Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ansible/roles/haproxy
  • ericzillmann/haproxy
2 results
Show changes
Commits on Source (85)
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 776 additions and 335 deletions
README.md deleted 100644 → 0
View file @ c1d2fe94
# Documentation
- https://www.haproxy.com/doc/aloha/7.0/haproxy/index.html
- https://cbonte.github.io/haproxy-dconv/index.html
- https://cbonte.github.io/haproxy-dconv/1.7/configuration.html
# Instruction to prepare a certificate file
For HaProxy to terminate SSL requests we require a single PEM file with all certificate components chained together.
The seqeuence of those compoenents is this:
- Private Key, e.g. example.com.key.pem
- Domain Certficate, e.g. example.com.crt.pem
- Intermediate Certificate, e.g. example.com.ca.crt.pem
# Watching statistics
Create an SSH tunnel to the haproxy host's port 7000 and then go to `http://127.0.0.1:7000/haproxy_stats` to get live stats.
# Talking to HaProxy Socket
HaProxy can communicate with the console through a socket and we provide a script called `hasocket` which can be used for that purpose. You either call that from the proxy's console or run it through Ansible with this command:
```
a -a "hasocket 'help'" --limit=proxyserver
```
Useful commands might be:
- "show info"
show informations like haproxy version, PID, current connections, session rates, tasks, etc..
- "show stat"
prints the stats about all frontents and backends (connection statistics etc) in a csv format
- "show errors"
indeed the following prints informations about errors if there are any
- "show sess"
show open sessions with the used backend/frontend, the source, etc..
defaults/main.yml
View file @ 725e43ef
---
default_proxy: ''
proxy_debug: no
proxy_default_backend: ''
proxy_certificates: []
proxy_timeout_connect: '5s'
proxy_timeout_client: '20s'
proxy_timeout_server: '45s'
proxy_redirect_aliase: false
proxy_timeout_connect: 5s
proxy_timeout_client: 20s
proxy_timeout_server: 45s
proxy_redirect_aliase: no
proxy_maxconn: 100
proxy_varnish_maxconn: 1000
proxy_redirect_maps:
domain: {}
domain-and-path: {}
domain-append-path: {}
path: {}
proxy_blacklist:
ip:
- '146.185.176.158'
- '162.243.9.72'
- '173.199.114.0/24'
- '173.199.115.0/24'
- '173.199.115.112/29'
- '173.199.116.0/24'
- '173.199.117.0/24'
- '173.199.118.0/24'
- '173.199.119.0/24'
- '173.199.120.0/24'
- '182.50.130.0/24'
- '188.92.74.0/24'
- '195.239.0/24'
- '198.186.190.0/23'
- '198.186.192.0/23'
- '198.186.194.0/24'
- '208.167.230.0/24'
- '209.222.12.0/24'
- '210.171.3.0/24'
- '212.100.254.105'
- '212.113.0.0/24'
- '212.113.32.0/21'
- '212.113.37.0/24'
- '213.186.0.0/24'
- '213.186.96.0/19'
- '46.137.98.159'
- '5.10.83.0/24'
- '5.10.83.0/25'
- '5.9.0.0/24'
- '5.9.104.0/24'
- '50.112.126.117'
- '54.232.100.158'
- '54.235.220.243'
- '54.249.240.15'
- '54.251.45.250'
- '54.252.97.95'
- '69.42.83.0/24'
- 146.185.176.158
- 162.243.9.72
- 173.199.114.0/24
- 173.199.115.0/24
- 173.199.115.112/29
- 173.199.116.0/24
- 173.199.117.0/24
- 173.199.118.0/24
- 173.199.119.0/24
- 173.199.120.0/24
- 182.50.130.0/24
- 188.92.74.0/24
- 195.239.0/24
- 198.186.190.0/23
- 198.186.192.0/23
- 198.186.194.0/24
- 208.167.230.0/24
- 209.222.12.0/24
- 210.171.3.0/24
- 212.100.254.105
- 212.113.0.0/24
- 212.113.32.0/21
- 212.113.37.0/24
- 213.186.0.0/24
- 213.186.96.0/19
- 46.137.98.159
- 5.10.83.0/24
- 5.10.83.0/25
- 5.9.0.0/24
- 5.9.104.0/24
- 50.112.126.117
- 54.232.100.158
- 54.235.220.243
- 54.249.240.15
- 54.251.45.250
- 54.252.97.95
- 69.42.83.0/24
referer:
- 'best-seo-solution.com'
- 'best-seo-offer.com'
- 'buttons-for-website.com'
- 'buttons-for-your-website.com'
- 'semalt.com'
- '7makemoneyonline.com'
- best-seo-solution.com
- best-seo-offer.com
- buttons-for-website.com
- buttons-for-your-website.com
