ansible/haproxy
ansible/haproxy
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: initial commit

Browse source
This commit is contained in:
Simon Cornet 2026-04-17 13:34:09 +02:00
commit 214e91a391
16 changed files with 546 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

169
readme.md Normal file
View file

@ -0,0 +1,169 @@
# Ansible Role: HAProxy
Install and configure HAProxy load balancer with flexible frontends, backends, and stats.
## Variables
### Global Settings
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `haproxy_global.log` | No | `/dev/log local2` | Log target |
| `haproxy_global.chroot` | No | `/var/lib/haproxy` | Chroot directory |
| `haproxy_global.pidfile` | No | `/var/run/haproxy.pid` | PID file location |
| `haproxy_global.maxconn` | No | `35000` | Maximum connections |
| `haproxy_global.user` | No | `haproxy` | User to run as |
| `haproxy_global.group` | No | `haproxy` | Group to run as |
| `haproxy_global.daemon` | No | `true` | Run as daemon |
| `haproxy_global.stats_socket` | No | See defaults | Stats socket configuration |
### Default Settings
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `haproxy_defaults.log` | No | `global` | Log setting |
| `haproxy_defaults.mode` | No | `tcp` | Default mode (tcp/http) |
| `haproxy_defaults.option` | No | `tcplog` | Default option |
| `haproxy_defaults.timeout_check` | No | `5s` | Health check timeout |
| `haproxy_defaults.timeout_connect` | No | `10s` | Connection timeout |
| `haproxy_defaults.timeout_client` | No | `600s` | Client timeout |
| `haproxy_defaults.timeout_server` | No | `600s` | Server timeout |
### Stats Listener
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `haproxy_stats.enabled` | No | `false` | Enable stats interface |
| `haproxy_stats.bind` | No | `10.120.32.10:9000` | Bind address for stats |
| `haproxy_stats.mode` | No | `http` | Stats mode |
| `haproxy_stats.uri` | No | `/` | Stats URI path |
| `haproxy_stats.show_node` | No | `true` | Show node name |
| `haproxy_stats.refresh` | No | `10s` | Refresh interval |
| `haproxy_stats.auth` | No | `admin:password` | Basic auth credentials |
### Frontends
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `haproxy_frontends` | No | `[]` | List of frontends |
| `haproxy_frontends[].name` | Yes | - | Frontend name |
| `haproxy_frontends[].bind` | Yes | - | Bind address and port |
| `haproxy_frontends[].default_backend` | Yes | - | Default backend name |
| `haproxy_frontends[].mode` | No | - | Override default mode |
| `haproxy_frontends[].options` | No | `[]` | Additional options |
### Backends
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `haproxy_backends` | No | `[]` | List of backends |
| `haproxy_backends[].name` | Yes | - | Backend name |
| `haproxy_backends[].balance` | No | - | Load balancing algorithm |
| `haproxy_backends[].hash_type` | No | - | Hash type for balancing |
| `haproxy_backends[].mode` | No | - | Override default mode |
| `haproxy_backends[].stick_table` | No | - | Stick table configuration |
| `haproxy_backends[].acls` | No | `[]` | List of ACL rules |
| `haproxy_backends[].tcp_request` | No | `[]` | TCP request rules |
| `haproxy_backends[].tcp_response` | No | `[]` | TCP response rules |
| `haproxy_backends[].stick` | No | `[]` | Stick rules |
| `haproxy_backends[].options` | No | `[]` | Additional options |
| `haproxy_backends[].servers` | Yes | - | List of backend servers |
| `haproxy_backends[].servers[].name` | Yes | - | Server name |
| `haproxy_backends[].servers[].address` | Yes | - | Server address:port |
| `haproxy_backends[].servers[].check` | No | `false` | Enable health checks |
| `haproxy_backends[].servers[].send_proxy` | No | `false` | Enable send-proxy |
| `haproxy_backends[].servers[].extra_params` | No | - | Additional server parameters |
## Full Example
```yaml
---
# Example playbook using role-haproxy
- name: "Deploy HAProxy Load Balancer"
hosts: "haproxy_servers"
become: true
vars:
# enable stats interface
haproxy_stats:
enabled: true
bind: "10.120.32.10:9000"
mode: "http"
uri: "/"
show_node: true
refresh: "10s"
auth: "admitcreation:gZ4hWWeMWy7Bd8"
# frontends
haproxy_frontends:
# http frontend
- name: "http-in"
bind: "10.120.32.15:80"
default_backend: "waf_itcreation_tools_http"
# https frontend
- name: "https-in"
bind: "10.120.32.15:443"
default_backend: "waf_itcreation_tools_https"
# backends
haproxy_backends:
# http backend with simple load balancing
- name: "waf_itcreation_tools_http"
balance: "source"
hash_type: "consistent"
options:
- "option httpchk GET /health"
servers:
# waf0.itcreation.tools
- name: "waf0.itcreation.tools"
address: "10.120.32.20:80"
check: true
send_proxy: true
# waf1.itcreation.tools
- name: "waf1.itcreation.tools"
address: "10.120.32.21:80"
check: true
send_proxy: true
# https backend with SSL session persistence
- name: "waf_itcreation_tools_https"
balance: "roundrobin"
stick_table: "type binary len 2048 size 300k expire 30m"
acls:
- "clienthello req.ssl_hello_type 1"
- "serverhello res.ssl_hello_type 2"
tcp_request:
- "inspect-delay 10s"
- "content accept if clienthello"
tcp_response:
- "content accept if serverhello"
stick:
- "on req.payload_lv(43,1) if clienthello"
- "store-response res.payload_lv(43,1) if serverhello"
options:
- "option httpchk GET /health"
servers:
# waf0.itcreation.tools
- name: "waf0.itcreation.tools"
address: "10.120.32.20:443"
send_proxy: true
check: true
extra_params: "check-ssl verify none"
# waf0.itcreation.tools
- name: "waf1.itcreation.tools"
address: "10.120.32.21:443"
send_proxy: true
check: true
extra_params: "check-ssl verify none"
roles:
- "role-haproxy"
```