From c5a8d99a77160cc53f41c5488f0f90df3e25d622 Mon Sep 17 00:00:00 2001 From: Sven Velt Date: Thu, 30 Nov 2017 12:11:25 +0100 Subject: [PATCH] Initial commit --- roles/web_base/defaults/main.yml | 5 + roles/web_base/meta/main.yml | 3 + roles/web_db/defaults/main.yml | 11 +++ roles/web_db/tasks/main.yml | 27 ++++++ roles/web_lb/defaults/main.yml | 5 + roles/web_lb/handlers/main.yml | 12 +++ roles/web_lb/tasks/main.yml | 24 +++++ roles/web_lb/templates/haproxy.cfg.j2 | 58 ++++++++++++ roles/web_worker/defaults/main.yml | 25 +++++ .../web_worker/files/var/www/worker/index.php | 1 + roles/web_worker/handlers/main.yml | 11 +++ roles/web_worker/tasks/db_update.yml | 5 + roles/web_worker/tasks/main.yml | 1 + roles/web_worker/tasks/main_with_haproxy.yml | 92 +++++++++++++++++++ roles/web_worker/tasks/main_with_socat.yml | 84 +++++++++++++++++ .../apache2/sites-available/worker.conf.j2 | 11 +++ .../etc/php/7.0/fpm/pool.d/worker.conf.j2 | 12 +++ .../templates/var/www/worker/index.html.j2 | 1 + web_db.yml | 6 ++ web_lb.yml | 8 ++ web_site.yml | 23 +++++ web_worker.yml | 10 ++ 22 files changed, 435 insertions(+) create mode 100644 roles/web_base/defaults/main.yml create mode 100644 roles/web_base/meta/main.yml create mode 100644 roles/web_db/defaults/main.yml create mode 100644 roles/web_db/tasks/main.yml create mode 100644 roles/web_lb/defaults/main.yml create mode 100644 roles/web_lb/handlers/main.yml create mode 100644 roles/web_lb/tasks/main.yml create mode 100644 roles/web_lb/templates/haproxy.cfg.j2 create mode 100644 roles/web_worker/defaults/main.yml create mode 100644 roles/web_worker/files/var/www/worker/index.php create mode 100644 roles/web_worker/handlers/main.yml create mode 100644 roles/web_worker/tasks/db_update.yml create mode 120000 roles/web_worker/tasks/main.yml create mode 100644 roles/web_worker/tasks/main_with_haproxy.yml create mode 100644 roles/web_worker/tasks/main_with_socat.yml create mode 100644 roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2 create mode 100644 roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2 create mode 100644 roles/web_worker/templates/var/www/worker/index.html.j2 create mode 100644 web_db.yml create mode 100644 web_lb.yml create mode 100644 web_site.yml create mode 100644 web_worker.yml diff --git a/roles/web_base/defaults/main.yml b/roles/web_base/defaults/main.yml new file mode 100644 index 0000000..d1aebf5 --- /dev/null +++ b/roles/web_base/defaults/main.yml @@ -0,0 +1,5 @@ +--- +ntp_server: + - 0.de.pool.ntp.org + - 1.de.pool.ntp.org + - 2.de.pool.ntp.org diff --git a/roles/web_base/meta/main.yml b/roles/web_base/meta/main.yml new file mode 100644 index 0000000..25454c5 --- /dev/null +++ b/roles/web_base/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: ntp } diff --git a/roles/web_db/defaults/main.yml b/roles/web_db/defaults/main.yml new file mode 100644 index 0000000..d6ddb14 --- /dev/null +++ b/roles/web_db/defaults/main.yml @@ -0,0 +1,11 @@ +--- +db_packages: + - mariadb-server + - python-mysqldb + +db_servicename: mysql + +db_name: webapp +db_user: webappuser +db_password: webapppw + diff --git a/roles/web_db/tasks/main.yml b/roles/web_db/tasks/main.yml new file mode 100644 index 0000000..8afd9e1 --- /dev/null +++ b/roles/web_db/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Install software + package: + name: "{{ item }}" + state: present + with_items: "{{ db_packages }}" + +- name: MariaDB enable service + service: + name: "{{ db_servicename }}" + state: started + enabled: yes + +- name: MariaDB create DB + mysql_db: + name: "{{ db_name }}" + state: present + +- name: MariaDB create user + mysql_user: + name: "{{ db_user }}" + password: "{{ db_password }}" + priv: '{{ db_name }}.*:ALL' + host: '%' + state: present + + diff --git a/roles/web_lb/defaults/main.yml b/roles/web_lb/defaults/main.yml new file mode 100644 index 0000000..826d74b --- /dev/null +++ b/roles/web_lb/defaults/main.yml @@ -0,0 +1,5 @@ +--- +lb_packages: + - haproxy + - socat + diff --git a/roles/web_lb/handlers/main.yml b/roles/web_lb/handlers/main.yml new file mode 100644 index 0000000..3146fed --- /dev/null +++ b/roles/web_lb/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Restart HAProxy + service: + name: haproxy + state: restarted + +- name: Restart RSyslog + service: + name: rsyslog + state: restarted + + diff --git a/roles/web_lb/tasks/main.yml b/roles/web_lb/tasks/main.yml new file mode 100644 index 0000000..2a62a32 --- /dev/null +++ b/roles/web_lb/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install software + package: + name: "{{ item }}" + state: latest + with_items: "{{ lb_packages }}" + notify: Restart RSyslog + +- name: HAProxy enable service + service: + name: haproxy + enabled: yes + state: started + +- name: HAProxy create config + template: + dest: "/etc/haproxy/haproxy.cfg" + src: "haproxy.cfg.j2" + mode: 0644 + backup: yes + notify: + - Restart HAProxy + - Restart RSyslog + diff --git a/roles/web_lb/templates/haproxy.cfg.j2 b/roles/web_lb/templates/haproxy.cfg.j2 new file mode 100644 index 0000000..3408fbb --- /dev/null +++ b/roles/web_lb/templates/haproxy.cfg.j2 @@ -0,0 +1,58 @@ +global + log 127.0.0.1 local0 + log 127.0.0.1 local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). + ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend localnodes + bind *:80 + mode http + default_backend nodes + +backend nodes + mode http + balance roundrobin + option forwardfor + http-request set-header X-Forwarded-Port %[dst_port] + http-request add-header X-Forwarded-Proto https if { ssl_fc } + option httpchk HEAD / HTTP/1.1\r\nHost:localhost + #server worker_01 172.22.244.81:80 check + {% for host in groups['worker'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_default_ipv4'].address }}:80 check + {% endfor %} + +listen stats + bind *:1936 + stats enable + stats uri / + stats hide-version + stats auth admin:admin + diff --git a/roles/web_worker/defaults/main.yml b/roles/web_worker/defaults/main.yml new file mode 100644 index 0000000..12222ff --- /dev/null +++ b/roles/web_worker/defaults/main.yml @@ -0,0 +1,25 @@ +--- +worker_packages: + - apache2 + - php-fpm + - php-mysql + +worker_a2mods: + - mpm_event + - proxy + - proxy_fcgi + - rewrite + +worker_a2dissites: + - 000-default.conf + - default-ssl.conf + +worker_a2ensites: + - worker.conf + +worker_a2docroots: + - var/www/worker + +worker_phpfpmpools: + - etc/php/7.0/fpm/pool.d/worker.conf + diff --git a/roles/web_worker/files/var/www/worker/index.php b/roles/web_worker/files/var/www/worker/index.php new file mode 100644 index 0000000..147cebc --- /dev/null +++ b/roles/web_worker/files/var/www/worker/index.php @@ -0,0 +1 @@ + diff --git a/roles/web_worker/handlers/main.yml b/roles/web_worker/handlers/main.yml new file mode 100644 index 0000000..ea94add --- /dev/null +++ b/roles/web_worker/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: Restart Apache2 + service: + name: apache2 + state: restarted + +- name: Restart PHP-FPM + service: + name: php7.0-fpm + state: restarted + diff --git a/roles/web_worker/tasks/db_update.yml b/roles/web_worker/tasks/db_update.yml new file mode 100644 index 0000000..96bc0ec --- /dev/null +++ b/roles/web_worker/tasks/db_update.yml @@ -0,0 +1,5 @@ +--- +- name: Update DB schema + command: {{ worker_dbupdate_command }} + run_once: True + diff --git a/roles/web_worker/tasks/main.yml b/roles/web_worker/tasks/main.yml new file mode 120000 index 0000000..a738371 --- /dev/null +++ b/roles/web_worker/tasks/main.yml @@ -0,0 +1 @@ +main_with_haproxy.yml \ No newline at end of file diff --git a/roles/web_worker/tasks/main_with_haproxy.yml b/roles/web_worker/tasks/main_with_haproxy.yml new file mode 100644 index 0000000..0d4f7ad --- /dev/null +++ b/roles/web_worker/tasks/main_with_haproxy.yml @@ -0,0 +1,92 @@ +--- +- name: Install software + package: + name: "{{ item }}" + state: latest + with_items: "{{ worker_packages }}" + +- name: Apache2 enable modules + apache2_module: + name: "{{ item }}" + state: present + with_items: "{{ worker_a2mods }}" + notify: Restart Apache2 + +- name: Apache2 disable sites + file: + path: "/etc/apache2/sites-enabled/{{ item }}" + state: absent + with_items: "{{ worker_a2dissites }}" + notify: Restart Apache2 + +- name: Apache2 create vhosts + template: + dest: "/etc/apache2/sites-available/{{ item }}" + src: "etc/apache2/sites-available/{{ item }}.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_a2ensites }}" + notify: Restart Apache2 + +- name: Apache2 enable sites + file: + path: "/etc/apache2/sites-enabled/{{ item }}" + src: "/etc/apache2/sites-available/{{ item }}" + state: link + force: yes + with_items: "{{ worker_a2ensites }}" + notify: Restart Apache2 + +- name: Apache2 create DocRoots + file: + path: "/{{ item }}" + state: directory + mode: 0755 + with_items: "{{ worker_a2docroots }}" + notify: Restart Apache2 + +- name: PHP Install pools + template: + dest: "/{{ item }}" + src: "{{ item }}.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_phpfpmpools }}" + notify: Restart PHP-FPM + +- name: Disable worker in load balancers + haproxy: + socket: /run/haproxy/admin.sock + backend: nodes + host: "{{ inventory_hostname }}" + state: disabled + delegate_to: "{{ item }}" + with_items: "{{ groups.lb }}" + +- name: Apache2 copy websites + copy: + dest: "/{{ item }}/" + src: "{{ item }}/" + backup: yes + with_items: "{{ worker_a2docroots }}" + +- name: Apache2 template dummy index.html + template: + dest: "/{{ item }}/index.html" + src: "{{ item }}/index.html.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_a2docroots }}" + +- name: Sleep 30 seconds... + pause: seconds=30 + +- name: Enable worker in load balancers + haproxy: + socket: /run/haproxy/admin.sock + backend: nodes + host: "{{ inventory_hostname }}" + state: enabled + delegate_to: "{{ item }}" + with_items: "{{ groups.lb }}" + diff --git a/roles/web_worker/tasks/main_with_socat.yml b/roles/web_worker/tasks/main_with_socat.yml new file mode 100644 index 0000000..966588f --- /dev/null +++ b/roles/web_worker/tasks/main_with_socat.yml @@ -0,0 +1,84 @@ +--- +- name: Install software + package: + name: "{{ item }}" + state: latest + with_items: "{{ worker_packages }}" + +- name: Apache2 enable modules + apache2_module: + name: "{{ item }}" + state: present + with_items: "{{ worker_a2mods }}" + notify: Restart Apache2 + +- name: Apache2 disable sites + file: + path: "/etc/apache2/sites-enabled/{{ item }}" + state: absent + with_items: "{{ worker_a2dissites }}" + notify: Restart Apache2 + +- name: Apache2 create vhosts + template: + dest: "/etc/apache2/sites-available/{{ item }}" + src: "etc/apache2/sites-available/{{ item }}.