Initial commit

.kitchen.yml

@@ -0,0 +1,61 @@
+---
+driver:
+  name: docker
+  use_sudo: false
+  privileged: true
+  require_chef_omnibus: false
+
+verifier:
+  name: inspec
+  inspec_tests:
+    - test/integration/traefik/inspec
+
+platforms:
+  - name: ubuntu-14.04
+     driver_config:
+     disable_upstart: false
+     image: ubuntu-upstart:14.04
+     run_command: /sbin/init
+     
+  - name: debian-9.4
+    driver_config:
+      run_command: /bin/systemd
+
+  - name: ubuntu-16.04
+    driver_config:
+      run_command: /sbin/init
+
+  - name: centos-7
+    driver_config:
+      run_command: /usr/lib/systemd/systemd
+
+provisioner:
+  name: salt_solo
+  #log_level: quiet
+  require_chef: false
+  formula: traefik
+  state_top:
+    base:
+      '*':
+        - traefik
+  pillars-from-files:
+    base.sls: pillar.example
+  pillars:
+    top.sls:
+      base:
+        '*':
+          - base
+          - traefik
+    traefik.sls:
+      traefik:
+        register: []
+        scripts: []
+
+suites:
+  - name: traefik-server
+    provisioner:
+      pillars:
+        traefik.sls:
+          traefik:
+            config:
+              server: True

.travis.yml

@@ -0,0 +1,16 @@
+sudo: required
+language: python
+services: 
+  - docker
+
+before_install:
+  - bundle install
+
+env:
+  matrix:
+    - INSTANCE: consul-server-ubuntu-1404
+    - INSTANCE: consul-server-ubuntu-1604
+    - INSTANCE: consul-server-centos-7
+
+script:
+  - bundle exec kitchen verify ${INSTANCE}

Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gem "test-kitchen"
+gem "kitchen-docker"
+gem "kitchen-salt"
+gem "kitchen-inspec"

LICENSE

@@ -0,0 +1,13 @@
+   Copyright (c) 2013-2015 Salt Stack Formulas
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.rst

@@ -0,0 +1,48 @@
+======
+fabio
+======
+
+.. note::
+
+    See the full `Salt Formulas installation and usage instructions
+    <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
+
+Available states
+================
+
+.. contents::
+    :local:
+
+``fabio``
+------------
+
+Installs and configures the fabio service.
+
+``fabio.install``
+------------------
+
+Downloads and installs the fabio binary file.
+
+``fabio.config``
+-----------------
+
+Provision the fabio configuration files and sources.
+
+``fabio.service``
+------------------
+
+Adds the fabio service startup configuration or script to an operating system.
+
+To start a service during Salt run and enable it at boot time, you need to set following Pillar:
+
+.. code:: yaml
+
+    fabio:
+      service: True
+
+``fabio-template``
+-------------------
+
+Installs and configures fabio template.
+
+.. vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want sts=4 sw=4 et

pillar.example

@@ -0,0 +1,15 @@
+fabio:
+  # Start Fabio
+  service: True
+
+  # Set user and group for Fabio config files and running service
+  user: fabio
+  group: fabio
+
+  config:
+    server: True
+    bind_addr: 0.0.0.0
+
+    enable_debug: True
+
+# vim: ft=yaml

test/integration/traefik/inspec/fabio_spec.rb

@@ -0,0 +1,4 @@
+describe service('fabio') do
+  it { should be_enabled }
+  it { should be_running }
+end

traefik/config.sls

@@ -0,0 +1,18 @@
+{%- from slspath + '/map.jinja' import traefik with context -%}
+
+traefik-config:
+  file.managed:
+    - name: {{ traefik.config_file }}
+    - source: salt://{{ slspath }}/files/traefik.toml
+    - context:
+        config: {{ traefik.config }}
+    - template: jinja
+    - user: {{ traefik.user}}
+    - group: {{ traefik.group }}
+    - mode: 0640
+    - require:
+      - user: traefik-user
+    {%- if traefik.service %}
+    - watch_in:
+      - service: traefik
+    {%- endif %}

traefik/defaults.yaml

@@ -0,0 +1,16 @@
+traefik:
+  version: 1.6.1
+  download_host: github.com
+
+  service: false
+
+  user: traefik
+  group: traefik
+
+  config_file: /etc/traefik/traefik.toml
+
+  config:
+    consul:
+      endpoint: localhost:8500
+      watch: True
+      prefix: traefik

traefik/files/traefik.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=traefik
+Wants=network.target
+After=network.target
+
+[Service]
+EnvironmentFile=-/etc/{% if grains['os_family'] == 'Debian' %}default{% else %}sysconfig{% endif %}/traefik
+ExecStart=/usr/local/bin/traefik -cfg {{ config_file }}
+ExecReload=/bin/kill -HUP $MAINPID
+User={{ user }}
+Group={{ group }}
+Restart=on-failure
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+SecureBits=keep-caps
+NoNewPrivileges=yes
+KillSignal=TERM
+
+[Install]
+WantedBy=multi-user.target

