- hosts: "{{ variable_host }}" become: yes become_method: sudo tasks: - name: Set SSH port set_fact: ansible_port: "{{SSH_PORT}}" - name: check if Nginx is installed package_facts: manager: "auto" - name: populate service facts service_facts: - name: Creates directory file: path: /etc/nginx state: directory when: "'nginx' not in ansible_facts.packages" - name: Creates directory file: path: /etc/nginx/conf.d state: directory when: "'nginx' not in ansible_facts.packages" - name: Install passlib package: name: python-passlib state: present when: "'nginx' not in ansible_facts.packages" environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - name: Copy Nginx configuration in place. template: src: ./default.conf.j2 dest: "{{CONFIG_PATH}}" mode: 0644 when: "'nginx' not in ansible_facts.packages" ignore_errors: yes - name: Open stat port for firewalld firewalld: port: "{{ STAT_PORT }}/tcp" state: enabled permanent: yes immediate: yes ignore_errors: yes no_log: True debugger: never when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts.services["firewalld.service"]['state'] == "running" - name: Open stat port for iptables iptables: chain: INPUT destination_port: "{{ STAT_PORT }}" jump: ACCEPT protocol: tcp ignore_errors: yes - htpasswd: path: /etc/nginx/status_page_passwdfile name: "{{STATS_USER}}" password: "{{STATS_PASS}}" when: "'nginx' not in ansible_facts.packages" - name: test to see if selinux is running command: getenforce register: sestatus changed_when: false - name: Disble SELINUX in config template: src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2 dest: /etc/selinux/config ignore_errors: yes when: '"Enforcing" in sestatus.stdout' - name: Disble SELINUX in env shell: setenforce 0 ignore_errors: yes debugger: never when: '"Enforcing" in sestatus.stdout' - hosts: "{{ variable_host }}" become: yes become_method: sudo tasks: - name: Add syn_flood tasks include: haproxy/tasks/syn_flood.yml when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0) roles: - role: nginxinc.nginx environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}"