commit 2284efc8c90b293d51119b1a97df3e2d1314c5f7
parent 4775644da9dae27a32f6ff7c4fd97a8c50e7b0ff
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Tue, 11 Dec 2018 21:44:07 +0200
haproxy: Add settings for buildbot.erethon.com
Diffstat:
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/ansible/inventory/host_vars/spinny/haproxy.yml b/ansible/inventory/host_vars/spinny/haproxy.yml
@@ -3,7 +3,12 @@
prosody__public_ip: '163.172.24.171'
prosody__private_ip: '192.168.122.2'
static__private_ip: '192.168.122.2'
+buildbot__private_ip: '192.168.122.57'
certs__names: ['f.erethon.com', 'chat.erethon.com', 'grafana.erethon.com',
'capitalism.erethon.com', 'blog.erethon.com', 'erethon.com',
- 'www.plothopes.com', 'about.erethon.com', 'git.erethon.com']
+ 'www.plothopes.com', 'about.erethon.com', 'git.erethon.com',
+ 'buildbot.erethon.com']
+
+buildbot__username: '{{ lookup("password", secret + "/credentials/spinny.erethon.com/haproxy/username") }}'
+buildbot__password: '{{ lookup("password", secret + "/credentials/spinny.erethon.com/haproxy/password") }}'
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -28,6 +28,9 @@ defaults
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
+userlist buildbotusers
+ user {{ buildbot__username }} password {{ buildbot__password }}
+
frontend prosody_muc
bind {{ prosody__public_ip }}:5269
mode tcp
@@ -53,6 +56,7 @@ frontend ssl
use_backend f.erethon.com if { hdr(host) -i f.erethon.com }
use_backend grafana.erethon.com if { hdr(host) -i grafana.erethon.com }
use_backend static if { hdr(host) -i capitalism.erethon.com -i hacked.erethon.com -i erethon.com -i www.erethon.com -i blog.erethon.com -i about.erethon.com -i git.erethon.com }
+ use_backend buildbot if { hdr(host) -i buildbot.erethon.com }
backend plothopes
mode http
@@ -70,6 +74,12 @@ backend static
mode http
server webd {{ static__private_ip }}:80
+backend buildbot
+ mode http
+ acl authbuildbotusers http_auth(buildbotusers)
+ http-request auth realm buildbotrealm if !authbuildbotusers
+ server obsd001 {{ buildbot__private_ip }}:8010
+
backend local
mode http
server local 127.0.0.1:8080