Compare commits

..

2 commits

Author SHA1 Message Date
288a8c59ef
Adding steps for handling map files 2022-08-25 16:19:52 -06:00
53f6eb07e9
Moving become flag to the role level 2022-08-25 16:19:08 -06:00
2 changed files with 15 additions and 14 deletions

View file

@ -2,5 +2,6 @@
# file: haproxy.yml # file: haproxy.yml
- hosts: haproxy - hosts: haproxy
become: true
roles: roles:
- haproxy - haproxy

View file

@ -7,7 +7,6 @@
- policycoreutils-python-utils - policycoreutils-python-utils
- NetworkManager - NetworkManager
state: latest state: latest
become: yes
- name: Install packages - name: Install packages
package: package:
@ -16,7 +15,6 @@
- haproxy - haproxy
- firewalld - firewalld
state: latest state: latest
become: yes
- name: Add VLAN - name: Add VLAN
nmcli: nmcli:
@ -27,7 +25,6 @@
autoconnect: yes autoconnect: yes
type: vlan type: vlan
state: present state: present
become: yes
when: (haproxy_keepalived_adapter_vlan is defined) and (haproxy_keepalived_ip is defined) when: (haproxy_keepalived_adapter_vlan is defined) and (haproxy_keepalived_ip is defined)
- name: Enable firewall rule for vrrp - name: Enable firewall rule for vrrp
@ -37,7 +34,6 @@
state: enabled state: enabled
immediate: yes immediate: yes
notify: reload firewalld notify: reload firewalld
become: yes
- name: Allow binding non-local IP - name: Allow binding non-local IP
sysctl: sysctl:
@ -45,7 +41,6 @@
value: "1" value: "1"
reload: true reload: true
state: present state: present
become: yes
- name: Allow binding ip forward - name: Allow binding ip forward
sysctl: sysctl:
@ -53,21 +48,18 @@
value: "1" value: "1"
reload: true reload: true
state: present state: present
become: yes
- name: Update keepalived configuration - name: Update keepalived configuration
template: template:
src: keepalived.conf.j2 src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf dest: /etc/keepalived/keepalived.conf
notify: reload keepalived notify: reload keepalived
become: yes
- name: Enable keepalived - name: Enable keepalived
service: service:
name: keepalived name: keepalived
state: started state: started
enabled: yes enabled: yes
become: yes
- name: Limit SSH to only ansible_host - name: Limit SSH to only ansible_host
lineinfile: lineinfile:
@ -76,7 +68,6 @@
line: "ListenAddress {{ ansible_host }}" line: "ListenAddress {{ ansible_host }}"
notify: notify:
- Restart SSH - Restart SSH
become: yes
- name: Flush handlers - name: Flush handlers
meta: flush_handlers meta: flush_handlers
@ -86,7 +77,20 @@
name: haproxy_connect_any name: haproxy_connect_any
state: yes state: yes
persistent: yes persistent: yes
become: yes
- name: Ensure maps directory exists
file:
path: "/etc/haproxy/maps"
state: directory
- name: Deploy map files
copy:
src: "{{ item }}"
dest: /etc/haproxy/maps
mode: 0644
with_fileglob:
- "maps/*"
notify: reload haproxy
- name: Update HAProxy configuration - name: Update HAProxy configuration
template: template:
@ -95,14 +99,12 @@
mode: 0644 mode: 0644
validate: haproxy -f %s -c -q validate: haproxy -f %s -c -q
notify: reload haproxy notify: reload haproxy
become: yes
- name: Ensure HAProxy is started and enabled on boot. - name: Ensure HAProxy is started and enabled on boot.
service: service:
name: haproxy name: haproxy
state: started state: started
enabled: yes enabled: yes
become: yes
- name: Enable firewall ports for haproxy - name: Enable firewall ports for haproxy
firewalld: firewalld:
@ -112,11 +114,9 @@
state: enabled state: enabled
loop: "{{ haproxy_listen_ports }}" loop: "{{ haproxy_listen_ports }}"
notify: reload firewalld notify: reload firewalld
become: yes
- name: Enable firewalld - name: Enable firewalld
service: service:
name: firewalld name: firewalld
state: started state: started
enabled: yes enabled: yes
become: yes