replace nginx with haproxy

group_vars/all/main.yml

@@ -2,22 +2,6 @@
 
 dslproxy: "<CHANGE_ME:hostname>"
 
-soctools_users:
-  - firstname: "Arne"
-    lastname: "Oslebo"
-    username: "arne.oslebo"
-    email: "arne.oslebo@uninett.no"
-    DN: "CN=Arne Oslebo"
-    CN: "Arne Oslebo"
-    password: "Pass002"
-  - firstname: "Bozidar"
-    lastname: "Proevski"
-    username: "bozidar.proevski"
-    email: "bozidar.proevski@finki.ukim.mk"
-    DN: "CN=Bozidar Proevski"
-    CN: "Bozidar Proevski"
-    password: "Pass001"
-
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
 THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
@@ -30,6 +14,11 @@ repo: gn43-dsl
 version: 7
 suffix: a20200612
 
+haproxy_name: "dsoclab-haproxy"
+haproxy_version: "2.2"
+haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"
+HAPROXY_PROCESSES: "2"
+
 temp_root: "/tmp/centosbuild"
 
 openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}"
@@ -39,9 +28,6 @@ zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
 
 nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
 
-nginx_name: "dsoclab-nginx"
-nginx_img: "{{repo}}/nginx:{{version}}{{suffix}}"
-
 kspass: "Testing003"
 tspass: "Testing003"
 
@@ -58,6 +44,21 @@ nifi_repo: "https://archive.apache.org/dist"
 
 ca_cn: "SOCTOOLS-CA"
 
+soctools_users:
+  - firstname: "Arne"
+    lastname: "Oslebo"
+    username: "arne.oslebo"
+    email: "arne.oslebo@uninett.no"
+    DN: "CN=Arne Oslebo"
+    CN: "Arne Oslebo"
+    password: "Pass002"
+  - firstname: "Bozidar"
+    lastname: "Proevski"
+    username: "bozidar.proevski"
+    email: "bozidar.proevski@finki.ukim.mk"
+    DN: "CN=Bozidar Proevski"
+    CN: "Bozidar Proevski"
+    password: "Pass001"
 
 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
 odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"

roles/build/files/haproxy.cfg

+global
+  quiet
+
+defaults
+  maxconn 5000
+  timeout connect 5s
+  timeout client  20s
+  timeout server  20s

roles/build/tasks/haproxy.yml

+---
+
+- name: Configure the haproxy Dockerfile
+  template:
+    src: haproxy/Dockerfile.j2
+    dest: "{{role_path}}/files/haproxyDockerfile"
+
+- name: Build haproxy image
+  command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
+

roles/build/tasks/main.yml

@@ -6,7 +6,7 @@
     fail_msg: "Review *all* settings in group_vars/all/main.yml"
 
 - include: centos.yml
-- include: nginx.yml
+- include: haproxy.yml
 - include: openjdk.yml
 - include: zookeeper.yml
 - include: nifi.yml

roles/build/tasks/nginx.yml

----
-
-- name: Configure the nginx Dockerfile
-  template:
-    src: nginx/Dockerfile.j2
-    dest: "{{role_path}}/files/nginxDockerfile"
-
-- name: Build nginx image
-  command: docker build -t {{repo}}/nginx:{{version}}{{suffix}} -f {{role_path}}/files/nginxDockerfile {{role_path}}/files
-

roles/build/templates/haproxy/Dockerfile.j2

+FROM haproxy:{{haproxy_version}}
+
+RUN apt-get update && apt-get install -y python
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

roles/build/templates/nginx/Dockerfile.j2

-FROM {{repo}}/centos:{{version}}{{suffix}}
-
-RUN yum update -y; \
-    yum install -y wget unzip curl nginx nginx-all-modules
-
-RUN yum clean all
-
-RUN ln -sf /dev/stdout /var/log/nginx/access.log \
-        && ln -sf /dev/stderr /var/log/nginx/error.log
-
-EXPOSE 80 443
-
-STOPSIGNAL SIGTERM
-
-CMD ["nginx", "-g", "daemon off;"]
-

roles/docker/tasks/nginx.yml → roles/docker/tasks/haproxy.yml

 ---
 
-- name: Create nginx proxy
+- name: Create haproxy container
   docker_container:
-    name: "{{ nginx_name }}"
-    hostname: "{{ nginx_name }}"
-    image: "{{ nginx_img }}"
+    name: "{{ haproxy_name }}"
+    hostname: "{{ haproxy_name }}"
+    image: "{{ haproxy_img }}"
     networks:
       - name: "{{ soctools_netname}}"
     networks_cli_compatible: yes
     published_ports:
       - "443:443"
+      - "8888:8888"
       - "8443:8443"
       - "9443:9443"
       - "9200:9200"
@@ -17,9 +18,9 @@
   tags:
     - start
 
-- name: Destroy nginx proxy
+- name: Destroy haproxy container
   docker_container:
-    name: "{{ nginx_name }}"
+    name: "{{ haproxy_name }}"
     state: absent
   tags:
     - stop

roles/docker/tasks/main.yml

@@ -8,6 +8,6 @@
 - include: odfees.yml
 - include: odfekibana.yml
 - include: keycloak.yml
-- include: nginx.yml
+- include: haproxy.yml
 - include: networkremove.yml
 

roles/haproxy/tasks/main.yml

 ---
 # tasks file for haproxy
 
-- name: Create directory
-  file:
-    name: /usr/local/etc/haproxy
-    state: directory
+- name: Copy haproxy configuration file
+  template:
+    src: haproxy.cfg.j2
+    dest: /usr/local/etc/haproxy/haproxy.cfg
+  tags:
+    - start
+    - reconf
 
