commit
12d305dd96
@ -0,0 +1,6 @@ |
|||||||
|
|
||||||
|
Ansible Examples |
||||||
|
---------------- |
||||||
|
|
||||||
|
This repository contains examples and best practises for building Ansible Playbooks. |
||||||
|
|
@ -0,0 +1,40 @@ |
|||||||
|
Lamp Stack + LoadBalancer(haproxy) + add/remove nodes from cluster + Serial Rolling update of webserserver |
||||||
|
---------------------------------------------------------------------------------------------------------- |
||||||
|
|
||||||
|
This example is an extension of the simple lamp deployment, In this example we deploy a lampstack with a LoadBalancer in front. |
||||||
|
This also has the capablity to add/remove nodes from the deployment. It also includes examples to do a rolling update of a stack |
||||||
|
without affecting the service. |
||||||
|
|
||||||
|
***Setup Entire Site. |
||||||
|
Firstly we setup the entire stack, configure the 'hosts' inventory file to include the names of your hosts on which the stack would be deployed. |
||||||
|
[webservers] |
||||||
|
web3 |
||||||
|
web2 |
||||||
|
[dbservers] |
||||||
|
web3 |
||||||
|
[lbservers] |
||||||
|
web2 |
||||||
|
After which we execute the following command to deploy the site. |
||||||
|
ansible-playbook -i hosts site.yml |
||||||
|
|
||||||
|
The deployment can be verified by accessing the webpage." lynx http://<ip-of-lb>:8888. multiple access should land you up in diffrent webservers. |
||||||
|
|
||||||
|
***Remove a node from the cluster. |
||||||
|
Removal of a node from the cluster would be as simple as executing the following command: |
||||||
|
ansible-playbook -i hosts roles/remove_webservers.yml --limit=web2 |
||||||
|
|
||||||
|
***Adding a node to the cluster. |
||||||
|
Adding a node to the cluster can be done by executing the following command |
||||||
|
ansible-playbook -i hosts roles/add_webservers.yml --limit=web2 |
||||||
|
|
||||||
|
***Rolling update of the entire site or a single hosts |
||||||
|
Rolling updates are the preffered way to do an update as this wont affect the end users, In this example the hosts are updated in serial fashion, which means |
||||||
|
that only one server would be updated at one time, this behaviour can be changed by setting the 'serial' keyword in webservers.yml file. |
||||||
|
Once the code has been updated in the repository which can be defined in the group_vars/all file, execute the following command: |
||||||
|
ansible-playbook -i hosts roles/rolling_update.yml |
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
# varialbles here would be applicable to all groups |
||||||
|
|
||||||
|
httpd_port: 80 |
||||||
|
ntpserver: 192.168.1.2 |
||||||
|
repository: http://github.com/bennojoy/mywebapp.git |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. |
||||||
|
|
||||||
|
mysqlservice: mysqld |
||||||
|
mysql_port: 3306 |
||||||
|
dbuser: root |
||||||
|
dbname: foodb |
||||||
|
upassword: abc |
@ -0,0 +1,16 @@ |
|||||||
|
--- |
||||||
|
# File for the HAproxy configuration |
||||||
|
|
||||||
|
#Supports http and tcp, for ssl smtp etc.. use tcp |
||||||
|
mode: http |
||||||
|
|
||||||
|
#port on which the lb should listen |
||||||
|
listenport: 8888 |
||||||
|
|
||||||
|
#A name for the proxy daemon, this would be the suffix in the logs. |
||||||
|
daemonname: myapplb |
||||||
|
|
||||||
|
#Balancing Algorithm Avalilable options: roundrobin,source,leastconn,source,uri |
||||||
|
#If persistance is required use source |
||||||
|
balance: roundrobin |
||||||
|
|
@ -0,0 +1,10 @@ |
|||||||
|
[webservers] |
||||||
|
web3 |
||||||
|
web2 |
||||||
|
|
||||||
|
[dbservers] |
||||||
|
web3 |
||||||
|
|
||||||
|
[lbservers] |
||||||
|
web2 |
||||||
|
|
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
# This Playbook adds a webserver into the the web cluster |
||||||
|
|
||||||
|
- hosts: webservers |
||||||
|
user: root |
||||||
|
serial: 1 |
||||||
|
tasks: |
||||||
