From 2ff47fc1e19ea81583700b2062f3af7ed7389bab Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Fri, 2 Nov 2018 11:48:06 +0300 Subject: [PATCH 1/7] HW-8 main task and advanced task --- README.md | 27 +++++++++++++++++++++++++++ ansible/ansible.cfg | 6 ++++++ ansible/clone.yml | 8 ++++++++ ansible/get-inventory.sh | 2 ++ ansible/inventory | 4 ++++ ansible/inventory.json | 16 ++++++++++++++++ ansible/inventory.yml | 9 +++++++++ ansible/inventory2.json | 23 +++++++++++++++++++++++ ansible/requirements.txt | 1 + 9 files changed, 96 insertions(+) create mode 100644 ansible/ansible.cfg create mode 100644 ansible/clone.yml create mode 100644 ansible/get-inventory.sh create mode 100644 ansible/inventory create mode 100644 ansible/inventory.json create mode 100644 ansible/inventory.yml create mode 100644 ansible/inventory2.json create mode 100644 ansible/requirements.txt diff --git a/README.md b/README.md index 3f72a1a..60f96a1 100644 --- a/README.md +++ b/README.md @@ -142,3 +142,30 @@ gcloud compute firewall-rules create default-puma-server \ - Выполнить terraform init и terraform apply(Команда создаст бакет для хранения tfstate). - Перейти в директорию stage. Создать terraform.tfvars из terraform.tfvars.example, указать свой проект и заполнить другие переменные. Если необходимо добавить provisioners, указать переменную provisioner_condition = 1. - Выполнить terraform init и terraform apply(Команда создаст инфраструктуру с приложением). + + # HW-8 + ## В процессе сделано + - Интегрировал своё окружение на Windows с Linux. Git остался на Windows, в Linux подключил раздел по cifs. + - Установили Python2.7, pip, Ansible. + - Заполнили инвентори в формате ini, конфиг, попинговали хосты. + - Перевели инвентори в формат YAML. + - Сравнили shell/command, command/service/systemd, command/git. + - Написали просто плейбук на git clone. См. наблюдения в следующем пункте. + - Ознакомились с форматом JSON инвентори. Используется для автоматизации получение инвентори. + - Два формата. Практически плоский JSON со ссылочной структурой родитель-ребёнок и JSON с иерархической структурой (копия YAML). Первый нужно "скормить" Ансиблу в виде исполняемого скрипта, который возвращает JSON, второй возможно "скормить" в виде файла (команды см. в п. ниже). + + ## Выполнение простого плейбука. + - Первый раз выполнили плейбук, когда приложение уже было склонировано. Ансибл вернул по всем шагам OK. Удалили склонированный репозиторий и снова выполнили ту же команду. Анмибл вернул changed по задаче клонирования репозитория. + + ## Команды для использования JSON инвентори. +``` +ansible app -m ping -i get-inventory.sh +ansible app -m ping -i inventory.json +``` + +## Как проверить работоспособность. +- Забрать ветку ansible-1. +- Перейти в директорию terraform/stage +- Выполнить terraform init && terraform apply, получить IP адреса (ключи пользователя appuser должны быть в домашней директории ~/.ssh). +- Заменить IP адреса из инвентори (8.8.8.8 и 9.9.9.9). +- Выполнить команды из п. выше. diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..bb45db2 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = ./inventory +remote_user = appuser +private_key_file = ~/.ssh/appuser +host_key_checking = False +retry_files_enabled = False diff --git a/ansible/clone.yml b/ansible/clone.yml new file mode 100644 index 0000000..636e389 --- /dev/null +++ b/ansible/clone.yml @@ -0,0 +1,8 @@ +--- +- name: Clone + hosts: app + tasks: + - name: Clone repo + git: + repo: https://github.com/express42/reddit.git + dest: /home/appuser/reddit diff --git a/ansible/get-inventory.sh b/ansible/get-inventory.sh new file mode 100644 index 0000000..7645fd4 --- /dev/null +++ b/ansible/get-inventory.sh @@ -0,0 +1,2 @@ +#!/bin/bash +cat inventory2.json diff --git a/ansible/inventory b/ansible/inventory new file mode 100644 index 0000000..3aefdac --- /dev/null +++ b/ansible/inventory @@ -0,0 +1,4 @@ +[app] +appserver ansible_host=8.8.8.8 +[db] +dbserver ansible_host=9.9.9.9 diff --git a/ansible/inventory.json b/ansible/inventory.json new file mode 100644 index 0000000..acc5163 --- /dev/null +++ b/ansible/inventory.json @@ -0,0 +1,16 @@ +{ + "app": { + "hosts": { + "appserver": { + "ansible_host": "8.8.8.8" + } + } + }, + "db": { + "hosts": { + "dbserver": { + "ansible_host": "9.9.9.9" + } + } + } +} diff --git a/ansible/inventory.yml b/ansible/inventory.yml new file mode 100644 index 0000000..9e7c493 --- /dev/null +++ b/ansible/inventory.yml @@ -0,0 +1,9 @@ +app: + hosts: + appserver: + ansible_host: 8.8.8.8 + +db: + hosts: + dbserver: + ansible_host: 9.9.9.9 diff --git a/ansible/inventory2.json b/ansible/inventory2.json new file mode 100644 index 0000000..5ddb763 --- /dev/null +++ b/ansible/inventory2.json @@ -0,0 +1,23 @@ +{ + "app": { + "children": [ + "appserver", + "dbserver" + ] + }, + "db": { + "children": [ + "dbserver" + ] + }, + "appserver": { + "hosts": [ + "8.8.8.8" + ] + }, + "dbserver": { + "hosts": [ + "9.9.9.9" + ] + } +} diff --git a/ansible/requirements.txt b/ansible/requirements.txt new file mode 100644 index 0000000..3336ed1 --- /dev/null +++ b/ansible/requirements.txt @@ -0,0 +1 @@ +ansible>=2.4 From 53955c475324d8666d7c0d3310abc80bda9b1d12 Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Tue, 6 Nov 2018 19:28:31 +0300 Subject: [PATCH 2/7] HW-9 main task, advanced task --- .gitignore | 10 +++++ .vscode/settings.json | 5 --- README.md | 31 +++++++++++++- ansible/ansible.cfg | 2 +- ansible/app.yml | 25 ++++++++++++ ansible/db.yml | 17 ++++++++ ansible/deploy.yml | 18 ++++++++ ansible/files/puma.service | 14 +++++++ ansible/packer_app.yml | 13 ++++++ ansible/packer_db.yml | 18 ++++++++ ansible/reddit_app_multiple_plays.yml | 59 +++++++++++++++++++++++++++ ansible/reddit_app_one_play.yml | 49 ++++++++++++++++++++++ ansible/site.yml | 4 ++ ansible/templates/db_config.j2 | 1 + ansible/templates/mongod.conf.j2 | 16 ++++++++ packer/app.json | 5 +-- packer/db.json | 5 +-- 17 files changed, 278 insertions(+), 14 deletions(-) delete mode 100644 .vscode/settings.json create mode 100644 ansible/app.yml create mode 100644 ansible/db.yml create mode 100644 ansible/deploy.yml create mode 100644 ansible/files/puma.service create mode 100644 ansible/packer_app.yml create mode 100644 ansible/packer_db.yml create mode 100644 ansible/reddit_app_multiple_plays.yml create mode 100644 ansible/reddit_app_one_play.yml create mode 100644 ansible/site.yml create mode 100644 ansible/templates/db_config.j2 create mode 100644 ansible/templates/mongod.conf.j2 diff --git a/.gitignore b/.gitignore index e1ca4fb..b53b4c8 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,13 @@ variables.json *.tfstate.backup *.tfvars .terraform/ +id_rsa +appuser +webprogrammer +*.retry +.vscode/ +ansible/dyn_inv/ +gce.py +gce.ini +infra*.json +tf.log diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 765d8f2..