diff --git a/defaults/main.yml b/defaults/main.yml index cafc0c9..d2337aa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,8 +8,18 @@ haproxy_pkg_state: present haproxy_enabled: True haproxy_k_bind_non_local_ip: True haproxy_docker_container: False +haproxy_docker_version: '{{ haproxy_version }}.4' +haproxy_docker_image: 'haproxytech/haproxy-debian:{{ haproxy_version }}.4' haproxy_docker_compose_dir: /srv/haproxy_swarm haproxy_ha_with_keepalived: False +haproxy_docker_swarm_networks: + - 'portainer_{{ docker_swarm_portainer_network }}' +haproxy_docker_swarm_additional_networks: [] + +haproxy_docker_swarm_haproxy_constraints: + - 'node.role == manager' +haproxy_docker_swarm_additional_services: [] +# - { acl_name: 'service', acl_rule: 'hdr_dom(host) -i service.example.com', service_name: 'service-', service_replica_num: '1', service_port: '9999', service_overlay_network: 'service-network', allowed_networks: '192.168.1.0/24 192.168.2.0/24' } haproxy_default_port: 80 haproxy_terminate_tls: False diff --git a/tasks/haproxy-docker-service.yml b/tasks/haproxy-docker-service.yml index aa042bf..07576c0 100644 --- a/tasks/haproxy-docker-service.yml +++ b/tasks/haproxy-docker-service.yml @@ -5,7 +5,7 @@ file: dest={{ haproxy_docker_compose_dir }} state=directory mode='0755' - name: Install the docker compose file - template: src=haproxy-docker-compose.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-compose.yml mode='0644' + template: src=haproxy-docker-stack.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-haproxy-stack.yml mode='0644' - name: Create the local haproxy configuration directory file: dest=/etc/haproxy state=directory mode='0755' @@ -18,7 +18,7 @@ name: haproxy state: present compose: - - '{{ haproxy_docker_compose_dir }}/docker-compose.yml' + - '{{ haproxy_docker_compose_dir }}/docker-haproxy-stack.yml' run_once: True when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool diff --git a/templates/haproxy-docker-compose.yml.j2 b/templates/haproxy-docker-stack.yml.j2 similarity index 52% rename from templates/haproxy-docker-compose.yml.j2 rename to templates/haproxy-docker-stack.yml.j2 index c2773d5..c677ffd 100644 --- a/templates/haproxy-docker-compose.yml.j2 +++ b/templates/haproxy-docker-stack.yml.j2 @@ -2,7 +2,7 @@ version: '3.6' services: haproxy: - image: haproxytech/haproxy-debian:{{ haproxy_version }} + image: {{ haproxy_docker_image }} volumes: - {{ haproxy_cert_dir }}:{{ haproxy_cert_dir }}:ro - /etc/haproxy:/usr/local/etc/haproxy:ro @@ -10,21 +10,48 @@ services: - target: {{ haproxy_default_port }} published: {{ haproxy_default_port }} protocol: tcp +{% if docker_swarm_haproxy_installation_type == 'mesh' %} + mode: ingress +{% else %} mode: host +{% endif %} - target: {{ haproxy_ssl_port }} published: {{ haproxy_ssl_port }} protocol: tcp +{% if docker_swarm_haproxy_installation_type == 'mesh' %} + mode: ingress +{% else %} mode: host +{% endif %} - target: {{ haproxy_admin_port }} published: {{ haproxy_admin_port }} protocol: tcp +{% if docker_swarm_haproxy_installation_type == 'mesh' %} + mode: ingress +{% else %} mode: host +{% endif %} dns: [127.0.0.11] + networks: +{% for net in haproxy_docker_swarm_networks %} + - {{ net }} +{% endfor %} +{% for othernet in haproxy_docker_swarm_additional_networks %} + - {{ othernet }} +{% endfor %} deploy: +{% if docker_swarm_haproxy_installation_type == 'keepalive' or docker_swarm_haproxy_installation_type == 'mesh' %} mode: replicated replicas: 1 +{% endif %} +{% if docker_swarm_haproxy_installation_type == 'global' %} + mode: global +{% endif %} placement: - constraints: [node.role == manager] + constraints: +{% for constr in docker_swarm_haproxy_constraints %} + - {{ constr }} +{% endfor %} restart_policy: condition: on-failure delay: 20s