From 876a5d58f8ed6749417ed36daa81f1dab8e5b688 Mon Sep 17 00:00:00 2001
From: Temur Maisuradze <temur@grena.ge>
Date: Fri, 25 Sep 2020 14:41:24 +0400
Subject: [PATCH] replace nginx with haproxy
---
group_vars/all/main.yml | 39 +++---
roles/build/files/haproxy.cfg | 8 ++
roles/build/tasks/haproxy.yml | 10 ++
roles/build/tasks/main.yml | 2 +-
roles/build/tasks/nginx.yml | 10 --
roles/build/templates/haproxy/Dockerfile.j2 | 6 +
roles/build/templates/nginx/Dockerfile.j2 | 16 ---
roles/docker/tasks/{nginx.yml => haproxy.yml} | 13 +-
roles/docker/tasks/main.yml | 2 +-
roles/haproxy/tasks/main.yml | 20 +--
roles/haproxy/templates/haproxy.cfg.j2 | 115 ++++++++++++++++++
roles/nginx/defaults/main.yml | 0
roles/nginx/files/.empty | 0
roles/nginx/handlers/main.yml | 0
roles/nginx/meta/main.yml | 0
roles/nginx/tasks/main.yml | 15 ---
roles/nginx/templates/nginx.conf.j2 | 68 -----------
roles/nginx/vars/main.yml | 0
soctools-inventory | 5 +-
startsoctools.yml | 6 +-
20 files changed, 185 insertions(+), 150 deletions(-)
create mode 100644 roles/build/files/haproxy.cfg
create mode 100644 roles/build/tasks/haproxy.yml
delete mode 100644 roles/build/tasks/nginx.yml
create mode 100644 roles/build/templates/haproxy/Dockerfile.j2
delete mode 100644 roles/build/templates/nginx/Dockerfile.j2
rename roles/docker/tasks/{nginx.yml => haproxy.yml} (58%)
create mode 100644 roles/haproxy/templates/haproxy.cfg.j2
delete mode 100644 roles/nginx/defaults/main.yml
delete mode 100644 roles/nginx/files/.empty
delete mode 100644 roles/nginx/handlers/main.yml
delete mode 100644 roles/nginx/meta/main.yml
delete mode 100644 roles/nginx/tasks/main.yml
delete mode 100644 roles/nginx/templates/nginx.conf.j2
delete mode 100644 roles/nginx/vars/main.yml
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index ec6afaa..14a5b81 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -2,22 +2,6 @@
dslproxy: "<CHANGE_ME:hostname>"
-soctools_users:
- - firstname: "Arne"
- lastname: "Oslebo"
- username: "arne.oslebo"
- email: "arne.oslebo@uninett.no"
- DN: "CN=Arne Oslebo"
- CN: "Arne Oslebo"
- password: "Pass002"
- - firstname: "Bozidar"
- lastname: "Proevski"
- username: "bozidar.proevski"
- email: "bozidar.proevski@finki.ukim.mk"
- DN: "CN=Bozidar Proevski"
- CN: "Bozidar Proevski"
- password: "Pass001"
-
# TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
@@ -30,6 +14,11 @@ repo: gn43-dsl
version: 7
suffix: a20200612
+haproxy_name: "dsoclab-haproxy"
+haproxy_version: "2.2"
+haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"
+HAPROXY_PROCESSES: "2"
+
temp_root: "/tmp/centosbuild"
openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}"
@@ -39,9 +28,6 @@ zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
-nginx_name: "dsoclab-nginx"
-nginx_img: "{{repo}}/nginx:{{version}}{{suffix}}"
-
kspass: "Testing003"
tspass: "Testing003"
@@ -58,6 +44,21 @@ nifi_repo: "https://archive.apache.org/dist"
ca_cn: "SOCTOOLS-CA"
+soctools_users:
+ - firstname: "Arne"
+ lastname: "Oslebo"
+ username: "arne.oslebo"
+ email: "arne.oslebo@uninett.no"
+ DN: "CN=Arne Oslebo"
+ CN: "Arne Oslebo"
+ password: "Pass002"
+ - firstname: "Bozidar"
+ lastname: "Proevski"
+ username: "bozidar.proevski"
+ email: "bozidar.proevski@finki.ukim.mk"
+ DN: "CN=Bozidar Proevski"
+ CN: "Bozidar Proevski"
+ password: "Pass001"
odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
diff --git a/roles/build/files/haproxy.cfg b/roles/build/files/haproxy.cfg
new file mode 100644
index 0000000..3f2dab4
--- /dev/null
+++ b/roles/build/files/haproxy.cfg
@@ -0,0 +1,8 @@
+global
+ quiet
+
+defaults
+ maxconn 5000
+ timeout connect 5s
+ timeout client 20s
+ timeout server 20s
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
new file mode 100644
index 0000000..9cb45f8
--- /dev/null
+++ b/roles/build/tasks/haproxy.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure the haproxy Dockerfile
+ template:
+ src: haproxy/Dockerfile.j2
+ dest: "{{role_path}}/files/haproxyDockerfile"
+
+- name: Build haproxy image
+ command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
+
diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml
index 23ea830..535dc19 100644
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@@ -6,7 +6,7 @@
fail_msg: "Review *all* settings in group_vars/all/main.yml"
- include: centos.yml
-- include: nginx.yml
+- include: haproxy.yml
- include: openjdk.yml
- include: zookeeper.yml
- include: nifi.yml
diff --git a/roles/build/tasks/nginx.yml b/roles/build/tasks/nginx.yml
deleted file mode 100644
index bf91a86..0000000
--- a/roles/build/tasks/nginx.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: Configure the nginx Dockerfile
- template:
- src: nginx/Dockerfile.j2
- dest: "{{role_path}}/files/nginxDockerfile"
-
-- name: Build nginx image
- command: docker build -t {{repo}}/nginx:{{version}}{{suffix}} -f {{role_path}}/files/nginxDockerfile {{role_path}}/files
-
diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2
new file mode 100644
index 0000000..f917f31
--- /dev/null
+++ b/roles/build/templates/haproxy/Dockerfile.j2
@@ -0,0 +1,6 @@
+FROM haproxy:{{haproxy_version}}
+
+RUN apt-get update && apt-get install -y python
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
diff --git a/roles/build/templates/nginx/Dockerfile.j2 b/roles/build/templates/nginx/Dockerfile.j2
deleted file mode 100644
index d8932f7..0000000
--- a/roles/build/templates/nginx/Dockerfile.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM {{repo}}/centos:{{version}}{{suffix}}
-
-RUN yum update -y; \
- yum install -y wget unzip curl nginx nginx-all-modules
-
-RUN yum clean all
-
-RUN ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log
-
-EXPOSE 80 443
-
-STOPSIGNAL SIGTERM
-
-CMD ["nginx", "-g", "daemon off;"]
-
diff --git a/roles/docker/tasks/nginx.yml b/roles/docker/tasks/haproxy.yml
similarity index 58%
rename from roles/docker/tasks/nginx.yml
rename to roles/docker/tasks/haproxy.yml
index 683c636..0cc981e 100644
--- a/roles/docker/tasks/nginx.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -1,15 +1,16 @@
---
-- name: Create nginx proxy
+- name: Create haproxy container
docker_container:
- name: "{{ nginx_name }}"
- hostname: "{{ nginx_name }}"
- image: "{{ nginx_img }}"
+ name: "{{ haproxy_name }}"
+ hostname: "{{ haproxy_name }}"
+ image: "{{ haproxy_img }}"
networks:
- name: "{{ soctools_netname}}"
networks_cli_compatible: yes
published_ports:
- "443:443"
+ - "8888:8888"
- "8443:8443"
- "9443:9443"
- "9200:9200"
@@ -17,9 +18,9 @@
tags:
- start
-- name: Destroy nginx proxy
+- name: Destroy haproxy container
docker_container:
- name: "{{ nginx_name }}"
+ name: "{{ haproxy_name }}"
state: absent
tags:
- stop
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7c22b2c..109bda6 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -8,6 +8,6 @@
- include: odfees.yml
- include: odfekibana.yml
- include: keycloak.yml
-- include: nginx.yml
+- include: haproxy.yml
- include: networkremove.yml
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index dae41ed..32eb6e3 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -1,12 +1,16 @@
---
# tasks file for haproxy
-- name: Create directory
- file:
- name: /usr/local/etc/haproxy
- state: directory
+- name: Copy haproxy configuration file
+ template:
+ src: haproxy.cfg.j2
+ dest: /usr/local/etc/haproxy/haproxy.cfg
+ tags:
+ - start
+ - reconf
-- name: Copy file
- copy:
- src: haproxy.cfg
- dest: /usr/local/etc/haproxy/haproxy.cfg
\ No newline at end of file
+- name: Reload haproxy service
+ shell: kill -USR2 1
+ tags:
+ - start
+ - reconf
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
new file mode 100644
index 0000000..6153991
--- /dev/null
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -0,0 +1,115 @@
+global
+ #quiet
+ log stdout format raw local0
+ nbproc {{ HAPROXY_PROCESSES }}
+
+defaults
+ mode http
+ maxconn 5000
+ log global
+ timeout connect 5s
+ timeout client 20s
+ timeout server 20s
+
+listen stats
+ bind 0.0.0.0:8888
+ stats enable
+ stats hide-version
+ stats uri /
+ stats realm HAProxy Statistics
+ stats auth haproxy:eiph2Eepaizicheelah3tei+bae3ohgh
+
+listen nifiserv
+ bind *:9443
+ mode http
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+{% for nifihost in groups['nificontainers'] %}
+ server {{nifihost}} {{nifihost}}:9443 check
+{% endfor %}
+
+listen odfeserv
+ bind *:9200
+ mode http
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+{% for odfehost in groups['odfeescontainers'] %}
+ server {{odfehost}} {{odfehost}}:9200 check
+{% endfor %}
+
+listen keycloakserv
+ bind *:10443
+ mode http
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+{% for keycloakhost in groups['keycloakcontainers'] %}
+ server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none
+{% endfor %}
+
+{% for port in range(50, 60) %}
+listen nifiservtcp77{{port}}
+ bind *:77{{port}}
+ mode tcp
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+ option tcp-check
+ tcp-check connect port 77{{port}}
+{% for nifihost in groups['nificontainers'] %}
+ server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}
+
+
+listen nifiservtcp7771
+ bind *:7771
+ mode tcp
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+ option tcp-check
+ tcp-check connect port 7771
+{% for nifihost in groups['nificontainers'] %}
+ server {{nifihost}} {{nifihost}}:7771 check
+{% endfor %}
+
+
+{% for port in range(5000, 5020) %}
+listen nifiservhttp{{port}}
+ bind *:{{port}}
+ mode http
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+{% for nifihost in groups['nificontainers'] %}
+ server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}
+
+
+{% for port in range(6000, 6020) %}
+listen nifiservtcp{{port}}
+ bind *:{{port}}
+ mode tcp
+ maxconn 5000
+ fullconn 5000
+ balance source
+ option tcpka
+ option tcp-check
+ tcp-check connect port {{port}}
+{% for nifihost in groups['nificontainers'] %}
+ server {{nifihost}} {{nifihost}}:77{{port}} check
+
+{% endfor %}
+{% endfor %}
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
deleted file mode 100644
index e69de29..0000000
diff --git a/roles/nginx/files/.empty b/roles/nginx/files/.empty
deleted file mode 100644
index e69de29..0000000
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
deleted file mode 100644
index e69de29..0000000
diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml
deleted file mode 100644
index e69de29..0000000
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
deleted file mode 100644
index 1d15863..0000000
--- a/roles/nginx/tasks/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Configure nginx for proxying
- template:
- src: nginx.conf.j2
- dest: /etc/nginx/nginx.conf
- tags:
- - start
- - reconf
-
-- name: Restart nginx service
- command: nginx -s reload
- tags:
- - start
- - reconf
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
deleted file mode 100644
index dd78882..0000000
--- a/roles/nginx/templates/nginx.conf.j2
+++ /dev/null
@@ -1,68 +0,0 @@
-user nginx;
-include /usr/share/nginx/modules/*.conf;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log info;
-pid /run/nginx.pid;
-events {
- worker_connections 1024;
-}
-
-stream {
- resolver 127.0.0.11;
-
- upstream nifiserv {
- hash $remote_addr consistent;
- {% for nifihost in groups['nificontainers'] %}
- server {{nifihost}}:9443;
- {% endfor %}
- }
- server {
- listen 9443;
- proxy_pass nifiserv;
- }
-
- upstream odfeserv {
- hash $remote_addr consistent;
- {% for odfehost in groups['odfeescontainers'] %}
- server {{odfehost}}:9200;
- {% endfor %}
- }
- server {
- listen 9200;
- proxy_pass odfeserv;
- }
-
- upstream keycloakserv {
- {% for keycloakhost in groups['keycloakcontainers'] %}
- server {{keycloakhost}}:8443;
- {% endfor %}
- }
- server {
- listen 10443;
- proxy_pass keycloakserv;
- }
-
- {% for port in range(50, 60) %}
- upstream nifiservtcp77{{port}} {
- {% for nifihost in groups['nificontainers'] %}
- server {{nifihost}}:77{{port}};
- {% endfor %}
- }
- server {
- listen 77{{port}};
- proxy_pass nifiservtcp77{{port}};
- }
- {% endfor %}
-
- upstream nifiservtcp7771 {
- {% for nifihost in groups['nificontainers'] %}
- server {{nifihost}}:7771;
- {% endfor %}
- }
- server {
- listen 7771;
- proxy_pass nifiservtcp7771;
- }
-}
-
diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml
deleted file mode 100644
index e69de29..0000000
diff --git a/soctools-inventory b/soctools-inventory
index ee70732..254a62b 100644
--- a/soctools-inventory
+++ b/soctools-inventory
@@ -16,6 +16,5 @@ dsoclab-kibana ansible_connection=docker
[keycloakcontainers]
dsoclab-keycloak ansible_connection=docker
-[nginx]
-dsoclab-nginx ansible_connection=docker
-
+[haproxy]
+dsoclab-haproxy ansible_connection=docker
diff --git a/startsoctools.yml b/startsoctools.yml
index 3ddc7dc..a5f63b2 100644
--- a/startsoctools.yml
+++ b/startsoctools.yml
@@ -5,10 +5,10 @@
roles:
- docker
-- name: Reconfigure and start nginx
- hosts: nginx
+- name: Reconfigure and start haproxy
+ hosts: haproxy
roles:
- - nginx
+ - haproxy
- name: Reconfigure and start Keycloak
hosts: keycloakcontainers
--
GitLab