Tyler/Ansible-HAProxy-Failover
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Adding variable for managing firewall ports

Browse source
This commit is contained in:
Tyler Hale 2021-09-25 08:41:14 -06:00
parent c5283b1487
commit d038403979
Signed by: Tyler
GPG key ID: 3F9270F8F70AC13D
3 changed files with 24 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -5,7 +5,7 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared
## Variables ## Variables
| Variable | Required | Default | Choices | Description | | Variable | Required | Default | Choices | Description |
| --------------------------------- | -------- | ---------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | --------------------------------- | -------- | --------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP | | haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP |
| haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file | | haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file |
| haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication | | haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication |
@ -17,6 +17,7 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared
| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will | | haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will |
| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority | | haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority |
| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group | | haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group |
| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall |
## Example ## Example

9
roles/haproxy/defaults/main.yml
View file

@ -9,6 +9,15 @@ haproxy_shared_ip: ""
haproxy_shared_ip_subnet: "/24" haproxy_shared_ip_subnet: "/24"
haproxy_shared_virtual_router_id: 25 haproxy_shared_virtual_router_id: 25
haproxy_keepalived_process_weight: 10 haproxy_keepalived_process_weight: 10
haproxy_listen_ports:
- port : 22
protocol: tcp
- port : 80
protocol: tcp
- port : 443
protocol: tcp
- port : 9999
protocol: tcp
# Set per host # Set per host

14
roles/haproxy/tasks/main.yml
View file

@ -110,19 +110,7 @@
permanent: yes permanent: yes
immediate: yes immediate: yes
state: enabled state: enabled
with_items: loop: "{{ haproxy_listen_ports }}"
- {port: "22", protocol: "tcp"}
- {port: "80", protocol: "tcp"}
- {port: "443", protocol: "tcp"}
notify: reload firewalld
become: yes
- name: Enable firewall ports for haproxy stats
firewalld:
port: "9999/tcp"
permanent: yes
immediate: yes
state: enabled
notify: reload firewalld notify: reload firewalld
become: yes become: yes