From c618605d523db20cc498506652a3b788d46dbca5 Mon Sep 17 00:00:00 2001 From: Arne Oslebo <arne.oslebo@uninett.no> Date: Thu, 1 Oct 2020 14:55:41 +0200 Subject: [PATCH] use gn43-dsl/centos as basic image --- group_vars/all/main.yml | 2 +- roles/build/templates/haproxy/Dockerfile.j2 | 76 ++++++++++++++++++++- roles/haproxy/tasks/main.yml | 3 +- 3 files changed, 76 insertions(+), 5 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 14a5b81..f73b42c 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,6 +1,6 @@ --- -dslproxy: "<CHANGE_ME:hostname>" +dslproxy: "arne-centos2.cert-labs.uninett.no" # TheHive Button plugin THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/" diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2 index f917f31..602eb65 100644 --- a/roles/build/templates/haproxy/Dockerfile.j2 +++ b/roles/build/templates/haproxy/Dockerfile.j2 @@ -1,6 +1,76 @@ -FROM haproxy:{{haproxy_version}} +FROM gn43-dsl/centos:7a20200612 -RUN apt-get update && apt-get install -y python -COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg +ENV HAPROXY_VERSION 2.2.3 +ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz +ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e +ENV OPENSSL_VERSION=1.0.2u + + +# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments +RUN \ + yum install -y epel-release && \ + yum update -y && \ + `# Install build tools. Note: perl needed to compile openssl...` \ + yum install -y \ + inotify-tools \ + wget \ + tar \ + gzip \ + make \ + gcc \ + perl \ + pcre-devel \ + zlib-devel \ + iptables \ + pcre2-devel \ + pth-devel && \ + `# Install newest openssl...` \ + wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \ + tar -zxf /tmp/openssl.tgz -C /tmp && \ + cd /tmp/openssl-* && \ + ./config --prefix=/usr \ + --openssldir=/etc/ssl \ + --libdir=lib \ + no-shared zlib-dynamic && \ + make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \ + cd && rm -rf /tmp/openssl* && \ + `# Install HAProxy...` \ + && wget -O haproxy.tar.gz "$HAPROXY_URL" \ + && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \ + && mkdir -p /usr/src/haproxy \ + && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \ + && rm haproxy.tar.gz \ + \ + && makeOpts=' \ + TARGET=linux-glibc \ + USE_GETADDRINFO=1 \ + USE_OPENSSL=1 \ + USE_PCRE2=1 USE_PCRE2_JIT=1 \ + USE_ZLIB=1 \ + \ + EXTRA_OBJS=" \ +# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support + contrib/prometheus-exporter/service-prometheus.o \ + " \ + ' \ + && nproc="$(nproc)" \ + && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \ + && eval "make -C /usr/src/haproxy install-bin $makeOpts" \ + \ + && mkdir -p /usr/local/etc/haproxy \ + && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \ + && rm -rf /usr/src/haproxy + +ENTRYPOINT ["/bin/bash"] +# https://www.haproxy.org/download/1.8/doc/management.txt +# "4. Stopping and restarting HAProxy" +# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed" +# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process" +STOPSIGNAL SIGUSR1 + +COPY haproxy-entrypoint.sh / +ENTRYPOINT ["/haproxy-entrypoint.sh"] + +COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 32eb6e3..b8f8f88 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -9,8 +9,9 @@ - start - reconf -- name: Reload haproxy service +- name: Restart haproxy shell: kill -USR2 1 tags: - start - reconf + -- GitLab