update 4

lamp_haproxy/playbooks/add_webservers.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook adds  a webserver into the the web cluster
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/web/tasks/install_httpd.yml
+   - include: ../roles/web/tasks/copy_code.yml
+   - include: ../roles/web/tasks/add_to_lb.yml

lamp_haproxy/playbooks/db.yml

@@ -0,0 +1,11 @@
+---
+# This playbook deploys mysql and configures database on the db node/nodes  
+
+- hosts: dbservers
+  user: root
+  tasks: 
+     - include: ../roles/common/tasks/main.yml 
+     - include: ../roles/db/tasks/main.yml
+  handlers:
+     - include: ../roles/db/handlers/main.yml
+     - include: ../roles/common/handlers/main.yml 

lamp_haproxy/playbooks/haproxy.yml

@@ -0,0 +1,10 @@
+---
+#PlayBook for haproxy operations
+
+- hosts: lbservers
+  user: root
+  tasks:
+   - include: ../roles/haproxy/tasks/main.yml
+  handlers:
+   - include: ../roles/haproxy/handlers/main.yml
+   - include: ../roles/common/handlers/main.yml

lamp_haproxy/playbooks/remove_webservers.yml

@@ -0,0 +1,9 @@
+---
+# This Playbook removes a  webserver from  the pool serialy.
+
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/web/tasks/remove_from_lb.yml

lamp_haproxy/playbooks/rolling_update.yml

@@ -0,0 +1,8 @@
+---
+# This Playbook does a rolling update of the code for all webservers serially (one at a time). Change the value of serial: to adjust the number of server to be updated.
+
+- hosts: webservers
+  user: root
+  serial: 1
+  tasks:
+   - include: ../roles/web/tasks/rolling_update.yml

lamp_haproxy/playbooks/web.yml

@@ -0,0 +1,11 @@
+---
+# This Playbook deploys the WebServers with httpd and the code.
+
+- hosts: webservers
+  user: root
+  tasks:
+  - include: ../roles/common/tasks/main.yml
+  - include: ../roles/web/tasks/install_httpd.yml
+  - include: ../roles/web/tasks/copy_code.yml
+  handlers:
+   - include: ../roles/web/handlers/main.yml

lamp_haproxy/roles/db/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# Handler to handle DB tier notifications
+
+- name: restart mysql
+  service: name=mysqld state=restarted
+

lamp_haproxy/roles/db/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# This playbook will install mysql and create db user and give permissions.
+
+- name: Install Mysql package
+  action: yum pkg=$item state=installed
+  with_items:
+   - mysql-server
+   - MySQL-python
+   - libselinux-python
+   - libsemanage-python
+
+- name: Configure SELinux to start mysql on any port
+  seboolean: name=mysql_connect_any state=true persistent=yes
+
+- name: Create Mysql configuration file
+  action: template src=../roles/db/templates/my.cnf.j2 dest=/etc/my.cnf
+  notify: 
+  - restart mysql
+
+- name: Start Mysql Service
+  service: name=mysqld state=started enabled=true
+
+- name: insert iptables rule
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $mysql_port -j  ACCEPT"
+  notify: restart iptables
+
+
+- name: Create Application Database
+  mysql_db: name=$dbname state=present
+
+- name: Create Application DB User
+  mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present

lamp_haproxy/roles/db/templates/my.cnf.j2

@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+port={{ mysql_port }}
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

lamp_haproxy/roles/haproxy/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+# This PlayBook Installs the HAProxy and configures it.
+
+- name: Download and install haproxy
+  command: creates=/opt/haproxy.rpm curl -o /opt/haproxy.rpm ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/haproxy-1.4.18-1.el6.i686.rpm
+
+- name: Install the haproxy rpm.
+  command: creates=/etc/haproxy/haproxy.cfg yum -y localinstall  /opt/haproxy.rpm
+
+- name: Install the socat package for dynamic addition/removal of hosts
+  yum: name=socat state=installed
+
+- name: Open firewall port for haproxy.
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$listenport" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $listenport -j  ACCEPT"
+  notify: restart iptables
+
+- name: Configure the haproxy cnf file with hosts
+  template: src=../roles/haproxy/templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
+  notify: restart haproxy

lamp_haproxy/roles/web/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# Handler for the webtier
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_haproxy/roles/web/tasks/add_to_lb.yml

