haproxy
HAProxy Role
:warning: This project is archived! :warning:
This role has been migrated to our hifis.toolkit
collection:
- https://github.com/hifis-net/ansible-collection-toolkit
- https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/
A role to set up HAProxy to be used as a load balancer in a high availability and scalability context.
Currently supported platforms are:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
This role is tested against the two latest LTS versions of HAProxy. Currently, this results in official support for the HAProxy release series:
2.6
2.4
Other versions are known to work as well but are not automatically tested.
Requirements
None.
Role Variables
Compulsory variables which are not set by default
Backend GitLab IP addresses
Specify a list of backends with name and IP address (Port is optional, defaults to 80
):
haproxy_backends:
- backend_name: 'backend_server_1'
backend_ip: '192.168.33.10'
backend_port: '80'
Frontend floating IP address
Specify the floating IP address of the frontend:
haproxy_frontend_ip: '192.168.33.100'
Compulsory variables which are set by default but need to be adapted
Number of processors used by HAProxy
Sets number of processors used by HAProxy:
haproxy_nbproc: '1'
Number of threads used by HAProxy
Sets number of threads used by HAProxy:
haproxy_nbthread: '2'
HAProxy CPU Map for Multithreading
Mapping threads to CPU cores:
haproxy_cpumap: 'auto:1/1-2 0-1'
Enable/disable stats
Variable to enable or disable the stats:
haproxy_stats_enable: 'enable'
Stats admin username
Variable to hold the stats admin username:
haproxy_stats_admin_user: 'admin'
Stats admin user password
Variable to hold the stats admin user password:
haproxy_stats_admin_user_password: 'changeme'
All other default variables
Path to the executable of HAProxy
Path variable pointing to the location of the HAProxy executable:
haproxy_executable_path: '/usr/sbin/haproxy'
HAProxy PPA version
Variable to pin the PPA version to a certain value:
haproxy_ppa_version: 'ppa:vbernat/haproxy-2.6'
HAProxy version
Variable to pin the HAProxy version to a certain value:
haproxy_version: '2.6.*'
HAProxy user
Variable to specify the HAProxy system user:
haproxy_user: 'haproxy'
HAProxy group
Variable to specify the HAProxy system group:
haproxy_group: 'haproxy'
HAProxy dependencies to be installed
List of HAProxy dependencies to be installed:
haproxy_dependencies:
- 'software-properties-common'
HAProxy binary name
Name of the HAProxy binary:
haproxy_name: 'haproxy'
HAProxy configuration template
Provide the path to the HAProxy configuration template:
haproxy_config_template: 'haproxy.cfg.j2'
HAProxy configuration directory path
Give the path to the HAProxy configuration directory:
haproxy_conf_dir: '/etc/haproxy/'
HAProxy configuration file path
Give the path to the HAProxy configuration file:
haproxy_conf_file_path: "/etc/haproxy/haproxy.cfg"
HAProxy logging socket path
Give the path to the HAProxy logging socket:
haproxy_log_socket: '/dev/log'
HAProxy log level
Specify the log level of HAProxy.
Possible values are:
emerg, alert, crit, err, warning, notice, info, debug
.
haproxy_log_level: 'info'
HAProxy socket file path
Give the path to the HAProxy socket file:
haproxy_socket: '/run/haproxy/admin.sock'
HAProxy self-signed SSL certificate creation
Whether to create a self-signed SSL certificate:
haproxy_create_self_signed_cert: true
Country Name for SSL certificate
Set country to be used for the SSL certificate:
haproxy_country_name: 'DE'
State name for SSL certificate
Set state to be used for the SSL certificate:
haproxy_state_or_province_name: 'Saxony'
Locality Name for SSL certificate
Set locality to be used for the SSL certificate:
haproxy_locality_name: 'Dresden'
Organization name for SSL certificate
Set organization to be used for the SSL certificate:
haproxy_organization_name: 'Helmholtz-Zentrum Dresden-Rossendorf (HZDR)'
Organization Unit Name for SSL certificate
Set organization unit to be used for the SSL certificate:
haproxy_organizational_unit_name: 'FWCC / Computational Science'
Email address for SSL certificate
Set email address to be used for the SSL certificate:
haproxy_email_address: '[email protected]'
Common Name for SSL certificate
Set common name to be used for the SSL certificate:
haproxy_common_name: 'Helmholtz Association'
HAProxy SSL directory path
Give the path to the HAProxy SSL directory:
haproxy_ssl_certificate_dir: '/etc/haproxy/ssl'
HAProxy Private Key file path
Give the path to the HAProxy Private Key file:
haproxy_ssl_certificate_key_file: "/etc/haproxy/ssl/haproxy.key"
HAProxy Certificate Signing Request file path
Give the path to the HAProxy Certificate Signing Request file:
haproxy_ssl_certificate_csr_file: '/etc/haproxy/ssl/haproxy.csr'
HAProxy Certificate file path
Give the path to the HAProxy Certificate file:
haproxy_ssl_certificate_crt_file: "/etc/haproxy/ssl/haproxy.crt"
HAProxy PKCS12 file path
Give the path to the HAProxy PKCS12 file:
haproxy_ssl_certificate_pkcs12_file: "/etc/haproxy/ssl/haproxy.p12"
HAProxy Certificate Chain file path
Give the path to the HAProxy Certificate Chain file:
haproxy_ssl_certificate_chain_file: "/etc/haproxy/ssl/haproxy.pem"
HAProxy Certificate Chain source file path
Give the path to the HAProxy Certificate Chain source file on the control node which will be copied to the remote host:
haproxy_ssl_cert_chain_src_file_path: "haproxy.pem"
Note: This variable is mandatory when haproxy_create_self_signed_cert
is
set to false
. The file should be PEM formatted and include at least the
public certificate and the private key.
HAProxy DH Parameter file path
Give the path to the DH Parameter file:
haproxy_ssl_dhparam_file: "/etc/haproxy/ssl/dhparam.pem"
HAProxy DH Parameter size
Size (in bits) of the generated DH-params:
haproxy_ssl_dhparam_size: 4096
Dependencies
None.
Note: This role is intended for use with, but not limited to, the hifis.keepalived role.
Example playbook
- hosts: loadbalancers
roles:
- role: hifis.haproxy
vars:
haproxy_frontend_ip: '192.168.33.100'
haproxy_backends:
- backend_name: 'backend_server_1'
backend_ip: '192.168.33.10'
backend_port: 80
License
Author Information
Contributors
We would like to thank and give credits to the following contributors of this project:
Install and configure HAProxy to be used for load-balancing in a high availability and scalability context.
ansible-galaxy install hifis-net/ansible-role-haproxy