commit
12d305dd96
@ -0,0 +1,6 @@ |
||||
|
||||
Ansible Examples |
||||
---------------- |
||||
|
||||
This repository contains examples and best practises for building Ansible Playbooks. |
||||
|
@ -0,0 +1,40 @@ |
||||
Lamp Stack + LoadBalancer(haproxy) + add/remove nodes from cluster + Serial Rolling update of webserserver |
||||
---------------------------------------------------------------------------------------------------------- |
||||
|
||||
This example is an extension of the simple lamp deployment, In this example we deploy a lampstack with a LoadBalancer in front. |
||||
This also has the capablity to add/remove nodes from the deployment. It also includes examples to do a rolling update of a stack |
||||
without affecting the service. |
||||
|
||||
***Setup Entire Site. |
||||
Firstly we setup the entire stack, configure the 'hosts' inventory file to include the names of your hosts on which the stack would be deployed. |
||||
[webservers] |
||||
web3 |
||||
web2 |
||||
[dbservers] |
||||
web3 |
||||
[lbservers] |
||||
web2 |
||||
After which we execute the following command to deploy the site. |
||||
ansible-playbook -i hosts site.yml |
||||
|
||||
The deployment can be verified by accessing the webpage." lynx http://<ip-of-lb>:8888. multiple access should land you up in diffrent webservers. |
||||
|
||||
***Remove a node from the cluster. |
||||
Removal of a node from the cluster would be as simple as executing the following command: |
||||
ansible-playbook -i hosts roles/remove_webservers.yml --limit=web2 |
||||
|
||||
***Adding a node to the cluster. |
||||
Adding a node to the cluster can be done by executing the following command |
||||
ansible-playbook -i hosts roles/add_webservers.yml --limit=web2 |
||||
|
||||
***Rolling update of the entire site or a single hosts |
||||
Rolling updates are the preffered way to do an update as this wont affect the end users, In this example the hosts are updated in serial fashion, which means |
||||
that only one server would be updated at one time, this behaviour can be changed by setting the 'serial' keyword in webservers.yml file. |
||||
Once the code has been updated in the repository which can be defined in the group_vars/all file, execute the following command: |
||||
ansible-playbook -i hosts roles/rolling_update.yml |
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -0,0 +1,6 @@ |
||||
--- |
||||
# varialbles here would be applicable to all groups |
||||
|
||||
httpd_port: 80 |
||||
ntpserver: 192.168.1.2 |
||||
repository: http://github.com/bennojoy/mywebapp.git |
@ -0,0 +1,8 @@ |
||||
--- |
||||
# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. |
||||
|
||||
mysqlservice: mysqld |
||||
mysql_port: 3306 |
||||
dbuser: root |
||||
dbname: foodb |
||||
upassword: abc |
@ -0,0 +1,16 @@ |
||||
--- |
||||
# File for the HAproxy configuration |
||||
|
||||
#Supports http and tcp, for ssl smtp etc.. use tcp |
||||
mode: http |
||||
|
||||
#port on which the lb should listen |
||||
listenport: 8888 |
||||
|
||||
#A name for the proxy daemon, this would be the suffix in the logs. |
||||
daemonname: myapplb |
||||
|
||||
#Balancing Algorithm Avalilable options: roundrobin,source,leastconn,source,uri |
||||
#If persistance is required use source |
||||
balance: roundrobin |
||||
|
@ -0,0 +1,10 @@ |
||||
[webservers] |
||||
web3 |
||||
web2 |
||||
|
||||
[dbservers] |
||||
web3 |
||||
|
||||
[lbservers] |
||||
web2 |
||||
|
@ -0,0 +1,10 @@ |
||||
--- |
||||
# This Playbook adds a webserver into the the web cluster |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
serial: 1 |
||||
tasks: |
||||
- include: ../roles/webtier/tasks/install_httpd.yml |
||||
- include: ../roles/webtier/tasks/copy_code.yml |
||||
- include: ../roles/webtier/tasks/add_to_lb.yml |
@ -0,0 +1,8 @@ |
||||
--- |
||||
# Handler to handle common notifications |
||||
|
||||
- name: restart ntp |
||||
service: name=ntpd state=restarted |
||||
|
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
