-
Notifications
You must be signed in to change notification settings - Fork 105
/
Copy pathmain.yml
103 lines (89 loc) · 2.65 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# defaults file
---
haproxy_use_ppa: true
haproxy_version: 2.0
haproxy_dependencies:
- name: haproxy
state: latest
haproxy_install: []
haproxy_restart_handler_state: restarted
haproxy_conf_template: "etc/haproxy/haproxy.cfg.j2"
# global section
haproxy_global_log:
- address: /dev/log
facility: local0
- address: /dev/log
facility: local1
level: notice
haproxy_global_stats:
sockets:
- listen: /run/haproxy/admin.sock
timeout: 30s
haproxy_global_user: haproxy
haproxy_global_group: haproxy
haproxy_global_daemon: true
haproxy_global_ca_base: /etc/ssl/certs
haproxy_global_crt_base: /etc/ssl/private
haproxy_global_ssl_default_bind_ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL'
haproxy_global_ssl_default_bind_ciphersuites: ''
haproxy_global_ssl_default_bind_options: 'no-sslv3'
haproxy_global_ssl_default_server_ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL'
haproxy_global_ssl_default_server_ciphersuites: ''
haproxy_global_ssl_default_server_options: 'no-sslv3'
haproxy_global_nbproc: 1
haproxy_global_option: []
# defaults section
haproxy_defaults_log: global
haproxy_defaults_mode: http
haproxy_defaults_option:
- httplog
- dontlognull
haproxy_default_server_params: []
haproxy_defaults_timeout:
- type: connect
timeout: 5000
- type: client
timeout: 50000
- type: server
timeout: 50000
haproxy_defaults_errorfile:
- code: 400
file: /etc/haproxy/errors/400.http
- code: 403
file: /etc/haproxy/errors/403.http
- code: 408
file: /etc/haproxy/errors/408.http
- code: 500
file: /etc/haproxy/errors/500.http
- code: 502
file: /etc/haproxy/errors/502.http
- code: 503
file: /etc/haproxy/errors/503.http
- code: 504
file: /etc/haproxy/errors/504.http
# ssl (file) map
haproxy_ssl_map: []
# listen section
haproxy_listen: []
# mailers section
haproxy_mailers: []
# front-end section
haproxy_frontend: []
# back-end section
haproxy_backend: []
# user-lists section
haproxy_userlists: []
# resolvers section:
haproxy_resolvers: []
# ACL files
haproxy_acl_files: []
# Letsencrypt (SSL/OCSP deploy)
haproxy_letsencrypt_ssl_deploy_template: usr/local/bin/haproxy-letsencrypt-ssl-deploy.j2
haproxy_letsencrypt_ssl_first_cert: "{{ inventory_hostname }}"
haproxy_letsencrypt_ssl_src_path: /etc/letsencrypt/live
haproxy_letsencrypt_ssl_fullchain_name: fullchain.pem
haproxy_letsencrypt_ssl_chain_name: chain.pem
haproxy_letsencrypt_ssl_privkey_name: privkey.pem
haproxy_letsencrypt_ssl_cert_name: cert.pem
haproxy_letsencrypt_ocsp_deploy_template: usr/local/bin/haproxy-letsencrypt-ocsp-deploy.j2
haproxy_letsencrypt_ocsp_deploy_job: {}