7e4ecd10b3
Effectively haproxy_tls_vip_binds was influencing not only TLS-related binds but also non-TLS ones. It's naming was picked in a misleading way from start, as a lot of logic for the variable was around TLS implementation. Though it has a global effect and this should be reflected in it's name. Change-Id: I2f28d0ab033eff96cc2bc09db917bedb387013e8
74 lines
2.3 KiB
YAML
74 lines
2.3 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Regen pem # noqa: no-changed-when
|
|
shell: >-
|
|
cat {{ item_base_path ~ '.crt' }} $(test -f {{ item_base_path ~ '-ca.crt' }} &&
|
|
echo {{ item_base_path ~ '-ca.crt' }}) {{ item_base_path ~ '.key' }} > {{ item_base_path ~ '.pem' }}
|
|
vars:
|
|
item_interface: "{{ item['interface'] | default('') }}"
|
|
item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item_interface, item['address']) }}"
|
|
item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
|
|
with_items: "{{ haproxy_vip_binds }}"
|
|
listen:
|
|
- haproxy cert installed
|
|
|
|
- name: Regenerate maps
|
|
vars:
|
|
all_changed_results: "{{ (map_create.results + map_delete.results) | select('changed') }}"
|
|
assemble:
|
|
src: "/etc/haproxy/map.conf.d/{{ item }}"
|
|
dest: "/etc/haproxy/{{ item }}.map"
|
|
mode: "0640"
|
|
owner: haproxy
|
|
group: haproxy
|
|
with_items: "{{ all_changed_results | map(attribute='item') | flatten | selectattr('name', 'defined') | map(attribute='name') | unique }}"
|
|
|
|
- name: Regenerate haproxy configuration
|
|
assemble:
|
|
src: "/etc/haproxy/conf.d"
|
|
dest: "/etc/haproxy/haproxy.cfg"
|
|
validate: /usr/sbin/haproxy -c -f %s
|
|
mode: "0640"
|
|
owner: haproxy
|
|
group: haproxy
|
|
tags:
|
|
- haproxy-general-config
|
|
|
|
- name: Get package facts
|
|
package_facts:
|
|
manager: auto
|
|
listen: Restart rsyslog
|
|
|
|
- name: Restart rsyslog
|
|
service:
|
|
name: "rsyslog"
|
|
state: "restarted"
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
when:
|
|
- "'rsyslog' in ansible_facts.packages"
|
|
|
|
- name: Reload haproxy
|
|
service:
|
|
name: "haproxy"
|
|
state: "reloaded"
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
listen:
|
|
- Regen pem
|
|
- Regenerate maps
|
|
- Regenerate haproxy configuration
|