Commit initial
This commit is contained in:
commit
3fcebb77a6
8 changed files with 180 additions and 0 deletions
12
CHANGELOG.md
Normal file
12
CHANGELOG.md
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# **Change Log** 📜📝
|
||||
|
||||
Les changements notables apportés au projet sont notés ici.
|
||||
|
||||
Document au format basé sur [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
Le projet suit les préconisations de [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
---
|
||||
## [**v0.1.0**] - 2024-11-12
|
||||
|
||||
* Première version - séparation des roles host et traefik
|
||||
18
LICENSE
Normal file
18
LICENSE
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
Copyright (c) Libretic
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
The Software is provided "as is", without warranty of any kind, express or
|
||||
implied, including but not limited to the warranties of merchantability, fitness
|
||||
for a particular purpose and noninfringement. In no event shall the authors or
|
||||
copyright holders be liable for any claim, damages or other liability, whether
|
||||
in an action of contract, tort or otherwise, arising from, out of or in
|
||||
connection with the Software or the use or other dealings in the Software.
|
||||
72
README.md
Normal file
72
README.md
Normal file
|
|
@ -0,0 +1,72 @@
|
|||
Role : docker_traefik
|
||||
=====================
|
||||
|
||||
Configure un conteneur traefik sur un serveur préparé avec docker_host prêt à servir de reverse proxy local pour les applications web.
|
||||
|
||||
|
||||
Prérequis et dépendances
|
||||
------------------------
|
||||
|
||||
- Rôle : docker_host
|
||||
|
||||
|
||||
Variables
|
||||
---------
|
||||
|
||||
Le rôle nécessite que soit fourni le paramètre suivant :
|
||||
|
||||
```yaml
|
||||
# Chaine user + mdp chiffré pour l'accès à l'interface de traefik sur le port 8443
|
||||
docker_traefik_admin: "admin:$$apr1$$HWiac5ae$$fBaMfNze1G96R2d5ntiID/"
|
||||
```
|
||||
|
||||
Les autres variables utilisables sont précisées ci-dessous (cf. defaults/main.yml) :
|
||||
|
||||
```yaml
|
||||
# Liste des reverse proxy de confiance pour traefik, pour la récupération des entêtes http
|
||||
docker_traefik_trusted_ips: []
|
||||
# Chemin d'installation
|
||||
docker_traefik_install_dir: /opt/traefik/
|
||||
# Interface d'écoute pour les flux entrants
|
||||
docker_traefik_listen_ip: "0.0.0.0"
|
||||
# Interface d'écoute pour l'administration de traefik
|
||||
docker_traefik_admin_listen_ip: "{{ docker_traefik_listen_ip }}"
|
||||
# Port d'écoute pour les flux http
|
||||
docker_traefik_web_port: 80
|
||||
# Port d'écoute pour les flux https
|
||||
docker_traefik_websecure_port: 443
|
||||
# Port d'écoute pour l'interface d'administration'
|
||||
docker_traefik_admin_port: 8443
|
||||
```
|
||||
|
||||
Par exemple :
|
||||
```yaml
|
||||
docker_host_traefik_admin: "admin:$$apr1$$HWiac5ae$$fBaMfNze1G96R2d5ntiID/"
|
||||
docker_host_traefik_trusted_ips: [ 10.1.2.3 ]
|
||||
```
|
||||
|
||||
A noter : la valeur de docker_host_traefik_admin pour un compte d'accès "admin" avec mot de passe "4dm1n" s'obtient par :
|
||||
```sh
|
||||
echo $(htpasswd -nb admin 4dm1n) | sed -e s/\\$/\\$\\$/g
|
||||
```
|
||||
|
||||
Exemple de Playbook
|
||||
-------------------
|
||||
|
||||
Le rôle peut s'utiliser sans paramètre particulier sur un serveur préparé avec docker_host.
