Update HAProxy for multi-OS support
This change implements CentOS7 and Ubuntu 16.04 support for the HAProxy role. Because RHEL does not package HATop the installation of HATop has been moved to a source installation so that it can be used universally. Implements: blueprint multi-platform-host Change-Id: Ib4f33185202b694b9611cc5fd6323c30a1c8d489 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
e80b87f195
commit
4510d37dcd
@ -13,41 +13,18 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
# Defines that the role will be deployed on a host machine
|
|
||||||
is_metal: true
|
|
||||||
|
|
||||||
## APT Cache options
|
|
||||||
cache_timeout: 600
|
|
||||||
|
|
||||||
haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu"
|
|
||||||
haproxy_apt_repo:
|
|
||||||
repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main"
|
|
||||||
state: "present"
|
|
||||||
|
|
||||||
# Haproxy GPG Keys
|
|
||||||
haproxy_gpg_keys:
|
|
||||||
- key_name: 'haproxy'
|
|
||||||
keyserver: 'hkp://keyserver.ubuntu.com:80'
|
|
||||||
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
|
|
||||||
hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
|
|
||||||
|
|
||||||
haproxy_pre_apt_packages:
|
|
||||||
- python-software-properties
|
|
||||||
- software-properties-common
|
|
||||||
- debconf-utils
|
|
||||||
|
|
||||||
haproxy_apt_packages:
|
|
||||||
- haproxy
|
|
||||||
- hatop
|
|
||||||
- rsyslog # Used for local logging
|
|
||||||
- vim-haproxy
|
|
||||||
- psmisc
|
|
||||||
|
|
||||||
## Haproxy Configuration
|
## Haproxy Configuration
|
||||||
haproxy_rise: 3
|
haproxy_rise: 3
|
||||||
haproxy_fall: 3
|
haproxy_fall: 3
|
||||||
haproxy_interval: 12000
|
haproxy_interval: 12000
|
||||||
|
|
||||||
|
## Haproxy standard API
|
||||||
|
haproxy_repo: {}
|
||||||
|
haproxy_gpg_keys: []
|
||||||
|
haproxy_pre_packages: []
|
||||||
|
haproxy_packages: []
|
||||||
|
haproxy_pinned_packages: []
|
||||||
|
|
||||||
## Haproxy Stats
|
## Haproxy Stats
|
||||||
haproxy_stats_enabled: False
|
haproxy_stats_enabled: False
|
||||||
haproxy_stats_bind_address: 127.0.0.1
|
haproxy_stats_bind_address: 127.0.0.1
|
||||||
@ -84,3 +61,5 @@ haproxy_ssl_pem: /etc/ssl/private/haproxy.pem
|
|||||||
haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem
|
haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem
|
||||||
haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
||||||
haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
|
haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
|
||||||
|
|
||||||
|
haproxy_hatop_download_url: "http://hatop.googlecode.com/files/hatop-0.7.7.tar.gz"
|
||||||
|
@ -1,8 +1,2 @@
|
|||||||
# Set ENABLED to 1 if you want the init script to start haproxy.
|
# Set ENABLED to 1 if you want the init script to start haproxy.
|
||||||
ENABLED=1
|
ENABLED=1
|
||||||
|
|
||||||
# Add extra flags here.
|
|
||||||
#EXTRAOPTS="-de -m 16"
|
|
||||||
|
|
||||||
# Conf.d style configuration dir. Init script has been hacked to support this.
|
|
||||||
CONFIG_DIR=/etc/haproxy/conf.d
|
|
||||||
|
171
files/haproxy.sh
171
files/haproxy.sh
@ -1,171 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: haproxy
|
|
||||||
# Required-Start: $local_fs $network $remote_fs
|
|
||||||
# Required-Stop: $local_fs $remote_fs
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: fast and reliable load balancing reverse proxy
|
|
||||||
# Description: This file should be used to start and stop haproxy.
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
# Author: Arnaud Cornet <acornet@debian.org>
|
|
||||||
|
|
||||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
|
||||||
PIDFILE=/var/run/haproxy.pid
|
|
||||||
CONFIG=/etc/haproxy/haproxy.cfg
|
|
||||||
HAPROXY=/usr/sbin/haproxy
|
|
||||||
EXTRAOPTS=
|
|
||||||
ENABLED=0
|
|
||||||
|
|
||||||
test -x $HAPROXY || exit 0
|
|
||||||
|
|
||||||
if [ -e /etc/default/haproxy ]; then
|
|
||||||
. /etc/default/haproxy
|
|
||||||
fi
|
|
||||||
|
|
||||||
test -f "$CONFIG" || exit 0
|
|
||||||
test "$ENABLED" != "0" || exit 0
|
|
||||||
|
|
||||||
[ -f /etc/default/rcS ] && . /etc/default/rcS
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
CONFIG_DIR_FILES=""
|
|
||||||
if [ ! -z "$CONFIG_DIR" ]; then
|
|
||||||
for file in $CONFIG_DIR/*; do
|
|
||||||
CONFIG_DIR_FILES="$CONFIG_DIR_FILES -f $file"
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
haproxy_start()
|
|
||||||
{
|
|
||||||
start-stop-daemon --start --pidfile "$PIDFILE" \
|
|
||||||
--exec $HAPROXY -- -f "$CONFIG" $CONFIG_DIR_FILES -D -p "$PIDFILE" \
|
|
||||||
$EXTRAOPTS || return 2
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
haproxy_stop()
|
|
||||||
{
|
|
||||||
if [ ! -f $PIDFILE ] ; then
|
|
||||||
# This is a success according to LSB
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
for pid in $(cat $PIDFILE) ; do
|
|
||||||
/bin/kill $pid || return 4
|
|
||||||
done
|
|
||||||
rm -f $PIDFILE
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
haproxy_reload()
|
|
||||||
{
|
|
||||||
$HAPROXY -f "$CONFIG" $CONFIG_DIR_FILES -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
|
|
||||||
|| return 2
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
haproxy_status()
|
|
||||||
{
|
|
||||||
if [ ! -f $PIDFILE ] ; then
|
|
||||||
# program not running
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
|
|
||||||
for pid in $(cat $PIDFILE) ; do
|
|
||||||
if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then
|
|
||||||
# program running, bogus pidfile
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
log_daemon_msg "Starting haproxy" "haproxy"
|
|
||||||
haproxy_start
|
|
||||||
ret=$?
|
|
||||||
case "$ret" in
|
|
||||||
0)
|
|
||||||
log_end_msg 0
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
log_end_msg 1
|
|
||||||
echo "pid file '$PIDFILE' found, haproxy not started."
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exit $ret
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
log_daemon_msg "Stopping haproxy" "haproxy"
|
|
||||||
haproxy_stop
|
|
||||||
ret=$?
|
|
||||||
case "$ret" in
|
|
||||||
0|1)
|
|
||||||
log_end_msg 0
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exit $ret
|
|
||||||
;;
|
|
||||||
reload|force-reload)
|
|
||||||
log_daemon_msg "Reloading haproxy" "haproxy"
|
|
||||||
haproxy_reload
|
|
||||||
ret=$?
|
|
||||||
case "$ret" in
|
|
||||||
0|1)
|
|
||||||
log_end_msg 0
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exit $ret
|
|
||||||
;;
|
|
||||||
restart)
|
|
||||||
log_daemon_msg "Restarting haproxy" "haproxy"
|
|
||||||
haproxy_stop
|
|
||||||
haproxy_start
|
|
||||||
ret=$?
|
|
||||||
case "$ret" in
|
|
||||||
0)
|
|
||||||
log_end_msg 0
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exit $ret
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
haproxy_status
|
|
||||||
ret=$?
|
|
||||||
case "$ret" in
|
|
||||||
0)
|
|
||||||
echo "haproxy is running."
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
echo "haproxy dead, but $PIDFILE exists."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "haproxy not running."
