From cabbdac987b90c435898370c4f68ea382427998f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 30 Sep 2020 15:19:54 +0200 Subject: [PATCH] Support the installation of haproxy as docker service --- defaults/main.yml | 3 ++ meta/main.yml | 8 +++- tasks/haproxy-docker-service.yml | 15 ++++++++ tasks/main.yml | 40 +++++++++++-------- templates/haproxy-docker-compose.yml.j2 | 49 ++++++++++++++++++++++++ templates/haproxy-letsencrypt-acme.sh.j2 | 6 +++ 6 files changed, 103 insertions(+), 18 deletions(-) create mode 100644 tasks/haproxy-docker-service.yml create mode 100644 templates/haproxy-docker-compose.yml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 10391b3..ee6989a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,9 @@ haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}" haproxy_pkg_state: present haproxy_enabled: True haproxy_k_bind_non_local_ip: True +haproxy_docker_container: False +haproxy_docker_compose_dir: /src/haproxy_swarm +haproxy_ha_with_keepalived: False haproxy_default_port: 80 haproxy_terminate_tls: False diff --git a/meta/main.yml b/meta/main.yml index af2e58e..28daed2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -20,4 +20,10 @@ galaxy_info: galaxy_tags: - haproxy -dependencies: [] +dependencies: + - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-keepalived.git + version: master + name: keepalived + state: latest + when: haproxy_ha_with_keepalived + diff --git a/tasks/haproxy-docker-service.yml b/tasks/haproxy-docker-service.yml new file mode 100644 index 0000000..da08b23 --- /dev/null +++ b/tasks/haproxy-docker-service.yml @@ -0,0 +1,15 @@ +--- +- name: Manage the composition of haproxy as a docker swarm service + block: + - name: Install the docker compose file + template: src=haproxy-docker-compose.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-compose.yml + + - name: Run the docker compose file to start the service + docker_compose: + project_src: '{{ haproxy_docker_compose_dir }}' + state: present + pull: yes + recreate: smart + + when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node + tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker' ] diff --git a/tasks/main.yml b/tasks/main.yml index 70e8d24..7723256 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,6 @@ --- - import_tasks: haproxy-service.yml + when: not haproxy_docker_container - import_tasks: haproxy-letsencrypt-acme-sh.yml when: - haproxy_letsencrypt_managed @@ -7,26 +8,31 @@ - import_tasks: haproxy-ssl.yml when: - haproxy_letsencrypt_managed + - not haproxy_docker_container - import_tasks: haproxy-nagios.yml when: - - nagios_enabled is defined - - nagios_enabled + - nagios_enabled is defined and nagios_enabled + - not haproxy_docker_container -- name: Ensure that haproxy is enabled and started - service: name=haproxy state=restarted enabled=yes - when: haproxy_enabled - ignore_errors: True - tags: haproxy +- import_tasks: haproxy-docker-service.yml + when: not haproxy_docker_container -- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient - service: name=rsyslog state=restarted - when: - - haproxy_enabled - - install_haproxy is changed - tags: haproxy +- block: + - name: Ensure that haproxy is enabled and started + service: name=haproxy state=restarted enabled=yes + when: haproxy_enabled + ignore_errors: True -- name: Ensure that haproxy is stopped and disabled if needed - service: name=haproxy state=stopped enabled=no - when: not haproxy_enabled - tags: haproxy + - name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient + service: name=rsyslog state=restarted + when: + - haproxy_enabled + - install_haproxy is changed + + - name: Ensure that haproxy is stopped and disabled if needed + service: name=haproxy state=stopped enabled=no + when: not haproxy_enabled + + tags: [ 'haproxy', 'haproxy_service' ] + when: not haproxy_docker_container diff --git a/templates/haproxy-docker-compose.yml.j2 b/templates/haproxy-docker-compose.yml.j2 new file mode 100644 index 0000000..0e894c9 --- /dev/null +++ b/templates/haproxy-docker-compose.yml.j2 @@ -0,0 +1,49 @@ +version: '3.8' + +services: + haproxy: + image: haproxytech/haproxy-debian:{{ haproxy_version }} + volumes: + - '{{ haproxy_cert_dir }}':'{{ haproxy_cert_dir }}':ro + - /etc/haproxy:/etc/haproxy:ro + ports: + - target: '{{ haproxy_default_port }}' + published: '{{ haproxy_default_port }}' + protocol: tcp + mode: host + - target: '{{ haproxy_ssl_port }}' + published: '{{ haproxy_ssl_port }}' + protocol: tcp + mode: host +{% if docker_swarm_haproxy_networks is defined %} + networks: +{% for net in docker_swarm_haproxy_networks %} + - {{ net }} +{% endfor %} +{% endif %} +{% if docker_swarm_haproxy_additional_services is defined %} +{% for net in docker_swarm_haproxy_additional_services %} + - {{ net.service_overlay_network }} +{% endfor %} +{% endif %} + deploy: + mode: replicated + replicas: 1 + endpoint_mode: dnsrr + placement: + constraints: [node.role == manager] + restart_policy: + condition: unless-stopped + delay: 5s + max_attempts: 3 + window: 120s + resources: + limits: + cpus: '2.0' + memory: 768M + reservations: + cpus: '1.0' + memory: 384M +{% if docker_log_to_journal %} + log_driver: 'journald' +{% endif %} diff --git a/templates/haproxy-letsencrypt-acme.sh.j2 b/templates/haproxy-letsencrypt-acme.sh.j2 index 1aaa92b..2681046 100644 --- a/templates/haproxy-letsencrypt-acme.sh.j2 +++ b/templates/haproxy-letsencrypt-acme.sh.j2 @@ -29,6 +29,8 @@ cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE} chmod 440 ${HAPROXY_CERTFILE} chgrp haproxy ${HAPROXY_CERTFILE} +{% if not haproxy_docker_container %} + echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log if [ -x /bin/systemctl ] ; then systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1 @@ -44,6 +46,10 @@ else echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log fi +{% else %} +docker kill --signal USR2 $(docker container ls --filter name=haproxy-service --quiet) +{% endif %} + echo "Done." >> $LE_LOG_DIR/haproxy.log exit 0