First pass at a Windows full site deployment ala LAMP HAPROXY

19 files changed, 438 insertions, 0 deletions

diff --git a/windows/wamp_haproxy/demo-aws-wamp-launch.yml b/windows/wamp_haproxy/demo-aws-wamp-launch.yml
new file mode 100644
index 0000000..364b55f
--- /dev/null
+++ b/windows/wamp_haproxy/demo-aws-wamp-launch.yml
@@ -0,0 +1,61 @@
+---
+#Provision some instances:
+- hosts: localhost
+  connection: local
+  gather_facts: False
+
+  vars_files:
+  - group_vars/all
+ 
+  tasks:
+  - name: Launch webserver instances
+    ec2: >
+     access_key="{{ ec2_access_key }}"
+     secret_key="{{ ec2_secret_key }}"
+     keypair="{{ ec2_keypair }}"
+     group="{{ ec2_security_group }}"
+     type="{{ ec2_instance_type }}"
+     image="ami-0d789266"
+     region="{{ ec2_region }}"
+     instance_tags="{'ansible_group':'windows_webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}"
+     count="{{ ec2_instance_count }}"
+     wait=true
+    register: ec2
+
+  - name: Launch database instance
+    ec2: >
+     access_key="{{ ec2_access_key }}"
+     secret_key="{{ ec2_secret_key }}"
+     keypair="{{ ec2_keypair }}"
+     group="{{ ec2_security_group }}"
+     type="{{ ec2_instance_type }}"
+     image="ami-8359f1e8"
+     region="{{ ec2_region }}"
+     instance_tags="{'ansible_group':'windows_dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}"
+     count="1"
+     wait=true
+    register: ec2
+
+  - name: Wait for WinRM to come up
+    local_action: wait_for host={{ item.public_dns_name }}
+      port=5986 delay=60 timeout=320 state=started
+    with_items: ec2.instances
+
+  - name: Launch load balancing instance
+    ec2: >
+     access_key="{{ ec2_access_key }}"
+     secret_key="{{ ec2_secret_key }}"
+     keypair="{{ ec2_keypair }}"
+     group="{{ ec2_security_group }}"
+     type="{{ ec2_instance_type }}"
+     image="ami-bc8131d4"
+     region="{{ ec2_region }}"
+     instance_tags="{'ansible_group':'windows_lbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}"
+     count="1"
+     wait=true
+    register: ec2
+
+  - name: Wait for SSH to come up
+    local_action: wait_for host={{ item.public_dns_name }}
+      port=22 timeout=320 state=started
+    with_items: ec2.instances
diff --git a/windows/wamp_haproxy/group_vars/all b/windows/wamp_haproxy/group_vars/all
new file mode 100644
index 0000000..6efb786
--- /dev/null
+++ b/windows/wamp_haproxy/group_vars/all
@@ -0,0 +1,12 @@
+---
+ec2_access_key: 
+ec2_secret_key: 
+ec2_region: us-east-1 
+ec2_zone: 
+ec2_image: ami-bc8131d4 
+ec2_instance_type: m1.small 
+ec2_keypair: djohnson 
+ec2_security_group: default
+ec2_instance_count: 3
+
+tower_user_name: admin
diff --git a/windows/wamp_haproxy/group_vars/windows_dbservers b/windows/wamp_haproxy/group_vars/windows_dbservers
new file mode 100644
index 0000000..891c8ea
--- /dev/null
+++ b/windows/wamp_haproxy/group_vars/windows_dbservers
@@ -0,0 +1,8 @@
+---
+# The variables file used by the playbooks in the dbservers group.
+# These don't have to be explicitly imported by vars_files: they are autopopulated.
+
+sql_port: 3306
+dbuser: root
+dbname: foodb
+upassword: abc
diff --git a/windows/wamp_haproxy/group_vars/windows_webservers b/windows/wamp_haproxy/group_vars/windows_webservers
new file mode 100644
index 0000000..34b6cdc
--- /dev/null
+++ b/windows/wamp_haproxy/group_vars/windows_webservers
@@ -0,0 +1,17 @@
+---
+# Variables for the web server configuration
+
+# Ethernet interface on which the web server should listen.
+# Defaults to the first interface. Change this to:
+#
+#  iface: eth1
+#
+# ...to override.
+#
+iface: '{{ ansible_default_ipv4.interface }}'
+
+# this is the repository that holds our sample webapp
+repository: https://github.com/bennojoy/mywebapp.git
+
+# this is the sha1sum of V5 of the test webapp.
+webapp_version: 351e47276cc66b018f4890a04709d4cc3d3edb0d
diff --git a/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6 b/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6
new file mode 100644
index 0000000..7a20304
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1
+JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B
+M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn
+XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6
+pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV
+QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp
+Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq
+3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu
+vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar
+1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g
+YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB
+tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS
+KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9
+qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT
+9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP
+Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS
+WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft
+HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF
+p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP
+x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8
+wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J
+l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG
+iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR
+XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==
+=V/6I
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/windows/wamp_haproxy/roles/common/files/epel.repo b/windows/wamp_haproxy/roles/common/files/epel.repo
new file mode 100644
index 0000000..0160dfe
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/files/epel.repo
@@ -0,0 +1,26 @@
+[epel]
+name=Extra Packages for Enterprise Linux 6 - $basearch
+#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
+
+[epel-debuginfo]
+name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
+#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
+gpgcheck=1
+
+[epel-source]
+name=Extra Packages for Enterprise Linux 6 - $basearch - Source
+#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
+gpgcheck=1
diff --git a/windows/wamp_haproxy/roles/common/handlers/main.yml b/windows/wamp_haproxy/roles/common/handlers/main.yml
new file mode 100644
index 0000000..bca0737
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+# Handlers for common notifications
+
+- name: restart ntp
+  service: name=ntpd state=restarted
+
+- name: restart iptables
+  service: name=iptables state=restarted
diff --git a/windows/wamp_haproxy/roles/common/tasks/main.yml b/windows/wamp_haproxy/roles/common/tasks/main.yml
new file mode 100644
index 0000000..bf59de7
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+# This role contains common plays that will run on all nodes.
+
+- name: Install python bindings for SE Linux
+  yum: name={{ item }} state=present
+  with_items:
+   - libselinux-python
+   - libsemanage-python
+
+- name: Create the repository for EPEL
+  copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo
+
+- name: Create the GPG key for EPEL
+  copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg
+
+- name: install some useful nagios plugins 
+  yum: name={{ item }} state=present
+  with_items:
+   - nagios-nrpe
+   - nagios-plugins-swap
+   - nagios-plugins-users
+   - nagios-plugins-procs
+   - nagios-plugins-load
+   - nagios-plugins-disk
+
+- name: Install ntp 
+  yum: name=ntp state=present
+  tags: ntp
+
+- name: Configure ntp file
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  tags: ntp
+  notify: restart ntp
+
+- name: Start the ntp service
+  service: name=ntpd state=started enabled=true
+  tags: ntp
+
+- name: insert iptables template
+  template: src=iptables.j2 dest=/etc/sysconfig/iptables
