commit f45b2d39c741795fc69a92ddbb6ba870f9f7736e
parent 08063bcf8717a13d4e0d7d09536e758184de26cc
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Sun, 2 May 2021 22:02:17 +0200
add Debian 10 Haproxy
Diffstat:
3 files changed, 262 insertions(+), 0 deletions(-)
diff --git a/config/preseed.cfg b/config/preseed.cfg
@@ -0,0 +1,89 @@
+# Preseeding only locale sets language, country and locale.
+d-i debian-installer/locale string en_US
+
+# Keyboard selection.
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap select us
+
+### Clock and time zone setup
+d-i clock-setup/utc boolean true
+d-i time/zone string UTC
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+d-i grub-installer/only_debian boolean true
+# To install to the first device (assuming it is not a USB stick):
+d-i grub-installer/bootdev string default
+
+### Mirror settings
+# If you select ftp, the mirror/country string does not need to be set.
+#d-i mirror/protocol string ftp
+d-i mirror/country string manual
+d-i mirror/http/hostname string debian.ethz.ch
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+### Apt setup
+# Select which update services to use; define the mirrors to be used.
+# Values shown below are the normal defaults.
+d-i apt-setup/services-select multiselect security, updates
+d-i apt-setup/security_host string security.debian.org
+
+# Do not prompt for scanning of additional CDs
+apt-cdrom-setup apt-setup/cdrom/set-first boolean false
+apt-cdrom-setup apt-setup/cdrom/set-next boolean false
+apt-cdrom-setup apt-setup/cdrom/set-failed boolean false
+apt-cdrom-setup apt-setup/cdrom/set-double boolean false
+
+# Don't report statistics
+popularity-contest popularity-contest/participate boolean false
+
+### Partitioning
+d-i partman-auto/method string lvm
+
+# This makes partman automatically partition without confirmation.
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# Choose atomic partitioning recipes (all files in one partition)
+d-i partman-auto/choose_recipe select atomic
+# Use max space available for the new LVM volume
+d-i partman-auto-lvm/guided_size string max
+
+# Confirmation to write the lvm partitions
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+# Skip creation of a root account (normal user account will be able to
+# use sudo).
+d-i passwd/root-login boolean false
+# Alternatively, to skip creation of a normal user account.
+# d-i passwd/make-user boolean false
+
+# Root password, either in clear text
+#d-i passwd/root-password password root
+#d-i passwd/root-password-again password root
+# or encrypted using a crypt(3) hash.
+#d-i passwd/root-password-crypted password [crypt(3) hash]
+
+### Account setup
+d-i passwd/user-fullname string debian
+d-i passwd/user-uid string 1000
+d-i passwd/user-password password debian
+d-i passwd/user-password-again password debian
+d-i passwd/username string debian
+
+# The installer will warn about weak passwords. If you are sure you know
+# what you're doing and want to override it, uncomment this.
+d-i user-setup/allow-password-weak boolean true
+d-i user-setup/encrypt-home boolean false
+
+### Package selection
+tasksel tasksel/first multiselect standard, ssh-server
+d-i pkgsel/include string openssh-server build-essential
+d-i pkgsel/upgrade select full-upgrade
+\ No newline at end of file
diff --git a/libvirt-haproxy.json b/libvirt-haproxy.json
@@ -0,0 +1,54 @@
+{
+ "variables": {
+ "manifest": "manifest.json",
+ "buildname": "haproxy"
+ },
+ "builders":
+ [
+ {
+ "type": "qemu",
+ "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.9.0-amd64-netinst.iso",
+ "iso_checksum": "file:https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS",
+ "output_directory": "{{user `buildname`}}",
+ "shutdown_command": "echo 'debian' | sudo -S shutdown -P now",
+ "disk_size": "14000",
+ "memory": "1024",
+ "format": "qcow2",
+ "accelerator": "kvm",
+ "http_directory": "config",
+ "ssh_username": "debian",
+ "ssh_password": "debian",
+ "ssh_timeout": "15m",
+ "vm_name": "{{user `buildname`}}.qcow2",
+ "net_device": "virtio-net",
+ "disk_interface": "virtio",
+ "boot_wait": "5s",
+ "boot_command": [
+ "<esc><wait>",
+ "install <wait>",
+ " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
+ "debian-installer=en_US.UTF-8 <wait>",
+ "auto <wait>",
+ "locale=en_US.UTF-8 <wait>",
+ "kbd-chooser/method=us <wait>",
+ "keyboard-configuration/xkb-keymap=us <wait>",
+ "netcfg/get_hostname={{ .Name }} <wait>",
+ "netcfg/get_domain=libvirt <wait>",
+ "fb=false <wait>",
+ "debconf/frontend=noninteractive <wait>",
+ "console-setup/ask_detect=false <wait>",
+ "console-keymaps-at/keymap=us <wait>",
+ "grub-installer/bootdev=/dev/sda <wait>",
+ "<enter><wait>"
+ ]
+ }
+ ],
+ "provisioners": [
+ {
+ "type": "shell",
+ "script": "scripts/haproxy-okd.sh",
+ "environment_vars": [
+ ]
+ }
+ ]
+}
diff --git a/scripts/haproxy-okd.sh b/scripts/haproxy-okd.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o xtrace
+
+# install haproxy
+echo 'debian' | sudo -S apt-get install -y haproxy socat rsyslog
+
+CHROOT=/var/lib/haproxy
+
+# haproxy log to syslog for haproxy < v1.9
+# https://www.haproxy.com/blog/introduction-to-haproxy-logging
+sudo mkdir -p "$CHROOT/dev/"
+sudo touch "$CHROOT/dev/log"
+sudo mount --bind /dev/log "$CHROOT/dev/log"
+echo "/dev/log /var/lib/haproxy/dev/log none bind" | sudo -S tee -a /etc/fstab
+
+sudo tee /etc/rsyslog.d/49-haproxy.conf <<'EOF'
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+$AddUnixListenSocket /var/lib/haproxy/dev/log
+EOF
+
+sudo tee /etc/haproxy/haproxy.cfg <<EOF
+global
+# # log to rsyslog udp
+# log 127.0.0.1 local0
+# # log to stdout/stderr (in effect, journald) for haproxy >= v1.9
+# # https://www.haproxy.com/blog/introduction-to-haproxy-logging
+# log stderr format short local0 debug
+ log /dev/log local0
+ maxconn 20000
+ user haproxy
+ chroot /var/lib/haproxy
+ pidfile /run/haproxy.pid
+ stats socket /run/haproxy/admin.sock mode 660
+ daemon # Makes the process fork into background.
+ # This option is ignored in systemd mode.
+
+defaults
+ log global
+ maxconn 8000
+ # close backend server connections,
+ # but keep-alive client connections
+ option http-server-close
+ # don't try longer than 5s to connect to backend servers
+ timeout connect 5s
+ # wait 5s for the backend servers to respond,
+ # for instance, until they send headers
+ timeout server 5s
+ # wait 5s for the client to respond
+ timeout client 5s
+ # timeout to use with websockets
+ # overrides, server and client timeout
+ timeout tunnel 2h
+ # remove clients not acknowledging
+ # a server-initiated close after 30s
+ timeout client-fin 30s
+
+listen stats
+ bind :9000
+ mode http
+ stats enable
+ stats uri /
+
+frontend kubernetes_api
+ bind :6443
+ default_backend kubernetes_api_backend
+ mode tcp
+ option tcplog
+backend kubernetes_api_backend
+ balance source
+ mode tcp
+ server bootstrap okd-bootstrap:6443 check check-ssl verify none
+ server master-01 okd-master-01:6443 check check-ssl verify none
+ server master-02 okd-master-02:6443 check check-ssl verify none
+ server master-03 okd-master-03:6443 check check-ssl verify none
+
+frontend machine_config_server
+ bind :22623
+ default_backend machine_config_server_backend
+ mode tcp
+ option tcplog
+backend machine_config_server_backend
+ balance source
+ mode tcp
+ server bootstrap okd-bootstrap:22623 check check-ssl verify none
+ server master-01 okd-master-01:22623 check check-ssl verify none
+ server master-02 okd-master-02:22623 check check-ssl verify none
+ server master-03 okd-master-03:22623 check check-ssl verify none
+
+frontend http_ingress
+ bind :80
+ default_backend http_ingress_backend
+ mode tcp
+ option tcplog
+backend http_ingress_backend
+ balance source
+ mode tcp
+ # use worker/compute nodes, if you have any
+ server master-01 okd-master-01:80 check
+ server master-02 okd-master-02:80 check
+ server master-03 okd-master-03:80 check
+
+frontend https_ingress
+ bind :443
+ default_backend http_ingress_backend
+ mode tcp
+ option tcplog
+backend https_ingress_backend
+ balance source
+ mode tcp
+ # use worker/compute nodes, if you have any
+ server master-01 okd-master-01:443 check check-ssl verify none
+ server master-02 okd-master-02:443 check check-ssl verify none
+ server master-03 okd-master-03:443 check check-ssl verify none
+EOF
