diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml
index 27244dd21d..a5f6e91468 100644
--- a/etc/openstack_deploy/user_secrets.yml
+++ b/etc/openstack_deploy/user_secrets.yml
@@ -85,3 +85,6 @@ swift_dispersion_password:
 ### Once the swift cluster has been setup DO NOT change these hash values!
 swift_hash_path_suffix:
 swift_hash_path_prefix:
+
+## haproxy stats password
+haproxy_stats_password:
diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml
index 5f5728e8d6..bab6861a15 100644
--- a/playbooks/roles/haproxy_server/defaults/main.yml
+++ b/playbooks/roles/haproxy_server/defaults/main.yml
@@ -43,6 +43,13 @@ haproxy_rise: 3
 haproxy_fall: 3
 haproxy_interval: 12000
 
+## Haproxy Stats
+haproxy_stats_enabled: False
+haproxy_stats_bind_address: 127.0.0.1
+haproxy_stats_port: 1936
+haproxy_username: admin
+haproxy_stats_password: secrete
+
 # Default haproxy backup nodes to empty list so this doesn't have to be
 # defined for each service.
 haproxy_backup_nodes: []
diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml
index 07f572a133..7bf26033f8 100644
--- a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml
+++ b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml
@@ -14,11 +14,11 @@
 # limitations under the License.
 
 - name: Drop base haproxy config
-  copy:
+  template:
     src: "{{ item }}"
-    dest: "/etc/haproxy/{{ item }}"
+    dest: "/etc/haproxy/haproxy.cfg"
   with_items:
-    - haproxy.cfg
+    - haproxy.cfg.j2
   notify: Restart haproxy
   tags:
     - haproxy-base-config
diff --git a/playbooks/roles/haproxy_server/files/haproxy.cfg b/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
similarity index 59%
rename from playbooks/roles/haproxy_server/files/haproxy.cfg
rename to playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
index 7cad77ff40..9f007ec0b0 100644
--- a/playbooks/roles/haproxy_server/files/haproxy.cfg
+++ b/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2
@@ -1,3 +1,5 @@
+# {{ ansible_managed }}
+
 global
         log 127.0.0.1 local0
         log 127.0.0.1 local1 notice
@@ -18,3 +20,13 @@ defaults
         timeout connect 10s
         timeout server 50s
         maxconn 4096
+
+{% if haproxy_stats_enabled | bool %}
+listen stats {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }}
+    mode http
+    stats enable
+    stats hide-version
+    stats realm Haproxy\ Statistics
+    stats uri /
+    stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
+{% endif %}