Tim Gerla
11 years ago
parent
ec4baee6b1
commit
df9b42c3d1
@ -0,0 +1,10 @@ |
||||
--- |
||||
# This Playbook adds a webserver into the the web cluster |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
serial: 1 |
||||
tasks: |
||||
- include: roles/web/tasks/install_httpd.yml |
||||
- include: roles/web/tasks/copy_code.yml |
||||
- include: roles/web/tasks/add_to_lb.yml |
||||
@ -0,0 +1,8 @@ |
||||
--- |
||||
# This playbook deploys MySQL and configures the database on the db node(s) |
||||
|
||||
- hosts: dbservers |
||||
user: root |
||||
roles: |
||||
- common |
||||
- db |
||||
@ -0,0 +1,8 @@ |
||||
--- |
||||
# Playbook for HAProxy operations |
||||
|
||||
- hosts: lbservers |
||||
user: root |
||||
roles: |
||||
- common |
||||
- haproxy |
||||
@ -0,0 +1,12 @@ |
||||
--- |
||||
# This playbook configures the monitoring node |
||||
|
||||
- hosts: all |
||||
tasks: |
||||
|
||||
- hosts: monitoring |
||||
user: root |
||||
roles: |
||||
- common |
||||
- base-apache |
||||
- nagios |
||||
@ -1,10 +0,0 @@ |
||||
--- |
||||
# This Playbook adds a webserver into the the web cluster |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
serial: 1 |
||||
tasks: |
||||
- include: ../roles/web/tasks/install_httpd.yml |
||||
- include: ../roles/web/tasks/copy_code.yml |
||||
- include: ../roles/web/tasks/add_to_lb.yml |
||||
@ -1,11 +0,0 @@ |
||||
--- |
||||
# This playbook deploys MySQL and configures the database on the db node(s) |
||||
|
||||
- hosts: dbservers |
||||
user: root |
||||
tasks: |
||||
- include: ../roles/common/tasks/main.yml |
||||
- include: ../roles/db/tasks/main.yml |
||||
handlers: |
||||
- include: ../roles/db/handlers/main.yml |
||||
- include: ../roles/common/handlers/main.yml |
||||
@ -1,11 +0,0 @@ |
||||
--- |
||||
# Playbook for HAProxy operations |
||||
|
||||
- hosts: lbservers |
||||
user: root |
||||
tasks: |
||||
- include: ../roles/common/tasks/main.yml |
||||
- include: ../roles/haproxy/tasks/main.yml |
||||
handlers: |
||||
- include: ../roles/haproxy/handlers/main.yml |
||||
- include: ../roles/common/handlers/main.yml |
||||
@ -1,12 +0,0 @@ |
||||
--- |
||||
# This playbook deploys the webservers with httpd and the code. |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
tasks: |
||||
- include: ../roles/common/tasks/main.yml |
||||
- include: ../roles/web/tasks/install_httpd.yml |
||||
- include: ../roles/web/tasks/copy_code.yml |
||||
handlers: |
||||
- include: ../roles/web/handlers/main.yml |
||||
- include: ../roles/common/handlers/main.yml |
||||
@ -0,0 +1,5 @@ |
||||
--- |
||||
# Handler for the web tier |
||||
|
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
||||
@ -0,0 +1,20 @@ |
||||
--- |
||||
# This playbook installs httpd |
||||
|
||||
- name: Install http and php etc |
||||
action: yum name=$item state=installed |
||||
with_items: |
||||
- httpd |
||||
- libsemanage-python |
||||
- libselinux-python |
||||
|
||||
- name: insert iptables template for httpd |
||||
template: src=iptables.j2 dest=/etc/sysconfig/iptables |
||||
register: last_run |
||||
|
||||
- name: Apply iptable rule |
||||
service: name=iptables state=restarted |
||||
only_if: ${last_run.changed} |
||||
|
||||
- name: http service state |
||||
service: name=httpd state=started enabled=yes |
||||
@ -0,0 +1,23 @@ |
||||
# {{ ansible_managed }} |
||||
|
||||
*filter |
||||
:INPUT ACCEPT [0:0] |
||||
:FORWARD ACCEPT [0:0] |
||||
:OUTPUT ACCEPT [0:0] |
||||
-A INPUT -p tcp --dport 80 -j ACCEPT |
||||
{% for host in groups['monitoring'] %} |
||||
-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT |
||||
{% endfor %} |
||||
-A INPUT -p tcp --dport 111 -j ACCEPT |
||||
-A INPUT -p udp --dport 111 -j ACCEPT |
||||
-A INPUT -p tcp --dport 892 -j ACCEPT |
||||
-A INPUT -p udp --dport 892 -j ACCEPT |
||||
-A INPUT -p tcp --dport 850 -j ACCEPT |
||||
-A INPUT -p udp --dport 850 -j ACCEPT |
||||
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
||||
-A INPUT -p icmp -j ACCEPT |
||||
-A INPUT -i lo -j ACCEPT |
||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT |
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited |
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited |
||||
COMMIT |
||||
@ -0,0 +1,144 @@ |
||||
############################################################################### |
||||
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE |
||||
# |
||||
# Last Modified: 05-31-2007 |
||||
# |
||||
# NOTE: This config file is intended to serve as an *extremely* simple |
||||
# example of how you can create configuration entries to monitor |
||||
# the local (Linux) machine. |
||||
# |
||||
############################################################################### |
||||
|
||||
|
||||
|
||||
|
||||
############################################################################### |
||||
############################################################################### |
||||
# |
||||
# HOST DEFINITION |
||||
# |
||||
############################################################################### |
||||
############################################################################### |
||||
|
||||
# Define a host for the local machine |
||||
|
||||
define host{ |
||||
use linux-server ; Name of host template to use |
||||
; This host definition will inherit all variables that are defined |
||||
; in (or inherited by) the linux-server host template definition. |
||||
host_name localhost |
||||
alias localhost |
||||
address 127.0.0.1 |
||||
} |
||||
|
||||
|
||||
|
||||
############################################################################### |
||||
############################################################################### |
||||
# |
||||
# HOST GROUP DEFINITION |
||||
# |
||||
############################################################################### |
||||
############################################################################### |
||||
|
||||
# Define an optional hostgroup for Linux machines |
||||
|
||||
define hostgroup{ |
||||
hostgroup_name linux-servers ; The name of the hostgroup |
||||
alias Linux Servers ; Long name of the group |
||||
members localhost ; Comma separated list of hosts that belong to this group |
||||
} |
||||
|
||||
|
||||
|
||||
############################################################################### |
||||
############################################################################### |
||||
# |
||||
# SERVICE DEFINITIONS |
||||
# |
||||
############################################################################### |
||||
############################################################################### |
||||
|
||||
|
||||
# Define a service to "ping" the local machine |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description PING |
||||
check_command check_ping!100.0,20%!500.0,60% |
||||
} |
||||
|
||||
|
||||
# Define a service to check the disk space of the root partition |
||||
# on the local machine. Warning if < 20% free, critical if |
||||
# < 10% free space on partition. |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description Root Partition |
||||
check_command check_local_disk!20%!10%!/ |
||||
} |
||||
|
||||
|
||||
|
||||
# Define a service to check the number of currently logged in |
||||
# users on the local machine. Warning if > 20 users, critical |
||||
# if > 50 users. |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description Current Users |
||||
check_command check_local_users!20!50 |
||||
} |
||||
|
||||
|
||||
# Define a service to check the number of currently running procs |
||||
# on the local machine. Warning if > 250 processes, critical if |
||||
# > 400 users. |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description Total Processes |
||||
check_command check_local_procs!250!400!RSZDT |
||||
} |
||||
|
||||
|
||||
|
||||
# Define a service to check the load on the local machine. |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description Current Load |
||||
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 |
||||
} |
||||
|
||||
|
||||
|
||||
# Define a service to check the swap usage the local machine. |
||||
# Critical if less than 10% of swap is free, warning if less than 20% is free |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description Swap Usage |
||||
check_command check_local_swap!20!10 |
||||
} |
||||
|
||||
|
||||
|
||||
# Define a service to check SSH on the local machine. |
||||
# Disable notifications for this service by default, as not all users may have SSH enabled. |
||||
|
||||
define service{ |
||||
use local-service ; Name of service template to use |
||||
host_name localhost |
||||
service_description SSH |
||||
check_command check_ssh |
||||
notifications_enabled 0 |
||||
} |
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,7 @@ |
||||
--- |
||||
# handlers for icinga |
||||
- name: restart httpd |
||||
service: name=httpd state=restarted |
||||
|
||||
- name: restart nagios |
||||
service: name=nagios state=restarted |
||||
@ -0,0 +1,42 @@ |
||||
--- |
||||
# This playbook will install nagios |
||||
|
||||
- name: install nagios |
||||
yum: pkg=$item state=installed |
||||
with_items: |
||||
- nagios |
||||
- nagios-plugins |
||||
- nagios-plugins-nrpe |
||||
- nagios-plugins-ping |
||||
- nagios-plugins-ssh |
||||
- nagios-plugins-http |
||||
- nagios-plugins-mysql |
||||
- nagios-devel |
||||
notify: restart httpd |
||||
|
||||
- name: create nagios config dir |
||||
file: path=/etc/nagios/ansible-managed state=directory |
||||
tags: |
||||
- nagios-setup |
||||
|
||||
- name: configure nagios |
||||
copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg |
||||
tags: |
||||
- nagios-setup |
||||
notify: restart nagios |
||||
|
||||
- name: configure localhost monitoring |
