jotbe/ansible-role-traefik-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Consolidated variable usage and added install path.

Browse source
This commit is contained in:
Joschka Seydell 2020-11-29 03:51:42 -08:00
parent ddc2a1f327
commit d4be3972d8
5 changed files with 67 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
README.md
View file

@ -13,22 +13,24 @@ Role Variables
--------------
```
traefik_install_user: {{ ansible_user }
traefik_install_path: /home/{{ traefik_install_user }}
traefik_letsencrypt_email:
traefik_virtual_host: localhost
traefik:
expose_internally: True
expose_externally: False
use_acme_staging: True
dns_challenge_provider: False
# NOT WORKING YET!
# Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
#extra_mapping:
# myservice: http://otherhost:12345
# use key:value pairs here to add additional environment variables to your traefik docker image.
# for instance, if you're using a dns challenge provider place your api keys etc here.
#additional_env_vars:
# # DUMMY_KEY: DUMMY_VALUE
# CLOUDFLARE_EMAIL: EMAIL
# CLOUDFLARE_API_KEY: API_KEY
traefik_expose_internally: True
traefik_expose_externally: False
traefik_use_acme_staging: True
traefik_dns_challenge_provider: False
# NOT WORKING YET!
# Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
#traefik_extra_mapping:
# myservice: http://otherhost:12345
# use key:value pairs here to add additional environment variables to your traefik docker image.
# for instance, if you're using a dns challenge provider place your api keys etc here.
#traefik_additional_env_vars:
# # DUMMY_KEY: DUMMY_VALUE
# CLOUDFLARE_EMAIL: EMAIL
# CLOUDFLARE_API_KEY: API_KEY
```
License

33
defaults/main.yml
View file

@ -1,19 +1,20 @@
---
# defaults file for traefik
traefik_install_user: '{{ ansible_user }}' # This user must be present on the host
traefik_install_path: '/home/{{ traefik_install_user }}'
traefik_virtual_host: localhost
traefik:
expose_internally: True
expose_externally: False
enable_acme: False
use_acme_staging: True
dns_challenge_provider: False
# NOT WORKING YET!
# Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
#extra_mapping:
# myservice: http://otherhost:12345
# use key:value pairs here to add additional environment variables to your traefik docker image.
# for instance, if you're using a dns challenge provider place your api keys etc here.
#additional_env_vars:
# # DUMMY_KEY: DUMMY_VALUE
# CLOUDFLARE_EMAIL: EMAIL
# CLOUDFLARE_API_KEY: API_KEY
traefik_expose_internally: True
traefik_expose_externally: False
traefik_enable_acme: False
traefik_use_acme_staging: True
traefik_dns_challenge_provider: False
# NOT WORKING YET!
# Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
#traefik_extra_mapping:
# - myservice: http://otherhost:12345
# use key:value pairs here to add additional environment variables to your traefik docker image.
# for instance, if you're using a dns challenge provider place your api keys etc here.
#traefik_additional_env_vars:
# # DUMMY_KEY: DUMMY_VALUE
# CLOUDFLARE_EMAIL: EMAIL
# CLOUDFLARE_API_KEY: API_KEY

