diff --git a/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml index c1c16c8..c98dea8 100644 --- a/roles/authentik/tasks/main.yml +++ b/roles/authentik/tasks/main.yml @@ -52,6 +52,14 @@ - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro env_file: /etc/authentik/.env restart_policy: unless-stopped + healthcheck: + test: ["CMD", "ak", "healthcheck"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + # TODO: enable after ansible update + # state: healthy loop: ["1", "2"] - name: Run authentik worker container become: true @@ -69,6 +77,14 @@ - authentik-certs:/certs env_file: /etc/authentik/.env restart_policy: unless-stopped + healthcheck: + test: ["CMD", "ak", "healthcheck"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + # TODO: enable after ansible update + # state: healthy - name: Run authentik LDAP outpost become: true community.docker.docker_container: @@ -85,4 +101,12 @@ AUTHENTIK_HOST: http://authentik-{{ item }}:9000 AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}" restart_policy: unless-stopped + healthcheck: + test: ["CMD", "/ldap", "healthcheck"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 5s + # TODO: enable after ansible update + # state: healthy loop: ["1", "2"] diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg index c4e6eed..1d6f036 100644 --- a/roles/haproxy/files/haproxy.cfg +++ b/roles/haproxy/files/haproxy.cfg @@ -181,11 +181,17 @@ backend peertube backend authentik mode http + option httpchk GET /-/health/live/ + http-check expect status 200 server s1 authentik-1:9000 check server s2 authentik-2:9000 check backend authentik_ldap mode tcp + option httpchk + http-check connect port 9300 + http-check send meth GET uri /outpost.goauthentik.io/ping + http-check expect status 204 server s1 authentik-ldap-1:3389 check server s2 authentik-ldap-2:3389 check