Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ansible/roles/haproxy
  • ericzillmann/haproxy
2 results
Show changes
Commits on Source (198)
98 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 682 additions and 146 deletions
LICENSE 0 → 100644
View file @ 725e43ef
The MIT License (MIT)
Copyright (c) 2015, 2016 Jürgen Haas, PARAGON Executive Services GmbH
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
defaults/main.yml
View file @ 725e43ef
---
default_proxy: ''
proxy_debug: no
proxy_default_backend: ''
proxy_certificates: []
proxy_timeout_connect: 5s
proxy_timeout_client: 20s
proxy_timeout_server: 45s
proxy_redirect_aliase: no
proxy_maxconn: 100
proxy_varnish_maxconn: 1000
proxy_redirect_maps:
domain: {}
domain-and-path: {}
domain-append-path: {}
path: {}
proxy_blacklist:
ip:
- 146.185.176.158
- 162.243.9.72
- 173.199.114.0/24
- 173.199.115.0/24
- 173.199.115.112/29
- 173.199.116.0/24
- 173.199.117.0/24
- 173.199.118.0/24
- 173.199.119.0/24
- 173.199.120.0/24
- 182.50.130.0/24
- 188.92.74.0/24
- 195.239.0/24
- 198.186.190.0/23
- 198.186.192.0/23
- 198.186.194.0/24
- 208.167.230.0/24
- 209.222.12.0/24
- 210.171.3.0/24
- 212.100.254.105
- 212.113.0.0/24
- 212.113.32.0/21
- 212.113.37.0/24
- 213.186.0.0/24
- 213.186.96.0/19
- 46.137.98.159
- 5.10.83.0/24
- 5.10.83.0/25
- 5.9.0.0/24
- 5.9.104.0/24
- 50.112.126.117
- 54.232.100.158
- 54.235.220.243
- 54.249.240.15
- 54.251.45.250
- 54.252.97.95
- 69.42.83.0/24
referer:
- best-seo-solution.com
- best-seo-offer.com
- buttons-for-website.com
- buttons-for-your-website.com
- semalt.com
- 7makemoneyonline.com
agent:
- AhrefsBot
- Ahrefs
- rogerbot
- MJ12bot
- majestic12
- MJ12
- SiteBot
- Semrush
- CCBot
- 80legs
- Sogou
- DigExt
- spbot
- ia_archiver
- Rankivabot
- DBLBot
- libw
- Voil
- Twice
- Sogou
- psbot
- Exabot
- boitho
- ajSitemap
- Rankivabot
- DBLBot
- Ezooms
- Ezooms/1.0
- exabot
- dotbot
- gigabot
- thesis-research-bot
- my-tiny-bot
other:
- path_beg /wp-admin
- path_beg /wp-login
- path /autodiscover/autodiscover.xml
- path /autodiscover.xml
- path /CHANGELOG.txt
- path /COPYRIGHT.txt
- path /INSTALL.mysql.txt
- path /INSTALL.pgsql.txt
- path /INSTALL.sqlite.txt
- path /INSTALL.txt
- path /LICENSE.txt
- path /MAINTAINERS.txt
- path /README.txt
- path /UPGRADE.txt
files/500.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 500 Internal Server Error
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 500 Internal Server Error -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/502.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 502 Bad Gateway -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/503.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/504.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 504 Gateway Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 504 Gateway Time-out -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/etc_haproxy_update_update_php deleted 100644 → 0
View file @ 33c97d22
<?php
/**
* Script for the Proxy txr1 to grab domain changes for homepage products.
