From 62193883ee4f9b28195153def66a76095759110a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 23 Oct 2015 16:03:11 +0200 Subject: [PATCH] library/roles/haproxy: list of web resources to configuration hints. --- haproxy/README | 26 ++++++++++++++++++++++++++ haproxy/defaults/main.yml | 2 ++ haproxy/tasks/main.yml | 18 +++++++++++------- 3 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 haproxy/README diff --git a/haproxy/README b/haproxy/README new file mode 100644 index 0000000..749369e --- /dev/null +++ b/haproxy/README @@ -0,0 +1,26 @@ +# +# The user of this role will need to write a haproxy.cfg template and install it with a dedicated task. Something like + +- name: Configure haproxy + template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg owner=root group=haproxy mode=0440 + notify: Reload haproxy + tags: [ 'haproxy', 'haproxy_conf' ] + +# +# Very complex setup that involves varnish. Taken here: +# https://alohalb.wordpress.com/2012/08/25/haproxy-varnish-and-the-single-hostname-website/ +# For a ssl setup, check here: +# http://seanmcgary.com/posts/using-sslhttps-with-haproxy +# https://alohalb.wordpress.com/haproxy/haproxy-and-ssl/ +# https://alohalb.wordpress.com/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load-balancer-haproxy/ +# http://blog.haproxy.com/2015/05/06/haproxys-load-balancing-algorithm-for-static-content-delivery-with-varnish/ +# http://blog.haproxy.com/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ +# https://serversforhackers.com/using-ssl-certificates-with-haproxy +# +# Session management workarounds: +# http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ +# http://serverfault.com/questions/439445/haproxy-my-sessions-are-sort-of-sticky +# +# Hints to protect from DDOS or too many legitimate requests +# http://www.loadbalancer.org/de/blog/black-friday-black-out-protection-with-haproxy +# \ No newline at end of file diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml index cbb8588..b6beafc 100644 --- a/haproxy/defaults/main.yml +++ b/haproxy/defaults/main.yml @@ -2,6 +2,8 @@ haproxy_latest_release: True haproxy_version: 1.5 haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main" +# For Ubuntu: +# haproxy_latest_repo: "ppa:vbernat/haproxy-1.5" haproxy_pkg_state: latest haproxy_enabled: True diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index ddcd76a..915a767 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -6,16 +6,11 @@ tags: haproxy - name: Define the haproxy repository - apt_repository: repo='{{ haproxy_latest_repo }}' state=present + apt_repository: repo='{{ haproxy_latest_repo }}' state=present update_cache=yes when: haproxy_latest_release register: haproxy_repo tags: haproxy -- name: Update the apt cache if needed - apt: update_cache=yes - when: ( haproxy_repo | changed ) - tags: haproxy - - name: Install the haproxy package apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports when: not haproxy_latest_release @@ -23,7 +18,16 @@ - name: Install the haproxy package apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }} - when: haproxy_latest_release + when: + - haproxy_latest_release + - is_debian + tags: haproxy + +- name: Install the haproxy package + apt: name=haproxy state=latest + when: + - haproxy_latest_release + - is_ubuntu tags: haproxy - name: Ensure that haproxy is enabled and started