Tyler/Ansible-Nginx-Cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Tyler Hale 2023-01-18 14:42:02 -07:00
parent e99efc68e3
commit bba5262e57
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
8 changed files with 231 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
hosts.yml Normal file
View file

@ -0,0 +1,12 @@
---
# file: hosts
nginx_cluster:
hosts:
ws01:
ansible_host: 10.10.10.14
ws02:
ansible_host: 10.10.10.18
vars:
ansible_user: ansible

7
nginx_cluster.yml Normal file
View file

@ -0,0 +1,7 @@
---
# file: nginx_cluster.yml
- hosts: nginx_cluster
become: true
roles:
- nginx_cluster

20
roles/nginx_cluster/defaults/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
# file: roles/nginx_cluster/defaults/main.yml
nginx_cluster_user: root
nginx_cluster_private_key: "/root/.ssh/lsyncd"
nginx_cluster_temp_dir: "/tmp/lsyncdSyncTemp"
nginx_cluser_sync_site_dir: "/var/www/html"
nginx_cluser_sync_config_dir: "/etc/nginx"
nginx_cluser_sync_php_config_dir: "/etc/php.d"
nginx_cluser_lsyncd_mode: "rsyncssh"
nginx_cluser_lsyncd_delay: "0"
nginx_cluser_lsyncd_rsync_times: "true"
nginx_cluser_lsyncd_rsync_archive: "true"
nginx_cluser_lsyncd_rsync_compress: "true"
nginx_cluser_lsyncd_rsync_perms: "true"
nginx_cluser_lsyncd_rsync_acls: "true"
nginx_cluser_lsyncd_rsync_owner: "true"

16
roles/nginx_cluster/handlers/main.yml Normal file
View file

@ -0,0 +1,16 @@
---
# file: roles/haproxy/handlers/main.yml
- name: Daemon Reload
systemd:
daemon_reload: yes
- name: Restart lsyncd
service:
name: lsyncd
state: restarted
- name: Restart SSH
service:
name: sshd
state: restarted

83
roles/nginx_cluster/tasks/main.yml Normal file
View file

@ -0,0 +1,83 @@
---
# file: roles/nginx_cluster/tasks/main.yml
- name: Install EPEL RPM
package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
disable_gpg_check: True
when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
- name: Install prereq packages
package:
name:
- nginx
- php
- lsyncd
state: latest
- name: Create temp directory
file:
path: "{{ nginx_cluster_temp_dir }}"
state: directory
owner: "{{ nginx_cluster_user }}"
group: "{{ nginx_cluster_user }}"
mode: '700'
- name: Create sync directory
file:
path: "{{ nginx_cluser_sync_site_dir }}"
state: directory
owner: "nginx"
group: "nginx"
mode: '755'
- name: Generate ssh keypair for cluster communication
user:
name: "{{ nginx_cluster_user }}"
generate_ssh_key: yes
ssh_key_type: ed25519
ssh_key_bits: 4096
ssh_key_file: "{{ nginx_cluster_private_key }}"
ssh_key_passphrase: ""
force: no
- name: Get the public key
slurp:
src: "{{ nginx_cluster_private_key }}.pub"
register: slurped_pub_key
- name: Decode the pub key and store as fact
set_fact:
nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"
- name: Setup access for other servers
include_tasks: setup-server.yml
loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
loop_control:
extended: yes
- name: Create variable of other members IPs to be included into the cluster
set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}
- name: Update lsyncd config
template:
src: "lsynd.conf.j2"
dest: "/etc/lsyncd.conf"
notify: Restart lsyncd
- name: Start and enable lsyncd
service:
name: lsyncd
state: started
enabled: yes
- name: Start and enable nginx
service:
name: nginx
state: started
- name: Start and enable php
service:
name: php-fpm
state: started

