| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- ---
- - name: Ensure HAProxy is deployed
- hosts: servera.lab.example.com
- gather_facts: false
- become: true
- tasks:
- - name: the haproxy package is installed
- yum:
- name: haproxy
- state: present
- - name: the /etc/pki/haproxy directory exists
- file:
- path: /etc/pki/haproxy
- state: directory
- owner: root
- mode: '700'
- - name: the SSL file for HTTPS termination is deployed
- assemble:
- src: files
- remote_src: false
- regexp: "^servera\\.lab\\.example\\.com\\.(crt|key)$"
- dest: /etc/pki/haproxy/haproxy.pem
- notify: restart haproxy
- - name: the HAProxy configuration file is deployed
- copy:
- src: files/haproxy.cfg
- dest: /etc/haproxy/haproxy.cfg
- notify: restart haproxy
- - name: SELinux allows HAProxy to connect to remote port 6081
- seboolean:
- name: haproxy_connect_any
- state: true
- persistent: true
- - name: the haproxy service is started and enabled
- service:
- name: haproxy
- state: started
- enabled: yes
- - name: the https firewall service is opened
- firewalld:
- service: https
- state: enabled
- immediate: yes
- permanent: yes
- handlers:
- - name: restart haproxy
- service:
- name: haproxy
- state: restarted
|
