From 8667f236fd32386b76811d0aa970c35becbae9a9 Mon Sep 17 00:00:00 2001 From: John Giannelos Date: Wed, 21 Sep 2016 17:34:15 +0300 Subject: [PATCH] Improve admin services discoverability. * Setup haproxy as reverse proxy to admin services * Use an alternative port for jenkins (was port 80) * Backend services * marathon * chronos * jenkins * uchiwa --- roles/admin/files/haproxy.ctmpl | 58 ++++++++ roles/admin/handlers/main.yml | 11 ++ roles/admin/tasks/main.yml | 128 ++++++++++++++++++ .../admin/templates/consul_template_config.j2 | 7 + .../templates/consul_template_upstart.j2 | 15 ++ roles/admin/vars/main.yml | 3 + roles/jenkins/tasks/main.yml | 2 +- roles/jenkins/templates/consul.json.j2 | 4 +- 8 files changed, 225 insertions(+), 3 deletions(-) create mode 100644 roles/admin/files/haproxy.ctmpl create mode 100644 roles/admin/handlers/main.yml create mode 100644 roles/admin/tasks/main.yml create mode 100644 roles/admin/templates/consul_template_config.j2 create mode 100644 roles/admin/templates/consul_template_upstart.j2 create mode 100644 roles/admin/vars/main.yml diff --git a/roles/admin/files/haproxy.ctmpl b/roles/admin/files/haproxy.ctmpl new file mode 100644 index 0000000..d9c8f9c --- /dev/null +++ b/roles/admin/files/haproxy.ctmpl @@ -0,0 +1,58 @@ +{{- define "SERVICES_FQDN" -}} + ops.mozilla.community +{{- end -}} + +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + maxconn 4000 + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + monitor-uri /index.html + + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend http-in + bind *:80 + # Redirect http to https + acl is_http hdr(X-Forwarded-Proto) http + redirect scheme https code 301 if is_http + + # Services + {{- range services -}} + {{- if .Tags.Contains "admin" }} + acl {{ .Name }}-aclrule hdr(host) -i {{.Name}}.{{ template "SERVICES_FQDN" }} + use_backend {{ .Name }}-backend if {{ .Name }}-aclrule + {{ end -}} + {{ end -}} + +{{ range services -}} +{{- if .Tags.Contains "admin" }} +backend {{ .Name }}-backend + balance leastconn + option httpclose + option forwardfor + {{ range service .Name }} + server {{ .ID }} {{ .NodeAddress }}:{{ .Port }} check inter 3000 + {{- end }} +{{ end -}} +{{- end -}} diff --git a/roles/admin/handlers/main.yml b/roles/admin/handlers/main.yml new file mode 100644 index 0000000..ee2f022 --- /dev/null +++ b/roles/admin/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: restart haproxy + service: + name: haproxy + state: restarted + +- name: restart consul-template + service: + name: consul-template + state: restarted diff --git a/roles/admin/tasks/main.yml b/roles/admin/tasks/main.yml new file mode 100644 index 0000000..5924b2b --- /dev/null +++ b/roles/admin/tasks/main.yml @@ -0,0 +1,128 @@ +--- + +- name: Enable haproxy ppa + apt_repository: + repo: "ppa:vbernat/haproxy-1.5" + state: present + tags: + - haproxy + - admin + +- name: Update repository cache + apt: + update_cache: yes + cache_valid_time: 3600 + tags: + - admin + +- stat: + path: "/tmp/consul_template_{{ consul_template_version }}.zip" + register: consul_template_ver_local + tags: + - admin + - consul-template + +- name: Install unzip + apt: + name: unzip + state: present + tags: + - admin + - consul-template + +- name: Download consul-template + get_url: + url: 'https://releases.hashicorp.com/consul-template/{{ consul_template_version }}/consul-template_{{ consul_template_version}}_linux_amd64.zip' + dest: '/tmp/consul_template_{{ consul_template_version }}.zip' + owner: root + group: root + mode: 0644 + when: consul_template_ver_local.stat.exists == False + tags: + - admin + - consul-template + +- name: Unpack consul-template + unarchive: + src: '/tmp/consul_template_{{ consul_template_version }}.zip' + dest: '/usr/local/bin' + copy: no + owner: root + group: root + mode: 0755 + when: consul_template_ver_local.stat.exists == False + tags: + - admin + - consul-template + +- name: Create required directories for consul-template + file: + path: "{{ item }}" + state: directory + with_items: + - "/etc/consul-template.d/templates" + tags: + - admin + - consul-template + +- name: Install haproxy + apt: + name: "haproxy" + state: present + tags: + - admin + - haproxy + +- name: Make sure haproxy folder exists + file: + path: /var/run/haproxy + state: directory + tags: + - admin + - haproxy + +- name: Ensure haproxy starts on boot + service: + name: haproxy + enabled: yes + state: started + tags: + - admin + - haproxy + +- name: Add consul-template upstart script + template: + src: consul_template_upstart.j2 + dest: /etc/init/consul-template.conf + owner: root + group: root + mode: 0644 + tags: + - admin + - consul-template + +- name: Add consul-template configuration + template: + src: consul_template_config.j2 + dest: /etc/consul-template.d/config + owner: root + group: root + mode: 0644 + notify: + - restart consul-template + tags: + - admin + - consul-template + +- name: Add haproxy config template + copy: + src: haproxy.ctmpl + dest: /etc/consul-template.d/templates/haproxy.ctmpl + owner: root + group: root + mode: 0644 + notify: + - restart consul-template + tags: + - admin + - consul-template diff --git a/roles/admin/templates/consul_template_config.j2 b/roles/admin/templates/consul_template_config.j2 new file mode 100644 index 0000000..d1a1d04 --- /dev/null +++ b/roles/admin/templates/consul_template_config.j2 @@ -0,0 +1,7 @@ +consul = "{{ ansible_default_ipv4['address'] }}:8500" + +template { + source = "/etc/consul-template.d/templates/haproxy.ctmpl" + destination = "/etc/haproxy/haproxy.cfg" + command = "service haproxy restart" +} diff --git a/roles/admin/templates/consul_template_upstart.j2 b/roles/admin/templates/consul_template_upstart.j2 new file mode 100644 index 0000000..bbb7adf --- /dev/null +++ b/roles/admin/templates/consul_template_upstart.j2 @@ -0,0 +1,15 @@ +description "Consul-template server process" + +start on (local-filesystems and net-device-up IFACE=eth0) +stop on runlevel [!12345] + +respawn + +setuid root +setgid root + +script + . /etc/environment + export AWS_ENV + exec consul-template -config /etc/consul-template.d/config +end script diff --git a/roles/admin/vars/main.yml b/roles/admin/vars/main.yml new file mode 100644 index 0000000..9db4a8c --- /dev/null +++ b/roles/admin/vars/main.yml @@ -0,0 +1,3 @@ +--- + +consul_template_version: '0.14.0' diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml index 521d5eb..70ae724 100644 --- a/roles/jenkins/tasks/main.yml +++ b/roles/jenkins/tasks/main.yml @@ -108,7 +108,7 @@ state: reloaded pull: always ports: - - "80:8080" + - "8081:8080" - "5000:5000" volumes: - "/opt/jenkins:/var/jenkins_home" diff --git a/roles/jenkins/templates/consul.json.j2 b/roles/jenkins/templates/consul.json.j2 index 14a250c..0036ae6 100644 --- a/roles/jenkins/templates/consul.json.j2 +++ b/roles/jenkins/templates/consul.json.j2 @@ -4,13 +4,13 @@ "name": "jenkins", "id": "jenkins-{{ ec2_id }}", "tags": ["jenkins", "admin", "{{ ec2_tag_env }}"], - "port": 80, + "port": 8081, "enableTagOverride": false, "checks": [ { "id": "jenkins-{{ ec2_id }}", "name": "Jenkins on port 80", - "tcp": "{{ ansible_default_ipv4['address'] }}:80", + "http": "http://{{ ansible_default_ipv4['address'] }}:8081", "interval": "10s", "timeout": "4s" }