+  notify: restart iptables
+
+- name: test to see if selinux is running
+  command: getenforce
+  register: sestatus
+  changed_when: false
diff --git a/windows/wamp_haproxy/roles/common/templates/iptables.j2 b/windows/wamp_haproxy/roles/common/templates/iptables.j2
new file mode 100644
index 0000000..c39bcf5
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/templates/iptables.j2
@@ -0,0 +1,30 @@
+# {{ ansible_managed }}
+# Manual customization of this file is not recommended.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+
+{% if (inventory_hostname in groups[group_webservers]) or (inventory_hostname in groups[group_monitoring]) %}
+-A INPUT -p tcp  --dport 80 -j ACCEPT
+{% endif %}
+
+{% if (inventory_hostname in groups[group_dbservers]) %}
+-A INPUT -p tcp  --dport 3306 -j  ACCEPT
+{% endif %}
+
+{% if (inventory_hostname in groups[group_lbservers]) %}
+-A INPUT -p tcp  --dport {{ listenport }} -j  ACCEPT
+{% endif %}
+
+{% for host in groups[group_monitoring] %}
+-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT
+{% endfor %}
+
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
diff --git a/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2 b/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2
new file mode 100644
index 0000000..6336c2e
--- /dev/null
+++ b/windows/wamp_haproxy/roles/common/templates/ntp.conf.j2
@@ -0,0 +1,12 @@
+
+driftfile /var/lib/ntp/drift
+
+restrict 127.0.0.1 
+restrict -6 ::1
+
+server {{ ntpserver }}
+
+includefile /etc/ntp/crypto/pw
+
+keys /etc/ntp/keys
+
diff --git a/windows/wamp_haproxy/roles/haproxy/handlers/main.yml b/windows/wamp_haproxy/roles/haproxy/handlers/main.yml
new file mode 100644
index 0000000..1eade08
--- /dev/null
+++ b/windows/wamp_haproxy/roles/haproxy/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+# Handlers for HAproxy
+
+- name: restart haproxy
+  service: name=haproxy state=restarted
+
+- name: reload haproxy
+  service: name=haproxy state=reloaded
+
diff --git a/windows/wamp_haproxy/roles/haproxy/tasks/main.yml b/windows/wamp_haproxy/roles/haproxy/tasks/main.yml
new file mode 100644
index 0000000..ef025f6
--- /dev/null
+++ b/windows/wamp_haproxy/roles/haproxy/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# This role installs HAProxy and configures it.
+
+- name: Download and install haproxy and socat
+  yum: name={{ item }} state=present
+  with_items:
+  - haproxy
+  - socat
+
+- name: Configure the haproxy cnf file with hosts
+  template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
+  notify: restart haproxy
diff --git a/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 b/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2
new file mode 100644
index 0000000..c429285
--- /dev/null
+++ b/windows/wamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2
@@ -0,0 +1,39 @@
+global
+    log         127.0.0.1 local2 
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        root
+    group       root
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats level admin
+
+defaults
+    mode                    {{ mode }}
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+backend app
+    {% for host in groups['tag_ansible_group_windows_lbservers'] %}
+    	listen {{ daemonname }} 0.0.0.0:{{ listenport }}
+    {% endfor %}
+    balance     {{ balance }}
+    {% for host in groups['tag_ansible_group_windows_webservers'] %}
+        server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }}
+    {% endfor %}
diff --git a/windows/wamp_haproxy/roles/iis/tasks/main.yml b/windows/wamp_haproxy/roles/iis/tasks/main.yml
new file mode 100644
index 0000000..90c2b1e
--- /dev/null
+++ b/windows/wamp_haproxy/roles/iis/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+# This playbook installs and enables IIS on Windows hosts
+- name: Install IIS
+  win_feature:
+    name: "Web-Server"
+    state: present
+    restart: yes
+    include_sub_features: yes
+    include_management_tools: yes
diff --git a/windows/wamp_haproxy/roles/mssql/files/create-db.ps1 b/windows/wamp_haproxy/roles/mssql/files/create-db.ps1
new file mode 100644
index 0000000..8e131dd
--- /dev/null
+++ b/windows/wamp_haproxy/roles/mssql/files/create-db.ps1
