I've tried using Jijna2 templates.

galera-infra/haproxy/chck_haproxy.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if systemctl is-active --quiet haproxy; then
+    exit 0
+else
+    exit 1
+fi

galera-infra/haproxy/haproxy.conf.j2

@@ -0,0 +1,85 @@
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #local2                       /var/log/haproxy.log
+    #
+    #log         127.0.0.1 local2
+    log 	/dev/log local0
+
+    chroot      /var/lib/haproxy
+    #pidfile     /var/run/haproxy.pid
+    maxconn     80000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    log                     global
+    retries                 1
+    timeout queue           15s
+    timeout connect         7s
+    timeout client          30s
+    timeout server          30s
+    timeout check           5s
+    maxconn                 3000
+
+#---------------------------------------------------------------------
+# main frontend which proxys to the backends
+#---------------------------------------------------------------------
+    
+# Galera Cluster Frontend configuration
+{% if haproxy_frontend_name is not "galera_default_frontend"%}
+frontend {{ haproxy_frontend_name }}
+{% else %}
+frontend galera_default_frontend
+{% endif %}
+
+    bind *:3306
+    mode tcp
+    option tcplog
+    tcp-request inspect-delay 5s
+    {% if haproxy_backend_name is not "galera_default_backend"%}
+    default_backend {{ haproxy_backend_name }}
+    {% else %}
+    default_backend galera_default_backend
+    {% endif %}  
+
+#---------------------------------------------------------------------
+# active-backup redirection between the various backends
+#---------------------------------------------------------------------
+
+# Galera Cluster Backend configuration
+{% if haproxy_backend_name is not "galera_default_backend"%}
+backend {{ haproxy_backend_name }}
+{% else %}
+backend galera_default_backend
+{% endif %}
+
+    mode tcp
+    option tcpka
+    option srvtcpka
+    balance roundrobin
+    option mysql-check user HaProxyLB
+    default-server inter 3s rise 2 fall 3
+    {% for node in groups[galera_cluster_nodes]%}
+    server node{{ loop.index }} {{ node }}:3306 check weight 1
+    {% endfor %}

galera-infra/haproxy/keepalived.conf.j2

@@ -0,0 +1,50 @@
+global_defs {
+    enable_script_security
+    script_user keepaliveddd
+}
+
+vrrp_script track_haproxy {
+    script "/etc/keepalived/chck_haproxy.sh"
+    interval 2
+}
+
+vrrp_instance NGDB--LB {
+    state MASTER
+    {% if keepalived_int is not "eth0"%}
+    interface {{ keepalived_int }}
+    {% else %}
+    interface eth0
+    {% endif %}
+    {% if keepalived_vrid is not 30%}
+    virtual_router_id {{ keepalived_vrid }}
+    {% else %}
+    virtual_router_id 30
+    {% endif %}
+    priority 100
+    advert_int 1
+
+    unicast_src_ip {{ hostvars[inventory_hostname]['ansible_host'] }}
+    unicast_peer {
+        {% for host in groups["galera_lb_nodes"] %}
+        {{ host }}
+        {% endfor%}
+    }
+
+    authentication {
+        auth_type PASS
+        {% if authpass is not "ChangeMe"%}
+        auth_pass {{ authpass }}
+        {% else %}
+        auth_pass 4zaLp1MV
+        {% endif %}
+    }
+
+    track_script {
+        track_haproxy
+    }
+
+    virtual_ipaddress {
+        {{ vip_address }}/{{ vip_address_cidr }} dev {{ vip_address_int }}
+    }
+
+}

galera-infra/haproxy/loadBalancers.vars.yaml

@@ -0,0 +1,19 @@
+---
+vars1: "1"
+vars2: "2"
+
+# HAProxy config
+haproxy_backend_name: galera_default_backend
+haproxy_frontend_name: galera_default_frontend
+
+# keepalived config
+
+keepalived_int: eth0
+keepalived_vrid: 30
+
+vip_address: 2.1.3.7
+vip_address_cidr: 27
+vip_address_int: eth1
+
+# This can be at most 8 characters
+authpass: ChangeMe

galera-infra/haproxy/loadBalancers.yaml

@@ -1,7 +1,7 @@
 ---
 - name: Install LB for galera cluster
 
-  hosts: 1.2.3.4
+  hosts: 1.1.1.1, 2.2.2.2, 3.3.3.3
   become: yes
   gather_facts: yes
   vars_files:
@@ -36,18 +36,21 @@
           - curl
           - keepalived
           - haproxy
+          - sudo
 
 
+    - name: Create keepalivedusr 
+
+    - name: copy chck_haproxy.sh
+
+    - name: set exec perms on chck_haproxy.sh
+
+    - name: copy haproxy config
+
+    - name: copy keepalived config
+
+    - name: restart haproxy
+
+    - name: restart keepalived
+
     - name: template to copy from
-      apt:
-        state: brainrot
-      environment:
-        WAZUH_AGENT_GROUP: "{{ wazuh_agent_groups }}"
-        WAZUH_MANAGER: "{{ wazuh_manager_ip }}"
-        WAZUH_AGENT_NAME: "{{ wazuh_agent_name }}"
-
-    
-
-    # bootstarp on first node
-    # galera_new_cluster
-

galera-infra/inventory.ini

@@ -0,0 +1,5 @@
+[galera_cluster_nodes]
+
+
+
+[galera_lb_nodes]

galera-infra/mariadb/50-client.conf.j2

@@ -0,0 +1,19 @@
+#
+# This group is read by the client library
+# Use it for options that affect all clients, but not the server
+#
+
+[client]
+# Example of client certificate usage
+#ssl-cert = /etc/mysql/client-cert.pem
+#ssl-key  = /etc/mysql/client-key.pem
+#
+# Allow only TLS encrypted connections
+#ssl-verify-server-cert = on
+
+# This group is *never* read by mysql client library, though this
+# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
+# client anyway.
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]

galera-infra/mariadb/50-server.conf.j2

@@ -0,0 +1,124 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+
+#user                    = mysql
+pid-file                = /run/mysqld/mysqld.pid
+basedir                 = /usr
+#datadir                 = /var/lib/mysql
+#tmpdir                  = /tmp
+
+# Broken reverse DNS slows down connections considerably and name resolve is
+# safe to skip if there are no "host by domain name" access grants
+{% if galera_skip_name_resolve == true_%}
+skip-name-resolve
+{% else %}
+#skip-name-resolve
+{% endif %}
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+#bind-address            = 127.0.0.1
+bind-address		= {{ hostvars[inventory_hostname]['ansible_host'] }}
+
+#
+# * Fine Tuning
+#
+
+#key_buffer_size        = 128M
+#max_allowed_packet     = 1G
+#thread_stack           = 192K
+#thread_cache_size      = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+#myisam_recover_options = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+
+#
+# * Logging and Replication
+#
+
+# Note: The configured log file or its directory need to be created
+# and be writable by the mysql user, e.g.:
+# $ sudo mkdir -m 2750 /var/log/mysql
+# $ sudo chown mysql /var/log/mysql
+
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# Recommend only changing this at runtime for short testing periods if needed!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+
+# When running under systemd, error logging goes via stdout/stderr to journald
+# and when running legacy init error logging goes to syslog due to
+# /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf
+# Enable this if you want to have error logging into a separate file
+#log_error = /var/log/mysql/error.log
+# Enable the slow query log to see queries with especially long duration
+#log_slow_query_file    = /var/log/mysql/mariadb-slow.log
+#log_slow_query_time    = 10
+#log_slow_verbosity     = query_plan,explain
+#log-queries-not-using-indexes
+#log_slow_min_examined_row_limit = 1000
+
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+#max_binlog_size        = 100M
+
+#
+# * SSL/TLS
+#
+
+# For documentation, please read
+# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#require-secure-transport = on
+
+#
+# * Character sets
+#
+
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * InnoDB
+#
+
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# Most important is to give InnoDB 80 % of the system RAM for buffer use:
+# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
+#innodb_buffer_pool_size = 8G
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.11 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.11]

galera-infra/mariadb/60-galera.conf.j2

@@ -8,8 +8,8 @@
 #[mysqld]
 # Mandatory settings
 wsrep_on                 = ON
-wsrep_cluster_name       = "NGDB-GALERA"
+wsrep_cluster_name       = "{{ galera_cluster_name }}"
-wsrep_cluster_address    = "gcomm://192.168.44.9,192.168.44.10,192.168.44.11,192.168.44.12,192.168.44.13"
+wsrep_cluster_address = "gcomm://{{ groups['galera_cluster_nodes'] | map('extract', hostvars, 'ansible_host') | join(',') }}"
 binlog_format            = row
 default_storage_engine   = InnoDB
 wsrep_sst_method	     =rsync
@@ -18,11 +18,8 @@ wsrep_provider           =/usr/lib/galera/libgalera_smm.so
 
 
 # Galera Node Configuration
-wsrep_node_address="192.168.44.12"
+wsrep_node_address = "{{ hostvars[inventory_hostname]['ansible_host'] }}"
-wsrep_node_name="{{ galera_cluster_name }}"
+wsrep_node_name="{{ ansible_hostname }}"
-
-# Allow server to accept connections on all interfaces.
-#bind-address = <OPTIONAL_BIND_ADDR>
 
 # Configure TLS
 # Change/uncomment accoridingly

galera-infra/mariadb/galeraDeploy.vars.yaml

@@ -5,3 +5,5 @@ hosts:
   - 1.1.1.1
   - 2.2.2.2
   - 3.3.3.3
+
+galera_skip_name_resolve: true

galera-infra/mariadb/galeraDeploy.yaml

@@ -39,19 +39,19 @@
           - mariadb-server
           - mariadb-client
           - galera-4
+          - sudo
 
+    - name: replace 50-client.conf
 
+    - name: replace 50-server.conf
 
-    - name: template to copy from
+    - name: replace 60-galera.conf
-      apt:
-        state: brainrot
-      set_fact:
-        wazuh_agent_name: "{{ ansible_hostname }}"
-      environment:
-        WAZUH_AGENT_GROUP: "{{ wazuh_agent_groups }}"
-        WAZUH_MANAGER: "{{ wazuh_manager_ip }}"
-        WAZUH_AGENT_NAME: "{{ wazuh_agent_name }}"
 
+    - name: bootstrap galera cluster on first node and wait 30 seconds
+
+    - name: restart mariadb on every node sequentially
+
+    - name: Create HaProxyLB for mysql checks on haproxy
 
 
     # bootstarp on first node

loadBalancers.vars.yaml

@@ -1,3 +0,0 @@
----
-vars1: "1"
-vars2: "2"