Ivan Reshetnikov
fe8529bfa9
- Add role arguments - Open port 8448 for s2s connections - Make openid and turn server optional
71 lines
1.8 KiB
YAML
71 lines
1.8 KiB
YAML
---
|
|
- name: Create haproxy docker network
|
|
become: true
|
|
community.docker.docker_network:
|
|
name: haproxy
|
|
- name: Create haproxy dirs
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: "1755"
|
|
owner: root
|
|
group: root
|
|
loop:
|
|
- /etc/haproxy
|
|
- /etc/haproxy/errors
|
|
- name: Copy haproxy config to a temporary location
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: haproxy.cfg
|
|
dest: /tmp/haproxy.cfg
|
|
- name: Validate haproxy config
|
|
become: true
|
|
community.docker.docker_container:
|
|
name: haproxy-config-test
|
|
image: "{{ haproxy_image }}"
|
|
command: haproxy -c -f /tmp/haproxy.cfg
|
|
networks:
|
|
- name: haproxy
|
|
volumes:
|
|
- /tmp/haproxy.cfg:/tmp/haproxy.cfg
|
|
- /etc/haproxy/certs:/usr/local/etc/haproxy/certs:ro
|
|
detach: no
|
|
- name: Remove temporary container
|
|
become: true
|
|
community.docker.docker_container:
|
|
name: haproxy-config-test
|
|
state: absent
|
|
- name: Copy haproxy config
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: haproxy.cfg
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
register: haproxy
|
|
- name: Copy errors
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: errors/{{ item }}.http
|
|
dest: /etc/haproxy/errors/{{ item }}.http
|
|
loop: [400, 403, 408, 500, 502, 503, 504]
|
|
- name: Create haproxy container
|
|
become: true
|
|
community.docker.docker_container:
|
|
name: haproxy
|
|
image: "{{ haproxy_image }}"
|
|
networks:
|
|
- name: haproxy
|
|
volumes:
|
|
- /etc/haproxy:/usr/local/etc/haproxy:ro
|
|
sysctls:
|
|
net.ipv4.ip_unprivileged_port_start: 0
|
|
ports:
|
|
- "80:80"
|
|
- "389:389"
|
|
- "443:443"
|
|
- "8448:8448"
|
|
restart_policy: unless-stopped
|
|
- name: Reload haproxy
|
|
become: true
|
|
when: haproxy.changed
|
|
ansible.builtin.shell: docker kill -s HUP haproxy
|