|
- include: ../roles/webtier/tasks/install_httpd.yml |
||||||
|
- include: ../roles/webtier/tasks/copy_code.yml |
||||||
|
- include: ../roles/webtier/tasks/add_to_lb.yml |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# Handler to handle common notifications |
||||||
|
|
||||||
|
- name: restart ntp |
||||||
|
service: name=ntpd state=restarted |
||||||
|
|
||||||
|
- name: restart iptables |
||||||
|
service: name=iptables state=restarted |
@ -0,0 +1,18 @@ |
|||||||
|
--- |
||||||
|
# This playbook contains common plays that would be run on all Nodes. |
||||||
|
|
||||||
|
- name: Install ntp |
||||||
|
yum: name=ntp state=present |
||||||
|
tags: ntp |
||||||
|
|
||||||
|
- name: Configure ntp file |
||||||
|
template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf |
||||||
|
tags: ntp |
||||||
|
notify: restart ntp |
||||||
|
|
||||||
|
- name: Start the ntp service |
||||||
|
service: name=ntpd state=started enabled=true |
||||||
|
tags: ntp |
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,12 @@ |
|||||||
|
|
||||||
|
driftfile /var/lib/ntp/drift |
||||||
|
|
||||||
|
restrict 127.0.0.1 |
||||||
|
restrict -6 ::1 |
||||||
|
|
||||||
|
server {{ ntpserver }} |
||||||
|
|
||||||
|
includefile /etc/ntp/crypto/pw |
||||||
|
|
||||||
|
keys /etc/ntp/keys |
||||||
|
|
@ -0,0 +1,11 @@ |
|||||||
|
--- |
||||||
|
# This playbook deploys mysql and configures database on the db node/nodes |
||||||
|
|
||||||
|
- hosts: dbservers |
||||||
|
user: root |
||||||
|
tasks: |
||||||
|
- include: common/tasks/main.yml |
||||||
|
- include: dbtier/tasks/install_mysql.yml |
||||||
|
handlers: |
||||||
|
- include: dbtier/handlers/main.yml |
||||||
|
- include: common/handlers/main.yml |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
# Handler to handle DB tier notifications |
||||||
|
|
||||||
|
- name: restart mysql |
||||||
|
service: name=mysqld state=restarted |
||||||
|
|
@ -0,0 +1,32 @@ |
|||||||
|
--- |
||||||
|
# This playbook will install mysql and create db user and give permissions. |
||||||
|
|
||||||
|
- name: Install Mysql package |
||||||
|
action: yum pkg=$item state=installed |
||||||
|
with_items: |
||||||
|
- mysql-server |
||||||
|
- MySQL-python |
||||||
|
- libselinux-python |
||||||
|
- libsemanage-python |
||||||
|
|
||||||
|
- name: Configure SELinux to start mysql on any port |
||||||
|
seboolean: name=mysql_connect_any state=true persistent=yes |
||||||
|
|
||||||
|
- name: Create Mysql configuration file |
||||||
|
action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf |
||||||
|
notify: |
||||||
|
- restart mysql |
||||||
|
|
||||||
|
- name: Start Mysql Service |
||||||
|
service: name=mysqld state=started enabled=true |
||||||
|
|
||||||
|
- name: insert iptables rule |
||||||
|
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" |
||||||
|
notify: restart iptables |
||||||
|
|
||||||
|
|
||||||
|
- name: Create Application Database |
||||||
|
mysql_db: name=$dbname state=present |
||||||
|
|
||||||
|
- name: Create Application DB User |
||||||
|
mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present |
@ -0,0 +1,11 @@ |
|||||||
|
[mysqld] |
||||||
|
datadir=/var/lib/mysql |
||||||
|
socket=/var/lib/mysql/mysql.sock |
||||||
|
user=mysql |
||||||
|
# Disabling symbolic-links is recommended to prevent assorted security risks |
||||||
|
symbolic-links=0 |
||||||
|
port={{ mysql_port }} |
||||||
|
|
||||||
|
[mysqld_safe] |
||||||
|
log-error=/var/log/mysqld.log |
||||||
|
pid-file=/var/run/mysqld/mysqld.pid |
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
#PlayBook for haproxy operations |
||||||
|
|
||||||
|
- hosts: lbservers |
||||||
|
user: root |
||||||
|
tasks: |
||||||
|
- include: haproxy/tasks/install_haproxy.yml |
||||||
|
handlers: |
||||||
|
- include: haproxy/handlers/main.yml |
||||||
|
- include: common/handlers/main.yml |
@ -0,0 +1,11 @@ |
|||||||
|
--- |