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exit $ret
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}"
|
|
||||||
exit 2
|
|
||||||
;;
|
|
||||||
esac
|
|
@ -23,10 +23,20 @@ galaxy_info:
|
|||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- trusty
|
- trusty
|
||||||
|
- xenial
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
categories:
|
categories:
|
||||||
- cloud
|
- cloud
|
||||||
- python
|
- python
|
||||||
- development
|
- development
|
||||||
- openstack
|
- openstack
|
||||||
dependencies:
|
dependencies:
|
||||||
- apt_package_pinning
|
- role: apt_package_pinning
|
||||||
|
apt_pinned_packages: [{ package: "*", release: LP-PPA-vbernat-haproxy-1.5, priority: "1001" }]
|
||||||
|
apt_package_pinning_file_name: "haproxy_pin.pref"
|
||||||
|
when:
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
|
- haproxy_ssl | bool
|
||||||
|
- ansible_distribution_version | version_compare('16.04', '<')
|
||||||
|
@ -13,6 +13,8 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
# NOTE(cloudnull) This file can be removed when we drop 14.04 support
|
||||||
|
|
||||||
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
|
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
|
||||||
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
|
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
|
||||||
#in 1.9.x or we move to 2.0 (if tested working)
|
#in 1.9.x or we move to 2.0 (if tested working)
|
||||||
@ -38,7 +40,7 @@
|
|||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: haproxy_pre_apt_packages
|
with_items: "{{ haproxy_pre_packages }}"
|
||||||
tags:
|
tags:
|
||||||
- haproxy-pre-apt-packages
|
- haproxy-pre-apt-packages
|
||||||
|
|
||||||
@ -54,7 +56,7 @@
|
|||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: haproxy_gpg_keys
|
with_items: "{{ haproxy_gpg_keys }}"
|
||||||
tags:
|
tags:
|
||||||
- haproxy-apt-keys
|
- haproxy-apt-keys
|
||||||
|
|
||||||
@ -68,25 +70,18 @@
|
|||||||
until: add_keys_fallback|success
|
until: add_keys_fallback|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: haproxy_gpg_keys
|
with_items: "{{ haproxy_gpg_keys }}"
|
||||||
when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined)
|
when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined)
|
||||||
tags:
|
tags:
|
||||||
- haproxy-apt-keys
|
- haproxy-apt-keys
|
||||||
|
|
||||||
- name: Drop haproxy repo pin
|
|
||||||
template:
|
|
||||||
src: "haproxy_pin.pref.j2"
|
|
||||||
dest: "/etc/apt/preferences.d/haproxy_pin.pref"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "0644"
|
|
||||||
tags:
|
|
||||||
- haproxy-repo-pin
|
|
||||||
|
|
||||||
- name: Add haproxy repo(s)
|
- name: Add haproxy repo(s)
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "{{ haproxy_apt_repo.repo }}"
|
repo: "{{ haproxy_repo.repo }}"
|
||||||
state: "{{ haproxy_apt_repo.state }}"
|
state: "{{ haproxy_repo.state }}"
|
||||||
|
when:
|
||||||
|
- haproxy_repo.repo is defined
|
||||||
|
- haproxy_repo.state is defined
|
||||||
register: add_repos
|
register: add_repos
|
||||||
until: add_repos|success
|
until: add_repos|success
|
||||||
retries: 5
|
retries: 5
|
||||||
|
@ -13,54 +13,27 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
|
- include: haproxy_install_apt.yml
|
||||||
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
|
when:
|
||||||
