---
# Tasks to set up haproxy

- name: install needed packages
  yum: pkg={{ item }} state=installed
  with_items:
  - haproxy
  tags:
  - packages
  - haproxy

- name: install haproxy/cfg in prod
  template: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
  notify:
  - restart haproxy
  when: env != 'staging'
  tags:
  - haproxy

- name: install haproxy.cfg in stg
  template: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }
  when: env == 'staging'
  notify:
  - restart haproxy
  tags:
  - haproxy

- name: install limits.conf and 503.http
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: limits.conf, dest: /etc/security/limits.conf }
  - { file: 503.http, dest: /etc/haproxy/503.http }
  tags:
  - haproxy

- name: Install libsemanage-python so we can manage selinux with python...
  yum: name=libsemanage-python state=installed
  tags:
  - haproxy
  - selinux

- name: Turn on certain selinux booleans so haproxy can bind to ports
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  - haproxy_connect_any
  tags:
  - haproxy
  - selinux

# These following four tasks are used for copying over our custom selinux
# module.
- name: ensure a directory exists for our custom selinux module
  file: dest=/usr/share/haproxy state=directory
  tags:
  - haproxy
  - selinux

- name: copy over our general haproxy selinux module
  copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
  register: fi_haproxy_module
  tags:
  - haproxy
  - selinux

- name: check to see if its even installed yet
  shell: semodule -l | grep fi-haproxy | wc -l
  register: fi_haproxy_grep
  always_run: true
  changed_when: "'0' in fi_haproxy_grep.stdout"
  tags:
  - haproxy
  - selinux

- name: install our general haproxy selinux module
  command: semodule -i /usr/share/haproxy/fi-haproxy.pp
  when: fi_haproxy_module|changed or fi_haproxy_grep|changed
  tags:
  - haproxy
  - selinux


- name: check haproxy cfg to make sure it is valid (prod)
  command: haproxy -c -f /etc/haproxy/haproxy.cfg
  always_run: true
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
  tags:
  - haproxy

- name: check haproxy cfg to make sure it is valid (prod)
  command: haproxy -c -f /etc/haproxy/haproxy.cfg
  always_run: true
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
  tags:
  - haproxy

- name: Make sure haproxy is awake and reporting for duty
  service: name=haproxy state=started enabled=yes
  tags:
  - haproxy