---

# SSL CERTS
- name: Install SSL certificates
  copy:
   src: ssl/
   dest: /etc/ssl/private/
   directory_mode: "u=rwx,g=rx,o="
   mode: "u=rw,g=r,o="
   owner: root
   group: root

# Non-local binding
- name: Install 99-nonlocalbind.conf in /etc/sysctl.d
  copy:
     src: 99-nonlocalbind.conf
     dest: /etc/sysctl.d
     backup: no

- name: Install ipv6-nonlocalhack.service
  copy:
     src: ipv6-nonlocalhack.service
     dest: /etc/systemd/system/ipv6-nonlocalhack.service
     backup: no

- name: Start ipv6-nonlocalhack.service
  service:
     name: ipv6-nonlocalhack
     state: running

# HAPROXY
- name: Install haproxy
  package:
     name: haproxy
     state: latest

- name: Install packages required to generate config
  package: name={{ item }} state=latest
  with_items:
     - python-yaml
     - python-mako

- name: Copy haproxy configuration generation
  copy:
     src: haproxy/
     dest: /tmp/haproxy
     backup: no

- name: Generate haproxy configuration
  shell: python genconfig.py > /etc/haproxy/haproxy.cfg
  args:
     chdir: /tmp/haproxy/

- name: Restart haproxy
  service:
     name: haproxy
     state: restarted

# KEEPALIVED
- name: Install keepalived
  package:
     name: keepalived
     state: latest
  register: keepalived_installed

- name: Stop keepalived
  service:
     name: keepalived
     state: stopped

- name: Copy keepalived config
  template:
     src: keepalived.conf
     dest: /etc/keepalived/keepalived.conf
     backup: no
     #register: keepalived_configuration

- name: Restart keepalived
  service:
     name: keepalived
     state: restarted
     #when: keepalived_configuration.changed