From 59d074dd87df27a39508f862fe6c48562d0f7b27 Mon Sep 17 00:00:00 2001 From: Anandkumar Patel Date: Mon, 20 Jun 2016 13:58:27 -0700 Subject: [PATCH] add uptables to ansible for navi, cleanup --- .../alpha-consul-template-updater.yml | 2 +- ansible/group_vars/alpha-navi-proxy.yml | 6 +++-- ansible/group_vars/alpha-registrator.yml | 2 ++ .../roles/content-domain-proxy/tasks/main.yml | 25 +++++++++++++------ .../content-domain-proxy/templates/navi.tmpl | 2 +- 5 files changed, 25 insertions(+), 12 deletions(-) diff --git a/ansible/group_vars/alpha-consul-template-updater.yml b/ansible/group_vars/alpha-consul-template-updater.yml index ba360427..5888f8af 100644 --- a/ansible/group_vars/alpha-consul-template-updater.yml +++ b/ansible/group_vars/alpha-consul-template-updater.yml @@ -14,4 +14,4 @@ container_run_opts: > container_run_args: > -consul={{ consul_host_address }}:{{ consul_api_port }} -wait=1s - -template="/tmp/template:{{ target_updater_file_path }}/{{ out_file }}:{{ template_command }}" + -template="/tmp/template:{{ target_updater_file_path }}/{{ proxy_service_name }}.conf:{{ template_command }}" diff --git a/ansible/group_vars/alpha-navi-proxy.yml b/ansible/group_vars/alpha-navi-proxy.yml index 9331d73c..f37a0700 100644 --- a/ansible/group_vars/alpha-navi-proxy.yml +++ b/ansible/group_vars/alpha-navi-proxy.yml @@ -2,16 +2,18 @@ name: nginx # used by consul template updater +proxy_service_name: navi target_container_name: nginx target_updater_file_path: /etc/nginx/sites-enabled -template_path: /etc/nginx/template/navi.tmpl template_command: /bin/docker kill -s HUP {{ target_container_name }} -out_file: navi.conf +template_path: /etc/nginx/template/navi.tmpl # used by container_kill_start container_image: "{{ name }}" container_tag: "1.10" +restart_policy: always + container_run_opts: > -d --net=host diff --git a/ansible/group_vars/alpha-registrator.yml b/ansible/group_vars/alpha-registrator.yml index 00d53a14..400ba645 100644 --- a/ansible/group_vars/alpha-registrator.yml +++ b/ansible/group_vars/alpha-registrator.yml @@ -4,6 +4,8 @@ name: registrator container_image: gliderlabs/registrator container_tag: v7 +restart_policy: always + container_run_opts: > -d --hostname={{ ansible_hostname }} diff --git a/ansible/roles/content-domain-proxy/tasks/main.yml b/ansible/roles/content-domain-proxy/tasks/main.yml index 05110643..808e65c5 100644 --- a/ansible/roles/content-domain-proxy/tasks/main.yml +++ b/ansible/roles/content-domain-proxy/tasks/main.yml @@ -44,13 +44,6 @@ dest: /etc/nginx state: directory -- name: assert nginx sites-enabled directory - tags: [ configure_proxy ] - become: yes - file: - state: directory - dest: /etc/nginx/sites-enabled - - name: put nginx configuration in place tags: [ configure_proxy ] become: yes @@ -70,4 +63,20 @@ become: yes template: src: navi.tmpl - dest: /etc/nginx/template + dest: /etc/nginx/template/navi.tmpl + +- name: setup ip table rule to redir all to port 80 + tags: [ configure_proxy, iptables ] + become: yes + iptables: + table=nat + chain=PREROUTING + in_interface=eth0 + protocol=tcp + destination_port={{ item }} + jump=REDIRECT + to_ports=80 + comment="Redirect {{ item }} traffic to port 80" + with_items: + - 81:442 + - 444:65535 diff --git a/ansible/roles/content-domain-proxy/templates/navi.tmpl b/ansible/roles/content-domain-proxy/templates/navi.tmpl index fc181586..76b3681a 100644 --- a/ansible/roles/content-domain-proxy/templates/navi.tmpl +++ b/ansible/roles/content-domain-proxy/templates/navi.tmpl @@ -4,7 +4,7 @@ map $http_upgrade $connection_upgrade { } upstream {{ name }} { - {{ '{{' }}range service "{{ name }}"{{ '}}' }} server {{ '{{' }}.Address{{ '}}' }}:{{ '{{' }}.Port{{ '}}' }} max_fails=0 fail_timeout=1s; + {{ '{{' }}range service "{{ proxy_service_name }}"{{ '}}' }} server {{ '{{' }}.Address{{ '}}' }}:{{ '{{' }}.Port{{ '}}' }} max_fails=0 fail_timeout=1s; {{ '{{' }}end{{ '}}' }} }