diff --git a/README.md b/README.md index 565a9de..3af1125 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,29 @@ C4SCIENCE ========= * Ansible playbook for git infrastructure on openstack + +USAGE +----- + * How to use, ``` make status #list instances make up #create instances make clean #destroy instances ``` * You must create an Switch Engines bucket * see https://help.switch.ch/engines/documentation/s3-like-object-storage/ ``` ./s3cmd mb s3://phabricator ``` * you must create a volume for the repo, and attach it to the jump server ``` nova volume-create 100 nova volume-attach /dev/vdb ``` diff --git a/tasks/configure-app.yml b/tasks/configure-app.yml index f1ddd90..4fb7c95 100644 --- a/tasks/configure-app.yml +++ b/tasks/configure-app.yml @@ -1,145 +1,145 @@ --- -#- name: Wait for SSH to be available for App servers -# wait_for: port=22 host="{{ hostvars[item]['inventory_hostname'] }}" timeout=180 -# with_items: "{{ groups['app'] }}" +- name: Wait for SSH to be available for App servers + wait_for: port=22 host="{{ hostvars[item]['inventory_hostname'] }}" timeout=180 + with_items: "{{ groups['app'] }}" - yum: name="{{ item }}" state=present with_items: - nginx - php - php-fpm - php-mysql - php-gd - php-mbstring - php-posix - php-pear - php-devel - pcre-devel - yum: name="{{ item }}" state=absent with_items: - php-pecl-apcu ## Users - user: name="{{ phd_user }}" - user: name="{{ www_user }}" - user: name: "{{ vcs_user }}" password: "NP" shell: "/bin/sh" - name: Create sudoers template: src: sudoers dest: "/etc/sudoers.d/phabricator" mode: 0440 owner: root group: root validate: "/usr/sbin/visudo -cf %s" ## Nginx - name: Install nginx yum: name=nginx state=present - name: Autostart nginx command: chkconfig nginx on - name: Copy nginx config template: src=nginx-phabricator.conf dest=/etc/nginx/conf.d/phabricator.conf notify: restart nginx # PHP CGI - name: Autostart php-fpm command: chkconfig php-fpm on - name: Copy php.ini configuration template: src=php.ini dest=/etc/php.ini notify: restart php-fpm - name: Install APC shell: yes '' | pecl install apc; echo '' # SSH - name: SSH hook for phabricator template: src: phabricator_ssh_hook.sh dest: /usr/libexec/phabricator_ssh_hook.sh group: "{{ phd_user }}" mode: 0755 - name: SSHd config for phabricator template: src: phabricator_sshd_config dest: /etc/ssh/sshd_config.phabricator mode: 0640 - name: SSHd systemd service for phabricator template: src: phabricator_sshd_init dest: /usr/lib/systemd/system/sshd_phabricator.service mode: 0640 notify: restart sshd_phabricator ## Phabricator # Source: https://github.com/relrod/phabricator-ansible - name: Create log directory file: state=directory path=/var/log/phabricator owner="{{ phd_user }}" group="{{ phd_user }}" - name: Create directory file: state=directory path=/srv/www owner="{{ phd_user }}" - name: Create tmp directory file: state=directory path=/var/tmp/phd/ owner="{{ phd_user }}" - name: Clone facebook/libphutil git: repo=https://github.com/facebook/libphutil.git dest=/srv/www/facebook/libphutil sudo_user: "{{ phd_user }}" - name: Clone facebook/arcanist git: repo=https://github.com/facebook/arcanist.git dest=/srv/www/facebook/arcanist sudo_user: "{{ phd_user }}" - name: Clone facebook/phabricator to {{ phabricator_path }} git: repo=https://github.com/facebook/phabricator.git dest=/srv/www/facebook/phabricator sudo_user: "{{ phd_user }}" - name: Create a conf/custom directory. file: state=directory path={{ phabricator_path }}/conf/custom sudo_user: "{{ phd_user }}" - name: Place a starting-point custom config in {{ phabricator_path }}conf/custom/myconfig.conf.php template: src=phabricator_myconfig.conf.php dest={{ phabricator_path }}conf/custom/myconfig.conf.php sudo_user: "{{ phd_user }}" - name: Include the config shell: echo 'custom/myconfig' > {{ phabricator_path }}conf/local/ENVIRONMENT sudo_user: "{{ phd_user }}" - name: Migrate the database command: chdir={{ phabricator_path }} ./bin/storage upgrade --force sudo_user: "{{ phd_user }}" - name: Create the repository directory file: state=directory path="{{ repositories_path }}" owner="{{ phd_user }}" group="{{ phd_user }}" - name: Mount NFS share mount: name: "{{ repositories_path }}" src: "{{ hostvars['127.0.0.1']['openstackjump']['private_ip'][0] }}:{{ repositories_path }}" fstype: 'nfs' opts: 'auto' state: 'mounted' ## Application - name: Start PHD daemons command: chdir={{ phabricator_path }} ./bin/phd restart sudo_user: "{{ phd_user }}" diff --git a/tasks/configure-dbs.yml b/tasks/configure-dbs.yml index 7c58853..5789eae 100644 --- a/tasks/configure-dbs.yml +++ b/tasks/configure-dbs.yml @@ -1,27 +1,29 @@ --- - yum: name=http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm state=present - yum: name="{{ item }}" state=present with_items: - mysql-community-server - MySQL-python +- service: name=mysqld state=restarted + - name: Copy mysql config template: src=my.cnf dest=/etc/my.cnf - name: Copy phabricator stop words copy: src=stopwords.txt dest=/srv/stopwords.txt notify: restart mysql - name: Create database user mysql_user: state=present user={{ mysql_user }} password={{ mysql_pass}} priv=*.