ISTI-ansible-roles
/
ansible-role-docker-swarm
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Give the option to add some arbtrary http-request checks.

This commit is contained in:
Andrea Dell'Amico 2024-03-29 16:02:54 +01:00
parent 1c227e2373
commit 7eecbb912e
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -9,16 +9,16 @@ Role Variables
The most important variables are listed below:
``` yaml
docker_swarm_cluster_haproxy_install: True
docker_swarm_cluster_haproxy_install: true
# mesh, keepalive, global
docker_swarm_haproxy_installation_type: 'keepalive'
docker_swarm_haproxy_networks:
- '{{ docker_swarm_portainer_network }}'
#
docker_swarm_expose_api_via_haproxy: True
docker_swarm_expose_api_via_haproxy: false
docker_swarm_expose_api_hostname: 'swarm.example.com'
# Portainer
docker_swarm_cluster_portainer_install: True
docker_swarm_cluster_portainer_install: true
docker_swarm_portainer_hostname: 'portainer-swarm.example.com'
docker_swarm_portainer_additional_constraints: []
# - 'node.hostname != docker01'
@ -35,6 +35,22 @@ docker_swarm_haproxy_additional_services: []
# - { acl_name: 'service', acl_rule: 'hdr_dom(host) -i service.example.com', service_name: 'service-', service_replica_num: '1', service_port: '9999', service_overlay_network: 'service-network', http_redirect_to_https: True }
```
HAPROXY configuration
------------
`docker_swarm_haproxy_plain_http_global_acl_rules` allows the definition of arbitrary acl with the corresponding http-request rules, for the *plain http* listener
`docker_swarm_haproxy_global_acl_rules` allows the definition of arbitrary acl with the corresponding http-request rules, for the *https* listener
`haproxy_docker_swarm_additional_services` is the dictionary that contains the backends definitions and their acls
A plain http listener can be defined, using the following variables. The syntax of `haproxy_docker_swarm_plain_http_services` is identical to the `haproxy_docker_swarm_additional_services` one.
```yaml
haproxy_docker_swarm_plain_http_listener: true
haproxy_docker_swarm_plain_http_port: 8080
haproxy_docker_swarm_plain_http_services: []
```
Dependencies
------------

14
templates/haproxy.cfg.j2
View File

@ -88,6 +88,13 @@ frontend http_{{ docker_swarm_haproxy_plain_http_port }}
acl {{ srv.acl_name }} {{ srv.acl_rule }}
{%if srv.acl_path_rule is defined %}acl {{ srv.acl_name }}_path {{ srv.acl_path_rule }}{% endif %}
{% if docker_swarm_haproxy_plain_http_global_acl_rules is defined %}
{% for rule in docker_swarm_haproxy_plain_http_global_acl_rules %}
acl {{rule.acl_name }} {{ rule.acl_args }}
{{ rule.http_action }}
{% endfor %}
{% endif %}
{% if srv.allowed_networks is defined %}
acl {{ srv.acl_name }}_nets src {% for net in srv.allowed_networks %} {{ net }}{% endfor %}
@ -120,6 +127,13 @@ frontend http
acl {{ srv.acl_name }} {{ srv.acl_rule }}
{%if srv.acl_path_rule is defined %}acl {{ srv.acl_name }}_path {{ srv.acl_path_rule }}{% endif %}
{% if docker_swarm_haproxy_global_acl_rules is defined %}
{% for rule in docker_swarm_haproxy_global_acl_rules %}
acl {{rule.acl_name }} {{ rule.acl_args }}
{{ rule.http_action }}
{% endfor %}
{% endif %}
{% if srv.allowed_networks is defined %}
acl {{ srv.acl_name }}_nets src {% for net in srv.allowed_networks %} {{ net }}{% endfor %}