Change the kernel sysctl options when installing as a container too

tasks/haproxy-service.yml

@@ -44,24 +44,3 @@
   apt: name={{ haproxy_additional_pkgs }} state=latest update_cache=yes cache_valid_time=3600
   when: haproxy_install_additional_pkgs
 
-- name: Enable kernel binding non local IP addresses
-  sysctl: name={{ item }} value=1 reload=yes state=present
-  with_items:
-    - net.ipv4.ip_nonlocal_bind
-  when: haproxy_k_bind_non_local_ip
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-
-- name: Disable kernel binding non local IP addresses
-  sysctl: name={{ item }} value=0 reload=yes state=present
-  with_items:
-    - net.ipv4.ip_nonlocal_bind
-  when: not haproxy_k_bind_non_local_ip
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-
-- name: Increase the connection tracking table capacity
-  sysctl: name={{ item }} value={{ haproxy_sysctl_conntrack_max }} reload=yes state=present
-  with_items:
-    - net.nf_conntrack_max
-  when: is_not_debian9
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-

tasks/haproxy_sysctl.yml

@@ -0,0 +1,23 @@
+---
+- block:
+  - name: Enable kernel binding non local IP addresses
+    sysctl: name={{ item }} value=1 reload=yes state=present
+    with_items:
+      - net.ipv4.ip_nonlocal_bind
+    when: haproxy_k_bind_non_local_ip
+
+  - name: Increase the connection tracking table capacity
+    sysctl: name={{ item }} value={{ haproxy_sysctl_conntrack_max }} reload=yes state=present
+    with_items:
+      - net.nf_conntrack_max
+
+  tags: [ 'haproxy', 'haproxy_sysctl' ]
+
+- block:
+  - name: Disable kernel binding non local IP addresses
+    sysctl: name={{ item }} value=0 reload=yes state=present
+    with_items:
+      - net.ipv4.ip_nonlocal_bind
+
+  when: not haproxy_k_bind_non_local_ip
+  tags: [ 'haproxy', 'haproxy_sysctl' ]

tasks/main.yml

@@ -1,4 +1,5 @@
 ---
+- import_tasks: haproxy-sysctl.yml
 - import_tasks: haproxy-service.yml
   when: not haproxy_docker_container
 - import_tasks: haproxy-letsencrypt-acme-sh.yml