|
||||
|
||||
```yaml
|
||||
- hosts: servers
|
||||
vars:
|
||||
docker_host_traefik_admin: "admin:$$apr1$$HWiac5ae$$fBaMfNze1G96R2d5ntiID/"
|
||||
|
||||
roles:
|
||||
- docker_host
|
||||
- docker_traefik
|
||||
```
|
||||
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
MIT
|
||||
8
defaults/main.yml
Normal file
8
defaults/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
docker_traefik_trusted_ips: []
|
||||
docker_traefik_listen_ip: "0.0.0.0"
|
||||
docker_traefik_install_dir: /opt/traefik/
|
||||
docker_traefik_admin_listen_ip: "{{ docker_traefik_listen_ip }}"
|
||||
|
||||
docker_traefik_web_port: 80
|
||||
docker_traefik_websecure_port: 443
|
||||
docker_traefik_admin_port: 8443
|
||||
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
- name: Docker-compose-up # noqa: no-changed-when
|
||||
ansible.builtin.command: docker compose up -d
|
||||
args:
|
||||
chdir: /opt/{{ docker_traefik_install_dir }}/
|
||||
6
meta/main.yml
Normal file
6
meta/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
galaxy_info:
|
||||
author: Olivier Navas
|
||||
description: Prepare traefik sur un serveur avec docker_host
|
||||
license: MIT
|
||||
min_ansible_version: 2.9
|
||||
galaxy_tags: []
|
||||
16
tasks/main.yml
Normal file
16
tasks/main.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
- name: Traefik network
|
||||
community.docker.docker_network:
|
||||
name: traefik
|
||||
|
||||
- name: Traefik dir
|
||||
ansible.builtin.file:
|
||||
path: "{{ docker_traefik_install_dir }}"
|
||||
state: directory
|
||||
mode: u=rwx,g=rx,o=
|
||||
|
||||
- name: Traefik compose
|
||||
ansible.builtin.template:
|
||||
src: traefik-docker-compose.yml.j2
|
||||
dest: "{{ docker_traefik_install_dir }}/docker-compose.yml"
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Docker-compose-up
|
||||
44
templates/traefik-docker-compose.yml.j2
Normal file
44
templates/traefik-docker-compose.yml.j2
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3
|
||||
restart: always
|
||||
command:
|
||||
- "--log.level=INFO"
|
||||
- "--accesslog=true"
|
||||
- "--accesslog.fields.names.StartUTC=drop"
|
||||
- "--api=true"
|
||||
- "--api.dashboard=true"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web.address=:{{ docker_traefik_web_port }}"
|
||||
- "--entryPoints.web.forwardedHeaders.trustedIPs={{ docker_traefik_trusted_ips }}"
|
||||
- "--entrypoints.websecure.address=:{{ docker_traefik_websecure_port }}"
|
||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ docker_traefik_trusted_ips }}"
|
||||
- "--entrypoints.api.address=:{{ docker_traefik_admin_port }}"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.port={{ docker_traefik_admin_port }}"
|
||||
- "traefik.http.routers.api.entrypoints=api"
|
||||
- "traefik.http.routers.api.rule=(PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
- "traefik.http.routers.api.service=api@internal"
|
||||
- "traefik.http.routers.api.middlewares=auth"
|
||||
- "traefik.http.routers.api.tls"
|
||||
- "traefik.http.middlewares.auth.basicauth.users={{ docker_traefik_admin }}"
|
||||
ports:
|
||||
- "{{ docker_traefik_listen_ip }}:{{ docker_traefik_web_port }}:{{ docker_traefik_web_port }}"
|
||||
- "{{ docker_traefik_listen_ip }}:{{ docker_traefik_websecure_port }}:{{ docker_traefik_websecure_port }}"
|
||||
- "{{ docker_traefik_admin_listen_ip }}:{{ docker_traefik_admin_port }}:{{ docker_traefik_admin_port }}"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
networks:
|
||||
- traefik
|
||||
userns_mode: "host"
|
||||
Loading…
Reference in a new issue