diff options
author | Dave Johnson <djohnson@Daves-MacBook-Pro.local> | 2015-08-27 15:51:57 +0300 |
---|---|---|
committer | Dave Johnson <djohnson@Daves-MacBook-Pro.local> | 2015-08-27 15:51:57 +0300 |
commit | 610499ec6b5b69ef1d145ed612945ef09f9720c3 (patch) | |
tree | dcc3e636227713acf65e7b38ef5a05eb8e8ad387 /windows | |
parent | bcee7d38ee58a3d74bdc57651543003e4fba1145 (diff) |
First pass at a Windows full site deployment ala LAMP HAPROXY
Diffstat (limited to 'windows')
19 files changed, 438 insertions, 0 deletions
diff --git a/windows/wamp_haproxy/demo-aws-wamp-launch.yml b/windows/wamp_haproxy/demo-aws-wamp-launch.yml new file mode 100644 index 0000000..364b55f --- /dev/null +++ b/windows/wamp_haproxy/demo-aws-wamp-launch.yml @@ -0,0 +1,61 @@ +--- +#Provision some instances: +- hosts: localhost + connection: local + gather_facts: False + + vars_files: + - group_vars/all + + tasks: + - name: Launch webserver instances + ec2: > + access_key="{{ ec2_access_key }}" + secret_key="{{ ec2_secret_key }}" + keypair="{{ ec2_keypair }}" + group="{{ ec2_security_group }}" + type="{{ ec2_instance_type }}" + image="ami-0d789266" + region="{{ ec2_region }}" + instance_tags="{'ansible_group':'windows_webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count="{{ ec2_instance_count }}" + wait=true + register: ec2 + + - name: Launch database instance + ec2: > + access_key="{{ ec2_access_key }}" + secret_key="{{ ec2_secret_key }}" + keypair="{{ ec2_keypair }}" + group="{{ ec2_security_group }}" + type="{{ ec2_instance_type }}" + image="ami-8359f1e8" + region="{{ ec2_region }}" + instance_tags="{'ansible_group':'windows_dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count="1" + wait=true + register: ec2 + + - name: Wait for WinRM to come up + local_action: wait_for host={{ item.public_dns_name }} + port=5986 delay=60 timeout=320 state=started + with_items: ec2.instances + + - name: Launch load balancing instance + ec2: > + access_key="{{ ec2_access_key }}" + secret_key="{{ ec2_secret_key }}" + keypair="{{ ec2_keypair }}" + group="{{ ec2_security_group }}" + type="{{ ec2_instance_type }}" + image="ami-bc8131d4" + region="{{ ec2_region }}" + instance_tags="{'ansible_group':'windows_lbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count="1" + wait=true + register: ec2 + + - name: Wait for SSH to come up + local_action: wait_for host={{ item.public_dns_name }} + port=22 timeout=320 state=started + with_items: ec2.instances diff --git a/windows/wamp_haproxy/group_vars/all b/windows/wamp_haproxy/group_vars/all new file mode 100644 index 0000000..6efb786 --- /dev/null +++ b/windows/wamp_haproxy/group_vars/all @@ -0,0 +1,12 @@ +--- +ec2_access_key: +ec2_secret_key: +ec2_region: us-east-1 +ec2_zone: +ec2_image: ami-bc8131d4 +ec2_instance_type: m1.small +ec2_keypair: djohnson +ec2_security_group: default +ec2_instance_count: 3 + +tower_user_name: admin diff --git a/windows/wamp_haproxy/group_vars/windows_dbservers b/windows/wamp_haproxy/group_vars/windows_dbservers new file mode 100644 index 0000000..891c8ea --- /dev/null +++ b/windows/wamp_haproxy/group_vars/windows_dbservers @@ -0,0 +1,8 @@ +--- +# The variables file used by the playbooks in the dbservers group. +# These don't have to be explicitly imported by vars_files: they are autopopulated. + +sql_port: 3306 +dbuser: root +dbname: foodb +upassword: abc diff --git a/windows/wamp_haproxy/group_vars/windows_webservers b/windows/wamp_haproxy/group_vars/windows_webservers new file mode 100644 index 0000000..34b6cdc --- /dev/null +++ b/windows/wamp_haproxy/group_vars/windows_webservers @@ -0,0 +1,17 @@ +--- +# Variables for the web server configuration + +# Ethernet interface on which the web server should listen. +# Defaults to the first interface. Change this to: +# +# iface: eth1 +# +# ...to override. +# +iface: '{{ ansible_default_ipv4.interface }}' + +# this is the repository that holds our sample webapp +repository: https://github.com/bennojoy/mywebapp.git + +# this is the sha1sum of V5 of the test webapp. +webapp_version: 351e47276cc66b018f4890a04709d4cc3d3edb0d diff --git a/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6 b/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6 new file mode 100644 index 0000000..7a20304 --- /dev/null +++ b/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 +JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B +M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn +XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 +pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV +QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp +Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq +3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu +vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar +1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g +YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB +tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS +KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 +qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT +9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP +Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS +WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft +HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF +p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP +x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 +wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J +l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG +iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR +XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ== +=V/6I +-----END PGP PUBLIC KEY BLOCK----- diff --git a/windows/wamp_haproxy/roles/common/files/epel.repo b/windows/wamp_haproxy/roles/common/files/epel.repo new file mode 100644 index 0000000..0160dfe --- /dev/null +++ b/windows/wamp_haproxy/roles/common/files/epel.repo @@ -0,0 +1,26 @@ +[epel] +name=Extra Packages for Enterprise Linux 6 - $basearch +#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch +failovermethod=priority +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 + +[epel-debuginfo] +name=Extra Packages for Enterprise Linux 6 - $basearch - Debug +#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 +gpgcheck=1 + +[epel-source] +name=Extra Packages for Enterprise Linux 6 - $basearch - Source +#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 +gpgcheck=1 diff --git a/windows/wamp_haproxy/roles/common/handlers/main.yml b/windows/wamp_haproxy/roles/common/handlers/main.yml new file mode 100644 index 0000000..bca0737 --- /dev/null +++ b/windows/wamp_haproxy/roles/common/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# Handlers for common notifications + +- name: restart ntp + service: name=ntpd state=restarted + +- name: restart iptables + service: name=iptables state=restarted diff --git a/windows/wamp_haproxy/roles/common/tasks/main.yml b/windows/wamp_haproxy/roles/common/tasks/main.yml new file mode 100644 index 0000000..bf59de7 --- /dev/null +++ b/windows/wamp_haproxy/roles/common/tasks/main.yml @@ -0,0 +1,46 @@ +--- +# This role contains common plays that will run on all nodes. + +- name: Install python bindings for SE Linux + yum: name={{ item }} state=present + with_items: + - libselinux-python + - libsemanage-python + +- name: Create the repository for EPEL + copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo + +- name: Create the GPG key for EPEL + copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg + +- name: install some useful nagios plugins + yum: name={{ item }} state=present + with_items: + - nagios-nrpe + - nagios-plugins-swap + - nagios-plugins-users + - nagios-plugins-procs + - nagios-plugins-load + - nagios-plugins-disk + +- name: Install ntp + yum: name=ntp state=present + tags: ntp + +- name: Configure ntp file + template: src=ntp.conf.j2 dest=/etc/ntp.conf + tags: ntp + notify: restart ntp + +- name: Start the ntp service + service: name=ntpd state=started enabled=true + tags: ntp + +- name: insert iptables template + template: src=iptables.j2 dest=/etc/sysconfig/iptables + notify: restart iptables + +- name: test to see if selinux is running + command: getenforce + register: sestatus + changed_when: false diff --git a/windows/wamp_haproxy/roles/common/templates/iptables.j2 b/windows/wamp_haproxy/roles/common/templates/iptables.j2 new file mode 100644 index 0000000..c39bcf5 --- /dev/null +++ b/windows/wamp_haproxy/roles/common/templates/iptables.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +{% if (inventory_hostname in groups[group_webservers]) or (inventory_hostname in groups[group_monitoring]) %} +-A INPUT -p tcp --dport 80 -j ACCEPT +{% endif %} + +{% if (inventory_hostname in groups[group_dbservers]) %} +-A INPUT -p tcp --dport 3306 -j ACCEPT +{% endif %} + +{% if (inventory_hostname in groups[group_lbservers]) %} +-A INPUT -p tcp --dport {{ listenport }} -j ACCEPT +{% endif %} + +{% for host in groups[group_monitoring] %} +-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT +{% endfor %} + +-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2 b/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2 new file mode 100644 index 0000000..6336c2e --- /dev/null +++ b/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2 @@ -0,0 +1,12 @@ + +driftfile /var/lib/ntp/drift + +restrict 127.0.0.1 +restrict -6 ::1 + +server {{ ntpserver }} + +includefile /etc/ntp/crypto/pw + +keys /etc/ntp/keys + diff --git a/windows/wamp_haproxy/roles/haproxy/handlers/main.yml b/windows/wamp_haproxy/roles/haproxy/handlers/main.yml new file mode 100644 index 0000000..1eade08 --- /dev/null +++ b/windows/wamp_haproxy/roles/haproxy/handlers/main.yml @@ -0,0 +1,9 @@ +--- +# Handlers for HAproxy + +- name: restart haproxy + service: name=haproxy state=restarted + +- name: reload haproxy + service: name=haproxy state=reloaded + diff --git a/windows/wamp_haproxy/roles/haproxy/tasks/main.yml b/windows/wamp_haproxy/roles/haproxy/tasks/main.yml new file mode 100644 index 0000000..ef025f6 --- /dev/null +++ b/windows/wamp_haproxy/roles/haproxy/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# This role installs HAProxy and configures it. + +- name: Download and install haproxy and socat + yum: name={{ item }} state=present + with_items: + - haproxy + - socat + +- name: Configure the haproxy cnf file with hosts + template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg + notify: restart haproxy diff --git a/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 b/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 0000000..c429285 --- /dev/null +++ b/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,39 @@ +global + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user root + group root + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats level admin + +defaults + mode {{ mode }} + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +backend app + {% for host in groups['tag_ansible_group_windows_lbservers'] %} + listen {{ daemonname }} 0.0.0.0:{{ listenport }} + {% endfor %} + balance {{ balance }} + {% for host in groups['tag_ansible_group_windows_webservers'] %} + server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }} + {% endfor %} diff --git a/windows/wamp_haproxy/roles/iis/tasks/main.yml b/windows/wamp_haproxy/roles/iis/tasks/main.yml new file mode 100644 index 0000000..90c2b1e --- /dev/null +++ b/windows/wamp_haproxy/roles/iis/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# This playbook installs and enables IIS on Windows hosts +- name: Install IIS + win_feature: + name: "Web-Server" + state: present + restart: yes + include_sub_features: yes + include_management_tools: yes diff --git a/windows/wamp_haproxy/roles/mssql/files/create-db.ps1 b/windows/wamp_haproxy/roles/mssql/files/create-db.ps1 new file mode 100644 index 0000000..8e131dd --- /dev/null +++ b/windows/wamp_haproxy/roles/mssql/files/create-db.ps1 @@ -0,0 +1,8 @@ +# Create the database +set-psdebug -strict +$error[0]|format-list -force +[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | out-null +$srv = new-Object Microsoft.SqlServer.Management.Smo.Server("(local)") +$db = New-Object Microsoft.SqlServer.Management.Smo.Database($srv, "Ansible Demo DB") +$db.Create() + diff --git a/windows/wamp_haproxy/roles/mssql/tasks/main.yml b/windows/wamp_haproxy/roles/mssql/tasks/main.yml new file mode 100644 index 0000000..1ebbe29 --- /dev/null +++ b/windows/wamp_haproxy/roles/mssql/tasks/main.yml @@ -0,0 +1,11 @@ +--- +# This role will create the DB for MS SQL + +#- name: Copy the database creation script +# win_copy: src=create-db.ps1 dest=c:\create-db.ps1 + +- name: Create Application Database + script: "create-db.ps1" + + + diff --git a/windows/wamp_haproxy/roles/web/tasks/main.yml b/windows/wamp_haproxy/roles/web/tasks/main.yml new file mode 100644 index 0000000..1a1691d --- /dev/null +++ b/windows/wamp_haproxy/roles/web/tasks/main.yml @@ -0,0 +1,7 @@ +--- +# This playbook uses the win_get_url module to download a simple HTML file for IIS + +- name: Download simple web site to 'C:\inetpub\wwwroot\ansible.html' + win_get_url: + url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html' + dest: 'C:\inetpub\wwwroot\ansible.html' diff --git a/windows/wamp_haproxy/rolling_update.yml b/windows/wamp_haproxy/rolling_update.yml new file mode 100644 index 0000000..abd3d1a --- /dev/null +++ b/windows/wamp_haproxy/rolling_update.yml @@ -0,0 +1,48 @@ +--- +# This playbook does a rolling update for all webservers serially (one at a time). +# Change the value of serial: to adjust the number of server to be updated. +# +# The three roles that apply to the webserver hosts will be applied: common, +# base-apache, and web. So any changes to configuration, package updates, etc, +# will be applied as part of the rolling update process. +# + +# gather facts from monitoring nodes for iptables rules +- hosts: monitoring + tasks: [] + +- hosts: webservers + user: root + serial: 1 + + # These are the tasks to run before applying updates: + pre_tasks: + - name: disable nagios alerts for this host webserver service + nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver + delegate_to: "{{ item }}" + with_items: groups.monitoring + + - name: disable the server in haproxy + shell: echo "disable server myapplb/{{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: groups.lbservers + + roles: + - common + - base-apache + - web + + # These tasks run after the roles: + post_tasks: + - name: Wait for webserver to come up + wait_for: host={{ inventory_hostname }} port=80 state=started timeout=80 + + - name: Enable the server in haproxy + shell: echo "enable server myapplb/{{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: groups.lbservers + + - name: re-enable nagios alerts + nagios: action=enable_alerts host={{ inventory_hostname }} services=webserver + delegate_to: "{{ item }}" + with_items: groups.monitoring diff --git a/windows/wamp_haproxy/site.yml b/windows/wamp_haproxy/site.yml new file mode 100644 index 0000000..f1ee74d --- /dev/null +++ b/windows/wamp_haproxy/site.yml @@ -0,0 +1,46 @@ +--- +## This playbook deploys the whole application stack in this site. + +# Configure and deploy database servers. +- hosts: tag_ansible_group_windows_dbservers + connection: winrm + + vars: + ansible_ssh_port : 5986 + + roles: + - mssql + + tags: + - db + +# Configure and deploy the web servers. Note that we include two roles here, +# the 'base-apache' role which simply sets up Apache, and 'web' which includes +# our example web application. +- hosts: tag_ansible_group_windows_webservers + connection: winrm + + vars: + ansible_ssh_port : 5986 + + + roles: + - iis + - web + + tags: + - web + +# Configure and deploy the load balancer(s). +- hosts: tag_ansible_group_windows_lbservers + + vars: + ansible_ssh_private_key_file: /var/lib/awx/.ssh/id_rsa + + roles: + - common + - haproxy + + tags: + - lb + |