ansible/roles/haproxy/tasks/main.yml

199 lines
4.4 KiB
YAML
Raw Normal View History

2020-10-02 19:30:41 -05:00
---
- name: Install HAProxy
package:
name: haproxy
state: present
notify:
- Restart HAProxy
- name: Create HAProxy group
group:
name: haproxy
gid: 20001
notify:
- Restart HAProxy
- name: Create HAProxy user
user:
name: haproxy
uid: 20001
group: haproxy
create_home: no
home: /var/empty
notify:
- Restart HAProxy
- name: Create HAProxy service directories
file:
path: '/etc/s6-rc/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items:
- haproxy
- haproxy/env
- haproxy/data
- haproxy-log
- haproxy-log/env
- name: Generate HAProxy service scripts
template:
dest: '/etc/s6-rc/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items:
- haproxy/run
- haproxy/finish
- haproxy/data/check
- haproxy-log/run
- haproxy-log/finish
notify:
- Reload s6-rc
- Restart HAProxy
- name: Generate HAProxy service configuration
copy:
dest: '/etc/s6-rc/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart HAProxy
with_items:
- name: haproxy/type
content: longrun
- name: haproxy/notification-fd
content: 3
- name: haproxy/producer-for
content: haproxy-log
- name: haproxy/env/NAME
content: haproxy
- name: haproxy/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: haproxy/env/BIND_V4
content: '{{ haproxy_v4 }}'
- name: haproxy/env/BIND_V6
content: '{{ haproxy_v6 }}'
- name: haproxy-log/type
content: longrun
- name: haproxy-log/notification-fd
content: 3
- name: haproxy-log/consumer-for
content: haproxy
- name: haproxy-log/env/NAME
content: haproxy
- name: haproxy-log/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: haproxy-log/env/MODE
content: '750'
- name: haproxy-log/env/USER
content: s6-log
- name: haproxy-log/env/GROUP
content: s6-log
- name: haproxy-log/env/DIR
content: /var/log/haproxy
- name: Create HAProxy configuration directory
file:
path: /usr/local/etc/haproxy
state: directory
owner: root
group: wheel
mode: 0755
- name: Configure HAProxy
template:
dest: '/usr/local/etc/haproxy/{{ item }}'
src: '{{ item }}.j2'
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items:
- defaults.cfg
- global.cfg
- http.cfg
2020-10-02 20:04:44 -05:00
- sni.cfg
2020-10-02 19:30:41 -05:00
2020-10-02 20:04:44 -05:00
- name: Configure HAProxy HTTP backends
2020-10-02 19:30:41 -05:00
template:
dest: '/usr/local/etc/haproxy/http_{{ item.host }}.cfg'
src: http_host.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items: '{{ haproxy_http }}'
2020-10-02 20:04:44 -05:00
- name: Configure HAProxy SNI backends
template:
dest: '/usr/local/etc/haproxy/sni_{{ item.host }}.cfg'
src: sni_host.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items: '{{ haproxy_sni }}'
- name: Make sure the HTTP map exists
command: env touch /usr/local/etc/haproxy/http.map
args:
creates: /usr/local/etc/haproxy/http.map
notify:
- Reload HAProxy
- name: Make sure the SNI map exists
command: env touch /usr/local/etc/haproxy/sni.map
args:
creates: /usr/local/etc/haproxy/sni.map
notify:
- Reload HAProxy
2020-10-02 19:30:41 -05:00
- name: Enable HAProxy HTTP backends
lineinfile:
path: /usr/local/etc/haproxy/http.map
regex: '^{{ item.host }} '
line: '{{ item.host }} http_{{ item.host }}'
notify:
- Reload HAProxy
with_items: '{{ haproxy_http }}'
2020-10-02 20:04:44 -05:00
- name: Enable HAProxy SNI backends
lineinfile:
path: /usr/local/etc/haproxy/sni.map
regex: '^{{ item.host }} '
line: '{{ item.host }} sni_{{ item.host }}'
2020-10-02 19:30:41 -05:00
notify:
- Reload HAProxy
2020-10-02 20:04:44 -05:00
with_items: '{{ haproxy_sni }}'
2020-10-02 19:30:41 -05:00
- name: Flush handlers
meta: flush_handlers
2020-10-02 20:14:01 -05:00
- name: Start HAProxy
command: fdmove -c 2 1 s6-rc -u -v 2 change haproxy
register: change
changed_when: change.stdout | length > 0
- name: Enable HAProxy
lineinfile:
path: /etc/s6-rc/service/enabled/contents
regexp: "^haproxy$"
line: "haproxy"
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers