pub/learn-traefik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init commit

Browse Source
This commit is contained in:
Vassiliy Yegorov
2020-07-08 16:03:52 +07:00
commit edaa556a5e
30 changed files with 633 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
1.Docker/ansible.cfg Normal file
View File

@@ -0,0 +1,11 @@
[defaults]
inventory = hosts
remote_user = root
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
retry_files_enabled = False
roles_path = ./roles
[diff]
always = false
context = 5

3
1.Docker/docker-init.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
ansible-playbook docker-init.yml -l main

17
1.Docker/docker-init.yml Normal file
View File

@@ -0,0 +1,17 @@
- hosts: all
roles:
- role: vasyakrg.docker_install
tags: docker
become: true
vars:
docker_user: "root"
docker_additional_service_opts: |
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}

3
1.Docker/hosts Normal file
View File

@@ -0,0 +1,3 @@
[main]
web ansible_ssh_host=95.217.182.112
node1 ansible_ssh_host=95.216.205.111

3
1.Docker/requirements.yml Normal file
View File

@@ -0,0 +1,3 @@
- name: vasyakrg.docker_install
src: git+https://github.com/vasyakrg/docker_install.git
version: origin/master

24
1.Docker/roles/vasyakrg.docker_install/.travis.yml Normal file
View File

@@ -0,0 +1,24 @@
---
language: python
python: "2.7"
sudo: required
dist: trusty
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
install:
- sudo pip install ansible
- echo -e 'localhost ansible_connection=local' > tests/inventory
- echo -e '[defaults]\nroles_path = ../\nhostfile = ./tests/inventory' > ansible.cfg
script:
- ansible-playbook --syntax-check tests/role.yml
- ansible-playbook -v --diff tests/role.yml
- ansible-playbook -v --diff tests/role.yml
- >
ansible-playbook tests/role.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)

21
1.Docker/roles/vasyakrg.docker_install/LICENSE.txt Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Marvin Pinto
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

59
1.Docker/roles/vasyakrg.docker_install/README.md Normal file
View File

@@ -0,0 +1,59 @@
docker
======
This Ansible role enables people to install the latest Docker on an Ubuntu-like
system. It also provides a handy library function to validate that the Docker
daemon is running and functional.
Requirements
------------
This role will only work on an Ubuntu-like system.
Role Variables
--------------
```yaml
# Any additional docker service options
# Example: '--dns 8.8.8.8 --dns 8.8.4.4 --userns-remap=default'
# docker_additional_service_opts: |
# {
# "userns-remap": "default",
# "dns": [
# "8.8.8.8",
# "8.8.4.4"
# ]
# }
docker_additional_service_opts: |
{}
```
Examples
--------
Install this module from Ansible Galaxy into the './roles' directory:
```bash
- name: vasyakrg.docker_install
src: git+https://github.com/vasyakrg/docker_install.git
version: origin/master
```
Use it in a playbook as follows:
```yaml
- hosts: all
roles:
- role: vasyakrg.docker_install
tags: docker
become: true
vars:
docker_user: "vasyansk"
docker_additional_service_opts: |
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
```

5
1.Docker/roles/vasyakrg.docker_install/defaults/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
docker_user: ubuntu
docker_version_docker_compose: 1.25.4
docker_additional_service_opts: |
{}

12
1.Docker/roles/vasyakrg.docker_install/handlers/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: 'docker-apt-get-update'
become: true
apt:
update_cache: true
- name: 'docker-restart-service'
become: true
service:
name: 'docker'
state: 'restarted'
enabled: 'yes'

1
1.Docker/roles/vasyakrg.docker_install/meta/.galaxy_install_info Normal file
View File

