diff --git a/defaults/main.yml b/defaults/main.yml index 749dc05..61ceebe 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,41 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Defines that the role will be deployed on a host machine -is_metal: true - -## APT Cache options -cache_timeout: 600 - -haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu" -haproxy_apt_repo: - repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main" - state: "present" - -# Haproxy GPG Keys -haproxy_gpg_keys: - - key_name: 'haproxy' - keyserver: 'hkp://keyserver.ubuntu.com:80' - fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80' - hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd' - -haproxy_pre_apt_packages: - - python-software-properties - - software-properties-common - - debconf-utils - -haproxy_apt_packages: - - haproxy - - hatop - - rsyslog # Used for local logging - - vim-haproxy - - psmisc - ## Haproxy Configuration haproxy_rise: 3 haproxy_fall: 3 haproxy_interval: 12000 +## Haproxy standard API +haproxy_repo: {} +haproxy_gpg_keys: [] +haproxy_pre_packages: [] +haproxy_packages: [] +haproxy_pinned_packages: [] + ## Haproxy Stats haproxy_stats_enabled: False haproxy_stats_bind_address: 127.0.0.1 @@ -84,3 +61,5 @@ haproxy_ssl_pem: /etc/ssl/private/haproxy.pem haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}" + +haproxy_hatop_download_url: "http://hatop.googlecode.com/files/hatop-0.7.7.tar.gz" diff --git a/files/haproxy.default b/files/haproxy.default index 2da23cf..88c7e49 100644 --- a/files/haproxy.default +++ b/files/haproxy.default @@ -1,8 +1,2 @@ # Set ENABLED to 1 if you want the init script to start haproxy. ENABLED=1 - -# Add extra flags here. -#EXTRAOPTS="-de -m 16" - -# Conf.d style configuration dir. Init script has been hacked to support this. -CONFIG_DIR=/etc/haproxy/conf.d diff --git a/files/haproxy.sh b/files/haproxy.sh deleted file mode 100644 index 5f76cfc..0000000 --- a/files/haproxy.sh +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: haproxy -# Required-Start: $local_fs $network $remote_fs -# Required-Stop: $local_fs $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: fast and reliable load balancing reverse proxy -# Description: This file should be used to start and stop haproxy. -### END INIT INFO - -# Author: Arnaud Cornet - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -PIDFILE=/var/run/haproxy.pid -CONFIG=/etc/haproxy/haproxy.cfg -HAPROXY=/usr/sbin/haproxy -EXTRAOPTS= -ENABLED=0 - -test -x $HAPROXY || exit 0 - -if [ -e /etc/default/haproxy ]; then - . /etc/default/haproxy -fi - -test -f "$CONFIG" || exit 0 -test "$ENABLED" != "0" || exit 0 - -[ -f /etc/default/rcS ] && . /etc/default/rcS -. /lib/lsb/init-functions - -CONFIG_DIR_FILES="" -if [ ! -z "$CONFIG_DIR" ]; then - for file in $CONFIG_DIR/*; do - CONFIG_DIR_FILES="$CONFIG_DIR_FILES -f $file" - done -fi - -haproxy_start() -{ - start-stop-daemon --start --pidfile "$PIDFILE" \ - --exec $HAPROXY -- -f "$CONFIG" $CONFIG_DIR_FILES -D -p "$PIDFILE" \ - $EXTRAOPTS || return 2 - return 0 -} - -haproxy_stop() -{ - if [ ! -f $PIDFILE ] ; then - # This is a success according to LSB - return 0 - fi - for pid in $(cat $PIDFILE) ; do - /bin/kill $pid || return 4 - done - rm -f $PIDFILE - return 0 -} - -haproxy_reload() -{ - $HAPROXY -f "$CONFIG" $CONFIG_DIR_FILES -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \ - || return 2 - return 0 -} - -haproxy_status() -{ - if [ ! -f $PIDFILE ] ; then - # program not running - return 3 - fi - - for pid in $(cat $PIDFILE) ; do - if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then - # program running, bogus pidfile - return 1 - fi - done - - return 0 -} - - -case "$1" in -start) - log_daemon_msg "Starting haproxy" "haproxy" - haproxy_start - ret=$? - case "$ret" in - 0) - log_end_msg 0 - ;; - 1) - log_end_msg 1 - echo "pid file '$PIDFILE' found, haproxy not started." - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -stop) - log_daemon_msg "Stopping haproxy" "haproxy" - haproxy_stop - ret=$? - case "$ret" in - 0|1) - log_end_msg 0 