From 4e2ea9c8a7f4c679ddee30d8f52762f23bb64807 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Thu, 19 Sep 2024 12:48:45 +0200
Subject: [PATCH] Kapitel 11: Web-Cluster

---
 .gitmodules                 |  6 ++++++
 11/ansible.cfg              | 31 +++++++++++++++++++++++++++++++
 11/webcluster-cert.yml      | 10 ++++++++++
 11/webcluster-db.yml        |  1 +
 11/webcluster-lb.yml        |  1 +
 11/webcluster-site.yml      |  1 +
 11/webcluster-worker.yml    |  1 +
 ansible.cfg                 |  2 +-
 group_vars/webcluster.yml   | 18 ++++++++++++++++++
 hosts.ini                   | 26 ++++++++++++++++++++++++++
 roles.extern/selfsignedcert |  1 +
 roles.webcluster            |  1 +
 12 files changed, 98 insertions(+), 1 deletion(-)
 create mode 100644 11/ansible.cfg
 create mode 100644 11/webcluster-cert.yml
 create mode 120000 11/webcluster-db.yml
 create mode 120000 11/webcluster-lb.yml
 create mode 120000 11/webcluster-site.yml
 create mode 120000 11/webcluster-worker.yml
 create mode 100644 group_vars/webcluster.yml
 create mode 160000 roles.extern/selfsignedcert
 create mode 160000 roles.webcluster

diff --git a/.gitmodules b/.gitmodules
index 9267d33..26d9052 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -20,3 +20,9 @@
 [submodule "09/ssh-wrapper-for-monitoring"]
 	path = 09/ssh-wrapper-for-monitoring
 	url = https://git.velt.biz/Monitoring/ssh-wrapper-for-monitoring.git
+[submodule "roles.webcluster"]
+	path = roles.webcluster
+	url = https://git.velt.biz/Ansible/roles.webcluster.git
+[submodule "roles.extern/selfsignedcert"]
+	path = roles.extern/selfsignedcert
+	url = https://git.velt.biz/Ansible/selfsignedcert.git
diff --git a/11/ansible.cfg b/11/ansible.cfg
new file mode 100644
index 0000000..4683b02
--- /dev/null
+++ b/11/ansible.cfg
@@ -0,0 +1,31 @@
+[defaults]
+
+# Inventory
+inventory = ./hosts.ini
+
+# Roles paths
+roles_path = ./roles:./roles.extern:./roles.webcluster:/etc/ansible/roles
+
+# Interpreter Discovery - Ohne Warnings
+interpreter_python = auto_silent
+
+# SSH
+remote_user = root
+#host_key_checking = False
+
+# Retry files
+retry_files_enabled = yes
+retry_files_save_path = ./.cache/Retry/
+
+# Log files
+#log_path = ./log/ansible.log
+
+# Farben ausschalten
+#nocolor = 1
+
+[colors]
+# Für dunklen Hintergrund in der Console
+verbose = bright blue
+debug = bright gray
+error = bright red
+
diff --git a/11/webcluster-cert.yml b/11/webcluster-cert.yml
new file mode 100644
index 0000000..43f6cb1
--- /dev/null
+++ b/11/webcluster-cert.yml
@@ -0,0 +1,10 @@
+---
+
+- hosts: localhost
+  roles:
+    - role: selfsignedcert
+      selfsignedcert_basename: ./cert
+      selfsignedcert_san:
+        - "IP:192.168.1.99"
+
+
diff --git a/11/webcluster-db.yml b/11/webcluster-db.yml
new file mode 120000
index 0000000..31c820d
--- /dev/null
+++ b/11/webcluster-db.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-db.yml
\ No newline at end of file
diff --git a/11/webcluster-lb.yml b/11/webcluster-lb.yml
new file mode 120000
index 0000000..9b24fe8
--- /dev/null
+++ b/11/webcluster-lb.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-lb.yml
\ No newline at end of file
diff --git a/11/webcluster-site.yml b/11/webcluster-site.yml
new file mode 120000
index 0000000..b3c4b9e
--- /dev/null
+++ b/11/webcluster-site.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-site.yml
\ No newline at end of file
diff --git a/11/webcluster-worker.yml b/11/webcluster-worker.yml
new file mode 120000
index 0000000..79851f2
--- /dev/null
+++ b/11/webcluster-worker.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-worker.yml
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index a120663..31fbd81 120000
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1 +1 @@
-06/ansible.cfg
\ No newline at end of file
+11/ansible.cfg
\ No newline at end of file
diff --git a/group_vars/webcluster.yml b/group_vars/webcluster.yml
new file mode 100644
index 0000000..2137a38
--- /dev/null
+++ b/group_vars/webcluster.yml
@@ -0,0 +1,18 @@
+apache2_backend_mod_remoteip_proxy: 10.128.16.0/22
+
+
+haproxy_sslcert_src: cert.pem
+haproxy_sslcert_path: /etc/haproxy/ssl.pem
+
+
+keepalived_virtual_ipaddress:
+  - 10.128.17.9/22
+
+keepalived_chk_proc_name: haproxy
+
+
+selfsignedcert_basename: ./cert
+
+selfsignedcert_san:
+  - "IP:{{ keepalived_virtual_ipaddress|ipaddr('address') }}"
+
diff --git a/hosts.ini b/hosts.ini
index 7293b61..159bc6f 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -85,3 +85,29 @@ voidlinux
 [zypper:children]
 opensuse
 
+############################################################
+
+[lb]
+tn00-alpine3j
+tn00-alpine3k
+
+[lb:vars]
+ansible_ssh_transfer_method=piped
+
+[worker]
+tn00-ubu2004a
+tn00-ubu2004b
+tn00-ubu2004c
+tn00-ubu2004d
+
+# tn00-debian11
+
+[db]
+tn00-ubu2004a
+tn00-ubu2004b
+
+[webcluster:children]
+lb
+worker
+db
+
diff --git a/roles.extern/selfsignedcert b/roles.extern/selfsignedcert
new file mode 160000
index 0000000..ac102f4
--- /dev/null
+++ b/roles.extern/selfsignedcert
@@ -0,0 +1 @@
+Subproject commit ac102f44afef4a6a5d384d4ed86d397009f66939
diff --git a/roles.webcluster b/roles.webcluster
new file mode 160000
index 0000000..ad984d6
--- /dev/null
+++ b/roles.webcluster
@@ -0,0 +1 @@
+Subproject commit ad984d664803b2319e669fa35ac7838a025eb310