From f4e75b25e4a48c4582c7e7b63b54dcdc683a8d4b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:18:38 -0500 Subject: [PATCH 1/8] Issue #814: Add config to help include roles in the directory. --- .gitignore | 1 - provisioning/README.md | 15 +++++++++++++++ provisioning/ansible.cfg | 2 ++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 provisioning/README.md create mode 100644 provisioning/ansible.cfg diff --git a/.gitignore b/.gitignore index c0f8665af..b5483661c 100644 --- a/.gitignore +++ b/.gitignore @@ -12,5 +12,4 @@ Vagrantfile.local examples/prod/inventory examples/prod/bootstrap/vars.yml scripts/ -roles/ drupal/ diff --git a/provisioning/README.md b/provisioning/README.md new file mode 100644 index 000000000..6f3eedb02 --- /dev/null +++ b/provisioning/README.md @@ -0,0 +1,15 @@ +# Drupal VM - Ansible Provisioning + +Drupal VM uses the Ansible provisioner to build all the software that runs and supplements Drupal sites. + +The Ansible configuration uses a variety of open source community-maintained Ansible Roles that are hosted on Ansible Galaxy, but Drupal VM includes the roles in the codebase for efficiency's sake. + +**You should NOT make any manual changes to the roles in the `roles` directory**, but rather, contribute to the upstream roles corresponding to the role's folder name (e.g. for issues with the `geerlingguy.apache` role, see the [`geerlingguy.apache`](https://galaxy.ansible.com/geerlingguy/apache/) role page on Ansible Galaxy, and the role's [issue tracker on GitHub](https://github.com/geerlingguy/ansible-role-apache/issues)). + +## Adding and Updating Galaxy roles + +From time to time, third party roles need to be added or updated to enable new Drupal VM functionality or fix bugs. To update a role (e.g. `geerlingguy.apache`), find the role's `version` setting inside `requirements.yml`, bump the version to the required or latest version of the role, then run the following command _in the same directory as this README file_: + + $ ansible-galaxy install -r requirements.yml --force + +Then commit the updated `requirements.yml` file and the new and updated files within the `roles` directory in a new PR to the Drupal VM project. diff --git a/provisioning/ansible.cfg b/provisioning/ansible.cfg new file mode 100644 index 000000000..002a50dd5 --- /dev/null +++ b/provisioning/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ./roles From db7699c08b55d32d267ef8bf6dcc039123daf7b8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:19:02 -0500 Subject: [PATCH 2/8] Fixes #814: Include all required roles in Drupal VM's codebase. --- .../roles/arknoll.selenium/.gitignore | 24 ++ .../roles/arknoll.selenium/.travis.yml | 35 +++ .../roles/arknoll.selenium/LICENSE.txt | 13 + provisioning/roles/arknoll.selenium/README.md | 61 +++++ .../roles/arknoll.selenium/defaults/main.yml | 5 + .../roles/arknoll.selenium/handlers/main.yml | 4 + .../meta/.galaxy_install_info | 1 + .../roles/arknoll.selenium/meta/main.yml | 21 ++ .../roles/arknoll.selenium/tasks/main.yml | 42 ++++ .../templates/selenium-init-Debian.j2 | 60 +++++ .../templates/selenium-init-RedHat.j2 | 81 +++++++ .../roles/arknoll.selenium/tests/inventory | 1 + .../roles/arknoll.selenium/tests/test.yml | 6 + .../roles/arknoll.selenium/vars/main.yml | 2 + .../roles/franklinkim.newrelic/.clog.toml | 4 + .../roles/franklinkim.newrelic/.editorconfig | 16 ++ .../roles/franklinkim.newrelic/.gitignore | 6 + .../roles/franklinkim.newrelic/.travis.yml | 10 + .../roles/franklinkim.newrelic/CHANGELOG.md | 20 ++ .../roles/franklinkim.newrelic/LICENSE | 22 ++ .../roles/franklinkim.newrelic/README.md | 127 ++++++++++ .../roles/franklinkim.newrelic/Vagrantfile | 23 ++ .../franklinkim.newrelic/defaults/main.yml | 22 ++ .../franklinkim.newrelic/handlers/main.yml | 7 + .../roles/franklinkim.newrelic/meta/main.yml | 104 ++++++++ .../franklinkim.newrelic/meta/readme.yml | 14 ++ .../franklinkim.newrelic/tasks/install.yml | 7 + .../tasks/install_debian.yml | 23 ++ .../tasks/install_redhat.yml | 13 + .../roles/franklinkim.newrelic/tasks/main.yml | 28 +++ .../franklinkim.newrelic/tasks/service.yml | 7 + .../templates/etc/newrelic/nrsysmond.cfg.j2 | 205 ++++++++++++++++ .../roles/franklinkim.newrelic/tests/main.yml | 10 + .../roles/franklinkim.newrelic/tests/run.sh | 17 ++ .../roles/geerlingguy.adminer/.travis.yml | 66 +++++ .../roles/geerlingguy.adminer/README.md | 47 ++++ .../geerlingguy.adminer/defaults/main.yml | 5 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.adminer/meta/main.yml | 44 ++++ .../roles/geerlingguy.adminer/tasks/main.yml | 40 ++++ .../templates/adminer.conf.j2 | 9 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.adminer/tests/test-apache.yml | 8 + .../tests/test-standalone.yml | 8 + .../geerlingguy.apache-php-fpm/.travis.yml | 53 +++++ .../geerlingguy.apache-php-fpm/README.md | 57 +++++ .../meta/.galaxy_install_info | 1 + .../geerlingguy.apache-php-fpm/meta/main.yml | 26 ++ .../tasks/configure-Debian.yml | 10 + .../tasks/configure-RedHat.yml | 7 + .../geerlingguy.apache-php-fpm/tasks/main.yml | 7 + .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.apache-php-fpm/tests/test.yml | 27 +++ .../roles/geerlingguy.apache/.travis.yml | 54 +++++ .../roles/geerlingguy.apache/README.md | 124 ++++++++++ .../geerlingguy.apache/defaults/main.yml | 44 ++++ .../geerlingguy.apache/handlers/main.yml | 5 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.apache/meta/main.yml | 31 +++ .../tasks/configure-Debian.yml | 54 +++++ .../tasks/configure-RedHat.yml | 24 ++ .../tasks/configure-Solaris.yml | 19 ++ .../tasks/configure-Suse.yml | 24 ++ .../roles/geerlingguy.apache/tasks/main.yml | 58 +++++ .../geerlingguy.apache/tasks/setup-Debian.yml | 7 + .../geerlingguy.apache/tasks/setup-RedHat.yml | 7 + .../tasks/setup-Solaris.yml | 6 + .../geerlingguy.apache/tasks/setup-Suse.yml | 6 + .../templates/vhosts.conf.j2 | 82 +++++++ .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/geerlingguy.apache/tests/test.yml | 13 + .../roles/geerlingguy.apache/vars/Debian.yml | 14 ++ .../roles/geerlingguy.apache/vars/RedHat.yml | 20 ++ .../roles/geerlingguy.apache/vars/Solaris.yml | 19 ++ .../roles/geerlingguy.apache/vars/Suse.yml | 18 ++ .../geerlingguy.apache/vars/apache-22.yml | 12 + .../geerlingguy.apache/vars/apache-24.yml | 8 + .../roles/geerlingguy.blackfire/.travis.yml | 55 +++++ .../roles/geerlingguy.blackfire/README.md | 41 ++++ .../geerlingguy.blackfire/defaults/main.yml | 6 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.blackfire/meta/main.yml | 28 +++ .../geerlingguy.blackfire/tasks/main.yml | 14 ++ .../tasks/setup-Debian.yml | 17 ++ .../tasks/setup-RedHat.yml | 18 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.blackfire/tests/test.yml | 10 + .../roles/geerlingguy.composer/.travis.yml | 52 ++++ .../roles/geerlingguy.composer/README.md | 68 ++++++ .../geerlingguy.composer/defaults/main.yml | 20 ++ .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.composer/meta/main.yml | 43 ++++ .../tasks/global-require.yml | 17 ++ .../roles/geerlingguy.composer/tasks/main.yml | 53 +++++ .../templates/auth.json.j2 | 5 + .../templates/composer.sh.j2 | 1 + .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-14.04 | 14 ++ .../geerlingguy.composer/tests/initctl_faker | 23 ++ .../geerlingguy.composer/tests/inventory | 1 + .../tests/requirements.yml | 3 + .../roles/geerlingguy.composer/tests/test.yml | 21 ++ .../roles/geerlingguy.daemonize/.travis.yml | 57 +++++ .../roles/geerlingguy.daemonize/README.md | 43 ++++ .../geerlingguy.daemonize/defaults/main.yml | 5 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.daemonize/meta/main.yml | 28 +++ .../geerlingguy.daemonize/tasks/main.yml | 29 +++ .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.daemonize/tests/test.yml | 24 ++ .../geerlingguy.drupal-console/.travis.yml | 41 ++++ .../geerlingguy.drupal-console/README.md | 45 ++++ .../defaults/main.yml | 4 + .../meta/.galaxy_install_info | 1 + .../geerlingguy.drupal-console/meta/main.yml | 44 ++++ .../geerlingguy.drupal-console/tasks/main.yml | 22 ++ .../tests/inventory | 1 + .../tests/test-self-update.yml | 15 ++ .../geerlingguy.drupal-console/tests/test.yml | 14 ++ .../roles/geerlingguy.drush/.travis.yml | 42 ++++ .../roles/geerlingguy.drush/README.md | 56 +++++ .../roles/geerlingguy.drush/defaults/main.yml | 10 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.drush/meta/main.yml | 46 ++++ .../roles/geerlingguy.drush/tasks/main.yml | 37 +++ .../roles/geerlingguy.drush/tests/inventory | 1 + .../roles/geerlingguy.drush/tests/test.yml | 10 + .../geerlingguy.elasticsearch/.travis.yml | 58 +++++ .../roles/geerlingguy.elasticsearch/README.md | 44 ++++ .../defaults/main.yml | 5 + .../files/elasticsearch.repo | 6 + .../handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../geerlingguy.elasticsearch/meta/main.yml | 24 ++ .../geerlingguy.elasticsearch/tasks/main.yml | 18 ++ .../tasks/setup-Debian.yml | 14 ++ .../tasks/setup-RedHat.yml | 14 ++ .../templates/elasticsearch.yml.j2 | 97 ++++++++ .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.elasticsearch/tests/test.yml | 11 + .../roles/geerlingguy.firewall/.travis.yml | 60 +++++ .../roles/geerlingguy.firewall/README.md | 72 ++++++ .../geerlingguy.firewall/defaults/main.yml | 11 + .../geerlingguy.firewall/handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.firewall/meta/main.yml | 22 ++ .../roles/geerlingguy.firewall/tasks/main.yml | 21 ++ .../templates/firewall.bash.j2 | 83 +++++++ .../templates/firewall.j2 | 49 ++++ .../geerlingguy.firewall/tests/inventory | 1 + .../roles/geerlingguy.firewall/tests/test.yml | 8 + provisioning/roles/geerlingguy.git/.gitignore | 1 + .../roles/geerlingguy.git/.travis.yml | 84 +++++++ provisioning/roles/geerlingguy.git/README.md | 55 +++++ .../roles/geerlingguy.git/defaults/main.yml | 23 ++ .../geerlingguy.git/meta/.galaxy_install_info | 1 + .../roles/geerlingguy.git/meta/main.yml | 22 ++ .../tasks/install-from-source.yml | 62 +++++ .../roles/geerlingguy.git/tasks/main.yml | 23 ++ .../geerlingguy.git/tests/Dockerfile.centos-6 | 15 ++ .../geerlingguy.git/tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.git/tests/test-package.yml | 14 ++ .../geerlingguy.git/tests/test-source.yml | 15 ++ .../roles/geerlingguy.git/vars/main.yml | 2 + .../roles/geerlingguy.java/.travis.yml | 57 +++++ provisioning/roles/geerlingguy.java/README.md | 62 +++++ .../roles/geerlingguy.java/defaults/main.yml | 4 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.java/meta/main.yml | 27 +++ .../roles/geerlingguy.java/tasks/main.yml | 23 ++ .../geerlingguy.java/tasks/setup-Debian.yml | 7 + .../geerlingguy.java/tasks/setup-FreeBSD.yml | 10 + .../geerlingguy.java/tasks/setup-RedHat.yml | 4 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/geerlingguy.java/tests/test.yml | 10 + .../roles/geerlingguy.java/vars/Debian.yml | 7 + .../roles/geerlingguy.java/vars/FreeBSD.yml | 7 + .../roles/geerlingguy.java/vars/RedHat.yml | 7 + .../geerlingguy.java/vars/Ubuntu-12.04.yml | 7 + .../geerlingguy.java/vars/Ubuntu-14.04.yml | 7 + .../geerlingguy.java/vars/Ubuntu-16.04.yml | 7 + .../roles/geerlingguy.mailhog/.travis.yml | 67 ++++++ .../roles/geerlingguy.mailhog/README.md | 55 +++++ .../geerlingguy.mailhog/defaults/main.yml | 7 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.mailhog/meta/main.yml | 25 ++ .../roles/geerlingguy.mailhog/tasks/main.yml | 33 +++ .../templates/mailhog.init.j2 | 61 +++++ .