library/roles/haproxy: Support floating IPs via net.ipv4.ip_nonlocal_bind. Enabled by default.
This commit is contained in:
parent
0653dfd8d0
commit
4c6df5199e
|
@ -6,6 +6,7 @@ haproxy_debian_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codena
|
||||||
haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
|
haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
|
||||||
haproxy_pkg_state: latest
|
haproxy_pkg_state: latest
|
||||||
haproxy_enabled: True
|
haproxy_enabled: True
|
||||||
|
haproxy_k_bind_non_local_ip: True
|
||||||
|
|
||||||
haproxy_default_port: 80
|
haproxy_default_port: 80
|
||||||
haproxy_terminate_tls: False
|
haproxy_terminate_tls: False
|
||||||
|
|
|
@ -40,20 +40,15 @@
|
||||||
register: install_haproxy
|
register: install_haproxy
|
||||||
tags: haproxy
|
tags: haproxy
|
||||||
|
|
||||||
- name: Ensure that haproxy is enabled and started
|
- name: Enable kernel binding non local IP addresses
|
||||||
service: name=haproxy state=started enabled=yes
|
sysctl: name={{ item }} value=1 reload=yes state=present
|
||||||
when: haproxy_enabled
|
with_items:
|
||||||
ignore_errors: True
|
- net.ipv4.ip_nonlocal_bind
|
||||||
tags: haproxy
|
when: haproxy_k_bind_non_local_ip
|
||||||
|
|
||||||
- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
|
- name: Disable kernel binding non local IP addresses
|
||||||
service: name=rsyslog state=restarted
|
sysctl: name={{ item }} value=0 reload=yes state=present
|
||||||
when:
|
with_items:
|
||||||
- haproxy_enabled
|
- net.ipv4.ip_nonlocal_bind
|
||||||
- ( install_haproxy | changed )
|
when: not haproxy_k_bind_non_local_ip
|
||||||
tags: haproxy
|
|
||||||
|
|
||||||
- name: Ensure that haproxy is stopped and disabled if needed
|
|
||||||
service: name=haproxy state=stopped enabled=no
|
|
||||||
when: not haproxy_enabled
|
|
||||||
tags: haproxy
|
|
||||||
|
|
|
@ -8,3 +8,21 @@
|
||||||
when:
|
when:
|
||||||
- haproxy_letsencrypt_managed
|
- haproxy_letsencrypt_managed
|
||||||
- letsencrypt_acme_install is defined
|
- letsencrypt_acme_install is defined
|
||||||
|
|
||||||
|
- name: Ensure that haproxy is enabled and started
|
||||||
|
service: name=haproxy state=started enabled=yes
|
||||||
|
when: haproxy_enabled
|
||||||
|
ignore_errors: True
|
||||||
|
tags: haproxy
|
||||||
|
|
||||||
|
- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
|
||||||
|
service: name=rsyslog state=restarted
|
||||||
|
when:
|
||||||
|
- haproxy_enabled
|
||||||
|
- ( install_haproxy | changed )
|
||||||
|
tags: haproxy
|
||||||
|
|
||||||
|
- name: Ensure that haproxy is stopped and disabled if needed
|
||||||
|
service: name=haproxy state=stopped enabled=no
|
||||||
|
when: not haproxy_enabled
|
||||||
|
tags: haproxy
|
||||||
|
|
Loading…
Reference in New Issue