--- # Example playbook using role-haproxy # This recreates the configuration from the README example - name: "Deploy HAProxy Load Balancer" hosts: "haproxy_servers" become: true vars: # enable stats interface haproxy_stats: enabled: true bind: "10.120.32.10:9000" mode: "http" uri: "/" show_node: true refresh: "10s" auth: "admitcreation:gZ4hWWeMWy7Bd8" # frontends haproxy_frontends: # http frontend - name: "http-in" bind: "10.120.32.15:80" default_backend: "waf_itcreation_tools_http" # https frontend - name: "https-in" bind: "10.120.32.15:443" default_backend: "waf_itcreation_tools_https" # backends haproxy_backends: # http backend with simple load balancing - name: "waf_itcreation_tools_http" balance: "source" hash_type: "consistent" options: - "option httpchk GET /health" servers: # waf0.itcreation.tools - name: "waf0.itcreation.tools" address: "10.120.32.20:80" check: true send_proxy: true # waf1.itcreation.tools - name: "waf1.itcreation.tools" address: "10.120.32.21:80" check: true send_proxy: true # https backend with SSL session persistence - name: "waf_itcreation_tools_https" balance: "roundrobin" stick_table: "type binary len 2048 size 300k expire 30m" acls: - "clienthello req.ssl_hello_type 1" - "serverhello res.ssl_hello_type 2" tcp_request: - "inspect-delay 10s" - "content accept if clienthello" tcp_response: - "content accept if serverhello" stick: - "on req.payload_lv(43,1) if clienthello" - "store-response res.payload_lv(43,1) if serverhello" options: - "option httpchk GET /health" servers: # waf0.itcreation.tools - name: "waf0.itcreation.tools" address: "10.120.32.20:443" send_proxy: true check: true extra_params: "check-ssl verify none" # waf0.itcreation.tools - name: "waf1.itcreation.tools" address: "10.120.32.21:443" send_proxy: true check: true extra_params: "check-ssl verify none" roles: - "role-haproxy"