mirror of https://github.com/Aidaho12/haproxy-wi
231 lines
5.5 KiB
YAML
231 lines
5.5 KiB
YAML
---
|
|
- name: Set SSH port
|
|
set_fact:
|
|
ansible_port: "{{SSH_PORT}}"
|
|
|
|
|
|
- name: check if HAProxy is installed
|
|
package_facts:
|
|
manager: "auto"
|
|
|
|
|
|
- name: populate service facts
|
|
service_facts:
|
|
|
|
|
|
- name: install EPEL Repository
|
|
yum:
|
|
name: epel-release
|
|
state: latest
|
|
disable_gpg_check: yes
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
|
|
ignore_errors: yes
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
- name: install HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
|
|
yum:
|
|
name:
|
|
- http://repo.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
|
|
- socat
|
|
- rsyslog
|
|
state: present
|
|
disable_gpg_check: yes
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
|
|
ignore_errors: yes
|
|
register: install_result
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
- name: Try to install another HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
|
|
yum:
|
|
name:
|
|
- http://repo1.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
|
|
- socat
|
|
- rsyslog
|
|
- bind-utils
|
|
state: present
|
|
register: install_result1
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'timed out' in install_result.stderr")
|
|
ignore_errors: yes
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
- name: set_fact from wi`
|
|
set_fact:
|
|
haproxy_from_wi: "yes"
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
|
|
|
|
|
|
- name: install the latest version of HAProxy
|
|
yum:
|
|
name:
|
|
- haproxy
|
|
- socat
|
|
- rsyslog
|
|
state: latest
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result1.stderr")
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
- name: Install HAProxy
|
|
apt:
|
|
name:
|
|
- haproxy
|
|
- socat
|
|
- rsyslog
|
|
state: present
|
|
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
|
|
- name: Change wrong HAProxy service file
|
|
template:
|
|
src: haproxy.service.j2
|
|
dest: /usr/lib/systemd/system/haproxy.service
|
|
mode: 0644
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and haproxy_from_wi is defined
|
|
|
|
|
|
- name: test to see if selinux is running
|
|
command: getenforce
|
|
register: sestatus
|
|
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')
|
|
changed_when: false
|
|
ignore_errors: yes
|
|
debugger: never
|
|
|
|
|
|
- name: Disble SELINUX in config
|
|
template:
|
|
src: selinux.j2
|
|
dest: /etc/selinux/config
|
|
ignore_errors: yes
|
|
when: '"Enforcing" in sestatus.stdout'
|
|
|
|
|
|
- name: Disble SELINUX in env
|
|
shell: setenforce 0 &> /dev/null
|
|
ignore_errors: yes
|
|
debugger: never
|
|
when: '"Enforcing" in sestatus.stdout'
|
|
|
|
|
|
- name: Enable and start service HAProxy
|
|
systemd:
|
|
name: haproxy
|
|
daemon_reload: yes
|
|
state: started
|
|
enabled: yes
|
|
force: no
|
|
ignore_errors: yes
|
|
when: "'haproxy' in ansible_facts.packages"
|
|
|
|
|
|
- name: Exiting
|
|
meta: end_play
|
|
when: "'haproxy' in ansible_facts.packages"
|
|
|
|
|
|
- name: Installing HAProxy conf for rsyslog
|
|
template:
|
|
src: haproxy_rsyslog.conf.j2
|
|
dest: /etc/rsyslog.d/haproxy.conf
|
|
ignore_errors: yes
|
|
|
|
|
|
- name: Installing rsyslog config
|
|
template:
|
|
src: rsyslog.conf
|
|
dest: /etc/rsyslog.conf
|
|
ignore_errors: yes
|
|
notify: restart rsyslog
|
|
|
|
|
|
- name: Installing HAProxy conf for logrotate
|
|
template:
|
|
src: logrotate.conf.j2
|
|
dest: /etc/logrotate.d/haproxy.conf
|
|
ignore_errors: yes
|
|
|
|
|
|
- name: Get HAProxy version.
|
|
command: haproxy -v
|
|
register: haproxy_version_result
|
|
changed_when: false
|
|
check_mode: false
|
|
|
|
|
|
- name: Set HAProxy version.
|
|
set_fact:
|
|
haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
|
|
|
|
|
|
- name: Open stat port for firewalld
|
|
firewalld:
|
|
port: "{{ item }}/tcp"
|
|
state: enabled
|
|
permanent: yes
|
|
immediate: yes
|
|
ignore_errors: yes
|
|
no_log: True
|
|
debugger: never
|
|
when:
|
|
- '"firewalld" in ansible_facts.packages'
|
|
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
|
|
- ansible_facts.services["firewalld.service"]['state'] == "running"
|
|
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
|
|
|
|
|
|
- name: Open stat port for iptables
|
|
iptables:
|
|
chain: INPUT
|
|
destination_port: "{{ item }}"
|
|
jump: ACCEPT
|
|
protocol: tcp
|
|
ignore_errors: yes
|
|
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
|
|
|
|
|
|
- name: Copy HAProxy configuration in place.
|
|
template:
|
|
src: haproxy.cfg.j2
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
mode: 0644
|
|
validate: haproxy -f %s -c -q
|
|
notify: restart haproxy
|
|
|
|
|
|
- name: Creates HAProxy stats directory
|
|
file:
|
|
path: /var/lib/haproxy
|
|
owner: haproxy
|
|
group: haproxy
|
|
state: directory
|
|
ignore_errors: yes
|
|
|
|
|
|
- name: Enable and start service HAProxy
|
|
systemd:
|
|
name: haproxy
|
|
daemon_reload: yes
|
|
state: started
|
|
enabled: yes
|
|
force: no
|
|
ignore_errors: yes
|
|
|
|
|
|
- name: Add syn_flood tasks
|
|
include: syn_flood.yml
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
|
|