||||||
|
# Handlers for the HAproxy |
||||||
|
|
||||||
|
- name: restart haproxy |
||||||
|
service: name=haproxy state=restarted |
||||||
|
|
||||||
|
- name: reload haproxy |
||||||
|
service: name=haproxy state=reloaded |
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,19 @@ |
|||||||
|
--- |
||||||
|
# This PlayBook Installs the HAProxy and configures it. |
||||||
|
|
||||||
|
- name: Download and install haproxy |
||||||
|
command: creates=/opt/haproxy.rpm curl -o /opt/haproxy.rpm ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/haproxy-1.4.18-1.el6.i686.rpm |
||||||
|
|
||||||
|
- name: Install the haproxy rpm. |
||||||
|
command: creates=/etc/haproxy/haproxy.cfg yum -y localinstall /opt/haproxy.rpm |
||||||
|
|
||||||
|
- name: Install the socat package for dynamic addition/removal of hosts |
||||||
|
yum: name=socat state=installed |
||||||
|
|
||||||
|
- name: Open firewall port for haproxy. |
||||||
|
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$listenport" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $listenport -j ACCEPT" |
||||||
|
notify: restart iptables |
||||||
|
|
||||||
|
- name: Configure the haproxy cnf file with hosts |
||||||
|
template: src=haproxy/templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg |
||||||
|
notify: restart haproxy |
@ -0,0 +1,39 @@ |
|||||||
|
global |
||||||
|
log 127.0.0.1 local2 |
||||||
|
|
||||||
|
chroot /var/lib/haproxy |
||||||
|
pidfile /var/run/haproxy.pid |
||||||
|
maxconn 4000 |
||||||
|
user root |
||||||
|
group root |
||||||
|
daemon |
||||||
|
|
||||||
|
# turn on stats unix socket |
||||||
|
stats socket /var/lib/haproxy/stats level admin |
||||||
|
|
||||||
|
defaults |
||||||
|
mode {{ mode }} |
||||||
|
log global |
||||||
|
option httplog |
||||||
|
option dontlognull |
||||||
|
option http-server-close |
||||||
|
option forwardfor except 127.0.0.0/8 |
||||||
|
option redispatch |
||||||
|
retries 3 |
||||||
|
timeout http-request 10s |
||||||
|
timeout queue 1m |
||||||
|
timeout connect 10s |
||||||
|
timeout client 1m |
||||||
|
timeout server 1m |
||||||
|
timeout http-keep-alive 10s |
||||||
|
timeout check 10s |
||||||
|
maxconn 3000 |
||||||
|
|
||||||
|
backend app |
||||||
|
{% for host in groups['lbservers'] %} |
||||||
|
listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} |
||||||
|
{% endfor %} |
||||||
|
balance {{ balance }} |
||||||
|
{% for host in groups['webservers'] %} |
||||||
|
server {{ hostvars[host].ansible_hostname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ httpd_port }} |
||||||
|
{% endfor %} |
@ -0,0 +1,36 @@ |
|||||||
|
global |
||||||
|
log 127.0.0.1 local2 |
||||||
|
|
||||||
|
chroot /var/lib/haproxy |
||||||
|
pidfile /var/run/haproxy.pid |
||||||
|
maxconn 4000 |
||||||
|
user root |
||||||
|
group root |
||||||
|
daemon |
||||||
|
|
||||||
|
# turn on stats unix socket |
||||||
|
stats socket /var/lib/haproxy/stats level admin |
||||||
|
|
||||||
|
defaults |
||||||
|
mode {{ mode }} |
||||||
|
log global |
||||||
|
option httplog |
||||||
|
option dontlognull |
||||||
|
option http-server-close |
||||||
|
option forwardfor except 127.0.0.0/8 |
||||||
|
option redispatch |
||||||
|
retries 3 |
||||||
|
timeout http-request 10s |
||||||
|
timeout queue 1m |
||||||
|
timeout connect 10s |
||||||
|
timeout client 1m |
||||||
|
timeout server 1m |
||||||
|
timeout http-keep-alive 10s |
||||||
|
timeout check 10s |
||||||
|
maxconn 3000 |
||||||
|
|
||||||
|
backend app |
||||||
|
{% for host in groups['lbservers'] %} |
||||||
|
listen {{ daemonname }} {{ hostvars[host].ansible_eth0.ipv4.address }}:{{ listenport }} |
||||||
|
{% endfor %} |
||||||
|
balance {{ balance }} |
@ -0,0 +1,9 @@ |
|||||||
|
--- |
||||||
|
# This Playbook removes a webserver from the pool serialy. |
||||||
|
|
||||||
|
|
||||||
|
- hosts: webservers |
||||||
|
user: root |
||||||
|
serial: 1 |
||||||
|
tasks: |
||||||
|
