I try to start docker containers with traefik labels. To create a traefik router for a container you have to put some labels like this.
app_names:
- tower01
- tower02
docker_labels:
awx_web:
traefik.enable: "true"
traefik.http.routers.{{ app_name }}.entrypoints: "http"
traefik.http.routers.{{ app_name }}.rule: "Host(`{{ app_server_fqdn }}`)"
traefik.http.routers.{{ app_name }}.middlewares: "https-redirect@file"
traefik.http.routers.{{ app_name }}-sec.entrypoints: "https"
traefik.http.routers.{{ app_name }}-sec.rule: "Host(`{{ app_server_fqdn }}`)"
traefik.http.routers.{{ app_name }}-sec.tls: "true"
traefik.http.routers.{{ app_name }}-sec.tls.options: "myTLSOptions@file"
traefik.http.routers.{{ app_name }}-sec.tls.certresolver: "le"
traefik.http.routers.{{ app_name }}-sec.middlewares: "default-headers@file"
traefik.http.services.{{ app_name }}.loadbalancer.server.port: "8052"
com.centurylinklabs.watchtower.enable: "{{ autoupdate_container[loop_item] }}"
and use a task similar to this:
- name: "{{ app_name }} | create awx web container"
docker_container:
name: "{{ app_name }}-web"
hostname: "awxweb"
user: "root"
image: "ansible/awx_web:{{ docker_image[loop_item] | default('latest') }}"
env: "{{ docker_env[loop_item] | default(omit) }}"
networks: [ name: "{{ app_name }}" ]
purge_networks: true
volumes: "{{ docker_volumes[loop_item] | default(omit) }}"
restart_policy: "unless-stopped"
labels: "{{ docker_labels[loop_item] | default(omit) }}"
state: "{{ state | default('started') }}"
loop: "{{ app_names }}"
Of course the labels should be:
traefik.http.routers.tower01.entrypoints: "http"
traefik.http.routers.tower01.rule: "Host(`{{ app_server_fqdn }}`)"
traefik.http.routers.tower01.middlewares: "https-redirect@file"
traefik.http.routers.tower01-sec.entrypoints: "https"
traefik.http.routers.tower01-sec.rule: "Host(`{{ app_server_fqdn }}`)"
traefik.http.routers.tower01-sec.tls: "true"
traefik.http.routers.tower01-sec.tls.options: "myTLSOptions@file"
traefik.http.routers.tower01-sec.tls.certresolver: "le"
traefik.http.routers.tower01-sec.middlewares: "default-headers@file"
traefik.http.services.tower01.loadbalancer.server.port: "8052"
Nevertheless Ansible doesn't process the jinja variable in the key name.
Any idea?
You need to use a dictionary.
- name: Create Traefik labels's dictionary
set_fact:
my_labels: "{{ my_labels | default({}) | combine ({ item.key : item.value }) }}"
with_items:
- { 'key': 'traefik.enable' , 'value': 'true'}
- { 'key': 'traefik.http.routers.{{ app_name }}.entrypoints' , 'value': 'http'}
- { 'key': 'traefik.http.routers.{{ app_name }}.rule' , 'value': 'Host(`{{ app_server_fqdn }}`)'}
- { 'key': 'traefik.http.routers.{{ app_name }}.middlewares' , 'value': 'https-redirect@file'}
- ...
