diff --git a/books/main_dev.yml b/books/main_dev.yml index 702a533..1b69081 100644 --- a/books/main_dev.yml +++ b/books/main_dev.yml @@ -1,37 +1,33 @@ --- #- name: debug # hosts: 10.10.0.2 # tasks: # - debug: var=hostvars['10.10.0.2'] - name: Configure dev box hosts: 10.10.0.2 vars_files: - "../vars/test.yml" vars: proxy: no user: vagrant become: yes roles: - role: ../roles/common - role: ../roles/swap/roles/swap - role: ../roles/haproxy - role: ../roles/jump - role: ../roles/mariadb - role: ../roles/apache apache_config: phabricator.conf - role: ../roles/glusterfs - role: ../roles/fs - role: ../roles/phabricator - role: ../roles/shibboleth tasks: - include: ../roles/phabricator/tasks/packages.yml - include: ../roles/phabricator/tasks/users.yml - include: ../roles/phabricator/tasks/glusterfs.yml - include: ../roles/phabricator/tasks/install.yml - myconfig: ../roles/phabricator/templates/myconfig.conf.php - include: ../roles/phabricator/tasks/daemons.yml - phd_init: ../roles/phabricator/templates/phd_init - include: ../roles/phabricator/tasks/notif.yml - aphlict_init: ../roles/phabricator/templates/aphlict_init - aphlict_conf: ../roles/phabricator/templates/aphlict.custom.json diff --git a/books/main_servers.yml b/books/main_servers.yml index 989839c..1830473 100644 --- a/books/main_servers.yml +++ b/books/main_servers.yml @@ -1,211 +1,208 @@ --- - name: Get local commit hosts: 127.0.0.1 tags: always connection: local gather_facts: false tasks: - shell: "git show-ref -s --head HEAD | head -n 1" register: commit tags: [ 'always' ] - name: Configure Jump Server hosts: lbs tags: conf-lbs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" port: 222 user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix postfix_mynetworks: [ "{{ ip_range }}" ] enable_postfix_relayhost: false - role: ../roles/letsencrypt when: env != "test" - role: ../roles/haproxy - role: ../roles/jump tasks: - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" #- name: Configure keepalived for jump # hosts: c4science-jump00 # roles: # - role: ../rolesepalived # keepalived_shared_ip: "{{ external_ip }}" # keepalived_role: ../rolesaster" #- name: Configure keepalived for jump2 # hosts: c4science-jump01 # roles: # - role: ../rolesepalived # keepalived_shared_ip: "{{ external_ip }}" # keepalived_role: ../roleslave" # tasks: # - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Monitoring Server hosts: monit tags: conf-monit vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/logcheck - role: ../roles/rsyslog - { role: ../roles/apache, apache_config: placeholder.conf, www_user: apache } - role: ../roles/nagios - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/ganglia-gmetad tasks: - include: ../roles/mariadb/tasks/install.yml yum_repo: ../roles/mariadb/files/yum.repo - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Databases hosts: dbs tags: conf-dbs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/mariadb tasks: - include: ../roles/phabricator/tasks/packages.yml - include: ../roles/phabricator/tasks/users.yml - - include: ../roles/phabricator/tasks/install.yml myconfig=../roles/phabricator/templates/myconfig.conf.php + - include: ../roles/phabricator/tasks/install.yml - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" handlers: - name: reload apache shell: service httpd restart #Because of phabricator/tasks/install.yml - name: Configure App hosts: app tags: conf-app vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix postfix_mynetworks: [ "127.0.0.0/8", "{{ internal_ip }}" ] tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - { role: ../roles/apache, apache_config: phabricator.conf } - role: ../roles/glusterfs tags: ['gluster'] - role: ../roles/phabricator - role: ../roles/shibboleth tasks: - include: ../roles/phabricator/tasks/notif.yml - aphlict_init: ../roles/phabricator/templates/aphlict_init - aphlict_conf: ../roles/phabricator/templates/aphlict.custom.json - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Filesystem for repositories hosts: fs tags: conf-fs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/glusterfs tags: ['gluster'] #- role: ../roles/fs #- tags: ['gluster'] tasks: - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure App Daemons hosts: phd tags: conf-phd vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/glusterfs