Merge pull request #12 from Diesel-Net/development

Make compatible with Diesel-Net/fleet
Diesel-Net · May 20, 2023 · dda0ab7 · dda0ab7
2 parents 6f39574 + d480bd3
commit dda0ab7
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 24 deletions.
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,10 +1,16 @@
 traefik_certs: []
+traefik_config: {}
 traefik_network: traefik_net
 
-# username: admin
-# password: traefik
-traefik_dashboard: yes
+
+# default username: admin
+# default password: traefik
+traefik_dashboard: no
+traefik_host: 'traefik.{{ inventory_hostname }}'
 traefik_htpasswd: admin:{SHA}qD4s5Uu+8772OqfwKwjb2n/a5MU=
 
 traefik_trusted_ips: []
 traefik_acme_resolvers: []
+
+cf_api_email: '{{ lookup("env", "CF_API_EMAIL") }}'
+cf_dns_api_token: '{{ lookup("env", "CF_DNS_API_TOKEN") }}'
diff --git a/meta/main.yaml b/meta/main.yaml
@@ -2,7 +2,7 @@ galaxy_info:
   author: Thomas Daley
   description: Traefik reusable functionality
 
-  min_ansible_version: 2.11
+  min_ansible_version: 2.14
   platforms:
     - name: Ubuntu
       versions:
@@ -20,8 +20,9 @@ dependencies:
   - name: application
     scm: git
     src: "[email protected]:Diesel-Net/ansible-role-application.git"
-    version: 2.0.0
+    version: 2.1.0
+
   - name: docker
     scm: git
     src: "[email protected]:Diesel-Net/ansible-role-docker.git"
-    version: 2.0.0
+    version: 2.0.3
diff --git a/tasks/configure.yaml b/tasks/configure.yaml
@@ -35,10 +35,15 @@
     label: "{{ item.common_name }}.key"
   when: traefik_certs is defined
 
-- name: 'Render dynamic configuration to {{ config_dir }}/dynamic/traefik.yaml'
+- name: 'Render dynamic configuration for TLS Certs to {{ config_dir }}/dynamic/certs.yaml'
   template:
-    src: traefik.yaml
-    dest: "{{ config_dir }}/dynamic/traefik.yaml"
+    src: certs.yaml
+    dest: "{{ config_dir }}/dynamic/certs.yaml"
+
+- name: 'Copy dynamic configuration from variable to {{ config_dir }}/dynamic/config.yaml'
+  copy:
+    content: '{{ traefik_config }}'
+    dest: "{{ config_dir }}/dynamic/config.yaml"
 
 - name: Allow port 80 (HTTP)
   ufw:

diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
@@ -7,12 +7,10 @@
 - include_role:
     name: docker
     tasks_from: stack_deploy
-  vars:
-    docker_compose_template: docker-compose.yaml
 
-# TODO: Look into this more, Do we still need this? Enable hot reload?
-# We are now mounting the entire config the file directory, instead of just the file, to avoid inode linking issue
-# Are we using overlay2? https://docs.docker.com/storage/storagedriver/overlayfs-driver/
-- name: Restart the service to pick up new certificates
-  shell: docker service update --force {{ repository }}_{{ version }}_proxy
-  when: traefik_certs
+# force reload
+- include_role:
+    name: docker
+    tasks_from: service_update
+  vars:
+    options: --force
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -3,3 +3,6 @@
 
 - include_role:
     name: docker
+
+- include_tasks: configure.yaml
+- include_tasks: deploy.yaml
diff --git a/templates/traefik.yaml → templates/certs.yaml b/templates/traefik.yaml → templates/certs.yaml
diff --git a/templates/docker-compose.yaml b/templates/docker-compose.yaml
@@ -4,7 +4,7 @@ services:
 
 
   proxy:
-    image: traefik:2.9.5
+    image: traefik:2.10.1
     volumes:
       - /etc/localtime:/etc/localtime
       - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
@@ -16,10 +16,10 @@ services:
       - 80:80
       - 443:443
     environment:
-      - CF_API_EMAIL={{ lookup("env", "CF_API_EMAIL") }}
-      - CF_DNS_API_TOKEN={{ lookup("env", "CF_DNS_API_TOKEN") }}
+      - 'CF_API_EMAIL={{ cf_api_email }}'
+      - 'CF_DNS_API_TOKEN={{ cf_dns_api_token }}'
     command:
-      # observability (logging)
+      # Logging
       - '--log.level=INFO'
       - '--accesslog=true'
 
@@ -91,14 +91,14 @@ services:
 {% endif %}
 
         # router rules must be defined within a single docker label
-        - traefik.http.routers.dashboard.rule=Host(`{{ host }}`)
+        - traefik.http.routers.dashboard.rule=Host(`{{ traefik_host }}`)
 
         # basic-auth middleware
         - traefik.http.middlewares.dashboard-auth.basicauth.users={{ traefik_htpasswd }}
 
         # redirect /dashboard to /dashboard/
-        - traefik.http.middlewares.dashboard-redirect.redirectregex.regex=^https://{{ host | replace('.', '\.') }}$$
-        - traefik.http.middlewares.dashboard-redirect.redirectregex.replacement=https://{{ host }}/dashboard/
+        - traefik.http.middlewares.dashboard-redirect.redirectregex.regex=^https://{{ traefik_host | replace('.', '\.') }}$$
+        - traefik.http.middlewares.dashboard-redirect.redirectregex.replacement=https://{{ traefik_host }}/dashboard/
         - traefik.http.middlewares.dashboard-redirect.redirectregex.permanent=false
 
         # assign middlewares (order matters)

diff --git a/vars/main.yaml b/vars/main.yaml
@@ -0,0 +1,2 @@
+app_name: traefik
+docker_service: proxy