Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ansible/roles/haproxy
  • ericzillmann/haproxy
2 results
Show changes
Commits on Source (170)
70 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 645 additions and 186 deletions
LICENSE 0 → 100644
View file @ 725e43ef
The MIT License (MIT)
Copyright (c) 2015, 2016 Jürgen Haas, PARAGON Executive Services GmbH
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
README.md deleted 100644 → 0
View file @ 44068f8d
# Instruction to prepare a certificate file
For HaProxy to terminate SSL requests we require a single PEM file with all certificate components chained together.
The seqeuence of those compoenents is this:
- Private Key, e.g. example.com.key.pem
- Domain Certficate, e.g. example.com.crt.pem
- Intermediate Certificate, e.g. example.com.ca.crt.pem
defaults/main.yml
View file @ 725e43ef
---
default_proxy: '' default_proxy: ''
proxy_debug: no
proxy_default_backend: '' proxy_default_backend: ''
proxy_certificates: [] proxy_certificates: []
proxy_blacklist_ips: [] proxy_timeout_connect: 5s
proxy_timeout_connect: '5s' proxy_timeout_client: 20s
proxy_timeout_client: '20s' proxy_timeout_server: 45s
proxy_timeout_server: '45s' proxy_redirect_aliase: no
proxy_redirect_aliase: false proxy_maxconn: 100
proxy_varnish_maxconn: 1000
proxy_redirect_maps:
domain: {}
domain-and-path: {}
domain-append-path: {}
path: {}
proxy_blacklist:
ip:
- 146.185.176.158
- 162.243.9.72
- 173.199.114.0/24
- 173.199.115.0/24
- 173.199.115.112/29
- 173.199.116.0/24
- 173.199.117.0/24
- 173.199.118.0/24
- 173.199.119.0/24
- 173.199.120.0/24
- 182.50.130.0/24
- 188.92.74.0/24
- 195.239.0/24
- 198.186.190.0/23
- 198.186.192.0/23
- 198.186.194.0/24
- 208.167.230.0/24
- 209.222.12.0/24
- 210.171.3.0/24
- 212.100.254.105
- 212.113.0.0/24
- 212.113.32.0/21
- 212.113.37.0/24
- 213.186.0.0/24
- 213.186.96.0/19
- 46.137.98.159
- 5.10.83.0/24
- 5.10.83.0/25
- 5.9.0.0/24
- 5.9.104.0/24
- 50.112.126.117
- 54.232.100.158
- 54.235.220.243
- 54.249.240.15
- 54.251.45.250
- 54.252.97.95
- 69.42.83.0/24
referer:
- best-seo-solution.com
- best-seo-offer.com
- buttons-for-website.com
- buttons-for-your-website.com
- semalt.com
- 7makemoneyonline.com
agent:
- AhrefsBot
- Ahrefs
- rogerbot
- MJ12bot
- majestic12
- MJ12
- SiteBot
- Semrush
- CCBot
- 80legs
- Sogou
- DigExt
- spbot
- ia_archiver
- Rankivabot
- DBLBot
- libw
- Voil
- Twice
- Sogou
- psbot
- Exabot
- boitho
- ajSitemap
- Rankivabot
- DBLBot
- Ezooms
- Ezooms/1.0
- exabot
- dotbot
- gigabot
- thesis-research-bot
- my-tiny-bot
other:
- path_beg /wp-admin
- path_beg /wp-login
- path /autodiscover/autodiscover.xml
- path /autodiscover.xml
- path /CHANGELOG.txt
- path /COPYRIGHT.txt
- path /INSTALL.mysql.txt
- path /INSTALL.pgsql.txt
- path /INSTALL.sqlite.txt
- path /INSTALL.txt
- path /LICENSE.txt
- path /MAINTAINERS.txt
- path /README.txt
- path /UPGRADE.txt
files/500.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 500 Internal Server Error
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 500 Internal Server Error -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/502.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 502 Bad Gateway -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/503.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/504.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 504 Gateway Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 504 Gateway Time-out -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/etc_haproxy_update_update_php deleted 100644 → 0
View file @ 44068f8d
<?php
/**
* Script for the Proxy txr1 to grab domain changes for homepage products.
