From 63539f8184dcb86553986434512054eb0d0d2024 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 17 Apr 2017 12:15:11 +0200
Subject: [PATCH] #5 Backup config before configure.yml and then check config
 before restart

---
 handlers/main.yml    |  9 ++++++++-
 tasks/buildcerts.yml |  2 +-
 tasks/configure.yml  | 37 +++++++++++++++++++++----------------
 tasks/install.yml    | 12 ++++++------
 4 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index e5e95d3..b707009 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,7 +1,14 @@
 ---
 # file: roles/haproxy/handler/main.yml
 
-- name: "Proxy | Restart HAProxy"
+- name: "Check HAProxy Config"
+  command: haproxy -c -f /etc/haproxy/haproxy.cfg
+  register: haproxy_config_check
+  changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
+  failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
+  notify: "Restart HAProxy"
+
+- name: "Restart HAProxy"
   service: name={{item.name}} state={{item.state}}
   with_items:
     - name: haproxy
diff --git a/tasks/buildcerts.yml b/tasks/buildcerts.yml
index a119b53..795febf 100644
--- a/tasks/buildcerts.yml
+++ b/tasks/buildcerts.yml
@@ -8,4 +8,4 @@
     regexp='(fullchain)|(privkey)\.pem'
   with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
   notify:
-    - "Proxy | Restart HAProxy"
+    - "Restart HAProxy"
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 19f0f17..58eba82 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,15 +1,20 @@
 ---
 # file: roles/haproxy/tasks/configure.yml
 
-- name: "Proxy | Install SSL certificates"
+- name: "Backup current settings"
+  archive:
+    path=/etc/haproxy
+    dest=/var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
+
+- name: "Install SSL certificates"
   copy:
     src='{{inventory_dir}}/files/ssl/{{item.file}}'
     dest='/etc/haproxy/certs'
   with_items: '{{ proxy_certificates }}'
   when: not item.letsencrypt|default(false)
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create host lists"
+- name: "Create host lists"
   template:
     src='host_list'
     dest='/etc/haproxy/{{item}}.list'
@@ -17,9 +22,9 @@
     group='root'
     mode='644'
   with_items: '{{ groups.webserver }}'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create host ssl lists"
+- name: "Create host ssl lists"
   template:
     src='host_ssl_list'
     dest='/etc/haproxy/{{item}}.ssl.list'
@@ -27,9 +32,9 @@
     group='root'
     mode='644'
   with_items: '{{ groups.webserver }}'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create host path lists"
+- name: "Create host path lists"
   file:
     dest='/etc/haproxy/{{item}}.path.list'
     owner='root'
@@ -39,25 +44,25 @@
   with_items: '{{ groups.webserver }}'
   changed_when: false
 
-- name: "Proxy | Create use bigpipe host lists"
+- name: "Create use bigpipe host lists"
   template:
     src='use_bigpipe_list'
     dest='/etc/haproxy/use_bigpipe.list'
     owner='root'
     group='root'
     mode='644'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create ignore varnish host lists"
+- name: "Create ignore varnish host lists"
   template:
     src='ignore_varnish_list'
     dest='/etc/haproxy/ignore_varnish.list'
     owner='root'
     group='root'
     mode='644'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create empty crm lists files"
+- name: "Create empty crm lists files"
   file:
     dest='/etc/haproxy/{{item}}.crm.list'
     owner='root'
@@ -67,7 +72,7 @@
   with_items: '{{ groups.webserver }}'
   changed_when: false
 
-- name: "Proxy | Update blacklists"
+- name: "Update blacklists"
   template:
     src='{{ item }}'
     dest='/etc/haproxy/{{ item }}'
@@ -78,13 +83,13 @@
     - 'blacklist.ip'
     - 'blacklist.referer'
     - 'blacklist.agent'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
 
-- name: "Proxy | Create config file"
+- name: "Create config file"
   template:
     src='haproxy_cfg.jinja2'
     dest='/etc/haproxy/haproxy.cfg'
     owner='root'
     group='root'
     mode='644'
-  notify: 'Proxy | Restart HAProxy'
+  notify: "Check HAProxy Config"
diff --git a/tasks/install.yml b/tasks/install.yml
index a2074de..845723f 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,7 +1,7 @@
 ---
 # file: roles/haproxy/tasks/install.yml
 
-- name: "Proxy | Add Apt Repositories"
+- name: "Add Apt Repositories"
   apt_repository:
     repo='{{ item }}'
     state=present
@@ -9,7 +9,7 @@
   with_items:
     - "ppa:vbernat/haproxy-1.7"
 
-- name: "Proxy | Install some packages"
+- name: "Install some packages"
   apt:
     pkg='{{ item }}'
     state=installed
@@ -18,7 +18,7 @@
     - hatop
     - socat
 
-- name: "Proxy | create directories"
+- name: "create directories"
   file:
     dest='{{ item }}'
     state=directory
@@ -27,7 +27,7 @@
     - /etc/haproxy/certs
     - /etc/haproxy/update
 
-- name: "Proxy | Install hatop shortcut"
+- name: "Install hatop shortcut"
   copy:
     src='usr_local_bin_hatop'
     dest='/usr/local/bin/hatop'
@@ -35,7 +35,7 @@
     group='root'
     mode='755'
 
-- name: "Proxy | Install log rotator"
+- name: "Install log rotator"
   copy:
     src='etc_logrotate_d_haproxy'
     dest='/etc/logrotate.d/haproxy'
@@ -43,7 +43,7 @@
     group='root'
     mode='644'
 
-- name: "Proxy | Install script to read socket"
+- name: "Install script to read socket"
   template:
     src='hasocket'
     dest='/usr/local/bin/hasocket'
-- 
GitLab