Do not create the portainer network. Fix the haproxy configuration

2020-10-01 18:28:54 +02:00 · 2020-10-01 18:28:54 +02:00 · 3f73df2bd6
parent 15ae321889
commit 3f73df2bd6
3 changed files with 19 additions and 5 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -4,6 +4,7 @@ docker_swarm_cluster_haproxy_install: True
 docker_swarm_haproxy_installation_type: 'keepalive'
 docker_swarm_haproxy_networks:
  - 'portainer_{{ docker_swarm_portainer_network }}'
+docker_swarm_haproxy_additional_networks: []
 #
 docker_swarm_expose_api_via_haproxy: True
 docker_swarm_expose_api_hostname: 'swarm.example.com'
--- a/tasks/haproxy_networks.yml
+++ b/tasks/haproxy_networks.yml
@ -1,12 +1,12 @@
 ---
- name: Create the networks that haproxy will attach to
+- name: Create the networks that haproxy will attach to and that are not created by the services
  block:
-  - name: Create the overlay networks
+  - name: Create the overlay networks that are not created by the services
    docker_network:
      name: '{{ item }}'
      driver: overlay
      scope: swarm
-    with_items: '{{ docker_swarm_haproxy_networks }}'
+    with_items: '{{ docker_swarm_haproxy_additional_networks }}'

 #   - name: Connect haproxy to the overlay networks
 #     docker_network:
@ -16,5 +16,13 @@
 #       appends: yes
 #     with_items: '{{ docker_swarm_haproxy_networks }}'

+#   - name: Connect haproxy to the overlay additional networks
+#     docker_network:
+#       name: '{{ item }}'
+#       connected:
+#         - 'haproxy_haproxy'
+#       appends: yes
+#     with_items: '{{ docker_swarm_haproxy_additional_networks }}'
+
  when: docker_swarm_manager_main_node | bool
  tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -83,6 +83,7 @@ frontend http
 {% if docker_swarm_expose_api_via_haproxy %}
    acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
    acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %}
+
    http-request deny if swarm_api !swarm_api_allowed_nets
    use_backend swarm_api_bck if swarm_api
 {% endif %}
@ -90,6 +91,7 @@ frontend http
    acl {{ srv.acl_name }} {{ srv.acl_rule }}
 {% if srv.allowed_networks is defined %}
    acl {{ srv.acl_name }}_nets src {% for net in srv.allowed_networks %} {{ net }}{% endfor %}
+
    http-request deny if {{ srv.acl_name }} !{{ srv.acl_name }}_nets
 {% endif %}
    use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
@ -108,14 +110,17 @@ backend swarm_api_bck

 {% if docker_swarm_cluster_portainer_install %}
 backend portainer_bck
-    option httpchk GET /  HTTP/1.1\r\nHost:\ localhost
+    option httpchk
+    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    http-check expect rstatus (2|3)[0-9][0-9]
    balance roundrobin
    server-template portainer- 1 portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
 {% endif %}

 {% for srv in docker_swarm_haproxy_additional_services %}
-    option httpchk GET /  HTTP/1.1\r\nHost:\ localhost
+backend {{ srv.acl_name }}_bck
+    option httpchk
+    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    http-check expect rstatus (2|3)[0-9][0-9]
    balance roundrobin
    server-template {{ srv.service_name }}- {{ srv.service_replica_num }} {{ srv.service_name }}:{{ srv.service_port }} check resolvers docker init-addr libc,none