cr, dr-mirror, gcr-mirror - the mirrors won't do

adm01 is log now and registry
2021-02-17 21:32:04 +01:00 · 2021-02-17 15:09:58 +01:00
3 changed files with 160 additions and 34 deletions
--- a/base/hostconfig/adm01.sls
+++ b/base/hostconfig/adm01.sls
@@ -0,0 +1,155 @@
+pki:
+  cns:
+  - cr.lan
+  - gcr-mirror.lan
+  - dr-mirror.lan
+  - docker-registry.lan
+systemd:
+  service:
+    container-container-registry:
+      Unit:
+        Description: Container Registry
+        After: network-online.target local-fs.target podman.socket
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a container-registry
+        ExecStop: /usr/bin/podman stop container-registry
+      Install:
+        WantedBy: multi-user.target
+    container-dr-mirror:
+      Unit:
+        Description: docker.io mirror
+        After: network-online.target local-fs.target podman.socket
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a dr-mirror
+        ExecStop: /usr/bin/podman stop dr-mirror
+      Install:
+        WantedBy: multi-user.target
+haproxy:
+  enabled: True
+  overwrite: True
+  global:
+    stats:
+      enable: True
+      socketpath: /var/lib/haproxy/stats
+      mode: 660
+      level: admin
+      # Optional extra bind parameter, for example to set the owner/group on the socket file
+      extra: user haproxy group haproxy
+    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
+    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
+
+    user: haproxy
+    group: haproxy
+    chroot:
+      enable: True
+      path: /var/lib/haproxy
+    daemon: True
+  defaults:
+    mode: http
+    stats:
+      - enable
+      - uri: '/haproxy-status'
+    options:
+      - httplog
+      - dontlognull
+      - forwardfor
+    timeouts:
+      - connect 5000
+      - client 50000
+      - server 50000
+      - tunnel 80000 #longer timeouts for websockets
+      - http-request 5s
+    errorfiles:
+      400: /etc/haproxy/errors/400.http
+      403: /etc/haproxy/errors/403.http
+      408: /etc/haproxy/errors/408.http
+      500: /etc/haproxy/errors/500.http
+      502: /etc/haproxy/errors/502.http
+      503: /etc/haproxy/errors/503.http
+      504: /etc/haproxy/errors/504.http
+  #resolvers:
+  #  local_dns:
+  #    options:
+  #      - nameserver resolvconf 192.168.10.1:53
+  #      - resolve_retries 3
+  #      - timeout retry 1s
+  #      - hold valid 10s
+  listens:
+    stats:
+      bind:
+        - "127.0.0.1:9110"
+      mode: http
+      stats:
+        enable: True
+        uri: "/haproxy-status"
+        refresh: "20s"
+  frontends:
+    frontend1:
+      name: www-http 
+      bind: 
+       - "*:80"
+       - "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
+      default_backend: container-registry
+      acls: 
+        - host_cr hdr_beg(host) -i cr. docker-registry.
+        - host_gcr-mirror hdr_beg(host) -i gcr-mirror.
+        - host_dr-mirror hdr_beg(host) -i dr-mirror.
+      use_backends: 
+        - container-registry if host_cr
+        - gcr-mirror if host_gcr-mirror
+        - dr-mirror if host_dr-mirror
+  backends:
+    backend1:
+      name: container-registry
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5000
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    backend2:
+      name: dr-mirror
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5500
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    backend3:
+      name: gcr-mirror
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5600
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    
--- a/base/hostconfig/auto02.sls
+++ b/base/hostconfig/auto02.sls
@@ -40,17 +40,6 @@ systemd:
        ExecStop: /usr/bin/podman stop pihole
      Install:
        WantedBy: multi-user.target
-    container-docker-registry:
-      Unit:
-        Description: Docker Registry
-        After: network-online.target local-fs.target
-        Before: haproxy.service
-        Requires: io.podman.service
-      Service:
-        ExecStart: /usr/bin/podman start -a docker-registry
-        ExecStop: /usr/bin/podman stop docker-registry
-      Install:
-        WantedBy: multi-user.target
    container-zwave2mqtt:
      Unit:
        Description: zwave2mqtt - yes
@@ -144,13 +133,11 @@ haproxy:
        - host_auto-conf hdr_beg(host) -i auto-conf.
        - host_z2m hdr_beg(host) -i zwave2mqtt.
        - host_pihole hdr_beg(host) -i pihole.
-        - host_docker-registry hdr_beg(host) -i docker-registry.
      use_backends: 
        - auto if host_auto
        - auto-conf if host_auto-conf
        - z2m if host_z2m
        - pihole if host_pihole
-        - docker-registry if host_docker-registry 
  backends:
    backend1:
      name: auto
@@ -192,23 +179,6 @@ haproxy:
          host: 127.0.0.1
          port: 8080
          check: check
-    backend5:
-      name: docker-registry
-      balance: roundrobin
-      servers:
-        server1:
-          name: auto02
-          host: 127.0.0.1
-          port: 5000
-          check: check
-      options:
-        - http-server-close
-      extra:
-        #- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
-        - http-response add-header Access-Control-Allow-Origin "*"
-        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
-        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
-        - http-response add-header Access-Control-Allow-Credentials true
-        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
-        
-        
+ 
+ 
+ 
--- a/top.sls
+++ b/top.sls
@@ -5,10 +5,11 @@
 base:
  '*':
    - base
+    - ignore_missing: True
  'G@osarch:arm64 or G@osarch:armel':
    - match: compound 
    - base.log.rsyslog.client 
-  'G@osarch:armhf and not G@fqdn:tumor.chaos':
+  'G@osarch:armhf and not G@fqdn:adm01.wks':
    - match: compound
    - base.log.rsyslog.client 
  'pine*':
Author	SHA1	Message	Date
do	ca17236700	cr, dr-mirror, gcr-mirror - the mirrors won't do	2021-02-17 21:32:04 +01:00
do	77b9025924	adm01 is log now and registry	2021-02-17 15:09:58 +01:00