initial commit

.vagrant/machines/lb01/libvirt/action_provision

@@ -0,0 +1 @@
+1.5:cf74901d-39d5-47cd-adcd-bbdc44a88332

.vagrant/machines/lb01/libvirt/box_meta

@@ -0,0 +1 @@
+{"name":"fedora/34-cloud-base","version":"34.20210423.0","provider":"libvirt","directory":"boxes/fedora-VAGRANTSLASH-34-cloud-base/34.20210423.0/libvirt"}

.vagrant/machines/lb01/libvirt/creator_uid

@@ -0,0 +1 @@
+1000

.vagrant/machines/lb01/libvirt/id

@@ -0,0 +1 @@
+cf74901d-39d5-47cd-adcd-bbdc44a88332

.vagrant/machines/lb01/libvirt/index_uuid

@@ -0,0 +1 @@
+35f14c8cc4fd4d869900e2af32a30b55

.vagrant/machines/lb01/libvirt/private_key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAoskrvpVXkG3L7i1361m1abG623R1B9MVzNjggqUi25xIz+ma
+AbyVfbmrt86JwhzkOAc0mi+npO28EHOClCsv+NgNLQcD13odKsijKPbK5JN6C7VC
++g6TEQwk83mmLQ2nZGAAnk8cXAfq0swA1YqbbWKRT9UN72bvn22wBt5VZVrUtizc
+ldAvDXjY6syqGoZQpb2Iq2e3q5GaeL7Z3rTMJBuKSK1DvTviy7sFeh9bkAlrRE3K
+htPp+WEYsqEbqe9bFOoZkaapu6TN7CqbbR7TI0Zhhv6t3Vn6u+qtwXcolOWVu+CV
+iOJJl59L12kCEjMTlv46eVV63nCtD4Lof6v+SwIDAQABAoIBABDVTrG5jcGAqRrr
+FsB+mVThrRnuc/+oI1P4hVbdLrqY8aqWVHejga3rmkc6k2JATJVCoXzkOqjCcLUe
+zLz3rlFEPjCOziXlGckH0F93DcoPOgql5tQm16xmnheTV8zG4a1uhAHa2mrl4rGD
+qP5sA+CO1cn0lSlRcqwA0rgTG6+MR71H9bl3IKr9ZDIkTSycK3Bu5Gh05aHhVUZf
+RrTLJZXqf0bN0AV97GMu3Mr4hiBaO/4xWs3T8foCEeImS/KO/i5s9KySWhIBxwV5
+gSne9rzmh2HwPi+gmS6B33omE78h59eqAMLMy9ajPbeBho9eA5Iz9RPaJRueyPkd
+6TNnxEkCgYEA071KhpGH0Wk7ZpgEwN1iwjLgxqIMyU/LdcsTTPPu4BqnhqVt4w1/
+Q5gVHX//BR5uZVCcFx2bxJwl40CY11Px54mTMTf/h831ma8f1YYKEAlplkLHCGKA
+ym6DcNJSEVGP7Xz2zhGLlzofxG5CzaFL17DlKN94jQDTyE5C3wCtubcCgYEAxNA/
+8RqmpY92LWblZrrqg7xSZQ88jog8fGcV/ziYRpSwJPtCcaxz1ZfuSJyCIg4Eej6W
+p3ee+fZxuNFoLG4OC1hznNsuh/HYalKNyjHe1Z2mFdqmn8fhIOyL6v/vCf8DWMil
+ZAMyoqwaxST03lGHScqw82Nry4mHt54fukUy8A0CgYAxOnBKSymdqW6zEqMASDh+
+2B9kbyaz40Z1k4pgONKP7gKHDo023dt51rEKE8kx4npeOdigkzS1CGzSoiEm5xB1
++YlsRw21AFCas5meJjTOt7GByvLFY0l4RytuHqgP+LuSxpwHGxMuTMg3/j6v2lFs
+y2bsEtDPT6LtjiyD9n9tjwKBgHy8f8oPWg8UHZIo5Lt3O6rCcHYccgTj03IE46wd
+8mTJV9oYZMQmyENXR249wzxSJgRUJqd86QUDbI/2KFAAcGZAaQXA5HzEiqTYLYU4
+lkJM6DZxnakmxUhYo1UNYDK1rSlYAXqhjDYNXeoUwh0lDtl13TBkkq0tPRbi4Ljt
+opsBAoGAYo1vAHqSU04IpM2mqSekFvT5Pj27nQEfy0o2JzipFJq/7sdPSPykEyCj
+eFE03YjY7JPvkcz2mM2ng+0N1rfLl2h4tX0ncx2T/4vEqrvmlpEUd+o1UR7vYhN2
+gpo+WqJRoBbykitMgfioeXDVa5HpLJUdv7o+/X/E9lfO7xjN2qI=
+-----END RSA PRIVATE KEY-----

