haproxy/tasks/Debian.yaml

---
- name: Gather packages
  package_facts:
    manager: auto

- name: Set fact about HAProxy package
  set_fact:
    haproxy_installed_package: "{{ ansible_facts.packages[haproxy_package_name][0]['name'] }}"
  when: haproxy_package_name in ansible_facts.packages

- name: Print installed HAProxy version
  debug:
    msg: "{{ ansible_facts.packages[haproxy_package_name][0]['version'] }}"
    verbosity: 2
  when: haproxy_installed_package is defined

- name: Mask HAProxy before install
  ansible.builtin.systemd:
    name: "{{ haproxy_unit_name }}"
    masked: yes
  changed_when: false

- name: "Install {{ haproxy_package }}"
  apt:
    name: "{{ haproxy_package }}"
    state: "{{ 'latest' if haproxy_version == 'latest' else 'present' }}"
    update_cache: yes
  register: haproxy_setup
  notify:
    - Restart HAProxy

- name: Unmask HAProxy after install
  ansible.builtin.systemd:
    name: "{{ haproxy_unit_name }}"
    masked: no
  changed_when: false

- name: Install python3-cryptography
  package: 
    name: python3-cryptography
    state: present

- block:
  - name: Check net.ipv4.ip_nonlocal_bind
    ansible.posix.sysctl:
      name: net.ipv4.ip_nonlocal_bind
      value: '1'
      sysctl_set: no
      state: present
    register: sysctl_result

  - name: Set net.ipv4.ip_nonlocal_bind = 1
    ansible.posix.sysctl:
      name: net.ipv4.ip_nonlocal_bind
      value: '1'
      sysctl_set: yes
      state: present
      reload: yes
      sysctl_file: /etc/sysctl.d/99-haproxy.conf
    when: sysctl_result.changed

- name: Apply default config
  when:
    - haproxy_config_override is not defined or haproxy_config_override | length <= 0
    - haproxy_config_base64_override is not defined or haproxy_config_base64_override | length <= 0
    - not haproxy_dataplaneapi or not haproxy_config_file_exists
  block:
    - name: Merge config for HAProxy
      set_fact:
        haproxy_combined_config: "{{ haproxy_default_config | combine(haproxy_config | default({}), recursive=true) }}"

    - name: Add HAProxy config
      template:
        src: "haproxy.cfg.j2"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy

- name: Override with config in plain text
  when:
    - haproxy_config_override is defined
    - haproxy_config_override | length > 0
    - not haproxy_dataplaneapi or not haproxy_config_file_exists
  block:
    - set_fact:
        haproxy_config: "{{ haproxy_config_override }}"

    - name: Override HAProxy config in plain text
      copy:
        content: "{{ haproxy_config }}"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy

- name: Override with base64 config
  when:
    - haproxy_config_base64_override is defined
    - haproxy_config_base64_override | length > 0
    - not haproxy_dataplaneapi or not haproxy_config_file_exists
  block:
    - set_fact:
        haproxy_config: "{{ haproxy_config_base64_override | b64decode }}"

    - name: Override HAProxy with config in base64
      copy:
        content: "{{ haproxy_config }}"
        dest: "/etc/haproxy/haproxy.cfg"
      notify:
        - Reload HAProxy

- name: Add maps for HAProxy
  include_tasks: maps.yaml
  when:
    - haproxy_maps is defined
    
- name: Add lua code for HAProxy
  include_tasks: lua.yaml
  when:
    - haproxy_lua is defined
  
- name: Add certificate for HAProxy
  include_tasks: cert.yaml
  when:
    - haproxy_ssl

- name: Enable and start HAProxy service
  systemd:
    name: "{{ haproxy_unit_name }}"
    state: started
    enabled: yes
    daemon_reload: yes
    masked: no
  register: haproxy_enable_and_start