--- - name: Verify hosts: all gather_facts: true become: true tasks: - name: "Test: haproxy user and group" block: - name: "Getent user haproxy" ansible.builtin.getent: database: passwd key: haproxy register: haproxy_user - name: "Getent group haproxy" ansible.builtin.getent: database: group key: haproxy register: haproxy_group - name: "Verify haproxy user and group" ansible.builtin.assert: that: - not haproxy_user.failed - not haproxy_group.failed - "'haproxy' in haproxy_user.ansible_facts.getent_passwd.keys()" - "'/var/lib/haproxy' in haproxy_user.ansible_facts.getent_passwd['haproxy']" - "'/bin/false' in haproxy_user.ansible_facts.getent_passwd['haproxy']" - "'haproxy' in haproxy_group.ansible_facts.getent_group.keys()" - name: "Test: directory /etc/haproxy" block: - name: "Stat directory /etc/haproxy" ansible.builtin.stat: path: "/etc/haproxy" register: stat_etc_haproxy - name: "Stat file /etc/haproxy/haproxy.env" ansible.builtin.stat: path: "/etc/haproxy/haproxy.env" register: stat_etc_haproxy_haproxy_env - name: "Stat file /etc/haproxy/haproxy.cfg" ansible.builtin.stat: path: "/etc/haproxy/haproxy.cfg" register: stat_etc_haproxy_haproxy_cfg - name: "Slurp file /etc/haproxy/haproxy.cfg" ansible.builtin.slurp: src: "/etc/haproxy/haproxy.cfg" register: slurp_etc_haproxy_haproxy_cfg - name: "Verify directory /etc/haproxy" ansible.builtin.assert: that: - stat_etc_haproxy.stat.exists - stat_etc_haproxy.stat.isdir - stat_etc_haproxy.stat.pw_name == 'haproxy' - stat_etc_haproxy.stat.gr_name == 'haproxy' - stat_etc_haproxy.stat.mode == '0755' - stat_etc_haproxy_haproxy_env.stat.exists - stat_etc_haproxy_haproxy_env.stat.isreg - stat_etc_haproxy_haproxy_env.stat.pw_name == 'haproxy' - stat_etc_haproxy_haproxy_env.stat.gr_name == 'haproxy' - stat_etc_haproxy_haproxy_env.stat.mode == '0600' - stat_etc_haproxy_haproxy_cfg.stat.exists - stat_etc_haproxy_haproxy_cfg.stat.isreg - stat_etc_haproxy_haproxy_cfg.stat.pw_name == 'haproxy' - stat_etc_haproxy_haproxy_cfg.stat.gr_name == 'haproxy' - stat_etc_haproxy_haproxy_cfg.stat.mode == '0600' - slurp_etc_haproxy_haproxy_cfg.content != '' - name: "Test: directory /var/lib/haproxy" block: - name: "Stat directory /var/lib/haproxy" ansible.builtin.stat: path: "/var/lib/haproxy" register: stat_var_lib_haproxy - name: "Stat socket /var/lib/haproxy/stats" ansible.builtin.stat: path: "/var/lib/haproxy/stats" register: stat_var_lib_haproxy_stats - name: "Verify directory /var/lib/haproxy" ansible.builtin.assert: that: - stat_var_lib_haproxy.stat.exists - stat_var_lib_haproxy.stat.isdir - stat_var_lib_haproxy.stat.pw_name == 'haproxy' - stat_var_lib_haproxy.stat.gr_name == 'haproxy' - stat_var_lib_haproxy.stat.mode == '0755' - stat_var_lib_haproxy_stats.stat.exists - stat_var_lib_haproxy_stats.stat.issock - name: "Test: service haproxy" block: - name: "Get service haproxy" ansible.builtin.service_facts: - name: "Stat file /etc/systemd/system/haproxy.service" ansible.builtin.stat: path: "/etc/systemd/system/haproxy.service" register: stat_etc_systemd_system_haproxy_service - name: "Slurp file /etc/systemd/system/haproxy.service" ansible.builtin.slurp: src: "/etc/systemd/system/haproxy.service" register: slurp_etc_systemd_system_haproxy_service - name: "Verify service haproxy" vars: haproxy_expected_service_file: | # Ansible managed: Do NOT edit this file manually! [Unit] Description=HAProxy Load Balancer Documentation=man:haproxy(1) Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz ConditionFileNotEmpty=/etc/haproxy/haproxy.cfg After=network-online.target rsyslog.service Wants=network-online.target [Service] EnvironmentFile=-/etc/default/haproxy EnvironmentFile=-/etc/haproxy/haproxy.env BindReadOnlyPaths=/dev/log:/var/lib/haproxy/dev/log Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS ExecReload=/usr/sbin/haproxy -Ws -f $CONFIG -c $EXTRAOPTS ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 Type=notify [Install] WantedBy=multi-user.target ansible.builtin.assert: that: - stat_etc_systemd_system_haproxy_service.stat.exists - stat_etc_systemd_system_haproxy_service.stat.isreg - stat_etc_systemd_system_haproxy_service.stat.pw_name == 'root' - stat_etc_systemd_system_haproxy_service.stat.gr_name == 'root' - stat_etc_systemd_system_haproxy_service.stat.mode == '0644' - (slurp_etc_systemd_system_haproxy_service.content|b64decode) == haproxy_expected_service_file - ansible_facts.services['haproxy.service'] is defined - ansible_facts.services['haproxy.service']['source'] == 'systemd' - ansible_facts.services['haproxy.service']['state'] == 'running' - ansible_facts.services['haproxy.service']['status'] == 'enabled' - name: "Test: haproxy endpoints" block: - name: "Get haproxy /health" ansible.builtin.uri: url: "https://127.0.0.1:9000/health" method: GET validate_certs: false register: haproxy_health_endpoint - name: "Get haproxy /stats" ansible.builtin.uri: url: "https://127.0.0.1:9000/stats" method: GET force_basic_auth: true url_username: admin url_password: password validate_certs: false register: haproxy_stats_endpoint - name: "Get haproxy /metrics" ansible.builtin.uri: url: "https://127.0.0.1:9000/metrics" method: GET validate_certs: false register: haproxy_metrics_endpoint - name: "Verify haproxy endpoints" ansible.builtin.assert: that: - haproxy_health_endpoint.status == 200 - haproxy_stats_endpoint.status == 200 - haproxy_metrics_endpoint.status == 200