Robert Helewka
b4d60f2f38
Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
118 lines
3.1 KiB
YAML
118 lines
3.1 KiB
YAML
---
|
|
- name: Deploy HAProxy
|
|
hosts: ubuntu
|
|
tasks:
|
|
- name: Check if host has haproxy service
|
|
set_fact:
|
|
has_haproxy_service: "{{'haproxy' in services}}"
|
|
|
|
- name: Skip hosts without haproxy service
|
|
meta: end_host
|
|
when: not has_haproxy_service
|
|
|
|
- name: Create haproxy group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "{{haproxy_group}}"
|
|
gid: "{{haproxy_gid}}"
|
|
system: true
|
|
|
|
- name: Create haproxy user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{haproxy_user}}"
|
|
comment: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
uid: "{{haproxy_uid}}"
|
|
system: true
|
|
|
|
- name: Add group haproxy to ansible_user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ansible_user}}"
|
|
groups: "{{haproxy_group}}"
|
|
append: true
|
|
|
|
- name: Create required directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{haproxy_directory}}"
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
state: directory
|
|
mode: '750'
|
|
|
|
- name: Create /etc/haproxy directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/haproxy
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
mode: '755'
|
|
|
|
- name: Create certs directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/haproxy/certs
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
state: directory
|
|
mode: '750'
|
|
|
|
- name: Check if certificate already exists
|
|
become: true
|
|
stat:
|
|
path: "{{ haproxy_cert_path }}"
|
|
register: cert_file
|
|
|
|
- name: Generate self-signed wildcard certificate
|
|
become: true
|
|
command: >
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048
|
|
-keyout {{ haproxy_cert_path }}
|
|
-out {{ haproxy_cert_path }}
|
|
-subj "/C=US/ST=State/L=City/O=Agathos/CN=*.{{ haproxy_domain }}"
|
|
-addext "subjectAltName=DNS:*.{{ haproxy_domain }},DNS:{{ haproxy_domain }}"
|
|
when: not cert_file.stat.exists and 'certbot' not in services
|
|
|
|
- name: Set certificate permissions
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ haproxy_cert_path }}"
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
mode: '640'
|
|
|
|
- name: Install HAProxy
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: haproxy
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Template HAProxy configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "haproxy.cfg.j2"
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
owner: "{{haproxy_user}}"
|
|
group: "{{haproxy_group}}"
|
|
mode: "640"
|
|
validate: haproxy -c -f %s
|
|
register: haproxy_config
|
|
|
|
- name: Enable and start HAProxy service
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: haproxy
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Reload HAProxy if configuration changed
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: haproxy
|
|
state: reloaded
|
|
when: haproxy_config.changed
|