diff --git a/.gitignore b/.gitignore index 2d2d9919..1267ca16 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,5 @@ tests/spec/*/*runtime_spec.rb contrib-plugins/* vault-security.yaml terraform/*/.terraform +roles/coreos_bootstrap +roles/coreos_timezone diff --git a/group_vars/all b/group_vars/all index 23acf257..5a4efaf3 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,6 +1,4 @@ mesos_cluster_name: "Cluster01" -haproxy_username: "admin" -haproxy_password: "admin" zookeeper_client_port: "2181" zookeeper_server_group: zookeeper_servers zookeeper_peers_nodes: " diff --git a/group_vars/mesos_slaves b/group_vars/mesos_slaves index a32b9dd2..64632cd1 100644 --- a/group_vars/mesos_slaves +++ b/group_vars/mesos_slaves @@ -19,10 +19,3 @@ datadog_checks: default_timeout: 10 instances: - url: "http://{{ ansible_default_ipv4.address }}:5051" - haproxy: - init_config: - default_timeout: 10 - instances: - - url: "http://{{ ansible_default_ipv4.address }}:9000/haproxy_stats" - username: "{{ haproxy_username }}" - password: "{{ haproxy_password }}" diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index d50d5eed..a7306882 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -1,19 +1,12 @@ --- # handlers file for consul -# @todo - handle restarts properly (choose one approach here) -- name: restart consul - service: - name: consul - state: restarted - sudo: yes - notify: - - wait for consul to listen - - name: wait for consul to listen wait_for: host: "{{ consul_bind_addr }}" port: 8500 -- name: restart consul systemd +- name: restart consul sudo: yes command: systemctl restart consul + notify: + - wait for consul to listen diff --git a/roles/consul/meta/main.yml b/roles/consul/meta/main.yml index e3bee6cd..b60459ee 100644 --- a/roles/consul/meta/main.yml +++ b/roles/consul/meta/main.yml @@ -120,7 +120,8 @@ galaxy_info: #- packaging - system #- web -dependencies: [] +dependencies: + - role: handlers # List your role dependencies here, one per line. Only # dependencies available via galaxy should be listed here. # Be sure to remove the '[]' above if you add dependencies diff --git a/roles/consul/tasks/config.yml b/roles/consul/tasks/config.yml index 740a2f96..0d3bbf60 100644 --- a/roles/consul/tasks/config.yml +++ b/roles/consul/tasks/config.yml @@ -20,3 +20,22 @@ - restart consul tags: - consul + +- name: deploy consul service + sudo: yes + sudo_user: root + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - src: consul.service.j2 + dest: /etc/systemd/system/consul.service + - src: dnsmasq.service.j2 + dest: /etc/systemd/system/dnsmasq.service + - src: consul-discovery.service.j2 + dest: /etc/systemd/system/consul-discovery.service + notify: + - reload systemd + - restart consul + tags: + - consul diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index 792dd674..b09b7b24 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -1,22 +1,6 @@ --- - include: config.yml -- name: deploy consul service - sudo: yes - sudo_user: root - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - src: consul.service.j2 - dest: /etc/systemd/system/consul.service - - src: consul-discovery.service.j2 - dest: /etc/systemd/system/consul-discovery.service - notify: - - restart consul systemd - tags: - - consul - - name: enable consul sudo: yes service: @@ -24,10 +8,17 @@ enabled: yes state: started notify: - - restart consul systemd + - restart consul tags: - consul +- name: enable dnsmasq + sudo: yes + service: + name: dnsmasq + enabled: yes + state: started + #- name: enable consul-discovery # sudo: yes # service: diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index 6a5110ed..2ac7a54a 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -11,6 +11,15 @@ {% if inventory_hostname in groups[consul_servers_group] %} "server": true, "bootstrap_expect": {{ consul_bootstrap_expect }}, + "dns_config": { + "allow_stale": false + }, +{% else %} + "leave_on_terminate": true, + "dns_config": { + "allow_stale": true, + "max_stale": "1s" + }, {% endif %} {% if consul_atlas_join|bool %} "atlas_join": true, diff --git a/roles/consul/templates/consul.service.j2 b/roles/consul/templates/consul.service.j2 index 6e92d676..40dbd4c0 100644 --- a/roles/consul/templates/consul.service.j2 +++ b/roles/consul/templates/consul.service.j2 @@ -27,13 +27,10 @@ ExecStart=/usr/bin/bash -c "/usr/bin/docker run --rm --name consul \ -p 8302:8302/udp \ -p 8400:8400 \ -p 8500:8500 \ --p 53:8600/udp \ +-p 8600:8600/udp \ {{ consul_image }}" -ExecStartPost=/usr/bin/bash -c 'sleep 1; echo -e "[Resolve]\nDNS=$(docker inspect --format \'{% raw %}{{ .NetworkSettings.IPAddress }}{% endraw %}\' consul)" > /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' - ExecStop=/usr/bin/docker stop consul -ExecStopPost=/usr/bin/bash -c 'rm /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' [Install] WantedBy=multi-user.target diff --git a/roles/consul/templates/dnsmasq.service.j2 b/roles/consul/templates/dnsmasq.service.j2 new file mode 100644 index 00000000..f1fd67e7 --- /dev/null +++ b/roles/consul/templates/dnsmasq.service.j2 @@ -0,0 +1,31 @@ +[Unit] +Description=Dnsmasq +PartOf=consul.service +Requires=docker.service +After=consul.service +After=docker.service + +[Service] +EnvironmentFile=/etc/environment +Restart=on-failure +ExecStartPre=/usr/bin/mkdir -p /etc/systemd/resolved.conf.d +ExecStartPre=-/bin/sh -c 'rm /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' +ExecStartPre=-/usr/bin/docker kill dnsmasq +ExecStartPre=-/usr/bin/docker rm dnsmasq +ExecStartPre=/usr/bin/docker pull andyshinn/dnsmasq +ExecStart=/bin/sh -c '/usr/bin/docker run --rm \ + --name dnsmasq \ + --net=host \ + --cap-add=NET_ADMIN \ + --env SERVICE_IGNORE=true \ + andyshinn/dnsmasq -S /consul/${COREOS_PRIVATE_IPV4}#8600' + +ExecStartPost=/bin/sh -c '\ + echo -e "[Resolve]\nDNS=${COREOS_PRIVATE_IPV4}" > /etc/systemd/resolved.conf.d/00-consul-dns.conf && \ + systemctl restart systemd-resolved;' + +ExecStop=/usr/bin/docker stop dnsmasq +ExecStopPost=/bin/sh -c 'rm /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' + +[Install] +WantedBy=multi-user.target diff --git a/roles/handlers/handlers/main.yml b/roles/handlers/handlers/main.yml index cc028bec..87e4602b 100644 --- a/roles/handlers/handlers/main.yml +++ b/roles/handlers/handlers/main.yml @@ -1,3 +1,7 @@ +- name: reload systemd + sudo: yes + command: systemctl daemon-reload + - name: restart consul service: name: consul diff --git a/roles/haproxy/README.md b/roles/haproxy/README.md deleted file mode 100644 index 2e37cc59..00000000 --- a/roles/haproxy/README.md +++ /dev/null @@ -1 +0,0 @@ -This uses the container from [https://github.com/CiscoCloud/haproxy-consul](https://github.com/CiscoCloud/haproxy-consul) diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml deleted file mode 100644 index 0656f4a5..00000000 --- a/roles/haproxy/defaults/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# defaults file for haproxy -haproxy_image: asteris/haproxy-consul -haproxy_image_tag: latest - -# Set the domain that haproxy uses to match URLs to internal apps. -# For example, if all your apps will be -# app1.example.com, app2.example.com, etc. set this to 'example.com' -haproxy_domain: example.com - -haproxy_rebuild_container: False - -consul_template_dir: /mnt/consul-template.d -consul_template_loglevel: debug -consul_backend: consul.service.consul:8500 -consul_template_version: 0.10.0 diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg deleted file mode 100644 index de2cac52..00000000 --- a/roles/haproxy/files/haproxy.cfg +++ /dev/null @@ -1,5 +0,0 @@ -template { - source = "/templates/haproxy.tmpl" - destination = "/haproxy/haproxy.cfg" - command = "/usr/sbin/haproxy -D -p /var/run/haproxy.pid -f /haproxy/haproxy.cfg -sf $(cat /var/run/haproxy.pid) || true" -} diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml deleted file mode 100644 index 5ba1b00f..00000000 --- a/roles/haproxy/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for haproxy diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml deleted file mode 100644 index 0b4acfdb..00000000 --- a/roles/haproxy/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# tasks file for haproxy -- name: "assures {{ consul_template_dir }} dirs exists" - sudo: yes - file: - path: "{{ consul_template_dir }}/{{ item.path }}" - state: directory - with_items: - - { path: 'config' } - - { path: 'templates' } - tags: - - haproxy - -- name: upload template config files - template: - src: "{{ item.src }}" - dest: "{{ consul_template_dir }}/{{ item.dst }}" - mode: 0644 - sudo: yes - with_items: - - { src: haproxy.tmpl.j2, dst: 'templates/haproxy.tmpl' } - - { src: consul.cfg.j2, dst: 'config/consul.cfg' } - tags: - - haproxy - -- name: upload static config files - copy: - src: "{{ item.src }}" - dest: "{{ consul_template_dir }}/{{ item.dst }}" - mode: 0644 - sudo: yes - with_items: - - { src: haproxy.cfg, dst: 'config/haproxy.cfg' } - tags: - - haproxy - -- name: destroy old haproxy container - when: haproxy_rebuild_container - docker: - name: haproxy - image: "{{ haproxy_image }}" - state: absent - -- name: run haproxy container - docker: - name: haproxy - image: "{{ haproxy_image }}" - state: started - net: host - restart_policy: always - ports: - - "80:80" - - "34180:34180" - env: - HAPROXY_DOMAIN: "{{ haproxy_domain }}" - CONSUL_TEMPLATE_VERSION: "{{ consul_template_version }}" - CONSUL_LOGLEVEL: "{{ consul_template_loglevel }}" - CONSUL_CONNECT: "{{ consul_backend }}" - CONSUL_CONFIG: "/config" - SERVICE_NAME: haproxy - volumes: - - "{{ consul_template_dir }}/config:/config" - - "{{ consul_template_dir }}/templates:/templates" - tags: - - haproxy diff --git a/roles/haproxy/templates/consul.cfg.j2 b/roles/haproxy/templates/consul.cfg.j2 deleted file mode 100644 index 5d721ed9..00000000 --- a/roles/haproxy/templates/consul.cfg.j2 +++ /dev/null @@ -1,2 +0,0 @@ -consul = "{{ consul_backend }}" -log_level = "{{ consul_template_loglevel }}" diff --git a/roles/haproxy/templates/haproxy.tmpl.j2 b/roles/haproxy/templates/haproxy.tmpl.j2 deleted file mode 100644 index 1bf3f703..00000000 --- a/roles/haproxy/templates/haproxy.tmpl.j2 +++ /dev/null @@ -1,47 +0,0 @@ -{% raw %} -global - maxconn {{or (key "service/haproxy/maxconn") 256}} - debug - -defaults - mode http - timeout connect {{or (key "service/haproxy/timeouts/connect") "5000ms"}} - timeout client {{or (key "service/haproxy/timeouts/client") "50000ms"}} - timeout server {{or (key "service/haproxy/timeouts/server") "50000ms"}} - -# https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/ -listen stats :9000 - mode http - stats enable - stats hide-version - stats realm Haproxy\ Statistics - stats uri /haproxy_stats -{% endraw %} - stats auth {{ haproxy_username }}:{{ haproxy_password }} - -{% raw %} -# frontend used to return health status without requiring SSL -frontend haproxy_status - bind 0.0.0.0:34180 # 34180 means EALTH ;) - # create a status URI in /haproxy_status that will return - # a 200 is backend is healthy, and 503 if it isn't. This - # URI is queried by the ELB. - acl backend_dead nbsrv(consul_backend) lt 1 - monitor-uri /haproxy_status - monitor fail if backend_dead - -frontend www - bind *:80 - - # Generated automatically by consul-template -{{range services}} - acl host_{{.Name}} hdr(host) -i {{.Name}}.{{env "HAPROXY_DOMAIN"}} - use_backend {{.Name}}_backend if host_{{.Name}} -{{end}} - -{{range services}} -backend {{.Name}}_backend -{{range service .Name}} - server {{.Node}} {{.Address}}:{{.Port}}{{end}} -{{end}} -{% endraw %} diff --git a/roles/haproxy/vars/main.yml b/roles/haproxy/vars/main.yml deleted file mode 100644 index 9cf54644..00000000 --- a/roles/haproxy/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for haproxy diff --git a/roles/marathon/defaults/main.yml b/roles/marathon/defaults/main.yml index 8f19b5d1..58413139 100644 --- a/roles/marathon/defaults/main.yml +++ b/roles/marathon/defaults/main.yml @@ -16,4 +16,4 @@ marathon_rebuild_container: False marathon_image: "mesosphere/marathon:v{{ marathon_version }}" marathon_master_peers: "zk://{{ zookeeper_peers_nodes }}/mesos" marathon_zk_peers: "zk://{{ zookeeper_peers_nodes }}/marathon" -marathon_command: "--artifact_store {{ marathon_artifact_store }} --hostname {{ marathon_hostname }} --master {{ marathon_master_peers }} --zk {{ marathon_zk_peers }}" +marathon_command: "--event_subscriber http_callback --artifact_store {{ marathon_artifact_store }} --hostname {{ marathon_hostname }} --master {{ marathon_master_peers }} --zk {{ marathon_zk_peers }}" diff --git a/roles/marathon/tasks/main.yml b/roles/marathon/tasks/main.yml index fcea50b3..c2a97e39 100644 --- a/roles/marathon/tasks/main.yml +++ b/roles/marathon/tasks/main.yml @@ -31,10 +31,12 @@ tags: - marathon -#- name: Set marathon consul service definition -# sudo: yes -# template: -# src: marathon-consul.j2 -# dest: "{{ marathon_consul_dir }}/marathon.json" -# notify: -# - restart consul +- name: Set marathon consul service definition + sudo: yes + template: + src: marathon-consul.j2 + dest: "{{ marathon_consul_dir }}/marathon.json" + notify: + - restart consul + tags: + - marathon diff --git a/roles/mesos/tasks/master.yml b/roles/mesos/tasks/master.yml index 1647b079..5389e71e 100644 --- a/roles/mesos/tasks/master.yml +++ b/roles/mesos/tasks/master.yml @@ -14,7 +14,7 @@ sudo_user: root template: src: mesos-master.service.j2 - dest: "/etc/systemd/system/mesos-master.service" + dest: /etc/systemd/system/mesos-master.service notify: - restart mesos master tags: diff --git a/roles/mesos/tasks/slave.yml b/roles/mesos/tasks/slave.yml index 27b113e6..88469c12 100644 --- a/roles/mesos/tasks/slave.yml +++ b/roles/mesos/tasks/slave.yml @@ -14,7 +14,7 @@ sudo_user: root template: src: mesos-slave.service.j2 - dest: "/etc/systemd/system/mesos-slave.service" + dest: /etc/systemd/system/mesos-slave.service notify: - restart mesos slave tags: diff --git a/roles/registrator/defaults/main.yml b/roles/registrator/defaults/main.yml deleted file mode 100644 index 4066bf28..00000000 --- a/roles/registrator/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# defaults file for registrator -registrator_image: "gliderlabs/registrator:master" -registrator_uri: "consul://{{ ansible_default_ipv4.address }}:8500" -registrator_rebuild_container: False -registrator_docker_socket: "/var/run/weave/weave.sock" diff --git a/roles/registrator/handlers/main.yml b/roles/registrator/handlers/main.yml deleted file mode 100644 index 8b137891..00000000 --- a/roles/registrator/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/roles/registrator/meta/main.yml b/roles/registrator/meta/main.yml deleted file mode 100644 index 32838ad9..00000000 --- a/roles/registrator/meta/main.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -galaxy_info: - author: Alberto Garcia - description: - company: Capgemini - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (MIT) - min_ansible_version: 1.2 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # - platforms: - #- name: EL - # versions: - # - all - # - 5 - # - 6 - # - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: SmartOS - # versions: - # - all - # - any - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: Amazon - # versions: - # - all - # - 2013.03 - # - 2013.09 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 - - name: Ubuntu - versions: - # - all - # - lucid - # - maverick - # - natty - # - oneiric - # - precise - # - quantal - # - raring - # - saucy - - trusty - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any - #- name: Debian - # versions: - # - all - # - etch - # - lenny - # - squeeze - # - wheezy - # - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # - categories: - - cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax - #- clustering - #- database - #- database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - - system - #- web -dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. diff --git a/roles/registrator/tasks/main.yml b/roles/registrator/tasks/main.yml deleted file mode 100644 index 6d02fd0a..00000000 --- a/roles/registrator/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: wait for weave socket to be ready. - wait_for: - port: 6783 - delay: 10 - -- name: destroy old marathon container - when: registrator_rebuild_container|bool - docker: - name: registrator - image: "{{ registrator_image }}" - state: absent - -# tasks file for docker registrator -- name: run registrator container - docker: - name: registrator - image: "{{ registrator_image }}" - state: started - restart_policy: always - net: host - command: "-internal -resync=10 {{ registrator_uri }}" - volumes: - - "{{ registrator_docker_socket }}:/tmp/docker.sock" - environment: proxy_env - tags: - - registrator diff --git a/roles/registrator/vars/main.yml b/roles/registrator/vars/main.yml deleted file mode 100644 index 940368af..00000000 --- a/roles/registrator/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for registrator diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml new file mode 100644 index 00000000..d187a6d4 --- /dev/null +++ b/roles/traefik/defaults/main.yml @@ -0,0 +1,10 @@ +--- +traefik_marathon_endpoint: http://marathon.service.consul:8080 +traefik_marathon_domain: marathon.localhost +traefik_version: v1.0.alpha.341 +traefik_image: "emilevauge/traefik:{{ traefik_version }}" +traefik_config_dir: /etc/traefik +traefik_frontend_port: 80 +traefik_webui_port: 8888 +traefik_log_level: DEBUG +traefik_consul_dir: /etc/consul.d diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml new file mode 100644 index 00000000..947f2e69 --- /dev/null +++ b/roles/traefik/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: restart traefik + sudo: yes + command: systemctl restart traefik diff --git a/roles/haproxy/meta/main.yml b/roles/traefik/meta/main.yml similarity index 95% rename from roles/haproxy/meta/main.yml rename to roles/traefik/meta/main.yml index 32838ad9..b60459ee 100644 --- a/roles/haproxy/meta/main.yml +++ b/roles/traefik/meta/main.yml @@ -1,6 +1,6 @@ --- galaxy_info: - author: Alberto Garcia + author: Graham Taylor description: company: Capgemini # Some suggested licenses: @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + # - trusty #- name: SLES # versions: # - all @@ -120,7 +120,8 @@ galaxy_info: #- packaging - system #- web -dependencies: [] +dependencies: + - role: handlers # List your role dependencies here, one per line. Only # dependencies available via galaxy should be listed here. # Be sure to remove the '[]' above if you add dependencies diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml new file mode 100644 index 00000000..a4413821 --- /dev/null +++ b/roles/traefik/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: create traefik config directory + sudo: yes + file: + path: "{{ traefik_config_dir }}" + state: directory + mode: 0755 + tags: + - traefik + +- name: configure traefik + sudo: yes + template: + src: traefik.toml.j2 + dest: "{{ traefik_config_dir }}/traefik.toml" + mode: 0644 + backup: yes + tags: + - traefik + +- name: deploy traefik service + sudo: yes + template: + src: traefik.service.j2 + dest: /etc/systemd/system/traefik.service + notify: + - restart traefik + tags: + - traefik + +- name: enable traefik + sudo: yes + service: + name: traefik + state: started + enabled: yes + tags: + - traefik + +- name: Set traefik consul service definition + sudo: yes + template: + src: traefik-consul.json.j2 + dest: "{{ traefik_consul_dir }}/traefik.json" + notify: + - restart consul + tags: + - traefik diff --git a/roles/traefik/templates/traefik-consul.json.j2 b/roles/traefik/templates/traefik-consul.json.j2 new file mode 100644 index 00000000..872b411b --- /dev/null +++ b/roles/traefik/templates/traefik-consul.json.j2 @@ -0,0 +1,10 @@ +{ + "service": { + "name": "traefik", + "tags": [ "http" ], + "port": {{ traefik_frontend_port }}, + "check": { + "script": "curl --silent --show-error --fail --dump-header /dev/stderr --retry 2 --connect-timeout 5 --max-time 5 http://localhost:{{ traefik_frontend_port }}/" + } + } +} diff --git a/roles/traefik/templates/traefik.service.j2 b/roles/traefik/templates/traefik.service.j2 new file mode 100644 index 00000000..767d5e46 --- /dev/null +++ b/roles/traefik/templates/traefik.