From bba5262e57ede003010e2d271ec042b8364a6e21 Mon Sep 17 00:00:00 2001
From: Tyler Hale <tyler@haletek.com>
Date: Wed, 18 Jan 2023 14:42:02 -0700
Subject: [PATCH] Initial commit

---
 hosts.yml                                   | 12 +++
 nginx_cluster.yml                           |  7 ++
 roles/nginx_cluster/defaults/main.yml       | 20 +++++
 roles/nginx_cluster/handlers/main.yml       | 16 ++++
 roles/nginx_cluster/tasks/main.yml          | 83 +++++++++++++++++++++
 roles/nginx_cluster/tasks/setup-server.yml  | 20 +++++
 roles/nginx_cluster/templates/lsynd.conf.j2 | 69 +++++++++++++++++
 site.yml                                    |  4 +
 8 files changed, 231 insertions(+)
 create mode 100644 hosts.yml
 create mode 100644 nginx_cluster.yml
 create mode 100644 roles/nginx_cluster/defaults/main.yml
 create mode 100644 roles/nginx_cluster/handlers/main.yml
 create mode 100644 roles/nginx_cluster/tasks/main.yml
 create mode 100644 roles/nginx_cluster/tasks/setup-server.yml
 create mode 100644 roles/nginx_cluster/templates/lsynd.conf.j2
 create mode 100644 site.yml

diff --git a/hosts.yml b/hosts.yml
new file mode 100644
index 0000000..bb2cc6e
--- /dev/null
+++ b/hosts.yml
@@ -0,0 +1,12 @@
+---
+# file: hosts
+
+nginx_cluster:
+  hosts:
+    ws01:
+      ansible_host: 10.10.10.14
+    ws02:
+      ansible_host: 10.10.10.18
+
+  vars:
+    ansible_user: ansible
diff --git a/nginx_cluster.yml b/nginx_cluster.yml
new file mode 100644
index 0000000..6f811d9
--- /dev/null
+++ b/nginx_cluster.yml
@@ -0,0 +1,7 @@
+---
+# file: nginx_cluster.yml
+
+- hosts: nginx_cluster
+  become: true
+  roles:
+    - nginx_cluster
diff --git a/roles/nginx_cluster/defaults/main.yml b/roles/nginx_cluster/defaults/main.yml
new file mode 100644
index 0000000..ef7c9f5
--- /dev/null
+++ b/roles/nginx_cluster/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+# file: roles/nginx_cluster/defaults/main.yml
+
+nginx_cluster_user: root
+nginx_cluster_private_key: "/root/.ssh/lsyncd"
+
+nginx_cluster_temp_dir: "/tmp/lsyncdSyncTemp"
+
+nginx_cluser_sync_site_dir: "/var/www/html"
+nginx_cluser_sync_config_dir: "/etc/nginx"
+nginx_cluser_sync_php_config_dir: "/etc/php.d"
+
+nginx_cluser_lsyncd_mode: "rsyncssh"
+nginx_cluser_lsyncd_delay: "0"
+nginx_cluser_lsyncd_rsync_times: "true"
+nginx_cluser_lsyncd_rsync_archive: "true"
+nginx_cluser_lsyncd_rsync_compress: "true"
+nginx_cluser_lsyncd_rsync_perms: "true"
+nginx_cluser_lsyncd_rsync_acls: "true"
+nginx_cluser_lsyncd_rsync_owner: "true"
diff --git a/roles/nginx_cluster/handlers/main.yml b/roles/nginx_cluster/handlers/main.yml
new file mode 100644
index 0000000..8e04ee0
--- /dev/null
+++ b/roles/nginx_cluster/handlers/main.yml
@@ -0,0 +1,16 @@
+---
+# file: roles/haproxy/handlers/main.yml
+
+- name: Daemon Reload
+  systemd:
+    daemon_reload: yes
+
+- name: Restart lsyncd
+  service: 
+    name: lsyncd
+    state: restarted
+
+- name: Restart SSH
+  service: 
+    name: sshd
+    state: restarted
diff --git a/roles/nginx_cluster/tasks/main.yml b/roles/nginx_cluster/tasks/main.yml
new file mode 100644
index 0000000..e8188f1
--- /dev/null
+++ b/roles/nginx_cluster/tasks/main.yml
@@ -0,0 +1,83 @@
+---
+# file: roles/nginx_cluster/tasks/main.yml
+
+- name: Install EPEL RPM
+  package:
+    name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+    state: present
+    disable_gpg_check: True
+  when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
+
+- name: Install prereq packages
+  package:
+    name:
+      - nginx
+      - php
+      - lsyncd
+    state: latest
+
+- name: Create temp directory
+  file:
+    path: "{{ nginx_cluster_temp_dir }}"
+    state: directory
+    owner: "{{ nginx_cluster_user }}"
+    group: "{{ nginx_cluster_user }}"
+    mode: '700'
+
+- name: Create sync directory
+  file:
+    path: "{{ nginx_cluser_sync_site_dir }}"
+    state: directory
+    owner: "nginx"
+    group: "nginx"
+    mode: '755'
+
+- name: Generate ssh keypair for cluster communication
+  user:
+    name: "{{ nginx_cluster_user }}"
+    generate_ssh_key: yes
+    ssh_key_type: ed25519
+    ssh_key_bits: 4096
+    ssh_key_file: "{{ nginx_cluster_private_key }}"
+    ssh_key_passphrase: ""
+    force: no
+
+- name: Get the public key
+  slurp:
+    src: "{{ nginx_cluster_private_key }}.pub"
+  register: slurped_pub_key
+
+- name: Decode the pub key and store as fact
+  set_fact:
+    nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"
+
+- name: Setup access for other servers
+  include_tasks: setup-server.yml
+  loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
+  loop_control:
+    extended: yes
+
+- name: Create variable of other members IPs to be included into the cluster
+  set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}
+