- semalt.com
- 7makemoneyonline.com
agent:
- 'AhrefsBot'
- 'Ahrefs'
- 'rogerbot'
- 'MJ12bot'
- 'majestic12'
- 'MJ12'
- 'SiteBot'
- 'Semrush'
- 'CCBot'
- '80legs'
- 'Sogou'
- 'DigExt'
- 'spbot'
- 'ia_archiver'
- 'Rankivabot'
- 'DBLBot'
- 'libw'
- 'Voil'
- 'Twice'
- 'Sogou'
- 'psbot'
- 'Exabot'
- 'boitho'
- 'ajSitemap'
- 'Rankivabot'
- 'SeznamBot'
- 'DBLBot'
- 'Ezooms'
- 'Ezooms/1.0'
- 'exabot'
- 'dotbot'
- 'gigabot'
- AhrefsBot
- Ahrefs
- rogerbot
- MJ12bot
- majestic12
- MJ12
- SiteBot
- Semrush
- CCBot
- 80legs
- Sogou
- DigExt
- spbot
- ia_archiver
- Rankivabot
- DBLBot
- libw
- Voil
- Twice
- Sogou
- psbot
- Exabot
- boitho
- ajSitemap
- Rankivabot
- DBLBot
- Ezooms
- Ezooms/1.0
- exabot
- dotbot
- gigabot
- thesis-research-bot
- my-tiny-bot
other:
- 'path_beg /wp-admin'
- path_beg /wp-admin
- path_beg /wp-login
- path /autodiscover/autodiscover.xml
- path /autodiscover.xml
- path /CHANGELOG.txt
- path /COPYRIGHT.txt
- path /INSTALL.mysql.txt
- path /INSTALL.pgsql.txt
- path /INSTALL.sqlite.txt
- path /INSTALL.txt
- path /LICENSE.txt
- path /MAINTAINERS.txt
- path /README.txt
- path /UPGRADE.txt
files/500.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 500 Internal Server Error
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 500 Internal Server Error -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/502.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 502 Bad Gateway -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/503.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/504.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 504 Gateway Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 504 Gateway Time-out -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
files/etc_logrotate_d_haproxy
View file @ 725e43ef
/var/log/haproxy {
daily
rotate 7
delaycompress
compress
notifempty
missingok
postrotate
service haproxy restart > /dev/null
endscript
daily
rotate 7
delaycompress
compress
notifempty
missingok
postrotate
service haproxy restart > /dev/null
endscript
}
files/maintenance.http 0 → 100644
View file @ 725e43ef
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<!doctype html>
<!-- 503 Service Unavailable -->
<html>
<title>Site Maintenance | Wartung</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 50px; }
body { font: 20px Helvetica, sans-serif; color: #333; }
article { display: block; text-align: left; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<body>
<article>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>Sorry for the inconvenience but we're performing some maintenance at the moment. We'll be back online shortly!</p>
</div>
</article>
<article>
<h1>Wir sind bald zur&uuml;ck!</h1>
<div>
<p>Wir f&uuml;hren derzeit einige Wartungsarbeiten durch und entschuldigen uns f&uuml;r die Unannehmlichkeiten. Wir sind bald wieder online!</p>
</div>
</article>
</body>
</html>
handlers/main.yml
View file @ 725e43ef
---
# file: roles/haproxy/handler/main.yml
- name: "Check HAProxy Config"
- name: Check HAProxy Config
command: haproxy -c -f /etc/haproxy/haproxy.cfg
register: haproxy_config_check
changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
notify: "Restart HAProxy"
notify:
- Restart HAProxy
- name: "Restart HAProxy"
service: name={{item.name}} state={{item.state}}
- name: Restart HAProxy
service:
name: '{{ item.name }}'
state: '{{ item.state }}'
with_items:
- name: haproxy
state: restarted
tasks/blacklists.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/blacklists.yml
- name: Update blacklists
template:
src: '{{ item }}'
dest: /etc/haproxy/{{ item }}
owner: root
group: root
mode: 0644
with_items:
- blacklist.ip
- blacklist.referer
- blacklist.agent
notify:
- Check HAProxy Config
tasks/buildcerts.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/buildcerts.yml