36
tasks/main.yml
View file

@ -3,44 +3,44 @@
- name: Ensure traefik config directory exists
file:
path: /home/{{ docker_user }}/traefik
path: "{{ traefik_install_path }}/traefik"
state: directory
owner: '{{ docker_user }}'
group: '{{ docker_user }}'
owner: '{{ traefik_install_user }}'
group: '{{ traefik_install_user }}'
tags: config
- name: Ensure traefik rules directory exists
file:
path: /home/{{ docker_user }}/traefik/rules
path: "{{ traefik_install_path }}/traefik/rules"
state: directory
owner: '{{ docker_user }}'
group: '{{ docker_user }}'
owner: '{{ traefik_install_user }}'
group: '{{ traefik_install_user }}'
tags: config
- name: Provide TLS default options
template:
src: templates/t2-rules-tls-options.toml.j2
dest: /home/{{ docker_user }}/traefik/rules/tls-options.toml
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ traefik_install_path }}/traefik/rules/tls-options.toml"
owner: "{{ traefik_install_user }}"
group: "{{ traefik_install_user }}"
mode: '0644'
tags: config
- name: Provide docker-compose.yml
template:
src: templates/docker-compose.traefik.yml.j2
dest: /home/{{ docker_user }}/traefik/docker-compose.yml
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ traefik_install_path }}/traefik/docker-compose.yml"
owner: "{{ traefik_install_user }}"
group: "{{ traefik_install_user }}"
mode: '0644'
tags: config
- name: Provide traefik.toml
template:
src: templates/traefik.toml.j2
dest: /home/{{ docker_user }}/traefik/traefik.toml
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ traefik_install_path }}/traefik/traefik.toml"
owner: "{{ traefik_install_user }}"
group: "{{ traefik_install_user }}"
mode: '0644'
tags: config
@ -48,19 +48,19 @@
copy:
content: ""
force: no
dest: /home/{{ docker_user }}/traefik/acme.json
dest: "{{ traefik_install_path }}/traefik/acme.json"
mode: 0600
tags: config
- name: "docker-compose: Teardown existing Traefik service (only removes the containers)"
docker_compose:
project_src: "/home/{{ docker_user }}/traefik/"
project_src: "{{ traefik_install_path }}/traefik/"
state: absent
tags: ['never', 'teardown']
- name: "docker-compose: Start Traefik service"
docker_compose:
project_src: "/home/{{ docker_user }}/traefik/"
project_src: "{{ traefik_install_path }}/traefik/"
register: output
tags: service_start

16
templates/docker-compose.traefik.yml.j2
View file

@ -9,27 +9,27 @@ services:
# Load Balancer / SSL / Web Server
revproxy:
image: traefik:v2.2
restart: always
restart: unless-stopped
networks:
- public
ports:
{% if traefik.expose_internally | default(False) %}
{% if traefik_expose_internally | default(False) %}
- "8181:8080"
{% endif %}
- "80:80"
- "443:443"
{% if traefik.additional_env_vars | default(False) %}
{% if traefik_additional_env_vars | default(False) %}
environment:
{% for item in traefik.additional_env_vars | dict2items %}
{% for item in traefik_additional_env_vars | dict2items %}
- {{item.key}}={{item.value}}
{% endfor %}
{% endif %}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/{{ docker_user }}/traefik/traefik.toml:/traefik.toml
- /home/{{ docker_user }}/traefik/acme.json:/acme.json
- /home/{{ docker_user }}/traefik/rules:/rules
{% if traefik.expose_externally | default(False) %}
- {{ traefik_install_path }}/traefik/traefik.toml:/traefik.toml
- {{ traefik_install_path }}/traefik/acme.json:/acme.json
- {{ traefik_install_path }}/traefik/rules:/rules
{% if traefik_expose_externally | default(False) %}
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"

14
templates/traefik.toml.j2
View file

@ -26,29 +26,29 @@ defaultEntryPoints = ["web", "websecure"]
directory = "/rules"
watch = true
{% if traefik.enable_acme %}
{% if traefik_enable_acme %}
[certificatesResolvers.defaultresolver.acme]
{% if traefik.use_acme_staging %}
{% if traefik_use_acme_staging %}
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
{% endif %}
email = "{{ letsencrypt_email }}"
email = "{{ traefik_letsencrypt_email }}"
storage = "acme.json"
[certificatesResolvers.defaultresolver.acme.httpChallenge]
entryPoint = "web"
{% endif %}
{% if traefik.extra_mapping | default(False) %}
{% if traefik_extra_mapping | default(False) %}
### NOT WORKING YET!
#[backends]
{% for service_name in traefik.extra_mapping %}
{% for service_name in traefik_extra_mapping %}
#[backends.{{ service_name }}_backend]
# [backends.{{ service_name }}_backend.servers.server1]
# url = "{{ traefik.extra_mapping[service_name] }}"
# url = "{{ traefik_extra_mapping[service_name] }}"
{% endfor %}
#
#[frontends]
{% for service_name in traefik.extra_mapping %}
{% for service_name in traefik_extra_mapping %}
# [frontends.{{ service_name }}_frontend]
# backend = "{{ service_name }}_backend"
# [frontends.{{ service_name }}_frontend.routes.test_1]