Kapitel 11: Web-Cluster

2025-03-27 16:48:00 +01:00 · 2025-03-27 16:48:00 +01:00 · 71dfc752b8
parent 9fd424679d
commit 71dfc752b8
13 changed files with 109 additions and 1 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -23,3 +23,9 @@
 [submodule "roles.extern/prepare-dnf5"]
 	path = roles.extern/prepare-dnf5
 	url = https://git.velt.biz/svelt/role.prepare-dnf5.git
+[submodule "roles.webcluster"]
+	path = roles.webcluster
+	url = https://git.velt.biz/Ansible/roles.webcluster.git
+[submodule "roles.extern/selfsignedcert"]
+	path = roles.extern/selfsignedcert
+	url = https://git.velt.biz/Ansible/selfsignedcert.git
--- a/11/ansible.cfg
+++ b/11/ansible.cfg
@ -0,0 +1,31 @@
+[defaults]
+
+# Inventory
+inventory = ./hosts.ini
+
+# Roles paths
+roles_path = ./roles:./roles.extern:./roles.webcluster:/etc/ansible/roles
+
+# Interpreter Discovery - Ohne Warnings
+interpreter_python = auto_silent
+
+# SSH
+remote_user = root
+#host_key_checking = False
+
+# Retry files
+retry_files_enabled = yes
+retry_files_save_path = ./.cache/Retry/
+
+# Log files
+#log_path = ./log/ansible.log
+
+# Farben ausschalten
+#nocolor = 1
+
+[colors]
+# Für dunklen Hintergrund in der Console
+verbose = bright blue
+debug = bright gray
+error = bright red
+
--- a/11/webcluster-cert.yml
+++ b/11/webcluster-cert.yml
@ -0,0 +1,10 @@
+---
+
+- hosts: localhost
+  roles:
+    - role: selfsignedcert
+      selfsignedcert_basename: ./cert
+      selfsignedcert_san:
+        - "IP:192.168.1.99"
+
+
--- a/11/webcluster-db.yml
+++ b/11/webcluster-db.yml
@ -0,0 +1 @@
+../roles.webcluster/webcluster-db.yml
--- a/11/webcluster-lb.yml
+++ b/11/webcluster-lb.yml
@ -0,0 +1 @@
+../roles.webcluster/webcluster-lb.yml
--- a/11/webcluster-site.yml
+++ b/11/webcluster-site.yml
@ -0,0 +1 @@
+../roles.webcluster/webcluster-site.yml
--- a/11/webcluster-worker.yml
+++ b/11/webcluster-worker.yml
@ -0,0 +1 @@
+../roles.webcluster/webcluster-worker.yml
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1 +1 @@
-06/ansible.cfg
+11/ansible.cfg
--- a/group_vars/webcluster.yml
+++ b/group_vars/webcluster.yml
@ -0,0 +1,18 @@
+apache2_backend_mod_remoteip_proxy: 10.128.17.0/24
+
+
+haproxy_sslcert_src: cert.pem
+haproxy_sslcert_path: /etc/haproxy/ssl.pem
+
+
+keepalived_virtual_ipaddress:
+  - 10.128.17.9/22
+
+keepalived_chk_proc_name: haproxy
+
+
+selfsignedcert_basename: ./cert
+
+selfsignedcert_san:
+  - "IP:{{ keepalived_virtual_ipaddress|ipaddr('address') }}"
+
--- a/helper/11_gitmodules.sh
+++ b/helper/11_gitmodules.sh
@ -0,0 +1,12 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/roles.webcluster.git roles.webcluster
+git submodule add https://git.velt.biz/Ansible/selfsignedcert.git roles.extern/selfsignedcert
+
+cd roles.webcluster
+git submodule init
+git submodule update
+cd ..
+
--- a/hosts.ini
+++ b/hosts.ini
@ -69,3 +69,28 @@ voidlinux
 [zypper:children]
 opensuse

+############################################################
+
+[lb]
+tn00-alpine3k
+tn00-alpine3l
+
+[lb:vars]
+ansible_ssh_transfer_method=piped
+
+[worker]
+tn00-ubu2004a
+tn00-ubu2004b
+tn00-ubu2004c
+tn00-ubu2004d
+
+tn00-debian11
+
+[db]
+tn00-ubu2004a
+tn00-ubu2004b
+
+[webcluster:children]
+lb
+worker
+db
--- a/roles.extern/selfsignedcert
+++ b/roles.extern/selfsignedcert
@ -0,0 +1 @@
+Subproject commit ac102f44afef4a6a5d384d4ed86d397009f66939
--- a/roles.webcluster
+++ b/roles.webcluster
@ -0,0 +1 @@
+Subproject commit ad984d664803b2319e669fa35ac7838a025eb310
				`@ -0,0 +1 @@`
				`Subproject commit ac102f44afef4a6a5d384d4ed86d397009f66939`
				`@ -0,0 +1 @@`
				`Subproject commit ad984d664803b2319e669fa35ac7838a025eb310`