Ansible/roles_webcluster
1
0
Fork 0
Code Releases Activity

Initial commit

Browse source
This commit is contained in:
Sven Velt 2017-11-30 12:11:25 +01:00
commit c5a8d99a77
22 changed files with 435 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/web_base/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
ntp_server:
- 0.de.pool.ntp.org
- 1.de.pool.ntp.org
- 2.de.pool.ntp.org

3
roles/web_base/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- { role: ntp }

11
roles/web_db/defaults/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
db_packages:
- mariadb-server
- python-mysqldb
db_servicename: mysql
db_name: webapp
db_user: webappuser
db_password: webapppw

27
roles/web_db/tasks/main.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: Install software
package:
name: "{{ item }}"
state: present
with_items: "{{ db_packages }}"
- name: MariaDB enable service
service:
name: "{{ db_servicename }}"
state: started
enabled: yes
- name: MariaDB create DB
mysql_db:
name: "{{ db_name }}"
state: present
- name: MariaDB create user
mysql_user:
name: "{{ db_user }}"
password: "{{ db_password }}"
priv: '{{ db_name }}.*:ALL'
host: '%'
state: present

5
roles/web_lb/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
lb_packages:
- haproxy
- socat

12
roles/web_lb/handlers/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Restart HAProxy
service:
name: haproxy
state: restarted
- name: Restart RSyslog
service:
name: rsyslog
state: restarted

24
roles/web_lb/tasks/main.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Install software
package:
name: "{{ item }}"
state: latest
with_items: "{{ lb_packages }}"
notify: Restart RSyslog
- name: HAProxy enable service
service:
name: haproxy
enabled: yes
state: started
- name: HAProxy create config
template:
dest: "/etc/haproxy/haproxy.cfg"
src: "haproxy.cfg.j2"
mode: 0644
backup: yes
notify:
- Restart HAProxy
- Restart RSyslog

58
roles/web_lb/templates/haproxy.cfg.j2 Normal file
View file

@ -0,0 +1,58 @@
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend localnodes
bind *:80
mode http
default_backend nodes
backend nodes
mode http
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
#server worker_01 172.22.244.81:80 check
{% for host in groups['worker'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_default_ipv4'].address }}:80 check
{% endfor %}
listen stats
bind *:1936
stats enable
stats uri /
stats hide-version
stats auth admin:admin

25
roles/web_worker/defaults/main.yml Normal file
View file

@ -0,0 +1,25 @@
---
worker_packages:
- apache2
- php-fpm
- php-mysql
worker_a2mods:
- mpm_event
- proxy
- proxy_fcgi
- rewrite
worker_a2dissites:
- 000-default.conf
- default-ssl.conf
worker_a2ensites:
- worker.conf
worker_a2docroots:
- var/www/worker
worker_phpfpmpools:
- etc/php/7.0/fpm/pool.d/worker.conf

1
roles/web_worker/files/var/www/worker/index.php Normal file
View file

@ -0,0 +1 @@
<?php phpinfo(); ?>

11
roles/web_worker/handlers/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Restart Apache2
service:
name: apache2
state: restarted
- name: Restart PHP-FPM
service:
name: php7.0-fpm
state: restarted

5
roles/web_worker/tasks/db_update.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Update DB schema
command: {{ worker_dbupdate_command }}
run_once: True

1
roles/web_worker/tasks/main.yml Symbolic link
View file

@ -0,0 +1 @@
main_with_haproxy.yml

92
roles/web_worker/tasks/main_with_haproxy.yml Normal file
View file

@ -0,0 +1,92 @@
---
- name: Install software
package:
name: "{{ item }}"
state: latest
with_items: "{{ worker_packages }}"
- name: Apache2 enable modules
apache2_module:
name: "{{ item }}"
state: present
with_items: "{{ worker_a2mods }}"
notify: Restart Apache2
- name: Apache2 disable sites
file:
path: "/etc/apache2/sites-enabled/{{ item }}"
state: absent
with_items: "{{ worker_a2dissites }}"
notify: Restart Apache2
- name: Apache2 create vhosts
template:
dest: "/etc/apache2/sites-available/{{ item }}"
src: "etc/apache2/sites-available/{{ item }}.j2"
mode: 0644
backup: yes
with_items: "{{ worker_a2ensites }}"
notify: Restart Apache2
- name: Apache2 enable sites
file:
path: "/etc/apache2/sites-enabled/{{ item }}"
src: "/etc/apache2/sites-available/{{ item }}"
state: link
force: yes
with_items: "{{ worker_a2ensites }}"
notify: Restart Apache2
- name: Apache2 create DocRoots
file:
path: "/{{ item }}"
state: directory
mode: 0755
with_items: "{{ worker_a2docroots }}"
notify: Restart Apache2
- name: PHP Install pools
template:
dest: "/{{ item }}"
src: "{{ item }}.j2"
mode: 0644
backup: yes
with_items: "{{ worker_phpfpmpools }}"
notify: Restart PHP-FPM
- name: Disable worker in load balancers
haproxy:
socket: /run/haproxy/admin.sock
backend: nodes
host: "{{ inventory_hostname }}"
state: disabled
delegate_to: "{{ item }}"
with_items: "{{ groups.lb }}"
- name: Apache2 copy websites
copy:
dest: "/{{ item }}/"
src: "{{ item }}/"
backup: yes
with_items: "{{ worker_a2docroots }}"
- name: Apache2 template dummy index.html
template:
dest: "/{{ item }}/index.html"
src: "{{ item }}/index.html.j2"
mode: 0644
backup: yes
with_items: "{{ worker_a2docroots }}"
- name: Sleep 30 seconds...
pause: seconds=30
- name: Enable worker in load balancers
haproxy:
socket: /run/haproxy/admin.sock
backend: nodes
host: "{{ inventory_hostname }}"
state: enabled
delegate_to: "{{ item }}"
with_items: "{{ groups.lb }}"

84
roles/web_worker/tasks/main_with_socat.yml Normal file
View file

@ -0,0 +1,84 @@
---
- name: Install software
package:
name: "{{ item }}"
state: latest
with_items: "{{ worker_packages }}"
- name: Apache2 enable modules
apache2_module:
name: "{{ item }}"
state: present
with_items: "{{ worker_a2mods }}"
notify: Restart Apache2
- name: Apache2 disable sites
file:
path: "/etc/apache2/sites-enabled/{{ item }}"
state: absent
with_items: "{{ worker_a2dissites }}"
notify: Restart Apache2
- name: Apache2 create vhosts
template:
dest: "/etc/apache2/sites-available/{{ item }}"
src: "etc/apache2/sites-available/{{ item }}.j2"
mode: 0644
backup: yes
with_items: "{{ worker_a2ensites }}"
notify: Restart Apache2
- name: Apache2 disable sites
file:
path: "/etc/apache2/sites-enabled/{{ item }}"
src: "/etc/apache2/sites-available/{{ item }}"
state: link
force: yes
with_items: "{{ worker_a2ensites }}"
notify: Restart Apache2
- name: Apache2 create DocRoots
file:
path: "/{{ item }}"
state: directory
mode: 0755
with_items: "{{ worker_a2docroots }}"
notify: Restart Apache2
- name: PHP Install pools
template:
dest: "/{{ item }}"
src: "{{ item }}.j2"
mode: 0644
backup: yes
with_items: "{{ worker_phpfpmpools }}"
notify: Restart PHP-FPM
- name: Disable worker in load balancers
shell: "echo disable server nodes/{{ inventory_hostname }} | socat stdio /run/haproxy/admin.sock"
delegate_to: "{{ item }}"
with_items: "{{ groups.lb }}"
- name: Apache2 copy websites
copy:
dest: "/{{ item }}/"
src: "{{ item }}/"
backup: yes
with_items: "{{ worker_a2docroots }}"
- name: Apache2 template dummy index.html
template:
dest: "/{{ item }}/index.html"
src: "{{ item }}/index.html.j2"
mode: 0644
backup: yes
with_items: "{{ worker_a2docroots }}"
- name: Sleep 30 seconds...
pause: seconds=30
- name: Enable worker in load balancers
shell: 'echo "enable server nodes/{{ inventory_hostname }}" | socat stdio /run/haproxy/admin.sock'
delegate_to: "{{ item }}"
with_items: "{{ groups.lb }}"

11
roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
<VirtualHost *:80>
ServerName {{ ansible_hostname }}
DocumentRoot /var/www/worker
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:4001/var/www/worker/$1
DirectoryIndex index.php index.xhtml index.html
ErrorLog ${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.error.log
CustomLog ${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.access.log combined
</VirtualHost>

12
roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2 Normal file
View file

@ -0,0 +1,12 @@
[worker]
user = www-data
group = www-data
listen = 127.0.0.1:4001
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 3
pm.min_spare_servers = 1
pm.max_spare_servers = 3

1
roles/web_worker/templates/var/www/worker/index.html.j2 Normal file
View file

@ -0,0 +1 @@
<h1>{{ ansible_hostname }}</h1>

6
web_db.yml Normal file
View file

@ -0,0 +1,6 @@
---
- hosts: db
roles:
- web_db

8
web_lb.yml Normal file
View file

@ -0,0 +1,8 @@
---
- hosts: worker
tasks: []
- hosts: lb
roles:
- web_lb

23
web_site.yml Normal file
View file

@ -0,0 +1,23 @@
---
- hosts: all
roles:
- web_base
- hosts: lb
serial: "25%"
max_fail_percentage: 40
roles:
- web_lb
- hosts: db
serial: 1
max_fail_percentage: 10
roles:
- web_db
- hosts: worker
serial: 2
max_fail_percentage: 20
roles:
- web_worker

10
web_worker.yml Normal file
View file

@ -0,0 +1,10 @@
---
- hosts: lb
tasks: []
- hosts: worker
serial: 2
max_fail_percentage: 20
roles:
- web_worker