Compare commits
2 commits
1d325903d5
...
288a8c59ef
Author | SHA1 | Date | |
---|---|---|---|
288a8c59ef | |||
53f6eb07e9 |
2 changed files with 15 additions and 14 deletions
|
@ -2,5 +2,6 @@
|
|||
# file: haproxy.yml
|
||||
|
||||
- hosts: haproxy
|
||||
become: true
|
||||
roles:
|
||||
- haproxy
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
- policycoreutils-python-utils
|
||||
- NetworkManager
|
||||
state: latest
|
||||
become: yes
|
||||
|
||||
- name: Install packages
|
||||
package:
|
||||
|
@ -16,7 +15,6 @@
|
|||
- haproxy
|
||||
- firewalld
|
||||
state: latest
|
||||
become: yes
|
||||
|
||||
- name: Add VLAN
|
||||
nmcli:
|
||||
|
@ -27,7 +25,6 @@
|
|||
autoconnect: yes
|
||||
type: vlan
|
||||
state: present
|
||||
become: yes
|
||||
when: (haproxy_keepalived_adapter_vlan is defined) and (haproxy_keepalived_ip is defined)
|
||||
|
||||
- name: Enable firewall rule for vrrp
|
||||
|
@ -37,7 +34,6 @@
|
|||
state: enabled
|
||||
immediate: yes
|
||||
notify: reload firewalld
|
||||
become: yes
|
||||
|
||||
- name: Allow binding non-local IP
|
||||
sysctl:
|
||||
|
@ -45,7 +41,6 @@
|
|||
value: "1"
|
||||
reload: true
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: Allow binding ip forward
|
||||
sysctl:
|
||||
|
@ -53,21 +48,18 @@
|
|||
value: "1"
|
||||
reload: true
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: Update keepalived configuration
|
||||
template:
|
||||
src: keepalived.conf.j2
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
notify: reload keepalived
|
||||
become: yes
|
||||
|
||||
- name: Enable keepalived
|
||||
service:
|
||||
name: keepalived
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
||||
|
||||
- name: Limit SSH to only ansible_host
|
||||
lineinfile:
|
||||
|
@ -76,7 +68,6 @@
|
|||
line: "ListenAddress {{ ansible_host }}"
|
||||
notify:
|
||||
- Restart SSH
|
||||
become: yes
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
@ -86,7 +77,20 @@
|
|||
name: haproxy_connect_any
|
||||
state: yes
|
||||
persistent: yes
|
||||
become: yes
|
||||
|
||||
- name: Ensure maps directory exists
|
||||
file:
|
||||
path: "/etc/haproxy/maps"
|
||||
state: directory
|
||||
|
||||
- name: Deploy map files
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/haproxy/maps
|
||||
mode: 0644
|
||||
with_fileglob:
|
||||
- "maps/*"
|
||||
notify: reload haproxy
|
||||
|
||||
- name: Update HAProxy configuration
|
||||
template:
|
||||
|
@ -95,14 +99,12 @@
|
|||
mode: 0644
|
||||
validate: haproxy -f %s -c -q
|
||||
notify: reload haproxy
|
||||
become: yes
|
||||
|
||||
- name: Ensure HAProxy is started and enabled on boot.
|
||||
service:
|
||||
name: haproxy
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
||||
|
||||
- name: Enable firewall ports for haproxy
|
||||
firewalld:
|
||||
|
@ -112,11 +114,9 @@
|
|||
state: enabled
|
||||
loop: "{{ haproxy_listen_ports }}"
|
||||
notify: reload firewalld
|
||||
become: yes
|
||||
|
||||
- name: Enable firewalld
|
||||
service:
|
||||
name: firewalld
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
||||
|
|
Loading…
Reference in a new issue