ansible-role-haproxy

Ansible role haproxy

Install and configure haproxy on your system.

GitHub Version Issues Pull Requests Downloads
github Version Issues PullRequests Ansible Role

Example Playbook

This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.

---
- name: Converge
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: buluma.haproxy
      haproxy_frontends:
        - name: http
          address: "*"
          port: 80
          default_backend: backend
        - name: https
          address: "*"
          port: 443
          default_backend: backend
          ssl: true
          crts:
            - /tmp/haproxy.keycrt
        - name: smtp
          address: "*"
          port: 25
          default_backend: smtp
          mode: tcp
      haproxy_backend_default_balance: roundrobin
      haproxy_backends:
        - name: backend
          httpcheck: true
          # You can tell how the health check must be done.
          # This requires haproxy version 2
          # http_check:
          #   send:
          #     method: GET
          #     uri: /health.html
          #   expect: status 200
          balance: roundrobin
          # You can refer to hosts in an Ansible group.
          # The `ansible_default_ipv4` will be used as an address to connect to.
          servers: ""
          port: 8080
          options:
            - check
        - name: smtp
          balance: leastconn
          mode: tcp
          # You can also refer to a list of servers.
          servers:
            - name: first
              address: "127.0.0.1"
              port: 25
            - name: second
              address: "127.0.0.2"
              port: 25
          port: 25
        - name: vault
          mode: tcp
          httpcheck: GET /v1/sys/health HTTP/1.1
          servers: ""
          http_send_name_header: Host
          port: 8200
          options:
            - check
            - check-ssl
            - ssl verify none

      haproxy_listen_default_balance: roundrobin
      haproxy_listens:
        - name: listen
          address: "*"
          httpcheck: true
          listen_port: 8081
          balance: roundrobin
          # You can refer to hosts in an Ansible group.
          # The `ansible_default_ipv4` will be used as an address to connect to.
          servers: ""
          port: 8080
          options:
            - maxconn 100000

The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: true
  gather_facts: false

  roles:
    - role: buluma.bootstrap
    - role: buluma.core_dependencies
    - role: buluma.epel
    - role: buluma.buildtools
    - role: buluma.python_pip
    - role: buluma.openssl
      openssl_key_directory: /tmp
      openssl_items:
        - name: haproxy
          common_name: ""
    # This role is applied to serve as a mock "backend" server. See `molecule/default/verify.yml`.
    - role: buluma.httpd
      httpd_port: 8080

  vars:
    ansible_python_interpreter: /usr/bin/python3
    _httpd_data_directory:
      default: /var/www/html
      Alpine: /var/www/localhost/htdocs
      Suse: /srv/www/htdocs

    httpd_data_directory: ""
  post_tasks:
    - name: Place health check
      ansible.builtin.copy:
        content: 'ok'
        dest: "/health.html"

    - name: Place sample page
      ansible.builtin.copy:
        content: 'Hello world!'
        dest: "/index.html"

Also see a full explanation and example on how to use these roles.

Role Variables

The default values for the variables are set in defaults/main.yml:

---
# defaults file for haproxy

# Configure stats in HAProxy?
haproxy_stats: true
haproxy_stats_port: 1936
haproxy_stats_bind_addr: "0.0.0.0"

# Default setttings for HAProxy.
haproxy_retries: 3
haproxy_timeout_http_request: 10s
haproxy_timeout_connect: 10s
haproxy_timeout_client: 1m
haproxy_timeout_server: 1m
haproxy_timeout_http_keep_alive: 10s
haproxy_timeout_check: 10s
haproxy_maxconn: 3000

# A list of frontends. See `molecule/
haproxy_frontends: []
haproxy_backend_default_balance: roundrobin
haproxy_backends: []

# For the listening lists:
haproxy_listen_default_balance: roundrobin
haproxy_listens: []

Requirements

State of used roles

The following roles are used to prepare a system. You can prepare your system in another way.

Requirement GitHub Version
buluma.bootstrap Ansible Molecule Version
buluma.buildtools Ansible Molecule Version
buluma.core_dependencies Ansible Molecule Version
buluma.epel Ansible Molecule Version
buluma.httpd Ansible Molecule Version
buluma.openssl Ansible Molecule Version
buluma.python_pip Ansible Molecule Version

Context

This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles:

dependencies

Compatibility

This role has been tested on these container images:

container tags
EL 8, 9
Debian all
Fedora 38, 39, 40
opensuse all
Ubuntu jammy, focal, bionic, noble

The minimum version of Ansible required is 2.12, tests have been done to:

If you find issues, please register them in GitHub

Changelog

Role History

License

Apache-2.0

Author Information

Shadow Walker