examples

README.md

@@ -0,0 +1,6 @@
+
+Ansible Examples
+----------------
+
+This repository contains examples and best practises for building Ansible Playbooks.
+

lamp_haproxy/README.md

@@ -0,0 +1,40 @@
+Lamp Stack + LoadBalancer(haproxy) + add/remove nodes from cluster + Serial Rolling update of webserserver
+----------------------------------------------------------------------------------------------------------
+
+This example is an extension of the simple lamp deployment, In this example we deploy a lampstack with a LoadBalancer in front.
+This also has the capablity to add/remove nodes from the deployment. It also includes examples to do a rolling update of a stack
+without affecting the service.
+
+***Setup Entire Site.
+Firstly we setup the entire stack, configure the 'hosts' inventory file to include the names of your hosts on which the stack would be deployed.
+		[webservers]
+		web3
+		web2
+		[dbservers]
+		web3
+		[lbservers]
+		web2
+After which we execute the following command to deploy the site.
+	ansible-playbook -i hosts site.yml
+
+The deployment can be verified by accessing the webpage." lynx http://<ip-of-lb>:8888. multiple access should land you up in diffrent webservers.
+
+***Remove a node from the cluster.
+Removal of a node from the cluster would be as simple as executing the following command:
+	ansible-playbook -i hosts roles/remove_webservers.yml  --limit=web2
+
+***Adding a node to the cluster.
+Adding a node to the cluster can be done by executing the following command 
+	ansible-playbook -i hosts roles/add_webservers.yml  --limit=web2
+
+***Rolling update of the entire site or  a single hosts
+Rolling updates are the preffered way to do an update as this wont affect the end users, In this example the hosts are updated in serial fashion, which means
+that only one server would be updated at one time, this behaviour can be changed by setting the 'serial' keyword in webservers.yml file.
+Once the code has been updated in the repository which can be defined in the group_vars/all file, execute the following command:
+	 ansible-playbook -i hosts roles/rolling_update.yml
+
+
+
+
+
+	 

lamp_haproxy/group_vars/all

@@ -0,0 +1,6 @@
+---
+# varialbles here would be applicable to all groups
+
+httpd_port: 80
+ntpserver: 192.168.1.2
+repository: http://github.com/bennojoy/mywebapp.git

lamp_haproxy/group_vars/dbservers

@@ -0,0 +1,8 @@
+---
+# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated.
+
+mysqlservice: mysqld
+mysql_port: 3306
+dbuser: root
+dbname: foodb
+upassword: abc

lamp_haproxy/group_vars/lbservers

@@ -0,0 +1,16 @@
+---
+# File for the HAproxy configuration
+
+#Supports http and tcp, for ssl smtp etc.. use tcp
+mode: http
+
+#port on which the lb should listen
+listenport: 8888
+
+#A name for the proxy daemon, this would be the suffix in the logs.
+daemonname: myapplb
+
+#Balancing Algorithm Avalilable options: roundrobin,source,leastconn,source,uri
+#If persistance is required use source
+balance: roundrobin 
+

lamp_haproxy/hosts

@@ -0,0 +1,10 @@
+[webservers]
+web3
+web2
+
+[dbservers]
+web3
+
+[lbservers]
+web2
+

lamp_haproxy/roles/add_webservers.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook adds  a webserver into the the web cluster
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/webtier/tasks/install_httpd.yml
+   - include: ../roles/webtier/tasks/copy_code.yml
+   - include: ../roles/webtier/tasks/add_to_lb.yml

lamp_haproxy/roles/common/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+# Handler to handle common notifications
+
+- name: restart ntp
+  service: name=ntpd state=restarted
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_haproxy/roles/common/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+# This playbook contains common plays that would be run on all Nodes.
+
+- name: Install ntp 
+  yum: name=ntp state=present
+  tags: ntp
+
+- name: Configure ntp file
+  template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf
+  tags: ntp
+  notify: restart ntp
+
+- name: Start the ntp service
+  service: name=ntpd state=started enabled=true
+  tags: ntp
+
+
+ 

lamp_haproxy/roles/common/templates/ntp.conf.j2

@@ -0,0 +1,12 @@
+
+driftfile /var/lib/ntp/drift
+
+restrict 127.0.0.1 
+restrict -6 ::1
+
+server {{ ntpserver }}
+
+includefile /etc/ntp/crypto/pw
+
+keys /etc/ntp/keys
+

lamp_haproxy/roles/db.yml

@@ -0,0 +1,11 @@
+---
+# This playbook deploys mysql and configures database on the db node/nodes  
+
+- hosts: dbservers
+  user: root
+  tasks: 
+     - include: common/tasks/main.yml 
+     - include: dbtier/tasks/install_mysql.yml
+  handlers:
+     - include: dbtier/handlers/main.yml
+     - include: common/handlers/main.yml 

lamp_haproxy/roles/dbtier/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# Handler to handle DB tier notifications
+
+- name: restart mysql
+  service: name=mysqld state=restarted
+

lamp_haproxy/roles/dbtier/tasks/install_mysql.yml

@@ -0,0 +1,32 @@
+---
+# This playbook will install mysql and create db user and give permissions.
+
+- name: Install Mysql package
+  action: yum pkg=$item state=installed
+  with_items:
+   - mysql-server
+   - MySQL-python
+   - libselinux-python
+   - libsemanage-python
+
+- name: Configure SELinux to start mysql on any port
+  seboolean: name=mysql_connect_any state=true persistent=yes
+
+- name: Create Mysql configuration file
+  action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf
+  notify: 
+  - restart mysql
+
+- name: Start Mysql Service
+  service: name=mysqld state=started enabled=true
+
+- name: insert iptables rule
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $mysql_port -j  ACCEPT"
+  notify: restart iptables
+
+
+- name: Create Application Database
+  mysql_db: name=$dbname state=present
+
+- name: Create Application DB User
+  mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present

lamp_haproxy/roles/dbtier/templates/my.cnf.j2

@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+port={{ mysql_port }}
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

lamp_haproxy/roles/haproxy.yml

@@ -0,0 +1,10 @@
+---
+#PlayBook for haproxy operations
+
+- hosts: lbservers
+  user: root
+  tasks:
+   - include: haproxy/tasks/install_haproxy.yml
+  handlers:
+   - include: haproxy/handlers/main.yml
+   - include: common/handlers/main.yml

lamp_haproxy/roles/haproxy/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+# Handlers for the HAproxy
+
+- name: restart haproxy
+  service: name=haproxy state=restarted
+
+- name: reload haproxy
+  service: name=haproxy state=reloaded
+
+ 
+

lamp_haproxy/roles/haproxy/tasks/install_haproxy.yml

@@ -0,0 +1,19 @@
+---
+# This PlayBook Installs the HAProxy and configures it.
+
+- name: Download and install haproxy
+  command: creates=/opt/haproxy.rpm curl -o /opt/haproxy.rpm ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/haproxy-1.4.18-1.el6.i686.rpm
+
+- name: Install the haproxy rpm.
+  command: creates=/etc/haproxy/haproxy.cfg yum -y localinstall  /opt/haproxy.rpm
+
+- name: Install the socat package for dynamic addition/removal of hosts
+  yum: name=socat state=installed
+
+- name: Open firewall port for haproxy.
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$listenport" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $listenport -j  ACCEPT"
+  notify: restart iptables
+
+- name: Configure the haproxy cnf file with hosts
+  template: src=haproxy/templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
+  notify: restart haproxy

lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2

@@ -0,0 +1,39 @@
+global
+    log         127.0.0.1 local2 
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        root
+    group       root
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats level admin
+
+defaults
+    mode                    {{ mode }}
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+backend app
+    {% for host in groups['lbservers'] %}
+    	listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }}
+    {% endfor %}
+    balance     {{ balance }}
+    {% for host in groups['webservers'] %}
+        server {{ hostvars[host].ansible_hostname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ httpd_port }}
+    {% endfor %}

lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2.bck

@@ -0,0 +1,36 @@
+global
+    log         127.0.0.1 local2 
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        root
+    group       root
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats level admin
+
+defaults
+    mode                    {{ mode }}
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+backend app
+    {% for host in groups['lbservers'] %}
+    	listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }}
+    {% endfor %}
+    balance     {{ balance }}

lamp_haproxy/roles/remove_webservers.yml

@@ -0,0 +1,9 @@
+---
+# This Playbook removes a  webserver from  the pool serialy.
+
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/webtier/tasks/remove_from_lb.yml

lamp_haproxy/roles/rolling_update.yml

@@ -0,0 +1,8 @@
+---
+# This Playbook does a rolling update of the code for all webservers serially (one at a time). Change the value of serial: to adjust the number of server to be updated.
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/webtier/tasks/rolling_update.yml

lamp_haproxy/roles/web.yml

@@ -0,0 +1,11 @@
+---
+# This Playbook deploys the WebServers with httpd and the code.
+
+- hosts: webservers
+  user: root
+  tasks:
+  - include: common/tasks/main.yml
+  - include: webtier/tasks/install_httpd.yml
+  - include: webtier/tasks/copy_code.yml
+  handlers:
+   - include: webtier/handlers/main.yml

lamp_haproxy/roles/webtier/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# Handler for the webtier
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_haproxy/roles/webtier/tasks/add_to_lb.yml

@@ -0,0 +1,15 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Add server to LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}"
+  delegate_to: $item
+  with_items: ${groups.lbservers}  
+  register: last_run
+   
+- name: Reload the haproxy
+  service: name=haproxy state=reloaded
+  delegate_to: $item
+  with_items: ${groups.lbservers} 
+  only_if: ${last_run.changed}
+

lamp_haproxy/roles/webtier/tasks/copy_code.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook is responsible for copying the latest dev/production code from the version control system. 
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+
+
+- name: Create's the index.php file 
+  template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php
+  

lamp_haproxy/roles/webtier/tasks/install_httpd.yml

@@ -0,0 +1,26 @@
+---
+# This playbook installs http and the php modules.
+
+- name: Install http and php etc
+  action: yum  name=$item state=installed
+  with_items:
+   - httpd
+   - php
+   - php-mysql
+   - libsemanage-python
+   - libselinux-python
+  
+
+- name: insert iptables rule for httpd
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $httpd_port -j  ACCEPT"
+  register: last_run
+
+- name: Apply iptable rule
+  service: name=iptables state=restarted
+  only_if: ${last_run.changed}
+
+- name: http service state
+  service: name=httpd state=started enabled=yes
+
+- name: Configure SELinux to allow httpd to connect to remote database
+  seboolean: name=httpd_can_network_connect_db state=true persistent=yes 

lamp_haproxy/roles/webtier/tasks/remove_from_lb.yml

@@ -0,0 +1,23 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+  
+- name: Remove server from LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" 
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+  register: last_run
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+
+- name: Remove the httpd package
+  yum: name=httpd state=absent
+
+
+
+ 

lamp_haproxy/roles/webtier/tasks/rolling_update.yml

@@ -0,0 +1,22 @@
+---
+# This Playbook implements a rolling update on the infrastructure, change the value of the serial keyword to specify the number of servers the update should happen.
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+   
+- name: Create's the index.php file
+  template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php
+
+- name: Enable the server in haproxy
+  shell: echo "enable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+

lamp_haproxy/roles/webtier/tasks/utils.yml

@@ -0,0 +1,39 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Add server to LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}"
+  delegate_to: ${lbserver}
+  register: last_run
+  tags: add
+   
+- name: Reload the haproxy
+  service: name=haproxy state=reloaded
+  delegate_to: ${lbserver}
+  only_if: ${last_run.changed}
+  tags: add
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+  tags: remove
+  
+- name: Remove server from LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" 
+  delegate_to: $item
+  with_items: ${groups.lbservers}}
+  register: last_run
+  tags: remove
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}}
+  tags:  remove
+
+- name: Remove the httpd package
+  yum: name=httpd state=absent
+  tags: remove
+
+
+
+ 