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Traefik +Requires=docker.service +After=docker.service +After=consul.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +EnvironmentFile=-/etc/environment +ExecStartPre=-/usr/bin/docker kill traefik +ExecStartPre=-/usr/bin/docker rm traefik +ExecStartPre=/usr/bin/docker pull {{ traefik_image }} +ExecStart=/usr/bin/docker run --rm --name traefik \ +-v {{ traefik_config_dir }}/traefik.toml:/traefik.toml \ +-p {{ traefik_webui_port }}:{{ traefik_webui_port }} \ +-p {{ traefik_frontend_port }}:{{ traefik_frontend_port }} \ +{{ traefik_image }} + +ExecStop=/usr/bin/docker stop traefik + +[Install] +WantedBy=multi-user.target diff --git a/roles/traefik/templates/traefik.toml.j2 b/roles/traefik/templates/traefik.toml.j2 new file mode 100644 index 00000000..b1d50064 --- /dev/null +++ b/roles/traefik/templates/traefik.toml.j2 @@ -0,0 +1,12 @@ +port = ":{{ traefik_frontend_port }}" +graceTimeOut = 10 +logLevel = "{{ traefik_log_level }}" + +[web] +address = ":{{ traefik_webui_port }}" + +[marathon] +endpoint = "{{ traefik_marathon_endpoint }}" +domain = "{{ traefik_marathon_domain }}" +watch = true +networkInterface = "eth0" diff --git a/site.yml b/site.yml index 289a1665..ae9a1dbf 100644 --- a/site.yml +++ b/site.yml @@ -28,7 +28,6 @@ - hosts: all:!role=bastion roles: - - registrator - { role: cadvisor, when: cadvisor_enabled|bool } - { role: prometheus, when: prometheus_enabled|bool } environment: @@ -50,7 +49,7 @@ - hosts: load_balancers roles: - - { role: haproxy, tags: ["haproxy"] } + - { role: traefik, tags: ["traefik"] } environment: DOCKER_HOST: "{{ docker_host }}" diff --git a/tests/spec/dnsmasq/dnsmasq_spec.rb b/tests/spec/dnsmasq/dnsmasq_spec.rb deleted file mode 100644 index 6501f1f2..00000000 --- a/tests/spec/dnsmasq/dnsmasq_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -require 'spec_helper' - -describe service('dnsmasq') do - it { should be_running } -end - -describe file('/etc/dnsmasq.d/10-consul') do - it { should be_file } - it { should contain 'server=/consul/.*#8600' } -end - -describe docker_container('dnsmasq') do - it { should be_running } - # it { should have_volume('/etc/dnsmasq.d','/etc/dnsmasq.d') } -end - -describe port(53) do - it { should be_listening } -end - -# Containers should be able to reach each other -# via dnsmasq resolving through consul-dns. -describe command("docker exec cadvisor ping -c 3 marathon") do - its(:exit_status) { should eq 0 } -end diff --git a/tests/spec/haproxy/haproxy_spec.rb b/tests/spec/haproxy/haproxy_spec.rb deleted file mode 100644 index 26a10887..00000000 --- a/tests/spec/haproxy/haproxy_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'spec_helper' - -describe docker_container('haproxy') do - it { should be_running } -end diff --git a/tests/spec/registrator/registrator_spec.rb b/tests/spec/registrator/registrator_spec.rb deleted file mode 100644 index b35a1780..00000000 --- a/tests/spec/registrator/registrator_spec.rb +++ /dev/null @@ -1,6 +0,0 @@ -require 'spec_helper' - -describe docker_container('registrator') do - it { should be_running } - # it { should have_volume('/tmp/docker.sock','/var/run/docker.sock') } -end diff --git a/tests/spec/traefik/traefik_spec.rb b/tests/spec/traefik/traefik_spec.rb new file mode 100644 index 00000000..af3f88c0 --- /dev/null +++ b/tests/spec/traefik/traefik_spec.rb @@ -0,0 +1,9 @@ +require 'spec_helper' + +describe docker_container('traefik') do + it { should be_running } +end + +describe port(80) do + it { should be_listening } +end