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "files.eol": "\n", - "files.trimFinalNewlines": true, - "files.insertFinalNewline": true -} \ No newline at end of file diff --git a/README.md b/README.md index 60f96a1..5b2e198 100644 --- a/README.md +++ b/README.md @@ -152,10 +152,10 @@ gcloud compute firewall-rules create default-puma-server \ - Сравнили shell/command, command/service/systemd, command/git. - Написали просто плейбук на git clone. См. наблюдения в следующем пункте. - Ознакомились с форматом JSON инвентори. Используется для автоматизации получение инвентори. - - Два формата. Практически плоский JSON со ссылочной структурой родитель-ребёнок и JSON с иерархической структурой (копия YAML). Первый нужно "скормить" Ансиблу в виде исполняемого скрипта, который возвращает JSON, второй возможно "скормить" в виде файла (команды см. в п. ниже). + - Два формата. Практически плоский JSON со ссылочной структурой родитель-ребёнок и JSON с иерархической структурой (копия YAML). Первый нужно "скормить" Ansible в виде исполняемого скрипта, который возвращает JSON, второй возможно "скормить" в виде файла (команды см. в п. ниже). ## Выполнение простого плейбука. - - Первый раз выполнили плейбук, когда приложение уже было склонировано. Ансибл вернул по всем шагам OK. Удалили склонированный репозиторий и снова выполнили ту же команду. Анмибл вернул changed по задаче клонирования репозитория. + - Первый раз выполнили плейбук, когда приложение уже было склонировано. Ansible вернул по всем шагам OK. Удалили склонированный репозиторий и снова выполнили ту же команду. Ansible вернул changed по задаче клонирования репозитория. ## Команды для использования JSON инвентори. ``` @@ -169,3 +169,30 @@ ansible app -m ping -i inventory.json - Выполнить terraform init && terraform apply, получить IP адреса (ключи пользователя appuser должны быть в домашней директории ~/.ssh). - Заменить IP адреса из инвентори (8.8.8.8 и 9.9.9.9). - Выполнить команды из п. выше. + +# HW-9 +## В процессе сделано. +- Добавили в gitignore маску для временных файлов Ansible. +- Написали playbook с одним task внутри. Запускали, фильтруя этапы таска по тэгам, а хосты ключом --limit. +- Переписали playbook на несколько тасков. В каждый добавили ограничение по тэгам. Фильтр по --limit больше не нужен. +- Разбили три таска на три playbook: app.yml, db.yml, deploy.yml и директивой import_playbbok добавили их в корневой playbook. +- Изменили provisioners в packer с баш-скриптов на Ansible и пересобрали образы. +- Про выбор dynamic inventory написал в следующем пункте. +- Чтобы dynamic inventory заработал, я изменил hosts в наших playbook на те, которые описаны в GCP (reddit-app, reddit-db). +- Чтобы вручную не конфигурить внутренний адрес монги, научился работать с хостовыми перменными "{{ hostvars['reddit-db']['gce_private_ip'] }}". + +## Подбор метода получения инвентори из GCP. +- В качестве dynamic inventory я выбрал gce.py. Кроме этого популярного решения на python были варианты получать инвентори через TF. Завязываться на TF я посчитал излишним. Все эти решения одинаковы с точки зрения функционала для наших нужд. Директорию с настройками div_env я целиком добавил в gitignore. + +## Как проверить работоспособность. +- Забрать ветку ansible-2. +- Перейти в корневую директорию и выполнить +``` +packer build packer/app.json +packer build packer/db.json +``` +- Перейти в директорию terraform/stage. +- Выполнить terraform init && terraform apply (ключи пользователя appuser должны быть в домашней директории ~/.ssh). Запомнить app_external_ip. +- Настроить gce dynamic inventory и положить его в директорию dyn_inv. +- Перейти в директорию ansible и выполнить ansible-playbook site.yml. +- Перейти в браузере по ссылке http://app_external_ip:9292. diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index bb45db2..84d1d16 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -inventory = ./inventory +inventory = ./dyn_inv/gce.py remote_user = appuser private_key_file = ~/.ssh/appuser host_key_checking = False diff --git a/ansible/app.yml b/ansible/app.yml new file mode 100644 index 0000000..4bdebc8 --- /dev/null +++ b/ansible/app.yml @@ -0,0 +1,25 @@ +--- +- name: Configure App + hosts: reddit-app + become: true + vars: + db_host: "{{ hostvars['reddit-db']['gce_private_ip'] }}" + tasks: + - name: Add unit file for Puma + copy: + src: files/puma.service + dest: /etc/systemd/system/puma.service + + - name: debug internal ip + debug: + msg: "{{ hostvars['reddit-db']['gce_private_ip'] }}" + + - name: Add config for DB connection + template: + src: templates/db_config.j2 + dest: /home/appuser/db_config + owner: appuser + group: appuser + + - name: enable puma + systemd: name=puma enabled=yes diff --git a/ansible/db.yml b/ansible/db.yml new file mode 100644 index 0000000..aec1923 --- /dev/null +++ b/ansible/db.yml @@ -0,0 +1,17 @@ +--- +- name: Configure MongoDB + hosts: reddit-db + become: true + vars: + mongo_bind_ip: 0.0.0.0 + tasks: + - name: Change mongo config file + template: + src: templates/mongod.conf.j2 + dest: /etc/mongod.conf + mode: 0644 + notify: restart mongod + + handlers: + - name: restart mongod + service: name=mongod state=restarted diff --git a/ansible/deploy.yml b/ansible/deploy.yml new file mode 100644 index 0000000..8470b11 --- /dev/null +++ b/ansible/deploy.yml @@ -0,0 +1,18 @@ +--- +- name: Deploy App + hosts: reddit-app + tasks: + - name: Fetch the latest version of application code + git: + repo: 'https://github.com/express42/reddit.git' + dest: /home/appuser/reddit + version: monolith + notify: reload puma + - name: Bundle install + bundler: + state: present + chdir: /home/appuser/reddit + handlers: + - name: reload puma + become: true + systemd: name=puma state=restarted diff --git a/ansible/files/puma.service b/ansible/files/puma.service new file mode 100644 index 0000000..45d528b --- /dev/null +++ b/ansible/files/puma.service @@ -0,0 +1,14 @@ +[Unit] +Description=Puma HTTP Server +After=network.target + +[Service] +Type=simple +EnvironmentFile=/home/appuser/db_config +User=appuser +WorkingDirectory=/home/appuser/reddit +ExecStart=/bin/bash -lc 'puma' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/ansible/packer_app.yml b/ansible/packer_app.yml new file mode 100644 index 0000000..440ae54 --- /dev/null +++ b/ansible/packer_app.yml @@ -0,0 +1,13 @@ +--- +- name: Install ruby in image + hosts: all + become: true + tasks: + - name: Install ruby + apt: + name: "{{ packages }}" + vars: + packages: + - ruby-full + - ruby-bundler + - build-essential diff --git a/ansible/packer_db.yml b/ansible/packer_db.yml new file mode 100644 index 0000000..d66ffe9 --- /dev/null +++ b/ansible/packer_db.yml @@ -0,0 +1,18 @@ +--- +- name: install MongoDB + hosts: all + become: true + tasks: + - name: Add apt-key + apt_key: + keyserver: keyserver.ubuntu.com + id: EA312927 + - name: Add MongoDB repo + apt_repository: + repo: deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse + - name: install MongoDB + apt: + name: mongodb-org + - systemd: + name: mongod + enabled: yes diff --git a/ansible/reddit_app_multiple_plays.yml b/ansible/reddit_app_multiple_plays.yml new file mode 100644 index 0000000..431bc3c --- /dev/null +++ b/ansible/reddit_app_multiple_plays.yml @@ -0,0 +1,59 @@ +--- +- name: Configure MongoDB + hosts: db + tags: db-tag + become: true + vars: + mongo_bind_ip: 0.0.0.0 + tasks: + - name: Change mongo config file + template: + src: templates/mongod.conf.j2 + dest: /etc/mongod.conf + mode: 0644 + notify: restart mongod + + handlers: + - name: restart mongod + service: name=mongod state=restarted + + +- name: Configure App + hosts: app + tags: app-tag + become: true + vars: + db_host: 10.132.0.2 + tasks: + - name: Add unit file for Puma + copy: + src: files/puma.service + dest: /etc/systemd/system/puma.service + + - name: Add config for DB connection + template: + src: templates/db_config.j2 + dest: /home/appuser/db_config + owner: appuser + group: appuser + + - name: enable puma + systemd: name=puma enabled=yes +- name: Deploy App + hosts: app + tags: deploy-tag + tasks: + - name: Fetch the latest version of application code + git: + repo: 'https://github.com/express42/reddit.git' + dest: /home/appuser/reddit + version: monolith + notify: reload puma + - name: Bundle install + bundler: + state: present + chdir: /home/appuser/reddit + handlers: + - name: reload puma + become: true + systemd: name=puma state=restarted diff --git a/ansible/reddit_app_one_play.yml b/ansible/reddit_app_one_play.yml new file mode 100644 index 0000000..9f9e643 --- /dev/null +++ b/ansible/reddit_app_one_play.yml @@ -0,0 +1,49 @@ +- name: Configure hosts & deploy application + hosts: all + vars: + mongo_bind_ip: 0.0.0.0 + db_host: 10.132.0.2 + tasks: + - name: Change mongo config file + become: true + template: + src: templates/mongod.conf.j2 + dest: /etc/mongod.conf + mode: 0644 + tags: db-tag + notify: restart mongod + - name: Add unit file for Puma + become: true + copy: + src: files/puma.service + dest: /etc/systemd/system/puma.service + tags: app-tag + notify: reload puma + - name: Add config for DB connection + template: + src: templates/db_config.j2 + dest: /home/appuser/db_config + tags: app-tag + - name: Fetch the latest version of application code + git: + repo: 'https://github.com/express42/reddit.git' + dest: /home/appuser/reddit + version: monolith + tags: deploy-tag + notify: reload puma + - name: Bundle install + bundler: + state: present + chdir: /home/appuser/reddit + tags: deploy-tag + - name: enable puma + become: true + systemd: name=puma enabled=yes + tags: app-tag + handlers: + - name: restart mongod + become: true + service: name=mongod state=restarted + - name: reload puma + become: true + service: name=puma state=restarted diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..4f134c3 --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: db.yml +- import_playbook: app.yml +- import_playbook: deploy.yml diff --git a/ansible/templates/db_config.j2 b/ansible/templates/db_config.j2 new file mode 100644 index 0000000..46a1274 --- /dev/null +++ b/ansible/templates/db_config.j2 @@ -0,0 +1 @@ +DATABASE_URL={{ db_host }} diff --git a/ansible/templates/mongod.conf.j2 b/ansible/templates/mongod.conf.j2 new file mode 100644 index 0000000..772fcad --- /dev/null +++ b/ansible/templates/mongod.conf.j2 @@ -0,0 +1,16 @@ +# Where and how to store data. +storage: + dbPath: /var/lib/mongodb + journal: + enabled: true + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/log/mongodb/mongod.log + +# network interfaces +net: + port: {{ mongo_port | default('27017') }} + bindIp: {{ mongo_bind_ip }} diff --git a/packer/app.json b/packer/app.json index 8f6fb3e..862adba 100644 --- a/packer/app.json +++ b/packer/app.json @@ -24,9 +24,8 @@ ], "provisioners": [ { - "type": "shell", - "script": "scripts/install_ruby.sh", - "execute_command": "sudo {{.Path}}" + "type": "ansible", + "playbook_file": "ansible/packer_app.yml" } ] } diff --git a/packer/db.json b/packer/db.json index c5db2a6..c0d2834 100644 --- a/packer/db.json +++ b/packer/db.json @@ -24,9 +24,8 @@ ], "provisioners": [ { - "type": "shell", - "script": "scripts/install_mongodb.sh", - "execute_command": "sudo {{.Path}}" + "type": "ansible", + "playbook_file": "ansible/packer_db.yml" } ] } From 14c667a9da1c61b077089ef758cc9b4e1c0b285c Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Thu, 8 Nov 2018 01:21:38 +0300 Subject: [PATCH 3/7] HW-10 main task and advanced task 1 --- .gitignore | 2 + README.md | 22 +++++++ ansible/ansible.cfg | 9 ++- ansible/app.yml | 25 -------- ansible/clone.yml | 8 --- ansible/db.yml | 17 ------ ansible/environments/prod/credentials.yml | 9 +++ ansible/environments/prod/group_vars/all | 1 + .../prod/group_vars/tag_reddit-app | 1 + .../prod/group_vars/tag_reddit-db | 1 + ansible/{ => environments/prod}/inventory.yml | 0 ansible/environments/prod/requirements.yml | 2 + ansible/environments/stage/credentials.yml | 11 ++++ ansible/environments/stage/group_vars/all | 1 + .../stage/group_vars/tag_reddit-app | 6 ++ .../stage/group_vars/tag_reddit-db | 1 + ansible/environments/stage/inventory.yml | 9 +++ ansible/environments/stage/requirements.yml | 2 + ansible/inventory | 4 -- ansible/{ => old}/get-inventory.sh | 0 ansible/{ => old}/inventory.json | 0 ansible/old/inventory.yml | 9 +++ ansible/{ => old}/inventory2.json | 0 .../{ => old}/reddit_app_multiple_plays.yml | 0 ansible/{ => old}/reddit_app_one_play.yml | 0 ansible/playbooks/app.yml | 8 +++ ansible/playbooks/db.yml | 7 +++ ansible/{ => playbooks}/deploy.yml | 0 ansible/{ => playbooks}/packer_app.yml | 0 ansible/{ => playbooks}/packer_db.yml | 0 ansible/playbooks/site.yml | 5 ++ ansible/playbooks/users.yml | 15 +++++ ansible/roles/app/README.md | 38 ++++++++++++ ansible/roles/app/defaults/main.yml | 3 + ansible/roles/app/files/puma.service | 14 +++++ ansible/roles/app/handlers/main.yml | 3 + ansible/roles/app/meta/main.yml | 60 +++++++++++++++++++ ansible/roles/app/tasks/main.yml | 19 ++++++ ansible/roles/app/templates/db_config.j2 | 1 + ansible/roles/app/tests/inventory | 2 + ansible/roles/app/tests/test.yml | 5 ++ ansible/roles/app/vars/main.yml | 2 + ansible/roles/db/README.md | 38 ++++++++++++ ansible/roles/db/defaults/main.yml | 4 ++ ansible/roles/db/handlers/main.yml | 3 + ansible/roles/db/meta/main.yml | 60 +++++++++++++++++++ ansible/roles/db/tasks/main.yml | 13 ++++ ansible/roles/db/templates/mongod.conf.j2 | 16 +++++ ansible/roles/db/tests/inventory | 2 + ansible/roles/db/tests/test.yml | 5 ++ ansible/roles/db/vars/main.yml | 2 + ansible/site.yml | 4 -- terraform/modules/app/main.tf | 13 ++++ 53 files changed, 423 insertions(+), 59 deletions(-) delete mode 100644 ansible/app.yml delete mode 100644 ansible/clone.yml delete mode 100644 ansible/db.yml create mode 100644 ansible/environments/prod/credentials.yml create mode 100644 ansible/environments/prod/group_vars/all create mode 100644 ansible/environments/prod/group_vars/tag_reddit-app create mode 100644 ansible/environments/prod/group_vars/tag_reddit-db rename ansible/{ => environments/prod}/inventory.yml (100%) create mode 100644 ansible/environments/prod/requirements.yml create mode 100644 ansible/environments/stage/credentials.yml create mode 100644 ansible/environments/stage/group_vars/all create mode 100644 ansible/environments/stage/group_vars/tag_reddit-app create mode 100644 ansible/environments/stage/group_vars/tag_reddit-db create mode 100644 ansible/environments/stage/inventory.yml create mode 100644 ansible/environments/stage/requirements.yml delete mode 100644 ansible/inventory rename ansible/{ => old}/get-inventory.sh (100%) rename ansible/{ => old}/inventory.json (100%) create mode 100644 ansible/old/inventory.yml rename ansible/{ => old}/inventory2.json (100%) rename ansible/{ => old}/reddit_app_multiple_plays.yml (100%) rename ansible/{ => old}/reddit_app_one_play.yml (100%) create mode 100644 ansible/playbooks/app.yml create mode 100644 ansible/playbooks/db.yml rename ansible/{ => playbooks}/deploy.yml (100%) rename ansible/{ => playbooks}/packer_app.yml (100%) rename ansible/{ => playbooks}/packer_db.yml (100%) create mode 100644 ansible/playbooks/site.yml create mode 100644 ansible/playbooks/users.yml create mode 100644 ansible/roles/app/README.md create mode 100644 ansible/roles/app/defaults/main.yml create mode 100644 ansible/roles/app/files/puma.service create mode 100644 ansible/roles/app/handlers/main.yml create mode 100644 ansible/roles/app/meta/main.yml create mode 100644 ansible/roles/app/tasks/main.yml create mode 100644 ansible/roles/app/templates/db_config.j2 create mode 100644 ansible/roles/app/tests/inventory create mode 100644 ansible/roles/app/tests/test.yml create mode 100644 ansible/roles/app/vars/main.yml create mode 100644 ansible/roles/db/README.md create mode 100644 ansible/roles/db/defaults/main.yml create mode 100644 ansible/roles/db/handlers/main.yml create mode 100644 ansible/roles/db/meta/main.yml create mode 100644 ansible/roles/db/tasks/main.yml create mode 100644 ansible/roles/db/templates/mongod.conf.j2 create mode 100644 ansible/roles/db/tests/inventory create mode 100644 ansible/roles/db/tests/test.yml create mode 100644 ansible/roles/db/vars/main.yml delete mode 100644 ansible/site.yml diff --git a/.gitignore b/.gitignore index b53b4c8..ede1bfd 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ gce.py gce.ini infra*.json tf.log +jdauphant.nginx +vault.key diff --git a/README.md b/README.md index 5b2e198..5d5d1d2 100644 --- a/README.md +++ b/README.md @@ -196,3 +196,25 @@ packer build packer/db.json - Настроить gce dynamic inventory и положить его в директорию dyn_inv. - Перейти в директорию ansible и выполнить ansible-playbook site.yml. - Перейти в браузере по ссылке http://app_external_ip:9292. + +# HW-10 +## В процессе сделано. +- Создали роли для db и app. +- Прикрутил dynamic inventory. Скрипт и ini файл лежит в директориях prod и stage. Не увере, что это правильно, но по-другому не читаются переменные group_var и host_vars. +- Создали структуру environments. В директориях stage и prod свои inventory, свои переменные (group_vars, host_vars). gce.py группирует хосты, создавая тэги tag_hostname. +- Распределили таски, хэндлеры, переменные и т.д. по структуре директорий роли. defaults - переменные по-умолчанию; files; handlers; meta - метаинформация, зависимости; tasks - таски; templates - шаблоны; tests; vars; Переменные задаются в директории environments для каждого окружения. +- Добавили переменную env, чтобы при выполнении playbook всегда видеть, на каком окружении он выполняется. +- Переместили playbooks в отдельную директорию. +- Переместили устаревшие данные в директорию old. +- Добавили вывод diff. +- Добавили роль nginx из ansible-galaxy и настроили на проксирование с 80 порта. Открыли 80 порт в TF. Не стали закрывать порт 9292. +- Создали пользователей на виртуалках, зашифровав credentias.yml с помощью ansible-vault. + +## Как проверить работоспособность. +- Забрать ветку ansible-3. +- Перейти в директорию terraform/stage. +- Выполнить terraform init && terraform apply (ключи пользователя appuser должны быть в домашней директории ~/.ssh). Запомнить app_external_ip. +- Настроить gce dynamic inventory и положить его в директорию stage и prod. +- Перейти в директорию ansible и выполнить ansible-playbook site.yml. +- Перейти в браузере по ссылке http://app_external_ip:80. +- Залогиниться на виртуалки под пользователем appuser, выполнить su user_name. Ввести password. Явки-пароли взять из ДЗ. diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 84d1d16..5533cee 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,6 +1,13 @@ [defaults] -inventory = ./dyn_inv/gce.py +inventory = ./environments/stage/gce.py remote_user = appuser private_key_file = ~/.ssh/appuser host_key_checking = False retry_files_enabled = False +roles_path = ./roles +vault_password_file = ~/.ansible/vault.key + +[diff] +# Включим обязательный вывод diff при наличии изменений и вывод 5 строк контекста +always = True +context = 5 diff --git a/ansible/app.yml b/ansible/app.yml deleted file mode 100644 index 4bdebc8..0000000 --- a/ansible/app.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Configure App - hosts: reddit-app - become: true - vars: - db_host: "{{ hostvars['reddit-db']['gce_private_ip'] }}" - tasks: - - name: Add unit file for Puma - copy: - src: files/puma.service - dest: /etc/systemd/system/puma.service - - - name: debug internal ip - debug: - msg: "{{ hostvars['reddit-db']['gce_private_ip'] }}" - - - name: Add config for DB connection - template: - src: templates/db_config.j2 - dest: /home/appuser/db_config - owner: appuser - group: appuser - - - name: enable puma - systemd: name=puma enabled=yes diff --git a/ansible/clone.yml b/ansible/clone.yml deleted file mode 100644 index 636e389..0000000 --- a/ansible/clone.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Clone - hosts: app - tasks: - - name: Clone repo - git: - repo: https://github.com/express42/reddit.git - dest: /home/appuser/reddit diff --git a/ansible/db.yml b/ansible/db.yml deleted file mode 100644 index aec1923..0000000 --- a/ansible/db.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Configure MongoDB - hosts: reddit-db - become: true - vars: - mongo_bind_ip: 0.0.0.0 - tasks: - - name: Change mongo config file - template: - src: templates/mongod.conf.j2 - dest: /etc/mongod.conf - mode: 0644 - notify: restart mongod - - handlers: - - name: restart mongod - service: name=mongod state=restarted diff --git a/ansible/environments/prod/credentials.yml b/ansible/environments/prod/credentials.yml new file mode 100644 index 0000000..1931ae7 --- /dev/null +++ b/ansible/environments/prod/credentials.yml @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +66363930393961323363303366373837323132633263363266646636633836383937393037376562 +3130326235366161373062653732303632666461383431640a343333663937333839643564343439 +31363530316230363034343964666566373761663565333438323439393632313765663236356639 +3732316230336138620a623965313833353839626337303335343137336537663764373266396135 +34373866333238343561643866396238613632636236633464643334373263393532306166393965 +35303230616633366235303662333130333162346663653837393631323937333739643436626233 +66363366323132626433656463626262656634333032336138643664396136376534643339623533 +38383732343364336133 diff --git a/ansible/environments/prod/group_vars/all b/ansible/environments/prod/group_vars/all new file mode 100644 index 0000000..5ae06c7 --- /dev/null +++ b/ansible/environments/prod/group_vars/all @@ -0,0 +1 @@ +env: stage diff --git a/ansible/environments/prod/group_vars/tag_reddit-app b/ansible/environments/prod/group_vars/tag_reddit-app new file mode 100644 index 0000000..139fb3b --- /dev/null +++ b/ansible/environments/prod/group_vars/tag_reddit-app @@ -0,0 +1 @@ +db_host: "{{ hostvars['reddit-db']['gce_private_ip'] }}" diff --git a/ansible/environments/prod/group_vars/tag_reddit-db b/ansible/environments/prod/group_vars/tag_reddit-db new file mode 100644 index 0000000..a48e57b --- /dev/null +++ b/ansible/environments/prod/group_vars/tag_reddit-db @@ -0,0 +1 @@ +mongo_bind_ip: 0.0.0.0 diff --git a/ansible/inventory.yml b/ansible/environments/prod/inventory.yml similarity index 100% rename from ansible/inventory.yml rename to ansible/environments/prod/inventory.yml diff --git a/ansible/environments/prod/requirements.yml b/ansible/environments/prod/requirements.yml new file mode 100644 index 0000000..4448a27 --- /dev/null +++ b/ansible/environments/prod/requirements.yml @@ -0,0 +1,2 @@ +- src: jdauphant.nginx + version: v2.21.1 diff --git a/ansible/environments/stage/credentials.yml b/ansible/environments/stage/credentials.yml new file mode 100644 index 0000000..06c7a21 --- /dev/null +++ b/ansible/environments/stage/credentials.yml @@ -0,0 +1,11 @@ +$ANSIBLE_VAULT;1.1;AES256 +30626266346137626461633261643639356234646638396433343762373634656634313132303165 +6131313065353764326266366561383337666630313766340a313130316235346239343431626337 +36396566616231613730636463643430336437353438663130613136636430396162326133616430 +6639333836333262630a366338363835313534396331356464363537333562373736373437356331 +34633634613834643031363032343933323431373262643566373034383037656437666232316661 +34623633643231356231346634636638366562343734333166613661313066366561303734613737 +37316232643636653265646231343135303635353734323261393831363833313137646561666161 +34363162353036303762663139366262316439363335613762616366316564363736636431393365 +33343034653165376634616231396662643262373838343231373562616333313066643239623137 +3730343132393566393037383462396130333238663366353339 diff --git a/ansible/environments/stage/group_vars/all b/ansible/environments/stage/group_vars/all new file mode 100644 index 0000000..5ae06c7 --- /dev/null +++ b/ansible/environments/stage/group_vars/all @@ -0,0 +1 @@ +env: stage diff --git a/ansible/environments/stage/group_vars/tag_reddit-app b/ansible/environments/stage/group_vars/tag_reddit-app new file mode 100644 index 0000000..e96ccf0 --- /dev/null +++ b/ansible/environments/stage/group_vars/tag_reddit-app @@ -0,0 +1,6 @@ +db_host: "{{ hostvars['reddit-db']['gce_private_ip'] }}" +nginx_sites: + default: + - listen 80 + - server_name "reddit" + - location / { proxy_pass