infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/roles/haproxy/tasks/main.yml
Michal Konecny 2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-02-10 20:31:49 +00:00

122 lines
3.4 KiB
YAML
Raw Blame History

---
# Tasks to set up haproxy
- name: Install needed packages
ansible.builtin.package: name={{ item }} state=present
with_items:
- haproxy
- socat
tags:
- packages
- haproxy
- name: Install haproxy/cfg
ansible.builtin.template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
notify:
- Restart haproxy
tags:
- haproxy
- name: Install limits.conf and 503.http
ansible.builtin.copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: limits.conf, dest: /etc/security/limits.conf }
- { file: 503.http, dest: /etc/haproxy/503.http }
tags:
- haproxy
- name: Install pem cert
ansible.builtin.copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: "ipa.{{env}}-iad2.pem", dest: /etc/haproxy/ipa.pem }
- { file: "ocp.{{env_short}}-iad2.pem", dest: "/etc/haproxy/ocp-{{env_short}}.pem" }
tags:
- haproxy
- name: Install ocp api pem cert
ansible.builtin.copy: src={{ private }}/files/httpd/api-int.ocp{{ env_suffix }}.fedoraproject.org.pem
dest=/etc/haproxy/ocp4.pem
owner=root group=root mode=0600
tags:
- haproxy
- name: Install libsemanage
ansible.builtin.package:
state: present
name:
- libsemanage-python
tags:
- haproxy
- selinux
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')
- name: Install libsemanage in a python3 manner
ansible.builtin.package:
state: present
name:
- python3-libsemanage
tags:
- haproxy
- selinux
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
- name: Turn on certain selinux booleans so haproxy can bind to ports
seboolean: name={{ item }} state=true persistent=true
with_items:
- haproxy_connect_any
tags:
- haproxy
- selinux
# These following four tasks are used for copying over our custom selinux
# module.
- name: Ensure a directory exists for our custom selinux module
ansible.builtin.file: dest=/usr/share/haproxy state=directory
tags:
- haproxy
- selinux
- name: Copy over our general haproxy selinux module
ansible.builtin.copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
register: fi_haproxy_module
tags:
- haproxy
- selinux
- name: Check to see if its even installed yet
ansible.builtin.shell: semodule -l | grep fi-haproxy | wc -l
register: fi_haproxy_grep
check_mode: no
changed_when: "'0' in fi_haproxy_grep.stdout"
tags:
- haproxy
- selinux
- name: Install our general haproxy selinux module
ansible.builtin.command: semodule -i /usr/share/haproxy/fi-haproxy.pp
when: fi_haproxy_module is changed or fi_haproxy_grep is changed
tags:
- haproxy
- selinux
- name: Check haproxy cfg to make sure it is valid
ansible.builtin.command: haproxy -c -f /etc/haproxy/haproxy.cfg
check_mode: no
register: haproxyconfigcheck
changed_when: haproxyconfigcheck.rc != 0
tags:
- haproxy
- name: Make sure haproxy is awake and reporting for duty
service: name=haproxy state=started enabled=yes
tags:
- haproxy
View git blame Copy permalink