Robert Helewka
042df52bca
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user. - Modified PostgreSQL deployment to create directories and manage files under keeper_user's home. - Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks. - Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support. - Added staging playbook for preparing release tarballs from local repositories. - Created templates for XRDP configuration and environment activation scripts. - Removed obsolete sunwait documentation.
118 lines
3.1 KiB
YAML
118 lines
3.1 KiB
YAML
---
|
|
- name: Deploy HAProxy
|
|
hosts: ubuntu
|
|
tasks:
|
|
- name: Check if host has haproxy service
|
|
set_fact:
|
|
has_haproxy_service: "{{'haproxy' in services}}"
|
|
|
|
- name: Skip hosts without haproxy service
|
|
meta: end_host
|
|
when: not has_haproxy_service
|
|
|
|
- name: Create haproxy group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "{{haproxy_group}}"
|
|
gid: "{{haproxy_gid}}"
|
|
system: true
|
|
|
|
- name: Create haproxy user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{haproxy_user}}"
|
|
comment: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
uid: "{{haproxy_uid}}"
|
|
system: true
|
|
|
|
- name: Add group haproxy to keeper_user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{keeper_user}}"
|
|
groups: "{{haproxy_group}}"
|
|
append: true
|
|
|
|
- name: Create required directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{haproxy_directory}}"
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
state: directory
|
|
mode: '750'
|
|
|
|
- name: Create /etc/haproxy directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/haproxy
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
mode: '755'
|
|
|
|
- name: Create certs directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/haproxy/certs
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
state: directory
|
|
mode: '750'
|
|
|
|
- name: Check if certificate already exists
|
|
become: true
|
|
stat:
|
|
path: "{{ haproxy_cert_path }}"
|
|
register: cert_file
|
|
|
|
- name: Generate self-signed wildcard certificate
|
|
become: true
|
|
command: >
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048
|
|
-keyout {{ haproxy_cert_path }}
|
|
-out {{ haproxy_cert_path }}
|
|
-subj "/C=US/ST=State/L=City/O=Agathos/CN=*.{{ haproxy_domain }}"
|
|
-addext "subjectAltName=DNS:*.{{ haproxy_domain }},DNS:{{ haproxy_domain }}"
|
|
when: not cert_file.stat.exists and 'certbot' not in services
|
|
|
|
- name: Set certificate permissions
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ haproxy_cert_path }}"
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
mode: '640'
|
|
|
|
- name: Install HAProxy
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: haproxy
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Template HAProxy configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "haproxy.cfg.j2"
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
mode: "640"
|
|
validate: haproxy -c -f %s
|
|
register: haproxy_config
|
|
|
|
- name: Enable and start HAProxy service
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: haproxy
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Reload HAProxy if configuration changed
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: haproxy
|
|
state: reloaded
|
|
when: haproxy_config.changed
|