# Ansible role: Haproxy [![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-haproxy/src/branch/master/LICENSE) Install and configure haproxy ## Requirements * Ansible >= 2.8 * Debian Buster ## Role variables - `haproxy_global` - hash with the global configuration ``` log-send-hostname: true chroot: /var/lib/haproxy pidfile: /var/run/haproxy.pid maxconn: 4096 user: haproxy group: haproxy daemon: true stats: socket /var/lib/haproxy/stats ``` - `haproxy_defaults` - hash with the defaults configurations ``` mode: http log: global option: - httplog - dontlognull - http-server-close - forwardfor except 127.0.0.0/8 - redispatch retries: 3 timeout: - http-request 10s - queue 1m - connect 10s - client 1m - server 1m - http-keep-alive 10s - check 10s maxconn: 4096 ``` - `haproxy_stats_username` - set the username to access stats interface (default: `admin`) - `haproxy_stats_password`- set the password to access stats interface (default: `secret`) - `haproxy_listen_stats` - hash with options for stats interface ``` bind: ip: 127.0.0.1 port: 9000 mode: http maxconn: 10 timeout: - client 30s - server 30s - connect 30s - queue 30s stats: - 'refresh 5s' - 'show-node' - 'realm Haproxy\ Statistics' - 'auth {{ haproxy_stats_username }}:{{ haproxy_stats_password }}' - 'uri /haproxy_stats' ``` - `haproxy_frontends` - hash with the frontends configuration ``` fontend-https: bind: ip: '*' port: 443 ssl: default_backend: backend-app frontend-http: bind: ip: '*' port: 80 mode: http option: - 'forwardfor except 127.0.0.0/8' - 'httplog' - 'http-server-close' acl: - acl_test1-https hdr(host) test1.example.net - acl_test2-https hdr(host) test2.example.net use_backend: - backend-app if acl_test1-https - backend-app if acl_test2-https ``` - `haproxy_backends` - hash with the backend configuration ``` backend-app: mode: http balance: roundrobin stick-table: type ip size 512k expire 30m stick: on src option: - 'ssl-hello-chk' - 'tcp-check' - 'log-health-checks' - 'forwardfor header X-Forwarded-For' server: - host1 127.0.0.1:80 check maxconn 1000 inter 15s - host2 127.0.0.1:80 check maxconn 1000 inter 15s ``` - `haproxy_ssl_certificates` - hash with ssl certificates to copy ``` example-com: | -----BEGIN CERTIFICATE----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDJZs7pOmgIjXqa /rZx2CL4pXTo4kKv+Itj3xfrq46r4DZKQJoCHqcs/bFjtCP89xJlvbrZVmxizFOF mfKiNat39GNgeUaTH23+N/FOAyphayOcFk+s4X6GbdxrkHqt9IBrfK0B88bYjL/m ..... ``` ## How to use ``` - hosts: server roles: - haproxy ``` ## Development ### Test syntax with yamllint * install `python` and `python-pip` * install yamllint `pip install yamllint` * run `yamllint .` ### Test syntax with ansible-lint * install `python` and `python-pip` * install yamllint `pip install ansible-lint` * run `ansible-lint .` ### Tests with docker * install [docker](https://docs.docker.com/engine/installation/) * install ruby * install bundler `gem install bundler` * install dependencies `bundle install` * run the tests `kitchen test` ## License ``` Copyright (c) 2019 Adrien Waksberg Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ```