From a8443680fde3be44b4c15c3cad079734ab309f04 Mon Sep 17 00:00:00 2001
From: Norman Ziegner <n.ziegner@hzdr.de>
Date: Mon, 2 Jun 2025 10:51:15 +0200
Subject: [PATCH 1/3] Install HAProxy 3.2 by default

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
---
 roles/haproxy/README.md         | 4 ++--
 roles/haproxy/defaults/main.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/haproxy/README.md b/roles/haproxy/README.md
index e5a40e26..e4ad4a74 100644
--- a/roles/haproxy/README.md
+++ b/roles/haproxy/README.md
@@ -121,7 +121,7 @@ haproxy_executable_path: '/usr/sbin/haproxy'
 Variable to pin the PPA version to a certain value:
 
 ```yaml
-haproxy_ppa_version: 'ppa:vbernat/haproxy-3.0'
+haproxy_ppa_version: 'ppa:vbernat/haproxy-3.2'
 ```
 
 #### HAProxy version
@@ -129,7 +129,7 @@ haproxy_ppa_version: 'ppa:vbernat/haproxy-3.0'
 Variable to pin the HAProxy version to a certain value:
 
 ```yaml
-haproxy_version: '3.0.*'
+haproxy_version: '3.2.*'
 ```
 
 #### HAProxy user
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml
index af668e9f..fd2867b1 100644
--- a/roles/haproxy/defaults/main.yml
+++ b/roles/haproxy/defaults/main.yml
@@ -7,9 +7,9 @@
 # Path to the executable of HAProxy
 haproxy_executable_path: "/usr/sbin/haproxy"
 # HAProxy PPA version
-haproxy_ppa_version: "ppa:vbernat/haproxy-3.0"
+haproxy_ppa_version: "ppa:vbernat/haproxy-3.2"
 # HAProxy version
-haproxy_version: "3.0.*"
+haproxy_version: "3.2.*"
 # HAProxy user
 haproxy_user: "haproxy"
 # HAProxy group

From 0258af235095ce6e9b12c49d84662630bea8fb74 Mon Sep 17 00:00:00 2001
From: Norman Ziegner <n.ziegner@hzdr.de>
Date: Mon, 2 Jun 2025 10:51:48 +0200
Subject: [PATCH 2/3] Add test case for HAProxy 3.2

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
---
 molecule/haproxy/molecule.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/molecule/haproxy/molecule.yml b/molecule/haproxy/molecule.yml
index 7dfdfef1..1dbb9f87 100644
--- a/molecule/haproxy/molecule.yml
+++ b/molecule/haproxy/molecule.yml
@@ -9,6 +9,13 @@ dependency:
 driver:
   name: "podman"
 platforms:
+  - name: "haproxy_v3.2"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}"
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    systemd: true
+    tty: true
   - name: "haproxy_v3.0"
     image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}"
     pre_build_image: true
@@ -45,6 +52,10 @@ provisioner:
         vars:
           haproxy_ssl_dhparam_size: 512
     host_vars:
+      haproxy_v3.2:
+        haproxy_create_self_signed_cert: true
+        haproxy_ppa_version: "ppa:vbernat/haproxy-3.2"
+        haproxy_version: "3.2.*"
       haproxy_v3.0:
         haproxy_create_self_signed_cert: true
         haproxy_ppa_version: "ppa:vbernat/haproxy-3.0"

From bae4511c8d4f9fb0a74a8a027faf7122b9f7ef38 Mon Sep 17 00:00:00 2001
From: Norman Ziegner <n.ziegner@hzdr.de>
Date: Mon, 2 Jun 2025 11:26:23 +0200
Subject: [PATCH 3/3] Extend unsupported distro/version check for HAProxy >=
 3.2

Added support checks to prevent role execution for HAProxy >= 3.2 on Debian Bullseye and non-Ubuntu Noble distributions.
This avoids failure on unsupported combinations.

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
---
 molecule/haproxy/verify.yml  | 5 ++++-
 roles/haproxy/tasks/main.yml | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/molecule/haproxy/verify.yml b/molecule/haproxy/verify.yml
index 3d1437cf..042d3375 100644
--- a/molecule/haproxy/verify.yml
+++ b/molecule/haproxy/verify.yml
@@ -11,11 +11,14 @@
       ansible.builtin.meta: "end_host"
       when: >-
         ansible_facts.distribution_release | lower == 'bookworm' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.4', '==') or
+        ansible_facts.distribution_release | lower == 'bullseye' and haproxy_version | regex_search('\\d+\\.\\d+') is version('3.2', '>=') or
         ansible_facts.distribution_release | lower == 'buster' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.8', '>=')
 
     - name: "Stop play for unsupported HAProxy / Ubuntu combinations"
       ansible.builtin.meta: "end_host"
-      when: "ansible_facts.distribution_release | lower == 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.9', '<')"
+      when: >-
+        ansible_facts.distribution_release | lower == 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.9', '<') or
+        ansible_facts.distribution_release | lower != 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('3.2', '>=')
 
     - name: "Populate service facts."
       ansible.builtin.service_facts:
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 3810fbb8..e4914377 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -18,11 +18,14 @@
   ansible.builtin.meta: "end_host"
   when: >-
     ansible_facts.distribution_release | lower == 'bookworm' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.4', '==') or
+    ansible_facts.distribution_release | lower == 'bullseye' and haproxy_version | regex_search('\\d+\\.\\d+') is version('3.2', '>=') or
     ansible_facts.distribution_release | lower == 'buster' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.8', '>=')
 
 - name: "Stop role for unsupported HAProxy / Ubuntu combinations"
   ansible.builtin.meta: "end_host"
-  when: "ansible_facts.distribution_release | lower == 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.9', '<')"
+  when: >-
+    ansible_facts.distribution_release | lower == 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('2.9', '<') or
+    ansible_facts.distribution_release | lower != 'noble' and haproxy_version | regex_search('\\d+\\.\\d+') is version('3.2', '>=')
 
 - name: "Enable ip_forward."
   become: true