- name: install haproxy
  apt:
    name: haproxy
    state: present

- name: creer un certificat auto-signé
  openssl_certificate:
    path: /etc/haproxy/crt/haproxy.crt
    privatekey_path: /etc/haproxy/crt/private/haproxy.pem
    csr_path: /etc/haproxy/crt/csr/haproxy.csr
    provider: selfsigned

- name: parametre global
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        ssl-server-verify none

- name: parametre backend et fontend
  blockinfile:
    path: /etc/haproxy/haproxy.cfg
    block: |
      frontend proxypublic
        bind 192.168.100.10:80
        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem
        http-request redirect scheme https unless { ssl_fc }
        default_backend fermeweb
      
      backend fermeweb
        balance roundrobin
        option httpclose
        option httpchk HEAD / HTTP/1.0
        server s-lb-web1 192.168.101.1:80 check
        server s-lb-web2 192.168.101.2:80 check

- name: redemarre haproxy
  service:
    name: haproxy
#    state: restarted
    enabled: yes