--- # Consolidated Traefik Management Playbook # Consolidates: stabilize-traefik.yml, disable-traefik-auto-restarts.yml # # Usage: # # Stabilize Traefik (fix acme.json, ensure running, monitor) # ansible-playbook -i inventory/production.yml playbooks/manage/traefik.yml --tags stabilize # # # Disable auto-restarts # ansible-playbook -i inventory/production.yml playbooks/manage/traefik.yml --tags disable-auto-restart - name: Manage Traefik hosts: production gather_facts: yes become: no vars: traefik_stack_path: "{{ stacks_base_path }}/traefik" traefik_container_name: "traefik" traefik_stabilize_wait_minutes: "{{ traefik_stabilize_wait_minutes | default(10) }}" traefik_stabilize_check_interval: 60 tasks: - name: Display management plan ansible.builtin.debug: msg: | ================================================================================ TRAEFIK MANAGEMENT ================================================================================ Running management tasks with tags: {{ ansible_run_tags | default(['all']) }} Available actions: - stabilize: Fix acme.json, ensure running, monitor stability - disable-auto-restart: Check and document auto-restart mechanisms ================================================================================ # ======================================== # STABILIZE (--tags stabilize) # ======================================== - name: Fix acme.json permissions ansible.builtin.file: path: "{{ traefik_stack_path }}/acme.json" state: file mode: '0600' owner: "{{ ansible_user | default('deploy') }}" group: "{{ ansible_user | default('deploy') }}" register: acme_permissions_fixed tags: - stabilize - name: Ensure Traefik container is running ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose up -d {{ traefik_container_name }} register: traefik_start changed_when: traefik_start.rc == 0 tags: - stabilize - name: Wait for Traefik to be ready ansible.builtin.wait_for: timeout: 30 delay: 2 changed_when: false tags: - stabilize - name: Monitor Traefik stability ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose ps {{ traefik_container_name }} --format "{{ '{{' }}.State{{ '}}' }}" | head -1 || echo "UNKNOWN" register: traefik_state_check changed_when: false until: traefik_state_check.stdout == "running" retries: "{{ (traefik_stabilize_wait_minutes | int * 60 / traefik_stabilize_check_interval) | int }}" delay: "{{ traefik_stabilize_check_interval }}" tags: - stabilize - name: Check Traefik logs for restarts during monitoring ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose logs {{ traefik_container_name }} --since "{{ traefik_stabilize_wait_minutes }}m" 2>&1 | grep -iE "stopping server gracefully|I have to go" | wc -l register: restarts_during_monitoring changed_when: false tags: - stabilize # ======================================== # DISABLE AUTO-RESTART (--tags disable-auto-restart) # ======================================== - name: Check Ansible traefik_auto_restart setting ansible.builtin.shell: | grep -r "traefik_auto_restart" /home/deploy/deployment/ansible/inventory/group_vars/ 2>/dev/null | head -5 || echo "No traefik_auto_restart setting found" register: ansible_auto_restart_setting changed_when: false tags: - disable-auto-restart - name: Check for cronjobs that restart Traefik ansible.builtin.shell: | (crontab -l 2>/dev/null || true) | grep -E "traefik|docker.*compose.*restart.*traefik|docker.*stop.*traefik" || echo "No cronjobs found" register: traefik_cronjobs changed_when: false tags: - disable-auto-restart - name: Check systemd timers for Traefik ansible.builtin.shell: | systemctl list-timers --all --no-pager | grep -E "traefik|docker.*compose.*traefik" || echo "No Traefik-related timers" register: traefik_timers changed_when: false tags: - disable-auto-restart # ======================================== # SUMMARY # ======================================== - name: Summary ansible.builtin.debug: msg: | ================================================================================ TRAEFIK MANAGEMENT SUMMARY ================================================================================ {% if 'stabilize' in ansible_run_tags %} Stabilization: - acme.json permissions: {% if acme_permissions_fixed.changed %}✅ Fixed{% else %}ℹ️ Already correct{% endif %} - Traefik started: {% if traefik_start.changed %}✅ Started{% else %}ℹ️ Already running{% endif %} - Stability monitoring: {{ traefik_stabilize_wait_minutes }} minutes - Restarts during monitoring: {{ restarts_during_monitoring.stdout | default('0') }} {% if (restarts_during_monitoring.stdout | default('0') | int) == 0 %} ✅ Traefik ran stable during monitoring period! {% else %} ⚠️ {{ restarts_during_monitoring.stdout }} restarts detected during monitoring → Run diagnosis: ansible-playbook -i inventory/production.yml playbooks/diagnose/traefik.yml --tags restart-source {% endif %} {% endif %} {% if 'disable-auto-restart' in ansible_run_tags %} Auto-Restart Analysis: - Ansible setting: {{ ansible_auto_restart_setting.stdout | default('Not found') }} - Cronjobs: {{ traefik_cronjobs.stdout | default('None found') }} - Systemd timers: {{ traefik_timers.stdout | default('None found') }} Recommendations: {% if 'traefik_auto_restart.*true' in ansible_auto_restart_setting.stdout %} - Set traefik_auto_restart: false in group_vars {% endif %} {% if 'No cronjobs' not in traefik_cronjobs.stdout %} - Remove or disable cronjobs that restart Traefik {% endif %} {% if 'No Traefik-related timers' not in traefik_timers.stdout %} - Disable systemd timers that restart Traefik {% endif %} {% endif %} ================================================================================