├── Dockerfile
├── README.md
├── confd
    ├── haproxy.cfg.tmpl
    └── haproxy.cfg.toml
├── haproxy.sh
├── monit
    ├── confd.conf
    └── haproxy.conf
├── readme.md
└── start.sh


/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM rawmind/rancher-base:0.0.2-1
 2 | MAINTAINER Christian Rodriguez <chrodriguez@gmail.com>
 3 | 
 4 | ENV VAMP_HOME /opt/vamp
 5 | # Install haproxy
 6 | RUN set -ex && \
 7 |     apk --update add iptables iproute2 libnl3-cli musl-dev linux-headers curl gcc pcre-dev make zlib-dev openssl-dev && \
 8 |     mkdir /usr/src && \
 9 |     curl -fL http://www.haproxy.org/download/1.6/src/haproxy-1.6.7.tar.gz | tar xzf - -C /usr/src && \
10 |     cd /usr/src/haproxy-1.6.7 && \
11 |     make TARGET=linux2628 USE_PCRE=1 USE_ZLIB=1 USE_OPENSSL=1 && \
12 |     make install-bin && \
13 |     cd .. && \
14 |     mkdir -p /opt/vamp/errorfiles && \
15 |     cp -pr /usr/src/haproxy-1.6.7/examples/errorfiles/* /opt/vamp/errorfiles && \
16 |     rm -rf /usr/src/haproxy-1.6.7 && \
17 |     apk del musl-dev linux-headers curl gcc pcre-dev make zlib-dev && \
18 |     apk add musl pcre zlib && \
19 |     rm /var/cache/apk/*
20 | 
21 | # Add confd tmpl and toml
22 | ADD confd/*.toml /etc/confd/conf.d/
23 | ADD confd/*.tmpl /etc/confd/templates/
24 | 
25 | # Add monit conf for services
26 | ADD monit/*.conf /etc/monit/conf.d/
27 | 
28 | # Add start.sh
29 | ADD start.sh /usr/bin/
30 | ADD haproxy.sh /usr/bin/
31 | RUN chmod +x /usr/bin/*.sh
32 | RUN adduser haproxy -D -h /opt/vamp && mkdir /opt/vamp/chroot && chown -R haproxy /opt/vamp
33 | 
34 | WORKDIR ${VAMP_HOME}
35 | 
36 | ENTRYPOINT ["/usr/bin/start.sh"]
37 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Mikroways/rancher-haproxy/81c4529a5afa46b380a14af3394e0344e4bf9489/README.md


