From 12d305dd9645764c8dc4e531699611d252233944 Mon Sep 17 00:00:00 2001 From: bennojoy Date: Tue, 12 Mar 2013 13:05:13 +0530 Subject: [PATCH] examples --- README.md | 6 ++ lamp_haproxy/README.md | 40 +++++++++++++ lamp_haproxy/group_vars/all | 6 ++ lamp_haproxy/group_vars/dbservers | 8 +++ lamp_haproxy/group_vars/lbservers | 16 +++++ lamp_haproxy/hosts | 10 ++++ lamp_haproxy/roles/add_webservers.yml | 10 ++++ lamp_haproxy/roles/common/handlers/main.yml | 8 +++ lamp_haproxy/roles/common/tasks/main.yml | 18 ++++++ .../roles/common/templates/ntp.conf.j2 | 12 ++++ lamp_haproxy/roles/db.yml | 11 ++++ lamp_haproxy/roles/dbtier/handlers/main.yml | 6 ++ .../roles/dbtier/tasks/install_mysql.yml | 32 ++++++++++ lamp_haproxy/roles/dbtier/templates/my.cnf.j2 | 11 ++++ lamp_haproxy/roles/haproxy.yml | 10 ++++ lamp_haproxy/roles/haproxy/handlers/main.yml | 11 ++++ .../roles/haproxy/tasks/install_haproxy.yml | 19 ++++++ .../roles/haproxy/templates/haproxy.cfg.j2 | 39 +++++++++++++ .../haproxy/templates/haproxy.cfg.j2.bck | 36 ++++++++++++ lamp_haproxy/roles/remove_webservers.yml | 9 +++ lamp_haproxy/roles/rolling_update.yml | 8 +++ lamp_haproxy/roles/web.yml | 11 ++++ lamp_haproxy/roles/webtier/handlers/main.yml | 5 ++ .../roles/webtier/tasks/add_to_lb.yml | 15 +++++ .../roles/webtier/tasks/copy_code.yml | 10 ++++ .../roles/webtier/tasks/install_httpd.yml | 26 +++++++++ .../roles/webtier/tasks/remove_from_lb.yml | 23 ++++++++ .../roles/webtier/tasks/rolling_update.yml | 22 +++++++ lamp_haproxy/roles/webtier/tasks/utils.yml | 39 +++++++++++++ .../roles/webtier/templates/index.php.j2 | 16 +++++ lamp_haproxy/site.yml | 6 ++ lamp_simple/README.md | 58 +++++++++++++++++++ lamp_simple/group_vars/all | 6 ++ lamp_simple/group_vars/dbservers | 8 +++ lamp_simple/hosts | 5 ++ lamp_simple/roles/common/handlers/main.yml | 8 +++ lamp_simple/roles/common/tasks/main.yml | 18 ++++++ .../roles/common/templates/ntp.conf.j2 | 12 ++++ lamp_simple/roles/db.yml | 11 ++++ lamp_simple/roles/dbtier/handlers/main.yml | 6 ++ .../roles/dbtier/tasks/install_mysql.yml | 32 ++++++++++ lamp_simple/roles/dbtier/templates/my.cnf.j2 | 11 ++++ lamp_simple/roles/web.yml | 11 ++++ lamp_simple/roles/webtier/handlers/main.yml | 5 ++ lamp_simple/roles/webtier/tasks/copy_code.yml | 10 ++++ .../roles/webtier/tasks/install_httpd.yml | 26 +++++++++ .../roles/webtier/templates/index.php.j2 | 24 ++++++++ lamp_simple/site.yml | 5 ++ 48 files changed, 755 insertions(+) create mode 100644 README.md create mode 100644 lamp_haproxy/README.md create mode 100644 lamp_haproxy/group_vars/all create mode 100644 lamp_haproxy/group_vars/dbservers create mode 100644 lamp_haproxy/group_vars/lbservers create mode 100644 lamp_haproxy/hosts create mode 100644 lamp_haproxy/roles/add_webservers.yml create mode 100644 lamp_haproxy/roles/common/handlers/main.yml create mode 100644 lamp_haproxy/roles/common/tasks/main.yml create mode 100644 lamp_haproxy/roles/common/templates/ntp.conf.j2 create mode 100644 lamp_haproxy/roles/db.yml create mode 100644 lamp_haproxy/roles/dbtier/handlers/main.yml create mode 100644 lamp_haproxy/roles/dbtier/tasks/install_mysql.yml create mode 100644 lamp_haproxy/roles/dbtier/templates/my.cnf.j2 create mode 100644 lamp_haproxy/roles/haproxy.yml create mode 100644 lamp_haproxy/roles/haproxy/handlers/main.yml create mode 100644 lamp_haproxy/roles/haproxy/tasks/install_haproxy.yml create mode 100644 lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 create mode 100644 lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2.bck create mode 100644 lamp_haproxy/roles/remove_webservers.yml create mode 100644 lamp_haproxy/roles/rolling_update.yml create mode 100644 lamp_haproxy/roles/web.yml create mode 100644 lamp_haproxy/roles/webtier/handlers/main.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/add_to_lb.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/copy_code.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/install_httpd.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/remove_from_lb.