ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs
commit 3c5c6465d493eaf3d2424f57aa416a291b17b874
parent 7b53a15fe81a782aebc38acbdef53fabe0435295
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Sun, 29 Apr 2018 00:38:26 +0300

haproxy: Init haproxy role

At the moment this a bit 'hardcoded' for the services on host spinny

Diffstat:

ansible/inventory/host_vars/spinny/haproxy.yml | 3++-


ansible/roles/haproxy/handlers/main.yml | 6++++++


ansible/roles/haproxy/tasks/main.yml | 6++++++


ansible/roles/haproxy/templates/haproxy.cfg.j2 | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


4 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/ansible/inventory/host_vars/spinny/haproxy.yml b/ansible/inventory/host_vars/spinny/haproxy.yml
@@ -1,3 +1,4 @@
 ---
 
-haproxy__grafana_backend_port: 18083
+prosody__public_ip: '163.172.24.171'
+prosody__private_ip: '192.168.122.2'
diff --git a/ansible/roles/haproxy/handlers/main.yml b/ansible/roles/haproxy/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Reload haproxy
+  service:
+    name: haproxy
+    state: reloaded
diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+
+- template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+  notify: Reload haproxy
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -0,0 +1,69 @@
+global
+    log /dev/log	local0
+    log /dev/log	local1 notice
+    chroot /var/lib/haproxy
+    stats socket /run/haproxy/admin.sock mode 660 level admin
+    stats timeout 30s
+    user haproxy
+    group haproxy
+    daemon
+
+    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4
+    ssl-default-bind-options no-sslv3
+
+defaults
+    log	global
+    mode	http
+    option	httplog
+    option	dontlognull
+    option forwardfor
+    timeout connect 5000
+    timeout client  50000
+    timeout server  50000
+    errorfile 400 /etc/haproxy/errors/400.http
+    errorfile 403 /etc/haproxy/errors/403.http
+    errorfile 408 /etc/haproxy/errors/408.http
+    errorfile 500 /etc/haproxy/errors/500.http
+    errorfile 502 /etc/haproxy/errors/502.http
+    errorfile 503 /etc/haproxy/errors/503.http
+    errorfile 504 /etc/haproxy/errors/504.http
+
+frontend prosody
+    bind {{ prosody__public_ip }}:5222
+    mode tcp
+    default_backend prosody_backend
+
+backend prosody_backend
+    mode tcp
+    server prosody {{ prosody__private_ip }}:5222
+
+frontend prosody_muc
+    bind {{ prosody__public_ip }}:5269
+    mode tcp
+    default_backend prosody_muc
+
+backend prosody_muc
+    mode tcp
+    server prosody_muc {{ prosody__private_ip }}:5269
+
+frontend eighty
+    bind *:80
+    mode http
+    redirect scheme https if !{ ssl_fc }
+
+frontend ssl
+    bind *:443 ssl crt /etc/ssl/private/plothopes.com/plothopes.pem
+    mode http
+    http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload
+    http-request set-header X-Forwarded-Proto https if { ssl_fc }
+
+    use_backend local if { url_beg /.well-known }
+    use_backend plothopes if { hdr(host) -i plothopes.com -i www.plothopes.com }
+
+backend plothopes
+    mode http
+    server plothopes {{ plothopes__private_ip }}:{{ plothopes__port }} 
+
+backend local
+    mode http
+    server local 127.0.0.1:8080