library/roles/haproxy: list of web resources to configuration hints.

This commit is contained in:
Andrea Dell'Amico 2015-10-23 16:03:11 +02:00
parent aa1ad48c46
commit 62193883ee
3 changed files with 39 additions and 7 deletions

26
haproxy/README Normal file
View File

@ -0,0 +1,26 @@
#
# The user of this role will need to write a haproxy.cfg template and install it with a dedicated task. Something like
- name: Configure haproxy
template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg owner=root group=haproxy mode=0440
notify: Reload haproxy
tags: [ 'haproxy', 'haproxy_conf' ]
#
# Very complex setup that involves varnish. Taken here:
# https://alohalb.wordpress.com/2012/08/25/haproxy-varnish-and-the-single-hostname-website/
# For a ssl setup, check here:
# http://seanmcgary.com/posts/using-sslhttps-with-haproxy
# https://alohalb.wordpress.com/haproxy/haproxy-and-ssl/
# https://alohalb.wordpress.com/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load-balancer-haproxy/
# http://blog.haproxy.com/2015/05/06/haproxys-load-balancing-algorithm-for-static-content-delivery-with-varnish/
# http://blog.haproxy.com/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
# https://serversforhackers.com/using-ssl-certificates-with-haproxy
#
# Session management workarounds:
# http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
# http://serverfault.com/questions/439445/haproxy-my-sessions-are-sort-of-sticky
#
# Hints to protect from DDOS or too many legitimate requests
# http://www.loadbalancer.org/de/blog/black-friday-black-out-protection-with-haproxy
#

View File

@ -2,6 +2,8 @@
haproxy_latest_release: True haproxy_latest_release: True
haproxy_version: 1.5 haproxy_version: 1.5
haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main" haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main"
# For Ubuntu:
# haproxy_latest_repo: "ppa:vbernat/haproxy-1.5"
haproxy_pkg_state: latest haproxy_pkg_state: latest
haproxy_enabled: True haproxy_enabled: True

View File

@ -6,16 +6,11 @@
tags: haproxy tags: haproxy
- name: Define the haproxy repository - name: Define the haproxy repository
apt_repository: repo='{{ haproxy_latest_repo }}' state=present apt_repository: repo='{{ haproxy_latest_repo }}' state=present update_cache=yes
when: haproxy_latest_release when: haproxy_latest_release
register: haproxy_repo register: haproxy_repo
tags: haproxy tags: haproxy
- name: Update the apt cache if needed
apt: update_cache=yes
when: ( haproxy_repo | changed )
tags: haproxy
- name: Install the haproxy package - name: Install the haproxy package
apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports
when: not haproxy_latest_release when: not haproxy_latest_release
@ -23,7 +18,16 @@
- name: Install the haproxy package - name: Install the haproxy package
apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }} apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }}
when: haproxy_latest_release when:
- haproxy_latest_release
- is_debian
tags: haproxy
- name: Install the haproxy package
apt: name=haproxy state=latest
when:
- haproxy_latest_release
- is_ubuntu
tags: haproxy tags: haproxy
- name: Ensure that haproxy is enabled and started - name: Ensure that haproxy is enabled and started