9e1a3749da
Since ansible-core 2.10 it is recommended to use modules via FQCN In order to align with recommendation, we perform migration by applying suggestions made by `ansible-lint --fix=fqcn` Change-Id: I9c3a86af107728cbddb4e2cdb778065001d66b93
101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Make haproxy bindable on non local addresses
|
|
ansible.posix.sysctl:
|
|
name: "{{ item }}"
|
|
value: 1
|
|
sysctl_set: true
|
|
state: present
|
|
when: haproxy_bind_on_non_local | bool
|
|
with_items:
|
|
- "net.ipv4.ip_nonlocal_bind"
|
|
- "net.ipv6.ip_nonlocal_bind"
|
|
tags:
|
|
- haproxy-non-local-bind-config
|
|
|
|
# NOTE (noonedeadpunk) Debian/Ubuntu haproxy packages configure rsyslog
|
|
# to handle log collection and log file rotation. This is not needed since
|
|
# journald is used for this purpose
|
|
- name: Delete rsyslog and logrotate configs
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/rsyslog.d/49-haproxy.conf
|
|
- /etc/logrotate.d/haproxy
|
|
- /etc/rsyslog.d/10-haproxy-local-logging.conf
|
|
notify: Restart rsyslog
|
|
tags:
|
|
- haproxy-logging-config
|
|
|
|
- name: Drop base haproxy config
|
|
ansible.builtin.template:
|
|
src: "haproxy.cfg.j2"
|
|
dest: "/etc/haproxy/conf.d/00-haproxy"
|
|
mode: "0640"
|
|
owner: haproxy
|
|
group: haproxy
|
|
notify: Regenerate haproxy configuration
|
|
tags:
|
|
- haproxy-base-config
|
|
|
|
- name: Including haproxy_service_config tasks
|
|
ansible.builtin.include_tasks: haproxy_service_config.yml
|
|
args:
|
|
apply:
|
|
tags:
|
|
- haproxy-service-config
|
|
tags:
|
|
- haproxy-service-config
|
|
|
|
- name: Create log directory if it does not exist
|
|
ansible.builtin.file:
|
|
path: "{{ haproxy_log_mount_point | dirname }}"
|
|
state: directory
|
|
mode: "0755"
|
|
owner: "haproxy"
|
|
group: "haproxy"
|
|
|
|
# NOTE(jrosser) The next task fails on Centos without this,
|
|
# an empty directory rather than a file is made and the bind mount fails
|
|
- name: Ensure empty file is availble to bind mount log socket
|
|
ansible.builtin.file:
|
|
state: touch
|
|
path: "{{ haproxy_log_mount_point }}"
|
|
access_time: preserve
|
|
modification_time: preserve
|
|
mode: "0666"
|
|
|
|
- name: Make log socket available to chrooted filesystem
|
|
ansible.posix.mount:
|
|
src: "{{ haproxy_log_socket }}"
|
|
path: "{{ haproxy_log_mount_point }}"
|
|
opts: bind
|
|
state: mounted
|
|
fstype: none
|
|
|
|
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
|
|
ansible.posix.seboolean:
|
|
name: haproxy_connect_any
|
|
state: true
|
|
persistent: true
|
|
tags:
|
|
- haproxy-service-config
|
|
notify:
|
|
- Reload haproxy
|
|
when:
|
|
- ansible_facts['selinux']['status'] == "enabled"
|