Disable server in haproxy before updating

This will reduce the number of errors for users. The experiments were carried out on immich, it is not so important.
2024-11-28 12:41:38 +05:00 · 2024-11-28 12:41:38 +05:00 · d3b27d3565
commit d3b27d3565
parent 1944a88df3
4 changed files with 45 additions and 18 deletions
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@ -1,7 +1,6 @@
 global
 	log /dev/stderr	local0 warning
-	user haproxy
-	group haproxy
+    stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin expose-fd listeners

 	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -48,6 +48,14 @@
    src: errors/{{ item }}.http
    dest: /etc/haproxy/errors/{{ item }}.http
  loop: [400, 403, 408, 500, 502, 503, 504]
+- name: Create haproxy socket dir
+  become: true
+  ansible.builtin.file:
+    path: /run/haproxy
+    state: directory
+    mode: "1750"
+    owner: "99"
+    group: "99"
 - name: Create haproxy container
  become: true
  community.docker.docker_container:
@ -57,6 +65,7 @@
      - name: haproxy
    volumes:
      - /etc/haproxy:/usr/local/etc/haproxy:ro
+      - /run/haproxy:/run/haproxy
    sysctls:
      net.ipv4.ip_unprivileged_port_start: 0
    ports:
--- a/roles/immich/tasks/main.yml
+++ b/roles/immich/tasks/main.yml
@ -33,22 +33,10 @@
  become: true
  community.docker.docker_volume:
    name: "immich-model-cache"
- name: Start immich server container
-  become: true
-  community.docker.docker_container:
-    name: immich-1
-    image: ghcr.io/immich-app/immich-server:{{ tag }}
-    env_file: /etc/immich/_data/immich.env
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /mnt/hdd/immich:/usr/src/app/upload
-      - /etc/immich/_data:/etc/immich
-    networks:
-      - name: haproxy
-      - name: immich
-      - name: postgresql
-    recreate: "{{ cfg.changed }}"
-    restart_policy: unless-stopped
+- include_tasks: start_server.yml
+  loop: [1]
+  loop_control:
+    loop_var: server_idx
 - name: Start immich machine learning container
  become: true
  community.docker.docker_container:
--- a/roles/immich/tasks/start_server.yml
+++ b/roles/immich/tasks/start_server.yml
@ -0,0 +1,31 @@
+---
+- name: Disable server in haproxy
+  become: true
+  community.general.haproxy:
+    socket: /run/haproxy/admin.sock
+    state: disabled
+    backend: immich
+    host: s{{ server_idx }}
+- name: Start immich server container
+  become: true
+  community.docker.docker_container:
+    name: immich-{{ server_idx }}
+    image: ghcr.io/immich-app/immich-server:{{ tag }}
+    env_file: /etc/immich/_data/immich.env
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /mnt/hdd/immich:/usr/src/app/upload
+      - /etc/immich/_data:/etc/immich
+    networks:
+      - name: haproxy
+      - name: immich
+      - name: postgresql
+    recreate: "{{ cfg.changed }}"
+    restart_policy: unless-stopped
+- name: Enable server in haproxy
+  become: true
+  community.general.haproxy:
+    socket: /run/haproxy/admin.sock
+    state: enabled
+    backend: immich
+    host: s{{ server_idx }}