traefik/files/traefik.sysvinit

@@ -0,0 +1,196 @@
+#!/bin/bash
+#
+# traefik        Manage the traefik agent
+#       
+# chkconfig:   2345 95 95
+# description: traefik is a tool for service discovery and configuration
+# processname: traefik
+# config: /etc/traefik.conf
+# pidfile: /var/run/traefik.pid
+
+### BEGIN INIT INFO
+# Provides:       traefik
+# Required-Start: $local_fs $network
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: Manage the traefik agent
+# Description: traefik is a tool for service discovery and configuration
+### END INIT INFO
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+prog="traefik"
+exec="/usr/local/bin/$prog"
+pidfile="/var/run/$prog.pid"
+lockfile="/var/lock/subsys/$prog"
+logfile="/var/log/$prog"
+confdir="/etc/traefik.d"
+
+# pull in sysconfig settings
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+user=${TRAEFIK_USER:-traefik}
+group=${TRAEFIK_GROUP:-traefik}
+
+export GOMAXPROCS=${GOMAXPROCS:-2}
+
+start() {
+    [ -x $exec ] || exit 5
+    
+    [ -d $confdir ] || exit 6
+
+    umask 077
+
+    touch $logfile $pidfile
+    chown "$user:$group" $logfile $pidfile
+
+    echo -n $"Starting $prog: "
+    
+    ## holy shell shenanigans, batman!
+    ## daemon can't be backgrounded.  we need the pid of the spawned process,
+    ## which is actually done via runuser thanks to --user.
+    ## you can't do "cmd &; action" but you can do "{cmd &}; action".
+    ## traefik 0.2.1 added -pid-file; although the following creates $pidfile
+    ## owned by traefik:traefik, using -pid-file results in a permission error.
+    daemon \
+        --pidfile=$pidfile \
+        --user="$user" \
+        " { $exec agent -config-dir=$confdir &>> $logfile & } ; echo \$! >| $pidfile "
+    
+    RETVAL=$?
+    echo
+    
+    [ $RETVAL -eq 0 ] && touch $lockfile
+    
+    echo -n $"Waiting for traefik ready: "
+    
+    ## wait up to 60s for the rpc port to become listened-upon
+    ## traefik 0.2.1 got much slower to start!
+    count=0
+    ready=0
+    pid=$( cat ${pidfile} )
+    while checkpid ${pid} && [ $count -lt 60 ] && [ $ready -ne 1 ]; do
+        count=$(( count + 1 ))
+        
+        if netstat -lptn | egrep -q ":8400.*LISTEN +${pid}/" ; then
+            ready=1
+        else
+            sleep 1
+        fi
+    done
+    
+    if [ $ready -eq 1 ]; then
+        RETVAL=0
+        success
+    else
+        RETVAL=1
+        failure
+    fi
+    
+    echo    
+    return $RETVAL
+}
+
+stop() {
+    echo -n $"Shutting down $prog: "
+    
+    ## graceful shutdown with leave
+    $exec leave &> /dev/null
+    RETVAL=$?
+    
+    ## wait up to 10s for the daemon to exit
+    if [ $RETVAL -eq 0 ]; then
+        count=0
+        stopped=0
+        pid=$( cat ${pidfile} )
+        while [ $count -lt 10 ] && [ $stopped -ne 1 ]; do
+            count=$(( count + 1 ))
+            
+            if ! checkpid ${pid} ; then
+                stopped=1
+            else
+                sleep 1
+            fi
+        done
+        
+        if [ $stopped -ne 1 ]; then
+            RETVAL=125
+        fi
+    fi
+    
+    if [ $RETVAL -eq 0 ]; then
+        success
+        rm -f $lockfile $pidfile
+    else
+        failure
+    fi
+
+    echo
+    return $RETVAL
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    echo -n $"Reloading $prog: "
+    killproc -p $pidfile $exec -HUP
+    echo
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status -p "$pidfile" -l $prog $exec
+    
+    RETVAL=$?
+    
+    [ $RETVAL -eq 0 ] && $exec members
+    
+    return $RETVAL
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
+esac
+
+exit $?

traefik/files/traefik.toml

@@ -0,0 +1,5 @@
+{% for section in config -%}
+{% for key, val in section.iteritems() -%}
+{{ key }} = {{ val }}
+{% endfor -%}
+{% endfor -%}

traefik/files/traefik.upstart

@@ -0,0 +1,25 @@
+description "traefik agent"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+
+script
+  if [ -f /etc/default/traefik ]; then
+    . /etc/default/traefik
+  fi
+
+  # Make sure to use all our CPUs, because traefik can block a scheduler thread
+  export GOMAXPROCS=`nproc`
+
+  # Get the public IP
+  BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'`
+
+  exec start-stop-daemon --start \
+    --chuid ${TRAEFIK_USER:-traefik}:${TRAEFIK_GROUP:-traefik} \
+    --exec /usr/local/bin/traefik agent -- \
+      -config-dir="/etc/traefik.d" \
+      ${TRAEFIK_FLAGS} \
+      >> /var/log/traefik.log 2>&1
+end script

