ansible/roles/haproxy/tasks/main.yml
2020-10-16 15:55:54 +02:00

206 lines
4.6 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Install HAProxy
package:
name: haproxy
state: present
notify:
- Restart HAProxy
- name: Create HAProxy group
group:
name: haproxy
gid: 20001
notify:
- Restart HAProxy
- name: Create HAProxy user
user:
name: haproxy
uid: 20001
group: haproxy
create_home: no
home: /var/empty
notify:
- Restart HAProxy
- name: Add /var/log/haproxy to fstab
mount:
path: /var/log/haproxy
src: tmpfs
fstype: tmpfs
opts: rw,size=128m,mode=750,uid=20000,gid=20000
state: mounted
- name: Create HAProxy service directories
file:
path: '/etc/s6-rc/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items:
- haproxy
- haproxy/env
- haproxy/data
- haproxy-log
- haproxy-log/env
- name: Generate HAProxy service scripts
template:
dest: '/etc/s6-rc/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items:
- haproxy/run
- haproxy/finish
- haproxy/data/check
- haproxy-log/run
- haproxy-log/finish
notify:
- Reload s6-rc
- Restart HAProxy
- name: Generate HAProxy service configuration
copy:
dest: '/etc/s6-rc/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart HAProxy
with_items:
- name: haproxy/type
content: longrun
- name: haproxy/notification-fd
content: 3
- name: haproxy/producer-for
content: haproxy-log
- name: haproxy/env/NAME
content: haproxy
- name: haproxy/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: haproxy/env/BIND_V4
content: '{{ haproxy_v4 }}'
- name: haproxy/env/BIND_V6
content: '{{ haproxy_v6 }}'
- name: haproxy-log/type
content: longrun
- name: haproxy-log/notification-fd
content: 3
- name: haproxy-log/consumer-for
content: haproxy
- name: haproxy-log/env/NAME
content: haproxy
- name: haproxy-log/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: haproxy-log/env/MODE
content: '750'
- name: haproxy-log/env/USER
content: s6-log
- name: haproxy-log/env/GROUP
content: s6-log
- name: haproxy-log/env/DIR
content: /var/log/haproxy
- name: Create HAProxy configuration directory
file:
path: /usr/local/etc/haproxy
state: directory
owner: root
group: wheel
mode: 0755
- name: Configure HAProxy
template:
dest: '/usr/local/etc/haproxy/{{ item }}'
src: '{{ item }}.j2'
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items:
- defaults.cfg
- global.cfg
- http.cfg
- sni.cfg
- name: Configure HAProxy HTTP backends
template:
dest: '/usr/local/etc/haproxy/http_{{ item.host }}.cfg'
src: http_host.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items: '{{ haproxy_http }}'
- name: Configure HAProxy SNI backends
template:
dest: '/usr/local/etc/haproxy/sni_{{ item.host }}.cfg'
src: sni_host.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
with_items: '{{ haproxy_sni }}'
- name: Make sure the HTTP map exists
command: env touch /usr/local/etc/haproxy/http.map
args:
creates: /usr/local/etc/haproxy/http.map
notify:
- Reload HAProxy
- name: Make sure the SNI map exists
command: env touch /usr/local/etc/haproxy/sni.map
args:
creates: /usr/local/etc/haproxy/sni.map
notify:
- Reload HAProxy
- name: Enable HAProxy HTTP backends
lineinfile:
path: /usr/local/etc/haproxy/http.map
regex: '^{{ item.host }} '
line: '{{ item.host }} http_{{ item.host }}'
notify:
- Reload HAProxy
with_items: '{{ haproxy_http }}'
- name: Enable HAProxy SNI backends
lineinfile:
path: /usr/local/etc/haproxy/sni.map
regex: '^{{ item.host }} '
line: '{{ item.host }} sni_{{ item.host }}'
notify:
- Reload HAProxy
with_items: '{{ haproxy_sni }}'
- name: Flush handlers
meta: flush_handlers
- name: Start HAProxy
command: fdmove -c 2 1 s6-rc -u -v 2 change haproxy
register: change
changed_when: change.stdout | length > 0
- name: Enable HAProxy
lineinfile:
path: /etc/s6-rc/service/enabled/contents
regexp: "^haproxy$"
line: "haproxy"
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers