diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index ec6afaa0a5f2848cd13f1f423f92de7b5c229f45..14a5b81c36b8f9824f403ab23142be647c7c48eb 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2,22 +2,6 @@ dslproxy: "<CHANGE_ME:hostname>" -soctools_users: - - firstname: "Arne" - lastname: "Oslebo" - username: "arne.oslebo" - email: "arne.oslebo@uninett.no" - DN: "CN=Arne Oslebo" - CN: "Arne Oslebo" - password: "Pass002" - - firstname: "Bozidar" - lastname: "Proevski" - username: "bozidar.proevski" - email: "bozidar.proevski@finki.ukim.mk" - DN: "CN=Bozidar Proevski" - CN: "Bozidar Proevski" - password: "Pass001" - # TheHive Button plugin THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/" THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0" @@ -30,6 +14,11 @@ repo: gn43-dsl version: 7 suffix: a20200612 +haproxy_name: "dsoclab-haproxy" +haproxy_version: "2.2" +haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}" +HAPROXY_PROCESSES: "2" + temp_root: "/tmp/centosbuild" openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}" @@ -39,9 +28,6 @@ zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}" nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}" -nginx_name: "dsoclab-nginx" -nginx_img: "{{repo}}/nginx:{{version}}{{suffix}}" - kspass: "Testing003" tspass: "Testing003" @@ -58,6 +44,21 @@ nifi_repo: "https://archive.apache.org/dist" ca_cn: "SOCTOOLS-CA" +soctools_users: + - firstname: "Arne" + lastname: "Oslebo" + username: "arne.oslebo" + email: "arne.oslebo@uninett.no" + DN: "CN=Arne Oslebo" + CN: "Arne Oslebo" + password: "Pass002" + - firstname: "Bozidar" + lastname: "Proevski" + username: "bozidar.proevski" + email: "bozidar.proevski@finki.ukim.mk" + DN: "CN=Bozidar Proevski" + CN: "Bozidar Proevski" + password: "Pass001" odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}" odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}" diff --git a/roles/build/files/haproxy.cfg b/roles/build/files/haproxy.cfg new file mode 100644 index 0000000000000000000000000000000000000000..3f2dab4ac861bcbdad2fe199a1efcd3267d1f509 --- /dev/null +++ b/roles/build/files/haproxy.cfg @@ -0,0 +1,8 @@ +global + quiet + +defaults + maxconn 5000 + timeout connect 5s + timeout client 20s + timeout server 20s diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml new file mode 100644 index 0000000000000000000000000000000000000000..9cb45f840be6ad255b6420abcabc83fbed79b96a --- /dev/null +++ b/roles/build/tasks/haproxy.yml @@ -0,0 +1,10 @@ +--- + +- name: Configure the haproxy Dockerfile + template: + src: haproxy/Dockerfile.j2 + dest: "{{role_path}}/files/haproxyDockerfile" + +- name: Build haproxy image + command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files + diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml index 23ea8307a033a560bfbd101747902b055b05e004..535dc196b5beffbec1df5c72d3e535d0ee9cd0cf 100644 --- a/roles/build/tasks/main.yml +++ b/roles/build/tasks/main.yml @@ -6,7 +6,7 @@ fail_msg: "Review *all* settings in group_vars/all/main.yml" - include: centos.yml -- include: nginx.yml +- include: haproxy.yml - include: openjdk.yml - include: zookeeper.yml - include: nifi.yml diff --git a/roles/build/tasks/nginx.yml b/roles/build/tasks/nginx.yml deleted file mode 100644 index bf91a869f63923cc57407c93ee59c3233dde8588..0000000000000000000000000000000000000000 --- a/roles/build/tasks/nginx.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Configure the nginx Dockerfile - template: - src: nginx/Dockerfile.j2 - dest: "{{role_path}}/files/nginxDockerfile" - -- name: Build nginx image - command: docker build -t {{repo}}/nginx:{{version}}{{suffix}} -f {{role_path}}/files/nginxDockerfile {{role_path}}/files - diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2 new file mode 100644 index 0000000000000000000000000000000000000000..f917f31919e708595795017a58c3f14df7424030 --- /dev/null +++ b/roles/build/templates/haproxy/Dockerfile.j2 @@ -0,0 +1,6 @@ +FROM haproxy:{{haproxy_version}} + +RUN apt-get update && apt-get install -y python +COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + +CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/roles/build/templates/nginx/Dockerfile.j2 b/roles/build/templates/nginx/Dockerfile.j2 deleted file mode 100644 index d8932f769c3e5ab10e6e123e4db2a51eb84a4560..0000000000000000000000000000000000000000 --- a/roles/build/templates/nginx/Dockerfile.j2 +++ /dev/null @@ -1,16 +0,0 @@ -FROM {{repo}}/centos:{{version}}{{suffix}} - -RUN yum update -y; \ - yum install -y wget unzip curl nginx nginx-all-modules - -RUN yum clean all - -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -STOPSIGNAL SIGTERM - -CMD ["nginx", "-g", "daemon off;"] - diff --git a/roles/docker/tasks/nginx.yml b/roles/docker/tasks/haproxy.yml similarity index 58% rename from roles/docker/tasks/nginx.yml rename to roles/docker/tasks/haproxy.yml index 683c6364b6cd1992f64c0eeeb50daca632c233d0..0cc981e0da9af75ab9145081ab3b5b84b08ce92c 100644 --- a/roles/docker/tasks/nginx.yml +++ b/roles/docker/tasks/haproxy.yml @@ -1,15 +1,16 @@ --- -- name: Create nginx proxy +- name: Create haproxy container docker_container: - name: "{{ nginx_name }}" - hostname: "{{ nginx_name }}" - image: "{{ nginx_img }}" + name: "{{ haproxy_name }}" + hostname: "{{ haproxy_name }}" + image: "{{ haproxy_img }}" networks: - name: "{{ soctools_netname}}" networks_cli_compatible: yes published_ports: - "443:443" + - "8888:8888" - "8443:8443" - "9443:9443" - "9200:9200" @@ -17,9 +18,9 @@ tags: - start -- name: Destroy nginx proxy +- name: Destroy haproxy container docker_container: - name: "{{ nginx_name }}" + name: "{{ haproxy_name }}" state: absent tags: - stop diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7c22b2c1bd2ef416e381d0c3c1cc6683a97c9f8c..109bda670691be2ba9281a2775fac3e8dcf63a21 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -8,6 +8,6 @@ - include: odfees.yml - include: odfekibana.yml - include: keycloak.yml -- include: nginx.yml +- include: haproxy.yml - include: networkremove.yml diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index dae41edebbd39a5c61454561add45a9adce3e80a..32eb6e35fcd84787130ef470cac03a9d4a90b383 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -1,12 +1,16 @@ --- # tasks file for haproxy -- name: Create directory - file: - name: /usr/local/etc/haproxy - state: directory +- name: Copy haproxy configuration file + template: + src: haproxy.cfg.j2 + dest: /usr/local/etc/haproxy/haproxy.cfg + tags: + - start + - reconf -- name: Copy file - copy: - src: haproxy.cfg - dest: /usr/local/etc/haproxy/haproxy.cfg \ No newline at end of file +- name: Reload haproxy service + shell: kill -USR2 1 + tags: + - start + - reconf diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 0000000000000000000000000000000000000000..61539910dd36aa1e0afe3ebb01c417aa916372f1 --- /dev/null +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,115 @@ +global + #quiet + log stdout format raw local0 + nbproc {{ HAPROXY_PROCESSES }} + +defaults + mode http + maxconn 5000 + log global + timeout connect 5s + timeout client 20s + timeout server 20s + +listen stats + bind 0.0.0.0:8888 + stats enable + stats hide-version + stats uri / + stats realm HAProxy Statistics + stats auth haproxy:eiph2Eepaizicheelah3tei+bae3ohgh + +listen nifiserv + bind *:9443 + mode http + maxconn 5000 + fullconn 5000 + balance source + option tcpka +{% for nifihost in groups['nificontainers'] %} + server {{nifihost}} {{nifihost}}:9443 check +{% endfor %} + +listen odfeserv + bind *:9200 + mode http + maxconn 5000 + fullconn 5000 + balance source + option tcpka +{% for odfehost in groups['odfeescontainers'] %} + server {{odfehost}} {{odfehost}}:9200 check +{% endfor %} + +listen keycloakserv + bind *:10443 + mode http + maxconn 5000 + fullconn 5000 + balance source + option tcpka +{% for keycloakhost in groups['keycloakcontainers'] %} + server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none +{% endfor %} + +{% for port in range(50, 60) %} +listen nifiservtcp77{{port}} + bind *:77{{port}} + mode tcp + maxconn 5000 + fullconn 5000 + balance source + option tcpka + option tcp-check + tcp-check connect port 77{{port}} +{% for nifihost in groups['nificontainers'] %} + server {{nifihost}} {{nifihost}}:77{{port}} check + +{% endfor %} +{% endfor %} + + +listen nifiservtcp7771 + bind *:7771 + mode tcp + maxconn 5000 + fullconn 5000 + balance source + option tcpka + option tcp-check + tcp-check connect port 7771 +{% for nifihost in groups['nificontainers'] %} + server {{nifihost}} {{nifihost}}:7771 check +{% endfor %} + + +{% for port in range(5000, 5020) %} +listen nifiservhttp{{port}} + bind *:{{port}} + mode http + maxconn 5000 + fullconn 5000 + balance source + option tcpka +{% for nifihost in groups['nificontainers'] %} + server {{nifihost}} {{nifihost}}:77{{port}} check + +{% endfor %} +{% endfor %} + + +{% for port in range(6000, 6020) %} +listen nifiservtcp{{port}} + bind *:{{port}} + mode tcp + maxconn 5000 + fullconn 5000 + balance source + option tcpka + option tcp-check + tcp-check connect port {{port}} +{% for nifihost in groups['nificontainers'] %} + server {{nifihost}} {{nifihost}}:77{{port}} check + +{% endfor %} +{% endfor %} diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/roles/nginx/files/.empty b/roles/nginx/files/.empty deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml deleted file mode 100644 index 1d158637b4f432e9833075b2ef95154a2f182074..0000000000000000000000000000000000000000 --- a/roles/nginx/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: Configure nginx for proxying - template: - src: nginx.conf.j2 - dest: /etc/nginx/nginx.conf - tags: - - start - - reconf - -- name: Restart nginx service - command: nginx -s reload - tags: - - start - - reconf diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 deleted file mode 100644 index dd788829fa2006795bbc99017da833b42068eb4b..0000000000000000000000000000000000000000 --- a/roles/nginx/templates/nginx.conf.j2 +++ /dev/null @@ -1,68 +0,0 @@ -user nginx; -include /usr/share/nginx/modules/*.conf; -worker_processes 1; - -error_log /var/log/nginx/error.log info; -pid /run/nginx.pid; -events { - worker_connections 1024; -} - -stream { - resolver 127.0.0.11; - - upstream nifiserv { - hash $remote_addr consistent; - {% for nifihost in groups['nificontainers'] %} - server {{nifihost}}:9443; - {% endfor %} - } - server { - listen 9443; - proxy_pass nifiserv; - } - - upstream odfeserv { - hash $remote_addr consistent; - {% for odfehost in groups['odfeescontainers'] %} - server {{odfehost}}:9200; - {% endfor %} - } - server { - listen 9200; - proxy_pass odfeserv; - } - - upstream keycloakserv { - {% for keycloakhost in groups['keycloakcontainers'] %} - server {{keycloakhost}}:8443; - {% endfor %} - } - server { - listen 10443; - proxy_pass keycloakserv; - } - - {% for port in range(50, 60) %} - upstream nifiservtcp77{{port}} { - {% for nifihost in groups['nificontainers'] %} - server {{nifihost}}:77{{port}}; - {% endfor %} - } - server { - listen 77{{port}}; - proxy_pass nifiservtcp77{{port}}; - } - {% endfor %} - - upstream nifiservtcp7771 { - {% for nifihost in groups['nificontainers'] %} - server {{nifihost}}:7771; - {% endfor %} - } - server { - listen 7771; - proxy_pass nifiservtcp7771; - } -} - diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/soctools-inventory b/soctools-inventory index ee70732c83a10dc814738b0a29277f8f10b7fcd6..254a62bfdcaf711064c43297b5a92ac7cdec73a5 100644 --- a/soctools-inventory +++ b/soctools-inventory @@ -16,6 +16,5 @@ dsoclab-kibana ansible_connection=docker [keycloakcontainers] dsoclab-keycloak ansible_connection=docker -[nginx] -dsoclab-nginx ansible_connection=docker - +[haproxy] +dsoclab-haproxy ansible_connection=docker diff --git a/startsoctools.yml b/startsoctools.yml index 3ddc7dc09f32c58625d0d9145c6d870cc45f3af8..a5f63b264786d7984148463a68e0bf4ac0189053 100644 --- a/startsoctools.yml +++ b/startsoctools.yml @@ -5,10 +5,10 @@ roles: - docker -- name: Reconfigure and start nginx - hosts: nginx +- name: Reconfigure and start haproxy + hosts: haproxy roles: - - nginx + - haproxy - name: Reconfigure and start Keycloak hosts: keycloakcontainers