/home/zuul/src/opendev.org/openstack/openstack-ansible-haproxy_server/tasks/haproxy_service_config.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Create haproxy service config files
  template:
    src: service.j2
    dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
  with_items: "{{ haproxy_service_configs }}"
  when:
    - (item.service.haproxy_backend_nodes is defined and
      item.service.haproxy_backend_nodes | length > 0) or
      (item.service.haproxy_backup_nodes is defined and
      item.service.haproxy_backup_nodes | length > 0)
    - (item.service.haproxy_service_enabled | default('True')) | bool
    - (item.service.state is not defined or item.service.state != 'absent')
  notify: Regenerate haproxy configuration
  tags:
    - haproxy-service-config

- name: Remove haproxy service config files for absent services
  file:
    path: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}"
    state: absent
  notify: Regenerate haproxy configuration
  with_items: "{{ haproxy_service_configs }}"
  when:
    - ((item.service.haproxy_backend_nodes is defined and
      item.service.haproxy_backend_nodes | length == 0) and
      (item.service.haproxy_backup_nodes is defined and
      item.service.haproxy_backup_nodes | length == 0)) or
      (not ((item.service.haproxy_service_enabled | default('True')) | bool)) or
      (item.service.state is defined and item.service.state == 'absent')
  tags:
    - haproxy-service-config

- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
  seboolean:
    name: haproxy_connect_any
    state: yes
    persistent: yes
  tags:
    - haproxy-service-config
  notify:
    - Reload haproxy
  when:
    - ansible_selinux.status == "enabled"