+- name: Update lsyncd config
+  template:
+    src: "lsynd.conf.j2"
+    dest: "/etc/lsyncd.conf"
+  notify: Restart lsyncd
+
+- name: Start and enable lsyncd
+  service:
+    name: lsyncd
+    state: started
+    enabled: yes
+
+- name: Start and enable nginx
+  service:
+    name: nginx
+    state: started
+
+- name: Start and enable php
+  service:
+    name: php-fpm
+    state: started
diff --git a/roles/nginx_cluster/tasks/setup-server.yml b/roles/nginx_cluster/tasks/setup-server.yml
new file mode 100644
index 0000000..e7eb16a
--- /dev/null
+++ b/roles/nginx_cluster/tasks/setup-server.yml
@@ -0,0 +1,20 @@
+---
+# file: roles/nginx_cluster/tasks/setup-server.yml 
+
+- name: "{{ hostvars[item]['ansible_hostname'] }} - Setup block for ssh connection between members"
+  blockinfile:
+    path: /etc/ssh/sshd_config.d/60-nginx-cluster.conf
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ hostvars[item]['ansible_hostname'] }}"
+    create: true
+    block: |
+      ## Allow root login from cluster member {{ hostvars[item]['ansible_host'] }}
+      Match Address {{ hostvars[item]['ansible_host'] }}
+          PermitRootLogin yes
+  notify: Restart SSH
+  when: nginx_cluster_user == "root"
+
+- name: "{{ hostvars[item]['ansible_hostname'] }} - Setup authorized key for the user"
+  authorized_key:
+    user: "{{ nginx_cluster_user }}"
+    state: present
+    key: "{{ hostvars[item]['nginx_cluster_public_key'] }}"
diff --git a/roles/nginx_cluster/templates/lsynd.conf.j2 b/roles/nginx_cluster/templates/lsynd.conf.j2
new file mode 100644
index 0000000..081db3c
--- /dev/null
+++ b/roles/nginx_cluster/templates/lsynd.conf.j2
@@ -0,0 +1,69 @@
+targets = { {{ nodelist }} }
+
+settings {
+        logfile = "/var/log/lsyncd/lsyncd.log",
+        statusFile = "/var/log/lsyncd/lsyncd.status",
+        statusInterval = 1,
+        nodaemon = true,
+        insist = true
+}
+
+for _, target in ipairs( targets )
+do
+    -- Site Data Sync
+    sync {
+        default.{{ nginx_cluser_lsyncd_mode }},
+        host = target,
+        source = "{{ nginx_cluser_sync_site_dir }}",
+        targetdir = "{{ nginx_cluser_sync_site_dir }}",
+        delay = {{ nginx_cluser_lsyncd_delay }},
+        rsync = {
+                times = {{ nginx_cluser_lsyncd_rsync_times }},
+                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
+                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
+                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
+                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
+                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
+                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
+                temp_dir = "{{ nginx_cluster_temp_dir }}"
+        }
+    }
+
+    -- Nginx Config Sync
+    sync {
+        default.{{ nginx_cluser_lsyncd_mode }},
+        host = target,
+        source = "{{ nginx_cluser_sync_config_dir }}",
+        targetdir = "{{ nginx_cluser_sync_config_dir }}",
+        delay = {{ nginx_cluser_lsyncd_delay }},
+        rsync = {
+                times = {{ nginx_cluser_lsyncd_rsync_times }},
+                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
+                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
+                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
+                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
+                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
+                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
+                temp_dir = "{{ nginx_cluster_temp_dir }}"
+        }
+    }
+
+    -- PHP Config Sync
+    sync {
+        default.{{ nginx_cluser_lsyncd_mode }},
+        host = target,
+        source = "{{ nginx_cluser_sync_php_config_dir }}",
+        targetdir = "{{ nginx_cluser_sync_php_config_dir }}",
+        delay = {{ nginx_cluser_lsyncd_delay }},
+        rsync = {
+                times = {{ nginx_cluser_lsyncd_rsync_times }},
+                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
+                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
+                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
+                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
+                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
+                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
+                temp_dir = "{{ nginx_cluster_temp_dir }}"
+        }
+    }
+end
diff --git a/site.yml b/site.yml
new file mode 100644
index 0000000..c2cedf5
--- /dev/null
+++ b/site.yml
@@ -0,0 +1,4 @@
+---
+## This playbook deploys the whole application stack in this site.
+
+- import_playbook: nginx_cluster.yml