added support for cluster replacement
This commit is contained in:
parent
1aa5a12e26
commit
b593aabc91
|
@ -0,0 +1,56 @@
|
||||||
|
---
|
||||||
|
haproxy_latest_release: True
|
||||||
|
haproxy_version: 2.2
|
||||||
|
haproxy_repo_key: 'http://haproxy.debian.net/bernat.debian.org.gpg'
|
||||||
|
haproxy_debian_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main"
|
||||||
|
haproxy_ubuntu_latest_repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
|
||||||
|
haproxy_pkg_state: present
|
||||||
|
haproxy_enabled: True
|
||||||
|
haproxy_loglevel: info
|
||||||
|
haproxy_k_bind_non_local_ip: True
|
||||||
|
haproxy_docker_container: False
|
||||||
|
haproxy_docker_version: '{{ haproxy_version }}.4'
|
||||||
|
haproxy_docker_image: 'haproxytech/haproxy-debian:{{ haproxy_version }}.4'
|
||||||
|
haproxy_docker_compose_dir: /srv/haproxy_swarm
|
||||||
|
haproxy_docker_restart_policy: 'on-failure'
|
||||||
|
|
||||||
|
haproxy_ha_with_keepalived: False
|
||||||
|
haproxy_docker_swarm_networks:
|
||||||
|
- '{{ docker_swarm_portainer_network }}'
|
||||||
|
haproxy_docker_swarm_additional_networks: []
|
||||||
|
|
||||||
|
haproxy_docker_swarm_haproxy_constraints:
|
||||||
|
- 'node.role == manager'
|
||||||
|
haproxy_docker_swarm_additional_services: [{ acl_name: 'conductor-server', acl_rule: 'hdr_dom(host) -i conductor-server.int.d4science.net', stack_name: 'conductor', service_name: 'conductor-server', service_replica_num: '2', service_port: '8080', service_overlay_network: 'conductor-network', stick_sessions: False, stick_on_cookie: True, stick_cookie: 'JSESSIONID', stick_table: 'type ip size 2m expire 180m', balance_type: 'roundrobin', backend_options: '', http_check_enabled: True, http_check: 'meth GET uri /api/health ver HTTP/1.1 hdr Host localhost', http_check_expect: 'rstatus (2|3)[0-9][0-9]' }, { acl_name: 'conductor-ui', acl_rule: 'hdr_dom(host) -i conductor-ui.int.d4science.net', stack_name: 'conductor', service_name: 'conductor-ui', service_replica_num: '2', service_port: '5000', service_overlay_network: 'conductor-network', stick_sessions: False, stick_on_cookie: True, stick_cookie: 'JSESSIONID', stick_table: 'type ip size 2m expire 180m', balance_type: 'roundrobin', backend_options: '', http_check_enabled: True, http_check: 'meth GET uri / ver HTTP/1.1 hdr Host localhost', http_check_expect: 'rstatus (2|3)[0-9][0-9]' }]
|
||||||
|
# - { acl_name: 'service', acl_rule: 'hdr_dom(host) -i service.example.com', stack_name: 'stack', service_name: 'service', service_replica_num: '1', service_port: '9999', service_overlay_network: 'service-network', stick_sessions: False, stick_on_cookie: True, stick_cookie: 'JSESSIONID', stick_table: 'type ip size 2m expire 180m', balance_type: 'roundrobin', backend_options: '', http_check_enabled: True, http_check: 'meth HEAD uri / ver HTTP/1.1 hdr Host localhost', http_check_expect: 'rstatus (2|3)[0-9][0-9]', allowed_networks: '192.168.1.0/24 192.168.2.0/24' }
|
||||||
|
|
||||||
|
haproxy_default_port: 80
|
||||||
|
haproxy_terminate_tls: False
|
||||||
|
haproxy_ssl_port: 443
|
||||||
|
haproxy_admin_port: 8880
|
||||||
|
haproxy_admin_socket: /run/haproxy/admin.sock
|
||||||
|
|
||||||
|
haproxy_install_additional_pkgs: False
|
||||||
|
haproxy_additional_pkgs:
|
||||||
|
- haproxyctl
|
||||||
|
- haproxy-log-analysis
|
||||||
|
|
||||||
|
haproxy_nagios_check: False
|
||||||
|
# It's a percentage
|
||||||
|
haproxy_nagios_check_w: 70
|
||||||
|
haproxy_nagios_check_c: 90
|
||||||
|
|
||||||
|
# Used by some other role as defaults, eg docker-swarm
|
||||||
|
haproxy_spread_checks: 5
|
||||||
|
haproxy_connect_timeout: 10s
|
||||||
|
haproxy_client_timeout: 120s
|
||||||
|
haproxy_server_timeout: 480s
|
||||||
|
haproxy_global_keepalive_timeout: 10s
|
||||||
|
haproxy_client_keepalive_timeout: 5184000s
|
||||||
|
haproxy_backend_maxconn: 2048
|
||||||
|
haproxy_check_interval: 3s
|
||||||
|
haproxy_check_timeout: 2s
|
||||||
|
haproxy_maxconns: 4096
|
||||||
|
|
||||||
|
haproxy_sysctl_conntrack_max: 131072
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: Generate haproxy config
|
||||||
|
template:
|
||||||
|
src: templates/haproxy.cfg.j2
|
||||||
|
dest: "{{ target_path }}/haproxy.cfg"
|
||||||
|
|
||||||
|
- name: Generate haproxy-docker-swarm
|
||||||
|
template:
|
||||||
|
src: templates/haproxy-docker-swarm.yaml.j2
|
||||||
|
dest: "{{ target_path }}/haproxy-swarm.yaml"
|
||||||
|
|
||||||
|
- name: Create the overlay network that will be joined by the proxied services
|
||||||
|
docker_network:
|
||||||
|
name: '{{ haproxy_docker_overlay_network }}'
|
||||||
|
driver: overlay
|
||||||
|
scope: swarm
|
|
@ -0,0 +1,56 @@
|
||||||
|
version: '3.6'
|
||||||
|
|
||||||
|
services:
|
||||||
|
haproxy:
|
||||||
|
image: {{ haproxy_docker_image }}
|
||||||
|
configs:
|
||||||
|
- source: haproxy-config
|
||||||
|
target: /usr/local/etc/haproxy/haproxy.cfg
|
||||||
|
networks:
|
||||||
|
- {{ haproxy_docker_overlay_network }}
|
||||||
|
volumes:
|
||||||
|
#- /etc/haproxy:/usr/local/etc/haproxy:ro
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
ports:
|
||||||
|
- target: {{ haproxy_default_port }}
|
||||||
|
published: {{ haproxy_default_port }}
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
- target: {{ haproxy_ssl_port }}
|
||||||
|
published: {{ haproxy_ssl_port }}
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
- target: {{ haproxy_admin_port }}
|
||||||
|
published: {{ haproxy_admin_port }}
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
dns: [127.0.0.11]
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
update_config:
|
||||||
|
parallelism: 1
|
||||||
|
delay: 20s
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- "node.role==manager"
|
||||||
|
restart_policy:
|
||||||
|
condition: {{ haproxy_docker_restart_policy}}
|
||||||
|
delay: 20s
|
||||||
|
max_attempts: 5
|
||||||
|
window: 120s
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '2.0'
|
||||||
|
memory: 768M
|
||||||
|
reservations:
|
||||||
|
cpus: '1.0'
|
||||||
|
memory: 384M
|
||||||
|
logging:
|
||||||
|
driver: 'journald'
|
||||||
|
configs:
|
||||||
|
haproxy-config:
|
||||||
|
file: ./haproxy.cfg
|
||||||
|
networks:
|
||||||
|
{{ haproxy_docker_overlay_network }}:
|
||||||
|
external: true
|
|
@ -0,0 +1,75 @@
|
||||||
|
global
|
||||||
|
log fd@2 local2
|
||||||
|
chroot /var/lib/haproxy
|
||||||
|
pidfile /var/run/haproxy.pid
|
||||||
|
maxconn 4000
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
stats socket /var/lib/haproxy/stats expose-fd listeners
|
||||||
|
master-worker
|
||||||
|
|
||||||
|
resolvers docker
|
||||||
|
nameserver dns1 127.0.0.11:53
|
||||||
|
resolve_retries 3
|
||||||
|
timeout resolve 1s
|
||||||
|
timeout retry 1s
|
||||||
|
hold other 10s
|
||||||
|
hold refused 10s
|
||||||
|
hold nx 10s
|
||||||
|
hold timeout 10s
|
||||||
|
hold valid 10s
|
||||||
|
hold obsolete 10s
|
||||||
|
|
||||||
|
defaults
|
||||||
|
timeout connect 10s
|
||||||
|
timeout client 30s
|
||||||
|
timeout server 30s
|
||||||
|
log global
|
||||||
|
monitor-uri /_haproxy_health_check
|
||||||
|
timeout http-keep-alive {{ haproxy_global_keepalive_timeout }}
|
||||||
|
timeout connect {{ haproxy_connect_timeout }}
|
||||||
|
timeout client {{ haproxy_client_timeout }}
|
||||||
|
timeout server {{ haproxy_server_timeout }}
|
||||||
|
timeout check {{ haproxy_check_timeout }}
|
||||||
|
timeout http-request 10s # slowloris protection
|
||||||
|
default-server inter 3s fall 2 rise 2 slowstart 60s
|
||||||
|
|
||||||
|
# Needed to preserve the stick tables
|
||||||
|
peers mypeers
|
||||||
|
peer local_haproxy 127.0.0.1:1024
|
||||||
|
|
||||||
|
frontend http
|
||||||
|
|
||||||
|
bind *:{{ haproxy_default_port }}
|
||||||
|
|
||||||
|
mode http
|
||||||
|
option http-keep-alive
|
||||||
|
|
||||||
|
{% for srv in haproxy_docker_swarm_additional_services %}
|
||||||
|
use_backend {{ srv.acl_name }}_bck if { {{ srv.acl_rule }} }
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Backends
|
||||||
|
#
|
||||||
|
|
||||||
|
{% for srv in haproxy_docker_swarm_additional_services %}
|
||||||
|
backend {{ srv.acl_name }}_bck
|
||||||
|
mode http
|
||||||
|
option httpchk
|
||||||
|
balance {{ srv.balance_type | default('roundrobin') }}
|
||||||
|
{% if srv.http_check_enabled is defined and srv.http_check_enabled %}
|
||||||
|
http-check send {{ srv.http_check }}
|
||||||
|
http-check expect {{ srv.http_check_expect }}
|
||||||
|
{% endif %}
|
||||||
|
{% if srv.stick_sessions %}
|
||||||
|
{% if srv.stick_on_cookie %}
|
||||||
|
cookie {{ srv.stick_cookie }}
|
||||||
|
{% else %}
|
||||||
|
stick on src
|
||||||
|
stick-table {{ srv.stick_table }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
server-template {{ srv.service_name }}- {{ srv.service_replica_num }} {{ srv.stack_name }}_{{ srv.service_name }}:{{ srv.service_port }} {{ srv.backend_options | default('') }} check resolvers docker init-addr libc,none
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
cluster_replacement: True
|
||||||
|
haproxy_docker_overlay_network: 'haproxy-public'
|
|
@ -1,3 +1,3 @@
|
||||||
---
|
---
|
||||||
target_path: /tmp/conductor_stack
|
target_path: /tmp/conductor_stack_haproxy
|
||||||
conductor_network: conductor-network
|
conductor_network: conductor-network
|
||||||
|
|
|
@ -2,3 +2,4 @@
|
||||||
conductor_replicas: 2
|
conductor_replicas: 2
|
||||||
conductor_config: conductor-swarm-config.properties
|
conductor_config: conductor-swarm-config.properties
|
||||||
conductor_config_template: "{{ conductor_config }}.j2"
|
conductor_config_template: "{{ conductor_config }}.j2"
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,19 @@ services:
|
||||||
image: nubisware/conductor-server
|
image: nubisware/conductor-server
|
||||||
networks:
|
networks:
|
||||||
- {{ conductor_network }}
|
- {{ conductor_network }}
|
||||||
|
{% if (cluster_replacement is defined and cluster_replacement) or (cluster_check is defined and cluster_check) %}
|
||||||
|
- {{ haproxy_docker_overlay_network }}
|
||||||
|
{% endif %}
|
||||||
|
{% if (cluster_replacement is not defined or not cluster_replacement) or (cluster_check is not defined or not cluster_check) %}
|
||||||
ports:
|
ports:
|
||||||
- "8080:8080"
|
- "8080:8080"
|
||||||
|
{% endif %}
|
||||||
deploy:
|
deploy:
|
||||||
mode: replicated
|
mode: replicated
|
||||||
replicas: {{ conductor_replicas }}
|
replicas: {{ conductor_replicas }}
|
||||||
#endpoint_mode: dnsrr
|
{% if (cluster_replacement is defined and cluster_replacement) or (cluster_check is defined and cluster_check) %}
|
||||||
|
endpoint_mode: dnsrr
|
||||||
|
{% endif %}
|
||||||
placement:
|
placement:
|
||||||
constraints: [node.role == worker]
|
constraints: [node.role == worker]
|
||||||
restart_policy:
|
restart_policy:
|
||||||
|
@ -33,12 +40,19 @@ services:
|
||||||
image: nubisware/conductor-ui
|
image: nubisware/conductor-ui
|
||||||
networks:
|
networks:
|
||||||
- {{ conductor_network }}
|
- {{ conductor_network }}
|
||||||
|
{% if (cluster_replacement is defined and cluster_replacement) or (cluster_check is defined and cluster_check) %}
|
||||||
|
- {{ haproxy_docker_overlay_network }}
|
||||||
|
{% endif %}
|
||||||
|
{% if (cluster_replacement is not defined or not cluster_replacement) or (cluster_check is not defined or not cluster_check) %}
|
||||||
ports:
|
ports:
|
||||||
- "5000:5000"
|
- "5000:5000"
|
||||||
|
{% endif %}
|
||||||
deploy:
|
deploy:
|
||||||
mode: replicated
|
mode: replicated
|
||||||
replicas: {{ conductor_replicas }}
|
replicas: {{ conductor_replicas }}
|
||||||
#endpoint_mode: dnsrr
|
{% if (cluster_replacement is defined and cluster_replacement) or (cluster_check is defined and cluster_check) %}
|
||||||
|
endpoint_mode: dnsrr
|
||||||
|
{% endif %}
|
||||||
placement:
|
placement:
|
||||||
constraints: [node.role == worker]
|
constraints: [node.role == worker]
|
||||||
restart_policy:
|
restart_policy:
|
||||||
|
@ -49,6 +63,10 @@ services:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
{{ conductor_network }}:
|
{{ conductor_network }}:
|
||||||
|
{% if (cluster_replacement is defined and cluster_replacement) or (cluster_check is defined and cluster_check) %}
|
||||||
|
{{ haproxy_docker_overlay_network }}:
|
||||||
|
external: True
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
swarm-config:
|
swarm-config:
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- common
|
||||||
|
- elasticsearch
|
||||||
|
- dynomite
|
||||||
|
tasks:
|
||||||
|
- name: Start dynomite and es
|
||||||
|
docker_stack:
|
||||||
|
name: conductor
|
||||||
|
state: present
|
||||||
|
compose:
|
||||||
|
- "{{ target_path }}/dynomite-swarm.yaml"
|
||||||
|
- "{{ target_path }}/elasticsearch-swarm.yaml"
|
||||||
|
|
||||||
|
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- common
|
||||||
|
- cluster-replacement
|
||||||
|
- conductor
|
||||||
|
tasks:
|
||||||
|
- name: Start conductor
|
||||||
|
docker_stack:
|
||||||
|
name: conductor
|
||||||
|
state: present
|
||||||
|
compose:
|
||||||
|
- "{{ target_path }}/conductor-swarm.yaml"
|
||||||
|
- "{{ target_path }}/haproxy-swarm.yaml"
|
Loading…
Reference in New Issue