From 62b59e24972b100722f76cf09f71e14f519b53dd Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 1 Oct 2020 19:15:37 +0200
Subject: [PATCH] Change the kernel sysctl options when installing as a
 container too

---
 tasks/haproxy-service.yml | 21 ---------------------
 tasks/haproxy_sysctl.yml  | 23 +++++++++++++++++++++++
 tasks/main.yml            |  1 +
 3 files changed, 24 insertions(+), 21 deletions(-)
 create mode 100644 tasks/haproxy_sysctl.yml

diff --git a/tasks/haproxy-service.yml b/tasks/haproxy-service.yml
index aff688b..caaab83 100644
--- a/tasks/haproxy-service.yml
+++ b/tasks/haproxy-service.yml
@@ -44,24 +44,3 @@
   apt: name={{ haproxy_additional_pkgs }} state=latest update_cache=yes cache_valid_time=3600
   when: haproxy_install_additional_pkgs
 
-- name: Enable kernel binding non local IP addresses
-  sysctl: name={{ item }} value=1 reload=yes state=present
-  with_items:
-    - net.ipv4.ip_nonlocal_bind
-  when: haproxy_k_bind_non_local_ip
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-
-- name: Disable kernel binding non local IP addresses
-  sysctl: name={{ item }} value=0 reload=yes state=present
-  with_items:
-    - net.ipv4.ip_nonlocal_bind
-  when: not haproxy_k_bind_non_local_ip
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-
-- name: Increase the connection tracking table capacity
-  sysctl: name={{ item }} value={{ haproxy_sysctl_conntrack_max }} reload=yes state=present
-  with_items:
-    - net.nf_conntrack_max
-  when: is_not_debian9
-  tags: [ 'haproxy', 'haproxy_sysctl' ]
-
diff --git a/tasks/haproxy_sysctl.yml b/tasks/haproxy_sysctl.yml
new file mode 100644
index 0000000..9099257
--- /dev/null
+++ b/tasks/haproxy_sysctl.yml
@@ -0,0 +1,23 @@
+---
+- block:
+  - name: Enable kernel binding non local IP addresses
+    sysctl: name={{ item }} value=1 reload=yes state=present
+    with_items:
+      - net.ipv4.ip_nonlocal_bind
+    when: haproxy_k_bind_non_local_ip
+
+  - name: Increase the connection tracking table capacity
+    sysctl: name={{ item }} value={{ haproxy_sysctl_conntrack_max }} reload=yes state=present
+    with_items:
+      - net.nf_conntrack_max
+
+  tags: [ 'haproxy', 'haproxy_sysctl' ]
+
+- block:
+  - name: Disable kernel binding non local IP addresses
+    sysctl: name={{ item }} value=0 reload=yes state=present
+    with_items:
+      - net.ipv4.ip_nonlocal_bind
+
+  when: not haproxy_k_bind_non_local_ip
+  tags: [ 'haproxy', 'haproxy_sysctl' ]
diff --git a/tasks/main.yml b/tasks/main.yml
index 0cb0e69..e512397 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
+- import_tasks: haproxy-sysctl.yml
 - import_tasks: haproxy-service.yml
   when: not haproxy_docker_container
 - import_tasks: haproxy-letsencrypt-acme-sh.yml