@ -0,0 +1,18 @@ |
||||
--- |
||||
# This playbook contains common plays that would be run on all Nodes. |
||||
|
||||
- name: Install ntp |
||||
yum: name=ntp state=present |
||||
tags: ntp |
||||
|
||||
- name: Configure ntp file |
||||
template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf |
||||
tags: ntp |
||||
notify: restart ntp |
||||
|
||||
- name: Start the ntp service |
||||
service: name=ntpd state=started enabled=true |
||||
tags: ntp |
||||
|
||||
|
||||
|
@ -0,0 +1,12 @@ |
||||
|
||||
driftfile /var/lib/ntp/drift |
||||
|
||||
restrict 127.0.0.1 |
||||
restrict -6 ::1 |
||||
|
||||
server {{ ntpserver }} |
||||
|
||||
includefile /etc/ntp/crypto/pw |
||||
|
||||
keys /etc/ntp/keys |
||||
|
@ -0,0 +1,11 @@ |
||||
--- |
||||
# This playbook deploys mysql and configures database on the db node/nodes |
||||
|
||||
- hosts: dbservers |
||||
user: root |
||||
tasks: |
||||
- include: common/tasks/main.yml |
||||
- include: dbtier/tasks/install_mysql.yml |
||||
handlers: |
||||
- include: dbtier/handlers/main.yml |
||||
- include: common/handlers/main.yml |
@ -0,0 +1,6 @@ |
||||
--- |
||||
# Handler to handle DB tier notifications |
||||
|
||||
- name: restart mysql |
||||
service: name=mysqld state=restarted |
||||
|
@ -0,0 +1,32 @@ |
||||
--- |
||||
# This playbook will install mysql and create db user and give permissions. |
||||
|
||||
- name: Install Mysql package |
||||
action: yum pkg=$item state=installed |
||||
with_items: |
||||
- mysql-server |
||||
- MySQL-python |
||||
- libselinux-python |
||||
- libsemanage-python |
||||
|
||||
- name: Configure SELinux to start mysql on any port |
||||
seboolean: name=mysql_connect_any state=true persistent=yes |
||||
|
||||
- name: Create Mysql configuration file |
||||
action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf |
||||
notify: |
||||
- restart mysql |
||||
|
||||
- name: Start Mysql Service |
||||
service: name=mysqld state=started enabled=true |
||||
|
||||
- name: insert iptables rule |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" |
||||
notify: restart iptables |
||||
|
||||
|
||||
- name: Create Application Database |
||||
mysql_db: name=$dbname state=present |
||||
|
||||
- name: Create Application DB User |
||||
mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present |
@ -0,0 +1,11 @@ |
||||
[mysqld] |
||||
datadir=/var/lib/mysql |
||||
socket=/var/lib/mysql/mysql.sock |
||||
user=mysql |
||||
# Disabling symbolic-links is recommended to prevent assorted security risks |
||||
symbolic-links=0 |
||||
port={{ mysql_port }} |
||||
|
||||
[mysqld_safe] |
||||
log-error=/var/log/mysqld.log |
||||
pid-file=/var/run/mysqld/mysqld.pid |
@ -0,0 +1,10 @@ |
||||
--- |
||||
#PlayBook for haproxy operations |
||||
|
||||
- hosts: lbservers |
||||
user: root |
||||
tasks: |
||||
- include: haproxy/tasks/install_haproxy.yml |
||||
handlers: |
||||
- include: haproxy/handlers/main.yml |
||||
- include: common/handlers/main.yml |
@ -0,0 +1,11 @@ |
||||
--- |
||||
# Handlers for the HAproxy |
||||
|
||||
- name: restart haproxy |
||||
service: name=haproxy state=restarted |
||||
|
||||
- name: reload haproxy |
||||
service: name=haproxy state=reloaded |
||||
|
||||
|
||||
|
@ -0,0 +1,19 @@ |
||||
--- |
||||
# This PlayBook Installs the HAProxy and configures it. |
||||
|
||||
- name: Download and install haproxy |
||||
command: creates=/opt/haproxy.rpm curl -o /opt/haproxy.rpm ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/haproxy-1.4.18-1.el6.i686.rpm |
||||
|
||||
- name: Install the haproxy rpm. |
||||
command: creates=/etc/haproxy/haproxy.cfg yum -y localinstall /opt/haproxy.rpm |
||||
|
||||
- name: Install the socat package for dynamic addition/removal of hosts |
||||
yum: name=socat state=installed |
||||
|
||||
- name: Open firewall port for haproxy. |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$listenport" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $listenport -j ACCEPT" |
||||