traefik/init.sls

@@ -0,0 +1,6 @@
+{% from slspath+"/map.jinja" import traefik with context %}
+
+include:
+  - {{ slspath }}.install
+  - {{ slspath }}.config
+  - {{ slspath }}.service

traefik/install.sls

@@ -0,0 +1,67 @@
+{%- from slspath + '/map.jinja' import traefik with context -%}
+
+traefik-bin-dir:
+  file.directory:
+    - name: /usr/local/bin
+    - makedirs: True
+
+# Create traefik user
+traefik-group:
+  group.present:
+    - name: {{ traefik.group }}
+
+traefik-user:
+  user.present:
+    - name: {{ traefik.user }}
+    - groups:
+      - {{ traefik.group }}
+    - home: /etc/traefik
+    - createhome: False
+    - system: True
+    - require:
+      - group: traefik-group
+
+# Create directories
+traefik-config-dir:
+  file.directory:
+    - name: /etc/traefik
+    - user: {{ traefik.user }}
+    - group: {{ traefik.group }}
+    - mode: 0750
+
+# Install agent
+traefik-download:
+  file.managed:
+  https://github.com/containous/traefik/releases/download/v1.6.1/traefik_linux-amd64
+    - name: /tmp/traefik-{{ traefik.version }}
+    - source: https://{{ traefik.download_host }}/containous/traefik/releases/download/v{{ traefik.version }}/traefik_linux_{{ traefik.arch }}
+    - mode: 0755
+    - unless: test -f /usr/local/bin/traefik-{{ traefik.version }}
+
+traefik-install:
+  file.rename:
+    - name: /usr/local/bin/traefik-{{ traefik.version }}
+    - source: /tmp/traefik-{{ traefik.version }}
+    - require:
+      - file: /usr/local/bin
+    - watch:
+      - file: traefik-download
+    
+traefik-clean:
+  file.absent:
+    - name: /tmp/traefik-{{ traefik.version }}
+    - watch:
+      - file: traefik-install
+
+traefik-link:
+  file.symlink:
+    - target: traefik-{{ traefik.version }}
+    - name: /usr/local/bin/traefik
+    - watch:
+      - file: traefik-install
+
+traefik-setcap:
+  cmd.run:
+    - name: "setcap cap_net_bind_service=+ep /usr/local/bin/traefik-{{ traefik.version }}"
+    - onchanges:
+      - file: traefik-install

traefik/map.jinja

@@ -0,0 +1,19 @@
+{% import_yaml slspath+"/defaults.yaml" as defaults %}
+
+{% set traefik = salt['pillar.get']('traefik', default=defaults.traefik, merge=True) %}
+
+{## Add any overrides based on CPU architecture. ##}
+{% set traefik = salt['grains.filter_by']({
+        'armv6l': {
+            "arch": 'arm'
+        },
+        'armv7l': {
+            "arch": 'arm'
+        },
+        'x86_64': {
+            "arch": 'amd64'
+        }
+  }
+  ,grain="cpuarch"
+  ,merge=traefik)
+%}

traefik/service.sls

@@ -0,0 +1,51 @@
+{%- from slspath+"/map.jinja" import traefik with context -%}
+
+traefik-init-env:
+  file.managed:
+    {%- if grains['os_family'] == 'Debian' %}
+    - name: /etc/default/traefik
+    {%- else %}
+    - name: /etc/sysconfig/traefik
+    - makedirs: True
+    {%- endif %}
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents:
+      - TRAEFIK_USER={{ traefik.user }}
+      - TRAEFIK_GROUP={{ traefik.group }}
+      - GOMAXPROCS=2
+      - PATH=/usr/local/bin:/usr/bin:/bin
+
+traefik-init-file:
+  file.managed:
+    {%- if salt['test.provider']('service') == 'systemd' %}
+    - source: salt://{{ slspath }}/files/traefik.service
+    - name: /etc/systemd/system/traefik.service
+    - template: jinja
+    - context:
+        user: {{ traefik.user }}
+        group: {{ traefik.group }}
+        config_file: {{ traefik.config_file }}
+    - mode: 0644
+    {%- elif salt['test.provider']('service') == 'upstart' %}
+    - source: salt://{{ slspath }}/files/traefik.upstart
+    - name: /etc/init/traefik.conf
+    - mode: 0644
+    {%- else %}
+    - source: salt://{{ slspath }}/files/traefik.sysvinit
+    - name: /etc/init.d/traefik
+    - mode: 0755
+    {%- endif %}
+
+{%- if traefik.service %}
+
+traefik-service:
+  service.running:
+    - name: traefik
+    - enable: True
+    - watch:
+      - file: traefik-init-env
+      - file: traefik-init-file
+
+{%- endif %}