@@ -0,0 +1 @@
{install_date: 'Fri Sep 27 07:53:51 2019', version: origin/master}

16
1.Docker/roles/vasyakrg.docker_install/meta/main.yml Normal file
View File

@@ -0,0 +1,16 @@
galaxy_info:
author: Vassiliy Yegorov
description: |
This Ansible role enables people to install the latest Docker on an Ubuntu-like
system. It also provides a handy library function to validate that the Docker
daemon is running and functional.
license: MIT
min_ansible_version: 1.4
platforms:
- name: Ubuntu
versions:
- trusty
galaxy_tags:
- docker
- ubuntu
dependencies: []

91
1.Docker/roles/vasyakrg.docker_install/tasks/main.yml Normal file
View File

@@ -0,0 +1,91 @@
---
- name: Install aptitude using apt
apt:
name: 'aptitude'
state: 'latest'
update_cache: 'yes'
force_apt_get: 'yes'
- name: 'Install prerequisites'
apt:
name:
- 'apt-transport-https'
- 'ca-certificates'
- 'curl'
- 'software-properties-common'
- 'gnupg2'
state: 'present'
update_cache: yes
- name: 'Add the docker apt signing key'
apt_key:
url: 'https://download.docker.com/linux/ubuntu/gpg'
- name: 'Add the official docker repo'
apt_repository:
repo: 'deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable'
state: 'present'
- name: 'Install docker'
apt:
name:
- 'docker-ce'
- 'docker-ce-cli'
- 'containerd.io'
state: 'present'
update_cache: yes
- name: 'Create the /etc/docker directory'
file:
path: '/etc/docker'
state: 'directory'
mode: '0700'
- name: 'Add any additional docker startup options via the daemon.json config file'
copy:
content: "{{ docker_additional_service_opts }}"
dest: '/etc/docker/daemon.json'
owner: 'root'
group: 'root'
mode: '0600'
notify: 'docker-restart-service'
- name: 'Start the docker service'
service:
name: 'docker'
state: 'started'
enabled: 'yes'
- name: 'Add current user to docker group'
become: yes
user:
name: "{{ docker_user }}"
groups: 'docker'
append: yes
- name: 'Check that the docker.pid exists'
stat:
path: /run/docker.pid
register: stat_result
failed_when: not stat_result.stat.exists
tags: docker_check
- name: 'Result of check docker.pid'
debug:
msg: 'Docker started'
when: stat_result.stat.exists
tags: docker_check
- name: 'Install Docker-compose'
get_url:
url: 'https://github.com/docker/compose/releases/download/{{ docker_version_docker_compose }}/docker-compose-Linux-x86_64'
dest: /usr/local/bin/docker-compose
mode: 'a+x'
tags: docker_compose_only
- name: 'Create symlink to docker-compose'
file:
src: '/usr/local/bin/docker-compose'
dest: '/usr/bin/docker-compose'
state: 'link'
tags: docker_compose_only

30
1.Docker/roles/vasyakrg.docker_install/tests/role.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- hosts: 'localhost'
roles:
- role: 'docker_install'
become: true
tasks:
- name: 'Check that the docker.pid exists'
stat:
path: /run/docker.pid
register: stat_result
failed_when: stat_result.stat.exists != true
- name: 'Result of check docker.pid'
debug:
msg: 'Docker started'
when: stat_result.stat.exists
- name: 'Pull in the latest nginx container'
become: true
docker_image:
name: 'nginx:latest'
when: stat_result.stat.exists
- name: 'Start the nginx container'
become: true
docker_container:
name: 'nginx'
image: 'nginx:latest'
state: 'started'
when: stat_result.stat.exists

10
2.Preinstall/docker-compose.yaml Normal file
View File

@@ -0,0 +1,10 @@
version: '3.7'
services:
dokuwiki:
image: bitnami/dokuwiki
ports:
- '8080:80'
environment:
- DOKUWIKI_USERNAME=admin
- DOKUWIKI_PASSWORD=admin
- DOKUWIKI_WIKI_NAME=amega-wiki

4
2.Preinstall/install-addons.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
echo "Start container in 8080 port"
docker-compose up -d

