From 235468a71cccab3d47cbf0fd837b29b9241a0875 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 12 Jun 2018 21:46:29 -0500
Subject: [PATCH] roles/haproxy: Basic setup for HAproxy

The *haproxy* installs HAproxy and sets up basic configuration for it.
It configures the systemd unit to launch the service with the `-f
/etc/haproxy` arguments, which will cause it to load all files from the
`/etc/haproxy` directory, instead of just `/etc/haproxy/haproxy.cfg`.
This will allow other roles to add frontend and backend configuration by
adding additional files to this directory.
---
 roles/haproxy/files/haproxy-config.conf |  2 ++
 roles/haproxy/files/haproxy.cfg         |  8 +++++
 roles/haproxy/handlers/main.yml         | 10 ++++++
 roles/haproxy/tasks/main.yml            | 43 +++++++++++++++++++++++++
 roles/haproxy/templates/defaults.cfg.j2 | 21 ++++++++++++
 roles/haproxy/templates/global.cfg.j2   | 18 +++++++++++
 6 files changed, 102 insertions(+)
 create mode 100644 roles/haproxy/files/haproxy-config.conf
 create mode 100644 roles/haproxy/files/haproxy.cfg
 create mode 100644 roles/haproxy/handlers/main.yml
 create mode 100644 roles/haproxy/tasks/main.yml
 create mode 100644 roles/haproxy/templates/defaults.cfg.j2
 create mode 100644 roles/haproxy/templates/global.cfg.j2

diff --git a/roles/haproxy/files/haproxy-config.conf b/roles/haproxy/files/haproxy-config.conf
new file mode 100644
index 0000000..c5504da
--- /dev/null
+++ b/roles/haproxy/files/haproxy-config.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment=CONFIG=/etc/haproxy
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
new file mode 100644
index 0000000..5998c93
--- /dev/null
+++ b/roles/haproxy/files/haproxy.cfg
@@ -0,0 +1,8 @@
+# DO NOT put HAProxy configuration in this file! The configuration is split
+# into several files:
+#
+# * 10-global.cfg: Global settings
+# * 20-defaults.cfg: Settings common to all frontends and backends
+#
+# Applications should create new files for their front- and backend
+# configuration.
diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml
new file mode 100644
index 0000000..91a0c24
--- /dev/null
+++ b/roles/haproxy/handlers/main.yml
@@ -0,0 +1,10 @@
+- name: reload systemd
+  command: systemctl daemon-reload
+- name: restart haproxy
+  service:
+    name=haproxy
+    state=restarted
+- name: reload haproxy
+  service:
+    name=haproxy
+    state=reloaded
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
new file mode 100644
index 0000000..b195792
--- /dev/null
+++ b/roles/haproxy/tasks/main.yml
@@ -0,0 +1,43 @@
+- name: ensure haproxy is installed
+  package:
+    name=haproxy
+    state=present
+  tags:
+  - install
+
+- name: ensure haproxy unit configuration extension directory exists
+  file:
+    path=/etc/systemd/system/haproxy.service.d
+    mode=0755
+    state=directory
+- name: ensure haproxy config variable override is set
+  copy:
+    src=haproxy-config.conf
+    dest=/etc/systemd/system/haproxy.service.d/config.conf
+    mode=0644
+  notify:
+  - reload systemd
+  - restart haproxy
+- name: ensure default haproxy configuration file is empty
+  copy:
+    src=haproxy.cfg
+    dest=/etc/haproxy
+    mode=0644
+  notify: restart haproxy
+- name: ensure haproxy global configuration is set
+  template:
+    src=global.cfg.j2
+    dest=/etc/haproxy/10-global.cfg
+    mode=0644
+  notify: restart haproxy
+- name: ensure haproxy defaults are set
+  template:
+    src=defaults.cfg.j2
+    dest=/etc/haproxy/20-defaults.cfg
+    mode=0644
+  notify: restart haproxy
+
+- name: ensure haproxy starts at boot
+  service:
+    name=haproxy
+    enabled=yes
diff --git a/roles/haproxy/templates/defaults.cfg.j2 b/roles/haproxy/templates/defaults.cfg.j2
new file mode 100644
index 0000000..52a1495
--- /dev/null
+++ b/roles/haproxy/templates/defaults.cfg.j2
@@ -0,0 +1,21 @@
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
diff --git a/roles/haproxy/templates/global.cfg.j2 b/roles/haproxy/templates/global.cfg.j2
new file mode 100644
index 0000000..67ea847
--- /dev/null
+++ b/roles/haproxy/templates/global.cfg.j2
@@ -0,0 +1,18 @@
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    log         /dev/log local0
+
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+    # utilize system-wide crypto-policies
+    ssl-default-bind-ciphers PROFILE=SYSTEM
+    ssl-default-server-ciphers PROFILE=SYSTEM