Disable server in haproxy before updating

This will reduce the number of errors for users.
The experiments were carried out on immich, it is not so important.

roles/haproxy/files/haproxy.cfg

@@ -1,7 +1,6 @@
 global
 	log /dev/stderr	local0 warning
-	user haproxy
+    stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
-	group haproxy
 
 	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
     ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

roles/haproxy/tasks/main.yml

@@ -48,6 +48,14 @@
     src: errors/{{ item }}.http
     dest: /etc/haproxy/errors/{{ item }}.http
   loop: [400, 403, 408, 500, 502, 503, 504]
+- name: Create haproxy socket dir
+  become: true
+  ansible.builtin.file:
+    path: /run/haproxy
+    state: directory
+    mode: "1750"
+    owner: "99"
+    group: "99"
 - name: Create haproxy container
   become: true
   community.docker.docker_container:
@@ -57,6 +65,7 @@
       - name: haproxy
     volumes:
       - /etc/haproxy:/usr/local/etc/haproxy:ro
+      - /run/haproxy:/run/haproxy
     sysctls:
       net.ipv4.ip_unprivileged_port_start: 0
     ports:

roles/immich/tasks/main.yml

@@ -33,22 +33,10 @@
   become: true
   community.docker.docker_volume:
     name: "immich-model-cache"
-- name: Start immich server container
+- include_tasks: start_server.yml
-  become: true
+  loop: [1]
-  community.docker.docker_container:
+  loop_control:
-    name: immich-1
+    loop_var: server_idx
-    image: ghcr.io/immich-app/immich-server:{{ tag }}
-    env_file: /etc/immich/_data/immich.env
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /mnt/hdd/immich:/usr/src/app/upload
-      - /etc/immich/_data:/etc/immich
-    networks:
-      - name: haproxy
-      - name: immich
-      - name: postgresql
-    recreate: "{{ cfg.changed }}"
-    restart_policy: unless-stopped
 - name: Start immich machine learning container
   become: true
   community.docker.docker_container:

roles/immich/tasks/start_server.yml

@@ -0,0 +1,31 @@
+---
+- name: Disable server in haproxy
+  become: true
+  community.general.haproxy:
+    socket: /run/haproxy/admin.sock
+    state: disabled
+    backend: immich
+    host: s{{ server_idx }}
+- name: Start immich server container
+  become: true
+  community.docker.docker_container:
+    name: immich-{{ server_idx }}
+    image: ghcr.io/immich-app/immich-server:{{ tag }}
+    env_file: /etc/immich/_data/immich.env
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /mnt/hdd/immich:/usr/src/app/upload
+      - /etc/immich/_data:/etc/immich
+    networks:
+      - name: haproxy
+      - name: immich
+      - name: postgresql
+    recreate: "{{ cfg.changed }}"
+    restart_policy: unless-stopped
+- name: Enable server in haproxy
+  become: true
+  community.general.haproxy:
+    socket: /run/haproxy/admin.sock
+    state: enabled
+    backend: immich
+    host: s{{ server_idx }}