tags: ['gluster'] tasks: - include: ../roles/phabricator/tasks/packages.yml - include: ../roles/phabricator/tasks/users.yml - include: ../roles/phabricator/tasks/glusterfs.yml - - include: ../roles/phabricator/tasks/install.yml myconfig=../roles/phabricator/templates/myconfig.conf.php + - include: ../roles/phabricator/tasks/install.yml #- include: ../roles/phabricator/tasks/customize.yml #might be needed sometime - include: ../roles/phabricator/tasks/daemons.yml - phd_init: ../roles/phabricator/templates/phd_init - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" handlers: - name: reload apache shell: service phd restart #in daemons instance, php is run from phd and not from apache diff --git a/roles/phabricator/tasks/ssh.yml b/roles/phabricator/tasks/ssh.yml index cec9546..9b217a6 100644 --- a/roles/phabricator/tasks/ssh.yml +++ b/roles/phabricator/tasks/ssh.yml @@ -1,23 +1,23 @@ --- - name: SSH hook for phabricator template: - src: ssh_hook.sh + src: "{{ ssh_hook }}" dest: /usr/libexec/phabricator_ssh_hook.sh group: "{{ phd_user }}" mode: 0755 - name: SSHd config for phabricator template: - src: sshd_config + src: "{{ sshd_config }}" dest: /etc/ssh/sshd_config.phabricator mode: 0640 - name: SSHd systemd service for phabricator template: - src: sshd_init + src: "{{ sshd_init }}" dest: /usr/lib/systemd/system/sshd_phabricator.service mode: 0640 notify: restart sshd_phabricator - name: Start sshd for phabricator service: name=sshd_phabricator state=started enabled=true diff --git a/vars/main.yml.example b/vars/main.yml.example index 0ce69de..a09792b 100644 --- a/vars/main.yml.example +++ b/vars/main.yml.example @@ -1,116 +1,125 @@ --- env: prod project_name: "c4science" ansible_ssh_user: "centos" proxy: no http_proxy: "" https_proxy: "" no_proxy: "localhost" proxy_url: "{{ http_proxy }}" __no_proxy: "{{ no_proxy }}" user_pwd_root: "" user_pwd_centos: "" # OpenStack keypair_name: "" image_id: "" image_id_coreos: "" public_net: "" private_net: "" flavor_id_small: "" flavor_id_medium: "" flavor_id_large: "" flavor_id_small_backup: "" private_net_backup: "" image_id_backup: "" region_main: "" region_back: "" # Storage glusterfs_default_release: 38 s3_access_key: "" s3_secret_key: "" s3_endpoint: "" s3_bucket: "" s3_region: "" # Lbs internal_ip: 0.0.0.0 external_ip: 0.0.0.0 backup_ip: 0.0.0.0 ip_range: "10.0.0.0/16" notif_port: 22280 jenkins_port: 8080 stats_port: 8082 monit_port: 8081 monit_user: admin monit_pass: rolling_reboot_proxy_host: "{{ external_ip }}" rolling_reboot_pause: 30 rolling_reboot_wait_delay: 20 # App developer_mode: false http_scheme: 'http://' domain: example.com file_domain: "example-cdn.com" phabricator_branch: production phabricator_path: /srv/ repositories_path: /var/repo/ files_path: /var/files/ phd_user: phabricator www_user: apache vcs_user: git vcs_port_front: 22 vcs_port_back: 2222 jenkins_prefix: "/" jenkins_url: "{{ http_scheme }}jenkins.{{ domain }}{{ jenkins_prefix }}" jenkins_user: "admin" jenkins_token: "" jenkins_cred: "xxx-yyy-zzz" shib_metadata_file: "metadata.xml" shib_metadata_provider: "http://example.com/{{ shib_metadata_file }}" phabricator_domains: - "{{ domain }}" - 'example.com' google_webmaster_file: "googleXYZ.html" # Dbs mysql_repl_user: "repl" mysql_repl_pass: "" mysql_app_user: "" mysql_app_pass: "" mysql_shib_user: "" mysql_shib_pass: "" mysql_shib_db: "shibboleth" mysql_lbs_user: "haproxy" mysql_cluster_name: "" mysql_host: "10.0.0.0/255.255.0.0" # SSH ssh_keys: - "ssh-rsa mysuperkey1" - "ssh-rsa mysuperkey2" # Swap swap_path: "/swapfile" dd_bs_size_mb: 32 swap_count: 128 swappiness: 10 vfs_cache_pressure: 50 # Email configure_postfix: true enable_postfix_domain_rewrite: true enable_postfix_relayhost: true postfix_relayhost: "[{{ internal_ip }}]" postfix_rewrite_domain: "{{ domain }}" email_alias_phabricator: "" email_alias_postmaster: "" email_alias_admin: "" email_monitoring: "" + +# Config files +ssh_hook: '../roles/phabricator/templates/ssh_hook.sh' +sshd_config: '../roles/phabricator/templates/sshd_config' +sshd_init: '../roles/phabricator/templates/sshd_init' +phd_init: '../roles/phabricator/templates/phd_init' +aphlict_init: '../roles/phabricator/templates/aphlict_init' +aphlict_conf: '../roles/phabricator/templates/aphlict.custom.json' +myconfig: '../roles/phabricator/templates/myconfig.conf.php'