Add traefik service (#45)

Relaetd to #24

Signed-off-by: Christian Berendt <[email protected]>

README.rst

@@ -23,7 +23,7 @@ Usage
 * For access to the web interfaces and API endpoints a tunnel can be created with
   ``make ENVIRONMENT=betacloud tunnel`` (https://github.com/sshuttle/sshuttle must
   be installed)
-* Add ``192.168.32.9 testbed-gx-iam.osism.test`` to your local ``/etc/hosts`` file
+* Add ``192.168.16.9 testbed-gx-iam.osism.test`` to your local ``/etc/hosts`` file
 * It is possible to customize ``testbed-gx-iam.osism.test``, for this purpose add
   ``PARAMS="-var endpoint=somehost.example.com"``
 * It is possible to import an existing floating IP adress

environments/custom/configuration.yml

@@ -1,4 +1,18 @@
 ---
-# Dummy variable to avoid error because ansible does not recognize the
-# file as a good configuration file when no variable in it.
-dummy:
+##########################
+# traefik
+
+docker_registry_traefik: index.docker.io
+
+traefik_configuration_directory: /opt/traefik/configuration
+traefik_docker_compose_directory: /opt/traefik
+
+traefik_network: 172.30.100.0/28
+traefik_container_name: traefik
+
+traefik_host: "{{ hostvars[inventory_hostname]['ansible_' + console_interface]['ipv4']['address'] }}"
+
+traefik_tag: 2.3
+traefik_image: "{{ docker_registry_traefik }}/traefik:{{ traefik_tag }}"
+
+traefik_acme_email: [email protected]

environments/custom/playbook-traefik.yml

@@ -0,0 +1,68 @@
+---
+- name: Deploy traefik service
+  hosts: testbed-manager
+  gather_facts: false
+
+  tasks:
+    - name: Gather the apt package facts
+      package_facts:
+        manager: auto
+
+    - name: Create required directories
+      become: true
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: "{{ operator_user }}"
+        group: "{{ operator_group }}"
+        mode: 0750
+      loop:
+        - "{{ traefik_configuration_directory }}"
+        - "{{ traefik_docker_compose_directory }}"
+
+    - name: Copy docker-compose.yml file
+      template:
+        src: traefik/docker-compose.yml.j2
+        dest: "{{ traefik_docker_compose_directory }}/docker-compose.yml"
+        owner: "{{ operator_user }}"
+        group: "{{ operator_group }}"
+        mode: 0640
+
+    - name: Copy servies.yml file
+      template:
+        src: traefik/services.yml.j2
+        dest: "{{ traefik_configuration_directory }}/services.yml"
+        owner: "{{ operator_user }}"
+        group: "{{ operator_group }}"
+        mode: 0640
+
+    - name: Copy traefik.yml file
+      template:
+        src: traefik/traefik.yml.j2
+        dest: "{{ traefik_configuration_directory }}/traefik.yml"
+        owner: "{{ operator_user }}"
+        group: "{{ operator_group }}"
+        mode: 0640
+
+    - name: Run service
+      docker_compose:
+        project_src: "{{ traefik_docker_compose_directory }}"
+        build: false
+        pull: true
+        remove_orphans: true
+      when: "'docker-compose' in ansible_facts.packages"
+
+    # NOTE: If docker-compose was not installed by package, the Python bindings are not available.
+    #       Therefore in this case docker-compose is called directly.
+
+    - name: Pull images
+      command: "docker-compose -f {{ traefik_docker_compose_directory }}/docker-compose.yml pull"
+      register: result
+      changed_when: ('Downloaded' in result.stdout)
+      when: "'docker-compose' not in ansible_facts.packages"
+
+    - name: Run service
+      command: "docker-compose -f {{ traefik_docker_compose_directory }}/docker-compose.yml up -d --remove-orphans --no-build"
+      register: result
+      changed_when: ('Creating' in result.stdout or 'Recreating' in result.stdout)
+      when: "'docker-compose' not in ansible_facts.packages"

environments/custom/templates/traefik/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+---
+version: '3.5'
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:2.3
+    restart: unless-stopped
+    ports:
+      - "{{ traefik_host }}:80:80"
+      - "{{ traefik_host }}:443:443"
+      - "{{ traefik_host }}:5000:5000"
+      - "{{ traefik_host }}:8170:8170"
+      - "{{ traefik_host }}:35357:35357"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /opt/traefik/configuration/traefik.yml:/etc/traefik/traefik.yml:ro
+      - /opt/traefik/configuration/services.yml:/etc/traefik/services.yml:ro
+      - acme:/etc/traefik/acme
+    labels:
+      - "traefik.enable=true"
+
+volumes:
+  acme:
+
+networks:
+ default:
+   driver: bridge
+   ipam:
+     driver: default
+     config:
+       - subnet:  {{ traefik_network }}

environments/custom/templates/traefik/services.yml.j2

@@ -0,0 +1,47 @@
+---
+http:
+  routers:
+    horizon:
+      entryPoints:
+        - http
+      service: horizon
+      rule: Host(`testbed-gx-iam.osism.test`)
+
+    keycloak:
+      entryPoints:
+        - keycloak
+      service: keycloak
+      rule: Host(`testbed-gx-iam.osism.test`)
+
+    keystone_admin:
+      entryPoints:
+        - keystone_admin
+      service: keystone_admin
+      rule: Host(`testbed-gx-iam.osism.test`)
+
+    keystone_public:
+      entryPoints:
+        - keystone_public
+      service: keystone_public
+      rule: Host(`testbed-gx-iam.osism.test`)
+
+  services:
+    horizon:
+      loadBalancer:
+        servers:
+          - url: http://{{ kolla_internal_vip_address }}:80/
+
+    keycloak:
+      loadBalancer:
+        servers:
+          - url: http://{{ kolla_internal_vip_address }}:8170/
+
+    keystone_admin:
+      loadBalancer:
+        servers:
+          - url: http://{{ kolla_internal_vip_address }}:35357/
+
+    keystone_public:
+      loadBalancer:
+        servers:
+          - url: http://{{ kolla_internal_vip_address }}:5000/

environments/custom/templates/traefik/traefik.yml.j2

@@ -0,0 +1,27 @@
+---
+api:
+  dashboard: false
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+  keycloak:
+    address: ":8170"
+  keystone_public:
+    address: ":5000"
+  keystone_admin:
+    address: ":35357"
+
+providers:
+  file:
+    filename: "etc/traefik/services.yml"
+
+certificatesResolvers:
+  http:
+    acme:
+      email: {{ traefik_acme_email }}
+      storage: /etc/traefik/acme/acme.json
+      httpChallenge:
+        entryPoint: http

environments/infrastructure/configuration.yml

@@ -3,3 +3,8 @@
 # versions
 
 openstack_version: ussuri
+
+##########################
+# keycloak
+
+keycloak_host: 192.168.32.9

terraform/files/deploy.sh

@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+sudo -iu dragon sh -c 'INTERACTIVE=false osism-run custom traefik'
+
 sudo -iu dragon sh -c 'INTERACTIVE=false osism-kolla deploy common'
 sudo -iu dragon sh -c 'INTERACTIVE=false osism-kolla deploy haproxy'
 sudo -iu dragon sh -c 'INTERACTIVE=false osism-kolla deploy mariadb'