- include: ../roles/webtier/tasks/remove_from_lb.yml |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# This Playbook does a rolling update of the code for all webservers serially (one at a time). Change the value of serial: to adjust the number of server to be updated. |
||||||
|
|
||||||
|
- hosts: webservers |
||||||
|
user: root |
||||||
|
serial: 1 |
||||||
|
tasks: |
||||||
|
- include: ../roles/webtier/tasks/rolling_update.yml |
@ -0,0 +1,11 @@ |
|||||||
|
--- |
||||||
|
# This Playbook deploys the WebServers with httpd and the code. |
||||||
|
|
||||||
|
- hosts: webservers |
||||||
|
user: root |
||||||
|
tasks: |
||||||
|
- include: common/tasks/main.yml |
||||||
|
- include: webtier/tasks/install_httpd.yml |
||||||
|
- include: webtier/tasks/copy_code.yml |
||||||
|
handlers: |
||||||
|
- include: webtier/handlers/main.yml |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
# Handler for the webtier |
||||||
|
|
||||||
|
- name: restart iptables |
||||||
|
service: name=iptables state=restarted |
@ -0,0 +1,15 @@ |
|||||||
|
--- |
||||||
|
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||||
|
|
||||||
|
- name: Add server to LB |
||||||
|
lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
register: last_run |
||||||
|
|
||||||
|
- name: Reload the haproxy |
||||||
|
service: name=haproxy state=reloaded |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
only_if: ${last_run.changed} |
||||||
|
|
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
# This Playbook is responsible for copying the latest dev/production code from the version control system. |
||||||
|
|
||||||
|
- name: Copy the code from repository |
||||||
|
git: repo=${repository} dest=/var/www/html/ |
||||||
|
|
||||||
|
|
||||||
|
- name: Create's the index.php file |
||||||
|
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||||
|
|
@ -0,0 +1,26 @@ |
|||||||
|
--- |
||||||
|
# This playbook installs http and the php modules. |
||||||
|
|
||||||
|
- name: Install http and php etc |
||||||
|
action: yum name=$item state=installed |
||||||
|
with_items: |
||||||
|
- httpd |
||||||
|
- php |
||||||
|
- php-mysql |
||||||
|
- libsemanage-python |
||||||
|
- libselinux-python |
||||||
|
|
||||||
|
|
||||||
|
- name: insert iptables rule for httpd |
||||||
|
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" |
||||||
|
register: last_run |
||||||
|
|
||||||
|
- name: Apply iptable rule |
||||||
|
service: name=iptables state=restarted |
||||||
|
only_if: ${last_run.changed} |
||||||
|
|
||||||
|
- name: http service state |
||||||
|
service: name=httpd state=started enabled=yes |
||||||
|
|
||||||
|
- name: Configure SELinux to allow httpd to connect to remote database |
||||||
|
seboolean: name=httpd_can_network_connect_db state=true persistent=yes |
@ -0,0 +1,23 @@ |
|||||||
|
--- |
||||||
|
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||||
|
|
||||||
|
- name: Remove the code from server |
||||||
|
command: rm -rf /var/www/html/* |
||||||
|
|
||||||
|
- name: Remove server from LB |
||||||
|
lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
register: last_run |
||||||
|
|
||||||
|
- name: disable the server in haproxy |
||||||
|
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
|
||||||
|
- name: Remove the httpd package |
||||||
|
yum: name=httpd state=absent |
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,22 @@ |
|||||||
|
--- |
||||||
|
# This Playbook implements a rolling update on the infrastructure, change the value of the serial keyword to specify the number of servers the update should happen. |
||||||
|
|
||||||
|
- name: Remove the code from server |
||||||
|
command: rm -rf /var/www/html/* |
||||||
|
|
||||||
|
- name: disable the server in haproxy |
||||||
|
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
|
||||||
|
- name: Copy the code from repository |
||||||
|
git: repo=${repository} dest=/var/www/html/ |
