ISTI-ansible-roles
/
ansible-role-haproxy
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support the installation of haproxy as docker service

This commit is contained in:
Andrea Dell'Amico 2020-09-30 15:19:54 +02:00
parent 7ac7a50225
commit cabbdac987
6 changed files with 103 additions and 18 deletions

3
defaults/main.yml
View File

@ -7,6 +7,9 @@ haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
haproxy_pkg_state: present haproxy_pkg_state: present
haproxy_enabled: True haproxy_enabled: True
haproxy_k_bind_non_local_ip: True haproxy_k_bind_non_local_ip: True
haproxy_docker_container: False
haproxy_docker_compose_dir: /src/haproxy_swarm
haproxy_ha_with_keepalived: False
haproxy_default_port: 80 haproxy_default_port: 80
haproxy_terminate_tls: False haproxy_terminate_tls: False

8
meta/main.yml
View File

@ -20,4 +20,10 @@ galaxy_info:
galaxy_tags: galaxy_tags:
- haproxy - haproxy
dependencies: [] dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-keepalived.git
version: master
name: keepalived
state: latest
when: haproxy_ha_with_keepalived

15
tasks/haproxy-docker-service.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Manage the composition of haproxy as a docker swarm service
block:
- name: Install the docker compose file
template: src=haproxy-docker-compose.yml.j2 dest={{ haproxy_docker_compose_dir }}/docker-compose.yml
- name: Run the docker compose file to start the service
docker_compose:
project_src: '{{ haproxy_docker_compose_dir }}'
state: present
pull: yes
recreate: smart
when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node
tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker' ]

16
tasks/main.yml
View File

@ -1,5 +1,6 @@
--- ---
- import_tasks: haproxy-service.yml - import_tasks: haproxy-service.yml
when: not haproxy_docker_container
- import_tasks: haproxy-letsencrypt-acme-sh.yml - import_tasks: haproxy-letsencrypt-acme-sh.yml
when: when:
- haproxy_letsencrypt_managed - haproxy_letsencrypt_managed
@ -7,26 +8,31 @@
- import_tasks: haproxy-ssl.yml - import_tasks: haproxy-ssl.yml
when: when:
- haproxy_letsencrypt_managed - haproxy_letsencrypt_managed
- not haproxy_docker_container
- import_tasks: haproxy-nagios.yml - import_tasks: haproxy-nagios.yml
when: when:
- nagios_enabled is defined - nagios_enabled is defined and nagios_enabled
- nagios_enabled - not haproxy_docker_container
- import_tasks: haproxy-docker-service.yml
when: not haproxy_docker_container
- block:
- name: Ensure that haproxy is enabled and started - name: Ensure that haproxy is enabled and started
service: name=haproxy state=restarted enabled=yes service: name=haproxy state=restarted enabled=yes
when: haproxy_enabled when: haproxy_enabled
ignore_errors: True ignore_errors: True
tags: haproxy
- name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient - name: Haproxy puts a new rsyslog directive. Restart rsyslog to activate it. Reload is not sufficient
service: name=rsyslog state=restarted service: name=rsyslog state=restarted
when: when:
- haproxy_enabled - haproxy_enabled
- install_haproxy is changed - install_haproxy is changed
tags: haproxy
- name: Ensure that haproxy is stopped and disabled if needed - name: Ensure that haproxy is stopped and disabled if needed
service: name=haproxy state=stopped enabled=no service: name=haproxy state=stopped enabled=no
when: not haproxy_enabled when: not haproxy_enabled
tags: haproxy
tags: [ 'haproxy', 'haproxy_service' ]
when: not haproxy_docker_container

49
templates/haproxy-docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,49 @@
version: '3.8'
services:
haproxy:
image: haproxytech/haproxy-debian:{{ haproxy_version }}
volumes:
- '{{ haproxy_cert_dir }}':'{{ haproxy_cert_dir }}':ro
- /etc/haproxy:/etc/haproxy:ro
ports:
- target: '{{ haproxy_default_port }}'
published: '{{ haproxy_default_port }}'
protocol: tcp
mode: host
- target: '{{ haproxy_ssl_port }}'
published: '{{ haproxy_ssl_port }}'
protocol: tcp
mode: host
{% if docker_swarm_haproxy_networks is defined %}
networks:
{% for net in docker_swarm_haproxy_networks %}
- {{ net }}
{% endfor %}
{% endif %}
{% if docker_swarm_haproxy_additional_services is defined %}
{% for net in docker_swarm_haproxy_additional_services %}
- {{ net.service_overlay_network }}
{% endfor %}
{% endif %}
deploy:
mode: replicated
replicas: 1
endpoint_mode: dnsrr
placement:
constraints: [node.role == manager]
restart_policy:
condition: unless-stopped
delay: 5s
max_attempts: 3
window: 120s
resources:
limits:
cpus: '2.0'
memory: 768M
reservations:
cpus: '1.0'
memory: 384M
{% if docker_log_to_journal %}
log_driver: 'journald'
{% endif %}

6
templates/haproxy-letsencrypt-acme.sh.j2
View File

@ -29,6 +29,8 @@ cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE}
chmod 440 ${HAPROXY_CERTFILE} chmod 440 ${HAPROXY_CERTFILE}
chgrp haproxy ${HAPROXY_CERTFILE} chgrp haproxy ${HAPROXY_CERTFILE}
{% if not haproxy_docker_container %}
echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log
if [ -x /bin/systemctl ] ; then if [ -x /bin/systemctl ] ; then
systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1 systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1
@ -44,6 +46,10 @@ else
echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log
fi fi
{% else %}
docker kill --signal USR2 $(docker container ls --filter name=haproxy-service --quiet)
{% endif %}
echo "Done." >> $LE_LOG_DIR/haproxy.log echo "Done." >> $LE_LOG_DIR/haproxy.log
exit 0 exit 0