Initial commit

33c97d22 · jurgenhaas · 33c97d22 · 33c97d22 · 33c97d22 · 33c97d22
Commit 33c97d22 authored 9 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
+default_proxy: ''
+proxy_default_backend: ''
--- a/files/etc_haproxy_update_update_php
+++ b/files/etc_haproxy_update_update_php
+<?php
+
+/**
+ * Script for the Proxy txr1 to grab domain changes for homepage products.
+ *
+ * @see SV-26726
+ */
+
+$db_host = $argv[1];
+$db_port = $argv[2];
+$db_user = $argv[3];
+$db_pass = $argv[4];
+$db      = $argv[5];
+$path    = $argv[6];
+$myname  = $argv[7];
+
+$changed = FALSE;
+try {
+  $dbh = new PDO('mysql:host='.$db_host.';port='.$db_port.';dbname='.$db, $db_user, $db_pass, array(PDO::ATTR_PERSISTENT => false));
+  foreach ($dbh->query('select * from variable where name="sverein_proxy_settings_'.$myname.'"') as $row) {
+    $settings = unserialize($row['value']);
+    foreach ($settings as $host => $domains) {
+      $changed = TRUE;
+      file_put_contents($path . '/' . $host . '.crm.list', implode("\n", $domains));
+    }
+  }
+  if ($changed) {
+    $dbh->query('delete from variable where name="sverein_proxy_settings_'.$myname.'"');
+  }
+}
+catch (Exception $e) {}
+exit($changed ? 99 : 0);
--- a/files/etc_logrotate_d_haproxy
+++ b/files/etc_logrotate_d_haproxy
+/var/log/haproxy {
+       daily
+       rotate 7
+       delaycompress
+       compress
+       notifempty
+       missingok
+       postrotate
+           service haproxy restart > /dev/null
+       endscript
+}
--- a/files/usr_local_bin_hatop
+++ b/files/usr_local_bin_hatop
+#!/bin/bash
+
+/usr/bin/hatop -s /run/haproxy/admin.sock
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+# file: roles/haproxy/handler/main.yml
+
+- name: "Proxy | Restart HAProxy"
+  service: name={{item.name}} state={{item.state}}
+  with_items:
+    - name: apache2
+      state: stopped
+    - name: haproxy
+      state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+
+dependencies:
+  - { role: common }
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
+---
+# file: roles/haproxy/tasks/configure.yml
+
+- name: "Proxy | Install SSL certificates"
+  copy: src={{inventory_dir}}/files/ssl/{{item}}
+        dest=/etc/haproxy/certs
+  with_items: proxy_certificates
+  notify: 'Proxy | Restart HAProxy'
+
+- name: "Proxy | Create host lists"
+  template: src=host_list
+            dest=/etc/haproxy/{{item}}.list
+            owner=root
+            group=root
+            mode=644
+  when: scope == 'all'
+  with_items: groups['all']
+  notify: 'Proxy | Restart HAProxy'
+
+- name: "Proxy | Create host ssl lists"
+  template: src=host_ssl_list
+            dest=/etc/haproxy/{{item}}.ssl.list
+            owner=root
+            group=root
+            mode=644
+  when: scope == 'all'
+  with_items: groups['all']
+  notify: 'Proxy | Restart HAProxy'
+
+- name: "Proxy | Create empty crm lists files"
+  file: dest=/etc/haproxy/{{item}}.crm.list
+        owner=root
+        group=root
+        mode=644
+        state=touch
+  when: scope == 'all'
+  with_items: groups['all']
+  notify: 'Proxy | Restart HAProxy'
+
+- name: "Proxy | Create config file"
+  template: src=haproxy_cfg
+            dest=/etc/haproxy/haproxy.cfg
+            owner=root
+            group=root
+            mode=644
+  when: scope == 'all'
+  notify: 'Proxy | Restart HAProxy'
+
+- name: "Proxy | Install update php script"
+  copy: src=etc_haproxy_update_update_php
+        dest=/etc/haproxy/update/update.php
+        owner=root
+        group=root
+        mode=444
+
+- name: "Proxy | Install update script"
+  template: src=update_sh
+            dest=/etc/haproxy/update/update.sh
+            owner=root
+            group=root
+            mode=700
+
+- name: "Proxy | Install update cron"
+  cron: name='Update S-Verein Homepage Domains'
+        month='*'
+        day='*'
+        hour='*'
+        minute='*/1'
+        job='/etc/haproxy/update/update.sh >/dev/null 2>&1'
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+# file: roles/haproxy/tasks/main.yml
+#
+# Output logs and errs into temp files:
+# echo "show errors" | sudo socat unix-connect:/run/haproxy/admin.sock stdio >> /tmp/myhapshowerrs.out 2> /tmp/myhapshowerrs.err
+
+- name: "Proxy | Add Apt Repositories"
+  apt_repository: repo='{{item}}'
+                  state=present
+  with_items:
+    - "ppa:vbernat/haproxy-1.5"
+
+- name: "Proxy | Install some packages"
+  apt: pkg={{item}} state=installed
+  with_items:
+    - haproxy
+    - hatop
+    - socat
