---
- name: Ensure HAProxy is deployed
  hosts: servera.lab.example.com
  gather_facts: false
  become: true

  tasks:
    - name: the haproxy package is installed
      yum:
        name: haproxy
        state: present

    - name: the /etc/pki/haproxy directory exists
      file:
        path: /etc/pki/haproxy
        state: directory
        owner: root
        mode: '700'

    - name: the SSL file for HTTPS termination is deployed
      assemble:
        src: files
        remote_src: false
        regexp: "^servera\\.lab\\.example\\.com\\.(crt|key)$"
        dest: /etc/pki/haproxy/haproxy.pem
      notify: restart haproxy

    - name: the HAProxy configuration file is deployed
      copy:
        src: files/haproxy.cfg
        dest: /etc/haproxy/haproxy.cfg
      notify: restart haproxy

    - name: SELinux allows HAProxy to connect to remote port 6081
      seboolean:
        name: haproxy_connect_any
        state: true
        persistent: true

    - name: the haproxy service is started and enabled
      service:
        name: haproxy
        state: started
        enabled: yes

    - name: the https firewall service is opened
      firewalld:
        service: https
        state: enabled
        immediate: yes
        permanent: yes

  handlers:
    - name: restart haproxy
      service:
        name: haproxy
        state: restarted