Enhance haproxy installation

89e4849f · jurgenhaas · d789af60 · 89e4849f · 89e4849f · 89e4849f
Commit 89e4849f authored 9 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
 default_proxy: ''
 proxy_default_backend: ''
+proxy_certificates: []
 proxy_blacklist_ips: []
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -13,7 +13,7 @@
            owner=root
            group=root
            mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
  with_items: '{{ groups.all }}'
  notify: 'Proxy | Restart HAProxy'

@@ -23,7 +23,7 @@
            owner=root
            group=root
            mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
  with_items: '{{ groups.all }}'
  notify: 'Proxy | Restart HAProxy'

@@ -33,7 +33,7 @@
        group=root
        mode=644
        state=touch
-  when: scope == 'all'
+  #when: scope == 'all'
  with_items: '{{ groups.all }}'
  notify: 'Proxy | Restart HAProxy'

@@ -43,7 +43,7 @@
            owner=root
            group=root
            mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
  notify: 'Proxy | Restart HAProxy'

 - name: "Proxy | Install update php script"
@@ -74,5 +74,5 @@
            owner=root
            group=root
            mode=644
-  when: scope == 'all'
+  #when: scope == 'all'
  notify: 'Proxy | Restart HAProxy'
--- a/templates/blacklist
+++ b/templates/blacklist
-{% for line in hostvars[item]['proxy_blacklist_ips'] %}
+{% for host in groups['all'] %}
+{% for line in hostvars[host].proxy_blacklist_ips|default([]) %}
 {{line}}
 {% endfor %}
+{% endfor %}
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -46,55 +46,53 @@ frontend http-in
  acl blockedip src  -i -f /etc/haproxy/blacklist
  http-request deny if blockedip
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host].proxy_redirect|default([]) %}
  redirect prefix http://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
 {% endfor %}
-{% endif %}
 {% endfor %}
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_domains'] %}
+{% if hostvars[host].proxy_domains is defined %}
  acl domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
  use_backend backend_{{host}} if domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
+{% if hostvars[host].proxy_crm_domains is defined %}
  acl crm_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.crm.list
  use_backend backend_{{host}} if crm_domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
+{% if hostvars[host].proxy_ssl_domains is defined %}
  acl redirect_ssl_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
  use_backend backend_redirect_ssl if redirect_ssl_{{host}}
 {% endif %}
 {% endfor %}

+{% for cert in proxy_certificates %}
 frontend https-in
-  bind :443 ssl crt /etc/haproxy/certs/s-verein.de.pem no-sslv3
+  bind :443 ssl crt /etc/haproxy/certs/{{ cert }} no-sslv3
  acl blockedip src  -i -f /etc/haproxy/blacklist
  http-request deny if blockedip
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
+{% for redirect in hostvars[host].proxy_redirect|default([]) %}
  redirect prefix https://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
 {% endfor %}
-{% endif %}
 {% endfor %}
 {% for host in groups['all'] %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
+{% if hostvars[host].proxy_ssl_domains is defined %}
  acl ssl_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
  use_backend backend_{{host}} if ssl_domain_in_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_domains'] %}
+{% if hostvars[host].proxy_domains is defined %}
  acl redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
  use_backend backend_redirect if redirect_{{host}}
 {% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
+{% if hostvars[host].proxy_crm_domains is defined %}
  acl crm_redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
  use_backend backend_redirect if crm_redirect_{{host}}
 {% endif %}
 {% endfor %}
+{% endfor %}

 {% for host in groups['all'] %}
-{% if (hostvars[host]['proxy_domains']) or (hostvars[host]['proxy_ssl_domains']) or (hostvars[host]['proxy_crm_domains']) %}
+{% if (hostvars[host].proxy_domains is defined) or (hostvars[host].proxy_ssl_domains is defined) or (hostvars[host].proxy_crm_domains is defined) %}
 backend backend_{{host}}
  server server_{{host}} {{hostvars[host]['ansible_default_ipv4']['address']|default(hostvars[host]['static_ipv4'])}}:80 maxconn 32


--- a/templates/host_list
+++ b/templates/host_list
-{% for domain in hostvars[item]['proxy_domains'] %}
+{% for domain in hostvars[item].proxy_domains|default([]) %}
 {{domain}}
 {% endfor %}
--- a/templates/host_ssl_list
+++ b/templates/host_ssl_list
-{% for domain in hostvars[item]['proxy_ssl_domains'] %}
+{% for domain in hostvars[item].proxy_ssl_domains|default([]) %}
 {{domain}}
 {% endfor %}