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -reload|force-reload) - log_daemon_msg "Reloading haproxy" "haproxy" - haproxy_reload - ret=$? - case "$ret" in - 0|1) - log_end_msg 0 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -restart) - log_daemon_msg "Restarting haproxy" "haproxy" - haproxy_stop - haproxy_start - ret=$? - case "$ret" in - 0) - log_end_msg 0 - ;; - 1) - log_end_msg 1 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -status) - haproxy_status - ret=$? - case "$ret" in - 0) - echo "haproxy is running." - ;; - 1) - echo "haproxy dead, but $PIDFILE exists." - ;; - *) - echo "haproxy not running." - ;; - esac - exit $ret - ;; -*) - echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}" - exit 2 - ;; -esac diff --git a/meta/main.yml b/meta/main.yml index 39a9abe..decbedb 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -23,10 +23,20 @@ galaxy_info: - name: Ubuntu versions: - trusty + - xenial + - name: EL + versions: + - 7 categories: - cloud - python - development - openstack dependencies: - - apt_package_pinning + - role: apt_package_pinning + apt_pinned_packages: [{ package: "*", release: LP-PPA-vbernat-haproxy-1.5, priority: "1001" }] + apt_package_pinning_file_name: "haproxy_pin.pref" + when: + - ansible_pkg_mgr == 'apt' + - haproxy_ssl | bool + - ansible_distribution_version | version_compare('16.04', '<') diff --git a/tasks/haproxy_add_ppa_repo.yml b/tasks/haproxy_add_ppa_repo.yml index fab2efe..f7cc6c0 100644 --- a/tasks/haproxy_add_ppa_repo.yml +++ b/tasks/haproxy_add_ppa_repo.yml @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE(cloudnull) This file can be removed when we drop 14.04 support + #TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache #when https://github.com/ansible/ansible-modules-core/pull/1517 is merged #in 1.9.x or we move to 2.0 (if tested working) @@ -38,7 +40,7 @@ until: install_packages|success retries: 5 delay: 2 - with_items: haproxy_pre_apt_packages + with_items: "{{ haproxy_pre_packages }}" tags: - haproxy-pre-apt-packages @@ -54,7 +56,7 @@ ignore_errors: True retries: 5 delay: 2 - with_items: haproxy_gpg_keys + with_items: "{{ haproxy_gpg_keys }}" tags: - haproxy-apt-keys @@ -68,25 +70,18 @@ until: add_keys_fallback|success retries: 5 delay: 2 - with_items: haproxy_gpg_keys + with_items: "{{ haproxy_gpg_keys }}" when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined) tags: - haproxy-apt-keys -- name: Drop haproxy repo pin - template: - src: "haproxy_pin.pref.j2" - dest: "/etc/apt/preferences.d/haproxy_pin.pref" - owner: "root" - group: "root" - mode: "0644" - tags: - - haproxy-repo-pin - - name: Add haproxy repo(s) apt_repository: - repo: "{{ haproxy_apt_repo.repo }}" - state: "{{ haproxy_apt_repo.state }}" + repo: "{{ haproxy_repo.repo }}" + state: "{{ haproxy_repo.state }}" + when: + - haproxy_repo.repo is defined + - haproxy_repo.state is defined register: add_repos until: add_repos|success retries: 5 diff --git a/tasks/haproxy_install.yml b/tasks/haproxy_install.yml index 6ee6793..68773ba 100644 --- a/tasks/haproxy_install.yml +++ b/tasks/haproxy_install.yml @@ -13,54 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache -#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged -#in 1.9.x or we move to 2.0 (if tested working) -- name: Check apt last update file - stat: - path: /var/cache/apt - register: apt_cache_stat +- include: haproxy_install_apt.yml + when: + - ansible_pkg_mgr == 'apt' tags: - - haproxy-apt-packages + - install-apt -- name: Update apt if needed - apt: - update_cache: yes - when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" +- include: haproxy_install_yum.yml + when: + - ansible_pkg_mgr == 'yum' tags: - - haproxy-apt-packages + - install-yum -- name: Install HAProxy Packages - apt: - pkg: "{{ item }}" - state: latest - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: haproxy_apt_packages - tags: - - haproxy-apt-packages +- include: haproxy_install_hatop.yml -- name: Replace haproxy DEFAULT file - copy: - src: haproxy.default - dest: /etc/default/haproxy - tags: - - haproxy-config - -- name: Replace haproxy init script to allow conf.d - copy: - src: haproxy.sh - dest: /etc/init.d/haproxy - mode: "0755" - tags: - - haproxy-config - -- name: Create haproxy conf.d +- name: Create haproxy conf.d dir file: - path: /etc/haproxy/conf.d + path: "{{ item.path }}" state: directory - recurse: yes + mode: "0755" + with_items: + - { path: "/etc/haproxy" } + - { path: "/etc/haproxy/conf.d" } tags: - haproxy-config diff --git a/tasks/haproxy_install_apt.yml b/tasks/haproxy_install_apt.yml new file mode 100644 index 0000000..5eaec60 --- /dev/null +++ b/tasks/haproxy_install_apt.yml @@ -0,0 +1,59 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE(cloudnull) This can be removed when we drop 14.04 support +- include: haproxy_add_ppa_repo.yml + when: + - haproxy_ssl | bool + - ansible_distribution_version | version_compare('16.04', '<') + +#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache +#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged +#in 1.9.x or we move to 2.0 (if tested working) +- name: Check apt last update file + stat: + path: /var/cache/apt + register: apt_cache_stat + tags: + - haproxy-apt-packages + +- name: Update apt if needed + apt: + update_cache: yes + when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" + tags: + - haproxy-apt-packages + +- name: Install HAProxy Packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: haproxy_packages + tags: + - haproxy-apt-packages + +# NOTE(cloudnull) This can be removed when we drop 14.04 support +- name: Replace haproxy DEFAULT file + copy: + src: haproxy.default + dest: /etc/default/haproxy + when: + - ansible_distribution_version | version_compare('16.04', '<') + tags: + - haproxy-config \ No newline at end of file diff --git a/tasks/haproxy_install_hatop.yml b/tasks/haproxy_install_hatop.yml new file mode 100644 index 0000000..813826c --- /dev/null +++ b/tasks/haproxy_install_hatop.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Download HATop + get_url: + url: "{{ haproxy_hatop_download_url }}" + dest: "/var/cache/{{ haproxy_hatop_download_url | basename }}" + force: yes + +- name: Create HATop directory + file: + path: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}" + state: directory + +- name: Unarchive HATop + unarchive: + src: "/var/cache/{{ haproxy_hatop_download_url | basename }}" + dest: "/opt" + copy: "no" + +- name: Install HATop + command: "install -m 755 bin/hatop /usr/local/bin" + args: + chdir: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}" diff --git a/tasks/haproxy_install_yum.yml b/tasks/haproxy_install_yum.yml new file mode 100644 index 0000000..8d495fa --- /dev/null +++ b/tasks/haproxy_install_yum.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install yum packages + yum: + pkg: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: haproxy_packages + tags: + - haproxy-yum-packages diff --git a/tasks/haproxy_post_install.yml b/tasks/haproxy_post_install.yml index d5d740a..6b16301 100644 --- a/tasks/haproxy_post_install.yml +++ b/tasks/haproxy_post_install.yml @@ -20,25 +20,42 @@ sysctl_set: yes state: present when: haproxy_bind_on_non_local | bool + tags: + - haproxy-base-config + - haproxy-config - name: Drop base haproxy config template: - src: "{{ item }}" - dest: "/etc/haproxy/haproxy.cfg" - with_items: - - haproxy.cfg.j2 + src: "haproxy.cfg.j2" + dest: "/etc/haproxy/conf.d/00-haproxy" notify: Restart haproxy tags: - haproxy-base-config + - haproxy-config - name: Drop haproxy logging config copy: - src: "{{ item }}" + src: "haproxy-logging.cfg" dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf" - with_items: - - haproxy-logging.cfg notify: Restart rsyslog tags: - haproxy-base-config + - haproxy-config - include: haproxy_service_config.yml + +- name: Regenerate haproxy configuration + assemble: + src: "/etc/haproxy/conf.d" + dest: "/etc/haproxy/haproxy.cfg" + notify: Restart haproxy + tags: + - haproxy-base-config + - haproxy-config + +- name: Enable haproxy services + service: + name: "haproxy" + enabled: "yes" + tags: + - haproxy-config diff --git