lamp_haproxy/roles/webtier/templates/index.php.j2

@@ -0,0 +1,16 @@
+<html>
+ <head>
+  <title>Ansible Application</title>
+ </head>
+ <body>
+ </br>
+  <a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a>
+ </br>
+<?php 
+ Print "Hello, World! I am configured in Ansible and i am : ";
+ echo exec('hostname');
+ Print  "</BR>";
+?>
+</body>
+</html>
+

lamp_haproxy/site.yml

@@ -0,0 +1,6 @@
+---
+#This Playbook deploys the whole application stack in this site.  
+
+- include: roles/db.yml
+- include: roles/web.yml
+- include: roles/haproxy.yml

lamp_simple/README.md

@@ -0,0 +1,58 @@
+Building a simple LAMP stack and deploying Application using Ansible Playbooks.
+-------------------------------------------
+
+This playbooks is meant to be a reference and starters guide to building  Ansible Playbooks. These playbooks were tested on Centos 6.x so we recommend Centos to test these modules.
+
+### Installing Ansible
+
+Running this playbook requires setting up Ansible first, luckily this is a very simple process on Centos 6.x:
+
+        yum install http://epel.mirrors.arminco.com/6/x86_64/epel-release-6-8.noarch.rpm
+        yum install python PyYAML python-paramiko python-jinja2
+        git clone git://github.com/ansible/ansible.git
+        cd ansible
+        source hacking/env-setup
+
+Generate/Synchronize your ssh keys(Optional you can pass -k parameter to prompt for password)
+
+        ssh-keygen -t rsa
+        cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
+
+Create a sample inventory file (File containing the hostnames)
+
+        echo "localhost" > ansible_hosts
+
+Test if we are setup properly
+
+        ansible -i ansible_hosts localhost -m ping
+                localhost | success >> {
+                        "changed": false,
+                        "ping": "pong"
+                }
+
+
+
+Now we setup our Lamp Stack, The stack can be on a single node or multiple nodes. The inventory file 'hosts' defines the nodes in which the stacks should be configured.
+
+        [webservers]
+        localhost
+
+        [dbservers]
+        bensible
+
+Here the webserver would be configured on the localhost and the dbserver on bensible. The stack can be deployed using the following command.
+
+ 	ansible-playbook -i hosts site.yml
+
+Once Done, you can check by browsing to http://<ipofhost>/index.php
+
+If you want to add a new webserver to the stack it would be as simple as changing the hosts file to add the new webserver name and rerun the above command.
+
+        [webservers]
+        localhost
+        webserver1
+
+        [dbservers]
+        bensible
+
+        ansible-playbook -i hosts site.yml

lamp_simple/group_vars/all

@@ -0,0 +1,6 @@
+---
+# varialbles here would be applicable to all groups
+
+httpd_port: 80
+ntpserver: 192.168.1.2
+repository: http://github.com/bennojoy/mywebapp.git

lamp_simple/group_vars/dbservers

@@ -0,0 +1,8 @@
+---
+# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated.
+
+mysqlservice: mysqld
+mysql_port: 3306
+dbuser: root
+dbname: foodb
+upassword: abc

lamp_simple/hosts

@@ -0,0 +1,5 @@
+[webservers]
+web2
+
+[dbservers]
+web3

lamp_simple/roles/common/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+# Handler to handle common notifications
+
+- name: restart ntp
+  service: name=ntpd state=restarted
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_simple/roles/common/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+# This playbook contains common plays that would be run on all Nodes.
+
+- name: Install ntp 
+  yum: name=ntp state=present
+  tags: ntp
+
+- name: Configure ntp file
+  template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf
+  tags: ntp
+  notify: restart ntp
+
+- name: Start the ntp service
+  service: name=ntpd state=started enabled=true
+  tags: ntp
+
+
+ 

lamp_simple/roles/common/templates/ntp.conf.j2

@@ -0,0 +1,12 @@
+
+driftfile /var/lib/ntp/drift
+
+restrict 127.0.0.1 
+restrict -6 ::1
+
+server {{ ntpserver }}
+
+includefile /etc/ntp/crypto/pw
+
+keys /etc/ntp/keys
+