*
* @see SV-26726
*/
$db_host = $argv[1];
$db_port = $argv[2];
$db_user = $argv[3];
$db_pass = $argv[4];
$db = $argv[5];
$path = $argv[6];
$myname = $argv[7];
$changed = FALSE;
try {
$dbh = new PDO('mysql:host='.$db_host.';port='.$db_port.';dbname='.$db, $db_user, $db_pass, array(PDO::ATTR_PERSISTENT => false));
foreach ($dbh->query('select * from variable where name="sverein_proxy_settings_'.$myname.'"') as $row) {
$settings = unserialize($row['value']);
foreach ($settings as $host => $domains) {
$changed = TRUE;
file_put_contents($path . '/' . $host . '.crm.list', implode("\n", $domains));
}
}
if ($changed) {
$dbh->query('delete from variable where name="sverein_proxy_settings_'.$myname.'"');
}
}
catch (Exception $e) {}
exit($changed ? 99 : 0);
files/etc_logrotate_d_haproxy
View file @ 725e43ef
/var/log/haproxy {
daily
rotate 7
delaycompress
compress
notifempty
missingok
postrotate
service haproxy restart > /dev/null
endscript
daily
rotate 7
delaycompress
compress
notifempty
missingok
postrotate
service haproxy restart > /dev/null
endscript
}
files/maintenance.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
handlers/main.yml
View file @ 725e43ef
---
# file: roles/haproxy/handler/main.yml
- name: "Proxy | Restart HAProxy"
service: name={{item.name}} state={{item.state}}
- name: Check HAProxy Config
command: haproxy -c -f /etc/haproxy/haproxy.cfg
register: haproxy_config_check
changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
notify:
- Restart HAProxy
- name: Restart HAProxy
service:
name: '{{ item.name }}'
state: '{{ item.state }}'
with_items:
- name: apache2
state: stopped
- name: haproxy
state: restarted
meta/main.yml
View file @ 725e43ef
......@@ -2,3 +2,4 @@
dependencies:
- { role: common }
- { role: letsencrypt }
tasks/blacklists.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/blacklists.yml
- name: Update blacklists
template:
src: '{{ item }}'
dest: /etc/haproxy/{{ item }}
owner: root
group: root
mode: 0644
with_items:
- blacklist.ip
- blacklist.referer
- blacklist.agent
notify:
- Check HAProxy Config
tasks/buildcerts.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/buildcerts.yml
- name: Create PEM file for HaProxy
assemble:
src: /etc/letsencrypt/live/{{ item.domain }}
dest: /etc/haproxy/certs/{{ item.file }}
regexp: '(fullchain)|(privkey)\.pem'
with_items: '{{ proxy_certificates|default([]) }}'
when: item.letsencrypt|default(false) and item.active|default(true)
ignore_errors: yes
notify:
- Restart HAProxy
tasks/configure.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/configure.yml
- name: "Proxy | Install SSL certificates"
copy: src={{inventory_dir}}/files/ssl/{{item}}
dest=/etc/haproxy/certs
with_items: proxy_certificates
notify: 'Proxy | Restart HAProxy'
- name: Backup current settings
archive:
path: /etc/haproxy
dest: /var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
when: no
- name: "Proxy | Create host lists"
template: src=host_list
dest=/etc/haproxy/{{item}}.list
owner=root
group=root
mode=644
when: scope == 'all'
with_items: groups['all']
notify: 'Proxy | Restart HAProxy'
- name: Install SSL certificates
copy:
src: '{{inventory_dir}}/files/ssl/{{item.file}}'
dest: /etc/haproxy/certs
with_items: '{{ proxy_certificates }}'
when: not item.letsencrypt|default(false)
notify:
- Check HAProxy Config
- name: "Proxy | Create host ssl lists"
template: src=host_ssl_list
dest=/etc/haproxy/{{item}}.ssl.list
owner=root
group=root
mode=644
when: scope == 'all'
with_items: groups['all']
notify: 'Proxy | Restart HAProxy'
- name: Create maintenance lists
template:
src: maintenance_list
dest: /etc/haproxy/maintenance.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: "Proxy | Create empty crm lists files"
file: dest=/etc/haproxy/{{item}}.crm.list
owner=root
group=root
mode=644
state=touch