- name: "Create PEM file for HaProxy"
- name: Create PEM file for HaProxy
assemble:
src='/etc/letsencrypt/live/{{ item.domain }}'
dest='/etc/haproxy/certs/{{ item.domain }}.pem'
regexp='(fullchain)|(privkey)\.pem'
src: /etc/letsencrypt/live/{{ item.domain }}
dest: /etc/haproxy/certs/{{ item.file }}
regexp: '(fullchain)|(privkey)\.pem'
with_items: '{{ proxy_certificates|default([]) }}'
when: item.letsencrypt|default(false) and item.active|default(true)
ignore_errors: yes
notify:
- "Restart HAProxy"
- Restart HAProxy
tasks/configure.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/configure.yml
- name: "Backup current settings"
- name: Backup current settings
archive:
path=/etc/haproxy
dest=/var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
path: /etc/haproxy
dest: /var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
when: no
- name: "Install SSL certificates"
- name: Install SSL certificates
copy:
src='{{inventory_dir}}/files/ssl/{{item.file}}'
dest='/etc/haproxy/certs'
src: '{{inventory_dir}}/files/ssl/{{item.file}}'
dest: /etc/haproxy/certs
with_items: '{{ proxy_certificates }}'
when: not item.letsencrypt|default(false)
notify: "Check HAProxy Config"
notify:
- Check HAProxy Config
- name: "Create host lists"
- name: Create maintenance lists
template:
src='host_list'
dest='/etc/haproxy/{{item}}.list'
owner='root'
group='root'
mode='644'
src: maintenance_list
dest: /etc/haproxy/maintenance.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: Create host lists
template:
src: host_list
dest: /etc/haproxy/{{item}}.list
owner: root
group: root
mode: 0644
with_items: '{{ groups.webserver|default([]) }}'
notify: "Check HAProxy Config"
notify:
- Check HAProxy Config
- name: "Create host ssl lists"
- name: Create host ssl lists
template:
src='host_ssl_list'
dest='/etc/haproxy/{{item}}.ssl.list'
owner='root'
group='root'
mode='644'
src: host_ssl_list
dest: /etc/haproxy/{{item}}.ssl.list
owner: root
group: root
mode: 0644
with_items: '{{ groups.webserver|default([]) }}'
notify: "Check HAProxy Config"
notify:
- Check HAProxy Config
- name: "Create host path lists"
- name: Create host path lists
file:
dest='/etc/haproxy/{{item}}.path.list'
owner='root'
group='root'
mode='644'
state='touch'
dest: /etc/haproxy/{{item}}.path.list
owner: root
group: root
mode: 0644
state: touch
with_items: '{{ groups.webserver|default([]) }}'
changed_when: false
changed_when: no
- name: "Create use bigpipe host lists"
- name: Create use bigpipe host lists
template:
src='use_bigpipe_list'
dest='/etc/haproxy/use_bigpipe.list'
owner='root'
group='root'
mode='644'
notify: "Check HAProxy Config"
src: use_bigpipe_list
dest: /etc/haproxy/use_bigpipe.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: "Create ignore varnish host lists"
- name: Create ignore varnish host lists
template:
src='ignore_varnish_list'
dest='/etc/haproxy/ignore_varnish.list'
owner='root'
group='root'
mode='644'
notify: "Check HAProxy Config"
src: ignore_varnish_list
dest: /etc/haproxy/ignore_varnish.list
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
- name: "Create empty crm lists files"
- name: Create empty crm lists files
file:
dest='/etc/haproxy/{{item}}.crm.list'
owner='root'
group='root'
mode='644'
state='touch'
dest: /etc/haproxy/{{item}}.crm.list
owner: root
group: root
mode: 0644
state: touch
with_items: '{{ groups.webserver|default([]) }}'
changed_when: false
changed_when: no
- name: Update private ips
template:
src: privatelist.ip.jinja2
dest: /etc/haproxy/privatelist.ip
owner: root
group: root
mode: 644
when: haproxy_private is defined
notify:
- Check HAProxy Config
- name: Update private domains
template:
src: privatelist.domain.jinja2
dest: /etc/haproxy/privatelist.domain
owner: root
group: root
mode: 0644
