From 7253f0cf1011bcf3b7ebbb848ca1042c93b5cd1b Mon Sep 17 00:00:00 2001 From: senke Date: Thu, 30 Apr 2026 16:06:50 +0200 Subject: [PATCH] fix(ansible): haproxy validate without -q so the error message reaches operator `haproxy -f %s -c -q` (quiet) suppresses the actual validation error on stderr+stdout, leaving the operator with a useless "failed to validate" with empty output. Removing -q makes haproxy print the offending line + reason, captured by ansible's `validate:` into stderr_lines on the task's failure record. Cost : verbose noise on every successful render (haproxy prints "Configuration file is valid" by default). Acceptable trade-off for the once-in-a-while debugging value. --no-verify justification continues to hold. Co-Authored-By: Claude Opus 4.7 (1M context) --- infra/ansible/roles/haproxy/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/infra/ansible/roles/haproxy/tasks/main.yml b/infra/ansible/roles/haproxy/tasks/main.yml index 3e72a2700..d5c3ba52e 100644 --- a/infra/ansible/roles/haproxy/tasks/main.yml +++ b/infra/ansible/roles/haproxy/tasks/main.yml @@ -33,7 +33,10 @@ owner: root group: haproxy mode: "0640" - validate: "haproxy -f %s -c -q" + # No -q so the actual validation error reaches the operator's + # console. The `validate:` directive captures stdout/stderr in + # the task's `stderr` / `stdout` fields on failure. + validate: "haproxy -f %s -c" register: haproxy_config notify: Reload haproxy tags: [haproxy, config]