blob: 2fc6d5e3d6c33aa5b71d22647da4e2ac762bc712 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
- name: "check haproxy_domain is set"
shell: |
if [ "{{ haproxy_domain }}" = "" ] || [ "{{ haproxy_domain }}" = "FIXME" ]
then
echo "ERROR: MUST set haproxy_domain" 1>&2
exit 1
fi
- name: "check letsencrypt_email is set"
shell: |
if [ "{{ letsencrypt_email }}" = "" ] || [ "{{ letsencrypt_email }}" = "FIXME" ]
then
echo "ERROR: MUST set letsencrypt_email" 1>&2
exit 1
fi
- name: "install certbot"
apt:
name: certbot
default_release: stretch-backports
- name: "install daily cron job to create haproxy.pem"
copy:
content: |
#!/bin/sh
set -eu
cd /etc/letsencrypt/live/haproxy
cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
systemctl restart haproxy
dest: /etc/cron.daily/haproxy.pem
owner: root
group: root
mode: 0755
- name: "run certbot"
shell: |
set -eu
certbot certonly \
--standalone \
--noninteractive \
--email "{{ letsencrypt_email }}" \
--agree-tos \
--expand \
--cert-name haproxy \
--keep \
--pre-hook "systemctl stop apache2 haproxy" \
--post-hook "systemctl start apache2 haproxy" \
-d "{{ haproxy_domain }}"
/etc/cron.daily/haproxy.pem
- name: install haproxy
apt:
name: haproxy
- name: "create config dirs"
file:
state: directory
path: "{{ item }}"
owner: root
group: root
mode: 0755
with_items:
- /etc/haproxy
- name: "drop haproxy frontends and backends lists"
file:
state: absent
path: "{{ item }}"
with_items:
- /etc/haproxy/frontends
- /etc/haproxy/backends
- name: "create haproxy frontends list"
shell: |
(
echo ""
echo " acl {{ item.name }} path_beg {{ item.path }}"
echo " use_backend {{ item.name }} if {{ item.name }}"
) >> /etc/haproxy/frontends
with_items:
- "{{ haproxy_rules }}"
- name: "create haproxy backends list"
shell: |
(
echo ""
echo "backend {{ item.name }}"
i=0
{% for backend in item.backends %}
i="$(expr $i + 1)"
echo " server {{ item.name }}_$i {{ backend }}"
{% endfor %}
) >> /etc/haproxy/backends
with_items:
- "{{ haproxy_rules }}"
- name: "copy haproxy preamble"
template:
src: haproxy.cfg.preamble
dest: /etc/haproxy
- name: "assemble haproxy preamble"
shell: |
cd /etc/haproxy
cat haproxy.cfg.preamble frontends backends > haproxy.cfg
chmod 0755 haproxy.cfg
- name: enable and start haproxy
service:
state: restarted
enabled: yes
name: haproxy
|