Initial commit

2023-01-18 14:42:02 -07:00 · 2023-01-18 14:42:02 -07:00 · bba5262e57
commit bba5262e57
parent e99efc68e3
8 changed files with 231 additions and 0 deletions
--- a/hosts.yml
+++ b/hosts.yml
@ -0,0 +1,12 @@
 ---
 # file: hosts
 nginx_cluster:
  hosts:
    ws01:
      ansible_host: 10.10.10.14
    ws02:
      ansible_host: 10.10.10.18
  vars:
    ansible_user: ansible
--- a/nginx_cluster.yml
+++ b/nginx_cluster.yml
@ -0,0 +1,7 @@
 ---
 # file: nginx_cluster.yml
 - hosts: nginx_cluster
  become: true
  roles:
    - nginx_cluster
--- a/roles/nginx_cluster/defaults/main.yml
+++ b/roles/nginx_cluster/defaults/main.yml
@ -0,0 +1,20 @@
 ---
 # file: roles/nginx_cluster/defaults/main.yml
 nginx_cluster_user: root
 nginx_cluster_private_key: "/root/.ssh/lsyncd"
 nginx_cluster_temp_dir: "/tmp/lsyncdSyncTemp"
 nginx_cluser_sync_site_dir: "/var/www/html"
 nginx_cluser_sync_config_dir: "/etc/nginx"
 nginx_cluser_sync_php_config_dir: "/etc/php.d"
 nginx_cluser_lsyncd_mode: "rsyncssh"
 nginx_cluser_lsyncd_delay: "0"
 nginx_cluser_lsyncd_rsync_times: "true"
 nginx_cluser_lsyncd_rsync_archive: "true"
 nginx_cluser_lsyncd_rsync_compress: "true"
 nginx_cluser_lsyncd_rsync_perms: "true"
 nginx_cluser_lsyncd_rsync_acls: "true"
 nginx_cluser_lsyncd_rsync_owner: "true"
--- a/roles/nginx_cluster/handlers/main.yml
+++ b/roles/nginx_cluster/handlers/main.yml
@ -0,0 +1,16 @@
 ---
 # file: roles/haproxy/handlers/main.yml
 - name: Daemon Reload
  systemd:
    daemon_reload: yes
 - name: Restart lsyncd
  service: 
    name: lsyncd
    state: restarted
 - name: Restart SSH
  service: 
    name: sshd
    state: restarted
--- a/roles/nginx_cluster/tasks/main.yml
+++ b/roles/nginx_cluster/tasks/main.yml
@ -0,0 +1,83 @@
 ---
 # file: roles/nginx_cluster/tasks/main.yml
 - name: Install EPEL RPM
  package:
    name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present
    disable_gpg_check: True
  when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
 - name: Install prereq packages
  package:
    name:
      - nginx
      - php
      - lsyncd
    state: latest
 - name: Create temp directory
  file:
    path: "{{ nginx_cluster_temp_dir }}"
    state: directory
    owner: "{{ nginx_cluster_user }}"
    group: "{{ nginx_cluster_user }}"
    mode: '700'
 - name: Create sync directory
  file:
    path: "{{ nginx_cluser_sync_site_dir }}"
    state: directory
    owner: "nginx"
    group: "nginx"
    mode: '755'
 - name: Generate ssh keypair for cluster communication
  user:
    name: "{{ nginx_cluster_user }}"
    generate_ssh_key: yes
    ssh_key_type: ed25519
    ssh_key_bits: 4096
    ssh_key_file: "{{ nginx_cluster_private_key }}"
    ssh_key_passphrase: ""
    force: no
 - name: Get the public key
  slurp:
    src: "{{ nginx_cluster_private_key }}.pub"
  register: slurped_pub_key
 - name: Decode the pub key and store as fact
  set_fact:
    nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"
 - name: Setup access for other servers
  include_tasks: setup-server.yml
  loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
  loop_control:
    extended: yes
 - name: Create variable of other members IPs to be included into the cluster
  set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}
 - name: Update lsyncd config
  template:
    src: "lsynd.conf.j2"
    dest: "/etc/lsyncd.conf"
  notify: Restart lsyncd
 - name: Start and enable lsyncd
  service:
    name: lsyncd
    state: started
    enabled: yes
