---
- hosts: Controller
  vars:
    metadata:
      name: HAProxy configuration
      description: Verify the HAProxy configuration has recommended values.
      groups:
        - post-deployment
    config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
    global_maxconn_min: 20480
    defaults_maxconn_min: 4096
    defaults_timeout_queue: '2m'
    defaults_timeout_client: '2m'
    defaults_timeout_server: '2m'
    defaults_timeout_check: '10s'
  tasks:
  - include_tasks: tasks/deprecation.yaml

  - name: Gather the HAProxy config
    become: true
    haproxy_conf:
      path: "{{ haproxy_config_file }}"

  - name: Verify global maxconn
    fail:
      msg: >-
        The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
        must be greater than {{ global_maxconn_min }}
    failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min

  - name: Verify defaults maxconn
    fail:
      msg: >-
        The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
        must be greater than {{ defaults_maxconn_min }}
    failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min

  - name: Verify defaults timeout queue
    fail:
      msg: >-
        The 'timeout queue' option in 'defaults' is
        '{{ haproxy_conf.defaults['timeout queue'] }}',
        but must be set to {{ defaults_timeout_queue }}
    failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"

  - name: Verify defaults timeout client
    fail:
      msg: >-
        The 'timeout client' option in 'defaults' is
        '{{ haproxy_conf.defaults['timeout client'] }}',
        but must be set to {{ defaults_timeout_client }}
    failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"

  - name: Verify defaults timeout server
    fail:
      msg: >-
        The 'timeout server' option in 'defaults' is
        '{{ haproxy_conf.defaults['timeout server'] }}',
        but must be set to {{ defaults_timeout_server }}
    failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"

  - name: Verify defaults timeout check
    fail:
      msg: >-
        The 'timeout check' option in 'defaults' is
        '{{ haproxy_conf.defaults['timeout check'] }}',
        but must be set to {{ defaults_timeout_check }}
    failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"