|
- name: Add maps for HAProxy
|
|
include_tasks: map.yaml
|
|
when: haproxy_map is defined
|
|
|
|
- name: Add lua code for HAProxy
|
|
include_tasks: lua.yaml
|
|
when: haproxy_lua is defined
|
|
|
|
- name: Add certificate for HAProxy
|
|
include_tasks: cert.yaml
|
|
when: haproxy_ssl
|
|
|
|
- name: Enable and start HAProxy service
|
|
systemd:
|
|
name: haproxy
|
|
state: started
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
register: haproxy_enable_and_start
|