#in 1.9.x or we move to 2.0 (if tested working)
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Check apt last update file
|
|
||||||
stat:
|
|
||||||
path: /var/cache/apt
|
|
||||||
register: apt_cache_stat
|
|
||||||
tags:
|
tags:
|
||||||
- haproxy-apt-packages
|
- install-apt
|
||||||
|
|
||||||
- name: Update apt if needed
|
- include: haproxy_install_yum.yml
|
||||||
apt:
|
when:
|
||||||
update_cache: yes
|
- ansible_pkg_mgr == 'yum'
|
||||||
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
|
|
||||||
tags:
|
tags:
|
||||||
- haproxy-apt-packages
|
- install-yum
|
||||||
|
|
||||||
- name: Install HAProxy Packages
|
- include: haproxy_install_hatop.yml
|
||||||
apt:
|
|
||||||
pkg: "{{ item }}"
|
|
||||||
state: latest
|
|
||||||
register: install_packages
|
|
||||||
until: install_packages|success
|
|
||||||
retries: 5
|
|
||||||
delay: 2
|
|
||||||
with_items: haproxy_apt_packages
|
|
||||||
tags:
|
|
||||||
- haproxy-apt-packages
|
|
||||||
|
|
||||||
- name: Replace haproxy DEFAULT file
|
- name: Create haproxy conf.d dir
|
||||||
copy:
|
|
||||||
src: haproxy.default
|
|
||||||
dest: /etc/default/haproxy
|
|
||||||
tags:
|
|
||||||
- haproxy-config
|
|
||||||
|
|
||||||
- name: Replace haproxy init script to allow conf.d
|
|
||||||
copy:
|
|
||||||
src: haproxy.sh
|
|
||||||
dest: /etc/init.d/haproxy
|
|
||||||
mode: "0755"
|
|
||||||
tags:
|
|
||||||
- haproxy-config
|
|
||||||
|
|
||||||
- name: Create haproxy conf.d
|
|
||||||
file:
|
file:
|
||||||
path: /etc/haproxy/conf.d
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
mode: "0755"
|
||||||
|
with_items:
|
||||||
|
- { path: "/etc/haproxy" }
|
||||||
|
- { path: "/etc/haproxy/conf.d" }
|
||||||
tags:
|
tags:
|
||||||
- haproxy-config
|
- haproxy-config
|
||||||
|
59
tasks/haproxy_install_apt.yml
Normal file
59
tasks/haproxy_install_apt.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# NOTE(cloudnull) This can be removed when we drop 14.04 support
|
||||||
|
- include: haproxy_add_ppa_repo.yml
|
||||||
|
when:
|
||||||
|
- haproxy_ssl | bool
|
||||||
|
- ansible_distribution_version | version_compare('16.04', '<')
|
||||||
|
|
||||||
|
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
|
||||||
|
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
|
||||||
|
#in 1.9.x or we move to 2.0 (if tested working)
|
||||||
|
- name: Check apt last update file
|
||||||
|
stat:
|
||||||
|
path: /var/cache/apt
|
||||||
|
register: apt_cache_stat
|
||||||
|
tags:
|
||||||
|
- haproxy-apt-packages
|
||||||
|
|
||||||
|
- name: Update apt if needed
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
|
||||||
|
tags:
|
||||||
|
- haproxy-apt-packages
|
||||||
|
|
||||||
|
- name: Install HAProxy Packages
|
||||||
|
apt:
|
||||||
|
pkg: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items: haproxy_packages
|
||||||
|
tags:
|
||||||
|
- haproxy-apt-packages
|
||||||
|
|
||||||
|
# NOTE(cloudnull) This can be removed when we drop 14.04 support
|
||||||
|
- name: Replace haproxy DEFAULT file
|
||||||
|
copy:
|
||||||
|
src: haproxy.default
|
||||||
|
dest: /etc/default/haproxy
|
||||||
|
when:
|
||||||
|
- ansible_distribution_version | version_compare('16.04', '<')
|
||||||
|
tags:
|
||||||
|
- haproxy-config
|
36
tasks/haproxy_install_hatop.yml
Normal file
36