notify: restart iptables |
||||
|
||||
- name: Configure the haproxy cnf file with hosts |
||||
template: src=haproxy/templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg |
||||
notify: restart haproxy |
@ -0,0 +1,39 @@ |
||||
global |
||||
log 127.0.0.1 local2 |
||||
|
||||
chroot /var/lib/haproxy |
||||
pidfile /var/run/haproxy.pid |
||||
maxconn 4000 |
||||
user root |
||||
group root |
||||
daemon |
||||
|
||||
# turn on stats unix socket |
||||
stats socket /var/lib/haproxy/stats level admin |
||||
|
||||
defaults |
||||
mode {{ mode }} |
||||
log global |
||||
option httplog |
||||
option dontlognull |
||||
option http-server-close |
||||
option forwardfor except 127.0.0.0/8 |
||||
option redispatch |
||||
retries 3 |
||||
timeout http-request 10s |
||||
timeout queue 1m |
||||
timeout connect 10s |
||||
timeout client 1m |
||||
timeout server 1m |
||||
timeout http-keep-alive 10s |
||||
timeout check 10s |
||||
maxconn 3000 |
||||
|
||||
backend app |
||||
{% for host in groups['lbservers'] %} |
||||
listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} |
||||
{% endfor %} |
||||
balance {{ balance }} |
||||
{% for host in groups['webservers'] %} |
||||
server {{ hostvars[host].ansible_hostname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ httpd_port }} |
||||
{% endfor %} |
@ -0,0 +1,36 @@ |
||||
global |
||||
log 127.0.0.1 local2 |
||||
|
||||
chroot /var/lib/haproxy |
||||
pidfile /var/run/haproxy.pid |
||||
maxconn 4000 |
||||
user root |
||||
group root |
||||
daemon |
||||
|
||||
# turn on stats unix socket |
||||
stats socket /var/lib/haproxy/stats level admin |
||||
|
||||
defaults |
||||
mode {{ mode }} |
||||
log global |
||||
option httplog |
||||
option dontlognull |
||||
option http-server-close |
||||
option forwardfor except 127.0.0.0/8 |
||||
option redispatch |
||||
retries 3 |
||||
timeout http-request 10s |
||||
timeout queue 1m |
||||
timeout connect 10s |
||||
timeout client 1m |
||||
timeout server 1m |
||||
timeout http-keep-alive 10s |
||||
timeout check 10s |
||||
maxconn 3000 |
||||
|
||||
backend app |
||||
{% for host in groups['lbservers'] %} |
||||
listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} |
||||
{% endfor %} |
||||
balance {{ balance }} |
@ -0,0 +1,9 @@ |
||||
--- |
||||
# This Playbook removes a webserver from the pool serialy. |
||||
|
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
serial: 1 |
||||
tasks: |
||||
- include: ../roles/webtier/tasks/remove_from_lb.yml |
@ -0,0 +1,8 @@ |
||||
--- |
||||
# This Playbook does a rolling update of the code for all webservers serially (one at a time). Change the value of serial: to adjust the number of server to be updated. |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
serial: 1 |
||||
tasks: |
||||
- include: ../roles/webtier/tasks/rolling_update.yml |
@ -0,0 +1,11 @@ |
||||
--- |
||||
# This Playbook deploys the WebServers with httpd and the code. |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
tasks: |
||||
- include: common/tasks/main.yml |
||||
- include: webtier/tasks/install_httpd.yml |
||||
- include: webtier/tasks/copy_code.yml |
||||
handlers: |
||||
- include: webtier/handlers/main.yml |
@ -0,0 +1,5 @@ |
||||
--- |
||||
# Handler for the webtier |
||||
|
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
@ -0,0 +1,15 @@ |
||||
--- |
||||
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||
|
||||
- name: Add server to LB |
||||
lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
register: last_run |
||||
|
||||
- name: Reload the haproxy |
||||
service: name=haproxy state=reloaded |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
only_if: ${last_run.changed} |
||||
|
@ -0,0 +1,10 @@ |
||||
--- |
||||
# This Playbook is responsible for copying the latest dev/production code from the version control system. |
||||
|
||||
- name: Copy the code from repository |
||||
git: repo=${repository} dest=/var/www/html/ |
||||
|
||||
|
||||
- name: Create's the index.php file |