when: scope == 'all'
with_items: groups['all']
notify: 'Proxy | Restart HAProxy'
- name: Create host lists
template:
src: host_list
dest: /etc/haproxy/{{item}}.list
owner: root
group: root
mode: 0644
with_items: '{{ groups.webserver|default([]) }}'
notify:
- Check HAProxy Config
- name: "Proxy | Create config file"
template: src=haproxy_cfg
dest=/etc/haproxy/haproxy.cfg
owner=root
group=root
mode=644
when: scope == 'all'
notify: 'Proxy | Restart HAProxy'
- name: Create host ssl lists
template:
src: host_ssl_list
dest: /etc/haproxy/{{item}}.ssl.list
owner: root
group: root
mode: 0644
with_items: '{{ groups.webserver|default([]) }}'
notify:
- Check HAProxy Config
- name: "Proxy | Install update php script"
copy: src=etc_haproxy_update_update_php
dest=/etc/haproxy/update/update.php
owner=root
group=root
mode=444
- name: Create host path lists
file:
dest: /etc/haproxy/{{item}}.path.list
owner: root
group: root
mode: 0644
state: touch
with_items: '{{ groups.webserver|default([]) }}'
changed_when: no
- name: "Proxy | Install update script"
template: src=update_sh
dest=/etc/haproxy/update/update.sh
owner=root
group=root
mode=700
- name: Create use bigpipe host lists
template:
src: use_bigpipe_list
dest: /etc/haproxy/use_bigpipe.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: "Proxy | Install update cron"
cron: name='Update S-Verein Homepage Domains'
month='*'
day='*'
hour='*'
minute='*/1'
job='/etc/haproxy/update/update.sh >/dev/null 2>&1'
- name: Create ignore varnish host lists
template:
src: ignore_varnish_list
dest: /etc/haproxy/ignore_varnish.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: Create empty crm lists files
file:
dest: /etc/haproxy/{{item}}.crm.list
owner: root
group: root
mode: 0644
state: touch
with_items: '{{ groups.webserver|default([]) }}'
changed_when: no
- name: Update private ips
template:
src: privatelist.ip.jinja2
dest: /etc/haproxy/privatelist.ip
owner: root
group: root
mode: 644
when: haproxy_private is defined
notify:
- Check HAProxy Config
- name: Update private domains
template:
src: privatelist.domain.jinja2
dest: /etc/haproxy/privatelist.domain
owner: root
group: root
mode: 0644
when: haproxy_private is defined and haproxy_private.domain is defined
notify:
- Check HAProxy Config
- name: Update redirect map files
template:
src: redirect.map.jinja2
dest: /etc/haproxy/redirect.{{ item }}.map
owner: root
group: root
mode: 0644
with_items:
- domain
- domain-and-path
- domain-append-path
- path
notify:
- Check HAProxy Config
- name: Create config file
template:
src: haproxy_cfg.jinja2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
tasks/install.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/install.yml
- name: Add Apt Repositories
apt_repository:
repo: '{{ item }}'
state: present
mode: 0644
with_items:
- ppa:vbernat/haproxy-2.2
when: ansible_distribution_major_version != "16"
- name: Install some packages
apt:
pkg: '{{ packages }}'
state: latest
vars:
packages:
- haproxy
#- hatop
- socat
- name: create directories
file:
dest: '{{ item }}'
state: directory
mode: 0755
with_items:
- /etc/haproxy/certs
- /etc/haproxy/update
- name: Install hatop shortcut
copy:
src: usr_local_bin_hatop
dest: /usr/local/bin/hatop
owner: root
group: root
mode: 0755
- name: Install log rotator
copy:
src: etc_logrotate_d_haproxy
dest: /etc/logrotate.d/haproxy
owner: root
group: root
mode: 0644
tags:
- logrotate
- name: Install script to read socket
template:
src: hasocket
dest: /usr/local/bin/hasocket
owner: root
group: root
mode: 0755
- name: Install error response files
copy:
src: '{{ item }}.http'
dest: /etc/haproxy/errors/{{ item }}.http
owner: root
group: root
mode: 0644
with_items:
- '500'
- '502'
- '503'
- '504'
- 'maintenance'
tags:
- errorfiles
notify:
- Check HAProxy Config
