add haproxy repo, custom config files & readme

2025-09-23 14:59:37 +02:00
parent 58ef95e654
commit 141ec62e2c
8 changed files with 123 additions and 18 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "yaml.schemas": {
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json": "file:///Users/ludal/Repositories/brainsys/ansible-roles/haproxy/tasks/requirements.yml"
+    }
+}
--- a/README.md
+++ b/README.md
@@ -1,2 +1,65 @@
 # haproxy

+The present role:
+- install HAProxy
+- push a default configuration file
+- generate a self-signed certificate
+
+By default, HAProxy will be installed from Debian backports repository, but you can optionnaly choose to install it from HAPRoxy's Debian repository (and choose the version).
+Configuration file could also be overrided.
+
+## Optional: Use HAProxy's official Debian repository
+
+You can enable installation from the official [HAProxy Debian repository](https://haproxy.debian.net/) by setting the following variable in your playbook or inventory:
+
+```yaml
+haproxy_use_debian_repo: true
+```
+
+You can also override the following variables if needed:
+
+```yaml
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/bernat.debian.org.gpg'
+haproxy_version: '3.2'  # default version
+```
+
+The apt source line will look like:
+
+```
+deb [signed-by=/usr/share/keyrings/haproxy.debian.net.gpg] http://haproxy.debian.net bookworm-backports-3.2 main
+```
+
+By default, the role installs HAProxy from Debian backports. If you enable the repository, it will be added and HAProxy will be installed from there.
+
+## Overriding the HAProxy configuration file
+
+If you want to use your own configuration file (outside the role), set the variable `haproxy_custom_configuration_file` to the path of your file. The role will copy it to `/etc/haproxy/haproxy.cfg` instead of rendering the template.
+
+Example:
+
+```yaml
+haproxy_custom_configuration_file: '/path/to/my/haproxy.cfg'
+```
+
+If not set, the default template `haproxy.cfg.j2` will be used.
+
+You can enable installation from the official [HAProxy Debian repository](https://haproxy.debian.net/) by setting the following variable in your playbook or inventory:
+
+```yaml
+haproxy_use_debian_repo: true
+```
+
+You can also override the following variables if needed:
+
+```yaml
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/haproxy-archive-keyring.gpg'
+```
+
+By default, the role installs HAProxy from Debian backports. If you enable the repository, it will be added and HAProxy will be installed from there.
+
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,3 +9,11 @@ haproxy_ssl_self_signed_domains:
 haproxy_accept_warnings: yes

 haproxy_bind_ip: '*'
+
+# Optional: Use HAProxy's official Debian repository
+haproxy_use_debian_repo: false
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/haproxy-archive-keyring.gpg'
+haproxy_version: '3.2'
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -22,7 +22,19 @@
  notify:
    - haproxy restart

- name: haproxy | copy configuration file
+- name: haproxy | copy custom configuration file
+  copy:
+    src: "{{ haproxy_custom_configuration_file }}"
+    dest: '/etc/haproxy/haproxy.cfg'
+    owner: root
+    group: root
+    mode: '0440'
+    validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
+  when: haproxy_custom_configuration_file is defined
+  notify:
+    - haproxy reload
+
+- name: haproxy | copy default configuration file
  template:
    src: haproxy.cfg.j2
    dest: '/etc/haproxy/haproxy.cfg'
@@ -30,5 +42,6 @@
    group: root
    mode: '0440'
    validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
+  when: haproxy_custom_configuration_file is not defined
  notify:
    - haproxy reload
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,7 +0,0 @@
---
- name: haproxy | installation
-  apt:
-    name: haproxy
-    state: present
-    default_release: "{{ ansible_distribution_release }}-backports"
-
--- a/tasks/install_from_backports.yml
+++ b/tasks/install_from_backports.yml
@@ -1,11 +1,13 @@
 ---
- name: haproxy | add backports repository
+- name: haproxy | add Debian backports repository
  apt_repository:
    repo: deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main
    state: present
    filename: "{{ ansible_distribution_release }}-backports"
-
- name: haproxy | update apt cache
-  apt:
    update_cache: yes
-    cache_valid_time: 86400
+
+- name: haproxy | installation
+  apt:
+    name: haproxy
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
--- a/tasks/install_from_haproxy.yml
+++ b/tasks/install_from_haproxy.yml
@@ -0,0 +1,20 @@
+---
+- name: haproxy | add HAProxy Debian repository key
+  ansible.builtin.get_url:
+    url: "{{ haproxy_debian_repo_key_url }}"
+    dest: /etc/apt/keyrings/haproxy-archive-keyring.gpg
+    mode: '0644'
+
+- name: haproxy | add HAProxy Debian repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/haproxy-archive-keyring.gpg] {{ haproxy_debian_repo_url }} {{ haproxy_debian_repo_distribution }}-backports-{{ haproxy_version }} {{ haproxy_debian_repo_component }}"
+    state: present
+    filename: 'haproxy'
+    update_cache: yes
+
+- name: haproxy | install HAProxy from HAProxy Debian repo
+  ansible.builtin.apt:
+    name: haproxy
+    state: present
+    update_cache: yes
+    default_release: "{{ haproxy_debian_repo_distribution }}-backports-{{ haproxy_version }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,10 +1,11 @@
 ---
- name: haproxy | requirements
-  include_tasks: requirements.yml
+- name: haproxy | install from backports
+  include_tasks: install_from_backports.yml
+  when: not haproxy_use_debian_repo | bool

- name: haproxy | installation
-  include_tasks: install.yml
+- name: haproxy | install from HAProxy repo
+  include_tasks: install_from_haproxy.yml
+  when: haproxy_use_debian_repo | bool

 - name: haproxy | configuration
  include_tasks: configure.yml
-