ansible/roles/haproxy/tasks/main.yml

---
# Tasks to set up haproxy

- name: install needed packages
  yum: pkg={{ item }} state=installed
  with_items:
  - haproxy
  tags:
  - packages
  - haproxy

- name: install haproxy/cfg in prod
  template: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
  notify:
  - restart haproxy
  when: env != 'staging'
  tags:
  - haproxy

- name: install haproxy.cfg in stg
  template: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }
  when: env == 'staging'
  notify:
  - restart haproxy
  tags:
  - haproxy

- name: install limits.conf and 503.http
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: limits.conf, dest: /etc/security/limits.conf }
  - { file: 503.http, dest: /etc/haproxy/503.http }
  tags:
  - haproxy

- name: Install libsemanage-python so we can manage selinux with python...
  yum: name=libsemanage-python state=installed
  tags:
  - haproxy
  - selinux

- name: Turn on certain selinux booleans so haproxy can bind to ports
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  - haproxy_connect_any
  tags:
  - haproxy
  - selinux

# These following four tasks are used for copying over our custom selinux
# module.
- name: ensure a directory exists for our custom selinux module
  file: dest=/usr/share/haproxy state=directory
  tags:
  - haproxy
  - selinux

- name: copy over our general haproxy selinux module
  copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
  register: fi_haproxy_module
  tags:
  - haproxy
  - selinux

- name: check to see if its even installed yet
  shell: semodule -l | grep fi-haproxy | wc -l
  register: fi_haproxy_grep
  always_run: true
  changed_when: "'0' in fi_haproxy_grep.stdout"
  tags:
  - haproxy
  - selinux

- name: install our general haproxy selinux module
  command: semodule -i /usr/share/haproxy/fi-haproxy.pp
  when: fi_haproxy_module|changed or fi_haproxy_grep|changed
  tags:
  - haproxy
  - selinux


- name: check haproxy cfg to make sure it is valid (prod)
  command: haproxy -c -f /etc/haproxy/haproxy.cfg
  always_run: true
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
  tags:
  - haproxy

- name: check haproxy cfg to make sure it is valid (prod)
  command: haproxy -c -f /etc/haproxy/haproxy.cfg
  always_run: true
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
  tags:
  - haproxy

- name: Make sure haproxy is awake and reporting for duty
  service: name=haproxy state=started enabled=yes
  tags:
  - haproxy
Start working on the haproxy role 2014-12-07 23:35:44 +00:00			`---`
			`# Tasks to set up haproxy`

			`- name: install needed packages`
			`yum: pkg={{ item }} state=installed`
			`with_items:`
			`- haproxy`
			`tags:`
			`- packages`
Tag up the base haproxy role. 2015-01-06 19:35:41 +00:00			`- haproxy`
Start working on the haproxy role 2014-12-07 23:35:44 +00:00
			`- name: install haproxy/cfg in prod`
Switch haproxy to prefer a local mirrorlist server if available. Allow port 443 connections from those proxies on mirrorlists. Add hosts entries for proxy10 and proxy01 that should allow ssl to work right. Will test this on one proxy/mirrorlist and move on to the others. 2015-05-31 17:17:41 +00:00			`template: src={{ item.file }}`
Start working on the haproxy role 2014-12-07 23:35:44 +00:00			`dest={{ item.dest }}`
			`owner=root group=root mode=0600`
			`with_items:`
			`- { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }`
Gotta actually start the thing. 2015-01-06 19:40:05 +00:00			`notify:`
			`- restart haproxy`
haproxy typofix. 2015-01-06 19:38:18 +00:00			`when: env != 'staging'`
Tag up the base haproxy role. 2015-01-06 19:35:41 +00:00			`tags:`
			`- haproxy`
Start working on the haproxy role 2014-12-07 23:35:44 +00:00
			`- name: install haproxy.cfg in stg`
Switch haproxy to prefer a local mirrorlist server if available. Allow port 443 connections from those proxies on mirrorlists. Add hosts entries for proxy10 and proxy01 that should allow ssl to work right. Will test this on one proxy/mirrorlist and move on to the others. 2015-05-31 17:17:41 +00:00			`template: src={{ item.file }}`
Start working on the haproxy role 2014-12-07 23:35:44 +00:00			`dest={{ item.dest }}`
			`owner=root group=root mode=0600`
			`with_items:`
			`- { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }`
haproxy typofix. 2015-01-06 19:38:18 +00:00			`when: env == 'staging'`
Gotta actually start the thing. 2015-01-06 19:40:05 +00:00			`notify:`
			`- restart haproxy`
			`tags:`
			`- haproxy`

Start working on the haproxy role 2014-12-07 23:35:44 +00:00			`- name: install limits.conf and 503.http`
			`copy: src={{ item.file }}`
			`dest={{ item.dest }}`
			`owner=root group=root mode=0600`
			`with_items:`
			`- { file: limits.conf, dest: /etc/security/limits.conf }`
			`- { file: 503.http, dest: /etc/haproxy/503.http }`
Tag up the base haproxy role. 2015-01-06 19:35:41 +00:00			`tags:`
			`- haproxy`
Selinux boolean for haproxy. 2015-01-06 19:45:58 +00:00
			`- name: Install libsemanage-python so we can manage selinux with python...`
			`yum: name=libsemanage-python state=installed`
			`tags:`
			`- haproxy`
			`- selinux`

			`- name: Turn on certain selinux booleans so haproxy can bind to ports`
			`seboolean: name={{ item }} state=true persistent=true`
			`with_items:`
			`- haproxy_connect_any`
			`tags:`
			`- haproxy`
			`- selinux`
A custom selinux module for our haproxy setup. 2015-01-06 19:53:19 +00:00
			`# These following four tasks are used for copying over our custom selinux`
			`# module.`
			`- name: ensure a directory exists for our custom selinux module`
			`file: dest=/usr/share/haproxy state=directory`
			`tags:`
			`- haproxy`
			`- selinux`

			`- name: copy over our general haproxy selinux module`
			`copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp`
			`register: fi_haproxy_module`
			`tags:`
			`- haproxy`
			`- selinux`

			`- name: check to see if its even installed yet`
			`shell: semodule -l \| grep fi-haproxy \| wc -l`
			`register: fi_haproxy_grep`
			`always_run: true`
			`changed_when: "'0' in fi_haproxy_grep.stdout"`
			`tags:`
			`- haproxy`
			`- selinux`

			`- name: install our general haproxy selinux module`
			`command: semodule -i /usr/share/haproxy/fi-haproxy.pp`
			`when: fi_haproxy_module\|changed or fi_haproxy_grep\|changed`
			`tags:`
			`- haproxy`
			`- selinux`
Only check haproxy configs and start after everything is in place Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2015-08-19 01:18:31 +00:00

			`- name: check haproxy cfg to make sure it is valid (prod)`
			`command: haproxy -c -f /etc/haproxy/haproxy.cfg`
			`always_run: true`
			`register: haproxyconfigcheck`
			`changed_when: haproxyconfigcheck.rc != 0`
			`tags:`
			`- haproxy`

			`- name: check haproxy cfg to make sure it is valid (prod)`
			`command: haproxy -c -f /etc/haproxy/haproxy.cfg`
			`always_run: true`
			`register: haproxyconfigcheck`
			`changed_when: haproxyconfigcheck.rc != 0`
			`tags:`
			`- haproxy`

			`- name: Make sure haproxy is awake and reporting for duty`
			`service: name=haproxy state=started enabled=yes`
			`tags:`
			`- haproxy`