haproxy-wi/app/scripts/ansible/roles/haproxy/tasks/main.yml

---      
- name: Set SSH port
  set_fact:
    ansible_port: "{{SSH_PORT}}"
    
    
- name: check if HAProxy is installed
  package_facts:
    manager: "auto"
  

- name: populate service facts
  service_facts:
  
  
- name: install EPEL Repository
  yum:
    name: epel-release
    state: latest
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
  ignore_errors: yes
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"

  
- name: install HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
  yum:
    name: 
      - http://repo.haproxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
      - socat
    state: present
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
  register: install_result
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"
    
    
- name: set_fact from wi`
  set_fact:
    haproxy_from_wi: "yes"
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
  
  
- name: install the latest version of HAProxy
  yum:
    name: 
      - haproxy
      - socat
    state: latest
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result.stderr")
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"

    
- name: Install HAProxy
  apt:
    name: 
      - haproxy
      - socat
    state: present
  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"
    
    
- name: Change wrong HAProxy service file
  template:
    src: haproxy.service.j2
    dest: /usr/lib/systemd/system/haproxy.service
    mode: 0644
  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and haproxy_from_wi is defined
  
  
- name: Disble SELINUX in config
  template:
   src: selinux.j2
   dest: /etc/selinux/config
  ignore_errors: yes
  ignore_errors: yes
  
- name: Disble SELINUX in env
  shell: setenforce 0
  ignore_errors: yes
  ignore_errors: yes
  
- name: Enable and start service HAProxy
  systemd:
    name: haproxy
    daemon_reload: yes
    state: started
    enabled: yes
    force: no
  ignore_errors: yes
  when: "'haproxy' in ansible_facts.packages"
  

- name: Exiting  
  meta: end_play
  when: "'haproxy' in ansible_facts.packages"
    
    
- name: Get HAProxy version.
  command: haproxy -v
  register: haproxy_version_result
  changed_when: false
  check_mode: false
  
  
- name: Set HAProxy version.
  set_fact:
    haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
    
    
- name: Open stat port for firewalld
  firewalld:
    port: "{{ item }}/tcp"
    state: enabled
    permanent: yes
    immediate: yes
  ignore_errors: yes
  no_log: True
  when: ansible_facts.services["firewalld.service"]['state'] == "running"
  with_items:  [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
  
  
- name: Open stat port for iptables
  iptables:
    chain: INPUT
    destination_port: "{{ item }}"
    jump: ACCEPT
    protocol: tcp
  ignore_errors: yes
  with_items:  [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
  
  
- name: Copy HAProxy configuration in place.
  template:
    src: haproxy.cfg.j2
    dest: /etc/haproxy/haproxy.cfg
    mode: 0644
    validate: haproxy -f %s -c -q
  notify: restart haproxy
  
  
- name: Enable and start service HAProxy
  systemd:
    name: haproxy
    daemon_reload: yes
    state: started
    enabled: yes
    force: no
  ignore_errors: yes
  
  
- name: Add syn_flood tasks
  include: syn_flood.yml
  when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)