pbarriat
/
Brevet


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
							---
- name: Set haproxy_backend_servers variable
  block:
    - name: Try group web_servers
      set_fact:
        haproxy_backend_servers: "{{ groups['web_servers'] | list }}"
  rescue:
    - name: Try group test_servers
      set_fact:
        haproxy_backend_servers: "{{ groups['test_servers'] | list }}"

- name: Include OS specific variables.
  include_vars: "{{ ansible_os_family }}.yml"

- name: Install packages
  include_tasks: "setup/{{ ansible_os_family }}.yml"

- name: Get HAProxy version.
  command: haproxy -v
  register: haproxy_version_result
  changed_when: false
  check_mode: false

- name: The HAProxy version.
  debug: var=haproxy_version_result.stdout

- name: Set HAProxy version.
  set_fact:
    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-Proxy version ([0-9]\.[0-9]).*$", "\1") }}'

- name: Get IP range.
  shell: "echo {{ network_allowed }} | cut -d'.' --fields=1,2,3"
  register: result

- name: Get interface name.
  shell: "ip -4 addr show | grep {{ result.stdout }} | rev | cut -d ' ' -f 1 | rev"
  register: itfn

- name: Integration net.ipv4
  blockinfile:
    dest: /etc/sysctl.conf
    block: |
      net.ipv4.ip_forward = 1 
      net.ipv4.ip_nonlocal_bind = 1 

- name: Ensure HAProxy is enabled on boot
  service: name=haproxy enabled=yes

- name: Create private key (RSA, 4096 bits)
  community.crypto.openssl_privatekey:
    path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
  when: ssl_self

- name: Create certificate signing request (CSR) for self-signed certificate
  community.crypto.openssl_csr_pipe:
    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    country_name: BE
    locality_name: Louvain-la-Neuve
    common_name: "{{ ssl_name }}"
    organization_name: UCLouvain
    organizational_unit_name: ELIC
  register: csr
  when: ssl_self

- name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: "{{ ssl_crt_path }}/{{ ssl_name }}.crt"
    csr_content: "{{ csr.csr }}"
    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    provider: selfsigned
  when: ssl_self

- name: Merge KEY and CRT to generate PEM
  shell: "cat {{ ssl_crt_path }}/{{ ssl_name }}.key {{ ssl_crt_path }}/{{ ssl_name }}.crt >> {{ ssl_crt_path }}/{{ ssl_name }}.pem"
  when: ssl_self

- name: Generate DH Parameters with a different size (2048 bits)
  community.crypto.openssl_dhparam:
    path: /etc/haproxy/dhparams.pem
    size: 2048
  when: ssl_self

    #- name: Add ssl dhparam file
    #  lineinfile:
    #    path: /etc/haproxy/haproxy.cfg
    #    insertafter: "^.*ssl-default-bind-options.*"
    #    line: "\tssl-dh-param-file /etc/haproxy/dhparams.pem"
    #    firstmatch: yes
    #    state: present 
    #
    #- name: Copy HAProxy configuration in place
    #  set_fact:
    #    cfg_content: "{{ lookup('template', '{{ role_path }}/templates/haproxy.cfg.j2') }}"
    #
    #- name: Merge HAProxy config file
    #  blockinfile:
    #    dest: "/etc/haproxy/haproxy.cfg"
    #    content: '{{ cfg_content }}'
    #    state: present

- name: Ensure HAProxy conf is set
  template:
    src: "haproxy_{{ hatarget }}.cfg.j2"
    dest: /etc/haproxy/haproxy.cfg
    mode: 0640

      #- name: HAProxy start
      #  service: name=haproxy state=started

- name: HAProxy reload
  service: name=haproxy state=restarted