http://127.0.0.1:9292; } diff --git a/ansible/environments/stage/group_vars/tag_reddit-db b/ansible/environments/stage/group_vars/tag_reddit-db new file mode 100644 index 0000000..a48e57b --- /dev/null +++ b/ansible/environments/stage/group_vars/tag_reddit-db @@ -0,0 +1 @@ +mongo_bind_ip: 0.0.0.0 diff --git a/ansible/environments/stage/inventory.yml b/ansible/environments/stage/inventory.yml new file mode 100644 index 0000000..9e7c493 --- /dev/null +++ b/ansible/environments/stage/inventory.yml @@ -0,0 +1,9 @@ +app: + hosts: + appserver: + ansible_host: 8.8.8.8 + +db: + hosts: + dbserver: + ansible_host: 9.9.9.9 diff --git a/ansible/environments/stage/requirements.yml b/ansible/environments/stage/requirements.yml new file mode 100644 index 0000000..4448a27 --- /dev/null +++ b/ansible/environments/stage/requirements.yml @@ -0,0 +1,2 @@ +- src: jdauphant.nginx + version: v2.21.1 diff --git a/ansible/inventory b/ansible/inventory deleted file mode 100644 index 3aefdac..0000000 --- a/ansible/inventory +++ /dev/null @@ -1,4 +0,0 @@ -[app] -appserver ansible_host=8.8.8.8 -[db] -dbserver ansible_host=9.9.9.9 diff --git a/ansible/get-inventory.sh b/ansible/old/get-inventory.sh similarity index 100% rename from ansible/get-inventory.sh rename to ansible/old/get-inventory.sh diff --git a/ansible/inventory.json b/ansible/old/inventory.json similarity index 100% rename from ansible/inventory.json rename to ansible/old/inventory.json diff --git a/ansible/old/inventory.yml b/ansible/old/inventory.yml new file mode 100644 index 0000000..9e7c493 --- /dev/null +++ b/ansible/old/inventory.yml @@ -0,0 +1,9 @@ +app: + hosts: + appserver: + ansible_host: 8.8.8.8 + +db: + hosts: + dbserver: + ansible_host: 9.9.9.9 diff --git a/ansible/inventory2.json b/ansible/old/inventory2.json similarity index 100% rename from ansible/inventory2.json rename to ansible/old/inventory2.json diff --git a/ansible/reddit_app_multiple_plays.yml b/ansible/old/reddit_app_multiple_plays.yml similarity index 100% rename from ansible/reddit_app_multiple_plays.yml rename to ansible/old/reddit_app_multiple_plays.yml diff --git a/ansible/reddit_app_one_play.yml b/ansible/old/reddit_app_one_play.yml similarity index 100% rename from ansible/reddit_app_one_play.yml rename to ansible/old/reddit_app_one_play.yml diff --git a/ansible/playbooks/app.yml b/ansible/playbooks/app.yml new file mode 100644 index 0000000..2b226a5 --- /dev/null +++ b/ansible/playbooks/app.yml @@ -0,0 +1,8 @@ +--- +- name: Configure App + hosts: reddit-app + tags: reddit-app + become: true + roles: + - app + - jdauphant.nginx diff --git a/ansible/playbooks/db.yml b/ansible/playbooks/db.yml new file mode 100644 index 0000000..7a2e4ba --- /dev/null +++ b/ansible/playbooks/db.yml @@ -0,0 +1,7 @@ +--- +- name: Configure MongoDB + hosts: reddit-db + tags: reddit-db + become: true + roles: + - db diff --git a/ansible/deploy.yml b/ansible/playbooks/deploy.yml similarity index 100% rename from ansible/deploy.yml rename to ansible/playbooks/deploy.yml diff --git a/ansible/packer_app.yml b/ansible/playbooks/packer_app.yml similarity index 100% rename from ansible/packer_app.yml rename to ansible/playbooks/packer_app.yml diff --git a/ansible/packer_db.yml b/ansible/playbooks/packer_db.yml similarity index 100% rename from ansible/packer_db.yml rename to ansible/playbooks/packer_db.yml diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml new file mode 100644 index 0000000..a73064b --- /dev/null +++ b/ansible/playbooks/site.yml @@ -0,0 +1,5 @@ +--- +- import_playbook: db.yml +- import_playbook: app.yml +- import_playbook: deploy.yml +- import_playbook: users.yml diff --git a/ansible/playbooks/users.yml b/ansible/playbooks/users.yml new file mode 100644 index 0000000..6fb8468 --- /dev/null +++ b/ansible/playbooks/users.yml @@ -0,0 +1,15 @@ +- name: Create users + hosts: all + become: true + + vars_files: + - "{{ inventory_dir }}/credentials.yml" + + tasks: + - name: create users + user: + name: "{{ item.key }}" + password: "{{ item.value.password|password_hash('sha512', + 65534|random(seed=inventory_hostname)|string) }}" + groups: "{{ item.value.groups | default(omit) }}" + with_dict: "{{ credentials.users }}" diff --git a/ansible/roles/app/README.md b/ansible/roles/app/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/ansible/roles/app/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible/roles/app/defaults/main.yml b/ansible/roles/app/defaults/main.yml new file mode 100644 index 0000000..3d18de1 --- /dev/null +++ b/ansible/roles/app/defaults/main.yml @@ -0,0 +1,3 @@ +# defaults file for app +db_host: 127.0.0.1 +env: local diff --git a/ansible/roles/app/files/puma.service b/ansible/roles/app/files/puma.service new file mode 100644 index 0000000..45d528b --- /dev/null +++ b/ansible/roles/app/files/puma.service @@ -0,0 +1,14 @@ +[Unit] +Description=Puma HTTP Server +After=network.target + +[Service] +Type=simple +EnvironmentFile=/home/appuser/db_config +User=appuser +WorkingDirectory=/home/appuser/reddit +ExecStart=/bin/bash -lc 'puma' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/app/handlers/main.yml b/ansible/roles/app/handlers/main.yml new file mode 100644 index 0000000..75d4da1 --- /dev/null +++ b/ansible/roles/app/handlers/main.yml @@ -0,0 +1,3 @@ +# handlers file for app +- name: reload puma + systemd: name=puma state=restarted diff --git a/ansible/roles/app/meta/main.yml b/ansible/roles/app/meta/main.yml new file mode 100644 index 0000000..5d50bf4 --- /dev/null +++ b/ansible/roles/app/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/ansible/roles/app/tasks/main.yml b/ansible/roles/app/tasks/main.yml new file mode 100644 index 0000000..46badc0 --- /dev/null +++ b/ansible/roles/app/tasks/main.yml @@ -0,0 +1,19 @@ +# tasks file for app +- name: Show info about the env this host belongs to + debug: + msg: "This host is in {{ env }} environment!!!" +- name: Add unit file for Puma + copy: + src: puma.service + dest: /etc/systemd/system/puma.service + +- name: debug internal ip + debug: + msg: "{{ hostvars['reddit-db']['gce_private_ip'] }}" + +- name: Add config for DB connection + template: + src: db_config.j2 + dest: /home/appuser/db_config + owner: appuser + group: appuser diff --git