||||
copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg |
||||
tags: |
||||
- nagios-setup |
||||
notify: restart nagios |
||||
|
||||
- name: create the nagios object files |
||||
template: src=servers.cfg.j2 |
||||
dest=/etc/nagios/ansible-managed/servers.cfg |
||||
tags: |
||||
- nagios-setup |
||||
notify: restart nagios |
||||
|
||||
- name: start nagios |
||||
service: name=nagios state=started enabled=yes |
||||
@ -0,0 +1,112 @@ |
||||
# {{ ansible_managed }} |
||||
|
||||
define hostgroup { |
||||
hostgroup_name webservers |
||||
alias Web Servers |
||||
} |
||||
|
||||
define hostgroup { |
||||
hostgroup_name loadbalancers |
||||
alias Load Balancers |
||||
} |
||||
|
||||
define hostgroup { |
||||
hostgroup_name dbservers |
||||
alias Database Servers |
||||
} |
||||
|
||||
|
||||
{% for host in groups['webservers'] %} |
||||
define host { |
||||
use linux-server |
||||
host_name {{ host }} |
||||
alias {{ host }} |
||||
address {{ hostvars[host].ansible_default_ipv4.address }} |
||||
hostgroups webservers |
||||
} |
||||
{% endfor %} |
||||
|
||||
{% for host in groups['lbservers'] %} |
||||
define host { |
||||
use linux-server |
||||
host_name {{ host }} |
||||
alias {{ host }} |
||||
address {{ hostvars[host].ansible_default_ipv4.address }} |
||||
hostgroups loadbalancers |
||||
} |
||||
define service { |
||||
use local-service |
||||
host_name {{ host }} |
||||
service_description HAProxy Load Balancer |
||||
check_command check_http!-p{{ hostvars[host].listenport }} |
||||
} |
||||
{% endfor %} |
||||
|
||||
{% for host in groups['dbservers'] %} |
||||
define host { |
||||
use linux-server |
||||
host_name {{ host }} |
||||
alias {{ host }} |
||||
address {{ hostvars[host].ansible_default_ipv4.address }} |
||||
hostgroups dbservers |
||||
} |
||||
{% endfor %} |
||||
|
||||
# service checks to be applied to all hosts |
||||
|
||||
define service { |
||||
use local-service |
||||
host_name localhost |
||||
service_description Root Partition |
||||
check_command check_local_disk!20%!10%!/ |
||||
} |
||||
|
||||
define service { |
||||
use local-service |
||||
host_name * |
||||
service_description Current Users |
||||
check_command check_local_users!20!50 |
||||
} |
||||
|
||||
|
||||
define service { |
||||
use local-service |
||||
host_name * |
||||
service_description Total Processes |
||||
check_command check_local_procs!250!400!RSZDT |
||||
} |
||||
|
||||
define service { |
||||
use local-service |
||||
host_name * |
||||
service_description Current Load |
||||
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 |
||||
} |
||||
|
||||
define service { |
||||
use local-service |
||||
host_name * |
||||
service_description Swap Usage |
||||
check_command check_local_swap!20!10 |
||||
} |
||||
|
||||
# service checks to be applied to the web server |
||||
|
||||
define service { |
||||
use local-service |
||||
hostgroup_name webservers |
||||
service_description Apache Web Server |
||||
check_command check_http |
||||
notifications_enabled 0 |
||||
} |
||||
|
||||
# service checks to be applied to the database server |
||||
|
||||
#define service { |
||||
# use local-service |
||||
# hostgroup_name dbservers |
||||
# service_description MySQL Database Server |
||||
# check_command check_mysql |
||||
# notifications_enabled 0 |
||||
#} |
||||
|
||||
@ -1,25 +1,11 @@ |
||||
--- |
||||
# This playbook installs http and the php modules. |
||||
# This playbook installs the php modules. |
||||
|
||||
- name: Install http and php etc |
||||
action: yum name=$item state=installed |
||||
with_items: |
||||
- httpd |
||||
- php |
||||
- php-mysql |
||||
- libsemanage-python |
||||
- libselinux-python |
||||
|
||||
- name: insert iptables rule for httpd |
||||
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport $httpd_port -j ACCEPT" |
||||
register: last_run |
||||
|
||||
- name: Apply iptable rule |
||||
service: name=iptables state=restarted |
||||
only_if: ${last_run.changed} |
||||
|
||||
- name: http service state |
||||
service: name=httpd state=started enabled=yes |
||||
|
||||
- name: Configure SELinux to allow httpd to connect to remote database |
||||
seboolean: name=httpd_can_network_connect_db state=true persistent=yes |
||||
|
||||
@ -1,6 +1,7 @@ |
||||
--- |
||||
#This Playbook deploys the whole application stack in this site. |
||||
|
||||
- include: playbooks/db.yml |
||||
- include: playbooks/web.yml |
||||
- include: playbooks/haproxy.yml |
||||
- include: db.yml |
||||
- include: web.yml |
||||
- include: haproxy.yml |
||||
- include: nagios.yml |
||||
|
||||
@ -0,0 +1,13 @@ |
||||
--- |
||||
# This playbook deploys the webservers with httpd and the code. |
||||
|
||||
- hosts: monitoring |
||||
tasks: |
||||
|
||||
- hosts: webservers |
||||
user: root |
||||
|
||||
roles: |
||||
- common |
||||
- base-apache |
||||
- web |
||||
Reference in new issue