|
|
|
|
- hosts: "{{ variable_host }}"
|
|
|
|
|
become: yes
|
|
|
|
|
become_method: sudo
|
|
|
|
|
tasks:
|
|
|
|
|
- name: Set SSH port
|
|
|
|
|
set_fact:
|
|
|
|
|
ansible_port: "{{SSH_PORT}}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: check if Nginx is installed
|
|
|
|
|
package_facts:
|
|
|
|
|
manager: "auto"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: populate service facts
|
|
|
|
|
service_facts:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Creates directory
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/nginx
|
|
|
|
|
state: directory
|
|
|
|
|
when: "'nginx' not in ansible_facts.packages"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Creates directory
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/nginx/conf.d
|
|
|
|
|
state: directory
|
|
|
|
|
when: "'nginx' not in ansible_facts.packages"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Install passlib
|
|
|
|
|
package:
|
|
|
|
|
name: python-passlib
|
|
|
|
|
state: present
|
|
|
|
|
when: "'nginx' not in ansible_facts.packages"
|
|
|
|
|
environment:
|
|
|
|
|
http_proxy: "{{PROXY}}"
|
|
|
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Copy Nginx configuration in place.
|
|
|
|
|
template:
|
|
|
|
|
src: /var/www/haproxy-wi/app/scripts/ansible/roles/default.conf.j2
|
|
|
|
|
dest: "{{CONFIG_PATH}}"
|
|
|
|
|
mode: 0644
|
|
|
|
|
when: "'nginx' not in ansible_facts.packages"
|
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Open stat port for firewalld
|
|
|
|
|
firewalld:
|
|
|
|
|
port: "{{ STAT_PORT }}/tcp"
|
|
|
|
|
state: enabled
|
|
|
|
|
permanent: yes
|
|
|
|
|
immediate: yes
|
|
|
|
|
ignore_errors: yes
|
|
|
|
|
no_log: True
|
|
|
|
|
debugger: never
|
|
|
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts.services["firewalld.service"]['state'] == "running"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Open stat port for iptables
|
|
|
|
|
iptables:
|
|
|
|
|
chain: INPUT
|
|
|
|
|
destination_port: "{{ STAT_PORT }}"
|
|
|
|
|
jump: ACCEPT
|
|
|
|
|
protocol: tcp
|
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- htpasswd:
|
|
|
|
|
path: /etc/nginx/status_page_passwdfile
|
|
|
|
|
name: "{{STATS_USER}}"
|
|
|
|
|
password: "{{STATS_PASS}}"
|
|
|
|
|
when: "'nginx' not in ansible_facts.packages"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: test to see if selinux is running
|
|
|
|
|
command: getenforce
|
|
|
|
|
register: sestatus
|
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Disble SELINUX in config
|
|
|
|
|
template:
|
|
|
|
|
src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2
|
|
|
|
|
dest: /etc/selinux/config
|
|
|
|
|
ignore_errors: yes
|
|
|
|
|
when: '"Enforcing" in sestatus.stdout'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Disble SELINUX in env
|
|
|
|
|
shell: setenforce 0
|
|
|
|
|
ignore_errors: yes
|
|
|
|
|
debugger: never
|
|
|
|
|
when: '"Enforcing" in sestatus.stdout'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- hosts: "{{ variable_host }}"
|
|
|
|
|
become: yes
|
|
|
|
|
become_method: sudo
|
|
|
|
|
tasks:
|
|
|
|
|
- name: Add syn_flood tasks
|
|
|
|
|
include: haproxy/tasks/syn_flood.yml
|
|
|
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
|
|
|
|
roles:
|
|
|
|
|
- role: nginxinc.nginx
|
|
|
|
|
environment:
|
|
|
|
|
http_proxy: "{{PROXY}}"
|
|
|
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