*
* @see SV-26726
*/
$db_host = $argv[1];
$db_port = $argv[2];
$db_user = $argv[3];
$db_pass = $argv[4];
$db = $argv[5];
$path = $argv[6];
$myname = $argv[7];
$changed = FALSE;
try {
$dbh = new PDO('mysql:host='.$db_host.';port='.$db_port.';dbname='.$db, $db_user, $db_pass, array(PDO::ATTR_PERSISTENT => false));
foreach ($dbh->query('select * from variable where name="sverein_proxy_settings_'.$myname.'"') as $row) {
$settings = unserialize($row['value']);
foreach ($settings as $host => $domains) {
$changed = TRUE;
file_put_contents($path . '/' . $host . '.crm.list', implode("\n", $domains));
}
}
if ($changed) {
$dbh->query('delete from variable where name="sverein_proxy_settings_'.$myname.'"');
}
}
catch (Exception $e) {}
exit($changed ? 99 : 0);
files/etc_logrotate_d_haproxy
View file @ 725e43ef
/var/log/haproxy { /var/log/haproxy {
daily daily
rotate 7 rotate 7
delaycompress delaycompress
compress compress
notifempty notifempty
missingok missingok
postrotate postrotate
service haproxy restart > /dev/null service haproxy restart > /dev/null
endscript endscript
} }
files/maintenance.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
handlers/main.yml
View file @ 725e43ef
--- ---
# file: roles/haproxy/handler/main.yml # file: roles/haproxy/handler/main.yml
- name: "Proxy | Restart HAProxy" - name: Check HAProxy Config
service: name={{item.name}} state={{item.state}} command: haproxy -c -f /etc/haproxy/haproxy.cfg
register: haproxy_config_check
changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
notify:
- Restart HAProxy
- name: Restart HAProxy
service:
name: '{{ item.name }}'
state: '{{ item.state }}'
with_items: with_items:
- name: haproxy - name: haproxy
state: restarted state: restarted
tasks/blacklists.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/blacklists.yml
- name: Update blacklists
template:
src: '{{ item }}'
dest: /etc/haproxy/{{ item }}
owner: root
group: root
mode: 0644
with_items:
- blacklist.ip
- blacklist.referer
- blacklist.agent
notify:
- Check HAProxy Config
tasks/buildcerts.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/buildcerts.yml
- name: Create PEM file for HaProxy
assemble:
src: /etc/letsencrypt/live/{{ item.domain }}
dest: /etc/haproxy/certs/{{ item.file }}
regexp: '(fullchain)|(privkey)\.pem'
with_items: '{{ proxy_certificates|default([]) }}'
when: item.letsencrypt|default(false) and item.active|default(true)
ignore_errors: yes
notify:
- Restart HAProxy
tasks/configure.yml
View file @ 725e43ef
--- ---
# file: roles/haproxy/tasks/configure.yml # file: roles/haproxy/tasks/configure.yml
- name: "Proxy | Install SSL certificates" - name: Backup current settings
copy: src={{inventory_dir}}/files/ssl/{{item.file}} archive:
dest=/etc/haproxy/certs path: /etc/haproxy
dest: /var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
when: no
- name: Install SSL certificates
copy:
src: '{{inventory_dir}}/files/ssl/{{item.file}}'
dest: /etc/haproxy/certs
with_items: '{{ proxy_certificates }}' with_items: '{{ proxy_certificates }}'
when: not item.letsencrypt|default(false) when: not item.letsencrypt|default(false)
notify: 'Proxy | Restart HAProxy' notify:
- Check HAProxy Config
- name: "Proxy | Create host lists"
template: src=host_list - name: Create maintenance lists
dest=/etc/haproxy/{{item}}.list template:
owner=root src: maintenance_list
group=root dest: /etc/haproxy/maintenance.list
mode=644 owner: root
with_items: '{{ groups.all }}' group: root
notify: 'Proxy | Restart HAProxy' mode: 0644
notify:
- name: "Proxy | Create host ssl lists" - Check HAProxy Config
template: src=host_ssl_list
dest=/etc/haproxy/{{item}}.ssl.list - name: Create host lists
owner=root template:
group=root src: host_list
mode=644 dest: /etc/haproxy/{{item}}.list
with_items: '{{ groups.all }}' owner: root
notify: 'Proxy | Restart HAProxy' group: root
mode: 0644
- name: "Proxy | Create empty crm lists files" with_items: '{{ groups.webserver|default([]) }}'
file: dest=/etc/haproxy/{{item}}.crm.list notify:
owner=root - Check HAProxy Config
group=root
mode=644 - name: Create host ssl lists
state=touch template:
with_items: '{{ groups.all }}' src: host_ssl_list
changed_when: false dest: /etc/haproxy/{{item}}.ssl.list
