diff options
Diffstat (limited to 'roles/haproxy-for-ick/tasks/main.yml')
-rw-r--r-- | roles/haproxy-for-ick/tasks/main.yml | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/roles/haproxy-for-ick/tasks/main.yml b/roles/haproxy-for-ick/tasks/main.yml new file mode 100644 index 0000000..ffce169 --- /dev/null +++ b/roles/haproxy-for-ick/tasks/main.yml @@ -0,0 +1,117 @@ +- name: "check haproxy_domain is set" + shell: | + if [ "{{ haproxy_domain }}" = "" ] || [ "{{ haproxy_domain }}" = "FIXME" ] + then + echo "ERROR: MUST set haproxy_domain" 1>&2 + exit 1 + fi + +# - name: "check letsencrypt_email is set" +# shell: | +# if [ "{{ letsencrypt_email }}" = "" ] || [ "{{ letsencrypt_email }}" = "FIXME" ] +# then +# echo "ERROR: MUST set letsencrypt_email" 1>&2 +# exit 1 +# fi + +- name: install haproxy + apt: + name: haproxy + +- name: "install haproxy TLS cert" + copy: + src: haproxy.pem + dest: /etc/ssl/haproxy.pem + mode: 0600 + +# - name: "install certbot" +# apt: +# name: certbot + +# - name: "install daily cron job to create haproxy.pem" +# copy: +# content: | +# #!/bin/sh +# set -eu +# cd /etc/letsencrypt/live/haproxy +# cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem +# systemctl restart haproxy +# dest: /etc/cron.daily/haproxy.pem +# owner: root +# group: root +# mode: 0755 + +# - name: "run certbot" +# shell: | +# set -eu +# certbot certonly \ +# --standalone \ +# --noninteractive \ +# --email "{{ letsencrypt_email }}" \ +# --agree-tos \ +# --expand \ +# --cert-name haproxy \ +# --keep \ +# --pre-hook "systemctl stop haproxy" \ +# --post-hook "systemctl start haproxy" \ +# -d "{{ haproxy_domain }}" +# /etc/cron.daily/haproxy.pem + +- name: "create config dirs" + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - /etc/haproxy + +- name: "drop haproxy frontends and backends lists" + file: + state: absent + path: "{{ item }}" + with_items: + - /etc/haproxy/frontends + - /etc/haproxy/backends + +- name: "create haproxy frontends list" + shell: | + ( + echo "" + echo " acl {{ item.name }} path_beg {{ item.path }}" + echo " use_backend {{ item.name }} if {{ item.name }}" + ) >> /etc/haproxy/frontends + with_items: + - "{{ haproxy_rules }}" + +- name: "create haproxy backends list" + shell: | + ( + echo "" + echo "backend {{ item.name }}" + i=0 + {% for backend in item.backends %} + i="$(expr $i + 1)" + echo " server {{ item.name }}_$i {{ backend }}" + {% endfor %} + ) >> /etc/haproxy/backends + with_items: + - "{{ haproxy_rules }}" + +- name: "copy haproxy preamble" + template: + src: haproxy.cfg.preamble + dest: /etc/haproxy + +- name: "assemble haproxy preamble" + shell: | + cd /etc/haproxy + cat haproxy.cfg.preamble frontends backends > haproxy.cfg + chmod 0755 haproxy.cfg + +- name: enable and start haproxy + service: + state: restarted + enabled: yes + name: haproxy |