Compare commits
No commits in common. "288a8c59efd71b1b31993c60b9fc5d9678bbacd5" and "1d325903d5e3a0e3e5db532e179531c501c69eb0" have entirely different histories.
288a8c59ef
...
1d325903d5
2 changed files with 14 additions and 15 deletions
|
|
@ -2,6 +2,5 @@
|
||||||
# file: haproxy.yml
|
# file: haproxy.yml
|
||||||
|
|
||||||
- hosts: haproxy
|
- hosts: haproxy
|
||||||
become: true
|
|
||||||
roles:
|
roles:
|
||||||
- haproxy
|
- haproxy
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@
|
||||||
- policycoreutils-python-utils
|
- policycoreutils-python-utils
|
||||||
- NetworkManager
|
- NetworkManager
|
||||||
state: latest
|
state: latest
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
package:
|
package:
|
||||||
|
|
@ -15,6 +16,7 @@
|
||||||
- haproxy
|
- haproxy
|
||||||
- firewalld
|
- firewalld
|
||||||
state: latest
|
state: latest
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Add VLAN
|
- name: Add VLAN
|
||||||
nmcli:
|
nmcli:
|
||||||
|
|
@ -25,6 +27,7 @@
|
||||||
autoconnect: yes
|
autoconnect: yes
|
||||||
type: vlan
|
type: vlan
|
||||||
state: present
|
state: present
|
||||||
|
become: yes
|
||||||
when: (haproxy_keepalived_adapter_vlan is defined) and (haproxy_keepalived_ip is defined)
|
when: (haproxy_keepalived_adapter_vlan is defined) and (haproxy_keepalived_ip is defined)
|
||||||
|
|
||||||
- name: Enable firewall rule for vrrp
|
- name: Enable firewall rule for vrrp
|
||||||
|
|
@ -34,6 +37,7 @@
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
notify: reload firewalld
|
notify: reload firewalld
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Allow binding non-local IP
|
- name: Allow binding non-local IP
|
||||||
sysctl:
|
sysctl:
|
||||||
|
|
@ -41,6 +45,7 @@
|
||||||
value: "1"
|
value: "1"
|
||||||
reload: true
|
reload: true
|
||||||
state: present
|
state: present
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Allow binding ip forward
|
- name: Allow binding ip forward
|
||||||
sysctl:
|
sysctl:
|
||||||
|
|
@ -48,18 +53,21 @@
|
||||||
value: "1"
|
value: "1"
|
||||||
reload: true
|
reload: true
|
||||||
state: present
|
state: present
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Update keepalived configuration
|
- name: Update keepalived configuration
|
||||||
template:
|
template:
|
||||||
src: keepalived.conf.j2
|
src: keepalived.conf.j2
|
||||||
dest: /etc/keepalived/keepalived.conf
|
dest: /etc/keepalived/keepalived.conf
|
||||||
notify: reload keepalived
|
notify: reload keepalived
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Enable keepalived
|
- name: Enable keepalived
|
||||||
service:
|
service:
|
||||||
name: keepalived
|
name: keepalived
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Limit SSH to only ansible_host
|
- name: Limit SSH to only ansible_host
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
@ -68,6 +76,7 @@
|
||||||
line: "ListenAddress {{ ansible_host }}"
|
line: "ListenAddress {{ ansible_host }}"
|
||||||
notify:
|
notify:
|
||||||
- Restart SSH
|
- Restart SSH
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
@ -77,20 +86,7 @@
|
||||||
name: haproxy_connect_any
|
name: haproxy_connect_any
|
||||||
state: yes
|
state: yes
|
||||||
persistent: yes
|
persistent: yes
|
||||||
|
become: yes
|
||||||
- name: Ensure maps directory exists
|
|
||||||
file:
|
|
||||||
path: "/etc/haproxy/maps"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Deploy map files
|
|
||||||
copy:
|
|
||||||
src: "{{ item }}"
|
|
||||||
dest: /etc/haproxy/maps
|
|
||||||
mode: 0644
|
|
||||||
with_fileglob:
|
|
||||||
- "maps/*"
|
|
||||||
notify: reload haproxy
|
|
||||||
|
|
||||||
- name: Update HAProxy configuration
|
- name: Update HAProxy configuration
|
||||||
template:
|
template:
|
||||||
|
|
@ -99,12 +95,14 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
validate: haproxy -f %s -c -q
|
validate: haproxy -f %s -c -q
|
||||||
notify: reload haproxy
|
notify: reload haproxy
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Ensure HAProxy is started and enabled on boot.
|
- name: Ensure HAProxy is started and enabled on boot.
|
||||||
service:
|
service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Enable firewall ports for haproxy
|
- name: Enable firewall ports for haproxy
|
||||||
firewalld:
|
firewalld:
|
||||||
|
|
@ -114,9 +112,11 @@
|
||||||
state: enabled
|
state: enabled
|
||||||
loop: "{{ haproxy_listen_ports }}"
|
loop: "{{ haproxy_listen_ports }}"
|
||||||
notify: reload firewalld
|
notify: reload firewalld
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: Enable firewalld
|
- name: Enable firewalld
|
||||||
service:
|
service:
|
||||||
name: firewalld
|
name: firewalld
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
become: yes
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue