From f47584920505b9eee490ec40b78c7641fdf2f8ef Mon Sep 17 00:00:00 2001 From: ralphte Date: Sat, 6 Nov 2021 10:43:45 -0400 Subject: [PATCH 1/3] Added ENV support --- defaults/main.yml | 1 + tasks/1_setup.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 2f88cfd..3cd6d1a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,6 +38,7 @@ traefik_ports: - '80:80' - '443:443' traefik_labels: {} +traefik_env: # traefik_confkey_global: {} # traefik_confkey_serversTransport: {} diff --git a/tasks/1_setup.yml b/tasks/1_setup.yml index 26df5ba..0688eb3 100644 --- a/tasks/1_setup.yml +++ b/tasks/1_setup.yml @@ -39,6 +39,7 @@ published_ports: '{{ traefik_ports }}' volumes: '{{ traefik_volumes + traefik_add_volumes }}' labels: '{{ traefik_labels }}' + env: '{{ traefik_env }}' command: - '--configFile=/etc/traefik/traefik.yml' networks: From 169f3d30d09700fc3dd83b00f66c90c3fff9fc9e Mon Sep 17 00:00:00 2001 From: Ralph May Date: Wed, 10 Nov 2021 10:43:38 -0500 Subject: [PATCH 2/3] updates --- .travis.yml | 34 ------- CHANGELOG.md | 42 -------- CONTRIBUTING.md | 47 --------- LICENSE | 21 ---- README.md | 178 ---------------------------------- defaults/main.yml | 75 ++++++-------- handlers/main.yml | 4 +- meta/main.yml | 19 +--- molecule/default/molecule.yml | 26 ----- molecule/default/playbook.yml | 15 --- tasks/0_config.yml | 54 ----------- tasks/1_setup.yml | 56 +++++------ tasks/main.yml | 6 +- templates/kibana.yml.j2 | 124 +++++++++++++++++++++++ vars/main.yml | 63 +----------- 15 files changed, 183 insertions(+), 581 deletions(-) delete mode 100644 .travis.yml delete mode 100644 CHANGELOG.md delete mode 100644 CONTRIBUTING.md delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 molecule/default/molecule.yml delete mode 100644 molecule/default/playbook.yml delete mode 100644 tasks/0_config.yml create mode 100644 templates/kibana.yml.j2 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index cbc9d8c..0000000 --- a/.travis.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: traefik - matrix: - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian9 - - MOLECULE_DISTRO: debian10 - -install: - - pip install molecule docker - - git clone https://github.com/arillso/tests molecule/default/lint - -before_script: - - cd ../ - - mv ansible.$ROLE_NAME arillso.$ROLE_NAME - - cd arillso.$ROLE_NAME - -script: - - molecule test - -notifications: - webhooks: - urls: - - https://galaxy.ansible.com/api/v1/notifications/ - on_success: always - email: - on_success: never - on_failure: always diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index a5d1056..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,42 +0,0 @@ -# Changelog - -This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) -and [human-readable changelog](https://keepachangelog.com/en/1.0.0/). - -## [Unreleased] - -### Changed - -- Adaptation of the task names -- Syntax adapted to standard -- Conversion of the traefik ocnfig dir variable from `traefik_host_vol` to `traefik_dir` - -## [1.0.2] - 2020-05-31 - -### Fixed - -- recursive variable definition -- traefik volumes - -## [1.0.1] - 2020-05-30 - -### Added - -- Compatibility for [sbaerlocher/ansible.traefik](https://github.com/sbaerlocher/ansible.traefik) - -### Changed - -- no `set_fact` step for service generation anymore -- using `networks_cli_compatible` for service generation - -### Fixed - -- Certresolver config key is left undefined if no resolver is defined - -## 1.0.0 - -- initial release - -[unreleased]: https://github.com/arillso/ansible.traefik/compare/1.0.2...HEAD -[1.0.2]: https://github.com/arillso/ansible.traefik/compare/1.0.1...1.0.2 -[1.0.1]: https://github.com/arillso/ansible.traefik/compare/1.0.0...1.0.1 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index e6fbaa2..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,47 +0,0 @@ -# Contribution Guidelines - -👍🎉 First off, thanks for taking the time to contribute! 🎉👍 - -## Code of Conduct - -Examples of behavior that contributes to creating a positive environment include: - -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members - -Examples of unacceptable behavior by participants include: - -* The use of sexualized language or imagery and unwelcome sexual attention or advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a professional setting - -## How to Contribute - -### Reporting Bugs -To report bugs, please open an issue containing: - -* Clear description of the problem -* Messages, log entries etc. -* Example configuration to reproduce the issue - -### Suggesting Enhancements -To suggest an enhancement, open an issue containing: - -* Clear description of the feature you are suggesting - -### Contribute Code - -Follow these steps to contribute code: - -1. Open an issue describing what you want to change (follow one of the previous - chapters). -2. Create a fork and implement your changes -3. Open a pull request to `develop` - -Before submitting the Pull request, make sure to add a description of your -changes to the changelog. diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 7ca873c..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2020 arillso - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md deleted file mode 100644 index 673bb05..0000000 --- a/README.md +++ /dev/null @@ -1,178 +0,0 @@ -# Ansible Role: traefik - -[![Build Status](https://img.shields.io/travis/arillso/ansible.traefik.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.traefik) -[![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-traefik-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/traefik) -[![Ansible Role](https://img.shields.io/ansible/role/d/48963.svg?style=popout-square)](https://galaxy.ansible.com/arillso/traefik) - - - -- [Description](#description) -- [Installation](#installation) -- [Requirements](#requirements) -- [Role Variables](#role-variables) - - [In-Depth Configuration](#in-depth-configuration) -- [Compatibility with sbaerlocher/ansible.traefik](#compatibility-with-sbaerlocheransibletraefik) - - [Variables which need manual action](#variables-which-need-manual-action) - - [`traefik_configuration_file`](#traefikconfigurationfile) - - [`traefik_api`](#traefikapi) - - [`traefik_ping`](#traefikping) - - - -## Description - -[Traefik](https://docs.traefik.io/v2.0) is a reverse proxy written in Go. -It can be used in multiple situations with many providers (Kubernetes, Swarm, -...). Version 2 is also capable of TCP routing. - -This role sets up traefik on a host as reverse proxy and load balancer. This -allows you, to use one server as a host for multiple dockerized applications. - -> **Note:** This role allows you to use one (1) server as a host for many -> applications. Depending on your usecase, this might not be what you are -> looking for. For services that need to be highly-available, consider using -> Kubernetes or other systems and setup traefik there. - -## Installation - -```bash -ansible-galaxy install arillso.traefik -``` - -## Requirements - -- Docker - -## Role Variables - -Traefik v2.0 onwards supports yaml configuration. This role uses this to generate -the configuration directly from the given ansible variables. -There are certain quick-setup variables, which allow you to setup a simple -instance, but there is also the option to fully configure every key yourself. -The quick-setup allows you to: - -- Setup a lets-encrypt based certificate resolver -- Setup standard entrypoints -- Setup standard Docker provider - -The quick-setup variables are prefixed with `traefik_qs_`. - -| Name | Default | Description | -| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -| `traefik_dir` | `/etc/traefik` | where to store traefik data | -| `traefik_hostname` | `"{{ inventory_hostname }}"` | the hostname of this instance | -| `traefik_network` | `traefik_proxy` | the name of the generated network | -| `traefik_qs_send_anonymous_usage` | `false` | wether to send anonymous usage | -| `traefik_qs_https` | `false` | wether to setup a https endpoint | -| `traefik_qs_https_redirect` | `false` | wether to setup a redirection to https | -| `traefik_qs_https_le` | `false` | wether to setup letsencrypt using tls (only if https is enabled) | -| `traefik_qs_https_le_mail` | undefined | the email to use for letsencrypt (**Required**) | -| `traefik_qs_log_level` | `ERROR` | the loglevel to apply | -| `traefik_container_name` | `'traefik'` | the container name | -| `traefik_network_name` | `'traefik_proxy'` | the network name | -| `traefik_network_ipam_subnet` | `'172.16.1.0/24'` | subnet | -| `traefik_network_ipam_gateway` | `'172.16.1.1'` | gateway | -| `traefik_network_ipam_iprange` | `'172.16.1.0/24'` | iprange | -| `traefik_image` | `'traefik'` | the image used | -| `traefik_add_volumes` | `[]` | additional volumes to mount | -| `traefik_ports` | `['80:80', '443:443']` | the ports shared | -| `traefik_labels` | `{}` | labels to set on the traefik container. | - -The default names of the generated configs are: - -- Entrypoints: - - `http` - - `https` -- Providers: - - `docker` -- Certificate Resolvers: - - `letsencrypt` - -### In-Depth Configuration - -As stated before, this role also allows you to configure traefik in-depth by -using the traefik yaml config. The following variables can be used: - -| Name | Default | Description | -| :-------------------------------------- | :-------- | ------------------------------------------------------------------------------ | -| `traefik_confkey_global` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/file/) | -| `traefik_confkey_serversTransport` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/cli-ref/) | -| `traefik_confkey_entryPoints` | undefined | [see Docs 📑](https://docs.traefik.io/routing/entrypoints/#entrypoints) | -| `traefik_confkey_providers` | undefined | [see Docs 📑](https://docs.traefik.io/routing/providers/docker/) | -| `traefik_confkey_api` | undefined | [see Docs 📑](https://docs.traefik.io/operations/api/) | -| `traefik_confkey_metrics` | undefined | [see Docs 📑](https://docs.traefik.io/observability/metrics/overview/) | -| `traefik_confkey_ping` | undefined | [see Docs 📑](https://docs.traefik.io/operations/ping/) | -| `traefik_confkey_log` | undefined | [see Docs 📑](https://docs.traefik.io/observability/logs/) | -| `traefik_confkey_accessLog` | undefined | [see Docs 📑](https://docs.traefik.io/observability/access-logs/) | -| `traefik_confkey_tracing` | undefined | [see Docs 📑](https://docs.traefik.io/observability/tracing/overview/) | -| `traefik_confkey_hostResolver` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/file/) | -| `traefik_confkey_certificatesResolvers` | undefined | [see Docs 📑](https://docs.traefik.io/https/acme/#certificate-resolvers) | - -These keys are merged into the configuration **after** the quick-setup config using -the [`combine()`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries) -filter in non recursive mode. This allows you to add configuration options as -you need them. If you want to overwrite the quick-setup items, use their key -(as specified above). - -## Compatibility with sbaerlocher/ansible.traefik - -This role is intended as a continuation of the -[sbaerlocher/ansible.traefik](https://github.com/sbaerlocher/ansible.traefik) -role for traefik v2. Most of the variables set for said role will continue -to work in this role, except for three special cases, where you **must** -recreate a custom configuration using the `_confkey_` variables. -These are explained in the following sections. - -### Variables which need manual action - -#### `traefik_configuration_file` - -Using the `traefik_configuration_file` has no influence on your installation. -The configuration of Traefik has changed with the introduction of v2 and is not -backwards compatible. Use the [Traefik docs](https://docs.traefik.io/reference/static-configuration/file/) -to recreate your custom configuration using the `_confkey_` variables. - -#### `traefik_api` - -The way API is defined in Traefik v2 allows you, to use [several diffrent -configurations](https://docs.traefik.io/operations/api/). For the sake of -simplicity, we dropped the automatic generation of an api config, as it not -simply mergeable with a custom config and could lead to unforseen side effects. - -To setup a simple, insecure api on container port `8080`, use the following -config (**Note**: this example is insecure, please consider securing your api -for use in production): - -```yaml -traefik_confkey_api: - insecure: true - dashboard: true # use this for enabling the dashboard -traefik_ports: - - '80:80' - - '443:443' - - '8080:8080' -``` - -This will automatically configure an [entrypoint on port `8080`](https://docs.traefik.io/operations/api/). - -#### `traefik_ping` - -Similar to the api definition, the ping definition allows custom configuration -over multiple diffrent configuration keys, making an automatically generated -config unfeasable. - -Follow the [Traefik config docs about ping](https://docs.traefik.io/operations/ping/) -to find the configuration you want to apply. As an Example, take a look at this -config, which will expose the ping endpoint on port `8082`: - -```yaml -traefik_confkey_entryPoints: - ping: - address: ':8082' -traefik_confkey_ping: - entryPoint: 'ping' -traefik_ports: - - '80:80' - - '443:443' - - '8082:8082' -``` diff --git a/defaults/main.yml b/defaults/main.yml index 3cd6d1a..b2393e8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,54 +1,35 @@ --- # defaults file # Setup vars -traefik_dir: /etc/traefik -traefik_hostname: "{{ inventory_hostname }}" -traefik_network: traefik_proxy +kibana_dir: /etc/elastic +kibana_hostname: 'kibana' +kibana_network: 'kibana' +kibana_version: '7.12.0' -# quicksetup vars -traefik_qs_send_anonymous_usage: "{{ - traefik_sendanonymoususage - | default(false) -}}" -traefik_qs_https: "{{ traefik_https | default(false) }}" -traefik_qs_https_redirect: "{{ traefik_https_redirect | default(false) }}" -traefik_qs_https_le: false -traefik_qs_log_level: "{{ traefik_log_level | default('ERROR') }}" +# service vars +kibana_container_name: 'kibana' +kibana_network_name: "{{ kibana_network }}" +kibana_image: 'docker.elastic.co/kibana/kibana:{{ kibana_version }}' +kibana_add_volumes: [] +kibana_ports: [] +kibana_labels: {} +kibana_env: {} +kibana_log_options: + max-size: "100m" + max-file: "3" +kibana_index: '.kibana' +kibana_server_name: 'kibana' +kibana_server_host: '0.0.0.0' +kibana_server_port: 5601 +kibana_xpack_encryptionkey: -# service vars -traefik_container_name: 'traefik' -traefik_network_name: "{{ traefik_network }}" -traefik_network_ipam_temp: "{{ traefik_network_ipam | default({}) }}" -traefik_network_ipam_subnet: "{{ - traefik_network_ipam_temp.subnet - | default('172.16.1.0/24') -}}" -traefik_network_ipam_gateway: "{{ - traefik_network_ipam_temp.gateway - | default('172.16.1.1') -}}" -traefik_network_ipam_iprange: "{{ - traefik_network_ipam_temp.iprange - | default('172.16.1.0/24') -}}" -traefik_image: 'traefik' -traefik_add_volumes: [] -traefik_ports: - - '80:80' - - '443:443' -traefik_labels: {} -traefik_env: +kibana_username: +kibana_password: +kibana_server_basepath: +kibana_server_baseurl: + +kibana_elasticsearch_hosts: '"http://127.0.0.1:9200"' -# traefik_confkey_global: {} -# traefik_confkey_serversTransport: {} -# traefik_confkey_entryPoints: {} -# traefik_confkey_providers: {} -# traefik_confkey_api: {} -# traefik_confkey_metrics: {} -# traefik_confkey_ping: {} -# traefik_confkey_log: {} -# traefik_confkey_accessLog: {} -# traefik_confkey_tracing: {} -# traefik_confkey_hostResolver: {} -# traefik_confkey_certificatesResolvers: {} +kibana_user: '1000' +kibana_group: '0' \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index 9ed952b..29ff204 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart traefik container +- name: restart kibana container docker_container: - name: "{{ traefik_container_name }}" + name: "{{ kibana_container_name }}" restart: true diff --git a/meta/main.yml b/meta/main.yml index becfeae..e356dbd 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,19 +1,12 @@ --- galaxy_info: - role_name: traefik - author: Matthias Leutenegger - description: Role to deploy traefik. + role_name: kibana-docker + author: Ralph May + description: Role to deploy Kibana in Docker. # company: license: MIT min_ansible_version: 2.8 platforms: - - name: EL - versions: - - 6 - - 7 - - name: Fedora - versions: - - 29 - name: Ubuntu versions: - bionic @@ -23,13 +16,9 @@ galaxy_info: - jessie - stretch - buster - # - name: Windows - # versions: - # - all galaxy_tags: - - traefik - - reverseproxy + - kibana - docker dependencies: [] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index ba4dd79..0000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . -platforms: - - name: instance - image: 'geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest' - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - lint: - name: ansible-lint -# playbooks: -# converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index b496b91..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Converge - hosts: all - # roles: - # - role: arillso.traefik - pre_tasks: - # - name: install docker-py - # package: - # name: docker - # state: present - # - name: add docker group - # group: - # name: docker - # state: present - vars: {} diff --git a/tasks/0_config.yml b/tasks/0_config.yml deleted file mode 100644 index 6b0c609..0000000 --- a/tasks/0_config.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -- name: "config : generate https entrypoint config" - set_fact: - traefik_int_conf_entryPoints: "{{ - traefik_int_conf_entryPoints | - combine(traefik_int_conf_entryPoints_https) - }}" - when: traefik_qs_https - -- name: "config : generate https redirect config" - set_fact: - traefik_int_conf_entryPoints: "{{ traefik_int_conf_entryPoints | - combine(traefik_int_conf_entryPoints_https_redirect, recursive=True) }}" - when: traefik_qs_https and traefik_qs_https_redirect - - -- name: "config : generate neutral certresolver" - set_fact: - traefik_conf_certificatesResolvers: "{{ - traefik_int_conf_certificatesResolvers_le - }}" - when: traefik_qs_https and traefik_qs_https_le - -- name: "config : generate neutral certresolver" - set_fact: - traefik_conf_certificatesResolvers: "{{ - traefik_conf_certificatesResolvers | default({}) - | combine(traefik_confkey_certificatesResolvers) - }}" - when: traefik_confkey_certificatesResolvers is defined - - -- name: "config : generate static config" - set_fact: - traefik_static_config: - global: "{{ traefik_conf_global }}" - serversTransport: "{{ - traefik_confkey_serversTransport - | default(omit) - }}" - entryPoints: "{{ traefik_conf_entryPoints }}" - providers: "{{ traefik_conf_providers }}" - api: "{{ traefik_confkey_api | default(omit) }}" - metrics: "{{ traefik_confkey_metrics | default(omit) }}" - ping: "{{ traefik_confkey_ping | default(omit) }}" - log: "{{ traefik_conf_log }}" - accessLog: "{{ traefik_confkey_accessLog | default(omit) }}" - tracing: "{{ traefik_confkey_tracing | default(omit) }}" - hostResolver: "{{ traefik_confkey_hostResolver | default(omit) }}" - certificatesResolvers: "{{ - traefik_conf_certificatesResolvers - | default(omit) - }}" diff --git a/tasks/1_setup.yml b/tasks/1_setup.yml index 0688eb3..bfca8bc 100644 --- a/tasks/1_setup.yml +++ b/tasks/1_setup.yml @@ -1,47 +1,35 @@ --- -- name: 'setup : create traefik directory' +- name: 'setup : create kibana directory' become: true file: path: '{{ item }}' state: directory - owner: root - group: docker - mode: 0550 + owner: "{{ kibana_user }}" + group: "{{ kibana_group }}" + mode: 0770 with_items: - - '{{ traefik_dir }}' + - '{{ kibana_dir }}' -- name: 'setup : create traefik configuration' - become: true - copy: - dest: '{{ traefik_dir }}/traefik.yml' - owner: root - group: docker - mode: 0550 - content: '{{ traefik_static_config | to_nice_yaml }}' +- name: 'setup : create kibana configuration' + template: + src: "kibana.yml.j2" + dest: "{{ kibana_dir }}/kibana.yml" + owner: "{{ kibana_user }}" + group: "{{ kibana_group }}" + mode: 770 notify: - - restart traefik container - -- name: 'setup : create traefik network' - become: true - docker_network: - name: '{{ traefik_network_name }}' - ipam_config: - - subnet: '{{ traefik_network_ipam_subnet }}' - gateway: '{{ traefik_network_ipam_gateway }}' - iprange: '{{ traefik_network_ipam_iprange }}' + - restart kibana container -- name: 'setup : start traefik container' +- name: 'setup : start kibana container' become: true docker_container: - name: '{{ traefik_container_name }}' - image: '{{ traefik_image }}' + name: '{{ kibana_container_name }}' + image: '{{ kibana_image }}' restart_policy: unless-stopped - published_ports: '{{ traefik_ports }}' - volumes: '{{ traefik_volumes + traefik_add_volumes }}' - labels: '{{ traefik_labels }}' - env: '{{ traefik_env }}' - command: - - '--configFile=/etc/traefik/traefik.yml' + published_ports: '{{ kibana_ports }}' + volumes: '{{ kibana_volumes + kibana_add_volumes }}' + labels: '{{ kibana_labels }}' + env: '{{ kibana_env }}' + log_options: '{{ kibana_log_options }}' networks: - - name: '{{ traefik_network_name }}' - networks_cli_compatible: true + - name: '{{ kibana_network_name }}' diff --git a/tasks/main.yml b/tasks/main.yml index 31aee3b..ff38804 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,3 @@ --- - -- name: generate config - include_tasks: 0_config.yml - -- name: setup traefik +- name: setup kibana include_tasks: 1_setup.yml diff --git a/templates/kibana.yml.j2 b/templates/kibana.yml.j2 new file mode 100644 index 0000000..67b379d --- /dev/null +++ b/templates/kibana.yml.j2 @@ -0,0 +1,124 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: "{{ kibana_server_port }}" + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: "{{ kibana_server_host }}" + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +{% if kibana_server_basepath != None %} +server.basePath: "{{ kibana_server_basepath }}" +{% endif %} + +server.publicBaseUrl: "{{ kibana_server_baseurl }}" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +server.name: "{{ kibana_server_name }}" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: [{{ kibana_elasticsearch_hosts }}] + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +#elasticsearch.preserveHost: true + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +kibana.index: "{{ kibana_index }}" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +{% if elasticsearch_password != None %} +elasticsearch.username: "{{ kibana_username }}" +elasticsearch.password: "{{ kibana_password }}" +{% endif %} + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of Kibana to Elasticsearch and are required when +# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +# elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +elasticsearch.ssl.verificationMode: none + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +elasticsearch.requestTimeout: 90000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +#elasticsearch.startupTimeout: 5000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +#i18n.locale: "en" +{% if kibana_xpack_encryptionkey != None %} +xpack.security.enabled: true +xpack.reporting.encryptionKey: "{{ kibana_xpack_encryptionkey }}" +xpack.security.encryptionKey: "{{ kibana_xpack_encryptionkey }}" +xpack.encryptedSavedObjects.encryptionKey: "{{ kibana_xpack_encryptionkey }}" +{% endif %} \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index d0d8f5d..cb5f65a 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,63 +1,4 @@ --- -traefik_int_conf_global: - sendAnonymousUsage: "{{ traefik_qs_send_anonymous_usage }}" - -traefik_int_conf_entryPoints: - http: - address: :80 - -traefik_int_conf_entryPoints_https: - https: - address: :443 - -traefik_int_conf_entryPoints_https_redirect: - http: - http: - redirections: - entryPoint: - to: https - scheme: https - -traefik_int_conf_providers: - docker: {} - -traefik_int_conf_log: - level: "{{ traefik_qs_log_level }}" - - -traefik_int_conf_certificatesResolvers_le: - letsencrypt: - acme: - email: "{{ traefik_qs_https_le_mail }}" - tlsChallenge: {} - storage: /letsencrypt/acme.json - - -traefik_conf_global: "{{ - traefik_int_conf_global | combine(traefik_confkey_global | default({})) -}}" -traefik_conf_entryPoints: "{{ - traefik_int_conf_entryPoints - | combine(traefik_confkey_entryPoints - | default({})) -}}" -traefik_conf_providers: "{{ - traefik_int_conf_providers | combine(traefik_confkey_providers | default({})) -}}" -traefik_conf_log: "{{ - traefik_int_conf_log | combine(traefik_confkey_log | default({})) -}}" -# traefik_conf_certificatesResolvers: "{{ -# traefik_int_conf_certificatesResolvers -# | combine(traefik_confkey_certificatesResolvers -# | default({}) -# ) -# }}" - - -traefik_volumes: +kibana_volumes: - /etc/localtime:/etc/localtime:ro - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "{{ traefik_dir }}/traefik.yml:/etc/traefik/traefik.yml" - - "{{ traefik_dir }}/letsencrypt/:/letsencrypt/:rw" - - traefik-data:/etc/traefik + - "{{ kibana_dir }}/kibana.yml:/usr/share/kibana/config/kibana.yml:ro" \ No newline at end of file From 852a54b9532379b54058b919c333b067bbdd499d Mon Sep 17 00:00:00 2001 From: Ralph May Date: Thu, 11 Nov 2021 07:17:31 -0500 Subject: [PATCH 3/3] Reverting to f475849 --- .travis.yml | 34 +++++++ CHANGELOG.md | 42 ++++++++ CONTRIBUTING.md | 47 +++++++++ LICENSE | 21 ++++ README.md | 178 ++++++++++++++++++++++++++++++++++ defaults/main.yml | 75 ++++++++------ handlers/main.yml | 4 +- meta/main.yml | 19 +++- molecule/default/molecule.yml | 26 +++++ molecule/default/playbook.yml | 15 +++ tasks/0_config.yml | 54 +++++++++++ tasks/1_setup.yml | 56 ++++++----- tasks/main.yml | 6 +- vars/main.yml | 63 +++++++++++- 14 files changed, 581 insertions(+), 59 deletions(-) create mode 100644 .travis.yml create mode 100644 CHANGELOG.md create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 README.md create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml create mode 100644 tasks/0_config.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..cbc9d8c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,34 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: traefik + matrix: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian9 + - MOLECULE_DISTRO: debian10 + +install: + - pip install molecule docker + - git clone https://github.com/arillso/tests molecule/default/lint + +before_script: + - cd ../ + - mv ansible.$ROLE_NAME arillso.$ROLE_NAME + - cd arillso.$ROLE_NAME + +script: + - molecule test + +notifications: + webhooks: + urls: + - https://galaxy.ansible.com/api/v1/notifications/ + on_success: always + email: + on_success: never + on_failure: always diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..a5d1056 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,42 @@ +# Changelog + +This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +and [human-readable changelog](https://keepachangelog.com/en/1.0.0/). + +## [Unreleased] + +### Changed + +- Adaptation of the task names +- Syntax adapted to standard +- Conversion of the traefik ocnfig dir variable from `traefik_host_vol` to `traefik_dir` + +## [1.0.2] - 2020-05-31 + +### Fixed + +- recursive variable definition +- traefik volumes + +## [1.0.1] - 2020-05-30 + +### Added + +- Compatibility for [sbaerlocher/ansible.traefik](https://github.com/sbaerlocher/ansible.traefik) + +### Changed + +- no `set_fact` step for service generation anymore +- using `networks_cli_compatible` for service generation + +### Fixed + +- Certresolver config key is left undefined if no resolver is defined + +## 1.0.0 + +- initial release + +[unreleased]: https://github.com/arillso/ansible.traefik/compare/1.0.2...HEAD +[1.0.2]: https://github.com/arillso/ansible.traefik/compare/1.0.1...1.0.2 +[1.0.1]: https://github.com/arillso/ansible.traefik/compare/1.0.0...1.0.1 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..e6fbaa2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,47 @@ +# Contribution Guidelines + +👍🎉 First off, thanks for taking the time to contribute! 🎉👍 + +## Code of Conduct + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## How to Contribute + +### Reporting Bugs +To report bugs, please open an issue containing: + +* Clear description of the problem +* Messages, log entries etc. +* Example configuration to reproduce the issue + +### Suggesting Enhancements +To suggest an enhancement, open an issue containing: + +* Clear description of the feature you are suggesting + +### Contribute Code + +Follow these steps to contribute code: + +1. Open an issue describing what you want to change (follow one of the previous + chapters). +2. Create a fork and implement your changes +3. Open a pull request to `develop` + +Before submitting the Pull request, make sure to add a description of your +changes to the changelog. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7ca873c --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 arillso + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..673bb05 --- /dev/null +++ b/README.md @@ -0,0 +1,178 @@ +# Ansible Role: traefik + +[![Build Status](https://img.shields.io/travis/arillso/ansible.traefik.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.traefik) +[![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-traefik-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/traefik) +[![Ansible Role](https://img.shields.io/ansible/role/d/48963.svg?style=popout-square)](https://galaxy.ansible.com/arillso/traefik) + + + +- [Description](#description) +- [Installation](#installation) +- [Requirements](#requirements) +- [Role Variables](#role-variables) + - [In-Depth Configuration](#in-depth-configuration) +- [Compatibility with sbaerlocher/ansible.traefik](#compatibility-with-sbaerlocheransibletraefik) + - [Variables which need manual action](#variables-which-need-manual-action) + - [`traefik_configuration_file`](#traefikconfigurationfile) + - [`traefik_api`](#traefikapi) + - [`traefik_ping`](#traefikping) + + + +## Description + +[Traefik](https://docs.traefik.io/v2.0) is a reverse proxy written in Go. +It can be used in multiple situations with many providers (Kubernetes, Swarm, +...). Version 2 is also capable of TCP routing. + +This role sets up traefik on a host as reverse proxy and load balancer. This +allows you, to use one server as a host for multiple dockerized applications. + +> **Note:** This role allows you to use one (1) server as a host for many +> applications. Depending on your usecase, this might not be what you are +> looking for. For services that need to be highly-available, consider using +> Kubernetes or other systems and setup traefik there. + +## Installation + +```bash +ansible-galaxy install arillso.traefik +``` + +## Requirements + +- Docker + +## Role Variables + +Traefik v2.0 onwards supports yaml configuration. This role uses this to generate +the configuration directly from the given ansible variables. +There are certain quick-setup variables, which allow you to setup a simple +instance, but there is also the option to fully configure every key yourself. +The quick-setup allows you to: + +- Setup a lets-encrypt based certificate resolver +- Setup standard entrypoints +- Setup standard Docker provider + +The quick-setup variables are prefixed with `traefik_qs_`. + +| Name | Default | Description | +| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | +| `traefik_dir` | `/etc/traefik` | where to store traefik data | +| `traefik_hostname` | `"{{ inventory_hostname }}"` | the hostname of this instance | +| `traefik_network` | `traefik_proxy` | the name of the generated network | +| `traefik_qs_send_anonymous_usage` | `false` | wether to send anonymous usage | +| `traefik_qs_https` | `false` | wether to setup a https endpoint | +| `traefik_qs_https_redirect` | `false` | wether to setup a redirection to https | +| `traefik_qs_https_le` | `false` | wether to setup letsencrypt using tls (only if https is enabled) | +| `traefik_qs_https_le_mail` | undefined | the email to use for letsencrypt (**Required**) | +| `traefik_qs_log_level` | `ERROR` | the loglevel to apply | +| `traefik_container_name` | `'traefik'` | the container name | +| `traefik_network_name` | `'traefik_proxy'` | the network name | +| `traefik_network_ipam_subnet` | `'172.16.1.0/24'` | subnet | +| `traefik_network_ipam_gateway` | `'172.16.1.1'` | gateway | +| `traefik_network_ipam_iprange` | `'172.16.1.0/24'` | iprange | +| `traefik_image` | `'traefik'` | the image used | +| `traefik_add_volumes` | `[]` | additional volumes to mount | +| `traefik_ports` | `['80:80', '443:443']` | the ports shared | +| `traefik_labels` | `{}` | labels to set on the traefik container. | + +The default names of the generated configs are: + +- Entrypoints: + - `http` + - `https` +- Providers: + - `docker` +- Certificate Resolvers: + - `letsencrypt` + +### In-Depth Configuration + +As stated before, this role also allows you to configure traefik in-depth by +using the traefik yaml config. The following variables can be used: + +| Name | Default | Description | +| :-------------------------------------- | :-------- | ------------------------------------------------------------------------------ | +| `traefik_confkey_global` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/file/) | +| `traefik_confkey_serversTransport` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/cli-ref/) | +| `traefik_confkey_entryPoints` | undefined | [see Docs 📑](https://docs.traefik.io/routing/entrypoints/#entrypoints) | +| `traefik_confkey_providers` | undefined | [see Docs 📑](https://docs.traefik.io/routing/providers/docker/) | +| `traefik_confkey_api` | undefined | [see Docs 📑](https://docs.traefik.io/operations/api/) | +| `traefik_confkey_metrics` | undefined | [see Docs 📑](https://docs.traefik.io/observability/metrics/overview/) | +| `traefik_confkey_ping` | undefined | [see Docs 📑](https://docs.traefik.io/operations/ping/) | +| `traefik_confkey_log` | undefined | [see Docs 📑](https://docs.traefik.io/observability/logs/) | +| `traefik_confkey_accessLog` | undefined | [see Docs 📑](https://docs.traefik.io/observability/access-logs/) | +| `traefik_confkey_tracing` | undefined | [see Docs 📑](https://docs.traefik.io/observability/tracing/overview/) | +| `traefik_confkey_hostResolver` | undefined | [see Docs 📑](https://docs.traefik.io/reference/static-configuration/file/) | +| `traefik_confkey_certificatesResolvers` | undefined | [see Docs 📑](https://docs.traefik.io/https/acme/#certificate-resolvers) | + +These keys are merged into the configuration **after** the quick-setup config using +the [`combine()`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries) +filter in non recursive mode. This allows you to add configuration options as +you need them. If you want to overwrite the quick-setup items, use their key +(as specified above). + +## Compatibility with sbaerlocher/ansible.traefik + +This role is intended as a continuation of the +[sbaerlocher/ansible.traefik](https://github.com/sbaerlocher/ansible.traefik) +role for traefik v2. Most of the variables set for said role will continue +to work in this role, except for three special cases, where you **must** +recreate a custom configuration using the `_confkey_` variables. +These are explained in the following sections. + +### Variables which need manual action + +#### `traefik_configuration_file` + +Using the `traefik_configuration_file` has no influence on your installation. +The configuration of Traefik has changed with the introduction of v2 and is not +backwards compatible. Use the [Traefik docs](https://docs.traefik.io/reference/static-configuration/file/) +to recreate your custom configuration using the `_confkey_` variables. + +#### `traefik_api` + +The way API is defined in Traefik v2 allows you, to use [several diffrent +configurations](https://docs.traefik.io/operations/api/). For the sake of +simplicity, we dropped the automatic generation of an api config, as it not +simply mergeable with a custom config and could lead to unforseen side effects. + +To setup a simple, insecure api on container port `8080`, use the following +config (**Note**: this example is insecure, please consider securing your api +for use in production): + +```yaml +traefik_confkey_api: + insecure: true + dashboard: true # use this for enabling the dashboard +traefik_ports: + - '80:80' + - '443:443' + - '8080:8080' +``` + +This will automatically configure an [entrypoint on port `8080`](https://docs.traefik.io/operations/api/). + +#### `traefik_ping` + +Similar to the api definition, the ping definition allows custom configuration +over multiple diffrent configuration keys, making an automatically generated +config unfeasable. + +Follow the [Traefik config docs about ping](https://docs.traefik.io/operations/ping/) +to find the configuration you want to apply. As an Example, take a look at this +config, which will expose the ping endpoint on port `8082`: + +```yaml +traefik_confkey_entryPoints: + ping: + address: ':8082' +traefik_confkey_ping: + entryPoint: 'ping' +traefik_ports: + - '80:80' + - '443:443' + - '8082:8082' +``` diff --git a/defaults/main.yml b/defaults/main.yml index b2393e8..3cd6d1a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,35 +1,54 @@ --- # defaults file # Setup vars -kibana_dir: /etc/elastic -kibana_hostname: 'kibana' -kibana_network: 'kibana' -kibana_version: '7.12.0' +traefik_dir: /etc/traefik +traefik_hostname: "{{ inventory_hostname }}" +traefik_network: traefik_proxy -# service vars -kibana_container_name: 'kibana' -kibana_network_name: "{{ kibana_network }}" -kibana_image: 'docker.elastic.co/kibana/kibana:{{ kibana_version }}' -kibana_add_volumes: [] -kibana_ports: [] -kibana_labels: {} -kibana_env: {} -kibana_log_options: - max-size: "100m" - max-file: "3" - -kibana_index: '.kibana' -kibana_server_name: 'kibana' -kibana_server_host: '0.0.0.0' -kibana_server_port: 5601 -kibana_xpack_encryptionkey: +# quicksetup vars +traefik_qs_send_anonymous_usage: "{{ + traefik_sendanonymoususage + | default(false) +}}" +traefik_qs_https: "{{ traefik_https | default(false) }}" +traefik_qs_https_redirect: "{{ traefik_https_redirect | default(false) }}" +traefik_qs_https_le: false +traefik_qs_log_level: "{{ traefik_log_level | default('ERROR') }}" -kibana_username: -kibana_password: -kibana_server_basepath: -kibana_server_baseurl: -kibana_elasticsearch_hosts: '"http://127.0.0.1:9200"' +# service vars +traefik_container_name: 'traefik' +traefik_network_name: "{{ traefik_network }}" +traefik_network_ipam_temp: "{{ traefik_network_ipam | default({}) }}" +traefik_network_ipam_subnet: "{{ + traefik_network_ipam_temp.subnet + | default('172.16.1.0/24') +}}" +traefik_network_ipam_gateway: "{{ + traefik_network_ipam_temp.gateway + | default('172.16.1.1') +}}" +traefik_network_ipam_iprange: "{{ + traefik_network_ipam_temp.iprange + | default('172.16.1.0/24') +}}" +traefik_image: 'traefik' +traefik_add_volumes: [] +traefik_ports: + - '80:80' + - '443:443' +traefik_labels: {} +traefik_env: -kibana_user: '1000' -kibana_group: '0' \ No newline at end of file +# traefik_confkey_global: {} +# traefik_confkey_serversTransport: {} +# traefik_confkey_entryPoints: {} +# traefik_confkey_providers: {} +# traefik_confkey_api: {} +# traefik_confkey_metrics: {} +# traefik_confkey_ping: {} +# traefik_confkey_log: {} +# traefik_confkey_accessLog: {} +# traefik_confkey_tracing: {} +# traefik_confkey_hostResolver: {} +# traefik_confkey_certificatesResolvers: {} diff --git a/handlers/main.yml b/handlers/main.yml index 29ff204..9ed952b 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart kibana container +- name: restart traefik container docker_container: - name: "{{ kibana_container_name }}" + name: "{{ traefik_container_name }}" restart: true diff --git a/meta/main.yml b/meta/main.yml index e356dbd..becfeae 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,12 +1,19 @@ --- galaxy_info: - role_name: kibana-docker - author: Ralph May - description: Role to deploy Kibana in Docker. + role_name: traefik + author: Matthias Leutenegger + description: Role to deploy traefik. # company: license: MIT min_ansible_version: 2.8 platforms: + - name: EL + versions: + - 6 + - 7 + - name: Fedora + versions: + - 29 - name: Ubuntu versions: - bionic @@ -16,9 +23,13 @@ galaxy_info: - jessie - stretch - buster + # - name: Windows + # versions: + # - all galaxy_tags: - - kibana + - traefik + - reverseproxy - docker dependencies: [] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..ba4dd79 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,26 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . +platforms: + - name: instance + image: 'geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest' + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint +# playbooks: +# converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..b496b91 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,15 @@ +--- +- name: Converge + hosts: all + # roles: + # - role: arillso.traefik + pre_tasks: + # - name: install docker-py + # package: + # name: docker + # state: present + # - name: add docker group + # group: + # name: docker + # state: present + vars: {} diff --git a/tasks/0_config.yml b/tasks/0_config.yml new file mode 100644 index 0000000..6b0c609 --- /dev/null +++ b/tasks/0_config.yml @@ -0,0 +1,54 @@ +--- + +- name: "config : generate https entrypoint config" + set_fact: + traefik_int_conf_entryPoints: "{{ + traefik_int_conf_entryPoints | + combine(traefik_int_conf_entryPoints_https) + }}" + when: traefik_qs_https + +- name: "config : generate https redirect config" + set_fact: + traefik_int_conf_entryPoints: "{{ traefik_int_conf_entryPoints | + combine(traefik_int_conf_entryPoints_https_redirect, recursive=True) }}" + when: traefik_qs_https and traefik_qs_https_redirect + + +- name: "config : generate neutral certresolver" + set_fact: + traefik_conf_certificatesResolvers: "{{ + traefik_int_conf_certificatesResolvers_le + }}" + when: traefik_qs_https and traefik_qs_https_le + +- name: "config : generate neutral certresolver" + set_fact: + traefik_conf_certificatesResolvers: "{{ + traefik_conf_certificatesResolvers | default({}) + | combine(traefik_confkey_certificatesResolvers) + }}" + when: traefik_confkey_certificatesResolvers is defined + + +- name: "config : generate static config" + set_fact: + traefik_static_config: + global: "{{ traefik_conf_global }}" + serversTransport: "{{ + traefik_confkey_serversTransport + | default(omit) + }}" + entryPoints: "{{ traefik_conf_entryPoints }}" + providers: "{{ traefik_conf_providers }}" + api: "{{ traefik_confkey_api | default(omit) }}" + metrics: "{{ traefik_confkey_metrics | default(omit) }}" + ping: "{{ traefik_confkey_ping | default(omit) }}" + log: "{{ traefik_conf_log }}" + accessLog: "{{ traefik_confkey_accessLog | default(omit) }}" + tracing: "{{ traefik_confkey_tracing | default(omit) }}" + hostResolver: "{{ traefik_confkey_hostResolver | default(omit) }}" + certificatesResolvers: "{{ + traefik_conf_certificatesResolvers + | default(omit) + }}" diff --git a/tasks/1_setup.yml b/tasks/1_setup.yml index bfca8bc..0688eb3 100644 --- a/tasks/1_setup.yml +++ b/tasks/1_setup.yml @@ -1,35 +1,47 @@ --- -- name: 'setup : create kibana directory' +- name: 'setup : create traefik directory' become: true file: path: '{{ item }}' state: directory - owner: "{{ kibana_user }}" - group: "{{ kibana_group }}" - mode: 0770 + owner: root + group: docker + mode: 0550 with_items: - - '{{ kibana_dir }}' + - '{{ traefik_dir }}' -- name: 'setup : create kibana configuration' - template: - src: "kibana.yml.j2" - dest: "{{ kibana_dir }}/kibana.yml" - owner: "{{ kibana_user }}" - group: "{{ kibana_group }}" - mode: 770 +- name: 'setup : create traefik configuration' + become: true + copy: + dest: '{{ traefik_dir }}/traefik.yml' + owner: root + group: docker + mode: 0550 + content: '{{ traefik_static_config | to_nice_yaml }}' notify: - - restart kibana container + - restart traefik container + +- name: 'setup : create traefik network' + become: true + docker_network: + name: '{{ traefik_network_name }}' + ipam_config: + - subnet: '{{ traefik_network_ipam_subnet }}' + gateway: '{{ traefik_network_ipam_gateway }}' + iprange: '{{ traefik_network_ipam_iprange }}' -- name: 'setup : start kibana container' +- name: 'setup : start traefik container' become: true docker_container: - name: '{{ kibana_container_name }}' - image: '{{ kibana_image }}' + name: '{{ traefik_container_name }}' + image: '{{ traefik_image }}' restart_policy: unless-stopped - published_ports: '{{ kibana_ports }}' - volumes: '{{ kibana_volumes + kibana_add_volumes }}' - labels: '{{ kibana_labels }}' - env: '{{ kibana_env }}' - log_options: '{{ kibana_log_options }}' + published_ports: '{{ traefik_ports }}' + volumes: '{{ traefik_volumes + traefik_add_volumes }}' + labels: '{{ traefik_labels }}' + env: '{{ traefik_env }}' + command: + - '--configFile=/etc/traefik/traefik.yml' networks: - - name: '{{ kibana_network_name }}' + - name: '{{ traefik_network_name }}' + networks_cli_compatible: true diff --git a/tasks/main.yml b/tasks/main.yml index ff38804..31aee3b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,7 @@ --- -- name: setup kibana + +- name: generate config + include_tasks: 0_config.yml + +- name: setup traefik include_tasks: 1_setup.yml diff --git a/vars/main.yml b/vars/main.yml index cb5f65a..d0d8f5d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,4 +1,63 @@ --- -kibana_volumes: +traefik_int_conf_global: + sendAnonymousUsage: "{{ traefik_qs_send_anonymous_usage }}" + +traefik_int_conf_entryPoints: + http: + address: :80 + +traefik_int_conf_entryPoints_https: + https: + address: :443 + +traefik_int_conf_entryPoints_https_redirect: + http: + http: + redirections: + entryPoint: + to: https + scheme: https + +traefik_int_conf_providers: + docker: {} + +traefik_int_conf_log: + level: "{{ traefik_qs_log_level }}" + + +traefik_int_conf_certificatesResolvers_le: + letsencrypt: + acme: + email: "{{ traefik_qs_https_le_mail }}" + tlsChallenge: {} + storage: /letsencrypt/acme.json + + +traefik_conf_global: "{{ + traefik_int_conf_global | combine(traefik_confkey_global | default({})) +}}" +traefik_conf_entryPoints: "{{ + traefik_int_conf_entryPoints + | combine(traefik_confkey_entryPoints + | default({})) +}}" +traefik_conf_providers: "{{ + traefik_int_conf_providers | combine(traefik_confkey_providers | default({})) +}}" +traefik_conf_log: "{{ + traefik_int_conf_log | combine(traefik_confkey_log | default({})) +}}" +# traefik_conf_certificatesResolvers: "{{ +# traefik_int_conf_certificatesResolvers +# | combine(traefik_confkey_certificatesResolvers +# | default({}) +# ) +# }}" + + +traefik_volumes: - /etc/localtime:/etc/localtime:ro - - "{{ kibana_dir }}/kibana.yml:/usr/share/kibana/config/kibana.yml:ro" \ No newline at end of file + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "{{ traefik_dir }}/traefik.yml:/etc/traefik/traefik.yml" + - "{{ traefik_dir }}/letsencrypt/:/letsencrypt/:rw" + - traefik-data:/etc/traefik