tasks/main.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/main.yml
#
# Output logs and errs into temp files:
# echo "show errors" | sudo socat unix-connect:/run/haproxy/admin.sock stdio >> /tmp/myhapshowerrs.out 2> /tmp/myhapshowerrs.err
- name: "Proxy | Add Apt Repositories"
apt_repository: repo='{{item}}'
state=present
with_items:
- "ppa:vbernat/haproxy-1.5"
- name: "Proxy | Install some packages"
apt: pkg={{item}} state=installed
with_items:
- haproxy
- hatop
- socat
- php5
- php5-mysql
- name: "Proxy | create directories"
file: dest='{{item}}'
state=directory
mode=755
with_items:
- /etc/haproxy/certs
- /etc/haproxy/update
- name: "Proxy | Install hatop shortcut"
copy: src=usr_local_bin_hatop
dest=/usr/local/bin/hatop
owner=root
group=root
mode=755
- name: "Proxy | Install log rotator"
copy: src=etc_logrotate_d_haproxy
dest=/etc/logrotate.d/haproxy
owner=root
group=root
mode=644
- include: configure.yml
- name: HaProxy Role
set_fact:
role_haproxy_started: yes
tags:
- always
- block:
- name: Import install
import_tasks: install.yml
- name: Import configure
import_tasks: configure.yml
tags:
- Config
- name: Import blacklist
import_tasks: blacklists.yml
tags:
- Config
- Blacklists
when: not excluded_roles or "haproxy" not in excluded_roles
- block:
- name: Install Certs
include_tasks: ../../letsencrypt/tasks/cert.yml
with_items: '{{ proxy_certificates|default([]) }}'
loop_control:
loop_var: domain
when: domain.letsencrypt|default(false) and domain.active|default(true)
- name: Renew Existing Cert
import_tasks: ../../letsencrypt/tasks/renew.yml
- name: Build HaProxy Certs
import_tasks: buildcerts.yml
tags:
- Certs
when: proxy_active|default(true) and (not excluded_roles or "letsencrypt" not in excluded_roles)
- name: Import proxypool
import_tasks: proxypool.yml
when: not excluded_roles or "letsencrypt" not in excluded_roles
tags:
- Certs
tasks/proxypool.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/proxypool.yml
- block:
- name: Set directory permissions to current user
file:
path: /etc/letsencrypt
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
when: proxy_active|default(true)
- name: Pull Certs from active Proxy
import_tasks: pullcerts.yml
when: not proxy_active|default(true)
- name: Set directory permissions to root
file:
path: /etc/letsencrypt
owner: root
recurse: yes
follow: no
when: proxy_active|default(true)
tags:
- Certs
tasks/pullcerts.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/pullcerts.yml
- name: Find out active proxy
set_fact:
proxy_active_host: '{{ item }}'
with_items: '{{ groups.proxyserver|default([]) }}'
when: hostvars[item].proxy_active|default(true)
- name: Set directory permissions to current user
file:
path: '{{ item }}'
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
- name: Sync files
shell: 'rsync -rulp "{{ proxy_active_host }}:{{ item }}/" "{{ item }}"'
delegate_to: '{{ inventory_hostname }}'
become: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
ignore_errors: yes
# We ignore errors as they may happen if we run the script without the other proxy
- name: Set directory permissions to root
file:
path: '{{ item }}'
owner: root
recurse: yes
follow: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
templates/blacklist.agent 0 → 100644
View file @ 725e43ef
{% if ansible_local is defined and ansible_local.blacklist is defined %}
{% for line in ansible_local.blacklist.agent|default([]) %}
{{line}}
{% endfor %}
{% endif %}
{% for line in proxy_blacklist.agent|default([]) %}
{{line}}
{% endfor %}
templates/blacklist.ip 0 → 100644
View file @ 725e43ef
{% if ansible_local is defined and ansible_local.blacklist is defined %}
{% for line in ansible_local.blacklist.ip|default([]) %}
{{line}}
{% endfor %}
{% endif %}
{% for line in proxy_blacklist.ip|default([]) %}
{{line}}
{% endfor %}