summaryrefslogtreecommitdiff
path: root/roles/haproxy/tasks/main.yml
blob: b80f2c48bd41e09e4fd1c6353a3c729d1e8951fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
- name: "check haproxy_domain is set"
  shell: |
    case "{{ haproxy_domain }}" in
        FIXME)
            echo "ERROR: MUST set haproxy_domain" 1>&2
            exit 1
            ;;
    esac

- name: "check letsencrypt_email is set"
  shell: |
    case "{{ letsencrypt_email }}" in
        FIXME)
            echo "ERROR: MUST set letsencrypt_email" 1>&2
            exit 1
            ;;
    esac

- name: "install certbot"
  apt:
    name: certbot
    default_release: stretch-backports

- name: "run certbot"
  shell: |
    set -eu
    certbot certonly \
            --standalone \
            --noninteractive \
            --email "{{ letsencrypt_email }}" \
            --agree-tos \
            --expand \
            --cert-name haproxy \
            --keep \
            --pre-hook "systemctl stop apache2 haproxy" \
            --post-hook "systemctl start apache2 haproxy" \
            -d "{{ haproxy_domain }}"
    (cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \
        > /etc/ssl/haproxy.pem

- name: "install daily cron job to create haproxy.pem"
  copy:
    content: |
      #!/bin/sh
      cd /etc/letsencrypt/live/haproxy
      cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
      systemctl restart haproxy
    dest: /etc/cron.daily/haproxy.pem
    owner: root
    group: root
    mode: 0755

- name: install haproxy
  apt:
    name: haproxy

- name: "create config dirs"
  file:
    state: directory
    path: "{{ item }}"
    owner: root
    group: root
    mode: 0755
  with_items:
    - /etc/haproxy

- name: "drop haproxy frontends and backends lists"
  file:
    state: absent
    path: "{{ item }}"
  with_items:
    - /etc/haproxy/frontends
    - /etc/haproxy/backends

- name: "create haproxy frontends list"
  shell: |
    (
        echo ""
        echo "    acl {{ item.name }} path_beg {{ item.path }}"
        echo "    use_backend {{ item.name }} if {{ item.name }}"
    ) >> /etc/haproxy/frontends
  with_items:
    - "{{ haproxy_rules }}"

- name: "create haproxy backends list"
  shell: |
    (
        echo ""
        echo "backend {{ item.name }}"
        i=0
        {% for backend in item.backends %}
        i="$(expr $i + 1)"
        echo "    server {{ item.name }}_$i {{ backend }}"
        {% endfor %}
    ) >> /etc/haproxy/backends
  with_items:
    - "{{ haproxy_rules }}"

- name: "copy haproxy preamble"
  template:
    src: haproxy.cfg.preamble
    dest: /etc/haproxy

- name: "assemble haproxy preamble"
  shell: |
    cd /etc/haproxy
    cat haproxy.cfg.preamble frontends backends > haproxy.cfg
    chmod 0755 haproxy.cfg

- name: enable and start haproxy
  service:
    name: "{{ item }}"
    state: restarted
    enabled: yes
  with_items:
    - haproxy