35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
|
---
|
||
|
|
- name: haproxy | ensure certs directory
|
||
|
|
file:
|
||
|
|
path: '{{ item }}'
|
||
|
|
state: directory
|
||
|
|
mode: '0755'
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
with_items:
|
||
|
|
- '/etc/haproxy/ssl/certs'
|
||
|
|
- '/etc/haproxy/ssl/self'
|
||
|
|
|
||
|
|
- name: haproxy | create default self-signed certificate
|
||
|
|
shell: |
|
||
|
|
openssl req -newkey rsa:2048 -nodes -sha256 -x509 -subj "{{ haproxy_ssl_self_signed_subj }}/CN={{ item }}" -days {{ haproxy_ssl_self_signed_days }} -keyout "{{ item }}.key" -out "{{ item }}.crt" -extensions v3_ca
|
||
|
|
cat {{ item }}.crt {{ item }}.key >> {{ haproxy_ssl_certs_dir }}/{{ item }}.pem
|
||
|
|
chmod 0600 {{ item }}.crt {{ item }}.key {{ haproxy_ssl_certs_dir }}/{{ item }}.pem
|
||
|
|
args:
|
||
|
|
chdir: '{{ haproxy_ssl_self_dir }}'
|
||
|
|
creates: '{{ haproxy_ssl_certs_dir }}/{{ item }}.pem'
|
||
|
|
with_items: '{{ haproxy_ssl_self_signed_domains }}'
|
||
|
|
notify:
|
||
|
|
- haproxy restarted
|
||
|
|
|
||
|
|
- name: haproxy | copy configuration file
|
||
|
|
template:
|
||
|
|
src: haproxy.cfg.j2
|
||
|
|
dest: '/etc/haproxy/haproxy.cfg'
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: '0440'
|
||
|
|
validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
|
||
|
|
notify:
|
||
|
|
- haproxy reloaded
|