From f81d7865f1a398b1f9f1d10ff62c2addf9f1933f Mon Sep 17 00:00:00 2001
From: fix <fix@xfx1.de>
Date: Tue, 14 Nov 2023 12:19:38 +0100
Subject: [PATCH] WIP

---
 ansible-runtime/Dockerfile       | 17 ++++---
 ansible-runtime/requirements.txt |  6 ++-
 ansible/haproxy.cfg.template     | 31 ++++++++++++
 ansible/inventory.yaml           |  3 +-
 ansible/playbook.yaml            | 83 ++++++++++++++++++++++++++++++++
 5 files changed, 131 insertions(+), 9 deletions(-)
 create mode 100644 ansible/haproxy.cfg.template
 create mode 100644 ansible/playbook.yaml

diff --git a/ansible-runtime/Dockerfile b/ansible-runtime/Dockerfile
index 6823b50..7d120ce 100644
--- a/ansible-runtime/Dockerfile
+++ b/ansible-runtime/Dockerfile
@@ -1,15 +1,18 @@
 
-FROM python:3.11
+FROM python:3.11-alpine as base
 ARG UID=1000
 ENV UID=${UID}
+ARG DOCKER_GID
+ENV DOCKER_GID=${DOCKER_GID:-972}
 
 ADD requirements.txt /requirements.txt
 
-RUN useradd -u ${UID} user
+# RUN --mount=type=cache,target=/var/cache apk update
+RUN --mount=type=cache,target=/var/cache pip --cache-dir=/var/cache/pip install -r /requirements.txt
 
+FROM base as runtime
+RUN addgroup -g ${DOCKER_GID} docker && adduser -G docker -Du ${UID} user
+
+WORKDIR /home/user 
 USER user
-WORKDIR /home/user
-RUN --mount=type=cache,target=/home/user/.cache/pip pip install -r /requirements.txt
-ENV PATH="${PATH}:/home/user/.local/bin"
-
-ENTRYPOINT ["/bin/bash"]
+ENTRYPOINT ["/bin/ash"]
diff --git a/ansible-runtime/requirements.txt b/ansible-runtime/requirements.txt
index fd4194a..2f7c711 100644
--- a/ansible-runtime/requirements.txt
+++ b/ansible-runtime/requirements.txt
@@ -1,2 +1,6 @@
 ansible==8.6.1
-ansible-core==2.15.6
\ No newline at end of file
+ansible-core==2.15.6
+docker==6.1.3
+paramiko==3.3.1
+pyOpenSSL==23.3.0
+requests==2.31.0
diff --git a/ansible/haproxy.cfg.template b/ansible/haproxy.cfg.template
new file mode 100644
index 0000000..b05c804
--- /dev/null
+++ b/ansible/haproxy.cfg.template
@@ -0,0 +1,31 @@
+global
+    log stdout format raw local0 debug
+    # user haproxy
+    # group haproxy
+    daemon
+
+defaults
+    log global
+    mode http
+    option httplog
+    option dontlognull
+    timeout connect 5000
+    timeout client 50000
+    timeout server 50000
+
+frontend http_front
+    bind *:8443 ssl crt /usr/local/etc/haproxy/tls/certificate.pem
+
+    acl be_one path_beg /one
+    acl be_two path_beg /two
+
+    use_backend be_one if be_one
+    use_backend be_two if be_two
+
+backend be_one
+    mode http
+    server one http://one:8080/
+
+backend be_two
+    mode http
+    server two http://two:8080/
diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml
index 019bbb8..1aca5de 100644
--- a/ansible/inventory.yaml
+++ b/ansible/inventory.yaml
@@ -1,2 +1,3 @@
 docker_host:
-  localhost:
\ No newline at end of file
+  localhost:
+    ansible_host: 127.0.0.1
diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
new file mode 100644
index 0000000..3969803
--- /dev/null
+++ b/ansible/playbook.yaml
@@ -0,0 +1,83 @@
+---
+- name: generate fake cert
+  hosts: &hosts localhost
+  become: false
+  tasks:
+    # adopted from https://docs.ansible.com/ansible/latest/collections/community/crypto/docsite/guide_selfsigned.html
+    - name: ensure local cert dir exists
+      file:
+        path: /home/user/userlike/haproxy/tls
+        state: directory
+        mode: 0755
+        recurse: yes
+
+    - name: create private key
+      community.crypto.openssl_privatekey:
+        path: /home/user/userlike/haproxy/tls/certificate.pem.key
+        type: RSA
+
+    - name: create self-signed certificate
+      community.crypto.x509_certificate:
+        path: /home/user/userlike/haproxy/tls/certificate.pem
+        privatekey_path: /home/user/userlike/haproxy/tls/certificate.pem.key
+        provider: selfsigned
+
+- name: docker preparations
+  hosts: *hosts
+  tasks:
+    - name: set DOCKER_HOST env var
+      ansible.builtin.shell:
+        cmd: export DOCKER_HOST=unix:///var/run/docker.sock
+
+    - name: 'pull image {{ item }}'
+      community.docker.docker_image:
+        name: '{{ item }}'
+        state: present
+        source: pull
+      with_items:
+        - haproxy:lts-alpine
+        - nginx:1.23-alpine
+
+    - name: create network
+      community.docker.docker_network:
+        name: userlike
+
+- name: run haproxy container
+  hosts: *hosts
+  tasks:
+    - name: render haproxy config
+      ansible.builtin.template:
+        src: haproxy.cfg.template
+        dest: /home/user/userlike/haproxy/haproxy.cfg
+        mode: '0644'
+
+    - name: build container
+      community.docker.docker_container:
+        name: userlike-haproxy:local
+        build:
+          path: ./haproxy
+          
+        source: build
+    - name: run container
+      community.docker.docker_container:
+        name: userlike-haproxy
+        recreate: true
+        detach: true
+        image: haproxy:lts-alpine
+        networks:
+          - name: userlike
+        ports:
+          - '127.0.0.1:8080:8080'
+        volumes:
+          # has to be host directory
+          - /tmp/userlike/haproxy:/usr/local/etc/haproxy:ro
+
+# - name: run nginx containers
+#   hosts: *hosts
+#   tasks:
+#     - name: create config
+#     - name: pull container
+#     - name: create container
+#     - name: run container
+
+...
\ No newline at end of file