From 71dfc752b8023c5c9b32f07c4fc417d19fd14945 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Thu, 27 Mar 2025 16:48:00 +0100
Subject: [PATCH] Kapitel 11: Web-Cluster

---
 .gitmodules                 |  6 ++++++
 11/ansible.cfg              | 31 +++++++++++++++++++++++++++++++
 11/webcluster-cert.yml      | 10 ++++++++++
 11/webcluster-db.yml        |  1 +
 11/webcluster-lb.yml        |  1 +
 11/webcluster-site.yml      |  1 +
 11/webcluster-worker.yml    |  1 +
 ansible.cfg                 |  2 +-
 group_vars/webcluster.yml   | 18 ++++++++++++++++++
 helper/11_gitmodules.sh     | 12 ++++++++++++
 hosts.ini                   | 25 +++++++++++++++++++++++++
 roles.extern/selfsignedcert |  1 +
 roles.webcluster            |  1 +
 13 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 11/ansible.cfg
 create mode 100644 11/webcluster-cert.yml
 create mode 120000 11/webcluster-db.yml
 create mode 120000 11/webcluster-lb.yml
 create mode 120000 11/webcluster-site.yml
 create mode 120000 11/webcluster-worker.yml
 create mode 100644 group_vars/webcluster.yml
 create mode 100755 helper/11_gitmodules.sh
 create mode 160000 roles.extern/selfsignedcert
 create mode 160000 roles.webcluster

diff --git a/.gitmodules b/.gitmodules
index 0ecaada..04cea97 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -23,3 +23,9 @@
 [submodule "roles.extern/prepare-dnf5"]
 	path = roles.extern/prepare-dnf5
 	url = https://git.velt.biz/svelt/role.prepare-dnf5.git
+[submodule "roles.webcluster"]
+	path = roles.webcluster
+	url = https://git.velt.biz/Ansible/roles.webcluster.git
+[submodule "roles.extern/selfsignedcert"]
+	path = roles.extern/selfsignedcert
+	url = https://git.velt.biz/Ansible/selfsignedcert.git
diff --git a/11/ansible.cfg b/11/ansible.cfg
new file mode 100644
index 0000000..4683b02
--- /dev/null
+++ b/11/ansible.cfg
@@ -0,0 +1,31 @@
+[defaults]
+
+# Inventory
+inventory = ./hosts.ini
+
+# Roles paths
+roles_path = ./roles:./roles.extern:./roles.webcluster:/etc/ansible/roles
+
+# Interpreter Discovery - Ohne Warnings
+interpreter_python = auto_silent
+
+# SSH
+remote_user = root
+#host_key_checking = False
+
+# Retry files
+retry_files_enabled = yes
+retry_files_save_path = ./.cache/Retry/
+
+# Log files
+#log_path = ./log/ansible.log
+
+# Farben ausschalten
+#nocolor = 1
+
+[colors]
+# Für dunklen Hintergrund in der Console
+verbose = bright blue
+debug = bright gray
+error = bright red
+
diff --git a/11/webcluster-cert.yml b/11/webcluster-cert.yml
new file mode 100644
index 0000000..43f6cb1
--- /dev/null
+++ b/11/webcluster-cert.yml
@@ -0,0 +1,10 @@
+---
+
+- hosts: localhost
+  roles:
+    - role: selfsignedcert
+      selfsignedcert_basename: ./cert
+      selfsignedcert_san:
+        - "IP:192.168.1.99"
+
+
diff --git a/11/webcluster-db.yml b/11/webcluster-db.yml
new file mode 120000
index 0000000..31c820d
--- /dev/null
+++ b/11/webcluster-db.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-db.yml
\ No newline at end of file
diff --git a/11/webcluster-lb.yml b/11/webcluster-lb.yml
new file mode 120000
index 0000000..9b24fe8
--- /dev/null
+++ b/11/webcluster-lb.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-lb.yml
\ No newline at end of file
diff --git a/11/webcluster-site.yml b/11/webcluster-site.yml
new file mode 120000
index 0000000..b3c4b9e
--- /dev/null
+++ b/11/webcluster-site.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-site.yml
\ No newline at end of file
diff --git a/11/webcluster-worker.yml b/11/webcluster-worker.yml
new file mode 120000
index 0000000..79851f2
--- /dev/null
+++ b/11/webcluster-worker.yml
@@ -0,0 +1 @@
+../roles.webcluster/webcluster-worker.yml
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index a120663..31fbd81 120000
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1 +1 @@
-06/ansible.cfg
\ No newline at end of file
+11/ansible.cfg
\ No newline at end of file
diff --git a/group_vars/webcluster.yml b/group_vars/webcluster.yml
new file mode 100644
index 0000000..58cbe1c
--- /dev/null
+++ b/group_vars/webcluster.yml
@@ -0,0 +1,18 @@
+apache2_backend_mod_remoteip_proxy: 10.128.17.0/24
+
+
+haproxy_sslcert_src: cert.pem
+haproxy_sslcert_path: /etc/haproxy/ssl.pem
+
+
+keepalived_virtual_ipaddress:
+  - 10.128.17.9/22
+
+keepalived_chk_proc_name: haproxy
+
+
+selfsignedcert_basename: ./cert
+
+selfsignedcert_san:
+  - "IP:{{ keepalived_virtual_ipaddress|ipaddr('address') }}"
+
diff --git a/helper/11_gitmodules.sh b/helper/11_gitmodules.sh
new file mode 100755
index 0000000..08ab601
--- /dev/null
+++ b/helper/11_gitmodules.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/roles.webcluster.git roles.webcluster
+git submodule add https://git.velt.biz/Ansible/selfsignedcert.git roles.extern/selfsignedcert
+
+cd roles.webcluster
+git submodule init
+git submodule update
+cd ..
+
diff --git a/hosts.ini b/hosts.ini
index 2942043..54c1de2 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -69,3 +69,28 @@ voidlinux
 [zypper:children]
 opensuse
 
+############################################################
+
+[lb]
+tn00-alpine3k
+tn00-alpine3l
+
+[lb:vars]
+ansible_ssh_transfer_method=piped
+
+[worker]
+tn00-ubu2004a
+tn00-ubu2004b
+tn00-ubu2004c
+tn00-ubu2004d
+
+tn00-debian11
+
+[db]
+tn00-ubu2004a
+tn00-ubu2004b
+
+[webcluster:children]
+lb
+worker
+db
diff --git a/roles.extern/selfsignedcert b/roles.extern/selfsignedcert
new file mode 160000
index 0000000..ac102f4
--- /dev/null
+++ b/roles.extern/selfsignedcert
@@ -0,0 +1 @@
+Subproject commit ac102f44afef4a6a5d384d4ed86d397009f66939
diff --git a/roles.webcluster b/roles.webcluster
new file mode 160000
index 0000000..ad984d6
--- /dev/null
+++ b/roles.webcluster
@@ -0,0 +1 @@
+Subproject commit ad984d664803b2319e669fa35ac7838a025eb310