Merge pull request #67 from bgraef/main

bgraef · web-flow · commit 7de4777e0e93 · 2025-05-06T06:13:05.000-04:00
add code for olam with haproxy
diff --git a/olam/default_vars.yml b/olam/default_vars.yml
@@ -29,6 +29,8 @@ add_pah_ports: false
 use_freeipa: false
 use_git: false
 add_cluster_ports: false
+use_haproxy: false
+add_haproxy_ports: false
 
 use_kvm: false
 create_vm: false
diff --git a/olam/templates/ingress_security_rules.j2 b/olam/templates/ingress_security_rules.j2
@@ -79,4 +79,30 @@ instance_ingress_security_rules:
       destination_port_range:
         max: 27199
         min: 27199
-{% endif %}  
+{% endif %}
+{% if add_haproxy_ports %}
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 80
+        min: 80
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 443
+        min: 443
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 8080
+        min: 8080
+  - source: "0.0.0.0/0"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 8443
+        min: 8443
+{% endif %}
diff --git a/olam/templates/nginx.conf.j2 b/olam/templates/nginx.conf.j2
@@ -42,56 +42,30 @@ http {
     # for more information.
     include /etc/nginx/conf.d/*.conf;
 
-#    server {
-#        listen       80 default_server;
-#        listen       [::]:80 default_server;
-#        server_name  _;
-#        root         /usr/share/nginx/html;
-#
-#        # Load configuration files for the default server block.
-#        include /etc/nginx/default.d/*.conf;
-#
-#        location / {
-#        }
-#
-#        error_page 404 /404.html;
-#            location = /40x.html {
-#        }
-#
-#        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
-#        }
-#    }
-#
-# Settings for a TLS enabled server.
-#
-#    server {
-#        listen       443 ssl http2 default_server;
-#        listen       [::]:443 ssl http2 default_server;
-#        server_name  _;
-#        root         /usr/share/nginx/html;
-#
-#        ssl_certificate "/etc/pki/nginx/server.crt";
-#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
-#        ssl_session_cache shared:SSL:1m;
-#        ssl_session_timeout  10m;
-#        ssl_ciphers PROFILE=SYSTEM;
-#        ssl_prefer_server_ciphers on;
-#
-#        # Load configuration files for the default server block.
-#        include /etc/nginx/default.d/*.conf;
-#
-#        location / {
-#        }
-#
-#        error_page 404 /404.html;
-#            location = /40x.html {
-#        }
-#
-#        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
-#        }
-#    }
+{% if use_haproxy %}
+    server {
+        listen      8080 default_server;
+        listen      [::]:8080 default_server;
+        server_name _;
+        root        /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        # OCI LB health check
+        location /nginx-health {
+            access_log off;
+            add_header 'Content-Type' 'text/plain';
+            return 200 "healthy\n";
+        }
+
+        location /health {
+            access_log off;
+            add_header 'Content-Type' 'application/json';
+            return 200 '{"status":"UP"}';
+        }
+    }
+{% endif %}
 
 }
 
