From 8f9a452bb56b002eb911e68554f7648b8073dedb Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Sun, 7 Apr 2019 01:53:42 -0400
Subject: [PATCH] handlers: reload instead of restart

When we restart HAproxy, we kill all the connections and it causes
all of the services to be dropped out. This is really not ideal and
causes things to be lost in the control plane.

This patch instead does a reload which will safely keep the existing
clients connected till they evacuate and then use SO_REUSEPORT for
the new process.

Change-Id: I502457f691ad66dfd68ace21ac1575cea23b538a
---
 handlers/main.yml                 | 8 ++++----
 tasks/haproxy_service_config.yml  | 2 +-
 tasks/haproxy_ssl_letsencrypt.yml | 2 +-
 templates/letsencrypt_renew.j2    | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 9335ad6..cf6280d 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -16,20 +16,20 @@
 - name: regen pem
   shell: >
     cat {{ haproxy_ssl_cert }} {{ haproxy_user_ssl_ca_cert is defined | ternary(haproxy_ssl_ca_cert,'') }} {{ haproxy_ssl_key }} > {{ haproxy_ssl_pem }}
-  notify: Restart haproxy
+  notify: Reload haproxy
 
 - name: Regenerate haproxy configuration
   assemble:
     src: "/etc/haproxy/conf.d"
     dest: "/etc/haproxy/haproxy.cfg"
-  notify: Restart haproxy
+  notify: Reload haproxy
   tags:
     - haproxy-general-config
 
-- name: Restart haproxy
+- name: Reload haproxy
   service:
     name: "haproxy"
-    state: "restarted"
+    state: "reloaded"
     enabled: yes
     daemon_reload: yes
 
diff --git a/tasks/haproxy_service_config.yml b/tasks/haproxy_service_config.yml
index ae0f858..4c558c0 100644
--- a/tasks/haproxy_service_config.yml
+++ b/tasks/haproxy_service_config.yml
@@ -53,6 +53,6 @@
   tags:
     - haproxy-service-config
   notify:
-    - Restart haproxy
+    - Reload haproxy
   when:
     - ansible_selinux.status == "enabled"
diff --git a/tasks/haproxy_ssl_letsencrypt.yml b/tasks/haproxy_ssl_letsencrypt.yml
index ae7ef95..247c7dc 100644
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@@ -68,7 +68,7 @@
     dest: "/etc/ssl/private/haproxy.pem"
     regexp: '(privkey|fullchain).pem$'
   notify:
-    - Restart haproxy
+    - Reload haproxy
 
 - name: Create letsencrypt_renew file
   template:
diff --git a/templates/letsencrypt_renew.j2 b/templates/letsencrypt_renew.j2
index 9f45b75..44ad603 100644
--- a/templates/letsencrypt_renew.j2
+++ b/templates/letsencrypt_renew.j2
@@ -8,4 +8,4 @@
 cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
     > /etc/ssl/private/haproxy.pem
 
-systemctl restart haproxy
+systemctl reload haproxy