mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-24 22:11:23 +08:00
553da4b213
Allow port 443 connections from those proxies on mirrorlists. Add hosts entries for proxy10 and proxy01 that should allow ssl to work right. Will test this on one proxy/mirrorlist and move on to the others.
95 lines
2.3 KiB
YAML
95 lines
2.3 KiB
YAML
---
|
|
# Tasks to set up haproxy
|
|
|
|
- name: install needed packages
|
|
yum: pkg={{ item }} state=installed
|
|
with_items:
|
|
- haproxy
|
|
tags:
|
|
- packages
|
|
- haproxy
|
|
|
|
- name: install haproxy/cfg in prod
|
|
template: src={{ item.file }}
|
|
dest={{ item.dest }}
|
|
owner=root group=root mode=0600
|
|
with_items:
|
|
- { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
|
|
notify:
|
|
- restart haproxy
|
|
when: env != 'staging'
|
|
tags:
|
|
- haproxy
|
|
|
|
- name: install haproxy.cfg in stg
|
|
template: src={{ item.file }}
|
|
dest={{ item.dest }}
|
|
owner=root group=root mode=0600
|
|
with_items:
|
|
- { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }
|
|
when: env == 'staging'
|
|
notify:
|
|
- restart haproxy
|
|
tags:
|
|
- haproxy
|
|
|
|
- name: Make sure haproxy is awake and reporting for duty
|
|
service: name=haproxy state=started enabled=yes
|
|
tags:
|
|
- haproxy
|
|
|
|
- name: install limits.conf and 503.http
|
|
copy: src={{ item.file }}
|
|
dest={{ item.dest }}
|
|
owner=root group=root mode=0600
|
|
with_items:
|
|
- { file: limits.conf, dest: /etc/security/limits.conf }
|
|
- { file: 503.http, dest: /etc/haproxy/503.http }
|
|
tags:
|
|
- haproxy
|
|
|
|
- name: Install libsemanage-python so we can manage selinux with python...
|
|
yum: name=libsemanage-python state=installed
|
|
tags:
|
|
- haproxy
|
|
- selinux
|
|
|
|
- name: Turn on certain selinux booleans so haproxy can bind to ports
|
|
seboolean: name={{ item }} state=true persistent=true
|
|
with_items:
|
|
- haproxy_connect_any
|
|
tags:
|
|
- haproxy
|
|
- selinux
|
|
|
|
# These following four tasks are used for copying over our custom selinux
|
|
# module.
|
|
- name: ensure a directory exists for our custom selinux module
|
|
file: dest=/usr/share/haproxy state=directory
|
|
tags:
|
|
- haproxy
|
|
- selinux
|
|
|
|
- name: copy over our general haproxy selinux module
|
|
copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
|
|
register: fi_haproxy_module
|
|
tags:
|
|
- haproxy
|
|
- selinux
|
|
|
|
- name: check to see if its even installed yet
|
|
shell: semodule -l | grep fi-haproxy | wc -l
|
|
register: fi_haproxy_grep
|
|
always_run: true
|
|
changed_when: "'0' in fi_haproxy_grep.stdout"
|
|
tags:
|
|
- haproxy
|
|
- selinux
|
|
|
|
- name: install our general haproxy selinux module
|
|
command: semodule -i /usr/share/haproxy/fi-haproxy.pp
|
|
when: fi_haproxy_module|changed or fi_haproxy_grep|changed
|
|
tags:
|
|
- haproxy
|
|
- selinux
|