||||||
|
|
||||||
|
- name: Create's the index.php file |
||||||
|
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||||
|
|
||||||
|
- name: Enable the server in haproxy |
||||||
|
shell: echo "enable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers} |
||||||
|
|
@ -0,0 +1,39 @@ |
|||||||
|
--- |
||||||
|
# This Playbook does utility stuff's like adding a webserver into the pool, etc.. |
||||||
|
|
||||||
|
- name: Add server to LB |
||||||
|
lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}" |
||||||
|
delegate_to: ${lbserver} |
||||||
|
register: last_run |
||||||
|
tags: add |
||||||
|
|
||||||
|
- name: Reload the haproxy |
||||||
|
service: name=haproxy state=reloaded |
||||||
|
delegate_to: ${lbserver} |
||||||
|
only_if: ${last_run.changed} |
||||||
|
tags: add |
||||||
|
|
||||||
|
- name: Remove the code from server |
||||||
|
command: rm -rf /var/www/html/* |
||||||
|
tags: remove |
||||||
|
|
||||||
|
- name: Remove server from LB |
||||||
|
lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers}} |
||||||
|
register: last_run |
||||||
|
tags: remove |
||||||
|
|
||||||
|
- name: disable the server in haproxy |
||||||
|
shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats |
||||||
|
delegate_to: $item |
||||||
|
with_items: ${groups.lbservers}} |
||||||
|
tags: remove |
||||||
|
|
||||||
|
- name: Remove the httpd package |
||||||
|
yum: name=httpd state=absent |
||||||
|
tags: remove |
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,16 @@ |
|||||||
|
<html> |
||||||
|
<head> |
||||||
|
<title>Ansible Application</title> |
||||||
|
</head> |
||||||
|
<body> |
||||||
|
</br> |
||||||
|
<a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a> |
||||||
|
</br> |
||||||
|
<?php |
||||||
|
Print "Hello, World! I am configured in Ansible and i am : "; |
||||||
|
echo exec('hostname'); |
||||||
|
Print "</BR>"; |
||||||
|
?> |
||||||
|
</body> |
||||||
|
</html> |
||||||
|
|
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
#This Playbook deploys the whole application stack in this site. |
||||||
|
|
||||||
|
- include: roles/db.yml |
||||||
|
- include: roles/web.yml |
||||||
|
- include: roles/haproxy.yml |
@ -0,0 +1,58 @@ |
|||||||
|
Building a simple LAMP stack and deploying Application using Ansible Playbooks. |
||||||
|
------------------------------------------- |
||||||
|
|
||||||
|
This playbooks is meant to be a reference and starters guide to building Ansible Playbooks. These playbooks were tested on Centos 6.x so we recommend Centos to test these modules. |
||||||
|
|
||||||
|
### Installing Ansible |
||||||
|
|
||||||
|
Running this playbook requires setting up Ansible first, luckily this is a very simple process on Centos 6.x: |
||||||
|
|
||||||
|
yum install http://epel.mirrors.arminco.com/6/x86_64/epel-release-6-8.noarch.rpm |
||||||
|
yum install python PyYAML python-paramiko python-jinja2 |
||||||
|
git clone git://github.com/ansible/ansible.git |
||||||
|
cd ansible |
||||||
|
source hacking/env-setup |
||||||
|
|
||||||
|
Generate/Synchronize your ssh keys(Optional you can pass -k parameter to prompt for password) |
||||||
|
|
||||||
|
ssh-keygen -t rsa |
||||||
|
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys |
||||||
|
|
||||||
|
Create a sample inventory file (File containing the hostnames) |
||||||
|
|
||||||
|
echo "localhost" > ansible_hosts |
||||||
|
|
||||||
|
Test if we are setup properly |
||||||
|
|
||||||
|
ansible -i ansible_hosts localhost -m ping |
||||||
|
localhost | success >> { |
||||||
|
"changed": false, |
||||||
|
"ping": "pong" |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Now we setup our Lamp Stack, The stack can be on a single node or multiple nodes. The inventory file 'hosts' defines the nodes in which the stacks should be configured. |
||||||
|
|
||||||
|
[webservers] |
||||||
|
localhost |
||||||
|
|
||||||
|
