use gn43-dsl/centos as basic image

c618605d · Arne Øslebø · 67e0c4a8 · c618605d · c618605d · c618605d
Commit c618605d authored 4 years ago by Arne Øslebø
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
 ---
-dslproxy: "<CHANGE_ME:hostname>"
+dslproxy: "arne-centos2.cert-labs.uninett.no"
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"

--- a/roles/build/templates/haproxy/Dockerfile.j2
+++ b/roles/build/templates/haproxy/Dockerfile.j2
-FROM haproxy:{{haproxy_version}}
+FROM gn43-dsl/centos:7a20200612
-RUN apt-get update && apt-get install -y python
+ENV HAPROXY_VERSION 2.2.3
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
+ENV HAPROXY_SHA256 7209db363d4dbecb21133f37b01048df666aebc14ff543525dbea79be202064e
+ENV OPENSSL_VERSION=1.0.2u
+# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
+RUN \
+  yum install -y epel-release && \
+  yum update -y && \
+  `# Install build tools. Note: perl needed to compile openssl...` \
+  yum install -y \
+  inotify-tools \
+  wget \
+  tar \
+  gzip \
+  make \
+  gcc \
+  perl \
+  pcre-devel \
+  zlib-devel \
+  iptables \
+  pcre2-devel \
+  pth-devel && \
+  `# Install newest openssl...` \
+  wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+  tar -zxf /tmp/openssl.tgz -C /tmp && \
+  cd /tmp/openssl-* && \
+  ./config --prefix=/usr \
+  --openssldir=/etc/ssl \
+  --libdir=lib          \
+  no-shared zlib-dynamic && \
+  make -j$(getconf _NPROCESSORS_ONLN) V= && make install_sw && \
+  cd && rm -rf /tmp/openssl* && \
+  `# Install HAProxy...` \ 
+  && wget -O haproxy.tar.gz "$HAPROXY_URL" \
+  && echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c \
+  && mkdir -p /usr/src/haproxy \
+  && tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1 \
+  && rm haproxy.tar.gz \
+  \
+  && makeOpts=' \
+    TARGET=linux-glibc \
+    USE_GETADDRINFO=1 \
+    USE_OPENSSL=1 \
+    USE_PCRE2=1 USE_PCRE2_JIT=1 \
+    USE_ZLIB=1 \
+    \
+    EXTRA_OBJS=" \
+# see https://github.com/docker-library/haproxy/issues/94#issuecomment-505673353 for more details about prometheus support
+      contrib/prometheus-exporter/service-prometheus.o \
+    " \
+  ' \
+  && nproc="$(nproc)" \
+  && eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts" \
+  && eval "make -C /usr/src/haproxy install-bin $makeOpts" \
+  \
+  && mkdir -p /usr/local/etc/haproxy \
+  && cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors \
+  && rm -rf /usr/src/haproxy 
+ENTRYPOINT ["/bin/bash"]
+# https://www.haproxy.org/download/1.8/doc/management.txt
+# "4. Stopping and restarting HAProxy"
+# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
+# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
+STOPSIGNAL SIGUSR1
+COPY haproxy-entrypoint.sh /
+ENTRYPOINT ["/haproxy-entrypoint.sh"]
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -9,8 +9,9 @@
    - start
    - reconf
- name: Reload haproxy service
+- name: Restart haproxy
  shell: kill -USR2 1
  tags:
    - start
    - reconf