From abb14e5b52fd2e83bef96e7727b63b7ed95a7d4d Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 22 Jun 2022 15:32:10 +0200
Subject: [PATCH] haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl
 value

---
 CHANGELOG.md              |  2 ++
 haproxy/defaults/main.yml |  2 ++
 haproxy/tasks/main.yml    | 13 +++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index deb6642c..9c4b3dd5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
+
 ### Changed
 
 ### Fixed
diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml
index 0745f1a9..50f6bb48 100644
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@@ -35,3 +35,5 @@ haproxy_deny_ips: []
 haproxy_backports_packages_stretch: haproxy libssl1.0.0
 haproxy_backports_packages_buster: haproxy
 haproxy_backports_packages_bullseye: haproxy
+
+haproxy_allow_ip_nonlocal_bind: Null
\ No newline at end of file
diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml
index d29e3cbc..d38e83af 100644
--- a/haproxy/tasks/main.yml
+++ b/haproxy/tasks/main.yml
@@ -134,4 +134,17 @@
     - haproxy
     - logrotate
 
+- name: Set net.ipv4.ip_nonlocal_bind
+  sysctl:
+    name: net.ipv4.ip_nonlocal_bind
+    value: "{{ haproxy_allow_ip_nonlocal_bind | ternary('1','0') }}"
+    sysctl_file: "{{ evolinux_kernel_sysctl_path | default('/etc/sysctl.d/evolinux.conf') }}"
+    state: present
+    reload: yes
+  tags:
+    - haproxy
+  when:
+    - haproxy_allow_ip_nonlocal_bind is defined
+    - haproxy_allow_ip_nonlocal_bind is not none
+
 - include: munin.yml