library/roles/haproxy: Support floating IPs via net.ipv4.ip_nonlocal_bind. Enabled by default.

2016-07-05 12:45:01 +02:00 · 2016-07-05 12:45:01 +02:00 · 4c6df5199e
parent 0653dfd8d0
commit 4c6df5199e
3 changed files with 29 additions and 15 deletions
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@ -6,6 +6,7 @@ haproxy_debian_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codena
 haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
 haproxy_pkg_state: latest
 haproxy_enabled: True
+haproxy_k_bind_non_local_ip: True

 haproxy_default_port: 80
 haproxy_terminate_tls: False
--- a/haproxy/tasks/haproxy-service.yml
+++ b/haproxy/tasks/haproxy-service.yml
@ -40,20 +40,15 @@
  register: install_haproxy
  tags: haproxy

- name: Ensure that haproxy is enabled and started
-  service: name=haproxy state=started enabled=yes
-  when: haproxy_enabled
-  ignore_errors: True
-  tags: haproxy
+- name: Enable kernel binding non local IP addresses
+  sysctl: name={{ item }} value=1 reload=yes state=present
+  with_items:
+    - net.ipv4.ip_nonlocal_bind
+  when: haproxy_k_bind_non_local_ip

- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
-  service: name=rsyslog state=restarted
-  when:
-    - haproxy_enabled
-    - ( install_haproxy | changed )
-  tags: haproxy
+- name: Disable kernel binding non local IP addresses
+  sysctl: name={{ item }} value=0 reload=yes state=present
+  with_items:
+    - net.ipv4.ip_nonlocal_bind
+  when: not haproxy_k_bind_non_local_ip

- name: Ensure that haproxy is stopped and disabled if needed
-  service: name=haproxy state=stopped enabled=no
-  when: not haproxy_enabled
-  tags: haproxy
--- a/haproxy/tasks/main.yml
+++ b/haproxy/tasks/main.yml
@ -8,3 +8,21 @@
  when:
    - haproxy_letsencrypt_managed
    - letsencrypt_acme_install is defined
+
+- name: Ensure that haproxy is enabled and started
+  service: name=haproxy state=started enabled=yes
+  when: haproxy_enabled
+  ignore_errors: True
+  tags: haproxy
+
+- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
+  service: name=rsyslog state=restarted
+  when:
+    - haproxy_enabled
+    - ( install_haproxy | changed )
+  tags: haproxy
+
+- name: Ensure that haproxy is stopped and disabled if needed
+  service: name=haproxy state=stopped enabled=no
+  when: not haproxy_enabled
+  tags: haproxy