tasks/haproxy_install_hatop.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Download HATop
|
||||||
|
get_url:
|
||||||
|
url: "{{ haproxy_hatop_download_url }}"
|
||||||
|
dest: "/var/cache/{{ haproxy_hatop_download_url | basename }}"
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: Create HATop directory
|
||||||
|
file:
|
||||||
|
path: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Unarchive HATop
|
||||||
|
unarchive:
|
||||||
|
src: "/var/cache/{{ haproxy_hatop_download_url | basename }}"
|
||||||
|
dest: "/opt"
|
||||||
|
copy: "no"
|
||||||
|
|
||||||
|
- name: Install HATop
|
||||||
|
command: "install -m 755 bin/hatop /usr/local/bin"
|
||||||
|
args:
|
||||||
|
chdir: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"
|
26
tasks/haproxy_install_yum.yml
Normal file
26
tasks/haproxy_install_yum.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Install yum packages
|
||||||
|
yum:
|
||||||
|
pkg: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items: haproxy_packages
|
||||||
|
tags:
|
||||||
|
- haproxy-yum-packages
|
@ -20,25 +20,42 @@
|
|||||||
sysctl_set: yes
|
sysctl_set: yes
|
||||||
state: present
|
state: present
|
||||||
when: haproxy_bind_on_non_local | bool
|
when: haproxy_bind_on_non_local | bool
|
||||||
|
tags:
|
||||||
|
- haproxy-base-config
|
||||||
|
- haproxy-config
|
||||||
|
|
||||||
- name: Drop base haproxy config
|
- name: Drop base haproxy config
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "haproxy.cfg.j2"
|
||||||
dest: "/etc/haproxy/haproxy.cfg"
|
dest: "/etc/haproxy/conf.d/00-haproxy"
|
||||||
with_items:
|
|
||||||
- haproxy.cfg.j2
|
|
||||||
notify: Restart haproxy
|
notify: Restart haproxy
|
||||||
tags:
|
tags:
|
||||||
- haproxy-base-config
|
- haproxy-base-config
|
||||||
|
- haproxy-config
|
||||||
|
|
||||||
- name: Drop haproxy logging config
|
- name: Drop haproxy logging config
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "haproxy-logging.cfg"
|
||||||
dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
|
dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
|
||||||
with_items:
|
|
||||||
- haproxy-logging.cfg
|
|
||||||
notify: Restart rsyslog
|
notify: Restart rsyslog
|
||||||
tags:
|
tags:
|
||||||
- haproxy-base-config
|
- haproxy-base-config
|
||||||
|
- haproxy-config
|
||||||
|
|
||||||
- include: haproxy_service_config.yml
|
- include: haproxy_service_config.yml
|
||||||
|
|
||||||
|
- name: Regenerate haproxy configuration
|
||||||
|
assemble:
|
||||||
|
src: "/etc/haproxy/conf.d"
|
||||||
|
dest: "/etc/haproxy/haproxy.cfg"
|
||||||
|
notify: Restart haproxy
|
||||||
|
tags:
|
||||||
|
- haproxy-base-config
|
||||||
|
- haproxy-config
|
||||||
|
|
||||||
|
- name: Enable haproxy services
|
||||||
|
service:
|
||||||
|
name: "haproxy"
|
||||||
|
enabled: "yes"
|
||||||
|
tags:
|
||||||
|
- haproxy-config
|
||||||
|
@ -13,11 +13,41 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
# NOTE(cloudnull):
|
||||||
|
# While the haproxy distro packages provide for an haproxy
|
||||||
|
# group this group is being created upfront to support
|
||||||
|
# log aggregation links as well as ensure common user
|
||||||
|
# functionality across various distros that we support.
|
||||||
|
- name: Create the haproxy system group
|
||||||
|
group:
|
||||||
|
name: "haproxy"
|
||||||
|
state: "present"
|
||||||
|
system: "yes"
|
||||||
|
tags:
|
||||||
|
- haproxy-group
|
||||||
|
|
||||||
|
# NOTE(cloudnull):
|
||||||
|
# While the haproxy distro packages provide for an haproxy
|
||||||
|
# user this user is being created upfront to support
|
||||||
|
# log aggregation links as well as ensure common user
|
||||||
|
# functionality across various distros that we support.
|
||||||
|
- name: Create the haproxy system user
|
||||||
|
user:
|
||||||
|
name: "haproxy"
|
||||||
|
group: "haproxy"
|
||||||
|
comment: "haproxy user"
|
||||||
|
shell: "/bin/false"
|
||||||
|
system: "yes"
|
||||||
|
createhome: "yes"
|
||||||
|
home: "/var/lib/haproxy"
|
||||||
|
tags:
|
||||||
|
- haproxy-user
|
||||||
|
|
||||||
- name: Test for log directory or link
|
- name: Test for log directory or link
|
||||||
shell: |
|
shell: |
|
||||||
if [ -h "/var/log/haproxy" ]; then
|
if [ -h "/var/log/haproxy" ]; then
|
||||||
chown -h syslog:adm "/var/log/haproxy"
|
chown -h haproxy:adm "/var/log/haproxy"
|
||||||
chown -R syslog:adm "$(readlink /var/log/haproxy)"
|
chown -R haproxy:adm "$(readlink /var/log/haproxy)"
|
||||||
else
|
else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -30,11 +60,9 @@
|
|||||||
|
|
||||||
- name: Create haproxy log dir
|
- name: Create haproxy log dir
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "/var/log/haproxy"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "{{ item.mode|default('0755') }}"
|
mode: "0755"
|
||||||
with_items:
|
|
||||||
- { path: "/var/log/haproxy" }
|
|
||||||
when: log_dir | changed
|
when: log_dir | changed
|
||||||
tags:
|
tags:
|
||||||
- haproxy-dirs
|
- haproxy-dirs
|
||||||
|
@ -42,6 +42,13 @@
|
|||||||
tags:
|
tags:
|
||||||
- haproxy-ssl
|
- haproxy-ssl
|
||||||
|
|
||||||
|
- name: Ensure the private ssl directory exists
|
||||||
|
file:
|
||||||
|
dest: "/etc/ssl/private"
|
||||||
|
state: "directory"
|
||||||
|
tags:
|
||||||
|
- haproxy-ssl
|
||||||
|
|
||||||
- name: Remove signed certs and keys for regen
|
- name: Remove signed certs and keys for regen
|
||||||
file:
|
file:
|
||||||
dest: "{{ haproxy_ssl_cert }}"
|
dest: "{{ haproxy_ssl_cert }}"
|
||||||
|
@ -13,10 +13,17 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- include: haproxy_pre_install.yml
|
- name: Gather variables for each operating system
|
||||||
|
include_vars: "{{ item }}"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
||||||
|
- "{{ ansible_distribution | lower }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- include: haproxy_add_ppa_repo.yml
|
- include: haproxy_pre_install.yml
|
||||||
when: haproxy_ssl | bool
|
|
||||||
|
|
||||||
- include: haproxy_install.yml
|
- include: haproxy_install.yml
|
||||||
|
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Package: *
|
|
||||||
Pin: release o=LP-PPA-vbernat-haproxy-1.5
|
|
||||||
Pin-Priority: 1001
|
|
18
vars/redhat-7.yml
Normal file
18
vars/redhat-7.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
haproxy_packages:
|
||||||
|
- haproxy
|
||||||
|
- rsyslog # Used for local logging
|
40
vars/ubuntu-14.04.yml
Normal file
40
vars/ubuntu-14.04.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## APT Cache options
|
||||||
|
cache_timeout: 600
|
||||||
|
|
||||||
|
haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu"
|
||||||
|
haproxy_repo:
|
||||||
|
repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main"
|
||||||
|
state: "present"
|
||||||
|
|
||||||
|
# Haproxy GPG Keys
|
||||||
|
haproxy_gpg_keys:
|
||||||
|
- key_name: 'haproxy'
|
||||||
|
keyserver: 'hkp://keyserver.ubuntu.com:80'
|
||||||
|
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
|
||||||
|
hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
|
||||||
|
|
||||||
|
haproxy_pre_packages:
|
||||||
|
- python-software-properties
|
||||||
|
- software-properties-common
|
||||||
|
- debconf-utils
|
||||||
|
|
||||||
|
haproxy_packages:
|
||||||
|
- haproxy
|
||||||
|
- rsyslog # Used for local logging
|
||||||
|
- vim-haproxy
|
||||||
|
- psmisc
|
28
vars/ubuntu-16.04.yml
Normal file
28
vars/ubuntu-16.04.yml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## APT Cache options
|
||||||
|
cache_timeout: 600
|
||||||
|
|
||||||
|
haproxy_pre_packages:
|
||||||
|
- python-software-properties
|
||||||
|
- software-properties-common
|
||||||
|
- debconf-utils
|
||||||
|
|
||||||
|
haproxy_packages:
|
||||||
|
- haproxy
|
||||||
|
- rsyslog # Used for local logging
|
||||||
|
- vim-haproxy
|
||||||
|
- psmisc
|
Loading…
Reference in New Issue
Block a user