blob: ffce1694ae2ba9ab0d00a690056528b8c545970b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
- name: "check haproxy_domain is set"
shell: |
if [ "{{ haproxy_domain }}" = "" ] || [ "{{ haproxy_domain }}" = "FIXME" ]
then
echo "ERROR: MUST set haproxy_domain" 1>&2
exit 1
fi
# - name: "check letsencrypt_email is set"
# shell: |
# if [ "{{ letsencrypt_email }}" = "" ] || [ "{{ letsencrypt_email }}" = "FIXME" ]
# then
# echo "ERROR: MUST set letsencrypt_email" 1>&2
# exit 1
# fi
- name: install haproxy
apt:
name: haproxy
- name: "install haproxy TLS cert"
copy:
src: haproxy.pem
dest: /etc/ssl/haproxy.pem
mode: 0600
# - name: "install certbot"
# apt:
# name: certbot
# - name: "install daily cron job to create haproxy.pem"
# copy:
# content: |
# #!/bin/sh
# set -eu
# cd /etc/letsencrypt/live/haproxy
# cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
# systemctl restart haproxy
# dest: /etc/cron.daily/haproxy.pem
# owner: root
# group: root
# mode: 0755
# - name: "run certbot"
# shell: |
# set -eu
# certbot certonly \
# --standalone \
# --noninteractive \
# --email "{{ letsencrypt_email }}" \
# --agree-tos \
# --expand \
# --cert-name haproxy \
# --keep \
# --pre-hook "systemctl stop haproxy" \
# --post-hook "systemctl start haproxy" \
# -d "{{ haproxy_domain }}"
# /etc/cron.daily/haproxy.pem
- name: "create config dirs"
file:
state: directory
path: "{{ item }}"
owner: root
group: root
mode: 0755
with_items:
- /etc/haproxy
- name: "drop haproxy frontends and backends lists"
file:
state: absent
path: "{{ item }}"
with_items:
- /etc/haproxy/frontends
- /etc/haproxy/backends
- name: "create haproxy frontends list"
shell: |
(
echo ""
echo " acl {{ item.name }} path_beg {{ item.path }}"
echo " use_backend {{ item.name }} if {{ item.name }}"
) >> /etc/haproxy/frontends
with_items:
- "{{ haproxy_rules }}"
- name: "create haproxy backends list"
shell: |
(
echo ""
echo "backend {{ item.name }}"
i=0
{% for backend in item.backends %}
i="$(expr $i + 1)"
echo " server {{ item.name }}_$i {{ backend }}"
{% endfor %}
) >> /etc/haproxy/backends
with_items:
- "{{ haproxy_rules }}"
- name: "copy haproxy preamble"
template:
src: haproxy.cfg.preamble
dest: /etc/haproxy
- name: "assemble haproxy preamble"
shell: |
cd /etc/haproxy
cat haproxy.cfg.preamble frontends backends > haproxy.cfg
chmod 0755 haproxy.cfg
- name: enable and start haproxy
service:
state: restarted
enabled: yes
name: haproxy
|