--------------------------------------------------------------------------------
/confd/haproxy.cfg.tmpl:
--------------------------------------------------------------------------------
 1 | global
 2 |         log 127.0.0.1 local0
 3 |         log 127.0.0.1 local1 notice
 4 |         maxconn 4096
 5 |         maxpipes 1024
 6 |         chroot /opt/vamp/chroot
 7 |         user haproxy
 8 |         group haproxy
 9 |         daemon
10 | 
11 | defaults
12 |         log     global
13 |         mode    tcp
14 |         option  tcplog
15 |         option  dontlognull
16 |         option  redispatch
17 |         option http-server-close
18 |         option forwardfor
19 |         retries 3
20 |         timeout connect 5000
21 |         timeout client 50000
22 |         timeout server 50000
23 |         errorfile 400 /opt/vamp/errorfiles/400.http
24 |         errorfile 403 /opt/vamp/errorfiles/403.http
25 |         errorfile 408 /opt/vamp/errorfiles/408.http
26 |         errorfile 500 /opt/vamp/errorfiles/500.http
27 |         errorfile 502 /opt/vamp/errorfiles/502.http
28 |         errorfile 503 /opt/vamp/errorfiles/503.http
29 |         errorfile 504 /opt/vamp/errorfiles/504.http
30 | frontend 1
31 |         bind *:80
32 |         mode http
33 |         acl internal_req src {{getv "/self/container/primary_ip"}}/16
34 | {{range $s, $stack_name := ls "/stacks"}}{{range $i, $service_name := ls (printf "/stacks/%s/services" $stack_name)}}{{if exists (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.exposed_port" $stack_name $service_name)}}{{$exposed_port := getv (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.exposed_port" $stack_name $service_name)}}{{if exists (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.server_names" $stack_name $service_name)}}{{$service_names := split ( getv (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.server_names" $stack_name $service_name ) ) "," }}{{range $s_n, $name := $service_names }}
35 | 
36 |         acl {{$s}}_{{$i}}_{{$s_n}}_host hdr(host) -i {{$name}}{{if exists (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.force_ssl.%s" $stack_name $service_name $name)}}
37 |         redirect scheme https if !internal_req  {{$s}}_{{$i}}_{{$s_n}}_host !{ ssl_fc }
38 |         use_backend {{$s}}_{{$i}}_backend if internal_req {{$s}}_{{$i}}_{{$s_n}}_host {{else}}
39 |         use_backend {{$s}}_{{$i}}_backend if {{$s}}_{{$i}}_{{$s_n}}_host{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}
40 | 
41 | 
42 | {{range $s, $stack_name := ls "/stacks"}}{{range $i, $service_name := ls (printf "/stacks/%s/services" $stack_name)}}{{ $backend_defined := 0 }}{{if exists (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.exposed_port" $stack_name $service_name)}}{{if eq $backend_defined 0}}
43 | backend {{$s}}_{{$i}}_backend
44 |    mode http
45 | {{$backend_defined := 1}}{{end}}{{$exposed_port := getv (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.exposed_port" $stack_name $service_name)}}{{range $i2, $container := ls (printf "/stacks/%s/services/%s/containers" $stack_name $service_name)}}{{$ip := getv (printf "/stacks/%s/services/%s/containers/%s/primary_ip" $stack_name $service_name $container)}}
46 |    server {{$s}}_{{$container}} {{$ip}}:{{$exposed_port}}{{if exists (printf "/stacks/%s/services/%s/labels/io.rancher_haproxy.ssl_verify_none" $stack_name $service_name)}} ssl verify none {{end}}{{end}}{{end}}{{end}}{{end}}
47 | 
48 | listen default
49 |   bind *:42
50 | 


--------------------------------------------------------------------------------
/confd/haproxy.cfg.toml:
--------------------------------------------------------------------------------
 1 | [template]
 2 | src = "haproxy.cfg.tmpl"
 3 | dest = "/opt/vamp/haproxy.cfg"
 4 | owner = "root"
 5 | mode = "0644"
 6 | keys = [
 7 |   "/stacks",
 8 |   "/self"
 9 | ]
10 | 
11 | reload_cmd ="/usr/bin/haproxy.sh restart"
12 | 


--------------------------------------------------------------------------------
/haproxy.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | case "$1" in
 4 |         "start")
 5 |             haproxy -f /opt/vamp/haproxy.cfg -p /opt/vamp/haproxy.pid -sf $(cat /opt/vamp/haproxy.pid)
 6 |         ;;
 7 |         "restart")
 8 |             haproxy -f /opt/vamp/haproxy.cfg -p /opt/vamp/haproxy.pid -sf $(cat /opt/vamp/haproxy.pid)
 9 |         ;;
10 |         "stop")
11 |             kill -15 $(cat /opt/vamp/haproxy.pid)
12 |         ;;
13 |         *) echo "Usage: $0 start|stop"
14 |         ;;
15 | 
16 | esac
17 | 


--------------------------------------------------------------------------------
/monit/confd.conf:
--------------------------------------------------------------------------------
1 | check process confd matching "/usr/bin/confd"
2 |   start program = "/usr/bin/confd-start.sh"
3 |   stop program = "/usr/bin/killall confd"
4 |   if 2 restarts within 3 cycles then unmonitor
5 | 


