|
1 | 1 | Register a service with haproxy |
2 | 2 | =============================== |
3 | 3 |
|
4 | | -1. Ensure that the salt-master and loadbalancer can be brought up with vagrant locally. |
5 | | - |
6 | | -- `laptop:psf-salt user$ vagrant up salt-master` |
7 | | - |
8 | | -- `laptop:psf-salt user$ vagrant up loadbalancer` |
9 | | - |
10 | | -2. In the local repository, create a new state/directory to manage files for your service |
11 | | - |
12 | | -- `laptop:psf-salt user$ vim salt/base/salt.sls` |
13 | | - |
14 | | -3. Additionally, add an nginx configuration state and cosul-service state that exposes that directory over HTTP |
15 | | - |
16 | | -- This configuration might look similar to an existing haproxy service like letsencrypt |
17 | | - |
18 | | -``` |
19 | | -
|
20 | | -/etc/nginx/sites.d/letsencrypt-well-known.conf: |
21 | | - file.managed: |
22 | | - - source: salt://base/config/letsencrypt-well-known-nginx.conf |
23 | | - - user: root |
24 | | - - group: root |
25 | | - - mode: "0644" |
26 | | - - require: |
27 | | - - file: /etc/nginx/sites.d/ |
28 | | - - sls: tls.lego |
29 | | -
|
30 | | -/etc/consul.d/service-letsencrypt-well-known.json: |
31 | | - file.managed: |
32 | | - - source: salt://consul/etc/service.jinja |
33 | | - - template: jinja |
34 | | - - context: |
35 | | - name: letsencrypt-well-known |
36 | | - port: 9000 |
37 | | - - user: root |
38 | | - - group: root |
39 | | - - mode: "0644" |
40 | | - - require: |
41 | | - - pkg: consul-pkgs |
42 | | -
|
43 | | -
|
44 | | -``` |
45 | | - |
46 | | -4. In your local repository, navigate to `salt/base/config` and and an nginx configuration file. This configuration file might look similarly to the one of the letsencrypt service: |
47 | | -``` |
48 | | -server { |
49 | | - listen 9000 ssl default_server; |
50 | | -
|
51 | | - ssl_certificate /etc/ssl/private/salt.psf.io.pem; |
52 | | - ssl_certificate_key /etc/ssl/private/salt.psf.io.pem; |
53 | | -
|
54 | | - server_name _; |
55 | | -
|
56 | | - location /.well-known/acme-challenge/ { |
57 | | - alias /etc/lego/.well-known/acme-challenge/; |
58 | | - try_files $uri =404; |
59 | | - } |
60 | | -} |
61 | | -~ |
62 | | -``` |
63 | | - |
64 | | -5. Prepare an ssh configuration file to access the host with native ssh commands: `'laptop:psf-salt user$ vagrant ssh-config salt-master loadbalancer >> vagrant-ssh` |
65 | | - |
66 | | -6. Open an ssh session with port forwarding to the haproxy status page: |
67 | | - |
68 | | -- 'laptop:psf-salt user$ ssh -L 4646:127.0.0.1:4646 -F vagrant-ssh loadbalancer` |
69 | | - |
70 | | -- open `<http://localhost:4646/haproxy?stats>` to see haproxy status |
71 | | - |
| 4 | +1. Ensure that the `salt-master` and `loadbalancer` can be brought up with vagrant locally: |
| 5 | + ```console |
| 6 | + vagrant up salt-master |
| 7 | + vagrant up loadbalancer |
| 8 | + ``` |
| 9 | +2. In the local repository, create a new state/directory to manage files for your service: |
| 10 | + ```console |
| 11 | + touch salt/base/salt.sls |
| 12 | + ``` |
| 13 | +3. Additionally, add an `nginx` configuration state and `consul` service state that exposes that directory over HTTP: |
| 14 | + - This configuration might look similar to an existing haproxy service like `letsencrypt` |
| 15 | + ```yaml |
| 16 | + /etc/nginx/sites.d/letsencrypt-well-known.conf: |
| 17 | + file.managed: |
| 18 | + - source: salt://base/config/letsencrypt-well-known-nginx.conf |
| 19 | + - user: root |
| 20 | + - group: root |
| 21 | + - mode: "0644" |
| 22 | + - require: |
| 23 | + - file: /etc/nginx/sites.d/ |
| 24 | + - sls: tls.lego |
| 25 | + |
| 26 | + /etc/consul.d/service-letsencrypt-well-known.json: |
| 27 | + file.managed: |
| 28 | + - source: salt://consul/etc/service.jinja |
| 29 | + - template: jinja |
| 30 | + - context: |
| 31 | + name: letsencrypt-well-known |
| 32 | + port: 9000 |
| 33 | + - user: root |
| 34 | + - group: root |
| 35 | + - mode: "0644" |
| 36 | + - require: |
| 37 | + - pkg: consul-pkgs |
| 38 | + ``` |
| 39 | + |
| 40 | +4. In your local repository, navigate to `salt/base/config` and add an `nginx` configuration file: |
| 41 | + This configuration file might look similarly to the one of the `letsencrypt` service: |
| 42 | + ```nginx |
| 43 | + server { |
| 44 | + listen 9000 ssl default_server; |
| 45 | + |
| 46 | + ssl_certificate /etc/ssl/private/salt.psf.io.pem; |
| 47 | + ssl_certificate_key /etc/ssl/private/salt.psf.io.pem; |
| 48 | + |
| 49 | + server_name _; |
| 50 | + |
| 51 | + location /.well-known/acme-challenge/ { |
| 52 | + alias /etc/lego/.well-known/acme-challenge/; |
| 53 | + try_files $uri =404; |
| 54 | + } |
| 55 | + } |
| 56 | + ~ |
| 57 | + ``` |
| 58 | +5. Prepare an SSH configuration file to access the host with native ssh commands: |
| 59 | + ```console |
| 60 | + vagrant ssh-config salt-master loadbalancer >> vagrant-ssh |
| 61 | + ``` |
| 62 | +6. Open an SSH session with port forwarding to the haproxy status page: |
| 63 | + ```console |
| 64 | + ssh -L 4646:127.0.0.1:4646 -F vagrant-ssh loadbalancer |
| 65 | + ``` |
| 66 | + - Open [`http://localhost:4646/haproxy?stats`][loadbalancer] to see ``haproxy`` status |
72 | 67 | 7. In a new window run: |
73 | | - |
74 | | -- `laptop:psf-salt user$ ssh -F sshconfig -L 8500:127.0.0.1:8500 salt-master` |
75 | | - |
76 | | -Open `<http://localhost:8500/ui/vagrant/services>` to see what consul services are registered |
| 68 | + ```console |
| 69 | + ssh -F sshconfig -L 8500:127.0.0.1:8500 salt-master |
| 70 | + ``` |
| 71 | + - Open [`http://localhost:8500/ui/vagrant/services`][consul] to see what ``consul`` services are registered |
| 72 | + |
| 73 | +[//]: # (Quicklink targets) |
| 74 | +[loadbalancer]: <http://localhost:4646/haproxy?stats> |
| 75 | +[consul]: <http://localhost:8500/ui/vagrant/services> |
0 commit comments