WIP

ansible-runtime/Dockerfile

@@ -1,15 +1,18 @@
 
-FROM python:3.11
+FROM python:3.11-alpine as base
 ARG UID=1000
 ENV UID=${UID}
+ARG DOCKER_GID
+ENV DOCKER_GID=${DOCKER_GID:-972}
 
 ADD requirements.txt /requirements.txt
 
-RUN useradd -u ${UID} user
+# RUN --mount=type=cache,target=/var/cache apk update
+RUN --mount=type=cache,target=/var/cache pip --cache-dir=/var/cache/pip install -r /requirements.txt
 
+FROM base as runtime
+RUN addgroup -g ${DOCKER_GID} docker && adduser -G docker -Du ${UID} user
+
+WORKDIR /home/user 
 USER user
-WORKDIR /home/user
-RUN --mount=type=cache,target=/home/user/.cache/pip pip install -r /requirements.txt
-ENV PATH="${PATH}:/home/user/.local/bin"
-
-ENTRYPOINT ["/bin/bash"]
+ENTRYPOINT ["/bin/ash"]

ansible-runtime/requirements.txt

@@ -1,2 +1,6 @@
 ansible==8.6.1
-ansible-core==2.15.6
+ansible-core==2.15.6
+docker==6.1.3
+paramiko==3.3.1
+pyOpenSSL==23.3.0
+requests==2.31.0

ansible/haproxy.cfg.template

@@ -0,0 +1,31 @@
+global
+    log stdout format raw local0 debug
+    # user haproxy
+    # group haproxy
+    daemon
+
+defaults
+    log global
+    mode http
+    option httplog
+    option dontlognull
+    timeout connect 5000
+    timeout client 50000
+    timeout server 50000
+
+frontend http_front
+    bind *:8443 ssl crt /usr/local/etc/haproxy/tls/certificate.pem
+
+    acl be_one path_beg /one
+    acl be_two path_beg /two
+
+    use_backend be_one if be_one
+    use_backend be_two if be_two
+
+backend be_one
+    mode http
+    server one http://one:8080/
+
+backend be_two
+    mode http
+    server two http://two:8080/

ansible/inventory.yaml

@@ -1,2 +1,3 @@
 docker_host:
-  localhost:
+  localhost:
+    ansible_host: 127.0.0.1

ansible/playbook.yaml

@@ -0,0 +1,83 @@
+---
+- name: generate fake cert
+  hosts: &hosts localhost
+  become: false
+  tasks:
+    # adopted from https://docs.ansible.com/ansible/latest/collections/community/crypto/docsite/guide_selfsigned.html
+    - name: ensure local cert dir exists
+      file:
+        path: /home/user/userlike/haproxy/tls
+        state: directory
+        mode: 0755
+        recurse: yes
+
+    - name: create private key
+      community.crypto.openssl_privatekey:
+        path: /home/user/userlike/haproxy/tls/certificate.pem.key
+        type: RSA
+
+    - name: create self-signed certificate
+      community.crypto.x509_certificate:
+        path: /home/user/userlike/haproxy/tls/certificate.pem
+        privatekey_path: /home/user/userlike/haproxy/tls/certificate.pem.key
+        provider: selfsigned
+
+- name: docker preparations
+  hosts: *hosts
+  tasks:
+    - name: set DOCKER_HOST env var
+      ansible.builtin.shell:
+        cmd: export DOCKER_HOST=unix:///var/run/docker.sock
+
+    - name: 'pull image {{ item }}'
+      community.docker.docker_image:
+        name: '{{ item }}'
+        state: present
+        source: pull
+      with_items:
+        - haproxy:lts-alpine
+        - nginx:1.23-alpine
+
+    - name: create network
+      community.docker.docker_network:
+        name: userlike
+
+- name: run haproxy container
+  hosts: *hosts
+  tasks:
+    - name: render haproxy config
+      ansible.builtin.template:
+        src: haproxy.cfg.template
+        dest: /home/user/userlike/haproxy/haproxy.cfg
+        mode: '0644'
+
+    - name: build container
+      community.docker.docker_container:
+        name: userlike-haproxy:local
+        build:
+          path: ./haproxy
+          
+        source: build
+    - name: run container
+      community.docker.docker_container:
+        name: userlike-haproxy
+        recreate: true
+        detach: true
+        image: haproxy:lts-alpine
+        networks:
+          - name: userlike
+        ports:
+          - '127.0.0.1:8080:8080'
+        volumes:
+          # has to be host directory
+          - /tmp/userlike/haproxy:/usr/local/etc/haproxy:ro
+
+# - name: run nginx containers
+#   hosts: *hosts
+#   tasks:
+#     - name: create config
+#     - name: pull container
+#     - name: create container
+#     - name: run container
+
+...