lamp_simple/roles/db.yml

@@ -0,0 +1,11 @@
+---
+# This playbook deploys mysql and configures database on the db node/nodes  
+
+- hosts: dbservers
+  user: root
+  tasks: 
+     - include: common/tasks/main.yml 
+     - include: dbtier/tasks/install_mysql.yml
+  handlers:
+     - include: dbtier/handlers/main.yml
+     - include: common/handlers/main.yml 

lamp_simple/roles/dbtier/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# Handler to handle DB tier notifications
+
+- name: restart mysql
+  service: name=mysqld state=restarted
+

lamp_simple/roles/dbtier/tasks/install_mysql.yml

@@ -0,0 +1,32 @@
+---
+# This playbook will install mysql and create db user and give permissions.
+
+- name: Install Mysql package
+  action: yum pkg=$item state=installed
+  with_items:
+   - mysql-server
+   - MySQL-python
+   - libselinux-python
+   - libsemanage-python
+
+- name: Configure SELinux to start mysql on any port
+  seboolean: name=mysql_connect_any state=true persistent=yes
+
+- name: Create Mysql configuration file
+  action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf
+  notify: 
+  - restart mysql
+
+- name: Start Mysql Service
+  service: name=mysqld state=started enabled=true
+
+- name: insert iptables rule
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $mysql_port -j  ACCEPT"
+  notify: restart iptables
+
+
+- name: Create Application Database
+  mysql_db: name=$dbname state=present
+
+- name: Create Application DB User
+  mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present

lamp_simple/roles/dbtier/templates/my.cnf.j2

@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+port={{ mysql_port }}
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

lamp_simple/roles/web.yml

@@ -0,0 +1,11 @@
+---
+# This Playbook deploys the WebServers with httpd and the code.
+
+- hosts: webservers
+  user: root
+  tasks:
+  - include: common/tasks/main.yml
+  - include: webtier/tasks/install_httpd.yml
+  - include: webtier/tasks/copy_code.yml
+  handlers:
+   - include: webtier/handlers/main.yml

lamp_simple/roles/webtier/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# Handler for the webtier
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_simple/roles/webtier/tasks/copy_code.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook is responsible for copying the latest dev/production code from the version control system. 
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+
+
+- name: Create's the index.php file 
+  template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php
+  

lamp_simple/roles/webtier/tasks/install_httpd.yml

@@ -0,0 +1,26 @@
+---
+# This playbook installs http and the php modules.
+
+- name: Install http and php etc
+  action: yum  name=$item state=installed
+  with_items:
+   - httpd
+   - php
+   - php-mysql
+   - libsemanage-python
+   - libselinux-python
+  
+
+- name: insert iptables rule for httpd
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $httpd_port -j  ACCEPT"
+  register: last_run
+
+- name: Apply iptable rule
+  service: name=iptables state=restarted
+  only_if: ${last_run.changed}
+
+- name: http service state
+  service: name=httpd state=started enabled=yes
+
+- name: Configure SELinux to allow httpd to connect to remote database
+  seboolean: name=httpd_can_network_connect_db state=true persistent=yes 

lamp_simple/roles/webtier/templates/index.php.j2

@@ -0,0 +1,24 @@
+<html>
+ <head>
+  <title>Ansible Application</title>
+ </head>
+ <body>
+ </br>
+  <a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a>
+ </br>
+<?php 
+ Print "Hello, World! I am configured in Ansible and i am : ";
+ echo exec('hostname');
+ Print  "</BR>";
+echo  "List of Databases: </BR>";
+        {% for host in groups['dbservers'] %}
+                $link = mysql_connect('{{ hostvars[host].ansible_eth0.ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysql_error());
+        {% endfor %}
+        $res = mysql_query("SHOW DATABASES");
+        while ($row = mysql_fetch_assoc($res)) {
+                echo $row['Database'] . "\n";
+        }
+?>
+</body>
+</html>
+

lamp_simple/site.yml

@@ -0,0 +1,5 @@
+---
+#This Playbook deploys the whole application stack in this site.  
+
+- include: roles/db.yml
+- include: roles/web.yml