Merge pull request #493 from CodeNow/SAN-4398-add-dynamic-nginx

update nginx to use consul-template-updater; add registrator

Author: anandkumarpatel

ansible/consul-template-updater.yml

@@ -0,0 +1,12 @@
+---
+- hosts: consul
+
+- hosts: userland
+  vars_files:
+  - group_vars/{{ var_file }}
+  - group_vars/alpha-consul-template-updater.yml
+  roles:
+  - role: notify
+    tags: notify
+
+  - role: container_kill_start

ansible/group_vars/alpha-consul-template-updater.yml

@@ -0,0 +1,17 @@
+name: consul-template-updater
+
+# container_kill_start settings
+container_image: avthart/consul-template
+container_tag: latest
+
+container_run_opts: >
+  -d
+  --name {{ name }}
+  -v /var/run/docker.sock:/tmp/docker.sock
+  -v {{ template_path }}:/tmp/template
+  --volumes-from {{ target_container_name }}
+
+container_run_args: >
+  -consul={{ consul_host_address }}:{{ consul_api_port }}
+  -wait=1s
+  -template="/tmp/template:{{ target_updater_file_path }}/{{ out_file }}:{{ template_command }}"

ansible/group_vars/alpha-navi-proxy.yml

@@ -1,15 +1,24 @@
 ---
 name: nginx
 
+# used by consul template updater
+target_container_name: nginx
+target_updater_file_path: /etc/nginx/sites-enabled
+template_path: /etc/nginx/template/navi.tmpl
+template_command: /bin/docker kill -s HUP {{ target_container_name }}
+out_file: navi.conf
+
+# used by container_kill_start
 container_image: "{{ name }}"
 container_tag: "1.10"
 
 container_run_opts: >
   -d
-  -h {{ name }}
+  --net=host
+  --name {{ name }}
   -p 0.0.0.0:443:443
   -p 0.0.0.0:80:80
   -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-  -v /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/:ro
+  -v {{ target_updater_file_path }}
   -v /etc/ssl/certs/{{ user_content_domain }}:/etc/ssl/certs/{{ user_content_domain }}:ro
   -v /var/log/nginx:/var/log/nginx

ansible/group_vars/alpha-navi.yml

@@ -7,6 +7,8 @@ hosted_ports: [ "{{ navi_http_port }}" ]
 node_version: "4.2.4"
 npm_version: "2.8.3"
 
+restart_policy: always
+
 redis_ca_cert_path: /opt/ssl/{{ name }}/redis/ca.pem
 content_domain_certs: /opt/ssl/{{ user_content_domain }}
 

ansible/group_vars/alpha-registrator.yml

@@ -0,0 +1,15 @@
+name: registrator
+
+# container_kill_start settings
+container_image: gliderlabs/registrator
+container_tag: v7
+
+container_run_opts: >
+  -d
+  --hostname={{ ansible_hostname }}
+  --name={{ name }}
+  --volume=/var/run/docker.sock:/tmp/docker.sock
+
+container_run_args: >
+  -ip {{ ansible_default_ipv4.address }}
+  consul://{{ consul_host_address }}:{{ consul_api_port }}

ansible/navi-proxy.yml

@@ -1,11 +1,15 @@
 ---
 - hosts: userland
   vars_files:
-    - group_vars/alpha-navi-proxy.yml
+  - group_vars/alpha-navi-proxy.yml
   roles:
-    - role: datadog
-      has_dd_integration: yes
+  - role: datadog
+    has_dd_integration: yes
 
-    - role: content-domain-proxy
+  - role: content-domain-proxy
 
-    - role: container_kill_start
+  - role: container_kill_start
+
+- include: consul-template-updater.yml
+  vars:
+    var_file: alpha-navi-proxy.yml

ansible/navi.yml

@@ -21,9 +21,3 @@
 
   - role: container_start
     number_of_containers: "{{ ansible_processor_cores }}"
-
-  - role: nginx-proxied-service
-    nginx_host: "{{ groups['userland'][0] }}"
-    target_ip_address: "{{ hostvars[groups['navi'][0]]['ansible_default_ipv4']['address'] }}"
-    templates: [ 69-navi.conf ]
-    nginx_config: proxy

ansible/registrator.yml

@@ -0,0 +1,11 @@
+---
+- hosts: consul
+
+- hosts: navi
+  vars_files:
+  - group_vars/alpha-registrator.yml
+  roles:
+  - role: notify
+    tags: notify
+
+  - role: container_kill_start

ansible/roles/content-domain-proxy/tasks/main.yml

@@ -44,7 +44,6 @@
     dest: /etc/nginx
     state: directory
 
-
 - name: assert nginx sites-enabled directory
   tags: [ configure_proxy ]
   become: yes
@@ -57,4 +56,18 @@
   become: yes
   template:
     src: proxy-nginx.conf
-    dest: /etc/nginx/nginx.conf
+    dest: /etc/nginx/nginx.conf
+
+- name: assert nginx template directory
+  tags: [ configure_proxy ]
+  become: yes
+  file:
+    state: directory
+    dest: /etc/nginx/template
+
+- name: put navi template in place
+  tags: [ configure_proxy ]
+  become: yes
+  template:
+    src: navi.tmpl
+    dest: /etc/nginx/template

…x-proxied-service/templates/69-navi.conf …content-domain-proxy/templates/navi.tmplansible/roles/nginx-proxied-service/templates/69-navi.conf renamed to ansible/roles/content-domain-proxy/templates/navi.tmpl ansible/roles/nginx-proxied-service/templates/69-navi.conf renamed to ansible/roles/content-domain-proxy/templates/navi.tmpl

@@ -4,9 +4,8 @@ map $http_upgrade $connection_upgrade {
 }
 
 upstream {{ name }} {
-  {% for port in proxy_target_ports.stdout_lines -%}
-  server {{ target_ip_address }}:{{ port }} max_fails=0 fail_timeout=1s;
-  {% endfor %}
+ {{ '{{' }}range service "{{ name }}"{{ '}}' }} server {{ '{{' }}.Address{{ '}}' }}:{{ '{{' }}.Port{{ '}}' }} max_fails=0 fail_timeout=1s;
+ {{ '{{' }}end{{ '}}' }}
 }
 
 server {