draft of formal ALB node storage drivers, alb_node_storage_* vars (#25)

defaults/main.yml

@@ -16,13 +16,6 @@ alb_forcedebug: no
 alb_forceredeploy: no # Ignore already made changes base on facts from /etc/ansible/fact.d/alb*.fact
 alb_bootstrap_canupdatesystem: yes
 
-# Instrumentation --------------------------------------------------------------
-alb_instrumentation_prefix_global: ".alb/" # When defined, internal requests that must be done via HTTP(S) will use this prefix, e.g. service.example.org/.alb/health-check
-# alb_instrumentation_healthcheck_token: "MySemiSecretToAllowRemoteChecking" # If defined, health checks will require this token on URL and will not enforce need of Basic Auth. Less secure
-# alb_instrumentation_healthcheck_noauthrequired: false
-alb_instrumentation_logging_access: false # Recommened leave this disabled. Log health checks on production can be pretty verbose
-alb_instrumentation_logging_errors: true  # Example of error: acessing /.alb/ folder using wrong path
-
 ### AP-ALB Components overview _________________________________________________
 # The defaults of v0.7.4+ will use: Apps, HAProxy, Logrotate, OpenResty
 # You can enable/disable components. Or explicity enforce on your configuration
@@ -58,6 +51,52 @@ alb_manange_ufw_repository: yes
 # alb_manange_openresty_install: yes    # We require manange OpenResty, this is not optional
 # alb_manange_openresty_repository: yes # We require manange OpenResty, this is not optional
 
+### AP-ALB Node storage ________________________________________________________
+## Note: this secton ONLY apply to internal storage of AP-ALB Nodes. Some groups
+##       of nodes can have different options
+
+# Each AP-ALB requires store variables on some place.
+# - 'file': default. Without customization, will store on local disk (and not work on clusterized mode)
+# - 'consul': recommended way to run on clustereized mode
+# - 'custom': direct access on how AP-ALB store it's data. We provide example to use Redis storage
+alb_node_storage_driver: "file"
+
+## AP-ALB Node storage: 'file' -------------------------------------------------
+# Requires: `alb_node_storage_driver: "file"`
+
+# If you use a directory different than /etc/resty-auto-ssl, please create it
+# before enable AP-ALB. You may use this option to point to a shared storage,
+# like GlusterFS
+alb_node_storage_file_luarestautosl_dir: "/etc/resty-auto-ssl"
+
+## AP-ALB Node storage: 'consul' -----------------------------------------------
+# Requires: `alb_node_storage_driver: "consul"`
+
+alb_node_storage_consul_port: 8500
+alb_node_storage_consul_host: 127.0.0.1
+alb_node_storage_consul_connect_timeout: '60s'
+alb_node_storage_consul_read_timeout: '60s'
+
+# As v0.8.6-alpha, we only use storge for Let's Encrypt keys. Here you can
+# change the prefix
+alb_node_storage_consul_luarestautossl_prefix: 'lua-resty-auto-ssl'
+
+## AP-ALB Node storage: 'custom' -----------------------------------------------
+# Requires: `alb_node_storage_driver: "consul"`
+alb_node_storage_custom_luarestautossl: |
+  --
+
+### AP-ALB Instrumentation _____________________________________________________
+# alb_instrumentation_prefix_global when defined, internal requests that must be
+# done via HTTP(S) will use this prefix, e.g.
+# service.example.org/.alb/health-check
+alb_instrumentation_prefix_global: ".alb/"
+
+# alb_instrumentation_healthcheck_token: "MySemiSecretToAllowRemoteChecking" # If defined, health checks will require this token on URL and will not enforce need of Basic Auth. Less secure
+# alb_instrumentation_healthcheck_noauthrequired: false
+alb_instrumentation_logging_access: false # Recommened leave this disabled. Log health checks on production can be pretty verbose
+alb_instrumentation_logging_errors: true  # Example of error: acessing /.alb/ folder using wrong path
+
 ### AP-ALB Components: shared options __________________________________________
 # Some variables are used on more than one ALB component by default for avoiding
 # some repetitive work (...)

tasks/sysapps/sysapps.yml

@@ -17,6 +17,7 @@
     alb_internal_sysapps: "{{ alb_sysapps_alb + alb_internal_sysapps }}"
   when:
     - (alb_sysapps_alb_file is defined and alb_sysapps_alb_file)
+    - (alb_sysapps_alb is defined and alb_sysapps_alb[0] is defined)
 
