Use conditionals to use nginx or iptables

2016-09-16 10:11:57 -04:00 · 2016-09-16 10:11:57 -04:00 · fb812906cf
parent f3ba34ec99
commit fb812906cf
6 changed files with 31 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
+playbook_*.yml
 *.egg-info
 *.pyc
 .tox
--- a/roles/api/defaults/main.yml
+++ b/roles/api/defaults/main.yml
@ -1,3 +1,4 @@
+almanach_port: 8000
 almanach_user: almanach
 almanach_group: almanach
 almanach_service_name: almanach-api
@ -5,3 +6,8 @@ almanach_service_name: almanach-api
 almanach_nginx_hostname: default
 almanach_nginx_port: 80
 almanach_nginx_log_file: /var/log/nginx/default_access.log
+
+use_nginx: True
+
+use_netfilter: False
+netfilter_iface: eth0
--- a/roles/api/tasks/main.yml
+++ b/roles/api/tasks/main.yml
@ -14,4 +14,9 @@
 # limitations under the License.

 - include: nginx.yml
+  when: use_nginx == True
+
+- include: netfilter.yml
+  when: use_netfilter == True
+
 - include: init_upstart.yml
--- a/roles/api/tasks/netfilter.yml
+++ b/roles/api/tasks/netfilter.yml
@ -0,0 +1,17 @@
+---
+# Copyright 2016, Internap Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Forward port 80 to Almanach port
+  iptables: table=nat chain=PREROUTING in_interface={{ netfilter_iface }} protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports={{ almanach_port }}
--- a/roles/api/templates/almanach-api-upstart.init.j2
+++ b/roles/api/templates/almanach-api-upstart.init.j2
@ -10,5 +10,5 @@ setuid {{ almanach_user }}
 setgid {{ almanach_group }}

 script
-    exec {{ almanach_app_dir }}/bin/almanach api {{ almanach_config_file }} --logging {{ almanach_logging_config_file }}
+    exec {{ almanach_app_dir }}/bin/almanach api {{ almanach_config_file }} --port {{ almanach_port }} --logging {{ almanach_logging_config_file }}
 end script
--- a/roles/api/templates/nginx.vhost.conf.j2
+++ b/roles/api/templates/nginx.vhost.conf.j2
@ -5,7 +5,7 @@ server {
    access_log {{ almanach_nginx_log_file }};

    location / {
-        proxy_pass http://127.0.0.1:8000;
+        proxy_pass http://127.0.0.1:{{ almanach_port }};
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;