Remove matrix_playbook_traefik_role_enabled variable and devture-traefik references
The variable was necessary when multiple playbooks could have potentially tried to manage a shared `devture-traefik.serivce` systemd service and shared `/devture-traefik` directory. Since adcc6d9723086f65f1a72, we use our own `/matrix/traefik` (`matrix-traefik.service`) installation and no conflicts can arise. It's safe to always enable the role, just like we do with all the other roles.
This commit is contained in:
parent
adcc6d9723
commit
30f1034767
@ -223,9 +223,9 @@ devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
|
||||
|
||||
You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
|
||||
|
||||
Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/devture-traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
|
||||
Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/matrix/traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
|
||||
|
||||
**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/devture-traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
|
||||
**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/matrix/traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
|
||||
|
||||
Treafik directly reverse-proxies to **some** services right now, but for most other services it goes through `matrix-nginx-proxy` (e.g. Traefik -> `matrix-nginx-proxy` -> [Ntfy](docs/configuring-playbook-ntfy.md)). So, even if you opt into Traefik, you'll still see `matrix-nginx-proxy` being installed in local-only mode. This will improve with time.
|
||||
|
||||
|
@ -54,7 +54,7 @@ devture_traefik_ssl_dir_enabled: true
|
||||
|
||||
# Tell Traefik to load our custom configuration file (certificates.yml).
|
||||
# The file is created below, in `matrix_aux_file_definitions`.
|
||||
# The `/config/..` path is an in-container path, not a path on the host (like `/devture-traefik/config`). Do not change it!
|
||||
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
||||
devture_traefik_configuration_extension_yaml: |
|
||||
providers:
|
||||
file:
|
||||
@ -85,7 +85,7 @@ matrix_aux_file_definitions:
|
||||
# HERE
|
||||
|
||||
# Create the custom Traefik configuration.
|
||||
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`devture-traefik/ssl/..`). Do not change them!
|
||||
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
|
||||
- dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
|
||||
content: |
|
||||
tls:
|
||||
|
@ -19,23 +19,9 @@
|
||||
# Also see `devture_docker_sdk_for_python_installation_enabled`.
|
||||
matrix_playbook_docker_installation_enabled: true
|
||||
|
||||
# Controls whether to run the Traefik role or not
|
||||
# See the `com.devture.ansible.role.traefik` section below for role configuration.
|
||||
#
|
||||
# There's a difference between `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
|
||||
# `devture_traefik_enabled` controls what the Traefik role would do - when not enabled, it will run uninstall tasks, etc.
|
||||
# `matrix_playbook_traefik_role_enabled` controls if the Traefik role would even run at all.
|
||||
#
|
||||
# Sometimes, you're installing Traefik via a different (related playbook) which uses the same role.
|
||||
# In such cases, you'd like to disable the role in this playbook from bothering with Traefik at all (`matrix_playbook_traefik_role_enabled: false`).
|
||||
# If you used `devture_traefik_enabled: false` + `matrix_playbook_traefik_role_enabled: true` instead, you'd see the Treafik role here
|
||||
# try to delete Traefik data (`/devture-traefik`) installed by the other playbook.
|
||||
matrix_playbook_traefik_role_enabled: "{{ matrix_playbook_reverse_proxy_type != 'other-traefik-container' }}"
|
||||
|
||||
# Controls whether to attach Traefik labels to services.
|
||||
# This is separate from `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`,
|
||||
# because you may wish to disable Traefik installation by the playbook, yet still use Traefik
|
||||
# installed in another way.
|
||||
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
|
||||
# yet still use Traefik installed in another way.
|
||||
matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
||||
|
||||
# Controls the additional network that reverse-proxyable services will be connected to.
|
||||
@ -3854,8 +3840,6 @@ devture_container_socket_proxy_api_containers_enabled: true
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# To completely disable the Traefik role from running, use `matrix_playbook_traefik_role_enabled: false`.
|
||||
# See the comment there for more details about why we have both `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
|
||||
devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
|
||||
|
||||
devture_traefik_identifier: matrix-traefik
|
||||
|
@ -121,8 +121,7 @@
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.container_socket_proxy
|
||||
|
||||
- when: matrix_playbook_traefik_role_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.traefik
|
||||
- role: galaxy/com.devture.ansible.role.traefik
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.traefik_certs_dumper
|
||||
|
||||
|
@ -284,7 +284,7 @@ matrix_homeserver_app_service_config_files_auto: []
|
||||
# Valid options and a description of their behavior:
|
||||
#
|
||||
# - `playbook-managed-traefik`
|
||||
# - the playbook will install devture-traefik
|
||||
# - the playbook will run a managed Traefik instance (matrix-traefik)
|
||||
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
|
||||
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
|
||||
# - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working
|
||||
|
@ -12,7 +12,7 @@
|
||||
- setup-all
|
||||
- install-all
|
||||
|
||||
- when: matrix_playbook_traefik_role_enabled | bool
|
||||
- when: devture_traefik_enabled | bool
|
||||
block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/devture_traefik_to_matrix_traefik.yml"
|
||||
tags:
|
||||
|
@ -37,6 +37,7 @@
|
||||
- {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'}
|
||||
- {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'}
|
||||
- {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'}
|
||||
- {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'}
|
||||
|
||||
- name: (Deprecation) Catch and report matrix_postgres variables
|
||||
ansible.builtin.fail:
|
||||
|
Loading…
x
Reference in New Issue
Block a user