feat: remove unneeded webservers load-balancing + treat backend as static IPv4 addresses instead of dynamic IPv6 addresses
This commit is contained in:
VC
@@ -1,5 +1,12 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Retrieve network info
|
||||||
|
hosts: webservers:!disabled_loadbalanced_webservers
|
||||||
|
gather_facts: true
|
||||||
|
gather_subset:
|
||||||
|
- network
|
||||||
|
tasks: []
|
||||||
|
|
||||||
- name: Load balancers
|
- name: Load balancers
|
||||||
hosts: loadbalancers
|
hosts: loadbalancers
|
||||||
diff: true
|
diff: true
|
||||||
|
|||||||
@@ -234,6 +234,10 @@ muninservers:
|
|||||||
hosts:
|
hosts:
|
||||||
munin.dmz.mateu.be:
|
munin.dmz.mateu.be:
|
||||||
|
|
||||||
|
disabled_loadbalanced_webservers:
|
||||||
|
hosts:
|
||||||
|
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||||
|
|
||||||
disabled_munin:
|
disabled_munin:
|
||||||
hosts:
|
hosts:
|
||||||
baybay-ponay.mateu.be:
|
baybay-ponay.mateu.be:
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ frontend http
|
|||||||
tcp-request inspect-delay 3s
|
tcp-request inspect-delay 3s
|
||||||
acl letsencrypt path_beg /.well-known/acme-challenge
|
acl letsencrypt path_beg /.well-known/acme-challenge
|
||||||
redirect scheme https code 301 if !letsencrypt
|
redirect scheme https code 301 if !letsencrypt
|
||||||
{% for server in groups['webservers'] %}
|
{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
|
||||||
{% for hostname in hostvars[server]['web_hostname'] %}
|
{% for hostname in hostvars[server]['web_hostname'] %}
|
||||||
## {{ hostname }} configuration
|
## {{ hostname }} configuration
|
||||||
acl host_{{ hostname }} hdr(host) -i {{ hostname }}
|
acl host_{{ hostname }} hdr(host) -i {{ hostname }}
|
||||||
@@ -56,7 +56,7 @@ frontend https
|
|||||||
bind *:443 name frontend-https
|
bind *:443 name frontend-https
|
||||||
tcp-request inspect-delay 3s
|
tcp-request inspect-delay 3s
|
||||||
tcp-request content accept if { req.ssl_hello_type 1 }
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
||||||
{% for server in groups['webservers'] %}
|
{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
|
||||||
{% for hostname in hostvars[server]['web_hostname'] %}
|
{% for hostname in hostvars[server]['web_hostname'] %}
|
||||||
## {{ hostname }} configuration
|
## {{ hostname }} configuration
|
||||||
acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
|
acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
|
||||||
@@ -65,15 +65,15 @@ frontend https
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% for server in groups['webservers'] %}
|
{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
|
||||||
## {{ server }} configuration
|
## {{ server }} configuration
|
||||||
backend http_{{ server }}
|
backend http_{{ server }}
|
||||||
mode http
|
mode http
|
||||||
server host_{{ server.split('.')|join('_') }} {{ server }}:80
|
server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80
|
||||||
|
|
||||||
backend https_{{ server }}
|
backend https_{{ server }}
|
||||||
mode tcp
|
mode tcp
|
||||||
server host_{{ server.split('.')|join('_') }} {{ server }}:443
|
server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user