From bae888f4a4fe72c2b4c58bbbc7cf0b283267db69 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 12 Oct 2020 17:45:05 +0200
Subject: [PATCH] Reconfigure, to use the haproxy-public network.

---
 defaults/main.yml                      |  2 +-
 tasks/haproxy_networks.yml             | 26 --------------------------
 tasks/main.yml                         |  2 --
 templates/haproxy.cfg.j2               |  4 ++--
 templates/portainer-agent-stack.yml.j2 | 10 ++++++++++
 5 files changed, 13 insertions(+), 31 deletions(-)
 delete mode 100644 tasks/haproxy_networks.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index d45c2be..f4ee7db 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,7 +17,7 @@ docker_swarm_portainer_hostname: 'portainer-swarm.example.com'
 docker_swarm_portainer_additional_constraints: []
 #  - 'node.hostname != docker01'
 
-docker_swarm_portainer_network: 'portainer_agent_network'
+docker_swarm_portainer_network: 'agent_network'
 docker_swarm_portainer_http_port: '9000'
 docker_swarm_portainer_service_port: '8000'
 
diff --git a/tasks/haproxy_networks.yml b/tasks/haproxy_networks.yml
deleted file mode 100644
index 975a330..0000000
--- a/tasks/haproxy_networks.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-- name: Create the networks that haproxy will attach to and that are not created by the services
-  block:
-  - name: Create the overlay networks that are not created by the services
-    docker_network:
-      name: '{{ item }}'
-      driver: overlay
-      scope: swarm
-    with_items: '{{ docker_swarm_haproxy_additional_networks }}'
-
-  - name: Connect haproxy to the overlay networks
-    shell: docker service update --network-add {{ item }} {{ docker_haproxy_service_name }} --update-delay 30s --update-parallelism 1 && touch {{ haproxy_docker_compose_dir }}/.network_{{ item }}
-    with_items: '{{ docker_swarm_haproxy_networks }}'
-    args:
-      creates: '{{ haproxy_docker_compose_dir }}/.network_{{ item }}'
-    ignore_errors: True
-
-  - name: Connect haproxy to some additional overlay networks
-    shell: docker service update --network-add {{ item }} {{ docker_haproxy_service_name }} --update-delay 30s --update-parallelism 1 && touch {{ haproxy_docker_compose_dir }}/.additional_network_{{ item }}
-    with_items: '{{ docker_swarm_haproxy_additional_networks }}'
-    args:
-      creates: '{{ haproxy_docker_compose_dir }}/.additional_network_{{ item }}'
-    ignore_errors: True
-
-  when: docker_swarm_manager_main_node | bool
-  tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'haproxy_network', 'docker_network' ]
diff --git a/tasks/main.yml b/tasks/main.yml
index 8dbcc47..58a386b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,5 +3,3 @@
   when: docker_swarm_cluster_haproxy_install
 - import_tasks: portainer.yml
   when: docker_swarm_cluster_portainer_install
-- import_tasks: haproxy_networks.yml
-  when: docker_swarm_cluster_haproxy_install
diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2
index afd79f2..b118fa7 100644
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@@ -108,7 +108,7 @@ frontend docker_ft
     acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
     acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %}
 
-    http-request deny if swarm_api !swarm_api_allowed_nets
+#    http-request deny if swarm_api !swarm_api_allowed_nets
 #    http-request deny unless METH_GET || { env(POST) -m bool }
 #    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
 #    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
@@ -156,7 +156,7 @@ backend portainer_bck
     http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
     http-check expect rstatus (2|3)[0-9][0-9]
     balance roundrobin
-    server-template portainer- 1 portainer_portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
+    server-template portainer- 1 portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
 {% endif %}
 
 {% for srv in docker_swarm_haproxy_additional_services %}
diff --git a/templates/portainer-agent-stack.yml.j2 b/templates/portainer-agent-stack.yml.j2
index 862b080..e18006e 100644
--- a/templates/portainer-agent-stack.yml.j2
+++ b/templates/portainer-agent-stack.yml.j2
@@ -10,6 +10,8 @@ services:
       mode: global
       placement:
         constraints: [node.platform.os == linux]
+    networks:
+      - {{ docker_swarm_portainer_network }}
 {% if docker_log_to_journal %}
     logging:
       driver: 'journald'
@@ -23,6 +25,9 @@ services:
     #  - "{{ docker_swarm_portainer_service_port }}:8000"
     volumes:
       - portainer_data:/data
+    networks:
+      - {{ docker_swarm_portainer_network }}
+      - haproxy-public
     deploy:
       mode: replicated
       replicas: 1
@@ -45,3 +50,8 @@ services:
 
 volumes:
   portainer_data:
+
+networks:
+  {{ docker_swarm_portainer_network }}:
+  haproxy-public:
+    external: True
\ No newline at end of file