||||
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||
|
@ -0,0 +1,26 @@ |
||||
--- |
||||
# This playbook installs http and the php modules. |
||||
|
||||
- name: Install http and php etc |
||||
action: yum name=$item state=installed |
||||
with_items: |
||||
- httpd |
||||
- php |
||||
- php-mysql |
||||
- libsemanage-python |
||||
- libselinux-python |
||||
|
||||
|
||||
- name: insert iptables rule for httpd |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" |
||||
register: last_run |
||||
|
||||
- name: Apply iptable rule |
||||
service: name=iptables state=restarted |
||||
only_if: ${last_run.changed} |
||||
|
||||
- name: http service state |
||||
service: name=httpd state=started enabled=yes |
||||
|
||||
- name: Configure SELinux to allow httpd to connect to remote database |
||||
seboolean: name=httpd_can_network_connect_db state=true persistent=yes |
@ -0,0 +1,23 @@ |
||||
--- |
||||
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||
|
||||
- name: Remove the code from server |
||||
command: rm -rf /var/www/html/* |
||||
|
||||
- name: Remove server from LB |
||||
lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
register: last_run |
||||
|
||||
- name: disable the server in haproxy |
||||
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
|
||||
- name: Remove the httpd package |
||||
yum: name=httpd state=absent |
||||
|
||||
|
||||
|
||||
|
@ -0,0 +1,22 @@ |
||||
--- |
||||
# This Playbook implements a rolling update on the infrastructure, change the value of the serial keyword to specify the number of servers the update should happen. |
||||
|
||||
- name: Remove the code from server |
||||
command: rm -rf /var/www/html/* |
||||
|
||||
- name: disable the server in haproxy |
||||
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
|
||||
- name: Copy the code from repository |
||||
git: repo=${repository} dest=/var/www/html/ |
||||
|
||||
- name: Create's the index.php file |
||||
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||
|
||||
- name: Enable the server in haproxy |
||||
shell: echo "enable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers} |
||||
|
@ -0,0 +1,39 @@ |
||||
--- |
||||
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||
|
||||
- name: Add server to LB |
||||
lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" |
||||
delegate_to: ${lbserver} |
||||
register: last_run |
||||
tags: add |
||||
|
||||
- name: Reload the haproxy |
||||
service: name=haproxy state=reloaded |
||||
delegate_to: ${lbserver} |
||||
only_if: ${last_run.changed} |
||||
tags: add |
||||
|
||||
- name: Remove the code from server |
||||
command: rm -rf /var/www/html/* |
||||
tags: remove |
||||
|
||||
- name: Remove server from LB |
||||
lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers}} |
||||
register: last_run |
||||
tags: remove |
||||
|
||||
- name: disable the server in haproxy |
||||
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||
delegate_to: $item |
||||
with_items: ${groups.lbservers}} |
||||
tags: remove |
||||
|
||||
- name: Remove the httpd package |
||||
yum: name=httpd state=absent |
||||
tags: remove |
||||
|
||||
|
||||
|
||||
|
@ -0,0 +1,16 @@ |
||||
<html> |
||||
<head> |
||||
<title>Ansible Application</title> |
||||
</head> |
||||
<body> |
||||
</br> |
||||
<a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a> |
||||
</br> |
||||
<?php |
||||
Print "Hello, World! I am configured in Ansible and i am : "; |
||||
echo exec('hostname'); |
||||
Print "</BR>"; |
||||
?> |
||||
</body> |
||||
</html> |
||||
|
@ -0,0 +1,6 @@ |
||||
--- |
||||
#This Playbook deploys the whole application stack in this site. |
||||
|
||||
- include: roles/db.yml |
||||
- include: roles/web.yml |
||||
- include: roles/haproxy.yml |
@ -0,0 +1,58 @@ |
||||
Building a simple LAMP stack and deploying Application using Ansible Playbooks. |
||||
------------------------------------------- |
||||
|
||||