@@ -0,0 +1,15 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Add server to LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}"
+  delegate_to: $item
+  with_items: ${groups.lbservers}  
+  register: last_run
+   
+- name: Reload the haproxy
+  service: name=haproxy state=reloaded
+  delegate_to: $item
+  with_items: ${groups.lbservers} 
+  only_if: ${last_run.changed}
+

lamp_haproxy/roles/web/tasks/copy_code.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook is responsible for copying the latest dev/production code from the version control system. 
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+
+
+- name: Create's the index.php file 
+  template: src=../roles/web/templates/index.php.j2 dest=/var/www/html/index.php
+  

lamp_haproxy/roles/web/tasks/install_httpd.yml

@@ -0,0 +1,26 @@
+---
+# This playbook installs http and the php modules.
+
+- name: Install http and php etc
+  action: yum  name=$item state=installed
+  with_items:
+   - httpd
+   - php
+   - php-mysql
+   - libsemanage-python
+   - libselinux-python
+  
+
+- name: insert iptables rule for httpd
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $httpd_port -j  ACCEPT"
+  register: last_run
+
+- name: Apply iptable rule
+  service: name=iptables state=restarted
+  only_if: ${last_run.changed}
+
+- name: http service state
+  service: name=httpd state=started enabled=yes
+
+- name: Configure SELinux to allow httpd to connect to remote database
+  seboolean: name=httpd_can_network_connect_db state=true persistent=yes 

lamp_haproxy/roles/web/tasks/remove_from_lb.yml

@@ -0,0 +1,23 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+  
+- name: Remove server from LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" 
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+  register: last_run
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+
+- name: Remove the httpd package
+  yum: name=httpd state=absent
+
+
+
+ 

lamp_haproxy/roles/web/tasks/rolling_update.yml

@@ -0,0 +1,22 @@
+---
+# This Playbook implements a rolling update on the infrastructure, change the value of the serial keyword to specify the number of servers the update should happen.
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+   
+- name: Create's the index.php file
+  template: src=../roles/web/templates/index.php.j2 dest=/var/www/html/index.php
+
+- name: Enable the server in haproxy
+  shell: echo "enable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}
+

lamp_haproxy/roles/web/tasks/utils.yml

@@ -0,0 +1,39 @@
+---
+# This Playbook does utility stuff's like adding a webserver into the pool, etc..
+
+- name: Add server to LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=present regexp="${ansible_hostname}" line="server ${ansible_hostname} ${ansible_eth0.ipv4.address}:${httpd_port}"
+  delegate_to: ${lbserver}
+  register: last_run
+  tags: add
+   
+- name: Reload the haproxy
+  service: name=haproxy state=reloaded
+  delegate_to: ${lbserver}
+  only_if: ${last_run.changed}
+  tags: add
+
+- name: Remove the code from server
+  command: rm -rf /var/www/html/*
+  tags: remove
+  
+- name: Remove server from LB
+  lineinfile: dest=/etc/haproxy/haproxy.cfg state=absent regexp="${ansible_hostname}" 
+  delegate_to: $item
+  with_items: ${groups.lbservers}}
+  register: last_run
+  tags: remove
+
+- name: disable the server in haproxy
+  shell: echo "disable server myapplb/${ansible_hostname}" | socat stdio /var/lib/haproxy/stats
+  delegate_to: $item
+  with_items: ${groups.lbservers}}
+  tags:  remove
+
+- name: Remove the httpd package
+  yum: name=httpd state=absent
+  tags: remove
+
+
+
+ 

lamp_haproxy/roles/web/templates/index.php.j2

@@ -0,0 +1,16 @@
+<html>
+ <head>
+  <title>Ansible Application</title>
+ </head>
+ <body>
+ </br>
+  <a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a>
+ </br>
+<?php 
+ Print "Hello, World! I am configured in Ansible and i am : ";
+ echo exec('hostname');
+ Print  "</BR>";
+?>
+</body>
+</html>
+

lamp_simple/playbooks/db.yml

@@ -0,0 +1,11 @@
+---
+# This playbook deploys mysql and configures database on the db node/nodes  
+
+- hosts: dbservers
+  user: root
+  tasks: 
+     - include: ../roles/common/tasks/main.yml 
+     - include: ../roles/db/tasks/main.yml
+  handlers:
+     - include: ../roles/db/handlers/main.yml
+     - include: ../roles/common/handlers/main.yml 

lamp_simple/playbooks/web.yml

@@ -0,0 +1,11 @@
+---
+# This Playbook deploys the WebServers with httpd and the code.
+
+- hosts: webservers
+  user: root
+  tasks:
+  - include: ../roles/common/tasks/main.yml
+  - include: ../roles/web/tasks/install_httpd.yml
+  - include: ../roles/web/tasks/copy_code.yml
+  handlers:
+   - include: ../roles/web/handlers/main.yml

lamp_simple/roles/db/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# Handler to handle DB tier notifications
+
+- name: restart mysql
+  service: name=mysqld state=restarted
+

lamp_simple/roles/db/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# This playbook will install mysql and create db user and give permissions.
+
+- name: Install Mysql package
+  action: yum pkg=$item state=installed
+  with_items:
+   - mysql-server
+   - MySQL-python
+   - libselinux-python
+   - libsemanage-python
+
+- name: Configure SELinux to start mysql on any port
+  seboolean: name=mysql_connect_any state=true persistent=yes
+
+- name: Create Mysql configuration file
+  action: template src=../roles/db/templates/my.cnf.j2 dest=/etc/my.cnf
+  notify: 
+  - restart mysql
+
+- name: Start Mysql Service
+  service: name=mysqld state=started enabled=true
+
+- name: insert iptables rule
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$mysql_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $mysql_port -j  ACCEPT"
+  notify: restart iptables
+
+
+- name: Create Application Database
+  mysql_db: name=$dbname state=present
+
+- name: Create Application DB User
+  mysql_user: name=$dbuser password=$upassword priv=*.*:ALL host='%' state=present

lamp_simple/roles/db/templates/my.cnf.j2

@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+port={{ mysql_port }}
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

lamp_simple/roles/web/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# Handler for the webtier
+
+- name: restart iptables
+  service: name=iptables state=restarted

lamp_simple/roles/web/tasks/copy_code.yml

@@ -0,0 +1,10 @@
+---
+# This Playbook is responsible for copying the latest dev/production code from the version control system. 
+
+- name: Copy the code from repository
+  git: repo=${repository} dest=/var/www/html/
+
+
+- name: Create's the index.php file 
+  template: src=../roles/web/templates/index.php.j2 dest=/var/www/html/index.php
+  

lamp_simple/roles/web/tasks/install_httpd.yml

@@ -0,0 +1,26 @@
+---
+# This playbook installs http and the php modules.
+
+- name: Install http and php etc
+  action: yum  name=$item state=installed
+  with_items:
+   - httpd
+   - php
+   - php-mysql
+   - libsemanage-python
+   - libselinux-python
+  
+
+- name: insert iptables rule for httpd
+  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="$httpd_port" insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport $httpd_port -j  ACCEPT"
+  register: last_run
+
+- name: Apply iptable rule
+  service: name=iptables state=restarted
+  only_if: ${last_run.changed}
+
+- name: http service state
+  service: name=httpd state=started enabled=yes
+
+- name: Configure SELinux to allow httpd to connect to remote database
+  seboolean: name=httpd_can_network_connect_db state=true persistent=yes 

lamp_simple/roles/web/templates/index.php.j2

@@ -0,0 +1,24 @@
+<html>
+ <head>
+  <title>Ansible Application</title>
+ </head>
+ <body>
+ </br>
+  <a href=http://{{ ansible_eth0.ipv4.address }}/index.html>Homepage</a>
+ </br>
+<?php 
+ Print "Hello, World! I am configured in Ansible and i am : ";
+ echo exec('hostname');
+ Print  "</BR>";
+echo  "List of Databases: </BR>";
+        {% for host in groups['dbservers'] %}
+                $link = mysql_connect('{{ hostvars[host].ansible_eth0.ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysql_error());
+        {% endfor %}
+        $res = mysql_query("SHOW DATABASES");
+        while ($row = mysql_fetch_assoc($res)) {
+                echo $row['Database'] . "\n";
+        }
+?>
+</body>
+</html>
+