From e04772095403a8bf7e6fcb922a2f266cb31a1ec1 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Sat, 8 Nov 2025 18:47:14 +0100
Subject: [PATCH] feat: Add Ansible playbook to restart Traefik and verify
 configuration

- Add restart-traefik.yml playbook to restart Traefik container
- Verify Traefik health after restart
- Check for ACME challenge errors in logs
- Display status summary with next steps
- Useful after Traefik configuration changes
---
 .../ansible/playbooks/restart-traefik.yml     | 126 ++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100644 deployment/ansible/playbooks/restart-traefik.yml

diff --git a/deployment/ansible/playbooks/restart-traefik.yml b/deployment/ansible/playbooks/restart-traefik.yml
new file mode 100644
index 00000000..5acb39de
--- /dev/null
+++ b/deployment/ansible/playbooks/restart-traefik.yml
@@ -0,0 +1,126 @@
+---
+- name: Restart Traefik and Verify Configuration
+  hosts: production
+  gather_facts: yes
+  become: no
+
+  vars:
+    traefik_stack_path: "{{ stacks_base_path | default('/home/deploy/deployment/stacks') }}/traefik"
+    traefik_container_name: "traefik"
+    traefik_url: "https://traefik.michaelschiemer.de"
+
+  tasks:
+    - name: Check if Traefik stack directory exists
+      stat:
+        path: "{{ traefik_stack_path }}"
+      register: traefik_stack_exists
+
+    - name: Fail if Traefik stack directory does not exist
+      fail:
+        msg: "Traefik stack directory not found at {{ traefik_stack_path }}"
+      when: not traefik_stack_exists.stat.exists
+
+    - name: Check Traefik container status before restart
+      shell: |
+        cd {{ traefik_stack_path }}
+        docker compose ps {{ traefik_container_name }} --format json
+      register: traefik_status_before
+      changed_when: false
+      failed_when: false
+
+    - name: Display Traefik status before restart
+      debug:
+        msg: |
+          ================================================================================
+          Traefik Container Status (Before Restart):
+          {{ traefik_status_before.stdout | default('Container not found or Docker not running') }}
+          ================================================================================
+
+    - name: Restart Traefik container
+      shell: |
+        cd {{ traefik_stack_path }}
+        docker compose restart {{ traefik_container_name }}
+      register: traefik_restart
+      changed_when: traefik_restart.rc == 0
+
+    - name: Wait for Traefik to be ready
+      wait_for:
+        timeout: 30
+      changed_when: false
+
+    - name: Check Traefik container status after restart
+      shell: |
+        cd {{ traefik_stack_path }}
+        docker compose ps {{ traefik_container_name }} --format json
+      register: traefik_status_after
+      changed_when: false
+      failed_when: false
+
+    - name: Check Traefik health endpoint
+      ansible.builtin.uri:
+        url: "{{ traefik_url }}/ping"
+        method: GET
+        status_code: [200]
+        validate_certs: no
+        timeout: 10
+      register: traefik_health
+      ignore_errors: yes
+      changed_when: false
+
+    - name: Get Traefik logs (last 50 lines)
+      shell: |
+        cd {{ traefik_stack_path }}
+        docker compose logs --tail=50 {{ traefik_container_name }}
+      register: traefik_logs
+      changed_when: false
+      failed_when: false
+      ignore_errors: yes
+
+    - name: Check for ACME challenge errors in logs
+      shell: |
+        cd {{ traefik_stack_path }}
+        docker compose logs {{ traefik_container_name }} 2>&1 | grep -i "acme challenge" | tail -10 || echo "No ACME challenge errors found"
+      register: acme_errors
+      changed_when: false
+      failed_when: false
+
+    - name: Display Traefik logs
+      debug:
+        msg: |
+          ================================================================================
+          Traefik Container Logs (last 50 lines):
+          {{ traefik_logs.stdout | default('No logs available') }}
+          ================================================================================
+
+    - name: Display ACME challenge status
+      debug:
+        msg: |
+          ================================
+          ACME Challenge Status:
+          {{ acme_errors.stdout | default('No ACME errors found in recent logs') }}
+          ================================
+
+    - name: Display final status
+      debug:
+        msg: |
+          ========================================
+          ========================================
+          Traefik Restart Summary
+          ========================================
+          Container Status: {% if 'State":"running' in (traefik_status_after.stdout | default('')) %}✅ RUNNING{% else %}❌ NOT RUNNING{% endif %}
+          Health Check: {% if traefik_health.status | default(0) == 200 %}✅ HEALTHY{% else %}❌ UNHEALTHY or TIMEOUT{% endif %}
+          Restart Action: {% if traefik_restart.changed | default(false) %}🔄 Container restarted{% else %}ℹ️ No restart needed{% endif %}
+          ========================================
+          {% if 'State":"running' in (traefik_status_after.stdout | default('')) and traefik_health.status | default(0) == 200 %}
+          ✅ Traefik is running and healthy!
+          
+          Next steps:
+          1. Monitor logs for ACME challenge errors: tail -f {{ traefik_stack_path }}/logs/traefik.log | grep -i acme
+          2. Check certificate status in Traefik dashboard: {{ traefik_url }}
+          3. Wait for next certificate renewal attempt (usually hourly)
+          {% else %}
+          ❌ Traefik is not fully healthy. Check logs for details:
+          docker logs {{ traefik_container_name }}
+          {% endif %}
+          ========================================
+