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/rolling_update.yml create mode 100644 lamp_haproxy/roles/webtier/tasks/utils.yml create mode 100644 lamp_haproxy/roles/webtier/templates/index.php.j2 create mode 100644 lamp_haproxy/site.yml create mode 100644 lamp_simple/README.md create mode 100644 lamp_simple/group_vars/all create mode 100644 lamp_simple/group_vars/dbservers create mode 100644 lamp_simple/hosts create mode 100644 lamp_simple/roles/common/handlers/main.yml create mode 100644 lamp_simple/roles/common/tasks/main.yml create mode 100644 lamp_simple/roles/common/templates/ntp.conf.j2 create mode 100644 lamp_simple/roles/db.yml create mode 100644 lamp_simple/roles/dbtier/handlers/main.yml create mode 100644 lamp_simple/roles/dbtier/tasks/install_mysql.yml create mode 100644 lamp_simple/roles/dbtier/templates/my.cnf.j2 create mode 100644 lamp_simple/roles/web.yml create mode 100644 lamp_simple/roles/webtier/handlers/main.yml create mode 100644 lamp_simple/roles/webtier/tasks/copy_code.yml create mode 100644 lamp_simple/roles/webtier/tasks/install_httpd.yml create mode 100644 lamp_simple/roles/webtier/templates/index.php.j2 create mode 100644 lamp_simple/site.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..36bc748 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ + +Ansible Examples +---------------- + +This repository contains examples and best practises for building Ansible Playbooks. + diff --git a/lamp_haproxy/README.md b/lamp_haproxy/README.md new file mode 100644 index 0000000..0bdf21f --- /dev/null +++ b/lamp_haproxy/README.md @@ -0,0 +1,40 @@ +Lamp Stack + LoadBalancer(haproxy) + add/remove nodes from cluster + Serial Rolling update of webserserver +---------------------------------------------------------------------------------------------------------- + +This example is an extension of the simple lamp deployment, In this example we deploy a lampstack with a LoadBalancer in front. +This also has the capablity to add/remove nodes from the deployment. It also includes examples to do a rolling update of a stack +without affecting the service. + +***Setup Entire Site. +Firstly we setup the entire stack, configure the 'hosts' inventory file to include the names of your hosts on which the stack would be deployed. + [webservers] + web3 + web2 + [dbservers] + web3 + [lbservers] + web2 +After which we execute the following command to deploy the site. + ansible-playbook -i hosts site.yml + +The deployment can be verified by accessing the webpage." lynx http://:8888. multiple access should land you up in diffrent webservers. + +***Remove a node from the cluster. +Removal of a node from the cluster would be as simple as executing the following command: + ansible-playbook -i hosts roles/remove_webservers.yml --limit=web2 + +***Adding a node to the cluster. +Adding a node to the cluster can be done by executing the following command + ansible-playbook -i hosts roles/add_webservers.yml --limit=web2 + +***Rolling update of the entire site or a single hosts +Rolling updates are the preffered way to do an update as this wont affect the end users, In this example the hosts are updated in serial fashion, which means +that only one server would be updated at one time, this behaviour can be changed by setting the 'serial' keyword in webservers.yml file. +Once the code has been updated in the repository which can be defined in the group_vars/all file, execute the following command: + ansible-playbook -i hosts roles/rolling_update.yml + + + + + + diff --git a/lamp_haproxy/group_vars/all b/lamp_haproxy/group_vars/all new file mode 100644 index 0000000..1bfa7db --- /dev/null +++ b/lamp_haproxy/group_vars/all @@ -0,0 +1,6 @@ +--- +# varialbles here would be applicable to all groups + +httpd_port: 80 +ntpserver: 192.168.1.2 +repository: http://github.com/bennojoy/mywebapp.git diff --git a/lamp_haproxy/group_vars/dbservers b/lamp_haproxy/group_vars/dbservers new file mode 100644 index 0000000..3c48323 --- /dev/null +++ b/lamp_haproxy/group_vars/dbservers @@ -0,0 +1,8 @@ +--- +# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. + +mysqlservice: mysqld +mysql_port: 3306 +dbuser: root +dbname: foodb +upassword: abc diff --git a/lamp_haproxy/group_vars/lbservers b/lamp_haproxy/group_vars/lbservers new file mode 100644 index 0000000..ddcda55 --- /dev/null +++ b/lamp_haproxy/group_vars/lbservers @@ -0,0 +1,16 @@ +--- +# File