Initial commit

roles/web_base/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+ntp_server:
+  - 0.de.pool.ntp.org
+  - 1.de.pool.ntp.org
+  - 2.de.pool.ntp.org

roles/web_base/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: ntp }

roles/web_db/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+db_packages:
+  - mariadb-server
+  - python-mysqldb
+
+db_servicename: mysql
+
+db_name: webapp
+db_user: webappuser
+db_password: webapppw
+

roles/web_db/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Install software
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ db_packages }}"
+
+- name: MariaDB enable service
+  service:
+    name: "{{ db_servicename }}"
+    state: started
+    enabled: yes
+
+- name: MariaDB create DB
+  mysql_db:
+    name: "{{ db_name }}"
+    state: present
+
+- name: MariaDB create user
+  mysql_user:
+    name: "{{ db_user }}"
+    password: "{{ db_password }}"
+    priv: '{{ db_name }}.*:ALL'
+    host: '%'
+    state: present
+
+

roles/web_lb/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+lb_packages:
+  - haproxy
+  - socat
+

roles/web_lb/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Restart HAProxy
+  service:
+    name: haproxy
+    state: restarted
+
+- name: Restart RSyslog
+  service:
+    name: rsyslog
+    state: restarted
+
+

roles/web_lb/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Install software
+  package:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ lb_packages }}"
+  notify: Restart RSyslog
+
+- name: HAProxy enable service
+  service:
+    name: haproxy
+    enabled: yes
+    state: started
+
+- name: HAProxy create config
+  template:
+    dest: "/etc/haproxy/haproxy.cfg"
+    src: "haproxy.cfg.j2"
+    mode: 0644
+    backup: yes
+  notify:
+    - Restart HAProxy
+    - Restart RSyslog
+

roles/web_lb/templates/haproxy.cfg.j2

@@ -0,0 +1,58 @@
+global
+	log	127.0.0.1 local0
+	log	127.0.0.1 local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# Default ciphers to use on SSL-enabled listening sockets.
+	# For more information, see ciphers(1SSL).
+	ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+	timeout connect 5000
+	timeout client	50000
+	timeout server	50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+frontend	localnodes
+	bind		*:80
+	mode		http
+	default_backend	nodes
+
+backend		nodes
+	mode		http
+	balance		roundrobin
+	option		forwardfor
+	http-request	set-header X-Forwarded-Port %[dst_port]
+	http-request	add-header X-Forwarded-Proto https if { ssl_fc }
+	option		httpchk HEAD / HTTP/1.1\r\nHost:localhost
+	#server		worker_01 172.22.244.81:80 check
+	{% for host in groups['worker'] %}
+	  server  {{ hostvars[host]['ansible_hostname'] }}  {{ hostvars[host]['ansible_default_ipv4'].address }}:80 check
+	{% endfor %}
+
+listen stats
+	bind *:1936
+	stats enable
+	stats uri /
+	stats hide-version
+	stats auth admin:admin
+

roles/web_worker/defaults/main.yml

@@ -0,0 +1,25 @@
+---
+worker_packages:
+  - apache2
+  - php-fpm
+  - php-mysql
+
+worker_a2mods:
+  - mpm_event
+  - proxy
+  - proxy_fcgi
+  - rewrite
+
+worker_a2dissites:
+  - 000-default.conf
+  - default-ssl.conf
+
+worker_a2ensites:
+  - worker.conf
+
+worker_a2docroots:
+  - var/www/worker
+
+worker_phpfpmpools:
+  - etc/php/7.0/fpm/pool.d/worker.conf
+

roles/web_worker/files/var/www/worker/index.php

@@ -0,0 +1 @@
+<?php phpinfo(); ?>

roles/web_worker/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart Apache2
+  service:
+    name: apache2
+    state: restarted
+
+- name: Restart PHP-FPM
+  service:
+    name: php7.0-fpm
+    state: restarted
+

roles/web_worker/tasks/db_update.yml

@@ -0,0 +1,5 @@
+---
+- name: Update DB schema
+  command: {{ worker_dbupdate_command }}
+  run_once: True
+

roles/web_worker/tasks/main.yml

@@ -0,0 +1 @@
+main_with_haproxy.yml

roles/web_worker/tasks/main_with_haproxy.yml

@@ -0,0 +1,92 @@
+---
+- name: Install software
+  package:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ worker_packages }}"
+
+- name: Apache2 enable modules
+  apache2_module:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ worker_a2mods }}"
+  notify: Restart Apache2
+
+- name: Apache2 disable sites
+  file:
+    path: "/etc/apache2/sites-enabled/{{ item }}"
+    state: absent
+  with_items: "{{ worker_a2dissites }}"
+  notify: Restart Apache2
+
+- name: Apache2 create vhosts
+  template:
+    dest: "/etc/apache2/sites-available/{{ item }}"
+    src: "etc/apache2/sites-available/{{ item }}.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_a2ensites }}"
+  notify: Restart Apache2
+
+- name: Apache2 enable sites
+  file:
+    path: "/etc/apache2/sites-enabled/{{ item }}"
+    src: "/etc/apache2/sites-available/{{ item }}"
+    state: link
+    force: yes
+  with_items: "{{ worker_a2ensites }}"
+  notify: Restart Apache2
+
+- name: Apache2 create DocRoots
+  file:
+    path: "/{{ item }}"
+    state: directory
+    mode: 0755
+  with_items: "{{ worker_a2docroots }}"
+  notify: Restart Apache2
+
+- name: PHP Install pools
+  template:
+    dest: "/{{ item }}"
+    src: "{{ item }}.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_phpfpmpools }}"
+  notify: Restart PHP-FPM
+
+- name: Disable worker in load balancers
+  haproxy:
+    socket: /run/haproxy/admin.sock
+    backend: nodes
+    host: "{{ inventory_hostname }}"
+    state: disabled
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.lb }}"
+
+- name: Apache2 copy websites
+  copy:
+    dest: "/{{ item }}/"
+    src: "{{ item }}/"
+    backup: yes
+  with_items: "{{ worker_a2docroots }}"
+
+- name: Apache2 template dummy index.html
+  template:
+    dest: "/{{ item }}/index.html"
+    src: "{{ item }}/index.html.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_a2docroots }}"
+
+- name: Sleep 30 seconds...
+  pause: seconds=30
+
+- name: Enable worker in load balancers
+  haproxy:
+    socket: /run/haproxy/admin.sock
+    backend: nodes
+    host: "{{ inventory_hostname }}"
+    state: enabled
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.lb }}"
+

roles/web_worker/tasks/main_with_socat.yml

@@ -0,0 +1,84 @@
+---
+- name: Install software
+  package:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ worker_packages }}"
+
+- name: Apache2 enable modules
+  apache2_module:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ worker_a2mods }}"
+  notify: Restart Apache2
+
+- name: Apache2 disable sites
+  file:
+    path: "/etc/apache2/sites-enabled/{{ item }}"
+    state: absent
+  with_items: "{{ worker_a2dissites }}"
+  notify: Restart Apache2
+
+- name: Apache2 create vhosts
+  template:
+    dest: "/etc/apache2/sites-available/{{ item }}"
+    src: "etc/apache2/sites-available/{{ item }}.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_a2ensites }}"
+  notify: Restart Apache2
+
+- name: Apache2 disable sites
+  file:
+    path: "/etc/apache2/sites-enabled/{{ item }}"
+    src: "/etc/apache2/sites-available/{{ item }}"
+    state: link
+    force: yes
+  with_items: "{{ worker_a2ensites }}"
+  notify: Restart Apache2
+
+- name: Apache2 create DocRoots
+  file:
+    path: "/{{ item }}"
+    state: directory
+    mode: 0755
+  with_items: "{{ worker_a2docroots }}"
+  notify: Restart Apache2
+
+- name: PHP Install pools
+  template:
+    dest: "/{{ item }}"
+    src: "{{ item }}.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_phpfpmpools }}"
+  notify: Restart PHP-FPM
+
+- name: Disable worker in load balancers
+  shell: "echo disable server nodes/{{ inventory_hostname }} | socat stdio /run/haproxy/admin.sock"
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.lb }}"
+
+- name: Apache2 copy websites
+  copy:
+    dest: "/{{ item }}/"
+    src: "{{ item }}/"
+    backup: yes
+  with_items: "{{ worker_a2docroots }}"
+
+- name: Apache2 template dummy index.html
+  template:
+    dest: "/{{ item }}/index.html"
+    src: "{{ item }}/index.html.j2"
+    mode: 0644
+    backup: yes
+  with_items: "{{ worker_a2docroots }}"
+
+- name: Sleep 30 seconds...
+  pause: seconds=30
+
+- name: Enable worker in load balancers
+  shell: 'echo "enable server nodes/{{ inventory_hostname }}" | socat stdio /run/haproxy/admin.sock'
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.lb }}"
+

roles/web_worker/templates/etc/apache2/sites-available/worker.conf.j2

@@ -0,0 +1,11 @@
+<VirtualHost *:80>
+	ServerName	{{ ansible_hostname }}
+	DocumentRoot	/var/www/worker
+
+	ProxyPassMatch	^/(.*\.php(/.*)?)$	fcgi://127.0.0.1:4001/var/www/worker/$1
+
+	DirectoryIndex	index.php index.xhtml index.html
+
+	ErrorLog	${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.error.log
+	CustomLog	${APACHE_LOG_DIR}/worker_{{ ansible_hostname }}.access.log combined
+</VirtualHost>

roles/web_worker/templates/etc/php/7.0/fpm/pool.d/worker.conf.j2

@@ -0,0 +1,12 @@
+[worker]
+user = www-data
+group = www-data
+listen = 127.0.0.1:4001
+listen.owner = www-data
+listen.group = www-data
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 3
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+

roles/web_worker/templates/var/www/worker/index.html.j2

@@ -0,0 +1 @@
+<h1>{{ ansible_hostname }}</h1>

web_db.yml

@@ -0,0 +1,6 @@
+---
+- hosts: db
+  roles:
+    - web_db
+
+

web_lb.yml

@@ -0,0 +1,8 @@
+---
+- hosts: worker
+  tasks: []
+
+- hosts: lb
+  roles:
+    - web_lb
+

web_site.yml

@@ -0,0 +1,23 @@
+---
+- hosts: all
+  roles:
+    - web_base
+
+- hosts: lb
+  serial: "25%"
+  max_fail_percentage: 40
+  roles:
+    - web_lb
+
+- hosts: db
+  serial: 1
+  max_fail_percentage: 10
+  roles:
+    - web_db
+
+- hosts: worker
+  serial: 2
+  max_fail_percentage: 20
+  roles:
+    - web_worker
+

web_worker.yml

@@ -0,0 +1,10 @@
+---
+- hosts: lb
+  tasks: []
+
+- hosts: worker
+  serial: 2
+  max_fail_percentage: 20
+  roles:
+    - web_worker
+