From 24eaa6c48c7147f2f7330bcb1ad4677208714403 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 7 Aug 2018 12:09:43 +0300
Subject: Add: haproxy role

---
 roles/haproxy/tasks/main.yml | 94 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 roles/haproxy/tasks/main.yml

(limited to 'roles/haproxy/tasks/main.yml')

diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
new file mode 100644
index 0000000..0a56410
--- /dev/null
+++ b/roles/haproxy/tasks/main.yml
@@ -0,0 +1,94 @@
+- name: "check haproxy_domain is set"
+  shell: |
+    case "{{ haproxy_domain }}" in
+        FIXME)
+            echo "ERROR: MUST set haproxy_domain" 1>&2
+            exit 1
+            ;;
+    esac
+
+- name: "install certbot"
+  apt:
+    name: certbot
+    default_release: stretch-backports
+
+- name: "run certbot"
+  shell: |
+    certbot certonly \
+            --standalone \
+            --noninteractive \
+            --email "{{ letsencrypt_email }}" \
+            --agree-tos \
+            --expand \
+            --cert-name haproxy \
+            --keep \
+            --pre-hook "systemctl stop haproxy" \
+            --post-hook "systemctl start haproxy" \
+            -d "{{ haproxy_domain }}"
+    (cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \
+        > /etc/ssl/haproxy.pem
+
+- name: install haproxy
+  apt:
+    name: haproxy
+
+- name: "create config dirs"
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - /etc/haproxy
+
+- name: "drop haproxy frontends and backends lists"
+  file:
+    state: absent
+    path: "{{ item }}"
+  with_items:
+    - /etc/haproxy/frontends
+    - /etc/haproxy/backends
+
+- name: "create haproxy frontends list"
+  shell: |
+    (
+        echo ""
+        echo "    acl {{ item.name }} path_beg {{ item.path }}"
+        echo "    use_backend {{ item.name }} if {{ item.name }}"
+    ) >> /etc/haproxy/frontends
+  with_items:
+    - "{{ haproxy_rules }}"
+
+- name: "create haproxy backends list"
+  shell: |
+    (
+        echo ""
+        echo "backend {{ item.name }}"
+        i=0
+        {% for backend in item.backends %}
+        i="$(expr $i + 1)"
+        echo "    server {{ item.name }}_$i {{ backend }}"
+        {% endfor %}
+    ) >> /etc/haproxy/backends
+  with_items:
+    - "{{ haproxy_rules }}"
+
+- name: "copy haproxy preamble"
+  template:
+    src: haproxy.cfg.preamble
+    dest: /etc/haproxy
+
+- name: "assemble haproxy preamble"
+  shell: |
+    cd /etc/haproxy
+    cat haproxy.cfg.preamble frontends backends > haproxy.cfg
+    chmod 0755 haproxy.cfg
+
+- name: enable and start haproxy
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - haproxy
-- 
cgit v1.2.1