owner: root
- name: "Proxy | Create config file" group: root
template: src=haproxy_cfg mode: 0644
dest=/etc/haproxy/haproxy.cfg with_items: '{{ groups.webserver|default([]) }}'
owner=root notify:
group=root - Check HAProxy Config
mode=644
notify: 'Proxy | Restart HAProxy' - name: Create host path lists
file:
- name: "Proxy | Install update php script" dest: /etc/haproxy/{{item}}.path.list
copy: src=etc_haproxy_update_update_php owner: root
dest=/etc/haproxy/update/update.php group: root
owner=root mode: 0644
group=root state: touch
mode=444 with_items: '{{ groups.webserver|default([]) }}'
changed_when: no
- name: "Proxy | Update blacklist"
template: src=blacklist - name: Create use bigpipe host lists
dest=/etc/haproxy/blacklist template:
owner=root src: use_bigpipe_list
group=root dest: /etc/haproxy/use_bigpipe.list
mode=644 owner: root
notify: 'Proxy | Restart HAProxy' group: root
mode: 0644
notify:
- Check HAProxy Config
- name: Create ignore varnish host lists
template:
src: ignore_varnish_list
dest: /etc/haproxy/ignore_varnish.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: Create empty crm lists files
file:
dest: /etc/haproxy/{{item}}.crm.list
owner: root
group: root
mode: 0644
state: touch
with_items: '{{ groups.webserver|default([]) }}'
changed_when: no
- name: Update private ips
template:
src: privatelist.ip.jinja2
dest: /etc/haproxy/privatelist.ip
owner: root
group: root
mode: 644
when: haproxy_private is defined
notify:
- Check HAProxy Config
- name: Update private domains
template:
src: privatelist.domain.jinja2
dest: /etc/haproxy/privatelist.domain
owner: root
group: root
mode: 0644
when: haproxy_private is defined and haproxy_private.domain is defined
notify:
- Check HAProxy Config
- name: Update redirect map files
template:
src: redirect.map.jinja2
dest: /etc/haproxy/redirect.{{ item }}.map
owner: root
group: root
mode: 0644
with_items:
- domain
- domain-and-path
- domain-append-path
- path
notify:
- Check HAProxy Config
- name: Create config file
template:
src: haproxy_cfg.jinja2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
tasks/install.yml
View file @ 725e43ef
--- ---
# file: roles/haproxy/tasks/install.yml # file: roles/haproxy/tasks/install.yml
#
# Output logs and errs into temp files:
# echo "show errors" | sudo socat unix-connect:/run/haproxy/admin.sock stdio >> /tmp/myhapshowerrs.out 2> /tmp/myhapshowerrs.err
# TODO: Configure HaProxy together with Varnish - name: Add Apt Repositories
# http://blog.haproxy.com/2015/05/06/haproxys-load-balancing-algorithm-for-static-content-delivery-with-varnish/
# http://blog.haproxy.com/2012/08/25/haproxy-varnish-and-the-single-hostname-website/
# TODO: What's new in Version 1.6
# http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/
- name: "Proxy | Add Apt Repositories"
apt_repository: apt_repository:
repo='{{ item }}' repo: '{{ item }}'
state=present state: present
mode: 0644
with_items: with_items:
- "ppa:vbernat/haproxy-1.6" - ppa:vbernat/haproxy-2.2
when: ansible_distribution_major_version != "16"
- name: "Proxy | Install some packages" - name: Install some packages
apt: apt:
pkg='{{ item }}' pkg: '{{ packages }}'
state=installed state: latest
with_items: vars:
- haproxy packages:
- hatop - haproxy
- socat #- hatop
- php5 - socat
- php5-mysql
- name: "Proxy | create directories" - name: create directories
file: file:
dest='{{ item }}' dest: '{{ item }}'
state=directory state: directory
mode='755' mode: 0755
with_items: with_items:
- /etc/haproxy/certs - /etc/haproxy/certs
- /etc/haproxy/update - /etc/haproxy/update
- name: "Proxy | Install hatop shortcut" - name: Install hatop shortcut
copy: copy:
src='usr_local_bin_hatop' src: usr_local_bin_hatop
dest='/usr/local/bin/hatop' dest: /usr/local/bin/hatop
owner='root' owner: root
group='root' group: root
mode='755' mode: 0755
- name: "Proxy | Install log rotator" - name: Install log rotator
copy: copy:
src='etc_logrotate_d_haproxy' src: etc_logrotate_d_haproxy
dest='/etc/logrotate.d/haproxy' dest: /etc/logrotate.d/haproxy
owner='root' owner: root
group='root' group: root
mode='644' mode: 0644
tags:
- logrotate
- name: Install script to read socket
template:
src: hasocket
dest: /usr/local/bin/hasocket
