# Ansible Role: HAProxy Install and configure HAProxy load balancer with flexible frontends, backends, and stats. ## Variables ### Global Settings | Variable | Required | Default | Description | |----------|----------|---------|-------------| | `haproxy_global.log` | No | `/dev/log local2` | Log target | | `haproxy_global.chroot` | No | `/var/lib/haproxy` | Chroot directory | | `haproxy_global.pidfile` | No | `/var/run/haproxy.pid` | PID file location | | `haproxy_global.maxconn` | No | `35000` | Maximum connections | | `haproxy_global.user` | No | `haproxy` | User to run as | | `haproxy_global.group` | No | `haproxy` | Group to run as | | `haproxy_global.daemon` | No | `true` | Run as daemon | | `haproxy_global.stats_socket` | No | See defaults | Stats socket configuration | ### Default Settings | Variable | Required | Default | Description | |----------|----------|---------|-------------| | `haproxy_defaults.log` | No | `global` | Log setting | | `haproxy_defaults.mode` | No | `tcp` | Default mode (tcp/http) | | `haproxy_defaults.option` | No | `tcplog` | Default option | | `haproxy_defaults.timeout_check` | No | `5s` | Health check timeout | | `haproxy_defaults.timeout_connect` | No | `10s` | Connection timeout | | `haproxy_defaults.timeout_client` | No | `600s` | Client timeout | | `haproxy_defaults.timeout_server` | No | `600s` | Server timeout | ### Stats Listener | Variable | Required | Default | Description | |----------|----------|---------|-------------| | `haproxy_stats.enabled` | No | `false` | Enable stats interface | | `haproxy_stats.bind` | No | `10.120.32.10:9000` | Bind address for stats | | `haproxy_stats.mode` | No | `http` | Stats mode | | `haproxy_stats.uri` | No | `/` | Stats URI path | | `haproxy_stats.show_node` | No | `true` | Show node name | | `haproxy_stats.refresh` | No | `10s` | Refresh interval | | `haproxy_stats.auth` | No | `admin:password` | Basic auth credentials | ### Frontends | Variable | Required | Default | Description | |----------|----------|---------|-------------| | `haproxy_frontends` | No | `[]` | List of frontends | | `haproxy_frontends[].name` | Yes | - | Frontend name | | `haproxy_frontends[].bind` | Yes | - | Bind address and port | | `haproxy_frontends[].default_backend` | Yes | - | Default backend name | | `haproxy_frontends[].mode` | No | - | Override default mode | | `haproxy_frontends[].options` | No | `[]` | Additional options | ### Backends | Variable | Required | Default | Description | |----------|----------|---------|-------------| | `haproxy_backends` | No | `[]` | List of backends | | `haproxy_backends[].name` | Yes | - | Backend name | | `haproxy_backends[].balance` | No | - | Load balancing algorithm | | `haproxy_backends[].hash_type` | No | - | Hash type for balancing | | `haproxy_backends[].mode` | No | - | Override default mode | | `haproxy_backends[].stick_table` | No | - | Stick table configuration | | `haproxy_backends[].acls` | No | `[]` | List of ACL rules | | `haproxy_backends[].tcp_request` | No | `[]` | TCP request rules | | `haproxy_backends[].tcp_response` | No | `[]` | TCP response rules | | `haproxy_backends[].stick` | No | `[]` | Stick rules | | `haproxy_backends[].options` | No | `[]` | Additional options | | `haproxy_backends[].servers` | Yes | - | List of backend servers | | `haproxy_backends[].servers[].name` | Yes | - | Server name | | `haproxy_backends[].servers[].address` | Yes | - | Server address:port | | `haproxy_backends[].servers[].check` | No | `false` | Enable health checks | | `haproxy_backends[].servers[].send_proxy` | No | `false` | Enable send-proxy | | `haproxy_backends[].servers[].extra_params` | No | - | Additional server parameters | ## Full Example ```yaml --- # Example playbook using role-haproxy - name: "Deploy HAProxy Load Balancer" hosts: "haproxy_servers" become: true vars: # enable stats interface haproxy_stats: enabled: true bind: "10.120.32.10:9000" mode: "http" uri: "/" show_node: true refresh: "10s" auth: "admitcreation:gZ4hWWeMWy7Bd8" # frontends haproxy_frontends: # http frontend - name: "http-in" bind: "10.120.32.15:80" default_backend: "waf_itcreation_tools_http" # https frontend - name: "https-in" bind: "10.120.32.15:443" default_backend: "waf_itcreation_tools_https" # backends haproxy_backends: # http backend with simple load balancing - name: "waf_itcreation_tools_http" balance: "source" hash_type: "consistent" options: - "option httpchk GET /health" servers: # waf0.itcreation.tools - name: "waf0.itcreation.tools" address: "10.120.32.20:80" check: true send_proxy: true # waf1.itcreation.tools - name: "waf1.itcreation.tools" address: "10.120.32.21:80" check: true send_proxy: true # https backend with SSL session persistence - name: "waf_itcreation_tools_https" balance: "roundrobin" stick_table: "type binary len 2048 size 300k expire 30m" acls: - "clienthello req.ssl_hello_type 1" - "serverhello res.ssl_hello_type 2" tcp_request: - "inspect-delay 10s" - "content accept if clienthello" tcp_response: - "content accept if serverhello" stick: - "on req.payload_lv(43,1) if clienthello" - "store-response res.payload_lv(43,1) if serverhello" options: - "option httpchk GET /health" servers: # waf0.itcreation.tools - name: "waf0.itcreation.tools" address: "10.120.32.20:443" send_proxy: true check: true extra_params: "check-ssl verify none" # waf0.itcreation.tools - name: "waf1.itcreation.tools" address: "10.120.32.21:443" send_proxy: true check: true extra_params: "check-ssl verify none" roles: - "role-haproxy" ```