This playbooks is meant to be a reference and starters guide to building Ansible Playbooks. These playbooks were tested on Centos 6.x so we recommend Centos to test these modules. |
||||
|
||||
### Installing Ansible |
||||
|
||||
Running this playbook requires setting up Ansible first, luckily this is a very simple process on Centos 6.x: |
||||
|
||||
yum install http://epel.mirrors.arminco.com/6/x86_64/epel-release-6-8.noarch.rpm |
||||
yum install python PyYAML python-paramiko python-jinja2 |
||||
git clone git://github.com/ansible/ansible.git |
||||
cd ansible |
||||
source hacking/env-setup |
||||
|
||||
Generate/Synchronize your ssh keys(Optional you can pass -k parameter to prompt for password) |
||||
|
||||
ssh-keygen -t rsa |
||||
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys |
||||
|
||||
Create a sample inventory file (File containing the hostnames) |
||||
|
||||
echo "localhost" > ansible_hosts |
||||
|
||||
Test if we are setup properly |
||||
|
||||
ansible -i ansible_hosts localhost -m ping |
||||
localhost | success >> { |
||||
"changed": false, |
||||
"ping": "pong" |
||||
} |
||||
|
||||
|
||||
|
||||
Now we setup our Lamp Stack, The stack can be on a single node or multiple nodes. The inventory file 'hosts' defines the nodes in which the stacks should be configured. |
||||
|
||||
[webservers] |
||||
localhost |
||||
|
||||
[dbservers] |
||||
bensible |
||||
|
||||
Here the webserver would be configured on the localhost and the dbserver on bensible. The stack can be deployed using the following command. |
||||
|
||||
ansible-playbook -i hosts site.yml |
||||
|
||||
Once Done, you can check by browsing to http://<ipofhost>/index.php |
||||
|
||||
If you want to add a new webserver to the stack it would be as simple as changing the hosts file to add the new webserver name and rerun the above command. |
||||
|
||||
[webservers] |
||||
localhost |
||||
webserver1 |
||||
|
||||
[dbservers] |
||||
bensible |
||||
|
||||
ansible-playbook -i hosts site.yml |
@ -0,0 +1,6 @@ |
||||
--- |
||||
# varialbles here would be applicable to all groups |
||||
|
||||
httpd_port: 80 |
||||
ntpserver: 192.168.1.2 |
||||
repository: http://github.com/bennojoy/mywebapp.git |
@ -0,0 +1,8 @@ |
||||
--- |
||||
# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. |
||||
|
||||
mysqlservice: mysqld |
||||
mysql_port: 3306 |
||||
dbuser: root |
||||
dbname: foodb |
||||
upassword: abc |
@ -0,0 +1,5 @@ |
||||
[webservers] |
||||
web2 |
||||
|
||||
[dbservers] |
||||
web3 |
@ -0,0 +1,8 @@ |
||||
--- |
||||
# Handler to handle common notifications |
||||
|
||||
- name: restart ntp |
||||
service: name=ntpd state=restarted |
||||
|
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
@ -0,0 +1,18 @@ |
||||
--- |
||||
# This playbook contains common plays that would be run on all Nodes. |
||||
|
||||
- name: Install ntp |
||||
yum: name=ntp state=present |
||||
tags: ntp |
||||
|
||||
- name: Configure ntp file |
||||
template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf |
||||
tags: ntp |
||||
notify: restart ntp |
||||
|
||||
- name: Start the ntp service |
||||
service: name=ntpd state=started enabled=true |
||||
tags: ntp |
||||
|
||||
|
||||
|
@ -0,0 +1,12 @@ |
||||
|
||||
driftfile /var/lib/ntp/drift |
||||
|
||||
restrict 127.0.0.1 |
||||
restrict -6 ::1 |
||||
|
||||
server {{ ntpserver }} |
||||
|
||||
includefile /etc/ntp/crypto/pw |
||||
|
||||
keys /etc/ntp/keys |
||||
|
@ -0,0 +1,11 @@ |
||||
--- |
||||
# This playbook deploys mysql and configures database on the db node/nodes |
||||
|
||||
- hosts: dbservers |
||||
user: root |
||||
tasks: |
||||
- include: common/tasks/main.yml |
||||
- include: dbtier/tasks/install_mysql.yml |
||||
handlers: |
||||
- include: dbtier/handlers/main.yml |
||||
- include: common/handlers/main.yml |
@ -0,0 +1,6 @@ |
||||
--- |
||||
# Handler to handle DB tier notifications |
||||
|
||||
- name: restart mysql |
||||
service: name=mysqld state=restarted |
||||
|
@ -0,0 +1,32 @@ |
||||
--- |
||||
