handlers: reload instead of restart

When we restart HAproxy, we kill all the connections and it causes
all of the services to be dropped out. This is really not ideal and
causes things to be lost in the control plane.

This patch instead does a reload which will safely keep the existing
clients connected till they evacuate and then use SO_REUSEPORT for
the new process.

Change-Id: I502457f691ad66dfd68ace21ac1575cea23b538a

handlers/main.yml

@@ -16,20 +16,20 @@
 - name: regen pem
   shell: >
     cat {{ haproxy_ssl_cert }} {{ haproxy_user_ssl_ca_cert is defined | ternary(haproxy_ssl_ca_cert,'') }} {{ haproxy_ssl_key }} > {{ haproxy_ssl_pem }}
-  notify: Restart haproxy
+  notify: Reload haproxy
 
 - name: Regenerate haproxy configuration
   assemble:
     src: "/etc/haproxy/conf.d"
     dest: "/etc/haproxy/haproxy.cfg"
-  notify: Restart haproxy
+  notify: Reload haproxy
   tags:
     - haproxy-general-config
 
-- name: Restart haproxy
+- name: Reload haproxy
   service:
     name: "haproxy"
-    state: "restarted"
+    state: "reloaded"
     enabled: yes
     daemon_reload: yes
 

tasks/haproxy_service_config.yml

@@ -53,6 +53,6 @@
   tags:
     - haproxy-service-config
   notify:
-    - Restart haproxy
+    - Reload haproxy
   when:
     - ansible_selinux.status == "enabled"

tasks/haproxy_ssl_letsencrypt.yml

@@ -68,7 +68,7 @@
     dest: "/etc/ssl/private/haproxy.pem"
     regexp: '(privkey|fullchain).pem$'
   notify:
-    - Restart haproxy
+    - Reload haproxy
 
 - name: Create letsencrypt_renew file
   template:

templates/letsencrypt_renew.j2

@@ -8,4 +8,4 @@
 cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
     > /etc/ssl/private/haproxy.pem
 
-systemctl restart haproxy
+systemctl reload haproxy