122 lines
2.4 KiB
YAML
122 lines
2.4 KiB
YAML
---
|
|
|
|
- name: save instacne id
|
|
get_url:
|
|
url: http://169.254.169.254/hetzner/v1/metadata/instance-id
|
|
dest: /usr/local/etc/instance-id
|
|
mode: '0755'
|
|
ignore_errors: true
|
|
check_mode: false
|
|
|
|
- name: make sure log dir exists
|
|
file:
|
|
state: directory
|
|
path: /var/log/haproxy
|
|
owner: root
|
|
group: syslog
|
|
mode: 0775
|
|
notify: restart rsyslog
|
|
|
|
- name: template rsyslog config
|
|
template:
|
|
src: 49-haproxy.conf.j2
|
|
dest: /etc/rsyslog.d/49-haproxy.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart rsyslog
|
|
|
|
- name: install haproxy+keepalived
|
|
apt:
|
|
name:
|
|
- haproxy
|
|
- keepalived
|
|
- heartbeat
|
|
state: present
|
|
update_cache: true
|
|
when: not skip_apt|default(false)
|
|
tags:
|
|
- packages
|
|
|
|
- name: allow ip forward if set
|
|
sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
state: present
|
|
with_items:
|
|
- name: net.ipv4.ip_forward
|
|
value: '1'
|
|
- name: net.ipv4.ip_nonlocal_bind
|
|
value: '1'
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
tags:
|
|
- haproxy.cfg
|
|
when: haproxy_ip_forward|default(false)
|
|
|
|
- name: template letsencrypt keys with privkey+pubkey in one file
|
|
template:
|
|
src: ssl-letsencrypt.pem.j2
|
|
dest: /etc/haproxy/ssl-{{ item }}.pem
|
|
owner: root
|
|
group: root
|
|
mode: 0664
|
|
no_log: true
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
tags:
|
|
- letsencrypt
|
|
notify: reload haproxy
|
|
with_items: "{{ letsencrypt_domains }}"
|
|
when: haproxy_letsencrypt|default(false)
|
|
|
|
- name: template haproxy config
|
|
template:
|
|
src: haproxy.cfg.j2
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- haproxy.cfg
|
|
notify: reload haproxy
|
|
|
|
|
|
- name: telegraf file
|
|
template:
|
|
src: telegraf-haproxy.conf.j2
|
|
dest: /etc/telegraf/telegraf.d/haproxy.conf
|
|
notify:
|
|
- restart telegraf
|
|
tags:
|
|
- telegraf
|
|
|
|
- name: template filebeat config
|
|
template:
|
|
src: filebeat-haproxy.yml.j2
|
|
dest: "/etc/filebeat/inputs.d/haproxy.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- filebeat
|
|
- filebeat-input
|
|
notify: restart filebeat
|
|
|
|
- name: enable haproxy and make sure its started
|
|
service:
|
|
name: haproxy
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: keep pacemaker and keepalived stopped for now
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: false
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
with_items:
|
|
- pacemaker
|
|
- keepalived
|