a/tasks/haproxy_pre_install.yml b/tasks/haproxy_pre_install.yml index 1476b27..41a33e3 100644 --- a/tasks/haproxy_pre_install.yml +++ b/tasks/haproxy_pre_install.yml @@ -13,11 +13,41 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE(cloudnull): +# While the haproxy distro packages provide for an haproxy +# group this group is being created upfront to support +# log aggregation links as well as ensure common user +# functionality across various distros that we support. +- name: Create the haproxy system group + group: + name: "haproxy" + state: "present" + system: "yes" + tags: + - haproxy-group + +# NOTE(cloudnull): +# While the haproxy distro packages provide for an haproxy +# user this user is being created upfront to support +# log aggregation links as well as ensure common user +# functionality across various distros that we support. +- name: Create the haproxy system user + user: + name: "haproxy" + group: "haproxy" + comment: "haproxy user" + shell: "/bin/false" + system: "yes" + createhome: "yes" + home: "/var/lib/haproxy" + tags: + - haproxy-user + - name: Test for log directory or link shell: | if [ -h "/var/log/haproxy" ]; then - chown -h syslog:adm "/var/log/haproxy" - chown -R syslog:adm "$(readlink /var/log/haproxy)" + chown -h haproxy:adm "/var/log/haproxy" + chown -R haproxy:adm "$(readlink /var/log/haproxy)" else exit 1 fi @@ -30,11 +60,9 @@ - name: Create haproxy log dir file: - path: "{{ item.path }}" + path: "/var/log/haproxy" state: directory - mode: "{{ item.mode|default('0755') }}" - with_items: - - { path: "/var/log/haproxy" } + mode: "0755" when: log_dir | changed tags: - haproxy-dirs diff --git a/tasks/haproxy_ssl_configuration.yml b/tasks/haproxy_ssl_configuration.yml index 18ec80b..05edfee 100644 --- a/tasks/haproxy_ssl_configuration.yml +++ b/tasks/haproxy_ssl_configuration.yml @@ -42,6 +42,13 @@ tags: - haproxy-ssl +- name: Ensure the private ssl directory exists + file: + dest: "/etc/ssl/private" + state: "directory" + tags: + - haproxy-ssl + - name: Remove signed certs and keys for regen file: dest: "{{ haproxy_ssl_cert }}" diff --git a/tasks/main.yml b/tasks/main.yml index 3b00de4..7403ef8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,10 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: haproxy_pre_install.yml +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always -- include: haproxy_add_ppa_repo.yml - when: haproxy_ssl | bool +- include: haproxy_pre_install.yml - include: haproxy_install.yml diff --git a/templates/haproxy_pin.pref.j2 b/templates/haproxy_pin.pref.j2 deleted file mode 100644 index f2ed22f..0000000 --- a/templates/haproxy_pin.pref.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: * -Pin: release o=LP-PPA-vbernat-haproxy-1.5 -Pin-Priority: 1001 diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 0000000..30cff80 --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +haproxy_packages: + - haproxy + - rsyslog # Used for local logging diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml new file mode 100644 index 0000000..27cea2b --- /dev/null +++ b/vars/ubuntu-14.04.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu" +haproxy_repo: + repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main" + state: "present" + +# Haproxy GPG Keys +haproxy_gpg_keys: + - key_name: 'haproxy' + keyserver: 'hkp://keyserver.ubuntu.com:80' + fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80' + hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd' + +haproxy_pre_packages: + - python-software-properties + - software-properties-common + - debconf-utils + +haproxy_packages: + - haproxy + - rsyslog # Used for local logging + - vim-haproxy + - psmisc diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml new file mode 100644 index 0000000..ae85e07 --- /dev/null +++ b/vars/ubuntu-16.04.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +haproxy_pre_packages: + - python-software-properties + - software-properties-common + - debconf-utils + +haproxy_packages: + - haproxy + - rsyslog # Used for local logging + - vim-haproxy + - psmisc