chore(traefik): clearer naming for aggregated services

2026-01-22 17:14:38 +01:00 · 2026-01-22 17:14:38 +01:00 · d0ae0a4df9
commit d0ae0a4df9
parent 8e49b09fd6
2 changed files with 21 additions and 8 deletions
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@ -51,20 +51,28 @@ log_level: "INFO"
 # Network name
 traefik_network: "proxy"

-# Services to expose (defined by application roles via host_vars or group_vars)
-# Each backend server should define this variable with their services
-# traefik_services:
+# Services to expose through DMZ (defined on backend servers via host_vars)
+# The DMZ proxy aggregates these from all backend_servers and auto-populates backend_host
+# traefik_dmz_exposed_services:
 #   - name: httpbin
 #     domain: httpbin.example.com
 #     port: 8080
 #     protocol: http  # http or https
-#     entrypoints: [websecure]  # optional, defaults based on SSL config
+
+# Services to expose directly on the proxy (for hosts not managed by Ansible)
+# Define on the DMZ host itself - requires explicit backend_host
+# traefik_services:
+#   - name: external-api
+#     domain: api.example.com
+#     backend_host: 10.0.0.50  # required for direct definitions
+#     port: 8080
+#     protocol: http

 # DMZ mode: Explicit backend server mapping
 # Define which backend servers this DMZ proxy should route to
 # If empty or undefined, routes to all servers in backend_servers group
-backend_servers_to_proxy: []
+traefik_backend_servers_to_proxy: []
 # Example:
-# backend_servers_to_proxy:
+# traefik_backend_servers_to_proxy:
 #   - backend1
 #   - backend2
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@ -4,15 +4,20 @@

 - name: Determine which backend servers to proxy (DMZ mode)
  set_fact:
-    _backend_servers: "{{ backend_servers_to_proxy if backend_servers_to_proxy | length > 0 else groups['backend_servers'] | default([]) }}"
+    _backend_servers: "{{ traefik_backend_servers_to_proxy if traefik_backend_servers_to_proxy | length > 0 else groups['backend_servers'] | default([]) }}"
  when: traefik_mode == 'dmz'

 - name: Build service registry from backend servers (DMZ mode)
  set_fact:
-    proxied_services: "{{ proxied_services | default([]) + hostvars[item].traefik_services | default([]) | map('combine', {'backend_host': hostvars[item].ansible_host | default(item)}) | list }}"
+    proxied_services: "{{ proxied_services | default([]) + hostvars[item].traefik_dmz_exposed_services | default([]) | map('combine', {'backend_host': hostvars[item].ansible_host | default(item)}) | list }}"
  loop: "{{ _backend_servers | default([]) }}"
  when: traefik_mode == 'dmz'

+- name: Add directly defined services to registry (DMZ mode)
+  set_fact:
+    proxied_services: "{{ proxied_services | default([]) + traefik_services | default([]) }}"
+  when: traefik_mode == 'dmz'
+
 - name: Debug service registry
  debug:
    var: proxied_services