for the HAproxy configuration + +#Supports http and tcp, for ssl smtp etc.. use tcp +mode: http + +#port on which the lb should listen +listenport: 8888 + +#A name for the proxy daemon, this would be the suffix in the logs. +daemonname: myapplb + +#Balancing Algorithm Avalilable options: roundrobin,source,leastconn,source,uri +#If persistance is required use source +balance: roundrobin + diff --git a/lamp_haproxy/hosts b/lamp_haproxy/hosts new file mode 100644 index 0000000..32b4e99 --- /dev/null +++ b/lamp_haproxy/hosts @@ -0,0 +1,10 @@ +[webservers] +web3 +web2 + +[dbservers] +web3 + +[lbservers] +web2 + diff --git a/lamp_haproxy/roles/add_webservers.yml b/lamp_haproxy/roles/add_webservers.yml new file mode 100644 index 0000000..536f0eb --- /dev/null +++ b/lamp_haproxy/roles/add_webservers.yml @@ -0,0 +1,10 @@ +--- +# This Playbook adds a webserver into the the web cluster + +- hosts: webservers + user: root + serial: 1 + tasks: + - include: ../roles/webtier/tasks/install_httpd.yml + - include: ../roles/webtier/tasks/copy_code.yml + - include: ../roles/webtier/tasks/add_to_lb.yml diff --git a/lamp_haproxy/roles/common/handlers/main.yml b/lamp_haproxy/roles/common/handlers/main.yml new file mode 100644 index 0000000..e6a655e --- /dev/null +++ b/lamp_haproxy/roles/common/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# Handler to handle common notifications + +- name: restart ntp + service: name=ntpd state=restarted + +- name: restart iptables + service: name=iptables state=restarted diff --git a/lamp_haproxy/roles/common/tasks/main.yml b/lamp_haproxy/roles/common/tasks/main.yml new file mode 100644 index 0000000..a0d7875 --- /dev/null +++ b/lamp_haproxy/roles/common/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# This playbook contains common plays that would be run on all Nodes. + +- name: Install ntp + yum: name=ntp state=present + tags: ntp + +- name: Configure ntp file + template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf + tags: ntp + notify: restart ntp + +- name: Start the ntp service + service: name=ntpd state=started enabled=true + tags: ntp + + + diff --git a/lamp_haproxy/roles/common/templates/ntp.conf.j2 b/lamp_haproxy/roles/common/templates/ntp.conf.j2 new file mode 100644 index 0000000..6336c2e --- /dev/null +++ b/lamp_haproxy/roles/common/templates/ntp.conf.j2 @@ -0,0 +1,12 @@ + +driftfile /var/lib/ntp/drift + +restrict 127.0.0.1 +restrict -6 ::1 + +server {{ ntpserver }} + +includefile /etc/ntp/crypto/pw + +keys /etc/ntp/keys + diff --git a/lamp_haproxy/roles/db.yml b/lamp_haproxy/roles/db.yml new file mode 100644 index 0000000..904e7ed --- /dev/null +++ b/lamp_haproxy/roles/db.yml @@ -0,0 +1,11 @@ +--- +# This playbook deploys mysql and configures database on the db node/nodes + +- hosts: dbservers + user: root + tasks: + - include: common/tasks/main.yml + - include: dbtier/tasks/install_mysql.yml + handlers: + - include: dbtier/handlers/main.yml + - include: common/handlers/main.yml diff --git a/lamp_haproxy/roles/dbtier/handlers/main.yml b/lamp_haproxy/roles/dbtier/handlers/main.yml new file mode 100644 index 0000000..0014f14 --- /dev/null +++ b/lamp_haproxy/roles/dbtier/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Handler to handle DB tier notifications + +- name: restart mysql + service: name=mysqld state=restarted + diff --git a/lamp_haproxy/roles/dbtier/tasks/install_mysql.yml b/lamp_haproxy/roles/dbtier/tasks/install_mysql.yml new file mode 100644 index 0000000..2332e91 --- /dev/null +++ b/lamp_haproxy/roles/dbtier/tasks/install_mysql.yml @@ -0,0 +1,32 @@ +--- +# This playbook will install mysql and create db user and give permissions. + +- name: Install Mysql package + action: yum pkg=$item state=installed + with_items: + - mysql-server + - MySQL-python + - libselinux-python + - libsemanage-python + +- name: Configure SELinux to start mysql on any port + seboolean: name=mysql_connect_any state=true persistent=yes + +- name: Create Mysql configuration file + action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf + notify: + - restart mysql + +- name: Start Mysql Service + service: name=mysqld state=started enabled=true + +- name: insert iptables rule + lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" + notify: restart iptables + + +- name: Create Application Database + mysql_db: name=$dbname state=present + +- name: Create Application DB User + mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present diff --git a/lamp_haproxy/roles/dbtier/templates/my.cnf.j2 b/lamp_haproxy/roles/dbtier/templates/my.cnf.j2 new file mode 100644 index 0000000..3944d06 --- /dev/null +++ b/lamp_haproxy/roles/dbtier/templates/my.cnf.j2 @@ -0,0 +1,11 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +port={{ mysql_port }} + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid diff --git a/lamp_haproxy/roles/haproxy.yml b/lamp_haproxy/roles/haproxy.yml new file mode 100644 index 0000000..2f986d5 --- /dev/null +++ b/lamp_haproxy/roles/haproxy.yml @@ -0,0 +1,10 @@ +--- +#PlayBook for haproxy operations + +- hosts: lbservers + user: root + tasks: + - include: haproxy/tasks/install_haproxy.yml + handlers: + - include: haproxy/handlers/main.yml + - include: common/handlers/main.yml diff --git a/lamp_haproxy/roles/haproxy/handlers/main.yml b/lamp_haproxy/roles/haproxy/handlers/main.yml new file mode 100644 index 0000000..bdeda82 --- /dev/null +++ b/lamp_haproxy/roles/haproxy/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# Handlers for the HAproxy + +- name: restart haproxy + service: name=haproxy state=restarted + +- name: reload haproxy + service: name=haproxy state=reloaded + + + diff --git a/lamp_haproxy/roles/haproxy/tasks/install_haproxy.yml b/lamp_haproxy/roles/haproxy/tasks/install_haproxy.yml new file mode 100644 index 0000000..352fa92 --- /dev/null +++ b/lamp_haproxy/roles/haproxy/tasks/install_haproxy.yml @@ -0,0 +1,19 @@ +--- +# This PlayBook Installs the HAProxy and configures it. + +- name: Download and install haproxy + command: creates=/opt/haproxy.rpm curl -o /opt/haproxy.rpm ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/haproxy-1.4.18-1.el6.i686.rpm + +- name: Install the haproxy rpm. + command: creates=/etc/haproxy/haproxy.cfg yum -y localinstall /opt/haproxy.rpm + +- name: Install the socat package for dynamic addition/removal of hosts + yum: name=socat state=installed + +- name: Open firewall port for haproxy. + lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$listenport" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $listenport -j ACCEPT" + notify: restart iptables + +- name: Configure the haproxy cnf file with hosts + template: src=haproxy/templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg + notify: restart haproxy diff --git a/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 0000000..e39ae5f --- /dev/null +++ b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,39 @@ +global + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user root + group root + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats level admin + +defaults + mode {{ mode }} + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +backend app + {% for host in groups['lbservers'] %} + listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} + {% endfor %} + balance {{ balance }} + {% for host in groups['webservers'] %} + server {{ hostvars[host].ansible_hostname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ httpd_port }} + {% endfor %} diff --git a/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2.bck b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2.bck new file mode 100644 index 0000000..0868327 --- /dev/null +++ b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2.bck @@ -0,0 +1,36 @@ +global + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user root + group root + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats level admin + +defaults + mode {{ mode }} + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +backend app + {% for host in groups['lbservers'] %} + listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} + {% endfor %} + balance {{ balance }} diff --git a/lamp_haproxy/roles/remove_webservers.yml b/lamp_haproxy/roles/remove_webservers.yml new file mode 100644 index 0000000..db097b5 --- /dev/null +++ b/lamp_haproxy/roles/remove_webservers.yml @@ -0,0 +1,9 @@ +--- +# This Playbook removes a webserver from the pool serialy. + + +- hosts: webservers + user: root + serial: 1 + tasks: + - include: ../roles/webtier/tasks/remove_from_lb.yml diff --git a/lamp_haproxy/roles/rolling_update.yml b/lamp_haproxy/roles/rolling_update.yml new file mode 100644 index 0000000..89d50d3 --- /dev/null +++ b/lamp_haproxy/roles/rolling_update.yml @@ -0,0 +1,8 @@ +--- +# This Playbook does a rolling update of the code for all webservers serially (one at a time). Change the value of serial: to adjust the number of server to be updated. + +- hosts: webservers + user: root + serial: 1 + tasks: + - include: ../roles/webtier/tasks/rolling_update.yml diff --git a/lamp_haproxy/roles/web.yml b/lamp_haproxy/roles/web.yml new file mode 100644 index 0000000..3798685 --- /dev/null +++ b/lamp_haproxy/roles/web.yml @@ -0,0 +1,11 @@ +--- +# This Playbook deploys the WebServers with httpd and the code. + +- hosts: webservers + user: root + tasks: + - include: common/tasks/main.yml + - include: webtier/tasks/install_httpd.yml + - include: webtier/tasks/copy_code.yml + handlers: + - include: webtier/handlers/main.yml diff --git a/lamp_haproxy/roles/webtier/handlers/main.yml b/lamp_haproxy/roles/webtier/handlers/main.yml new file mode 100644 index 0000000..f613a8f --- /dev/null +++ b/lamp_haproxy/roles/webtier/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# Handler for the webtier + +- name: restart iptables + service: name=iptables state=restarted diff --git a/lamp_haproxy/roles/webtier/tasks/add_to_lb.yml b/lamp_haproxy/roles/webtier/tasks/add_to_lb.yml new file mode 100644 index 0000000..a3b7e3d --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/add_to_lb.yml @@ -0,0 +1,15 @@ +--- +# This Playbook does utility stuff's like adding a webserver into the pool, etc.. + +- name: Add server to LB + lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" + delegate_to: $item + with_items: ${groups.lbservers} + register: last_run + +- name: Reload the haproxy + service: name=haproxy state=reloaded + delegate_to: $item + with_items: ${groups.lbservers} + only_if: ${last_run.changed} + diff --git a/lamp_haproxy/roles/webtier/tasks/copy_code.yml b/lamp_haproxy/roles/webtier/tasks/copy_code.yml new file mode 100644 index 0000000..8975fdc --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/copy_code.yml @@ -0,0 +1,10 @@ +--- +# This Playbook is responsible for copying the latest dev/production code from the version control system. + +- name: Copy the code from repository + git: repo=${repository} dest=/var/www/html/ + + +- name: Create's the index.php file + template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php + diff --git a/lamp_haproxy/roles/webtier/tasks/install_httpd.yml b/lamp_haproxy/roles/webtier/tasks/install_httpd.yml new file mode 100644 index 0000000..19ea206 --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/install_httpd.yml @@ -0,0 +1,26 @@ +--- +# This playbook installs http and the php modules. + +- name: Install http and php etc + action: yum name=$item state=installed + with_items: + - httpd + - php + - php-mysql + - libsemanage-python + - libselinux-python + + +- name: insert iptables rule for httpd + lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" + register: last_run + +- name: Apply iptable rule + service: name=iptables state=restarted + only_if: ${last_run.changed} + +- name: http service state + service: name=httpd state=started enabled=yes + +- name: Configure SELinux to allow httpd to connect to remote database + seboolean: name=httpd_can_network_connect_db state=true persistent=yes diff --git a/lamp_haproxy/roles/webtier/tasks/remove_from_lb.yml b/lamp_haproxy/roles/webtier/tasks/remove_from_lb.yml new file mode 100644 index 0000000..985d0d4 --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/remove_from_lb.yml @@ -0,0 +1,23 @@ +--- +# This Playbook does utility stuff's like adding a webserver into the pool, etc.. + +- name: Remove the code from server + command: rm -rf /var/www/html/* + +- name: Remove server from LB + lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" + delegate_to: $item + with_items: ${groups.lbservers} + register: last_run + +- name: disable the server in haproxy + shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats + delegate_to: $item + with_items: ${groups.lbservers} + +- name: Remove the httpd package + yum: name=httpd state=absent + + + + diff --git a/lamp_haproxy/roles/webtier/tasks/rolling_update.yml b/lamp_haproxy/roles/webtier/tasks/rolling_update.yml new file mode 100644 index 0000000..981f047 --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/rolling_update.yml @@ -0,0 +1,22 @@ +--- +# This Playbook implements a rolling update on the infrastructure, change the value of the serial keyword to specify the number of servers the update should happen. + +- name: Remove the code from server + command: rm -rf /var/www/html/* + +- name: disable the server in haproxy + shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats + delegate_to: $item + with_items: ${groups.lbservers} + +- name: Copy the code from repository + git: repo=${repository} dest=/var/www/html/ + +- name: Create's the index.php file + template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php + +- name: Enable the server in haproxy + shell: echo "enable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats + delegate_to: $item + with_items: ${groups.lbservers} + diff --git a/lamp_haproxy/roles/webtier/tasks/utils.yml b/lamp_haproxy/roles/webtier/tasks/utils.yml new file mode 100644 index 0000000..5ba4e7a --- /dev/null +++ b/lamp_haproxy/roles/webtier/tasks/utils.yml @@ -0,0 +1,39 @@ +--- +# This Playbook does utility stuff's like adding a webserver into the pool, etc.. + +- name: Add server to LB + lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" + delegate_to: ${lbserver} + register: last_run + tags: add + +- name: Reload the haproxy + service: name=haproxy state=reloaded + delegate_to: ${lbserver} + only_if: ${last_run.changed} + tags: add + +- name: Remove the code from server + command: rm -rf /var/www/html/* + tags: remove + +- name: Remove server from LB + lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" + delegate_to: $item + with_items: ${groups.lbservers}} + register: last_run + tags: remove + +- name: disable the server in haproxy + shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats + delegate_to: $item + with_items: ${groups.lbservers}} + tags: remove + +- name: Remove the httpd package + yum: name=httpd state=absent + tags: remove + + + + diff --git a/lamp_haproxy/roles/webtier/templates/index.php.j2 b/lamp_haproxy/roles/webtier/templates/index.php.j2 new file mode 100644 index 0000000..a8c4dca --- /dev/null +++ b/lamp_haproxy/roles/webtier/templates/index.php.j2 @@ -0,0 +1,16 @@ + + + Ansible Application + + +
+ Homepage +
+"; +?> + + + diff --git a/lamp_haproxy/site.yml b/lamp_haproxy/site.yml new file mode 100644 index 0000000..6bfb3d4 --- /dev/null +++ b/lamp_haproxy/site.yml @@ -0,0 +1,6 @@ +--- +#This Playbook deploys the whole application stack in this site. + +- include: roles/db.yml +- include: roles/web.yml +- include: roles/haproxy.yml diff --git a/lamp_simple/README.md b/lamp_simple/README.md new file mode 100644 index 0000000..52f90ce --- /dev/null +++ b/lamp_simple/README.md @@ -0,0 +1,58 @@ +Building a simple LAMP stack and deploying Application using Ansible Playbooks. +------------------------------------------- + +This playbooks is meant to be a reference and starters guide to building Ansible Playbooks. These playbooks were tested on Centos 6.x so we recommend Centos to test these modules. + +### Installing Ansible + +Running this playbook requires setting up Ansible first, luckily this is a very simple process on Centos 6.x: + + yum install http://epel.mirrors.arminco.com/6/x86_64/epel-release-6-8.noarch.rpm + yum install python PyYAML python-paramiko python-jinja2 + git clone git://github.com/ansible/ansible.git + cd ansible + source hacking/env-setup + +Generate/Synchronize your ssh keys(Optional you can pass -k parameter to prompt for password) + + ssh-keygen -t rsa + cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys + +Create a sample inventory file (File containing the hostnames) + + echo "localhost" > ansible_hosts + +Test if we are setup properly + + ansible -i ansible_hosts localhost -m ping + localhost | success >> { + "changed": false, + "ping": "pong" + } + + + +Now we setup our Lamp Stack, The stack