7
3.Traefik/DOMAINS.md Normal file
View File

@@ -0,0 +1,7 @@
# доменные зоны
- test2.tfm.zone
- traefik.tfm.zone
- grafana.tfm.zone
- prom.tfm.zone

2
3.Traefik/data/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
acme.json
logs/*

19
3.Traefik/data/custom/allow-redirect.yml Normal file
View File

@@ -0,0 +1,19 @@
http:
routers:
redirs:
rule: hostregexp(`{host:.+}`)
entrypoints:
- http
middlewares:
- redirect-to-https
service: noop
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: false
services:
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"

46
3.Traefik/data/custom/nginx-docker-node1.yml Normal file
View File

@@ -0,0 +1,46 @@
http:
routers:
external-docker-route:
entryPoints:
- https
service: test2
middlewares:
- test2-auth
- test-retry
# - test2-whitelist
# - testHeader
rule: Host(`test2.tfm.zone`) # "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))"
tls:
certResolver: letsEncrypt
# middlewares
middlewares:
test2-auth:
basicAuth:
users:
- "admin:$2y$05$Ixy4UWIEe7z5/xyhMEerveBs7bOWQVUCJAIL.55ANTzlLJWHnaqJ6" # not escaped $$ !
test2-whitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "8.8.8.8/32"
test-retry:
retry:
attempts: 4
testHeader:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlAllowOriginList:
- https://foo.bar.org
- https://example.org
accessControlMaxAge: 100
addVaryHeader: true
# Services
services:
test2:
loadBalancer:
servers:
- url: http://95.216.205.111:8080
passHostHeader: true

65
3.Traefik/data/traefik.yml Normal file
View File

@@ -0,0 +1,65 @@
global:
checkNewVersion: true
log:
filePath: /var/log/log.log
format: common # or json
level: "DEBUG" # DEBUG, PANIC, FATAL, ERROR, WARN, or INFO
accessLog:
filePath: /var/log/access.log
format: common # or json
bufferingSize: 100
filters:
statusCodes:
- "200"
- "300-302"
- "500-503"
retryAttempts: true
minDuration: "10ms"
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
metrics:
address: ":8082"
metrics:
prometheus: # datadog, statsD, influxDB
entryPoint: metrics
http:
routers:
redirs-docker:
rule: hostregexp(`{host:.+}`)
entrypoints:
- http
middlewares:
- redirect-docker-to-https
middlewares:
redirect-docker-to-https:
redirectScheme:
scheme: https
permanent: false
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /custom
watch: true
certificatesResolvers:
letsEncrypt:
acme:
email: info@tfm.zone # Change e-mail !
storage: acme.json
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # for tests only
httpChallenge:
entryPoint: http

39
3.Traefik/docker-compose.yml Normal file
View File

@@ -0,0 +1,39 @@
version: '3.7'
services:
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/custom/:/custom/:ro
- ./data/acme.json:/acme.json
- ./data/logs/:/var/log/
labels:
- "traefik.enable=true"
- "traefik.docker.network=webproxy"
# - "traefik.http.routers.traefik-http.entrypoints=http"
# - "traefik.http.routers.traefik-http.rule=Host(`traefik.tfm.zone`)"
# - "traefik.http.routers.traefik-http.middlewares=traefik-redirectscheme,traefik-auth"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`traefik.tfm.zone`)" # change URL !
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" # not understand why :)
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$05$$7GBmuRxTR0T3IZ5rQO4iB.cj2p23RjIIkLB/l5bPn3gzkpfVahvKO" # admin \ admin in "echo $(htpasswd -nbB admin admin) | sed -e s/\\$/\\$\\$/g"
- "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=https"
networks:
- webproxy
networks:
webproxy:
name: webproxy

6
3.Traefik/start-traefik.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
touch data/acme.json
chmod 600 data/acme.json
docker-compose up -d

4
4.Addons/.env.example Normal file
View File

@@ -0,0 +1,4 @@
APP_NAME=mon
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin

1
4.Addons/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.env

68
4.Addons/docker-compose.yml Normal file
View File

@@ -0,0 +1,68 @@
version: '3.7'
services:
grafana:
container_name: ${APP_NAME}-grafana
image: grafana/grafana:latest
restart: always
environment:
- GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD}
- GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER}
- GF_AUTH_ANONYMOUS_ENABLED=false
- GF_USERS_ALLOW_SIGN_UP=false
- GF_USERS_ALLOW_ORG_CREATE=false
labels:
- "traefik.enable=true"
- "traefik.docker.network=webproxy"
- "traefik.http.routers.grafana.entrypoints=https"
- "traefik.http.routers.grafana.rule=Host(`grafana.tfm.zone`)" # change URL !
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=letsEncrypt"
- "traefik.http.routers.grafana.service=grafana-service"
- "traefik.http.services.grafana-service.loadbalancer.server.port=3000"
volumes:
- grafana:/var/lib/grafana/
expose:
- 3000
networks:
- monitor_net
- webproxy
prometheus:
container_name: ${APP_NAME}-prometheus
image: prom/prometheus
restart: always
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
labels:
- "traefik.enable=true"
- "traefik.docker.network=webproxy"
- "traefik.http.routers.prometheus.entrypoints=https"
- "traefik.http.routers.prometheus.rule=Host(`prom.tfm.zone`)" # change URL !
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.routers.prometheus.tls.certresolver=letsEncrypt"
- "traefik.http.routers.prometheus.service=prometheus-service"
- "traefik.http.routers.prometheus.middlewares=prometheus-auth"
- "traefik.http.services.prometheus-service.loadbalancer.server.port=9090"
- "traefik.http.middlewares.prometheus-auth.basicauth.users=admin:$$2y$$05$$7GBmuRxTR0T3IZ5rQO4iB.cj2p23RjIIkLB/l5bPn3gzkpfVahvKO" # admin \ admin in "echo $(htpasswd -nbB admin admin) | sed -e s/\\$/\\$\\$/g"
volumes:
- ./prometheus/:/etc/prometheus/
- prometheus_data:/prometheus
expose:
- 9090
networks:
- monitor_net
- webproxy
volumes:
prometheus_data:
grafana:
networks:
webproxy:
external:
name: webproxy
monitor_net:
name: monitor_net

5
4.Addons/mon-init.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
[[ ! -f .env ]] && cp .env.example .env
docker-compose up -d

42
4.Addons/prometheus/prometheus.yml Normal file
View File

@@ -0,0 +1,42 @@
# my global config
global:
scrape_interval: 15s # By default, scrape targets every 15 seconds.
evaluation_interval: 15s # By default, scrape targets every 15 seconds.
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'my-project'
# Load and evaluate rules in this file every 'evaluation_interval' seconds.
rule_files:
# - 'alert.rules'
# - "first.rules"
# - "second.rules"
# alert
alerting:
# alertmanagers:
# - scheme: http
# static_configs:
# - targets:
# - "alertmanager:9093"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: 'traefik-exporter'
file_sd_configs:
- files:
- /etc/prometheus/traefik-exporter.yml

5
4.Addons/prometheus/traefik-exporter.yml Normal file
View File

@@ -0,0 +1,5 @@
- targets:
- traefik:8082
labels:
env: test
job: traefik-exporter

14
README.md Normal file
View File

@@ -0,0 +1,14 @@
# Поднимаем Traefik для управления трафиком
- [презентация]()
## Утилиты
- [docker](https://docs.docker.com/get-docker/)
- [docker-compose](https://docs.docker.com/compose/install/)
-
## Видео к курсу
- [видео]()
##### Автор
- **Vassiliy Yegorov** - *Initial work* - [vasyakrg](https://github.com/vasyakrg)
- [сайт](vk.com/realmanual)
- [youtube](youtube.com/realmanual)