# This playbook will install mysql and create db user and give permissions. |
||||
|
||||
- name: Install Mysql package |
||||
action: yum pkg=$item state=installed |
||||
with_items: |
||||
- mysql-server |
||||
- MySQL-python |
||||
- libselinux-python |
||||
- libsemanage-python |
||||
|
||||
- name: Configure SELinux to start mysql on any port |
||||
seboolean: name=mysql_connect_any state=true persistent=yes |
||||
|
||||
- name: Create Mysql configuration file |
||||
action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf |
||||
notify: |
||||
- restart mysql |
||||
|
||||
- name: Start Mysql Service |
||||
service: name=mysqld state=started enabled=true |
||||
|
||||
- name: insert iptables rule |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" |
||||
notify: restart iptables |
||||
|
||||
|
||||
- name: Create Application Database |
||||
mysql_db: name=$dbname state=present |
||||
|
||||
- name: Create Application DB User |
||||
mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present |
@ -0,0 +1,11 @@ |
||||
[mysqld] |
||||
datadir=/var/lib/mysql |
||||
socket=/var/lib/mysql/mysql.sock |
||||
user=mysql |
||||
# Disabling symbolic-links is recommended to prevent assorted security risks |
||||
symbolic-links=0 |
||||
port={{ mysql_port }} |
||||
|
||||
[mysqld_safe] |
||||
log-error=/var/log/mysqld.log |
||||
pid-file=/var/run/mysqld/mysqld.pid |
@ -0,0 +1,11 @@ |
||||
--- |
||||
# This Playbook deploys the WebServers with httpd and the code. |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
tasks: |
||||
- include: common/tasks/main.yml |
||||
- include: webtier/tasks/install_httpd.yml |
||||
- include: webtier/tasks/copy_code.yml |
||||
handlers: |
||||
- include: webtier/handlers/main.yml |
@ -0,0 +1,5 @@ |
||||
--- |
||||
# Handler for the webtier |
||||
|
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
@ -0,0 +1,10 @@ |
||||
--- |
||||
# This Playbook is responsible for copying the latest dev/production code from the version control system. |
||||
|
||||
- name: Copy the code from repository |
||||
git: repo=${repository} dest=/var/www/html/ |
||||
|
||||
|
||||
- name: Create's the index.php file |
||||
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||
|
@ -0,0 +1,26 @@ |
||||
--- |
||||
# This playbook installs http and the php modules. |
||||
|
||||
- name: Install http and php etc |
||||
action: yum name=$item state=installed |
||||
with_items: |
||||
- httpd |
||||
- php |
||||
- php-mysql |
||||
- libsemanage-python |
||||
- libselinux-python |
||||
|
||||
|
||||
- name: insert iptables rule for httpd |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" |
||||
register: last_run |
||||
|
||||
- name: Apply iptable rule |
||||
service: name=iptables state=restarted |
||||
only_if: ${last_run.changed} |
||||
|
||||
- name: http service state |
||||
service: name=httpd state=started enabled=yes |
||||
|
||||
- name: Configure SELinux to allow httpd to connect to remote database |
||||
seboolean: name=httpd_can_network_connect_db state=true persistent=yes |
@ -0,0 +1,24 @@ |
||||
<html> |
||||
<head> |
||||
<title>Ansible Application</title> |
||||
</head> |
||||
<body> |
||||
</br> |
||||
<a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a> |
||||
</br> |
||||
<?php |
||||
Print "Hello, World! I am configured in Ansible and i am : "; |
||||
echo exec('hostname'); |
||||
Print "</BR>"; |
||||
echo "List of Databases: </BR>"; |
||||
{% for host in groups['dbservers'] %} |
||||
$link = mysql_connect('{{ hostvars[host].ansible_eth0.ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysql_error()); |
||||
{% endfor %} |
||||
$res = mysql_query("SHOW DATABASES"); |
||||
while ($row = mysql_fetch_assoc($res)) { |
||||
echo $row['Database'] . "\n"; |
||||
} |
||||
?> |
||||
</body> |
||||
</html> |
||||
|
@ -0,0 +1,5 @@ |
||||
--- |
||||
#This Playbook deploys the whole application stack in this site. |
||||
|
||||
- include: roles/db.yml |
||||
- include: roles/web.yml |
Reference in new issue