system-config/playbooks/roles/haproxy/tasks/main.yaml

- name: Install socat for haproxy management
  package:
    name: socat
    state: present

- name: Ensure haproxy volume directories exists
  # Note on the host side we create everything under /var/lib/haproxy to
  # make rsyslog apparmor rules for /var/lib/haproxy/dev/log happy.
  # But within the containers /var/haproxy paths are still used.
  file:
    state: directory
    path: "/var/lib/haproxy/{{ item }}"
    owner: 1000
    group: 1000
  loop:
    - etc
    - run
    - dev

- name: Ensure haproxy config template available
  assert:
    that:
      - haproxy_config_template is defined

- name: Fix rsyslog apparmor profile on Noble and newer
  when: ansible_distribution_version is version('24.04', '>=')
  block:
    - name: Edit rsyslogd apparmor profile
      lineinfile:
        path: /etc/apparmor.d/usr.sbin.rsyslogd
        regexp: '^profile rsyslogd /usr/sbin/rsyslogd {'
        line: 'profile rsyslogd /usr/sbin/rsyslogd flags=(attach_disconnected) {'
      register: profile_update

    - name: Reload rsyslogd apparmor profile
      command: apparmor_parser -r /etc/apparmor.d/usr.sbin.rsyslogd
      when: profile_update.changed

- name: Write rsyslog file
  copy:
    src: rsyslog.d/49-haproxy.conf
    dest: /etc/rsyslog.d/
    owner: root
    group: root
    mode: 0644
  register: _rsyslog_added

- name: Restart rsyslog if config updates
  service:
    name: rsyslog
    state: restarted
  when: _rsyslog_added.changed

- name: Add haproxy log rotation
  include_role:
    name: logrotate
  vars:
    logrotate_file_name: '/var/log/haproxy.log'

- name: Write haproxy config file
  template:
    src: '{{ haproxy_config_template }}'
    dest: /var/lib/haproxy/etc/haproxy.cfg
    owner: 1000
    group: 1000
    mode: 0644
  notify: Reload haproxy

# Copy in testing CA so the container can see it.  When running under
# Zuul this CA is created by the test framework.  We use it to
# validate the https check path
- name: Check for OpenDev Infra CA (test only)
  stat:
    path: /etc/opendev-ca/ca.crt
  register: _opendev_ca_crt
- name: Copy in OpenDev Infra CA (test only)
  copy:
    src: /etc/opendev-ca/ca.crt
    dest: /var/lib/haproxy/etc/
  when: _opendev_ca_crt.stat.exists

- name: Ensure docker compose configuration directory
  file:
    path: /etc/haproxy-docker
    state: directory
    owner: root
    group: root
    mode: 0755

- name: Install docker-compose configuration
  template:
    src: docker-compose.yaml.j2
    dest: /etc/haproxy-docker/docker-compose.yaml
    owner: root
    group: root
    mode: 0644
  notify: Reload haproxy

- name: Run docker-compose pull
  shell:
    cmd: docker-compose pull
    chdir: /etc/haproxy-docker/

- name: Run docker-compose up
  shell:
    cmd: docker-compose up -d
    chdir: /etc/haproxy-docker/

- name: Run docker prune to cleanup unneeded images
  shell:
    cmd: docker image prune -f