@@ -0,0 +1,8 @@
+# Create the database
+set-psdebug -strict
+$error[0]|format-list -force
+[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | out-null
+$srv = new-Object Microsoft.SqlServer.Management.Smo.Server("(local)")
+$db = New-Object Microsoft.SqlServer.Management.Smo.Database($srv, "Ansible Demo DB")
+$db.Create()
+
diff --git a/windows/wamp_haproxy/roles/mssql/tasks/main.yml b/windows/wamp_haproxy/roles/mssql/tasks/main.yml
new file mode 100644
index 0000000..1ebbe29
--- /dev/null
+++ b/windows/wamp_haproxy/roles/mssql/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+# This role will create the DB for MS SQL 
+
+#- name: Copy the database creation script
+#  win_copy: src=create-db.ps1 dest=c:\create-db.ps1
+
+- name: Create Application Database
+  script: "create-db.ps1"
+
+
+ 
diff --git a/windows/wamp_haproxy/roles/web/tasks/main.yml b/windows/wamp_haproxy/roles/web/tasks/main.yml
new file mode 100644
index 0000000..1a1691d
--- /dev/null
+++ b/windows/wamp_haproxy/roles/web/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+# This playbook uses the win_get_url module to download a simple HTML file for IIS
+
+- name: Download simple web site to 'C:\inetpub\wwwroot\ansible.html'
+  win_get_url:
+    url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html'
+    dest: 'C:\inetpub\wwwroot\ansible.html'
diff --git a/windows/wamp_haproxy/rolling_update.yml b/windows/wamp_haproxy/rolling_update.yml
new file mode 100644
index 0000000..abd3d1a
--- /dev/null
+++ b/windows/wamp_haproxy/rolling_update.yml
@@ -0,0 +1,48 @@
+---
+# This playbook does a rolling update for all webservers serially (one at a time).
+# Change the value of serial: to adjust the number of server to be updated.
+#
+# The three roles that apply to the webserver hosts will be applied: common,
+# base-apache, and web. So any changes to configuration, package updates, etc,
+# will be applied as part of the rolling update process.
+#
+
+# gather facts from monitoring nodes for iptables rules
+- hosts: monitoring
+  tasks: []
+
+- hosts: webservers
+  user: root
+  serial: 1
+
+  # These are the tasks to run before applying updates:
+  pre_tasks:
+  - name: disable nagios alerts for this host webserver service
+    nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver
+    delegate_to: "{{ item }}"
+    with_items: groups.monitoring
+
+  - name: disable the server in haproxy
+    shell: echo "disable server myapplb/{{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats
+    delegate_to: "{{ item }}"
+    with_items: groups.lbservers
+
+  roles:
+  - common
+  - base-apache
+  - web
+
+  # These tasks run after the roles:
+  post_tasks:
+  - name: Wait for webserver to come up
+    wait_for: host={{ inventory_hostname }} port=80 state=started timeout=80
+
+  - name: Enable the server in haproxy
+    shell: echo "enable server myapplb/{{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats
+    delegate_to: "{{ item }}"
+    with_items: groups.lbservers
+
+  - name: re-enable nagios alerts
+    nagios: action=enable_alerts host={{ inventory_hostname }} services=webserver
+    delegate_to: "{{ item }}"
+    with_items: groups.monitoring
diff --git a/windows/wamp_haproxy/site.yml b/windows/wamp_haproxy/site.yml
new file mode 100644
index 0000000..f1ee74d
--- /dev/null
+++ b/windows/wamp_haproxy/site.yml
@@ -0,0 +1,46 @@
+---
+## This playbook deploys the whole application stack in this site.  
+
+# Configure and deploy database servers.
+- hosts: tag_ansible_group_windows_dbservers
+  connection: winrm
+
+  vars:
+    ansible_ssh_port : 5986
+
+  roles:
+  - mssql
+
+  tags: 
+  - db
+
+# Configure and deploy the web servers. Note that we include two roles here, 
+# the 'base-apache' role which simply sets up Apache, and 'web' which includes
+# our example web application.
+- hosts: tag_ansible_group_windows_webservers
+  connection: winrm
+
+  vars:
+    ansible_ssh_port : 5986
+
+
+  roles:
+  - iis 
+  - web
+
+  tags: 
+  - web
+
+# Configure and deploy the load balancer(s).
+- hosts: tag_ansible_group_windows_lbservers
+
+  vars:
+    ansible_ssh_private_key_file: /var/lib/awx/.ssh/id_rsa
+
+  roles:
+  - common 
+  - haproxy
+  
+  tags: 
+  - lb
+