*:ALL host=10.0.0.0/255.255.0.0 diff --git a/tasks/configure-jump.yml b/tasks/configure-jump.yml index 9144401..775b60f 100644 --- a/tasks/configure-jump.yml +++ b/tasks/configure-jump.yml @@ -1,78 +1,80 @@ --- - yum: name="{{ item }}" state=present with_items: - firewalld - nmap-ncat - haproxy - socat +- service: name=firewalld state=restarted + - firewalld: port: "{{ item }}/tcp" permanent: true state: enabled immediate: true with_items: - 8080 - 1234 - 80 - 443 - 22 - firewalld: port: "{{ item }}/tcp" source: '10.0.0.0/16' immediate: true permanent: true zone: internal state: enabled with_items: - 22 - 111 - 2049 - 20048 - 45817 - 36778 - firewalld: port: "{{ item }}/udp" source: '10.0.0.0/16' immediate: true permanent: true zone: internal state: enabled with_items: - 111 - 2049 - 20048 - 54547 - 44524 - name: Configure the haproxy cnf file with hosts template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg notify: restart haproxy - name: Start the haproxy service service: name=haproxy state=started enabled=yes - name: Create volume filesystem filesystem: fstype=ext4 dev=/dev/vdb - user: name="{{ phd_user }}" - name: Create nfs directory file: state: directory path: "{{ repositories_path }}" owner: "{{ phd_user }}" group: "{{ phd_user }}" mode: 0755 - name: Mount repo volume mount: name: "{{ repositories_path }}" src: "/dev/vdb" fstype: 'ext4' opts: 'defaults' state: 'mounted' diff --git a/tasks/create-instances.yml b/tasks/create-instances.yml index 97113c6..06830e5 100644 --- a/tasks/create-instances.yml +++ b/tasks/create-instances.yml @@ -1,127 +1,127 @@ --- - name: Create jump nova_compute: state: present auth_url: "{{ auth_url }}" login_username: "{{ login_username }}" login_password: "{{ login_password }}" login_tenant_name: "{{ login_tenant_name }}" security_groups: "{{ secgroup_all }}" name: c4science-jump image_name: "{{ image_name }}" key_name: "{{ keypair_name }}" wait_for: 500 #auto_floating_ip: yes floating_ips: - "{{ external_ip }}" nics: - net-id: "{{ private_net}}" flavor_id: "{{ flavor_id_small }}" meta: hostname: c4science-jump group: ansible register: openstackjump - name: Wait for SSH to be available on Jump server - wait_for: port=22 host="{{ openstackjump.public_ip[0] }}" timeout=180 state=started + wait_for: port=22 host="{{ openstackjump.public_ip[0] }}" state=started - add_host: name: "{{ openstackjump.public_ip[0] }}" groupname: lbs - name: Create App1 nova_compute: state: present auth_url: "{{ auth_url }}" login_username: "{{ login_username }}" login_password: "{{ login_password }}" login_tenant_name: "{{ login_tenant_name }}" security_groups: "{{ secgroup_all }}" name: c4science-app01 image_name: "{{ image_name }}" key_name: "{{ keypair_name }}" wait_for: 500 nics: - net-id: "{{ private_net }}" flavor_id: "{{ flavor_id_medium }}" meta: hostname: c4science-app01 group: ansible register: openstackapp1 - add_host: name: "{{ openstackapp1.private_ip[0] }}" groupname: app - name: Create App2 nova_compute: state: present auth_url: "{{ auth_url }}" login_username: "{{ login_username }}" login_password: "{{ login_password }}" login_tenant_name: "{{ login_tenant_name }}" security_groups: "{{ secgroup_all }}" name: c4science-app02 image_name: "{{ image_name }}" key_name: "{{ keypair_name }}" wait_for: 500 nics: - net-id: "{{ private_net }}" flavor_id: "{{ flavor_id_medium }}" meta: hostname: c4science-app02 group: ansible register: openstackapp2 - add_host: name: "{{ openstackapp2.private_ip[0] }}" groupname: app - name: Create Db1 nova_compute: state: present auth_url: "{{ auth_url }}" login_username: "{{ login_username }}" login_password: "{{ login_password }}" login_tenant_name: "{{ login_tenant_name }}" security_groups: "{{ secgroup_all }}" name: c4science-db01 image_name: "{{ image_name }}" key_name: "{{ keypair_name }}" wait_for: 500 nics: - net-id: "{{ private_net }}" flavor_id: "{{ flavor_id_small }}" meta: hostname: c4science-db01 group: ansible register: openstackdb1 - add_host: name: "{{ openstackdb1.private_ip[0] }}" groupname: dbs - name: Create Ci1 nova_compute: state: present auth_url: "{{ auth_url }}" login_username: "{{ login_username }}" login_password: "{{ login_password }}" login_tenant_name: "{{ login_tenant_name }}" security_groups: "{{ secgroup_all }}" name: c4science-ci01 image_name: "{{ image_name }}" key_name: "{{ keypair_name }}" wait_for: 500 nics: - net-id: "{{ private_net }}" flavor_id: "{{ flavor_id_small }}" meta: hostname: c4science-ci01 group: ansible register: openstackci01 - add_host: name: "{{ openstackci01.private_ip[0] }}" groupname: ci