+    - php5
+    - php5-mysql
+
+- name: "Proxy | create directories"
+  file: dest='{{item}}'
+        state=directory
+        mode=755
+  with_items:
+    - /etc/haproxy/certs
+    - /etc/haproxy/update
+
+- name: "Proxy | Install hatop shortcut"
+  copy: src=usr_local_bin_hatop
+        dest=/usr/local/bin/hatop
+        owner=root
+        group=root
+        mode=755
+
+- name: "Proxy | Install log rotator"
+  copy: src=etc_logrotate_d_haproxy
+        dest=/etc/logrotate.d/haproxy
+        owner=root
+        group=root
+        mode=644
+
+- include: configure.yml
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
+global
+  log 127.0.0.1:514 local0 warning
+  chroot /var/lib/haproxy
+  stats socket /run/haproxy/admin.sock mode 660 level admin
+  stats timeout 30s
+  user haproxy
+  group haproxy
+  daemon
+  ca-base /etc/haproxy/certs
+  crt-base /etc/haproxy/private
+  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+  maxconn 256
+  pidfile /run/haproxy.pid
+  log-send-hostname {{inventory_hostname}}
+
+defaults
+  log global
+  mode http
+  option httplog
+  option dontlognull
+  timeout connect 5000
+  timeout client 120000
+  timeout server 120000
+  errorfile 400 /etc/haproxy/errors/400.http
+  errorfile 403 /etc/haproxy/errors/403.http
+  errorfile 408 /etc/haproxy/errors/408.http
+  errorfile 500 /etc/haproxy/errors/500.http
+  errorfile 502 /etc/haproxy/errors/502.http
+  errorfile 503 /etc/haproxy/errors/503.http
+  errorfile 504 /etc/haproxy/errors/504.http
+  option forwardfor
+  option http-server-close
+  retries 3
+  maxconn 1000
+  default_backend {{proxy_default_backend}}
+
+listen stats 127.0.0.1:7000
+  mode http
+  stats enable
+  stats admin if TRUE
+  stats uri /haproxy_stats
+  stats realm TineonLoadBalancerStats
+
+frontend http-in
+  bind *:80
+{% for host in groups['all'] %}
+{% if hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host]['proxy_redirect'] %}
+  redirect prefix http://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% for host in groups['all'] %}
+{% if hostvars[host]['proxy_domains'] %}
+  acl domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
+  use_backend backend_{{host}} if domain_in_{{host}}
+{% endif %}
+{% if hostvars[host]['proxy_crm_domains'] %}
+  acl crm_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.crm.list
+  use_backend backend_{{host}} if crm_domain_in_{{host}}
+{% endif %}
+{% if hostvars[host]['proxy_ssl_domains'] %}
+  acl redirect_ssl_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
+  use_backend backend_redirect_ssl if redirect_ssl_{{host}}
+{% endif %}
+{% endfor %}
+
+frontend https-in
+  bind :443 ssl crt /etc/haproxy/certs/s-verein.de.pem no-sslv3
+{% for host in groups['all'] %}
+{% if hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host]['proxy_redirect'] %}
+  redirect prefix https://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% for host in groups['all'] %}
+{% if hostvars[host]['proxy_ssl_domains'] %}
+  acl ssl_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
+  use_backend backend_{{host}} if ssl_domain_in_{{host}}
+{% endif %}
+{% if hostvars[host]['proxy_domains'] %}
+  acl redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
+  use_backend backend_redirect if redirect_{{host}}
+{% endif %}
+{% if hostvars[host]['proxy_crm_domains'] %}
+  acl crm_redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
+  use_backend backend_redirect if crm_redirect_{{host}}
+{% endif %}
+{% endfor %}
+
+{% for host in groups['all'] %}
+{% if (hostvars[host]['proxy_domains']) or (hostvars[host]['proxy_ssl_domains']) or (hostvars[host]['proxy_crm_domains']) %}
+backend backend_{{host}}
+  server server_{{host}} {{hostvars[host]['ansible_default_ipv4']['address']}}:80 maxconn 32
+
+{% endif %}
+{% endfor %}
+
+backend backend_redirect_ssl
+  redirect scheme https if TRUE
+
+backend backend_redirect
+  redirect scheme http if TRUE
--- a/templates/host_list
+++ b/templates/host_list
+{% for domain in hostvars[item]['proxy_domains'] %}
+{{domain}}
+{% endfor %}
--- a/templates/host_ssl_list
+++ b/templates/host_ssl_list
+{% for domain in hostvars[item]['proxy_ssl_domains'] %}
+{{domain}}
+{% endfor %}
--- a/templates/update_sh
+++ b/templates/update_sh
+#!/bin/bash
+
+rm -Rf /tmp/haproxy_update
+mkdir /tmp/haproxy_update
+php /etc/haproxy/update/update.php 127.0.0.1 8011 root root crm /tmp/haproxy_update {{inventory_hostname}}
+rc=$?
+if [ $rc == 99 ]
+  then
+    cp /tmp/haproxy_update/* /etc/haproxy
+    service haproxy restart
+fi