can be on a single node or multiple nodes. The inventory file 'hosts' defines the nodes in which the stacks should be configured. + + [webservers] + localhost + + [dbservers] + bensible + +Here the webserver would be configured on the localhost and the dbserver on bensible. The stack can be deployed using the following command. + + ansible-playbook -i hosts site.yml + +Once Done, you can check by browsing to http:///index.php + +If you want to add a new webserver to the stack it would be as simple as changing the hosts file to add the new webserver name and rerun the above command. + + [webservers] + localhost + webserver1 + + [dbservers] + bensible + + ansible-playbook -i hosts site.yml diff --git a/lamp_simple/group_vars/all b/lamp_simple/group_vars/all new file mode 100644 index 0000000..1bfa7db --- /dev/null +++ b/lamp_simple/group_vars/all @@ -0,0 +1,6 @@ +--- +# varialbles here would be applicable to all groups + +httpd_port: 80 +ntpserver: 192.168.1.2 +repository: http://github.com/bennojoy/mywebapp.git diff --git a/lamp_simple/group_vars/dbservers b/lamp_simple/group_vars/dbservers new file mode 100644 index 0000000..3c48323 --- /dev/null +++ b/lamp_simple/group_vars/dbservers @@ -0,0 +1,8 @@ +--- +# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. + +mysqlservice: mysqld +mysql_port: 3306 +dbuser: root +dbname: foodb +upassword: abc diff --git a/lamp_simple/hosts b/lamp_simple/hosts new file mode 100644 index 0000000..3b63018 --- /dev/null +++ b/lamp_simple/hosts @@ -0,0 +1,5 @@ +[webservers] +web2 + +[dbservers] +web3 diff --git a/lamp_simple/roles/common/handlers/main.yml b/lamp_simple/roles/common/handlers/main.yml new file mode 100644 index 0000000..e6a655e --- /dev/null +++ b/lamp_simple/roles/common/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# Handler to handle common notifications + +- name: restart ntp + service: name=ntpd state=restarted + +- name: restart iptables + service: name=iptables state=restarted diff --git a/lamp_simple/roles/common/tasks/main.yml b/lamp_simple/roles/common/tasks/main.yml new file mode 100644 index 0000000..a0d7875 --- /dev/null +++ b/lamp_simple/roles/common/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# This playbook contains common plays that would be run on all Nodes. + +- name: Install ntp + yum: name=ntp state=present + tags: ntp + +- name: Configure ntp file + template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf + tags: ntp + notify: restart ntp + +- name: Start the ntp service + service: name=ntpd state=started enabled=true + tags: ntp + + + diff --git a/lamp_simple/roles/common/templates/ntp.conf.j2 b/lamp_simple/roles/common/templates/ntp.conf.j2 new file mode 100644 index 0000000..6336c2e --- /dev/null +++ b/lamp_simple/roles/common/templates/ntp.conf.j2 @@ -0,0 +1,12 @@ + +driftfile /var/lib/ntp/drift + +restrict 127.0.0.1 +restrict -6 ::1 + +server {{ ntpserver }} + +includefile /etc/ntp/crypto/pw + +keys /etc/ntp/keys + diff --git a/lamp_simple/roles/db.yml b/lamp_simple/roles/db.yml new file mode 100644 index 0000000..904e7ed --- /dev/null +++ b/lamp_simple/roles/db.yml @@ -0,0 +1,11 @@ +--- +# This playbook deploys mysql and configures database on the db node/nodes + +- hosts: dbservers + user: root + tasks: + - include: common/tasks/main.yml + - include: dbtier/tasks/install_mysql.yml + handlers: + - include: dbtier/handlers/main.yml + - include: common/handlers/main.yml diff --git a/lamp_simple/roles/dbtier/handlers/main.yml b/lamp_simple/roles/dbtier/handlers/main.yml new file mode 100644 index 0000000..0014f14 --- /dev/null +++ b/lamp_simple/roles/dbtier/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Handler to handle DB tier notifications + +- name: restart mysql + service: name=mysqld state=restarted + diff --git a/lamp_simple/roles/dbtier/tasks/install_mysql.yml b/lamp_simple/roles/dbtier/tasks/install_mysql.yml new file mode 100644 index 0000000..2332e91 --- /dev/null +++ b/lamp_simple/roles/dbtier/tasks/install_mysql.yml @@ -0,0 +1,32 @@ +--- +# This playbook will install mysql and create db user and give permissions. + +- name: Install Mysql package + action: yum pkg=$item state=installed + with_items: + - mysql-server + - MySQL-python + - libselinux-python + - libsemanage-python + +- name: Configure SELinux to start mysql on any port + seboolean: name=mysql_connect_any state=true persistent=yes + +- name: Create Mysql configuration file + action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf + notify: + - restart mysql + +- name: Start Mysql Service + service: name=mysqld state=started enabled=true + +- name: insert iptables rule + lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" + notify: restart iptables + + +- name: Create Application Database + mysql_db: name=$dbname state=present + +- name: Create Application DB User + mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present diff --git a/lamp_simple/roles/dbtier/templates/my.cnf.j2 b/lamp_simple/roles/dbtier/templates/my.cnf.j2 new file mode 100644 index 0000000..3944d06 --- /dev/null +++ b/lamp_simple/roles/dbtier/templates/my.cnf.j2 @@ -0,0 +1,11 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +port={{ mysql_port }} + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid diff --git a/lamp_simple/roles/web.yml b/lamp_simple/roles/web.yml new file mode 100644 index 0000000..3798685 --- /dev/null +++ b/lamp_simple/roles/web.yml @@ -0,0 +1,11 @@ +--- +# This Playbook deploys the WebServers with httpd and the code. + +- hosts: webservers + user: root + tasks: + - include: common/tasks/main.yml + - include: webtier/tasks/install_httpd.yml + - include: webtier/tasks/copy_code.yml + handlers: + - include: webtier/handlers/main.yml diff --git a/lamp_simple/roles/webtier/handlers/main.yml b/lamp_simple/roles/webtier/handlers/main.yml new file mode 100644 index 0000000..f613a8f --- /dev/null +++ b/lamp_simple/roles/webtier/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# Handler for the webtier + +- name: restart iptables + service: name=iptables state=restarted diff --git a/lamp_simple/roles/webtier/tasks/copy_code.yml b/lamp_simple/roles/webtier/tasks/copy_code.yml new file mode 100644 index 0000000..8975fdc --- /dev/null +++ b/lamp_simple/roles/webtier/tasks/copy_code.yml @@ -0,0 +1,10 @@ +--- +# This Playbook is responsible for copying the latest dev/production code from the version control system. + +- name: Copy the code from repository + git: repo=${repository} dest=/var/www/html/ + + +- name: Create's the index.php file + template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php + diff --git a/lamp_simple/roles/webtier/tasks/install_httpd.yml b/lamp_simple/roles/webtier/tasks/install_httpd.yml new file mode 100644 index 0000000..19ea206 --- /dev/null +++ b/lamp_simple/roles/webtier/tasks/install_httpd.yml @@ -0,0 +1,26 @@ +--- +# This playbook installs http and the php modules. + +- name: Install http and php etc + action: yum name=$item state=installed + with_items: + - httpd + - php + - php-mysql + - libsemanage-python + - libselinux-python + + +- name: insert iptables rule for httpd + lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" + register: last_run + +- name: Apply iptable rule + service: name=iptables state=restarted + only_if: ${last_run.changed} + +- name: http service state + service: name=httpd state=started enabled=yes + +- name: Configure SELinux to allow httpd to connect to remote database + seboolean: name=httpd_can_network_connect_db state=true persistent=yes diff --git a/lamp_simple/roles/webtier/templates/index.php.j2 b/lamp_simple/roles/webtier/templates/index.php.j2 new file mode 100644 index 0000000..76c3420 --- /dev/null +++ b/lamp_simple/roles/webtier/templates/index.php.j2 @@ -0,0 +1,24 @@ + + + Ansible Application + + +
+ Homepage +
+"; +echo "List of Databases:
"; + {% for host in groups['dbservers'] %} + $link = mysql_connect('{{ hostvars[host].ansible_eth0.ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysql_error()); + {% endfor %} + $res = mysql_query("SHOW DATABASES"); + while ($row = mysql_fetch_assoc($res)) { + echo $row['Database'] . "\n"; + } +?> + + + diff --git a/lamp_simple/site.yml b/lamp_simple/site.yml new file mode 100644 index 0000000..af6af93 --- /dev/null +++ b/lamp_simple/site.yml @@ -0,0 +1,5 @@ +--- +#This Playbook deploys the whole application stack in this site. + +- include: roles/db.yml +- include: roles/web.yml