Support the installation of haproxy as docker service

2020-09-30 15:19:54 +02:00 · 2020-09-30 15:19:54 +02:00 · cabbdac987
parent 7ac7a50225
commit cabbdac987
6 changed files with 103 additions and 18 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,6 +7,9 @@ haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
 haproxy_pkg_state: present
 haproxy_enabled: True
 haproxy_k_bind_non_local_ip: True
+haproxy_docker_container: False
+haproxy_docker_compose_dir: /src/haproxy_swarm
+haproxy_ha_with_keepalived: False

 haproxy_default_port: 80
 haproxy_terminate_tls: False
--- a/meta/main.yml
+++ b/meta/main.yml
@ -20,4 +20,10 @@ galaxy_info:
  galaxy_tags:
    - haproxy

-dependencies: []
+dependencies:
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-keepalived.git
+    version: master
+    name: keepalived
+    state: latest
+    when: haproxy_ha_with_keepalived
+
--- a/tasks/haproxy-docker-service.yml
+++ b/tasks/haproxy-docker-service.yml
@ -0,0 +1,15 @@
+---
+- name: Manage the composition of haproxy as a docker swarm service
+  block:
+  - name: Install the docker compose file
+    template: src=haproxy-docker-compose.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-compose.yml
+
+  - name: Run the docker compose file to start the service
+    docker_compose:
+      project_src: '{{ haproxy_docker_compose_dir }}'
+      state: present
+      pull: yes
+      recreate: smart
+
+  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node
+  tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker' ]
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,5 +1,6 @@
 ---
 - import_tasks: haproxy-service.yml
+  when: not haproxy_docker_container
 - import_tasks: haproxy-letsencrypt-acme-sh.yml
  when:
    - haproxy_letsencrypt_managed
@ -7,26 +8,31 @@
 - import_tasks: haproxy-ssl.yml
  when:
    - haproxy_letsencrypt_managed
+    - not haproxy_docker_container

 - import_tasks: haproxy-nagios.yml
  when:
-    - nagios_enabled is defined
-    - nagios_enabled
+    - nagios_enabled is defined and nagios_enabled
+    - not haproxy_docker_container

- name: Ensure that haproxy is enabled and started
-  service: name=haproxy state=restarted enabled=yes
-  when: haproxy_enabled
-  ignore_errors: True
-  tags: haproxy
+- import_tasks: haproxy-docker-service.yml
+  when: not haproxy_docker_container

- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
-  service: name=rsyslog state=restarted
-  when:
-    - haproxy_enabled
-    - install_haproxy is changed
-  tags: haproxy
+- block:
+  - name: Ensure that haproxy is enabled and started
+    service: name=haproxy state=restarted enabled=yes
+    when: haproxy_enabled
+    ignore_errors: True

- name: Ensure that haproxy is stopped and disabled if needed
-  service: name=haproxy state=stopped enabled=no
-  when: not haproxy_enabled
-  tags: haproxy
+  - name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
+    service: name=rsyslog state=restarted
+    when:
+      - haproxy_enabled
+      - install_haproxy is changed
+
+  - name: Ensure that haproxy is stopped and disabled if needed
+    service: name=haproxy state=stopped enabled=no
+    when: not haproxy_enabled
+
+  tags: [ 'haproxy', 'haproxy_service' ]
+  when: not haproxy_docker_container
--- a/templates/haproxy-docker-compose.yml.j2
+++ b/templates/haproxy-docker-compose.yml.j2
@ -0,0 +1,49 @@
+version: '3.8'
+
+services:
+  haproxy:
+    image: haproxytech/haproxy-debian:{{ haproxy_version }}
+    volumes:
+      - '{{ haproxy_cert_dir }}':'{{ haproxy_cert_dir }}':ro
+      - /etc/haproxy:/etc/haproxy:ro
+    ports:
+      - target: '{{ haproxy_default_port }}'
+        published: '{{ haproxy_default_port }}'
+        protocol: tcp
+        mode: host
+      - target: '{{ haproxy_ssl_port }}'
+        published: '{{ haproxy_ssl_port }}'
+        protocol: tcp
+        mode: host
+{% if docker_swarm_haproxy_networks is defined %}
+    networks:
+{% for net in docker_swarm_haproxy_networks %}
+      - {{ net }}
+{% endfor %}
+{% endif %}
+{% if docker_swarm_haproxy_additional_services is defined %}
+{% for net in docker_swarm_haproxy_additional_services %}
+      - {{ net.service_overlay_network }}
+{% endfor %}
+{% endif %}
+    deploy:
+      mode: replicated
+      replicas: 1
+      endpoint_mode: dnsrr
+      placement:
+        constraints: [node.role == manager]
+      restart_policy:
+        condition: unless-stopped
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 768M
+        reservations:
+          cpus: '1.0'
+          memory: 384M
+{% if docker_log_to_journal %}
+    log_driver: 'journald'
+{% endif %}
--- a/templates/haproxy-letsencrypt-acme.sh.j2
+++ b/templates/haproxy-letsencrypt-acme.sh.j2
@ -29,6 +29,8 @@ cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE}
 chmod 440 ${HAPROXY_CERTFILE}
 chgrp haproxy ${HAPROXY_CERTFILE}

+{% if not haproxy_docker_container %}
+
 echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log
 if [ -x /bin/systemctl ] ; then
    systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1
@ -44,6 +46,10 @@ else
    echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log
 fi

+{% else %}
+docker kill --signal USR2 $(docker container ls --filter name=haproxy-service --quiet)
+{% endif %}
+
 echo "Done." >> $LE_LOG_DIR/haproxy.log

 exit 0