--------------------------------------------------------------------------------
/monit/haproxy.conf:
--------------------------------------------------------------------------------
1 | check process haproxy with pidfile /opt/vamp/haproxy.pid
2 |   start program = "/usr/bin/haproxy.sh start"
3 |   stop program = "/usr/bin/haproxy.sh stop"
4 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | rancher-vamp-haproxy
 2 | ==========================
 3 | 
 4 | vamp-gateway-agent image based in rancher-base (alpine)
 5 | 
 6 | To build
 7 | 
 8 | ```
 9 | docker build -t <repo>/rancher-vamp-gateway-agent:<version> .
10 | ```
11 | 
12 | To run:
13 | 
14 | ```
15 | docker run -it <repo>/rancher-vamp-gateway-agent:<version> 
16 | ```
17 | 
18 | # How it works
19 | 
20 | * The docker has the entrypoint /usr/bin/start.sh, that check rancher-metadata server connectivity, starts confd and monit. It checks, reconfigures and reload haproxy, every $CONFD_INTERVAL seconds.
21 | * Scale could be from 1 to n nodes. 
22 | * Default env variables values:
23 | CONFD_BACKEND=${CONFD_BACKEND:-"zookeeper"}
24 | CONFD_BACKEND_SERVER=${CONFD_BACKEND_SERVER:-"zookeeper:2181"}
25 | CONFD_PREFIX=${CONFD_PREFIX:-"/"}
26 | CONFD_INTERVAL=${CONFD_INTERVAL:-5}
27 | CONFD_PARAMS=${CONFD_PARAMS:-"-backend ${CONFD_BACKEND} -prefix ${CONFD_PREFIX} -node ${CONFD_BACKEND_SERVER}"}
28 | CONFD_ONETIME="/usr/bin/confd -onetime ${CONFD_PARAMS}"
29 | CONFD_SCRIPT=${CONFD_SCRIPT:-"/usr/bin/confd-start.sh"}
30 | 


--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -e
 4 | 
 5 | function log {
 6 |     echo `date` $ME - $@
 7 | }
 8 | 
 9 | function checkrancher {
10 |     log "checking rancher network..."
11 |     a="`ip a s dev eth0 &> /dev/null; echo $?`" 
12 |     while  [ $a -eq 1 ];
13 |     do
14 |         a="`ip a s dev eth0 &> /dev/null; echo $?`" 
15 |         sleep 1
16 |     done
17 | 
18 |     b="`ping -c 1 rancher-metadata &> /dev/null; echo $?`"
19 |     while [ $b -eq 1 ]; 
20 |     do
21 |         b="`ping -c 1 rancher-metadata &> /dev/null; echo $?`"
22 |         sleep 1 
23 |     done
24 | }
25 | 
26 | CONFD_BACKEND=${CONFD_BACKEND:-"rancher"}
27 | CONFD_BACKEND_SERVER=${CONFD_BACKEND_SERVER:-"rancher-metadata"}
28 | CONFD_PREFIX=${CONFD_PREFIX:-"/2015-12-19"}
29 | CONFD_INTERVAL=${CONFD_INTERVAL:-5}
30 | CONFD_PARAMS=${CONFD_PARAMS:-"-backend ${CONFD_BACKEND} -prefix ${CONFD_PREFIX} -node ${CONFD_BACKEND_SERVER}"}
31 | CONFD_ONETIME="/usr/bin/confd -onetime ${CONFD_PARAMS}"
32 | CONFD_SCRIPT=${CONFD_SCRIPT:-"/usr/bin/confd-start.sh"}
33 | 
34 | CONFD_PARAMS="-interval ${CONFD_INTERVAL} ${CONFD_PARAMS}"
35 | 
36 | export CONFD_BACKEND CONFD_BACKEND_SERVER CONFD_PREFIX CONFD_INTERVAL CONFD_PARAMS 
37 |    
38 | checkrancher
39 | 
40 | # Create confd start script
41 | echo "#!/usr/bin/env sh" > ${CONFD_SCRIPT}
42 | echo "/usr/bin/nohup /usr/bin/confd ${CONFD_PARAMS} > /opt/vamp/confd.log 2>&1 &" >> ${CONFD_SCRIPT}
43 | echo "rc=\$?" >> ${CONFD_SCRIPT}
44 | echo "echo \$rc" >> ${CONFD_SCRIPT}
45 | chmod 755 ${CONFD_SCRIPT}
46 | 
47 | # Run confd to get first appli configuration
48 | log "[ Getting haproxy configuration... ]"
49 | ${CONFD_ONETIME}
50 | 
51 | # Run monit
52 | log "[ Starting monit... ]"
53 | /usr/bin/monit -I
54 | 


--------------------------------------------------------------------------------