Reconfigure, to use the haproxy-public network.

defaults/main.yml

@@ -17,7 +17,7 @@ docker_swarm_portainer_hostname: 'portainer-swarm.example.com'
 docker_swarm_portainer_additional_constraints: []
 #  - 'node.hostname != docker01'
 
-docker_swarm_portainer_network: 'portainer_agent_network'
+docker_swarm_portainer_network: 'agent_network'
 docker_swarm_portainer_http_port: '9000'
 docker_swarm_portainer_service_port: '8000'
 

tasks/haproxy_networks.yml

@@ -1,26 +0,0 @@
----
-- name: Create the networks that haproxy will attach to and that are not created by the services
-  block:
-  - name: Create the overlay networks that are not created by the services
-    docker_network:
-      name: '{{ item }}'
-      driver: overlay
-      scope: swarm
-    with_items: '{{ docker_swarm_haproxy_additional_networks }}'
-
-  - name: Connect haproxy to the overlay networks
-    shell: docker service update --network-add {{ item }} {{ docker_haproxy_service_name }} --update-delay 30s --update-parallelism 1 && touch {{ haproxy_docker_compose_dir }}/.network_{{ item }}
-    with_items: '{{ docker_swarm_haproxy_networks }}'
-    args:
-      creates: '{{ haproxy_docker_compose_dir }}/.network_{{ item }}'
-    ignore_errors: True
-
-  - name: Connect haproxy to some additional overlay networks
-    shell: docker service update --network-add {{ item }} {{ docker_haproxy_service_name }} --update-delay 30s --update-parallelism 1 && touch {{ haproxy_docker_compose_dir }}/.additional_network_{{ item }}
-    with_items: '{{ docker_swarm_haproxy_additional_networks }}'
-    args:
-      creates: '{{ haproxy_docker_compose_dir }}/.additional_network_{{ item }}'
-    ignore_errors: True
-
-  when: docker_swarm_manager_main_node | bool
-  tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'haproxy_network', 'docker_network' ]

tasks/main.yml

@@ -3,5 +3,3 @@
   when: docker_swarm_cluster_haproxy_install
 - import_tasks: portainer.yml
   when: docker_swarm_cluster_portainer_install
-- import_tasks: haproxy_networks.yml
-  when: docker_swarm_cluster_haproxy_install

templates/haproxy.cfg.j2

@@ -108,7 +108,7 @@ frontend docker_ft
     acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
     acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %}
 
-    http-request deny if swarm_api !swarm_api_allowed_nets
+#    http-request deny if swarm_api !swarm_api_allowed_nets
 #    http-request deny unless METH_GET || { env(POST) -m bool }
 #    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
 #    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
@@ -156,7 +156,7 @@ backend portainer_bck
     http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
     http-check expect rstatus (2|3)[0-9][0-9]
     balance roundrobin
-    server-template portainer- 1 portainer_portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
+    server-template portainer- 1 portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
 {% endif %}
 
 {% for srv in docker_swarm_haproxy_additional_services %}

templates/portainer-agent-stack.yml.j2

@@ -10,6 +10,8 @@ services:
       mode: global
       placement:
         constraints: [node.platform.os == linux]
+    networks:
+      - {{ docker_swarm_portainer_network }}
 {% if docker_log_to_journal %}
     logging:
       driver: 'journald'
@@ -23,6 +25,9 @@ services:
     #  - "{{ docker_swarm_portainer_service_port }}:8000"
     volumes:
       - portainer_data:/data
+    networks:
+      - {{ docker_swarm_portainer_network }}
+      - haproxy-public
     deploy:
       mode: replicated
       replicas: 1
@@ -45,3 +50,8 @@ services:
 
 volumes:
   portainer_data:
+
+networks:
+  {{ docker_swarm_portainer_network }}:
+  haproxy-public:
+    external: True