gsb2024/roles/lb-front-ssl/tasks/main.yml

- name: install haproxy
  apt:
    name: haproxy
    state: present

- name: creer un certificat auto-signé
  openssl_certificate:
    path: /etc/haproxy/crt/haproxy.crt
    privatekey_path: /etc/haproxy/crt/private/haproxy.pem
    csr_path: /etc/haproxy/crt/csr/haproxy.csr
    provider: selfsigned

- name: parametre global
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
        ssl-server-verify none

- name: parametre backend et fontend
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      frontend proxypublic
        bind 192.168.100.10:80
        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem
        http-request redirect scheme https unless { ssl_fc }
        default_backend fermeweb
      
      backend fermeweb
        balance roundrobin
        option httpclose
        option httpchk HEAD / HTTP/1.0
        server s-lb-web1 192.168.101.1:80 check
        server s-lb-web2 192.168.101.2:80 check

- name: redemarre haproxy
  service:
    name: haproxy
#    state: restarted
    enabled: yes