owner: root
group: root
mode: 0755
- name: Install error response files
copy:
src: '{{ item }}.http'
dest: /etc/haproxy/errors/{{ item }}.http
owner: root
group: root
mode: 0644
with_items:
- '500'
- '502'
- '503'
- '504'
- 'maintenance'
tags:
- errorfiles
notify:
- Check HAProxy Config
tasks/letsencrypt.yml deleted 100644 → 0
View file @ 44068f8d
---
# file: roles/haproxy/tasks/letsencrypt.yml
- set_fact: filename='/etc/letsencrypt/live/{{ item.domain }}/cert.pem'
- name: "Check LetsEncrypt Requirement"
shell: ls {{ filename }}
register: cert_available
failed_when: false
#- name: "Stop HAProxy"
# service: name=haproxy state=stopped
- name: "Install New Cert"
shell: /opt/letsencrypt/letsencrypt-auto certonly -d {{ item.domain }} --standalone --text --email {{ apache_server_admin|default('admin@paragon-es.de') }} --agree-tos --redirect
when: cert_available is defined and cert_available.stdout != filename
tasks/main.yml
View file @ 725e43ef
--- ---
# file: roles/haproxy/tasks/main.yml # file: roles/haproxy/tasks/main.yml
- name: HaProxy Role
set_fact:
role_haproxy_started: yes
tags:
- always
- block: - block:
- name: "LetsEncrypt Certificates"
include: letsencrypt.yml
with_items: '{{ proxy_certificates_letsencrypt }}'
# Renewing certificates is only possible generelly, not individually. - name: Import install
- name: "Renew Existing Cert" import_tasks: install.yml
shell: /opt/letsencrypt/letsencrypt-auto renew
ignore_errors: true - name: Import configure
import_tasks: configure.yml
tags:
- Config
- name: "Create PEM file for HaProxy" - name: Import blacklist
shell: cat /etc/letsencrypt/live/{{ item.domain }}/fullchain.pem /etc/letsencrypt/live/{{ item.domain }}/privkey.pem > /etc/haproxy/certs/{{ item.domain }}.pem import_tasks: blacklists.yml
with_items: '{{ proxy_certificates_letsencrypt }}' tags:
- Config
- Blacklists
when: '"letsencrypt" not in excluded_roles' when: not excluded_roles or "haproxy" not in excluded_roles
- block: - block:
- include: install.yml
- include: configure.yml
tags: Config
when: '"haproxy" not in excluded_roles' - name: Install Certs
include_tasks: ../../letsencrypt/tasks/cert.yml
with_items: '{{ proxy_certificates|default([]) }}'
loop_control:
loop_var: domain
when: domain.letsencrypt|default(false) and domain.active|default(true)
- name: Renew Existing Cert
import_tasks: ../../letsencrypt/tasks/renew.yml
- name: Build HaProxy Certs
import_tasks: buildcerts.yml
tags:
- Certs
when: proxy_active|default(true) and (not excluded_roles or "letsencrypt" not in excluded_roles)
- name: Import proxypool
import_tasks: proxypool.yml
when: not excluded_roles or "letsencrypt" not in excluded_roles
tags:
- Certs
tasks/proxypool.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/proxypool.yml
- block:
- name: Set directory permissions to current user
file:
path: /etc/letsencrypt
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
when: proxy_active|default(true)
- name: Pull Certs from active Proxy
import_tasks: pullcerts.yml
when: not proxy_active|default(true)
- name: Set directory permissions to root
file:
path: /etc/letsencrypt
owner: root
recurse: yes
follow: no
when: proxy_active|default(true)
tags:
- Certs
tasks/pullcerts.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/pullcerts.yml
- name: Find out active proxy
set_fact:
proxy_active_host: '{{ item }}'
with_items: '{{ groups.proxyserver|default([]) }}'
when: hostvars[item].proxy_active|default(true)
- name: Set directory permissions to current user
file:
path: '{{ item }}'
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
- name: Sync files
shell: 'rsync -rulp "{{ proxy_active_host }}:{{ item }}/" "{{ item }}"'
delegate_to: '{{ inventory_hostname }}'
become: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
ignore_errors: yes
# We ignore errors as they may happen if we run the script without the other proxy
- name: Set directory permissions to root
file:
path: '{{ item }}'
owner: root
recurse: yes
follow: no
with_items:
- /etc/letsencrypt
- /etc/haproxy/certs
templates/blacklist deleted 100644 → 0
View file @ 44068f8d
{% for host in groups['all'] %}
{% for line in hostvars[host].proxy_blacklist_ips|default([]) %}
{{line}}
{% endfor %}
{% endfor %}