And use your new dictionary in docker_container:
- name: "{{ app_name }} | create awx web container"
docker_container:
name: "{{ app_name }}-web"
hostname: "awxweb"
user: "root"
image: "ansible/awx_web:{{ docker_image[loop_item] | default('latest') }}"
env: "{{ docker_env[loop_item] | default(omit) }}"
networks: [ name: "{{ app_name }}" ]
purge_networks: true
volumes: "{{ docker_volumes[loop_item] | default(omit) }}"
restart_policy: "unless-stopped"
labels: "{{ my_labels }}"
state: "{{ state | default('started') }}"
With your loop, you can create diffrent dictionary: https://www.middlewareinventory.com/blog/ansible-dict/
You can define container labels by providing vars to your docker_container task:
---
- hosts: localhost
gather_facts: false
vars:
app_server_fqdn: example.com
app_names:
- tower01
- tower02
tasks:
- debug:
msg: "{{ docker_labels }}"
loop: "{{ app_names }}"
vars:
docker_labels: >-
{{
{
"traefik.enable": "true",
"traefik.http.routers.{}.entrypoints".format(item): "http",
"traefik.http.routers.{}.rule".format(item): "Host(`{}`)".format(app_server_fqdn),
"traefik.http.routers.{}.middlewares".format(item): "https-redirect@file",
"traefik.http.routers.{}-sec.entrypoints".format(item): "https",
"traefik.http.routers.{}-sec.rule".format(item): "Host(`{}`)".format(app_server_fqdn),
"traefik.http.routers.{}-sec.tls".format(item): "true",
"traefik.http.routers.{}-sec.tls.options".format(item): "myTLSOptions@file",
"traefik.http.routers.{}-sec.tls.certresolver".format(item): "le",
"traefik.http.routers.{}-sec.middlewares".format(item): "default-headers@file",
"traefik.http.services.{}.loadbalancer.server.port".format(item): "8052"
}
}}
In this case you can use other filters (ternary for ex.) and more complex data for apps:
---
- hosts: localhost
gather_facts: false
vars:
app_server_fqdn: example.com
app_names:
- name: tower01
port: 8052
- name: tower02
port: 8053
- name: tower03
tasks:
- debug:
msg: "{{ docker_labels }}"
loop: "{{ app_names }}"
loop_control:
loop_var: app
label: "{{ app.name }}"
vars:
docker_labels: >-
{{
{
"traefik.enable": "true",
"traefik.http.routers.{}.entrypoints".format(app.name): "http",
"traefik.http.routers.{}.rule".format(app.name): "Host(`{}`)".format(app_server_fqdn),
"traefik.http.routers.{}.middlewares".format(app.name): "https-redirect@file",
"traefik.http.routers.{}-sec.entrypoints".format(app.name): "https",
"traefik.http.routers.{}-sec.rule".format(app.name): "Host(`{}`)".format(app_server_fqdn),
"traefik.http.routers.{}-sec.tls".format(app.name): "true",
"traefik.http.routers.{}-sec.tls.options".format(app.name): "myTLSOptions@file",
"traefik.http.routers.{}-sec.tls.certresolver".format(app.name): "le",
"traefik.http.routers.{}-sec.middlewares".format(app.name): "default-headers@file"
} | combine(
(app.port is defined) | ternary(
{'traefik.http.services.{}.loadbalancer.server.port'.format(app.name): app.port}, {}
)
)
}}
Result:
TASK [debug] ********************************************************************************************************************************************************************************************************************
ok: [localhost] => (item=tower01) =>
msg:
traefik.enable: 'true'
traefik.http.routers.tower01-sec.entrypoints: https
traefik.http.routers.tower01-sec.middlewares: default-headers@file
traefik.http.routers.tower01-sec.rule: Host(`example.com`)
traefik.http.routers.tower01-sec.tls: 'true'
traefik.http.routers.tower01-sec.tls.certresolver: le
traefik.http.routers.tower01-sec.tls.options: myTLSOptions@file
traefik.http.routers.tower01.entrypoints: http
traefik.http.routers.tower01.middlewares: https-redirect@file
traefik.http.routers.tower01.rule: Host(`example.com`)
traefik.http.services.tower01.loadbalancer.server.port: 8052
ok: [localhost] => (item=tower02) =>
msg:
traefik.enable: 'true'
traefik.http.routers.tower02-sec.entrypoints: https
traefik.http.routers.tower02-sec.middlewares: default-headers@file
traefik.http.routers.tower02-sec.rule: Host(`example.com`)
traefik.http.routers.tower02-sec.tls: 'true'
traefik.http.routers.tower02-sec.tls.certresolver: le
traefik.http.routers.tower02-sec.tls.options: myTLSOptions@file
traefik.http.routers.tower02.entrypoints: http
traefik.http.routers.tower02.middlewares: https-redirect@file
traefik.http.routers.tower02.rule: Host(`example.com`)
traefik.http.services.tower02.loadbalancer.server.port: 8053
ok: [localhost] => (item=tower03) =>
msg:
traefik.enable: 'true'
traefik.http.routers.tower03-sec.entrypoints: https
traefik.http.routers.tower03-sec.middlewares: default-headers@file
traefik.http.routers.tower03-sec.rule: Host(`example.com`)
traefik.http.routers.tower03-sec.tls: 'true'
traefik.http.routers.tower03-sec.tls.certresolver: le
traefik.http.routers.tower03-sec.tls.options: myTLSOptions@file
traefik.http.routers.tower03.entrypoints: http
traefik.http.routers.tower03.middlewares: https-redirect@file
traefik.http.routers.tower03.rule: Host(`example.com`)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.