--- # ----------------------------------------------------------------------------- # HAProxy Configuration Playbook # ----------------------------------------------------------------------------- # Templates haproxy.cfg and starts the HAProxy service. Must run AFTER both # haproxy/deploy.yml and certbot/deploy.yml so that: # - The HAProxy package is installed # - The real Let's Encrypt certificate exists at haproxy_cert_path # # Dependency chain: # haproxy/deploy.yml ← package + dirs # certbot/deploy.yml ← writes cert to /etc/haproxy/certs/ # haproxy/configure.yml ← this playbook (config + start) # # Hosts: horkos (public reverse proxy), bootes (internal HAProxy) # ----------------------------------------------------------------------------- - name: Configure and start HAProxy hosts: all become: true tags: [haproxy, service, configure] handlers: - name: reload haproxy ansible.builtin.systemd: name: haproxy state: reloaded - name: restart haproxy ansible.builtin.systemd: name: haproxy state: restarted tasks: - name: Check if host has haproxy service ansible.builtin.set_fact: has_haproxy_service: "{{ 'haproxy' in services | default([]) }}" - name: Skip hosts without haproxy service ansible.builtin.meta: end_host when: not has_haproxy_service # ------------------------------------------------------------------------- # Certificate Check # ------------------------------------------------------------------------- - name: Check if TLS certificate exists ansible.builtin.stat: path: "{{ haproxy_cert_path }}" register: cert_file - name: Fail if certificate is missing ansible.builtin.fail: msg: > Certificate not found at {{ haproxy_cert_path }}. Run certbot/deploy.yml before haproxy/configure.yml. Command: ansible-playbook certbot/deploy.yml when: not cert_file.stat.exists # ------------------------------------------------------------------------- # Configuration # ------------------------------------------------------------------------- - name: Template HAProxy configuration ansible.builtin.template: src: haproxy.cfg.j2 dest: /etc/haproxy/haproxy.cfg owner: root group: "{{ haproxy_group | default('haproxy') }}" mode: '0640' validate: "haproxy -c -f %s" notify: reload haproxy # ------------------------------------------------------------------------- # Service Management # ------------------------------------------------------------------------- - name: Enable and start HAProxy service ansible.builtin.systemd: name: haproxy enabled: true state: started daemon_reload: true # ------------------------------------------------------------------------- # Verification # ------------------------------------------------------------------------- - name: Wait for HAProxy stats port to be ready ansible.builtin.uri: url: "http://localhost:{{ haproxy_stats_port }}/metrics" method: GET status_code: 200 register: haproxy_health retries: 5 delay: 3 until: haproxy_health.status == 200 - name: HAProxy configuration status ansible.builtin.debug: msg: "HAProxy is running and serving metrics on port {{ haproxy_stats_port }}"