diff --git a/roles/haproxy/files/haproxy-config.conf b/roles/haproxy/files/haproxy-config.conf new file mode 100644 index 0000000..c5504da --- /dev/null +++ b/roles/haproxy/files/haproxy-config.conf @@ -0,0 +1,2 @@ +[Service] +Environment=CONFIG=/etc/haproxy diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg new file mode 100644 index 0000000..5998c93 --- /dev/null +++ b/roles/haproxy/files/haproxy.cfg @@ -0,0 +1,8 @@ +# DO NOT put HAProxy configuration in this file! The configuration is split +# into several files: +# +# * 10-global.cfg: Global settings +# * 20-defaults.cfg: Settings common to all frontends and backends +# +# Applications should create new files for their front- and backend +# configuration. diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml new file mode 100644 index 0000000..91a0c24 --- /dev/null +++ b/roles/haproxy/handlers/main.yml @@ -0,0 +1,10 @@ +- name: reload systemd + command: systemctl daemon-reload +- name: restart haproxy + service: + name=haproxy + state=restarted +- name: reload haproxy + service: + name=haproxy + state=reloaded diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml new file mode 100644 index 0000000..b195792 --- /dev/null +++ b/roles/haproxy/tasks/main.yml @@ -0,0 +1,43 @@ +- name: ensure haproxy is installed + package: + name=haproxy + state=present + tags: + - install + +- name: ensure haproxy unit configuration extension directory exists + file: + path=/etc/systemd/system/haproxy.service.d + mode=0755 + state=directory +- name: ensure haproxy config variable override is set + copy: + src=haproxy-config.conf + dest=/etc/systemd/system/haproxy.service.d/config.conf + mode=0644 + notify: + - reload systemd + - restart haproxy +- name: ensure default haproxy configuration file is empty + copy: + src=haproxy.cfg + dest=/etc/haproxy + mode=0644 + notify: restart haproxy +- name: ensure haproxy global configuration is set + template: + src=global.cfg.j2 + dest=/etc/haproxy/10-global.cfg + mode=0644 + notify: restart haproxy +- name: ensure haproxy defaults are set + template: + src=defaults.cfg.j2 + dest=/etc/haproxy/20-defaults.cfg + mode=0644 + notify: restart haproxy + +- name: ensure haproxy starts at boot + service: + name=haproxy + enabled=yes diff --git a/roles/haproxy/templates/defaults.cfg.j2 b/roles/haproxy/templates/defaults.cfg.j2 new file mode 100644 index 0000000..52a1495 --- /dev/null +++ b/roles/haproxy/templates/defaults.cfg.j2 @@ -0,0 +1,21 @@ +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 diff --git a/roles/haproxy/templates/global.cfg.j2 b/roles/haproxy/templates/global.cfg.j2 new file mode 100644 index 0000000..67ea847 --- /dev/null +++ b/roles/haproxy/templates/global.cfg.j2 @@ -0,0 +1,18 @@ +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + log /dev/log local0 + + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + + # utilize system-wide crypto-policies + ssl-default-bind-ciphers PROFILE=SYSTEM + ssl-default-server-ciphers PROFILE=SYSTEM