-- name: Copy file
-  copy:
-    src: haproxy.cfg
-    dest: /usr/local/etc/haproxy/haproxy.cfg
\ No newline at end of file
+- name: Reload haproxy service
+  shell: kill -USR2 1
+  tags:
+    - start
+    - reconf

roles/haproxy/templates/haproxy.cfg.j2

+global
+  #quiet
+  log stdout format raw local0
+  nbproc {{ HAPROXY_PROCESSES }}
+
+defaults
+  mode http
+  maxconn 5000
+  log global
+  timeout connect 5s
+  timeout client  20s
+  timeout server  20s
+
+listen stats
+        bind 0.0.0.0:8888
+        stats enable
+        stats hide-version
+        stats uri     /
+        stats realm   HAProxy Statistics
+        stats auth    haproxy:eiph2Eepaizicheelah3tei+bae3ohgh
+
+listen nifiserv
+	bind *:9443
+	mode http
+	maxconn 5000
+	fullconn 5000
+	balance source
+	option tcpka
+{% for nifihost in groups['nificontainers'] %}
+	server {{nifihost}} {{nifihost}}:9443 check
+{% endfor %}
+
+listen odfeserv
+        bind *:9200
+        mode http
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+{% for odfehost in groups['odfeescontainers'] %}
+     	server {{odfehost}} {{odfehost}}:9200 check
+{% endfor %}
+	
+listen keycloakserv
+        bind *:10443
+        mode http
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+{% for keycloakhost in groups['keycloakcontainers'] %}
+	server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none
+{% endfor %}
+
+{% for port in range(50, 60) %}
+listen nifiservtcp77{{port}}
+	bind *:77{{port}}
+	mode tcp
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+	option tcp-check
+	tcp-check connect port 77{{port}}
+{% for nifihost in groups['nificontainers'] %}
+   	server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}
+
+
+listen nifiservtcp7771
+	bind *:7771
+	mode tcp
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+	option tcp-check
+	tcp-check connect port 7771
+{% for nifihost in groups['nificontainers'] %}
+   	server {{nifihost}} {{nifihost}}:7771 check
+{% endfor %}
+
+
+{% for port in range(5000, 5020) %}
+listen nifiservhttp{{port}}
+        bind *:{{port}}
+        mode http
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+{% for nifihost in groups['nificontainers'] %}
+        server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}
+
+
+{% for port in range(6000, 6020) %}
+listen nifiservtcp{{port}}
+        bind *:{{port}}
+        mode tcp 
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+        option tcp-check
+        tcp-check connect port {{port}}
+{% for nifihost in groups['nificontainers'] %}
+        server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}

roles/nginx/tasks/main.yml

----
-
-- name: Configure nginx for proxying
-  template:
-    src: nginx.conf.j2
-    dest: /etc/nginx/nginx.conf
-  tags:
-    - start
-    - reconf
-
-- name: Restart nginx service
-  command: nginx -s reload
-  tags:
-    - start
-    - reconf

roles/nginx/templates/nginx.conf.j2

-user  nginx;
-include /usr/share/nginx/modules/*.conf;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log info;
-pid        /run/nginx.pid;
-events {
-    worker_connections  1024;
-}
-
-stream {
-  resolver 127.0.0.11;
-
-  upstream nifiserv {
-  hash $remote_addr consistent;
-  {% for nifihost in groups['nificontainers'] %}
-     server {{nifihost}}:9443;
-  {% endfor %}
-  }
-  server {
-    listen 9443;
-    proxy_pass nifiserv;
-  }
-
-  upstream odfeserv {
-  hash $remote_addr consistent;
-  {% for odfehost in groups['odfeescontainers'] %}
-     server {{odfehost}}:9200;
-  {% endfor %}
-  }
-  server {
-    listen 9200;
-    proxy_pass odfeserv;
-  }
-
-  upstream keycloakserv {
-  {% for keycloakhost in groups['keycloakcontainers'] %}
-     server {{keycloakhost}}:8443;
-  {% endfor %}
-  }
-  server {
-    listen 10443;
-    proxy_pass keycloakserv;
-  }
-
-  {% for port in range(50, 60) %}
-  upstream nifiservtcp77{{port}} {
-  {% for nifihost in groups['nificontainers'] %}
-     server {{nifihost}}:77{{port}};
-  {% endfor %}
-  }
-  server {
-    listen 77{{port}};
-    proxy_pass nifiservtcp77{{port}};
-  }
-  {% endfor %}
-
-  upstream nifiservtcp7771 {
-  {% for nifihost in groups['nificontainers'] %}
-     server {{nifihost}}:7771;
-  {% endfor %}
-  }
-  server {
-    listen 7771;
-    proxy_pass nifiservtcp7771;
-  }
-}
-

soctools-inventory

@@ -16,6 +16,5 @@ dsoclab-kibana ansible_connection=docker
 [keycloakcontainers]
 dsoclab-keycloak ansible_connection=docker
 
-[nginx]
-dsoclab-nginx ansible_connection=docker
-
+[haproxy]
+dsoclab-haproxy ansible_connection=docker

startsoctools.yml

@@ -5,10 +5,10 @@
   roles:
     - docker
 
-- name: Reconfigure and start nginx
-  hosts: nginx
+- name: Reconfigure and start haproxy
+  hosts: haproxy
   roles:
-    - nginx
+    - haproxy
 
 - name: Reconfigure and start Keycloak
   hosts: keycloakcontainers