Support the installation of haproxy as docker service
This commit is contained in:
parent
7ac7a50225
commit
cabbdac987
|
@ -7,6 +7,9 @@ haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
|
||||||
haproxy_pkg_state: present
|
haproxy_pkg_state: present
|
||||||
haproxy_enabled: True
|
haproxy_enabled: True
|
||||||
haproxy_k_bind_non_local_ip: True
|
haproxy_k_bind_non_local_ip: True
|
||||||
|
haproxy_docker_container: False
|
||||||
|
haproxy_docker_compose_dir: /src/haproxy_swarm
|
||||||
|
haproxy_ha_with_keepalived: False
|
||||||
|
|
||||||
haproxy_default_port: 80
|
haproxy_default_port: 80
|
||||||
haproxy_terminate_tls: False
|
haproxy_terminate_tls: False
|
||||||
|
|
|
@ -20,4 +20,10 @@ galaxy_info:
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- haproxy
|
- haproxy
|
||||||
|
|
||||||
dependencies: []
|
dependencies:
|
||||||
|
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-keepalived.git
|
||||||
|
version: master
|
||||||
|
name: keepalived
|
||||||
|
state: latest
|
||||||
|
when: haproxy_ha_with_keepalived
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: Manage the composition of haproxy as a docker swarm service
|
||||||
|
block:
|
||||||
|
- name: Install the docker compose file
|
||||||
|
template: src=haproxy-docker-compose.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-compose.yml
|
||||||
|
|
||||||
|
- name: Run the docker compose file to start the service
|
||||||
|
docker_compose:
|
||||||
|
project_src: '{{ haproxy_docker_compose_dir }}'
|
||||||
|
state: present
|
||||||
|
pull: yes
|
||||||
|
recreate: smart
|
||||||
|
|
||||||
|
when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node
|
||||||
|
tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker' ]
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- import_tasks: haproxy-service.yml
|
- import_tasks: haproxy-service.yml
|
||||||
|
when: not haproxy_docker_container
|
||||||
- import_tasks: haproxy-letsencrypt-acme-sh.yml
|
- import_tasks: haproxy-letsencrypt-acme-sh.yml
|
||||||
when:
|
when:
|
||||||
- haproxy_letsencrypt_managed
|
- haproxy_letsencrypt_managed
|
||||||
|
@ -7,26 +8,31 @@
|
||||||
- import_tasks: haproxy-ssl.yml
|
- import_tasks: haproxy-ssl.yml
|
||||||
when:
|
when:
|
||||||
- haproxy_letsencrypt_managed
|
- haproxy_letsencrypt_managed
|
||||||
|
- not haproxy_docker_container
|
||||||
|
|
||||||
- import_tasks: haproxy-nagios.yml
|
- import_tasks: haproxy-nagios.yml
|
||||||
when:
|
when:
|
||||||
- nagios_enabled is defined
|
- nagios_enabled is defined and nagios_enabled
|
||||||
- nagios_enabled
|
- not haproxy_docker_container
|
||||||
|
|
||||||
|
- import_tasks: haproxy-docker-service.yml
|
||||||
|
when: not haproxy_docker_container
|
||||||
|
|
||||||
|
- block:
|
||||||
- name: Ensure that haproxy is enabled and started
|
- name: Ensure that haproxy is enabled and started
|
||||||
service: name=haproxy state=restarted enabled=yes
|
service: name=haproxy state=restarted enabled=yes
|
||||||
when: haproxy_enabled
|
when: haproxy_enabled
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
tags: haproxy
|
|
||||||
|
|
||||||
- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
|
- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
|
||||||
service: name=rsyslog state=restarted
|
service: name=rsyslog state=restarted
|
||||||
when:
|
when:
|
||||||
- haproxy_enabled
|
- haproxy_enabled
|
||||||
- install_haproxy is changed
|
- install_haproxy is changed
|
||||||
tags: haproxy
|
|
||||||
|
|
||||||
- name: Ensure that haproxy is stopped and disabled if needed
|
- name: Ensure that haproxy is stopped and disabled if needed
|
||||||
service: name=haproxy state=stopped enabled=no
|
service: name=haproxy state=stopped enabled=no
|
||||||
when: not haproxy_enabled
|
when: not haproxy_enabled
|
||||||
tags: haproxy
|
|
||||||
|
tags: [ 'haproxy', 'haproxy_service' ]
|
||||||
|
when: not haproxy_docker_container
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
haproxy:
|
||||||
|
image: haproxytech/haproxy-debian:{{ haproxy_version }}
|
||||||
|
volumes:
|
||||||
|
- '{{ haproxy_cert_dir }}':'{{ haproxy_cert_dir }}':ro
|
||||||
|
- /etc/haproxy:/etc/haproxy:ro
|
||||||
|
ports:
|
||||||
|
- target: '{{ haproxy_default_port }}'
|
||||||
|
published: '{{ haproxy_default_port }}'
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
- target: '{{ haproxy_ssl_port }}'
|
||||||
|
published: '{{ haproxy_ssl_port }}'
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
{% if docker_swarm_haproxy_networks is defined %}
|
||||||
|
networks:
|
||||||
|
{% for net in docker_swarm_haproxy_networks %}
|
||||||
|
- {{ net }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if docker_swarm_haproxy_additional_services is defined %}
|
||||||
|
{% for net in docker_swarm_haproxy_additional_services %}
|
||||||
|
- {{ net.service_overlay_network }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
endpoint_mode: dnsrr
|
||||||
|
placement:
|
||||||
|
constraints: [node.role == manager]
|
||||||
|
restart_policy:
|
||||||
|
condition: unless-stopped
|
||||||
|
delay: 5s
|
||||||
|
max_attempts: 3
|
||||||
|
window: 120s
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '2.0'
|
||||||
|
memory: 768M
|
||||||
|
reservations:
|
||||||
|
cpus: '1.0'
|
||||||
|
memory: 384M
|
||||||
|
{% if docker_log_to_journal %}
|
||||||
|
log_driver: 'journald'
|
||||||
|
{% endif %}
|
|
@ -29,6 +29,8 @@ cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE}
|
||||||
chmod 440 ${HAPROXY_CERTFILE}
|
chmod 440 ${HAPROXY_CERTFILE}
|
||||||
chgrp haproxy ${HAPROXY_CERTFILE}
|
chgrp haproxy ${HAPROXY_CERTFILE}
|
||||||
|
|
||||||
|
{% if not haproxy_docker_container %}
|
||||||
|
|
||||||
echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log
|
echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log
|
||||||
if [ -x /bin/systemctl ] ; then
|
if [ -x /bin/systemctl ] ; then
|
||||||
systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1
|
systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1
|
||||||
|
@ -44,6 +46,10 @@ else
|
||||||
echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log
|
echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
{% else %}
|
||||||
|
docker kill --signal USR2 $(docker container ls --filter name=haproxy-service --quiet)
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
echo "Done." >> $LE_LOG_DIR/haproxy.log
|
echo "Done." >> $LE_LOG_DIR/haproxy.log
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
Loading…
Reference in New Issue