Refinements of the haproxy configuration. Another attempt to get the network configuration

2020-10-05 18:01:11 +02:00 · 2020-10-05 18:01:11 +02:00 · cbb5370aa5
parent 3d717c1262
commit cbb5370aa5
4 changed files with 36 additions and 23 deletions
--- a/tasks/haproxy_networks.yml
+++ b/tasks/haproxy_networks.yml
@ -8,21 +8,23 @@
      scope: swarm
    with_items: '{{ docker_swarm_haproxy_additional_networks }}'

-#   - name: Connect haproxy to the overlay networks
-#     docker_network:
-#       name: '{{ item }}'
-#       connected:
-#         - 'haproxy_haproxy'
-#       appends: yes
-#     with_items: '{{ docker_swarm_haproxy_networks }}'
+  - name: Connect haproxy to the overlay networks
+    docker_compose:
+      project_name: '{{ docker_haproxy_service_name }}'
+      definition:
+        services:
+          '{{ docker_haproxy_service_name }}':
+            networks: '{{ docker_swarm_haproxy_networks }}'
+    ignore_errors: True

-#   - name: Connect haproxy to the overlay additional networks
-#     docker_network:
-#       name: '{{ item }}'
-#       connected:
-#         - 'haproxy_haproxy'
-#       appends: yes
-#     with_items: '{{ docker_swarm_haproxy_additional_networks }}'
+  - name: Connect haproxy to the overlay networks
+    docker_compose:
+      project_name: '{{ docker_haproxy_service_name }}'
+      definition:
+        services:
+          '{{ docker_haproxy_service_name }}':
+            networks: '{{ docker_swarm_haproxy_additional_networks }}'
+    ignore_errors: True

  when: docker_swarm_manager_main_node | bool
  tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,7 +1,7 @@
 ---
- import_tasks: haproxy_networks.yml
-  when: docker_swarm_cluster_haproxy_install
 - import_tasks: haproxy_conf.yml
  when: docker_swarm_cluster_haproxy_install
 - import_tasks: portainer.yml
  when: docker_swarm_cluster_portainer_install
+- import_tasks: haproxy_networks.yml
+  when: docker_swarm_cluster_haproxy_install
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -38,10 +38,7 @@ defaults
    timeout client 30s
    timeout server 30s
    log global
-    mode http
-    option httplog
    monitor-uri /_haproxy_health_check
-    option http-keep-alive
    timeout http-keep-alive {{ haproxy_global_keepalive_timeout }}
    timeout connect {{ haproxy_connect_timeout }}
    timeout client  {{ haproxy_client_timeout }}
@ -55,7 +52,9 @@ peers mypeers
    peer local_haproxy 127.0.0.1:1024

 listen stats
-    bind 0.0.0.0:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
+    bind *:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
+    mode http
+    option httplog
    stats enable
    stats uri     /
    stats realm   HAProxy\ Statistics
@ -66,15 +65,19 @@ listen stats

 listen local_stats
    bind 127.0.0.1:8881
+    mode http
+    option httplog
    stats enable
    stats uri     /
    stats realm   HAProxy\ Statistics

 frontend http
-    bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
-    bind *:{{ haproxy_default_port }}
+    bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1  {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
+    bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
+    mode http
+    option httplog
+    option http-keep-alive
    http-request add-header X-Forwarded-Proto https
-    redirect scheme https code 301 if !{ ssl_fc }
    # HSTS (63072000 seconds)
    http-response set-header Strict-Transport-Security max-age=63072000
 {% if docker_swarm_cluster_portainer_install %}
@ -97,6 +100,7 @@ frontend http
 {% endif %}
    use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
 {% endfor %}
+    redirect scheme https code 301 if !{ ssl_fc }

 #
 # Backends
@ -105,12 +109,16 @@ frontend http
 {% if docker_swarm_expose_api_via_haproxy %}
 # swarm API
 backend swarm_api_bck
+    mode http
+    option httplog
    balance roundrobin
    server swarm 127.0.0.1:{{ docker_api_port }}
 {% endif %}

 {% if docker_swarm_cluster_portainer_install %}
 backend portainer_bck
+    mode http
+    option httplog
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    http-check expect rstatus (2|3)[0-9][0-9]
@ -120,6 +128,8 @@ backend portainer_bck

 {% for srv in docker_swarm_haproxy_additional_services %}
 backend {{ srv.acl_name }}_bck
+    mode http
+    option httplog
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    http-check expect rstatus (2|3)[0-9][0-9]
--- a/vars/main.yml
+++ b/vars/main.yml
@ -14,6 +14,7 @@ docker_swarm_haproxy_constraints: '{{ haproxy_docker_swarm_haproxy_constraints }
 # The allowed_networks parameter is optional
 docker_swarm_haproxy_additional_services: '{{ haproxy_docker_swarm_additional_services }}'

+docker_haproxy_service_name: 'haproxy_haproxy'
 docker_swarm_haproxy_networks: '{{ haproxy_docker_swarm_networks }}'

 docker_swarm_haproxy_additional_networks: '{{ haproxy_docker_swarm_additional_networks }}'