haproxy-wi/app/scripts/ansible/roles/keepalived/tasks/install.yml

---        
- name: check if Keepalived is installed
  package_facts:
    manager: "auto"


- name: install EPEL Repository
  yum:
    name: epel-release
    state: latest
  when:
    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
    - ansible_facts['distribution_major_version'] == '7'
  ignore_errors: yes
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"


- name: Install the latest version of Keepalived
  package:
    name: keepalived
    state: present
  when: "'keepalived' not in ansible_facts.packages"
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"


- name: Ensure group "keepalived_script" exists
  group:
    name: keepalived_script
    state: present
    system: yes
    
    
- name: Add the user 'keepalived_script' 
  user:
    name: keepalived_script
    comment: User for keepalived_script
    group: keepalived_script
    shell: /sbin/nologin
    create_home: no
    system: yes

  
- name: Copy keepalived configuration in place.
  template:
    src: keepalived.conf.j2
    dest: /etc/keepalived/keepalived.conf
    mode: 0644
  notify: restart keepalived


- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')

  
- name: Disble SELINUX in config
  template:
   src: ../../haproxy/templates/selinux.j2
   dest: /etc/selinux/config
  ignore_errors: yes
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'
  
  
- name: Disble SELINUX in env
  shell: setenforce 0 2> /dev/null
  ignore_errors: yes
  debugger: never
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'
  
  
- name: Enable and start service keepalived
  service:
    name: keepalived
    daemon_reload: yes
    state: started
    enabled: yes
  ignore_errors: yes
  
  
- name: Enable net.ipv4.ip_forward
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes
    state: present
    reload: yes
    
    
- name: Add syn_flood tasks
  include: ../../haproxy/tasks/syn_flood.yml
  when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00			`---`
			`- name: check if Keepalived is installed`
v3.8 2019-11-28 16:39:24 +00:00			`package_facts:`
			`manager: "auto"`
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00
v3.10.1.0 Changelog: https://haproxy-wi.org/changelog.py#3_10_1 2019-12-30 15:52:01 +00:00			`- name: install EPEL Repository`
			`yum:`
			`name: epel-release`
			`state: latest`
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00			`when:`
			`- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'`
			`- ansible_facts['distribution_major_version'] == '7'`
v3.10.1.0 Changelog: https://haproxy-wi.org/changelog.py#3_10_1 2019-12-30 15:52:01 +00:00			`ignore_errors: yes`
			`environment:`
			`http_proxy: "{{PROXY}}"`
			`https_proxy: "{{PROXY}}"`
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00
			`- name: Install the latest version of Keepalived`
			`package:`
			`name: keepalived`
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00			`state: present`
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00			`when: "'keepalived' not in ansible_facts.packages"`
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00			`environment:`
			`http_proxy: "{{PROXY}}"`
			`https_proxy: "{{PROXY}}"`

v4.2.2.0 https://haproxy-wi.org/changelog.py#4_2_2 2020-04-07 18:16:12 +00:00
			`- name: Ensure group "keepalived_script" exists`
			`group:`
			`name: keepalived_script`
			`state: present`
			`system: yes`


			`- name: Add the user 'keepalived_script'`
			`user:`
			`name: keepalived_script`
			`comment: User for keepalived_script`
			`group: keepalived_script`
			`shell: /sbin/nologin`
			`create_home: no`
			`system: yes`

v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00
			`- name: Copy keepalived configuration in place.`
			`template:`
			`src: keepalived.conf.j2`
			`dest: /etc/keepalived/keepalived.conf`
			`mode: 0644`
			`notify: restart keepalived`
v4.2.1.0 https://haproxy-wi.org/changelog.py#4_2_1 2020-04-05 10:08:15 +00:00

			`- name: test to see if selinux is running`
			`command: getenforce`
			`register: sestatus`
			`changed_when: false`
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00			`when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')`
v4.2.1.0 https://haproxy-wi.org/changelog.py#4_2_1 2020-04-05 10:08:15 +00:00
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00
4.1.0.0 https://haproxy-wi.org/changelog.py#4_1 2020-03-17 18:20:59 +00:00			`- name: Disble SELINUX in config`
4.1.0.0 https://haproxy-wi.org/changelog.py#4_1 2020-03-23 18:56:09 +00:00			`template:`
			`src: ../../haproxy/templates/selinux.j2`
			`dest: /etc/selinux/config`
v4.1.0.0 Changelog: https://haproxy-wi.org/changelog.py#4_1 2020-03-24 09:45:44 +00:00			`ignore_errors: yes`
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00			`when:`
			`- sestatus.stdout is defined`
			`- '"Enforcing" in sestatus.stdout'`
v4.2.1.0 https://haproxy-wi.org/changelog.py#4_2_1 2020-04-05 10:08:15 +00:00
4.1.0.0 https://haproxy-wi.org/changelog.py#4_1 2020-03-17 18:20:59 +00:00
			`- name: Disble SELINUX in env`
v4.2.1.0 https://haproxy-wi.org/changelog.py#4_2_1 2020-04-03 20:51:50 +00:00			`shell: setenforce 0 2> /dev/null`
v4.1.0.0 Changelog: https://haproxy-wi.org/changelog.py#4_1 2020-03-24 09:45:44 +00:00			`ignore_errors: yes`
v4.1.0.0 Changelog: https://haproxy-wi.org/changelog.py#4_1 2020-03-24 13:00:09 +00:00			`debugger: never`
v5.4.1.0 Changelog: https://roxy-wi.org/changelog.py#5_4_1 2022-02-03 07:10:06 +00:00			`when:`
			`- sestatus.stdout is defined`
			`- '"Enforcing" in sestatus.stdout'`
v4.2.1.0 https://haproxy-wi.org/changelog.py#4_2_1 2020-04-05 10:08:15 +00:00
4.1.0.0 https://haproxy-wi.org/changelog.py#4_1 2020-03-17 18:20:59 +00:00
v3.7.1 Improved ansible 2019-11-06 15:15:41 +00:00			`- name: Enable and start service keepalived`
			`service:`
			`name: keepalived`
			`daemon_reload: yes`
			`state: started`
			`enabled: yes`
			`ignore_errors: yes`


			`- name: Enable net.ipv4.ip_forward`
			`sysctl:`
			`name: net.ipv4.ip_forward`
			`value: '1'`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`


			`- name: Add syn_flood tasks`
			`include: ../../haproxy/tasks/syn_flood.yml`
v3.8 2019-11-28 16:39:24 +00:00			`when: (SYN_FLOOD is defined) and (SYN_FLOOD\|length > 0)`