 - name: Start and enable nginx
  service:
    name: nginx
    state: started
 - name: Start and enable php
  service:
    name: php-fpm
    state: started
--- a/roles/nginx_cluster/tasks/setup-server.yml
+++ b/roles/nginx_cluster/tasks/setup-server.yml
@ -0,0 +1,20 @@
 ---
 # file: roles/nginx_cluster/tasks/setup-server.yml 
 - name: "{{ hostvars[item]['ansible_hostname'] }} - Setup block for ssh connection between members"
  blockinfile:
    path: /etc/ssh/sshd_config.d/60-nginx-cluster.conf
    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ hostvars[item]['ansible_hostname'] }}"
    create: true
    block: |
      ## Allow root login from cluster member {{ hostvars[item]['ansible_host'] }}
      Match Address {{ hostvars[item]['ansible_host'] }}
          PermitRootLogin yes
  notify: Restart SSH
  when: nginx_cluster_user == "root"
 - name: "{{ hostvars[item]['ansible_hostname'] }} - Setup authorized key for the user"
  authorized_key:
    user: "{{ nginx_cluster_user }}"
    state: present
    key: "{{ hostvars[item]['nginx_cluster_public_key'] }}"
--- a/roles/nginx_cluster/templates/lsynd.conf.j2
+++ b/roles/nginx_cluster/templates/lsynd.conf.j2
@ -0,0 +1,69 @@
 targets = { {{ nodelist }} }
 settings {
        logfile = "/var/log/lsyncd/lsyncd.log",
        statusFile = "/var/log/lsyncd/lsyncd.status",
        statusInterval = 1,
        nodaemon = true,
        insist = true
 }
 for _, target in ipairs( targets )
 do
    -- Site Data Sync
    sync {
        default.{{ nginx_cluser_lsyncd_mode }},
        host = target,
        source = "{{ nginx_cluser_sync_site_dir }}",
        targetdir = "{{ nginx_cluser_sync_site_dir }}",
        delay = {{ nginx_cluser_lsyncd_delay }},
        rsync = {
                times = {{ nginx_cluser_lsyncd_rsync_times }},
                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
                temp_dir = "{{ nginx_cluster_temp_dir }}"
        }
    }
    -- Nginx Config Sync
    sync {
        default.{{ nginx_cluser_lsyncd_mode }},
        host = target,
        source = "{{ nginx_cluser_sync_config_dir }}",
        targetdir = "{{ nginx_cluser_sync_config_dir }}",
        delay = {{ nginx_cluser_lsyncd_delay }},
        rsync = {
                times = {{ nginx_cluser_lsyncd_rsync_times }},
                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
                temp_dir = "{{ nginx_cluster_temp_dir }}"
        }
    }
    -- PHP Config Sync
    sync {
        default.{{ nginx_cluser_lsyncd_mode }},
        host = target,
        source = "{{ nginx_cluser_sync_php_config_dir }}",
        targetdir = "{{ nginx_cluser_sync_php_config_dir }}",
        delay = {{ nginx_cluser_lsyncd_delay }},
        rsync = {
                times = {{ nginx_cluser_lsyncd_rsync_times }},
                archive = {{ nginx_cluser_lsyncd_rsync_archive }},
                compress = {{ nginx_cluser_lsyncd_rsync_compress }},
                perms = {{ nginx_cluser_lsyncd_rsync_perms }},
                acls = {{ nginx_cluser_lsyncd_rsync_acls }},
                owner = {{ nginx_cluser_lsyncd_rsync_owner }},
                rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }}  -o StrictHostKeyChecking=no",
                temp_dir = "{{ nginx_cluster_temp_dir }}"
        }
    }
 end
--- a/site.yml
+++ b/site.yml
@ -0,0 +1,4 @@
 ---
 ## This playbook deploys the whole application stack in this site.
 - import_playbook: nginx_cluster.yml