Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why HAPROXY_DOMAIN ? #18

Open
auguster opened this issue Nov 5, 2015 · 5 comments
Open

Why HAPROXY_DOMAIN ? #18

auguster opened this issue Nov 5, 2015 · 5 comments

Comments

@auguster
Copy link

auguster commented Nov 5, 2015

I've been using haproxy-consul for some weeks now and I still don't get the requirement of specifying the HAPROXY_DOMAIN environment variable for consul use.

Wouldn't it be easier to just define the acl in the tmpl file like this:

acl host_{{ .Name }} hdr(host) -m beg {{ .Name }}.
use_backend {{ .Name }}_backend if host_{{ .Name }}

Notice the dot following the second occurrence of {{ .Name }}. It is here to ensure that services don't get confused (for example "mail" and "mailinglist").

I'm not sure though how this would work on the marathon counterpart but I don't believe HAPROXY_DOMAIN should be a requirement for at least consul.

I went even further and extended the tmpl file for multiple domains use, using consul's tags for storing the domains under the form <domain>_<tld>.

Here are the relevant parts:

# Generated automatically by consul-template

#tagged services, tag is use for domain information
{{ range $tag, $services := services | byTag }}
{{ range $services}}
    acl host_{{ .Name }}_{{ $tag}} hdr(host) -i {{ .Name }}.{{ $tag |replaceAll "_" "." }} 
    use_backend {{ .Name }}_{{$tag}}_backend if host_{{ .Name }}_{{ $tag }}
{{ end }}
{{ end }}

#not tagged services, the url starting part is used
{{range services}}{{if eq (.Tags |len) 0 }}
    acl host_{{ .Name }} hdr(host) -m beg {{ .Name }}.
    use_backend {{ .Name }}_backend if host_{{ .Name }}
{{ end }}{{ end }}

#backend definition for tagged services
{{ range $tag, $services := services | byTag }}{{range $services}}
backend {{ .Name }}_{{$tag}}_backend{{ range service (print $tag "." .Name) }}
   server {{ .Node }} {{ .Address }}:{{ .Port }}{{ end }}
{{ end }}{{ end }}

#backend definition for untagged services
{{ range services }}{{ if eq (.Tags |len) 0 }}
backend {{ .Name }}_backend{{ range service .Name }}
   server {{ .Node }} {{ .Address }}:{{ .Port }}{{ end }}
{{ end }}{{ end }}

There is a lot of room for improvement ;-)
@auguster
Copy link
Author

auguster commented Nov 5, 2015

By the way, the byTag requires consul-template version 0.9.0 or more. I upgraded the Dockerfile, works great.

@stevendborrelli
Copy link
Contributor

That is pretty cool.

We used the HAPROXY_DOMAIN for simplicity of deployment. By changing the var and restarting the container we could easily move cluster DNS suffixes.

@auguster
Copy link
Author

auguster commented Nov 5, 2015

I see, but I feel that this domain information should come from consul itself.
When consul supports metadata as mentioned in http://gliderlabs.com/registrator/latest/user/services/ (Attrs field) it will be really easy to do.

I'm not sure that you need a DNS suffix anyway, it doesn't really add security.

@stevendborrelli
Copy link
Contributor

We use the DNS suffix for external traffic. First we create a wildcard dns like*.our-domain.com, and then set the HAPROXY_DOMAIN variable to "our-domain.com"

@auguster
Copy link
Author

auguster commented Nov 6, 2015

That's also what I did :)

@auguster auguster mentioned this issue Jun 12, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevendborrelli @auguster