Install and configure haproxy on your system.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.haproxy
haproxy_frontends:
- name: http
address: "*"
port: 80
default_backend: backend
- name: https
address: "*"
port: 443
default_backend: backend
ssl: true
crts:
- /tmp/haproxy.keycrt
- name: smtp
address: "*"
port: 25
default_backend: smtp
mode: tcp
- name: prometheus
address: "*"
port: 8405
mode: http
http_request: use-service prometheus-exporter
no_log: true
haproxy_backend_default_balance: roundrobin
haproxy_backends:
- name: backend
httpcheck: true
# You can tell how the health check must be done.
# This requires haproxy version 2
# http_check:
# send:
# method: GET
# uri: /health.html
# expect: status 200
balance: roundrobin
# You can refer to hosts in an Ansible group.
# The `ansible_default_ipv4` will be used as an address to connect to.
servers: "{{ groups['all'] }}"
port: 8080
options:
- check
- name: smtp
balance: leastconn
mode: tcp
# You can also refer to a list of servers.
servers:
- name: first
address: "127.0.0.1"
port: 25
- name: second
address: "127.0.0.2"
port: 25
port: 25
- name: vault
mode: tcp
httpcheck: GET /v1/sys/health HTTP/1.1
servers: "{{ groups['all'] }}"
http_send_name_header: Host
port: 8200
options:
- check
- check-ssl
- ssl verify none
haproxy_listen_default_balance: roundrobin
haproxy_listens:
- name: listen
address: "*"
httpcheck: true
listen_port: 8081
balance: roundrobin
# You can refer to hosts in an Ansible group.
# The `ansible_default_ipv4` will be used as an address to connect to.
servers: "{{ groups['all'] }}"
port: 8080
options:
- maxconn 100000The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.epel
- role: robertdebock.buildtools
- role: robertdebock.python_pip
- role: robertdebock.openssl
openssl_key_directory: /tmp
openssl_items:
- name: haproxy
common_name: "{{ ansible_fqdn }}"
# This role is applied to serve as a mock "backend" server. See `molecule/default/verify.yml`.
- role: robertdebock.httpd
httpd_port: 8080
vars:
_httpd_data_directory:
default: /var/www/html
Alpine: /var/www/localhost/htdocs
Suse: /srv/www/htdocs
httpd_data_directory: "{{ _httpd_data_directory[ansible_os_family] | default(_httpd_data_directory['default'] ) }}"
post_tasks:
- name: Place health check
ansible.builtin.copy:
content: "ok"
dest: "{{ httpd_data_directory }}/health.html"
- name: Place sample page
ansible.builtin.copy:
content: "Hello world!"
dest: "{{ httpd_data_directory }}/index.html"Also see a full explanation and example on how to use these roles.
The default values for the variables are set in defaults/main.yml:
---
# defaults file for haproxy
# Configure stats in HAProxy?
haproxy_stats: true
haproxy_stats_port: 1936
haproxy_stats_bind_addr: "0.0.0.0"
# Default setttings for HAProxy.
haproxy_retries: 3
haproxy_timeout_http_request: 10s
haproxy_timeout_connect: 10s
haproxy_timeout_client: 1m
haproxy_timeout_server: 1m
haproxy_timeout_http_keep_alive: 10s
haproxy_timeout_check: 10s
haproxy_maxconn: 3000
# A list of frontends. See `molecule/default/converge.yml` for an example.
haproxy_frontends: []
haproxy_backend_default_balance: roundrobin
haproxy_backends: []
# For the listening lists:
haproxy_listen_default_balance: roundrobin
haproxy_listens: []- pip packages listed in requirements.txt.
The following roles are used to prepare a system. You can prepare your system in another way.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.buildtools |  |
 |
| robertdebock.core_dependencies |  |
 |
| robertdebock.epel |  |
 |
| robertdebock.httpd |  |
 |
| robertdebock.openssl |  |
 |
| robertdebock.python_pip |  |
 |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
| container | tags |
|---|---|
| EL | 9 |
| Debian | all |
| Fedora | 39, 40 |
| Ubuntu | all |
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub.
Please consider sponsoring me.