when: haproxy_private is defined and haproxy_private.domain is defined
notify:
- Check HAProxy Config
- name: "Update blacklists"
- name: Update redirect map files
template:
src='{{ item }}'
dest='/etc/haproxy/{{ item }}'
owner='root'
group='root'
mode='644'
src: redirect.map.jinja2
dest: /etc/haproxy/redirect.{{ item }}.map
owner: root
group: root
mode: 0644
with_items:
- 'blacklist.ip'
- 'blacklist.referer'
- 'blacklist.agent'
notify: "Check HAProxy Config"
- domain
- domain-and-path
- domain-append-path
- path
notify:
- Check HAProxy Config
- name: "Create config file"
- name: Create config file
template:
src='haproxy_cfg.jinja2'
dest='/etc/haproxy/haproxy.cfg'
owner='root'
group='root'
mode='644'
notify: "Check HAProxy Config"
src: haproxy_cfg.jinja2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: 0644
notify:
- Check HAProxy Config
tasks/install.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/install.yml
- name: "Add Apt Repositories"
- name: Add Apt Repositories
apt_repository:
repo='{{ item }}'
state=present
mode='644'
repo: '{{ item }}'
state: present
mode: 0644
with_items:
- "ppa:vbernat/haproxy-1.7"
- ppa:vbernat/haproxy-2.2
when: ansible_distribution_major_version != "16"
- name: "Install some packages"
- name: Install some packages
apt:
pkg='{{ item }}'
state=installed
with_items:
- haproxy
- hatop
- socat
pkg: '{{ packages }}'
state: latest
vars:
packages:
- haproxy
#- hatop
- socat
- name: "create directories"
- name: create directories
file:
dest='{{ item }}'
state=directory
mode='755'
dest: '{{ item }}'
state: directory
mode: 0755
with_items:
- /etc/haproxy/certs
- /etc/haproxy/update
- name: "Install hatop shortcut"
- name: Install hatop shortcut
copy:
src='usr_local_bin_hatop'
dest='/usr/local/bin/hatop'
owner='root'
group='root'
mode='755'
src: usr_local_bin_hatop
dest: /usr/local/bin/hatop
owner: root
group: root
mode: 0755
- name: "Install log rotator"
- name: Install log rotator
copy:
src='etc_logrotate_d_haproxy'
dest='/etc/logrotate.d/haproxy'
owner='root'
group='root'
mode='644'
src: etc_logrotate_d_haproxy
dest: /etc/logrotate.d/haproxy
owner: root
group: root
mode: 0644
tags:
- logrotate
- name: "Install script to read socket"
- name: Install script to read socket
template:
src='hasocket'
dest='/usr/local/bin/hasocket'
owner='root'
group='root'
mode='755'
src: hasocket
dest: /usr/local/bin/hasocket
owner: root
group: root
mode: 0755
- name: Install error response files
copy:
src: '{{ item }}.http'
dest: /etc/haproxy/errors/{{ item }}.http
owner: root
group: root
mode: 0644
with_items:
- '500'
- '502'
- '503'
- '504'
- 'maintenance'
tags:
- errorfiles
notify:
- Check HAProxy Config
tasks/main.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/main.yml
- name: "HaProxy Role"
set_fact: role_haproxy_started=true
tags: 'always'
- name: HaProxy Role
set_fact:
role_haproxy_started: yes
tags:
- always
- block:
- include: install.yml
- include: configure.yml
tags: 'Config'
- name: Import install
import_tasks: install.yml
when: '"haproxy" not in excluded_roles'
- name: Import configure
import_tasks: configure.yml
tags:
- Config
- block:
- name: "Install Certs"
include: '../../letsencrypt/tasks/cert.yml'
with_items: '{{ proxy_certificates|default([]) }}'
loop_control:
loop_var: domain
when: domain.letsencrypt|default(false) and domain.active|default(true)
- name: "Renew Existing Cert"
include: '../../letsencrypt/tasks/renew.yml'
- name: Import blacklist
import_tasks: blacklists.yml
tags:
- Config
- Blacklists
- name: "Build HaCerts"
include: 'buildcerts.yml'
when: not excluded_roles or "haproxy" not in excluded_roles
- name: "Set directory permissions to current user"
file:
path: '/etc/letsencrypt'
owner: '{{ ansible_env.SUDO_USER }}'
recurse: yes
tags: 'Certs'
when: proxy_active
- block:
tags: 'Certs'
when: 'proxy_active and "letsencrypt" not in excluded_roles'
- name: Install Certs
include_tasks: ../../letsencrypt/tasks/cert.yml
with_items: '{{ proxy_certificates|default([]) }}'
loop_control:
loop_var: domain
when: domain.letsencrypt|default(false) and domain.active|default(true)
- block:
- name: Renew Existing Cert
import_tasks: ../../letsencrypt/tasks/renew.yml
- name: "Pull Certs from active Proxy"
include: 'pullcerts.yml'
tags: 'Certs'
- name: Build HaProxy Certs
import_tasks: buildcerts.yml
when: 'not proxy_active and "letsencrypt" not in excluded_roles'
tags:
- Certs
when: proxy_active|default(true) and (not excluded_roles or "letsencrypt" not in excluded_roles)
- name: "Set directory permissions to root"
file:
path: '/etc/letsencrypt'
owner: 'root'
recurse: yes
tags: 'Certs'
when: 'proxy_active and "letsencrypt" not in excluded_roles'
- name: Import proxypool
import_tasks: proxypool.yml
when: not excluded_roles or "letsencrypt" not in excluded_roles
tags:
- Certs
tasks/proxypool.yml 0 → 100644
View file @ 725e43ef
---
# file: roles/haproxy/tasks/proxypool.yml
- block:
- name: Set directory permissions to current user
file:
path: /etc/letsencrypt
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
when: proxy_active|default(true)
- name: Pull Certs from active Proxy
import_tasks: pullcerts.yml
when: not proxy_active|default(true)
- name: Set directory permissions to root
file:
path: /etc/letsencrypt
owner: root
recurse: yes
follow: no
when: proxy_active|default(true)
tags:
- Certs
tasks/pullcerts.yml
View file @ 725e43ef
---
# file: roles/haproxy/tasks/pullcerts.yml
- name: "Find out active proxy"
set_fact: proxy_active_host={{ item }}
- name: Find out active proxy
set_fact:
proxy_active_host: '{{ item }}'
with_items: '{{ groups.proxyserver|default([]) }}'
when: hostvars[item].proxy_active|default(true)
- name: "Set directory permissions to current user"
- name: Set directory permissions to current user
file:
path: '{{ item }}'
owner: '{{ ansible_env.SUDO_USER }}'
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
- /etc/letsencrypt
- /etc/haproxy/certs
- name: "Sync files"
shell: rsync -rulp '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
delegate_to: "{{ inventory_hostname }}"
- name: Sync files
shell: 'rsync -rulp "{{ proxy_active_host }}:{{ item }}/" "{{ item }}"'
delegate_to: '{{ inventory_hostname }}'
become: no
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
- /etc/letsencrypt
- /etc/haproxy/certs
ignore_errors: yes
# We ignore errors as they may happen if we run the script without the other proxy
- name: "Set directory permissions to root"
- name: Set directory permissions to root
file:
path: '{{ item }}'
owner: 'root'
owner: root
recurse: yes
follow: no
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
- /etc/letsencrypt
- /etc/haproxy/certs
templates/blacklist.agent
View file @ 725e43ef
{% if ansible_local is defined and ansible_local.blacklist is defined %}
{% for line in ansible_local.blacklist.agent|default([]) %}
{{line}}
{% endfor %}
{% endif %}
{% for line in proxy_blacklist.agent|default([]) %}
{{line}}
{% endfor %}
templates/blacklist.ip
View file @ 725e43ef
{% if ansible_local is defined and ansible_local.blacklist is defined %}
{% for line in ansible_local.blacklist.ip|default([]) %}
{{line}}
{% endfor %}
{% endif %}
{% for line in proxy_blacklist.ip|default([]) %}
{{line}}
{% endfor %}
templates/blacklist.referer
View file @ 725e43ef
{% if ansible_local is defined and ansible_local.blacklist is defined %}
{% for line in ansible_local.blacklist.referer|default([]) %}
{{line}}
{% endfor %}
{% endif %}
{% for line in proxy_blacklist.referer|default([]) %}
{{line}}
{% endfor %}
templates/haproxy_cfg.jinja2
View file @ 725e43ef
This diff is collapsed.