1 files changed, 117 insertions, 0 deletions
diff --git a/roles/haproxy-for-ick/tasks/main.yml b/roles/haproxy-for-ick/tasks/main.yml
new file mode 100644
index 0000000..ffce169
--- /dev/null
+++ b/roles/haproxy-for-ick/tasks/main.yml
@@ -0,0 +1,117 @@
+- name: "check haproxy_domain is set"
+  shell: |
+    if [ "{{ haproxy_domain }}" = "" ] || [ "{{ haproxy_domain }}" = "FIXME" ]
+    then
+        echo "ERROR: MUST set haproxy_domain" 1>&2
+        exit 1
+    fi
+
+# - name: "check letsencrypt_email is set"
+#   shell: |
+#     if [ "{{ letsencrypt_email }}" = "" ] || [ "{{ letsencrypt_email }}" = "FIXME" ]
+#     then
+#         echo "ERROR: MUST set letsencrypt_email" 1>&2
+#         exit 1
+#     fi
+
+- name: install haproxy
+  apt:
+    name: haproxy
+
+- name: "install haproxy TLS cert"
+  copy:
+    src: haproxy.pem
+    dest: /etc/ssl/haproxy.pem
+    mode: 0600
+
+# - name: "install certbot"
+#   apt:
+#     name: certbot
+
+# - name: "install daily cron job to create haproxy.pem"
+#   copy:
+#     content: |
+#       #!/bin/sh
+#       set -eu
+#       cd /etc/letsencrypt/live/haproxy
+#       cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
+#       systemctl restart haproxy
+#     dest: /etc/cron.daily/haproxy.pem
+#     owner: root
+#     group: root
+#     mode: 0755
+
+# - name: "run certbot"
+#   shell: |
+#     set -eu
+#     certbot certonly \
+#             --standalone \
+#             --noninteractive \
+#             --email "{{ letsencrypt_email }}" \
+#             --agree-tos \
+#             --expand \
+#             --cert-name haproxy \
+#             --keep \
+#             --pre-hook "systemctl stop haproxy" \
+#             --post-hook "systemctl start haproxy" \
+#             -d "{{ haproxy_domain }}"
+#     /etc/cron.daily/haproxy.pem
+
+- name: "create config dirs"
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - /etc/haproxy
+
+- name: "drop haproxy frontends and backends lists"
+  file:
+    state: absent
+    path: "{{ item }}"
+  with_items:
+    - /etc/haproxy/frontends
+    - /etc/haproxy/backends
+
+- name: "create haproxy frontends list"
+  shell: |
+    (
+        echo ""
+        echo "    acl {{ item.name }} path_beg {{ item.path }}"
+        echo "    use_backend {{ item.name }} if {{ item.name }}"
+    ) >> /etc/haproxy/frontends
+  with_items:
+    - "{{ haproxy_rules }}"
+
+- name: "create haproxy backends list"
+  shell: |
+    (
+        echo ""
+        echo "backend {{ item.name }}"
+        i=0
+        {% for backend in item.backends %}
+        i="$(expr $i + 1)"
+        echo "    server {{ item.name }}_$i {{ backend }}"
+        {% endfor %}
+    ) >> /etc/haproxy/backends
+  with_items:
+    - "{{ haproxy_rules }}"
+
+- name: "copy haproxy preamble"
+  template:
+    src: haproxy.cfg.preamble
+    dest: /etc/haproxy
+
+- name: "assemble haproxy preamble"
+  shell: |
+    cd /etc/haproxy
+    cat haproxy.cfg.preamble frontends backends > haproxy.cfg
+    chmod 0755 haproxy.cfg
+
+- name: enable and start haproxy
+  service:
+    state: restarted
+    enabled: yes
+    name: haproxy