.vagrant/machines/lb01/libvirt/synced_folders

@@ -0,0 +1 @@
+{"rsync":{"/vagrant":{"type":"rsync","guestpath":"/vagrant","hostpath":"/var/home/dschier/Projects/dschier/haproxy","disabled":false,"__vagrantfile":true,"owner":"vagrant","group":"vagrant"},"/etc/ansible/roles/haproxy":{"type":"rsync","guestpath":"/etc/ansible/roles/haproxy","hostpath":"/var/home/dschier/Projects/dschier/haproxy","disabled":false,"__vagrantfile":true,"owner":"vagrant","group":"vagrant"}}}

.vagrant/machines/lb01/libvirt/vagrant_cwd

@@ -0,0 +1 @@
+/var/home/dschier/Projects/dschier/haproxy

.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

@@ -0,0 +1,3 @@
+# Generated by Vagrant
+
+lb01 ansible_ssh_host=192.168.122.12 ansible_ssh_port=22 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='/var/home/dschier/Projects/dschier/haproxy/.vagrant/machines/lb01/libvirt/private_key'

.vagrant/rgloader/loader.rb

@@ -0,0 +1,9 @@
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

Vagrantfile

@@ -0,0 +1,29 @@
+# Vagrantfile for gerri server
+
+Vagrant.configure("2") do |config|
+
+  # Virtualization
+  config.vm.provider "libvirt" do |lv|
+    lv.cpus = 4
+    lv.memory = 4096
+  end
+
+  config.vm.provider "virtualbox" do |vb|
+    vb.cpus = 4
+    vb.memory = 4096
+  end
+
+  config.vm.synced_folder ".", "/etc/ansible/roles/haproxy", type: "rsync"
+
+  # Provision
+  config.vm.provision "test", type: "ansible", run: "once" do |test|
+    test.playbook = "tests/test.yml"
+  end
+
+  # Instance
+  config.vm.define "lb01" do |lb01|
+    lb01.vm.box = "fedora/34-cloud-base"
+    lb01.vm.hostname = "lb01"
+  end
+
+end

defaults/main.yml

@@ -0,0 +1,4 @@
+---
+# defaults file for haproxy
+
+haproxy_workaround: false

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for haproxy

meta/main.yml

@@ -0,0 +1 @@
+dependencies: []

requirements.yml

@@ -0,0 +1,2 @@
+collections:
+  - name: "ansible.posix"

tasks/main.yml

@@ -0,0 +1,40 @@
+---
+# tasks file for haproxy
+
+- name: "Manage haproxy Packages"
+  ansible.builtin.package:
+    name: "haproxy"
+    state: "present"
+  become: true
+
+- name: "Manage haproxy Configuration"
+  ansible.builtin.template:
+    src: "haproxy.conf.j2"
+    dest: "/etc/haproxy/haproxy.conf"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  become: true
+
+- name: "Manage haproxy SELinux booleans"
+  ansible.posix.seboolean:
+    name: "haproxy_connect_any"
+    persistent: true
+    state: 1
+  become: true
+  when:
+    - " ! haproxy_workaround | bool"
+
+- name: "Manage haproxy SELinux booleans"
+  ansible.builtin.command:
+    cmd: "setsebool -P haproxy_connect_any 1"
+  become: true
+  when:
+    - "haproxy_workaround | bool"
+
+- name: "Manage haproxy Services"
+  ansible.builtin.service:
+    name: "haproxy.service"
+    state: "started"
+    enabled: true
+  become: true

templates/haproxy.conf.j2

@@ -0,0 +1,46 @@
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+    # utilize system-wide crypto-policies
+    ssl-default-bind-ciphers PROFILE=SYSTEM
+    ssl-default-server-ciphers PROFILE=SYSTEM
+
+defaults
+    mode                    tcp
+
+frontend api
+    bind *:6443
+    default_backend             api
+
+frontend app_http
+    bind *:80
+    default_backend             app_http
+
+frontend app_https
+    bind *:443
+    default_backend             app_https
+
+backend api
+    balance     roundrobin
+    server      server1 localhost:8080 check
+
+backend app_http
+    balance     roundrobin
+    server      server1 localhost:8080 check
+
+backend app_https
+    balance     roundrobin
+    server      server1 localhost:8080 check

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,10 @@
+---
+- hosts: "localhost"
+  
+  tasks:
+
+    - name: "Import haproxy Role"
+      ansible.builtin.import_role:
+        name: "haproxy"
+      vars:
+        - haproxy_workaround: false