haproxy/tasks/configure.yml
2024-12-20 17:15:44 +01:00

35 lines
1.1 KiB
YAML

---
- name: haproxy | ensure certs directory
file:
path: '{{ item }}'
state: directory
mode: '0755'
owner: root
group: root
with_items:
- '/etc/haproxy/ssl/certs'
- '/etc/haproxy/ssl/self'
- name: haproxy | create default self-signed certificate
shell: |
openssl req -newkey rsa:2048 -nodes -sha256 -x509 -subj "{{ haproxy_ssl_self_signed_subj }}/CN={{ item }}" -days {{ haproxy_ssl_self_signed_days }} -keyout "{{ item }}.key" -out "{{ item }}.crt" -extensions v3_ca
cat {{ item }}.crt {{ item }}.key >> {{ haproxy_ssl_certs_dir }}/{{ item }}.pem
chmod 0600 {{ item }}.crt {{ item }}.key {{ haproxy_ssl_certs_dir }}/{{ item }}.pem
args:
chdir: '{{ haproxy_ssl_self_dir }}'
creates: '{{ haproxy_ssl_certs_dir }}/{{ item }}.pem'
with_items: '{{ haproxy_ssl_self_signed_domains }}'
notify:
- haproxy restarted
- name: haproxy | copy configuration file
template:
src: haproxy.cfg.j2
dest: '/etc/haproxy/haproxy.cfg'
owner: root
group: root
mode: '0440'
validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
notify:
- haproxy reloaded