blob: 6c41747b7fb933c8d875f106463ee6b3ee542414 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
---
# Tasks to set up haproxy
- name: install needed packages
yum: pkg={{ item }} state=installed
with_items:
- haproxy
tags:
- packages
- haproxy
- name: install haproxy/cfg in prod
template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
notify:
- restart haproxy
when: env != 'staging'
tags:
- haproxy
- name: install haproxy.cfg in stg
template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }
when: env == 'staging'
notify:
- restart haproxy
tags:
- haproxy
- name: Make sure haproxy is awake and reporting for duty
service: name=haproxy state=started enabled=yes
tags:
- haproxy
- name: install limits.conf and 503.http
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: limits.conf, dest: /etc/security/limits.conf }
- { file: 503.http, dest: /etc/haproxy/503.http }
tags:
- haproxy
- name: Install libsemanage-python so we can manage selinux with python...
yum: name=libsemanage-python state=installed
tags:
- haproxy
- selinux
- name: Turn on certain selinux booleans so haproxy can bind to ports
seboolean: name={{ item }} state=true persistent=true
with_items:
- haproxy_connect_any
tags:
- haproxy
- selinux
# These following four tasks are used for copying over our custom selinux
# module.
- name: ensure a directory exists for our custom selinux module
file: dest=/usr/share/haproxy state=directory
tags:
- haproxy
- selinux
- name: copy over our general haproxy selinux module
copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
register: fi_haproxy_module
tags:
- haproxy
- selinux
- name: check to see if its even installed yet
shell: semodule -l | grep fi-haproxy | wc -l
register: fi_haproxy_grep
always_run: true
changed_when: "'0' in fi_haproxy_grep.stdout"
tags:
- haproxy
- selinux
- name: install our general haproxy selinux module
command: semodule -i /usr/share/haproxy/fi-haproxy.pp
when: fi_haproxy_module|changed or fi_haproxy_grep|changed
tags:
- haproxy
- selinux
|
