Fixed dockerfile for high availability loadbalancer using HAProxy

This commit is contained in:
Xan Manning 2020-01-14 17:07:32 +00:00
parent df253b504a
commit 927fd41036
6 changed files with 34 additions and 52 deletions

View file

@ -43,18 +43,15 @@ env:
# Test multiple masters in control plane with PostgreSQL # Test multiple masters in control plane with PostgreSQL
- MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest - MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest
MOLECULE_SCENARIO_DIRECTORY: /home/travis/build/${REPO_OWNER}/${ROLE_OWNER}.${ROLE_NAME}/molecule/highavailability
MOLECULE_SCENARIO: highavailability MOLECULE_SCENARIO: highavailability
# Test multiple masters with auto deploying manifests # Test multiple masters with auto deploying manifests
- MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest - MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest
MOLECULE_SCENARIO_DIRECTORY: /home/travis/build/${REPO_OWNER}/${ROLE_OWNER}.${ROLE_NAME}/molecule/highavailability
MOLECULE_SCENARIO: highavailability MOLECULE_SCENARIO: highavailability
MOLECULE_PLAYBOOK: playbook-auto-deploying-manifests.yml MOLECULE_PLAYBOOK: playbook-auto-deploying-manifests.yml
# Test multiple masters in control plane with DQLite # Test multiple masters in control plane with DQLite
- MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest - MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest
MOLECULE_SCENARIO_DIRECTORY: /home/travis/build/${REPO_OWNER}/${ROLE_OWNER}.${ROLE_NAME}/molecule/highavailability
MOLECULE_SCENARIO: highavailability MOLECULE_SCENARIO: highavailability
MOLECULE_PLAYBOOK: playbook-dqlite.yml MOLECULE_PLAYBOOK: playbook-dqlite.yml

View file

@ -5,10 +5,3 @@ FROM {{ item.registry.url }}/{{ item.image }}
{% else %} {% else %}
FROM {{ item.image }} FROM {{ item.image }}
{% endif %} {% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

View file

@ -0,0 +1,13 @@
frontend loadbalancer
bind *:6443
mode tcp
default_backend control_nodes
timeout client 1m
backend control_nodes
mode tcp
balance roundrobin
server node2 node2:6443
server node3 node3:6443
timeout connect 30s
timeout server 30m

View file

@ -43,13 +43,10 @@ platforms:
networks: networks:
- name: k3snet - name: k3snet
- name: loadbalancer - name: loadbalancer
image: nginx:1.17-alpine image: geerlingguy/docker-centos8-ansible:latest
pre_build_image: true pre_build_image: true
ports: ports:
- "6443:6443" - "6443:6443"
volumes:
- ${MOLECULE_SCENARIO_DIRECTORY}/nginx-loadbalancer.conf:/etc/nginx/nginx.conf:ro
command: "nginx -g 'daemon off;'"
networks: networks:
- name: k3snet - name: k3snet
provisioner: provisioner:

View file

@ -1,34 +0,0 @@
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
stream {
# Set up our upstream of control (master) nodes. The default load balancing
# algorithm for nginx is to round-robin. Perfect!
upstream control_plane {
server node2:6443 max_fails=3 fail_timeout=5s;
server node3:6443 max_fails=3 fail_timeout=5s;
}
upstream control_plane_443 {
server node2:443 max_fails=3 fail_timeout=5s;
server node3:443 max_fails=3 fail_timeout=5s;
}
# Listen on port 6443, this is our default control plane port, then pass
# all traffic to one of the control (master) nodes.
server {
listen 6443;
proxy_pass control_plane;
}
# Listen on port 443, this is our default ssl port, then pass
# all traffic to one of the control (master) nodes.
server {
listen 443;
proxy_pass control_plane_443;
}
}

View file

@ -1,7 +1,23 @@
--- ---
- name: Prepare - name: Prepare
hosts: node* hosts: loadbalancer
tasks: tasks:
- name: Debug Message - name: Ensure HAProxy is installed
debug: package:
msg: No prepare steps required name: haproxy
state: present
- name: Ensure HAProxy config directory exists
file:
path: /usr/local/etc/haproxy
state: directory
- name: Ensure HAProxy is configured
template:
src: haproxy-loadbalancer.conf.j2
dest: /usr/local/etc/haproxy/haproxy.cfg
- name: Ensure HAProxy service is started
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
args:
creates: /var/run/haproxy.pid