From 4a9636fe3f59fbd61ced00be2f16a207901370a0 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 19 Dec 2017 17:58:31 +0100
Subject: [PATCH] haproxy: add a task that increases the dimension of the
 conntrack table.

---
 haproxy/defaults/main.yml         | 2 ++
 haproxy/tasks/haproxy-service.yml | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml
index 1ba41ab8..d837ca20 100644
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@@ -25,3 +25,5 @@ haproxy_nagios_check_c: 90
 haproxy_check_interval: 3s
 haproxy_backend_maxconn: 2048
 
+haproxy_sysctl_conntrack_max: 131072
+
diff --git a/haproxy/tasks/haproxy-service.yml b/haproxy/tasks/haproxy-service.yml
index 08471182..d211599b 100644
--- a/haproxy/tasks/haproxy-service.yml
+++ b/haproxy/tasks/haproxy-service.yml
@@ -45,10 +45,18 @@
   with_items:
     - net.ipv4.ip_nonlocal_bind
   when: haproxy_k_bind_non_local_ip
+  tags: [ 'haproxy', 'haproxy_sysctl' ]
 
 - name: Disable kernel binding non local IP addresses
   sysctl: name={{ item }} value=0 reload=yes state=present
   with_items:
     - net.ipv4.ip_nonlocal_bind
   when: not haproxy_k_bind_non_local_ip
+  tags: [ 'haproxy', 'haproxy_sysctl' ]
+
+- name: Increase the connection tracking table capacity
+  sysctl: name={{ item }} value={{ haproxy_sysctl_conntrack_max }} reload=yes state=present
+  with_items:
+    - net.nf_conntrack_max
+  tags: [ 'haproxy', 'haproxy_sysctl' ]