a/ansible/roles/app/templates/db_config.j2 b/ansible/roles/app/templates/db_config.j2 new file mode 100644 index 0000000..46a1274 --- /dev/null +++ b/ansible/roles/app/templates/db_config.j2 @@ -0,0 +1 @@ +DATABASE_URL={{ db_host }} diff --git a/ansible/roles/app/tests/inventory b/ansible/roles/app/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/ansible/roles/app/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible/roles/app/tests/test.yml b/ansible/roles/app/tests/test.yml new file mode 100644 index 0000000..b0ca4f9 --- /dev/null +++ b/ansible/roles/app/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - app \ No newline at end of file diff --git a/ansible/roles/app/vars/main.yml b/ansible/roles/app/vars/main.yml new file mode 100644 index 0000000..3eb085a --- /dev/null +++ b/ansible/roles/app/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for app \ No newline at end of file diff --git a/ansible/roles/db/README.md b/ansible/roles/db/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/ansible/roles/db/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible/roles/db/defaults/main.yml b/ansible/roles/db/defaults/main.yml new file mode 100644 index 0000000..f31fb11 --- /dev/null +++ b/ansible/roles/db/defaults/main.yml @@ -0,0 +1,4 @@ +# defaults file for db +mongo_port: 27017 +mongo_bind_ip: 127.0.0.1 +env: local diff --git a/ansible/roles/db/handlers/main.yml b/ansible/roles/db/handlers/main.yml new file mode 100644 index 0000000..3fc6ddc --- /dev/null +++ b/ansible/roles/db/handlers/main.yml @@ -0,0 +1,3 @@ +# handlers file for db +- name: restart mongod + service: name=mongod state=restarted diff --git a/ansible/roles/db/meta/main.yml b/ansible/roles/db/meta/main.yml new file mode 100644 index 0000000..5d50bf4 --- /dev/null +++ b/ansible/roles/db/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/ansible/roles/db/tasks/main.yml b/ansible/roles/db/tasks/main.yml new file mode 100644 index 0000000..e467650 --- /dev/null +++ b/ansible/roles/db/tasks/main.yml @@ -0,0 +1,13 @@ +# tasks file for db +- name: Show info about the env this host belongs to + debug: + msg: "This host is in {{ env }} environment!!!" +- name: test bind ip + debug: + msg: "This is bind_ip {{ mongo_bind_ip }}" +- name: Change mongo config file + template: + src: mongod.conf.j2 + dest: /etc/mongod.conf + mode: 0644 + notify: restart mongod diff --git a/ansible/roles/db/templates/mongod.conf.j2 b/ansible/roles/db/templates/mongod.conf.j2 new file mode 100644 index 0000000..772fcad --- /dev/null +++ b/ansible/roles/db/templates/mongod.conf.j2 @@ -0,0 +1,16 @@ +# Where and how to store data. +storage: + dbPath: /var/lib/mongodb + journal: + enabled: true + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/log/mongodb/mongod.log + +# network interfaces +net: + port: {{ mongo_port | default('27017') }} + bindIp: {{ mongo_bind_ip }} diff --git a/ansible/roles/db/tests/inventory b/ansible/roles/db/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/ansible/roles/db/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible/roles/db/tests/test.yml b/ansible/roles/db/tests/test.yml new file mode 100644 index 0000000..519bc1e --- /dev/null +++ b/ansible/roles/db/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - db \ No newline at end of file diff --git a/ansible/roles/db/vars/main.yml b/ansible/roles/db/vars/main.yml new file mode 100644 index 0000000..60d2e74 --- /dev/null +++ b/ansible/roles/db/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for db \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml deleted file mode 100644 index 4f134c3..0000000 --- a/ansible/site.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- import_playbook: db.yml -- import_playbook: app.yml -- import_playbook: deploy.yml diff --git a/terraform/modules/app/main.tf b/terraform/modules/app/main.tf index c10cafe..3310ff6 100644 --- a/terraform/modules/app/main.tf +++ b/terraform/modules/app/main.tf @@ -70,3 +70,16 @@ resource "google_compute_firewall" "firewall_puma" { source_ranges = ["0.0.0.0/0"] target_tags = ["reddit-app"] } + +resource "google_compute_firewall" "firewall_nginx_proxy" { + name = "allow-nginx-default" + network = "default" + + allow { + protocol = "tcp" + ports = ["80"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["reddit-app"] +} From 31b079fa683a867d55e200e28d25f8427790e9cc Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Thu, 8 Nov 2018 01:41:44 +0300 Subject: [PATCH 4/7] HW-10 main task and advanced task 1, fixed packer --- ansible/environments/prod/inventory.yml | 9 --------- ansible/environments/stage/inventory.yml | 9 --------- packer/app.json | 2 +- packer/db.json | 2 +- 4 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 ansible/environments/prod/inventory.yml delete mode 100644 ansible/environments/stage/inventory.yml diff --git a/ansible/environments/prod/inventory.yml b/ansible/environments/prod/inventory.yml deleted file mode 100644 index 9e7c493..0000000 --- a/ansible/environments/prod/inventory.yml +++ /dev/null @@ -1,9 +0,0 @@ -app: - hosts: - appserver: - ansible_host: 8.8.8.8 - -db: - hosts: - dbserver: - ansible_host: 9.9.9.9 diff --git a/ansible/environments/stage/inventory.yml b/ansible/environments/stage/inventory.yml deleted file mode 100644 index 9e7c493..0000000 --- a/ansible/environments/stage/inventory.yml +++ /dev/null @@ -1,9 +0,0 @@ -app: - hosts: - appserver: - ansible_host: 8.8.8.8 - -db: - hosts: - dbserver: - ansible_host: 9.9.9.9 diff --git a/packer/app.json b/packer/app.json index 862adba..2d06577 100644 --- a/packer/app.json +++ b/packer/app.json @@ -25,7 +25,7 @@ "provisioners": [ { "type": "ansible", - "playbook_file": "ansible/packer_app.yml" + "playbook_file": "ansible/playbooks/packer_app.yml" } ] } diff --git a/packer/db.json b/packer/db.json index c0d2834..39e5e97 100644 --- a/packer/db.json +++ b/packer/db.json @@ -25,7 +25,7 @@ "provisioners": [ { "type": "ansible", - "playbook_file": "ansible/packer_db.yml" + "playbook_file": "ansible/playbooks/packer_db.yml" } ] } From bfb03c566a66e9641c3f9280c72de9983d9d450e Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Thu, 8 Nov 2018 01:50:37 +0300 Subject: [PATCH 5/7] HW-10 main task and advanced task 1, fixed trailing spaces --- ansible/playbooks/app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/app.yml b/ansible/playbooks/app.yml index 2b226a5..e3f9801 100644 --- a/ansible/playbooks/app.yml +++ b/ansible/playbooks/app.yml @@ -5,4 +5,4 @@ become: true roles: - app - - jdauphant.nginx + - jdauphant.nginx From 6e623b0e1de245d8730497318371594d11fee69f Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Sun, 11 Nov 2018 18:18:38 +0300 Subject: [PATCH 6/7] HW-10 advanced tasks 2, fixed minor mistakes --- .travis.yml | 45 ++++++++++++++++++++++-- README.md | 2 ++ ansible/playbooks/packer_db.yml | 3 +- ansible/requirements.txt | 1 + terraform/prod/terraform.tfvars.example | 2 +- terraform/stage/terraform.tfvars.example | 2 +- 6 files changed, 50 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 983efb0..d0204d5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,50 @@ dist: trusty sudo: required language: bash +env: + - PACKER_V=1.3.1 TF_V=0.11.10 TFLINT_V=0.7.2 ANS_V=2.7.1 ANSLINT_V=3.5.1 before_install: -- curl https://raw.githubusercontent.com/express42/otus-homeworks/2018-09/run.sh | - bash +- curl https://raw.githubusercontent.com/express42/otus-homeworks/2018-09/run.sh | bash +- sudo pip install --upgrade pip +install: + # packer + - wget https://releases.hashicorp.com/packer/${PACKER_V}/packer_${PACKER_V}_linux_amd64.zip -O packer.zip + - sudo unzip packer.zip -d /usr/bin + # #tf + - wget https://releases.hashicorp.com/terraform/${TF_V}/terraform_${TF_V}_linux_amd64.zip -O tf.zip + - sudo unzip tf.zip -d /usr/bin + # #tf-lint + - wget https://github.com/wata727/tflint/releases/download/v0.7.2/tflint_linux_amd64.zip -O tflint.zip + - sudo unzip tflint.zip -d /usr/bin + # #ans&ans-lint + - sudo pip install ansible==${ANS_V} ansible-lint==${ANSLINT_V} + - echo $PATH +before_script: + - touch ~/.ssh/appuser ~/.ssh/appuser.pub + - mv packer/variables.json.example packer/variables.json + - mv terraform/terraform.tfvars.example terraform/terraform.tfvars + - mv terraform/stage/terraform.tfvars.example terraform/stage/terraform.tfvars + - mv terraform/prod/terraform.tfvars.example terraform/prod/terraform.tfvars +script: + # packer + # Хотел здесь сделать двумя массивами и циклом, но не стал, потому что не смог объявить в блоке env массив. + # Трэвис из блока env автоматически конвертит в export, а массивы на export нельзя. + # Плюс к тому у нас два шаблона валидируются из директории packer, два шаблона из корневой. + - cd ${TRAVIS_BUILD_DIR}/packer + - packer validate -var-file=variables.json ubuntu16.json + - packer validate -var-file=variables.json immutable.json + - cd ${TRAVIS_BUILD_DIR} + - packer validate packer/app.json + - packer validate packer/db.json + # tf && tflint + - cd ${TRAVIS_BUILD_DIR}/terraform + - cd ${TRAVIS_BUILD_DIR}/terraform/stage + - terraform init -backend=false && terraform validate && tflint + - cd ${TRAVIS_BUILD_DIR}/terraform/prod + - terraform init -backend=false && terraform validate && tflint + # ansible-lint + - cd ${TRAVIS_BUILD_DIR}/ansible + - ansible-lint playbooks/*.yml --exclude=roles/jdauphant.nginx notifications: slack: rooms: diff --git a/README.md b/README.md index 5d5d1d2..af3cf33 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Build Status](https://travis-ci.com/Otus-DevOps-2018-09/Kirill-Garbar_infra.svg?branch=master)](https://travis-ci.com/Otus-DevOps-2018-09/Kirill-Garbar_infra) + # HW-3 ## В процессе сделано: - Созданы две ВМ. Одна с внутренним. Одна с внешним и внутренним IP - пограничный сервер. diff --git a/ansible/playbooks/packer_db.yml b/ansible/playbooks/packer_db.yml index d66ffe9..7edafea 100644 --- a/ansible/playbooks/packer_db.yml +++ b/ansible/playbooks/packer_db.yml @@ -13,6 +13,7 @@ - name: install MongoDB apt: name: mongodb-org - - systemd: + - name: enable MongoDB + systemd: name: mongod enabled: yes diff --git a/ansible/requirements.txt b/ansible/requirements.txt index 3336ed1..183af84 100644 --- a/ansible/requirements.txt +++ b/ansible/requirements.txt @@ -1 +1,2 @@ ansible>=2.4 +ansible-lint>=3.5 diff --git a/terraform/prod/terraform.tfvars.example b/terraform/prod/terraform.tfvars.example index b0d7f2a..f72bd28 100644 --- a/terraform/prod/terraform.tfvars.example +++ b/terraform/prod/terraform.tfvars.example @@ -4,4 +4,4 @@ private_key_path = "~/.ssh/appuser" disk_image = "reddit-base" region = "europe-west1" app_count = "1" -provisioner_condition = 1 +provisioner_condition = "1" diff --git a/terraform/stage/terraform.tfvars.example b/terraform/stage/terraform.tfvars.example index b0d7f2a..f72bd28 100644 --- a/terraform/stage/terraform.tfvars.example +++ b/terraform/stage/terraform.tfvars.example @@ -4,4 +4,4 @@ private_key_path = "~/.ssh/appuser" disk_image = "reddit-base" region = "europe-west1" app_count = "1" -provisioner_condition = 1 +provisioner_condition = "1" From c05459816eb8a4d7126bee9df3f895b4df013aae Mon Sep 17 00:00:00 2001 From: Kirill Garbar Date: Sun, 11 Nov 2018 18:38:56 +0300 Subject: [PATCH 7/7] HW-10 README edit --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index af3cf33..33d5c72 100644 --- a/README.md +++ b/README.md @@ -210,7 +210,9 @@ packer build packer/db.json - Переместили устаревшие данные в директорию old. - Добавили вывод diff. - Добавили роль nginx из ansible-galaxy и настроили на проксирование с 80 порта. Открыли 80 порт в TF. Не стали закрывать порт 9292. -- Создали пользователей на виртуалках, зашифровав credentias.yml с помощью ansible-vault. +- Создали пользователей на виртуалках, зашифровав credentials.yml с помощью ansible-vault. +- Добавили инфраструктурные тесты: packer validate, terraform validate, tflint, ansible-lint +- Badge со статусом билда добавил только для ветки master. Ветка хардкодится в ссылке в README. Варианты решения: 1. добавлять ссылку на свой сервис, который по хэдеру запроса сформирует ссылку на бэйдж и добавить в README; 2. Сделать precommit hook, который будет заменять ссылку на бэйдж в тревисе при каждом коммите. Вариант 1 не подходит из-за своей костыльности. Вариант 2 подходит. В жизни долгоживущие ветки создаются редко и для них так и так README пишутся вручную, поэтому можно забить динамически формировать ссылку на бэйдж :) ## Как проверить работоспособность. - Забрать ветку ansible-3.