Hello, I want to manager personal template with haproxy.

This is my work
`

• name: Copy HAProxy configuration in place.
  template:
  src: "{{ haproxy_template | default('haproxy.cfg.j2') }}"
  dest: /etc/haproxy/haproxy.cfg
  mode: 0644
  validate: haproxy -f %s -c -q
  notify: restart haproxy
  `
  I change "SRC"

i have tested with this groupvars:

cat group_vars/lbservers 
---

# HA PROXY #
haproxy_template: "../../../files/haproxy/haproxy.cfg.j2"

It's work fine :

Regards,

Mathieu

Assume that we have inventory

[backend_server]
192.168.0.2
192.168.0.3

and want dynamic backend_server configuration for haproxy without hard code the IP

haproxy_backend_servers:
  // loop from backend_server

How to achieve this?

• name: allow haproxy outgoing connections in SELinux
  seboolean:
  name: haproxy_connect_any
  state: yes
  persistent: yes
  when: ansible_os_family == 'RedHat'

I'd like to use this role but need to enable/configure the statistics page provided by HAProxy.

I was using the haproxy role and when I ran the playbook it throws me an error

Install haproxy failed

I executed the command first sudo apt update and then ansible-playbook <my-haproxyplaybook.yml> and it worked. This is not the major thing but if anyone configuring a new server it helps. So, only need to add the command module in your role <package-manager> update .

The following fatal error is returned.

{
  "changed": false,
  "checksum": "8e550f8a09433066393cb594a35aedb0650cd58b",
  "exit_status": 1,
  "msg": "failed to validate",
  "stderr": "[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:15] : the contimeout directive is not supported anymore since HAProxy 2.1. Use timeout connect.\n[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:16] : the clitimeout directive is not supported anymore since HAProxy 2.1. Use timeout client.\n[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:17] : the srvtimeout directive is not supported anymore since HAProxy 2.1. Use timeout server.\n[ALERT] 178/025031 (28765) : Error(s) found in configuration file : /root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source\n[ALERT] 178/025031 (28765) : Fatal errors found in configuration.\n",
  "stderr_lines": [
    "[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:15] : the contimeout directive is not supported anymore since HAProxy 2.1. Use timeout connect.",
    "[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:16] : the clitimeout directive is not supported anymore since HAProxy 2.1. Use timeout client.",
    "[ALERT] 178/025031 (28765) : parsing [/root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source:17] : the srvtimeout directive is not supported anymore since HAProxy 2.1. Use timeout server.",
    "[ALERT] 178/025031 (28765) : Error(s) found in configuration file : /root/.ansible/tmp/ansible-tmp-1624866631.13-9028-21196180586362/source",
    "[ALERT] 178/025031 (28765) : Fatal errors found in configuration."
  ],
  "stdout": "",
  "stdout_lines": []
}

This role installed HAProxy version 2.3 on my system.

[root@haproxy1 ~]# haproxy -v
HA-Proxy version 2.3.10-4764f0e 2021/04/23 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2022.
Known bugs: http://www.haproxy.org/bugs/bugs-2.3.10.html
Running on: Linux 5.11.12-300.fc34.x86_64 #1 SMP Wed Apr 7 16:31:13 UTC 2021 x86_64

I looks like set_fact in tasks/main.yml needs to be updated to include version 2.x?

- name: Set HAProxy version.
  set_fact:
    haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.4' }}"

Hi jeff,

I am looking at your ansible haproxy role and I have a few question.

1. How can I add this section to the template?
   listen rabbitmq
   bind *:5672
   mode tcp
   option tcplog
   balance roundrobin
   server moc-dbs-01 172.25.1.121:5672 check inter 5000 rise 2 fall 3
   server moc-dbs-02 172.25.1.159:5672 check inter 5000 rise 2 fall 3
2. The server values comes from the hosts file
   [haproxy]
   moc-dbs-03
   moc-dbs-04

[rabbitmq]
moc-dbs-01
moc-dbs-02

Haproxy role is ran against hosts “haproxy” , the new section is defined by the hosts”rabbitmq”

As a user of this Role I would like to have an easy option to do a http to https redirect.

Solution

Not sure, every use case is different. Using a http to https redirect is quite common I think

Workaround

I do a blunt copy of my 'ansible.cfg'.
I copy the certificate+key from an Ansible secret.

As the title says...