 - name: "sysapps | /etc/ansible/facts.d/alb_sysapps.fact"
   template:

vars/apps/alb-opinionated-sysapps.yml

@@ -53,7 +53,15 @@
 # ---------------------------------------------------------------------------- #
 
 alb_sysapps_alb:
+
   - app_uid: "_haproxy"
     app_domain: "haproxy.{{ ansible_host }}"
     app_alb_strategy: "proxy"
-    app_alb_proxy: "http://127.0.0.1:{{ alb_haproxy_stats_port }}"
+    app_alb_proxy: "http://127.0.0.1:{{ alb_haproxy_stats_port }}"
+    app_state: present
+
+  - app_uid: "_consul"
+    app_domain: "consul.{{ ansible_host }}"
+    app_alb_strategy: "proxy"
+    app_alb_proxy: "http://127.0.0.1:8500"
+    app_state: "{{ alb_internal_node_storage_driver == 'consul' }}"

vars/main.yml

@@ -17,15 +17,33 @@ alb_openresty_x_served_by_enabled: yes
 alb_openresty_stub_status: "{{ alb_forcedebug }}"
 alb_openresty_stub_status_location: "/openresty_status"
 
-alb_internal_apps: "{{ (alb_apps_always | default([])) + (alb_apps | default([])) }}"
+# alb_internal_apps: "{{ (alb_apps_always | default([])) + (alb_apps | default([])) }}"
+alb_internal_apps: "{{
+                      ((alb_apps_always is defined and alb_apps_always[0] is defined) | ternary(alb_apps_always, []))
+                      + ((alb_apps is defined and alb_apps[0] is defined) | ternary(alb_apps, []))
+                    }}"
 # alb_internal_sysapps: "{{ (alb_sysapps_always | default([])) + (alb_sysapps | default([])) }}"
-alb_internal_sysapps: "{{ (alb_sysapps_alb | default([])) + (alb_sysapps_always | default([])) + (alb_sysapps | default([])) }}"
+# alb_internal_sysapps: "{{ ((alb_sysapps_always | default([])) + (alb_sysapps | default([]))) }}"
+alb_internal_sysapps: "{{
+                        ((alb_sysapps_alb is defined and alb_sysapps_alb[0] is defined) | ternary(alb_sysapps_alb, []))
+                        + ((alb_sysapps_always is defined and alb_sysapps_always[0] is defined) | ternary(alb_sysapps_always, []))
+                        + ((alb_sysapps is defined and alb_sysapps[0] is defined) | ternary(alb_sysapps, []))
+                      }}"
 # Note about alb_sysapps_alb: if the alb_sysapps_alb_file variables exist, and
 # pont to {{ role_path }}/vars/apps/alb-opinionated-sysapps.yml, your values
 # will be ignored.
 
-### ALB Instrumentation ________________________________________________________
-alb_internal_instrumentation_prefix_global: "{{ (alb_instrumentation_prefix_global | default('') }}"
+### AP-ALB Storage for internal usage of AP-ALB ________________________________
+alb_internal_node_storage_driver: "{{ alb_node_storage_driver | default('file')}}"
+
+alb_node_storage_file_luarestautosl_dir: "{{ (alb_node_storage_driver == 'file') | ternary(alb_node_storage_file_luarestautosl_dir, false) }}"
+
+alb_internal_node_consul_port: "{{ alb_node_storage_consul_port | default('8500') }}"
+alb_internal_node_consul_host: "{{ alb_node_storage_consul_host | default('127.0.0.1') }}"
+alb_internal_node_file_luarestautosl_dir: "{{ alb_node_storage_file_luarestautosl_dir | default(null) }}" ## auto_ssl:set("dir", "/etc/resty-auto-ssl"), see https://github.com/GUI/lua-resty-auto-ssl#dir
+
+### AP-ALB Instrumentation ________________________________________________________
+alb_internal_instrumentation_prefix_global: "{{ alb_instrumentation_prefix_global | default('') }}"
 alb_internal_instrumentation_healthcheck_token: "{{ (alb_instrumentation_healthcheck_token is defined and alb_instrumentation_healthcheck_token | ternary('/' + alb_instrumentation_healthcheck_token + '/', '') }}"
 # alb_instrumentation_healthcheck_token: MySemiSecretToAllowRemoteChecking
 alb_internal_healthcheck_prefix: "{{ alb_internal_instrumentation_prefix_global }}health-check{{ alb_internal_instrumentation_healthcheck_token }}"