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_a2ensites }}" + notify: Restart Apache2 + +- name: Apache2 disable sites + file: + path: "/etc/apache2/sites-enabled/{{ item }}" + src: "/etc/apache2/sites-available/{{ item }}" + state: link + force: yes + with_items: "{{ worker_a2ensites }}" + notify: Restart Apache2 + +- name: Apache2 create DocRoots + file: + path: "/{{ item }}" + state: directory + mode: 0755 + with_items: "{{ worker_a2docroots }}" + notify: Restart Apache2 + +- name: PHP Install pools + template: + dest: "/{{ item }}" + src: "{{ item }}.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_phpfpmpools }}" + notify: Restart PHP-FPM + +- name: Disable worker in load balancers + shell: "echo disable server nodes/{{ inventory_hostname }} | socat stdio /run/haproxy/admin.sock" + delegate_to: "{{ item }}" + with_items: "{{ groups.lb }}" + +- name: Apache2 copy websites + copy: + dest: "/{{ item }}/" + src: "{{ item }}/" + backup: yes + with_items: "{{ worker_a2docroots }}" + +- name: Apache2 template dummy index.html + template: + dest: "/{{ item }}/index.html" + src: "{{ item }}/index.html.j2" + mode: 0644 + backup: yes + with_items: "{{ worker_a2docroots }}" + +- name: Sleep 30 seconds... + pause: seconds=30 + +- name: Enable worker in load balancers + shell: 'echo "enable server nodes/{{ inventory_hostname }}" | socat stdio /run/haproxy/admin.sock' + delegate_to: "{{ item }}" + with_items: "{{ groups.lb }}" + diff --git a/roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2 b/roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2 new file mode 100644 index 0000000..fdabe03 --- /dev/null +++ b/roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2 @@ -0,0 +1,11 @@ + + ServerName {{ ansible_hostname }} + DocumentRoot /var/www/worker + + ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:4001/var/www/worker/$1 + + DirectoryIndex index.php index.xhtml index.html + + ErrorLog ${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.error.log + CustomLog ${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.access.log combined + diff --git a/roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2 b/roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2 new file mode 100644 index 0000000..2b96120 --- /dev/null +++ b/roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2 @@ -0,0 +1,12 @@ +[worker] +user = www-data +group = www-data +listen = 127.0.0.1:4001 +listen.owner = www-data +listen.group = www-data +pm = dynamic +pm.max_children = 5 +pm.start_servers = 3 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + diff --git a/roles/web_worker/templates/var/www/worker/index.html.j2 b/roles/web_worker/templates/var/www/worker/index.html.j2 new file mode 100644 index 0000000..db4edde --- /dev/null +++ b/roles/web_worker/templates/var/www/worker/index.html.j2 @@ -0,0 +1 @@ +

{{ ansible_hostname }}

diff --git a/web_db.yml b/web_db.yml new file mode 100644 index 0000000..63532e2 --- /dev/null +++ b/web_db.yml @@ -0,0 +1,6 @@ +--- +- hosts: db + roles: + - web_db + + diff --git a/web_lb.yml b/web_lb.yml new file mode 100644 index 0000000..d61be20 --- /dev/null +++ b/web_lb.yml @@ -0,0 +1,8 @@ +--- +- hosts: worker + tasks: [] + +- hosts: lb + roles: + - web_lb + diff --git a/web_site.yml b/web_site.yml new file mode 100644 index 0000000..391dfe3 --- /dev/null +++ b/web_site.yml @@ -0,0 +1,23 @@ +--- +- hosts: all + roles: + - web_base + +- hosts: lb + serial: "25%" + max_fail_percentage: 40 + roles: + - web_lb + +- hosts: db + serial: 1 + max_fail_percentage: 10 + roles: + - web_db + +- hosts: worker + serial: 2 + max_fail_percentage: 20 + roles: + - web_worker + diff --git a/web_worker.yml b/web_worker.yml new file mode 100644 index 0000000..663c70f --- /dev/null +++ b/web_worker.yml @@ -0,0 +1,10 @@ +--- +- hosts: lb + tasks: [] + +- hosts: worker + serial: 2 + max_fail_percentage: 20 + roles: + - web_worker +