Add basics of a frontend system

This will in future be the only system that has a public IP, and will
proxy requests to the correct instances according to the subdomain and
possibly path of the request.

2 files changed, 88 insertions, 0 deletions

diff --git a/frontend/haproxy.cfg b/frontend/haproxy.cfg
new file mode 100644
index 00000000..3b5f021d
--- /dev/null
+++ b/frontend/haproxy.cfg
@@ -0,0 +1,38 @@
+# HAProxy configuration for Baserock Project front-end proxy.
+
+global
+    maxconn 4000
+
+    chroot /var/lib/haproxy
+    daemon
+    pidfile /var/run/haproxy.pid
+    user haproxy
+    group haproxy
+
+    stats socket /var/lib/haproxy/stats
+
+defaults
+    mode http
+    timeout connect 5000ms
+    timeout client 50000ms
+    timeout server 50000ms
+
+frontend http-in
+    bind *:80
+
+    # Rules below here implement the URL-based forwarding to the
+    # appropriate instance. The hdr(host) call means 'extract the
+    # first Host header from the HTTP request or response', the '-m beg'
+    # switch means 'match against the beginning of it' and the '-i' flag
+    # makes the match case-insensitive.
+    #
+    # See <https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7>
+    # for more documentation than you ever dreamed of.
+
+    acl host_openid hdr(host) -m beg -i openid
+    use_backend baserock_openid_provider if host_openid
+
+# Entries here locate each server backend.
+
+backend baserock_openid_provider
+    server baserock_openid_provider IP
diff --git a/frontend/packer_template.json b/frontend/packer_template.json
new file mode 100644
index 00000000..3341132d
--- /dev/null
+++ b/frontend/packer_template.json
@@ -0,0 +1,50 @@
+{
+    "builders": [
+        {
+            "name": "development",
+            "type": "docker",
+            "image": "fedora:20",
+            "commit": true
+        },
+        {
+            "name": "production",
+            "type": "openstack",
+            "image_name": "sam-baserock-openid-test",
+            "flavor": 2,
+            "source_image": "eb6cc57b-da78-408a-a4b4-20a27168198b",
+            "networks": ["d079fa3e-2558-4bcb-ad5a-279040c202b5"],
+            "floating_ip": "85.199.252.161",
+            "use_floating_ip": true
+        }
+    ],
+    "provisioners": [
+        {
+            "type": "shell",
+            "inline": [ "sleep 10" ],
+            "only": ["production"]
+        },
+        {
+            "type": "file",
+            "source": "frontend/haproxy.cfg",
+            "destination": "/etc/haproxy"
+        },
+        {
+            "type": "shell",
+            "inline": [
+                "sudo yum install -y haproxy",
+                "systemctl enable haproxy.service",
+                "systemctl start haproxy.service"
+            ]
+        }
+    ],
+    "post-processors": [
+        [
+            {
+                "type": "docker-tag",
+                "repository": "baserock/openid-provider",
+                "tag": "latest",
+                "only": ["development"]
+            }
+        ]
+    ]
+}