--- - name: Set SSH port set_fact: ansible_port: "{{SSH_PORT}}" - name: check if HAProxy is installed package_facts: manager: "auto" - name: populate service facts service_facts: - name: install EPEL Repository yum: name: epel-release state: latest when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0 ignore_errors: yes environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - name: install HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}} yum: name: - http://repo.haproxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm - socat state: present when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0 register: install_result environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - name: set_fact from wi` set_fact: haproxy_from_wi: "yes" when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0 - name: install the latest version of HAProxy yum: name: - haproxy - socat state: latest when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result.stderr") environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - name: Install HAProxy apt: name: - haproxy - socat state: present when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu' environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - name: Change wrong HAProxy service file template: src: haproxy.service.j2 dest: /usr/lib/systemd/system/haproxy.service mode: 0644 when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and haproxy_from_wi is defined - name: Disble SELINUX in config template: src: selinux.j2 dest: /etc/selinux/config - name: Disble SELINUX in env shell: setenforce 0 - name: Enable and start service HAProxy systemd: name: haproxy daemon_reload: yes state: started enabled: yes force: no ignore_errors: yes when: "'haproxy' in ansible_facts.packages" - name: Exiting meta: end_play when: "'haproxy' in ansible_facts.packages" - name: Get HAProxy version. command: haproxy -v register: haproxy_version_result changed_when: false check_mode: false - name: Set HAProxy version. set_fact: haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}" - name: Open stat port for firewalld firewalld: port: "{{ item }}/tcp" state: enabled permanent: yes immediate: yes ignore_errors: yes no_log: True when: ansible_facts.services["firewalld.service"]['state'] == "running" with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ] - name: Open stat port for iptables iptables: chain: INPUT destination_port: "{{ item }}" jump: ACCEPT protocol: tcp ignore_errors: yes with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ] - name: Copy HAProxy configuration in place. template: src: haproxy.cfg.j2 dest: /etc/haproxy/haproxy.cfg mode: 0644 validate: haproxy -f %s -c -q notify: restart haproxy - name: Enable and start service HAProxy systemd: name: haproxy daemon_reload: yes state: started enabled: yes force: no ignore_errors: yes - name: Add syn_flood tasks include: syn_flood.yml when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)