탐색 도움말
로그인
pbarriat
/
Brevet
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: ec4a4f6268
브랜치 태그
Brevet
/
dev
/
provisioning
/
ansible
/
roles
/
haproxy
/
tasks
/
main.yml

main.yml 2.1 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. ---
    2. 

  2. - name: Get HAProxy version.
    3. 

  3.   command: haproxy -v
    4. 

  4.   register: haproxy_version_result
    5. 

  5.   changed_when: false
    6. 

  6.   check_mode: false
    7. 

  7. 

  8. - name: Set HAProxy version.
    9. 

  9.   set_fact:
    10. 

  10.     haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-Proxy version ([0-9]\.[0-9]).*$", "\1") }}'
    11. 

  11. 

  12. - name: Ensure HAProxy is started and enabled on boot.
    13. 

  13.   service: name=haproxy state=started enabled=yes
    14. 

  14. 

  15. - name: Create private key (RSA, 4096 bits)
    16. 

  16.   community.crypto.openssl_privatekey:
    17. 

  17.     path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    18. 

  18.   when: ssl_self
    19. 

  19. 

  20. - name: Create certificate signing request (CSR) for self-signed certificate
    21. 

  21.   community.crypto.openssl_csr_pipe:
    22. 

  22.     privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    23. 

  23.     country_name: BE
    24. 

  24.     locality_name: Louvain-la-Neuve
    25. 

  25.     common_name: "{{ ssl_name }}"
    26. 

  26.     organization_name: UCLouvain
    27. 

  27.     organizational_unit_name: ELIC
    28. 

  28.   register: csr
    29. 

  29.   when: ssl_self
    30. 

  30. 

  31. - name: Generate a Self Signed OpenSSL certificate
    32. 

  32.   community.crypto.x509_certificate:
    33. 

  33.     path: "{{ ssl_crt_path }}/{{ ssl_name }}.crt"
    34. 

  34.     csr_content: "{{ csr.csr }}"
    35. 

  35.     privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
    36. 

  36.     provider: selfsigned
    37. 

  37.   when: ssl_self
    38. 

  38. 

  39. - name: Merge KEY and CRT to generate PEM
    40. 

  40.   shell: "cat {{ ssl_crt_path }}/{{ ssl_name }}.key {{ ssl_crt_path }}/{{ ssl_name }}.crt >> {{ ssl_crt_path }}/{{ ssl_name }}.pem"
    41. 

  41.   when: ssl_self
    42. 

  42. 

  43. - name: Generate DH Parameters with a different size (2048 bits)
    44. 

  44.   community.crypto.openssl_dhparam:
    45. 

  45.     path: /etc/haproxy/dhparams.pem
    46. 

  46.     size: 2048
    47. 

  47. 

  48. - name: Add ssl dhparam file
    49. 

  49.   lineinfile:
    50. 

  50.     path: /etc/haproxy/haproxy.cfg
    51. 

  51.     insertafter: "^.*ssl-default-bind-options.*"
    52. 

  52.     line: "\tssl-dh-param-file /etc/haproxy/dhparams.pem"
    53. 

  53.     firstmatch: yes
    54. 

  54.     state: present 
    55. 

  55. 

  56. - name: Copy HAProxy configuration in place
    57. 

  57.   set_fact:
    58. 

  58.     cfg_content: "{{ lookup('template', '{{ role_path }}/templates/haproxy.cfg.j2') }}"
    59. 

  59. 

  60. - name: Merge HAProxy config file
    61. 

  61.   blockinfile:
    62. 

  62.     dest: "/etc/haproxy/haproxy.cfg"
    63. 

  63.     content: '{{ cfg_content }}'
    64. 

  64.     state: present
    65. 

  65. 

  66. - name: HAProxy restart
    67. 

  67.   service: name=haproxy state=restarted
    68.