[dbservers] |
||||||
|
bensible |
||||||
|
|
||||||
|
Here the webserver would be configured on the localhost and the dbserver on bensible. The stack can be deployed using the following command. |
||||||
|
|
||||||
|
ansible-playbook -i hosts site.yml |
||||||
|
|
||||||
|
Once Done, you can check by browsing to http://<ipofhost>/index.php |
||||||
|
|
||||||
|
If you want to add a new webserver to the stack it would be as simple as changing the hosts file to add the new webserver name and rerun the above command. |
||||||
|
|
||||||
|
[webservers] |
||||||
|
localhost |
||||||
|
webserver1 |
||||||
|
|
||||||
|
[dbservers] |
||||||
|
bensible |
||||||
|
|
||||||
|
ansible-playbook -i hosts site.yml |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
# varialbles here would be applicable to all groups |
||||||
|
|
||||||
|
httpd_port: 80 |
||||||
|
ntpserver: 192.168.1.2 |
||||||
|
repository: http://github.com/bennojoy/mywebapp.git |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# The variables file used by the playbooks in the dbservers group, these dont have to be imported by vars_files: these are autopopulated. |
||||||
|
|
||||||
|
mysqlservice: mysqld |
||||||
|
mysql_port: 3306 |
||||||
|
dbuser: root |
||||||
|
dbname: foodb |
||||||
|
upassword: abc |
@ -0,0 +1,5 @@ |
|||||||
|
[webservers] |
||||||
|
web2 |
||||||
|
|
||||||
|
[dbservers] |
||||||
|
web3 |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# Handler to handle common notifications |
||||||
|
|
||||||
|
- name: restart ntp |
||||||
|
service: name=ntpd state=restarted |
||||||
|
|
||||||
|
- name: restart iptables |
||||||
|
service: name=iptables state=restarted |
@ -0,0 +1,18 @@ |
|||||||
|
--- |
||||||
|
# This playbook contains common plays that would be run on all Nodes. |
||||||
|
|
||||||
|
- name: Install ntp |
||||||
|
yum: name=ntp state=present |
||||||
|
tags: ntp |
||||||
|
|
||||||
|
- name: Configure ntp file |
||||||
|
template: src=common/templates/ntp.conf.j2 dest=/etc/ntp.conf |
||||||
|
tags: ntp |
||||||
|
notify: restart ntp |
||||||
|
|
||||||
|
- name: Start the ntp service |
||||||
|
service: name=ntpd state=started enabled=true |
||||||
|
tags: ntp |
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,12 @@ |
|||||||
|
|
||||||
|
driftfile /var/lib/ntp/drift |
||||||
|
|
||||||
|
restrict 127.0.0.1 |
||||||
|
restrict -6 ::1 |
||||||
|
|
||||||
|
server {{ ntpserver }} |
||||||
|
|
||||||
|
includefile /etc/ntp/crypto/pw |
||||||
|
|
||||||
|
keys /etc/ntp/keys |
||||||
|
|
@ -0,0 +1,11 @@ |
|||||||
|
--- |
||||||
|
# This playbook deploys mysql and configures database on the db node/nodes |
||||||
|
|
||||||
|
- hosts: dbservers |
||||||
|
user: root |
||||||
|
tasks: |
||||||
|
- include: common/tasks/main.yml |
||||||
|
- include: dbtier/tasks/install_mysql.yml |
||||||
|
handlers: |
||||||
|
- include: dbtier/handlers/main.yml |
||||||
|
- include: common/handlers/main.yml |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
# Handler to handle DB tier notifications |
||||||
|
|
||||||
|
- name: restart mysql |
||||||
|
service: name=mysqld state=restarted |
||||||
|
|
@ -0,0 +1,32 @@ |
|||||||
|
--- |
||||||
|
# This playbook will install mysql and create db user and give permissions. |
||||||
|
|
||||||
|
- name: Install Mysql package |
||||||
|
action: yum pkg=$item state=installed |
||||||
|
with_items: |
||||||
|
- mysql-server |
||||||
|
- MySQL-python |
||||||
|
- libselinux-python |
||||||
|
- libsemanage-python |
||||||
|
|
||||||
|
- name: Configure SELinux to start mysql on any port |
||||||
|
seboolean: name=mysql_connect_any state=true persistent=yes |
||||||
|
|
||||||
|
- name: Create Mysql configuration file |
||||||
|
action: template src=dbtier/templates/my.cnf.j2 dest=/etc/my.cnf |
||||||
|
notify: |
||||||
|
- restart mysql |
||||||
|
|
||||||
|
- name: Start Mysql Service |
||||||
|