20
roles/nginx_cluster/tasks/setup-server.yml Normal file
View file

@ -0,0 +1,20 @@
---
# file: roles/nginx_cluster/tasks/setup-server.yml
- name: "{{ hostvars[item]['ansible_hostname'] }} - Setup block for ssh connection between members"
blockinfile:
path: /etc/ssh/sshd_config.d/60-nginx-cluster.conf
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ hostvars[item]['ansible_hostname'] }}"
create: true
block: |
## Allow root login from cluster member {{ hostvars[item]['ansible_host'] }}
Match Address {{ hostvars[item]['ansible_host'] }}
PermitRootLogin yes
notify: Restart SSH
when: nginx_cluster_user == "root"
- name: "{{ hostvars[item]['ansible_hostname'] }} - Setup authorized key for the user"
authorized_key:
user: "{{ nginx_cluster_user }}"
state: present
key: "{{ hostvars[item]['nginx_cluster_public_key'] }}"

69
roles/nginx_cluster/templates/lsynd.conf.j2 Normal file
View file

@ -0,0 +1,69 @@
targets = { {{ nodelist }} }
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
statusInterval = 1,
nodaemon = true,
insist = true
}
for _, target in ipairs( targets )
do
-- Site Data Sync
sync {
default.{{ nginx_cluser_lsyncd_mode }},
host = target,
source = "{{ nginx_cluser_sync_site_dir }}",
targetdir = "{{ nginx_cluser_sync_site_dir }}",
delay = {{ nginx_cluser_lsyncd_delay }},
rsync = {
times = {{ nginx_cluser_lsyncd_rsync_times }},
archive = {{ nginx_cluser_lsyncd_rsync_archive }},
compress = {{ nginx_cluser_lsyncd_rsync_compress }},
perms = {{ nginx_cluser_lsyncd_rsync_perms }},
acls = {{ nginx_cluser_lsyncd_rsync_acls }},
owner = {{ nginx_cluser_lsyncd_rsync_owner }},
rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }} -o StrictHostKeyChecking=no",
temp_dir = "{{ nginx_cluster_temp_dir }}"
}
}
-- Nginx Config Sync
sync {
default.{{ nginx_cluser_lsyncd_mode }},
host = target,
source = "{{ nginx_cluser_sync_config_dir }}",
targetdir = "{{ nginx_cluser_sync_config_dir }}",
delay = {{ nginx_cluser_lsyncd_delay }},
rsync = {
times = {{ nginx_cluser_lsyncd_rsync_times }},
archive = {{ nginx_cluser_lsyncd_rsync_archive }},
compress = {{ nginx_cluser_lsyncd_rsync_compress }},
perms = {{ nginx_cluser_lsyncd_rsync_perms }},
acls = {{ nginx_cluser_lsyncd_rsync_acls }},
owner = {{ nginx_cluser_lsyncd_rsync_owner }},
rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }} -o StrictHostKeyChecking=no",
temp_dir = "{{ nginx_cluster_temp_dir }}"
}
}
-- PHP Config Sync
sync {
default.{{ nginx_cluser_lsyncd_mode }},
host = target,
source = "{{ nginx_cluser_sync_php_config_dir }}",
targetdir = "{{ nginx_cluser_sync_php_config_dir }}",
delay = {{ nginx_cluser_lsyncd_delay }},
rsync = {
times = {{ nginx_cluser_lsyncd_rsync_times }},
archive = {{ nginx_cluser_lsyncd_rsync_archive }},
compress = {{ nginx_cluser_lsyncd_rsync_compress }},
perms = {{ nginx_cluser_lsyncd_rsync_perms }},
acls = {{ nginx_cluser_lsyncd_rsync_acls }},
owner = {{ nginx_cluser_lsyncd_rsync_owner }},
rsh = "/usr/bin/ssh -l {{ nginx_cluster_user }} -i {{ nginx_cluster_private_key }} -o StrictHostKeyChecking=no",
temp_dir = "{{ nginx_cluster_temp_dir }}"
}
}
end

4
site.yml Normal file
View file

@ -0,0 +1,4 @@
---
## This playbook deploys the whole application stack in this site.
- import_playbook: nginx_cluster.yml