To allow for Ansible's haproxy module to control backends easily, HAProxy needs the admin stats socket open for communication. Add configuration for the socket, please!

It could be nice to write real molecule test . Currently there is only the first example from testinfra available.

The following tests are easy to write :

• package is present
• haproxy is enabled and running
• port 80 is listening

Using this role with default settings on Ubuntu 22.04 will cause an error when executing the Set HAProxy version. task due to the version reported by haproxy -v being different.

What is happening

When querying the version - not sure if this is because of Ubuntu 22.04 or HAProxy 2.x - the version string will come back as

HAProxy version 2.4.14-1ubuntu1 2022/02/28 - https://haproxy.org/

Fixing it

A temporary fix for the would be to simply modify the task to look for a different version string like

- name: Set HAProxy version.
  set_fact:
    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HAProxy version ([0-9]\.[0-9]).*$", "\1") }}'

If the HAProxy version string is different between versions, it might be an idea to have variables per OS-Release to parse this.

I am attempting to create a backend from already defined data in group vars from inventory, rather than defining this again.

Given my yaml inventory:

linux_cluster:
  hosts:
    web01-prd:
        ansible_host: 10.0.0.1
    web02-prd:
        ansible_host: 10.0.0.2
    web03-prd:
        ansible_host: 10.0.0.3

..which contains the name/IP for my HAProxy backend already, so no need to define it all again.

I have gotten as far as:

"{{ groups['linux_cluster'] | map('extract',hostvars,'inventory_hostname') | list , groups['linux_cluster'] | map('extract',hostvars,'ansible_host') | list}}"

Which outputs as:

TASK [debug] ***************************************************************
ok: [test] => {
    "msg": "([u'web02-prd', u'web03-prd', u'web01-prd'], [u'10.0.0.2', u'10.0.0.3', u'10.0.0.1'])"
}

Just struggling with templating needed to output this list in the format required by your role:

haproxy_backend_servers:
  - name: web01-prd
    address: 10.0.0.1
  - name: web02-prd
    address: 10.0.0.2
  - name: web03-prd
    address: 10.0.0.3

Any idea how one might achieve that?

Currently it's not possible to add additional configs to do things like multi-domain balancing as described here because there's no way to add these extra configurations (acl, use_backend, etc) to the generated haproxy config file.

@geerlingguy If I prepared a PR enabling arbitrary extra configuration in the frontend and backends would you consider accepting it?

Is it possible to have multiple frontends?
In my case I need to have port 80 for non-ssl and 443 for ssl requests.

Hello,

Can you add the monitoring configuration into the template j2 and some variables to allow activation ?
The configuration is normally:

listen stats
    bind    *:7000
    mode    http
    stats   enable
    stats uri /

So I would propose something like:

haproxy.cfg.j2

{% if haproxy_stats_enable == 'enable' %}
listen stats
    mode {{ haproxy_stats_mode }}
    bind   {{ haproxy_stats_bind }}
    stats   {{ haproxy_stats_enable }}
    stats uri {{ haproxy_stats_uri }}
{% if haproxy_stats_login is defined and haproxy_stats_password is defined %}
    stats auth {{ haproxy_stats_login }}:{{ haproxy_stats_password }}
{% endif %}
{% endif %}

defaults/main.yml

haproxy_stats_mode: 'http'
haproxy_stats_bind: '*:7000'
haproxy_stats_enable: 'enable'
haproxy_stats_uri: '/'
# haproxy_stats_login: login if auth needed
# haproxy_stats_password: password if auth needed

Based on https://tecadmin.net/how-to-configure-haproxy-stats/
A bit more complex to manage, can also be done per frontend: https://www.haproxy.com/blog/exploring-the-haproxy-stats-page/

Could be handled with careful {%- -%}. If noone solved that yet, I'm willing to PR.

We need to have several frontends and backens running on a single HAProxy in a setup we run.

I'll gladly submit a PR for a proposed solution. @geerlingguy what do you think? Should I leve the current implementation intact and add variables like extra_frontends and extra_backends or rebuild the whole code so it works with multiple instances?

The former solution would help with backwards compatibility for configuration but split the same kind of configuration into two variables. The latter would make it harder to upgrade.

A possible third solution would be to implement new variables but have tasks that transform old configuration if it's present.

Just let me know what you prefer and I can build it into a PR. If I was too confusing or want to know more about my idea, just let me know, please.

Looks like only 1.5 and 1.4 supported currently