pbarriat
/
Brevet


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
							---
- name: Include OS specific variables.
  include_vars: "{{ ansible_os_family }}.yml"

- name: Install packages
  include_tasks: "setup/{{ ansible_os_family }}.yml"

- name: Get HAProxy version.
  command: haproxy -v
  register: haproxy_version_result
  changed_when: false
  check_mode: false

- name: The HAProxy version.
  debug: var=haproxy_version_result.stdout

- name: Set HAProxy version.
  set_fact:
    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-Proxy version ([0-9]\.[0-9]).*$", "\1") }}'

- name: Get IP range.
  shell: "echo {{ network_allowed }} | cut -d'.' --fields=1,2,3"
  register: result

- name: Get interface name.
  shell: "ip -4 addr show | grep {{ result.stdout }} | rev | cut -d ' ' -f 1 | rev"
  register: itfn

- name: Set keepalived_bind_interface.
  set_fact:
    keepalived_bind_interface: "{{ itfn.stdout }}"

- name: Integration net.ipv4
  blockinfile:
    dest: /etc/sysctl.conf
    block: |
      net.ipv4.ip_forward = 1 
      net.ipv4.ip_nonlocal_bind = 1 

- name: Ensure keepalived is started and enabled on boot.
  service: name=keepalived state=started enabled=yes

- name: Ensure keepalived conf is set 
  template: >
    src=templates/keepalived.conf.j2
    dest=/etc/keepalived/keepalived.conf

- name: Ensure HAProxy is started and enabled on boot.
  service: name=haproxy state=started enabled=yes

- name: Create private key (RSA, 4096 bits)
  community.crypto.openssl_privatekey:
    path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
  when: ssl_self

- name: Create certificate signing request (CSR) for self-signed certificate
  community.crypto.openssl_csr_pipe:
    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    country_name: BE
    locality_name: Louvain-la-Neuve
    common_name: "{{ ssl_name }}"
    organization_name: UCLouvain
    organizational_unit_name: ELIC
  register: csr
  when: ssl_self

- name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: "{{ ssl_crt_path }}/{{ ssl_name }}.crt"
    csr_content: "{{ csr.csr }}"
    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    provider: selfsigned
  when: ssl_self

- name: Merge KEY and CRT to generate PEM
  shell: "cat {{ ssl_crt_path }}/{{ ssl_name }}.key {{ ssl_crt_path }}/{{ ssl_name }}.crt >> {{ ssl_crt_path }}/{{ ssl_name }}.pem"
  when: ssl_self

- name: Generate DH Parameters with a different size (2048 bits)
  community.crypto.openssl_dhparam:
    path: /etc/haproxy/dhparams.pem
    size: 2048

    #- name: Add ssl dhparam file
    #  lineinfile:
    #    path: /etc/haproxy/haproxy.cfg
    #    insertafter: "^.*ssl-default-bind-options.*"
    #    line: "\tssl-dh-param-file /etc/haproxy/dhparams.pem"
    #    firstmatch: yes
    #    state: present 
    #
    #- name: Copy HAProxy configuration in place
    #  set_fact:
    #    cfg_content: "{{ lookup('template', '{{ role_path }}/templates/haproxy.cfg.j2') }}"
    #
    #- name: Merge HAProxy config file
    #  blockinfile:
    #    dest: "/etc/haproxy/haproxy.cfg"
    #    content: '{{ cfg_content }}'
    #    state: present

- name: Ensure HAProxy conf is set 
  template: >
    src=templates/haproxy.cfg.j2
    dest=/etc/haproxy/haproxy.cfg

- name: keepalived restart
  service: name=keepalived state=restarted

- name: HAProxy restart
  service: name=haproxy state=restarted