chaos/salt-pillar
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2025-11-20. You can view files and clone it, but cannot push or open issues or pull requests.
Files
a2ae96d2ee33e95f8a13e43fcc512fe339d5ec49
salt-pillar/base/hostconfig/adm01.sls
Udo Waechter a2ae96d2ee removed k8s stuff
2023-10-01 14:46:34 +02:00

183 lines
5.7 KiB
Plaintext
Raw Blame History

pki:
cns:
- cr.wks
- gcr-mirror.wks
- dr-mirror.wks
- docker-registry.wks
#- ups.wks
systemd:
service:
container-dr-mirror:
Unit:
Description: docker.io mirror
After: network-online.target local-fs.target podman.socket
Before: haproxy.service
Service:
ExecStart: /usr/bin/podman start container-docker-mirror
ExecStop: /usr/bin/podman stop container-docker-mirror
Install:
WantedBy: multi-user.target
container-container-registry:
Unit:
Description: Container Registry
After: network-online.target local-fs.target podman.socket
Before: haproxy.service
Service:
ExecStart: /usr/bin/podman start -a container-registry
ExecStop: /usr/bin/podman stop container-registry
Install:
WantedBy: multi-user.target
container-registry-garbage-collect:
Unit:
Description: Container Registry garbage collect
Service:
ExecStart: /usr/bin/podman exec container-registry /bin/registry garbage-collect /etc/docker/registry/config.yml -m
container-docker-mirror-garbage-collect:
Unit:
Description: Container Docker mirror garbage collect
Service:
ExecStart: /usr/bin/podman exec container-docker-mirror /bin/registry garbage-collect /etc/docker/registry/config.yml -m
timer:
container-registry-garbage-collect:
Unit:
Description: Timer for registry-garbage-collect
Timer:
OnCalendar: weekly
Persistent: true
Install:
WantedBy: timers.target
container-docker-mirror-garbage-collect:
Unit:
Description: Timer for docker-mirror-garbage-collect
Timer:
OnCalendar: weekly
Persistent: true
Install:
WantedBy: timers.target
haproxy:
enabled: True
overwrite: True
global:
stats:
enable: True
socketpath: /var/lib/haproxy/stats
mode: 660
level: admin
# Optional extra bind parameter, for example to set the owner/group on the socket file
extra: user haproxy group haproxy
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
user: haproxy
group: haproxy
chroot:
enable: True
path: /var/lib/haproxy
daemon: True
defaults:
mode: http
stats:
- enable
- uri: '/haproxy-status'
options:
- httplog
- dontlognull
- forwardfor
timeouts:
- connect 5000
- client 50000
- server 50000
- tunnel 80000 #longer timeouts for websockets
- http-request 5s
errorfiles:
400: /etc/haproxy/errors/400.http
403: /etc/haproxy/errors/403.http
408: /etc/haproxy/errors/408.http
500: /etc/haproxy/errors/500.http
502: /etc/haproxy/errors/502.http
503: /etc/haproxy/errors/503.http
504: /etc/haproxy/errors/504.http
#resolvers:
# local_dns:
# options:
# - nameserver resolvconf 192.168.10.1:53
# - resolve_retries 3
# - timeout retry 1s
# - hold valid 10s
listens:
stats:
bind:
- "127.0.0.1:9110"
mode: http
stats:
enable: True
uri: "/haproxy-status"
refresh: "20s"
frontends:
frontend1:
name: www-http
bind:
- "*:80"
- "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
default_backend: container-registry
acls:
- host_cr hdr_beg(host) -i cr. docker-registry.
- host_gcr-mirror hdr_beg(host) -i gcr-mirror.
- host_dr-mirror hdr_beg(host) -i dr-mirror.
use_backends:
- container-registry if host_cr
- gcr-mirror if host_gcr-mirror
- dr-mirror if host_dr-mirror
backends:
backend1:
name: container-registry
balance: roundrobin
servers:
server1:
name: adm01
host: 127.0.0.1
port: 5000
check: check
options:
- http-server-close
extra:
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
backend2:
name: dr-mirror
balance: roundrobin
servers:
server1:
name: adm01
host: 127.0.0.1
port: 5001
check: check
options:
- http-server-close
extra:
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
backend3:
name: gcr-mirror
balance: roundrobin
servers:
server1:
name: adm01
host: 127.0.0.1
port: 5600
check: check
options:
- http-server-close
extra:
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
Reference in New Issue View Git Blame Copy Permalink