service: name=mysqld state=started enabled=true |
||||||
|
|
||||||
|
- name: insert iptables rule |
||||||
|
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $mysql_port -j ACCEPT" |
||||||
|
notify: restart iptables |
||||||
|
|
||||||
|
|
||||||
|
- name: Create Application Database |
||||||
|
mysql_db: name=$dbname state=present |
||||||
|
|
||||||
|
- name: Create Application DB User |
||||||
|
mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present |
@ -0,0 +1,11 @@ |
|||||||
|
[mysqld] |
||||||
|
datadir=/var/lib/mysql |
||||||
|
socket=/var/lib/mysql/mysql.sock |
||||||
|
user=mysql |
||||||
|
# Disabling symbolic-links is recommended to prevent assorted security risks |
||||||
|
symbolic-links=0 |
||||||
|
port={{ mysql_port }} |
||||||
|
|
||||||
|
[mysqld_safe] |
||||||
|
log-error=/var/log/mysqld.log |
||||||
|
pid-file=/var/run/mysqld/mysqld.pid |
@ -0,0 +1,11 @@ |
|||||||
|
--- |
||||||
|
# This Playbook deploys the WebServers with httpd and the code. |
||||||
|
|
||||||
|
- hosts: webservers |
||||||
|
user: root |
||||||
|
tasks: |
||||||
|
- include: common/tasks/main.yml |
||||||
|
- include: webtier/tasks/install_httpd.yml |
||||||
|
- include: webtier/tasks/copy_code.yml |
||||||
|
handlers: |
||||||
|
- include: webtier/handlers/main.yml |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
# Handler for the webtier |
||||||
|
|
||||||
|
- name: restart iptables |
||||||
|
service: name=iptables state=restarted |
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
# This Playbook is responsible for copying the latest dev/production code from the version control system. |
||||||
|
|
||||||
|
- name: Copy the code from repository |
||||||
|
git: repo=${repository} dest=/var/www/html/ |
||||||
|
|
||||||
|
|
||||||
|
- name: Create's the index.php file |
||||||
|
template: src=webtier/templates/index.php.j2 dest=/var/www/html/index.php |
||||||
|
|
@ -0,0 +1,26 @@ |
|||||||
|
--- |
||||||
|
# This playbook installs http and the php modules. |
||||||
|
|
||||||
|
- name: Install http and php etc |
||||||
|
action: yum name=$item state=installed |
||||||
|
with_items: |
||||||
|
- httpd |
||||||
|
- php |
||||||
|
- php-mysql |
||||||
|
- libsemanage-python |
||||||
|
- libselinux-python |
||||||
|
|
||||||
|
|
||||||
|
- name: insert iptables rule for httpd |
||||||
|
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" |
||||||
|
register: last_run |
||||||
|
|
||||||
|
- name: Apply iptable rule |
||||||
|
service: name=iptables state=restarted |
||||||
|
only_if: ${last_run.changed} |
||||||
|
|
||||||
|
- name: http service state |
||||||
|
service: name=httpd state=started enabled=yes |
||||||
|
|
||||||
|
- name: Configure SELinux to allow httpd to connect to remote database |
||||||
|
seboolean: name=httpd_can_network_connect_db state=true persistent=yes |
@ -0,0 +1,24 @@ |
|||||||
|
<html> |
||||||
|
<head> |
||||||
|
<title>Ansible Application</title> |
||||||
|
</head> |
||||||
|
<body> |
||||||
|
</br> |
||||||
|
<a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a> |
||||||
|
</br> |
||||||
|
<?php |
||||||
|
Print "Hello, World! I am configured in Ansible and i am : "; |
||||||
|
echo exec('hostname'); |
||||||
|
Print "</BR>"; |
||||||
|
echo "List of Databases: </BR>"; |
||||||
|
{% for host in groups['dbservers'] %} |
||||||
|
$link = mysql_connect('{{ hostvars[host].ansible_eth0.ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysql_error()); |
||||||
|
{% endfor %} |
||||||
|
$res = mysql_query("SHOW DATABASES"); |
||||||
|
while ($row = mysql_fetch_assoc($res)) { |
||||||
|
echo $row['Database'] . "\n"; |
||||||
|
} |
||||||
|
?> |
||||||
|
</body> |
||||||
|
</html> |
||||||
|
|
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
#This Playbook deploys the whole application stack in this site. |
||||||
|
|
||||||
|
- include: roles/db.yml |
||||||
|
- include: roles/web.yml |
Reference in new issue