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/geerlingguy.mailhog/tests/message | 5 + .../roles/geerlingguy.mailhog/tests/test.yml | 27 +++ .../roles/geerlingguy.memcached/.gitignore | 1 + .../roles/geerlingguy.memcached/.travis.yml | 34 +++ .../roles/geerlingguy.memcached/README.md | 53 +++++ .../geerlingguy.memcached/defaults/main.yml | 9 + .../geerlingguy.memcached/handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.memcached/meta/main.yml | 24 ++ .../geerlingguy.memcached/tasks/main.yml | 29 +++ .../tasks/setup-Debian.yml | 6 + .../tasks/setup-RedHat.yml | 3 + .../templates/memcached-Debian.conf.j2 | 27 +++ .../templates/memcached-RedHat.conf.j2 | 19 ++ .../geerlingguy.memcached/tests/inventory | 1 + .../geerlingguy.memcached/tests/test.yml | 5 + .../geerlingguy.memcached/vars/Debian.yml | 3 + .../geerlingguy.memcached/vars/RedHat.yml | 3 + .../roles/geerlingguy.mysql/.travis.yml | 78 ++++++ .../roles/geerlingguy.mysql/README.md | 144 +++++++++++ .../roles/geerlingguy.mysql/defaults/main.yml | 101 ++++++++ .../roles/geerlingguy.mysql/handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.mysql/meta/main.yml | 22 ++ .../geerlingguy.mysql/tasks/configure.yml | 69 ++++++ .../geerlingguy.mysql/tasks/databases.yml | 8 + .../roles/geerlingguy.mysql/tasks/main.yml | 42 ++++ .../geerlingguy.mysql/tasks/replication.yml | 51 ++++ .../tasks/secure-installation.yml | 60 +++++ .../geerlingguy.mysql/tasks/setup-Debian.yml | 29 +++ .../geerlingguy.mysql/tasks/setup-RedHat.yml | 8 + .../roles/geerlingguy.mysql/tasks/users.yml | 11 + .../geerlingguy.mysql/templates/my.cnf.j2 | 111 +++++++++ .../templates/user-my.cnf.j2 | 3 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 14 ++ .../tests/Dockerfile.ubuntu-14.04 | 14 ++ .../geerlingguy.mysql/tests/centos-7-test.yml | 15 ++ .../geerlingguy.mysql/tests/initctl_faker | 23 ++ .../roles/geerlingguy.mysql/tests/inventory | 1 + .../roles/geerlingguy.mysql/tests/test.yml | 4 + .../roles/geerlingguy.mysql/vars/Debian.yml | 10 + .../roles/geerlingguy.mysql/vars/RedHat-6.yml | 10 + .../roles/geerlingguy.mysql/vars/RedHat-7.yml | 16 ++ .../roles/geerlingguy.nginx/.travis.yml | 39 +++ .../roles/geerlingguy.nginx/README.md | 122 ++++++++++ .../roles/geerlingguy.nginx/defaults/main.yml | 68 ++++++ .../roles/geerlingguy.nginx/handlers/main.yml | 10 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.nginx/meta/main.yml | 30 +++ .../roles/geerlingguy.nginx/tasks/main.yml | 39 +++ .../geerlingguy.nginx/tasks/setup-Debian.yml | 9 + .../geerlingguy.nginx/tasks/setup-FreeBSD.yml | 13 + .../geerlingguy.nginx/tasks/setup-RedHat.yml | 14 ++ .../geerlingguy.nginx/tasks/setup-Ubuntu.yml | 14 ++ .../roles/geerlingguy.nginx/tasks/vhosts.yml | 26 ++ .../geerlingguy.nginx/templates/nginx.conf.j2 | 63 +++++ .../geerlingguy.nginx/templates/nginx.repo.j2 | 5 + .../geerlingguy.nginx/templates/vhosts.j2 | 33 +++ .../roles/geerlingguy.nginx/tests/inventory | 1 + .../roles/geerlingguy.nginx/tests/test.yml | 6 + .../roles/geerlingguy.nginx/vars/Debian.yml | 9 + .../roles/geerlingguy.nginx/vars/FreeBSD.yml | 9 + .../roles/geerlingguy.nginx/vars/RedHat.yml | 9 + .../roles/geerlingguy.nodejs/.travis.yml | 62 +++++ .../roles/geerlingguy.nodejs/README.md | 66 +++++ .../geerlingguy.nodejs/defaults/main.yml | 21 ++ .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.nodejs/meta/main.yml | 27 +++ .../roles/geerlingguy.nodejs/tasks/main.yml | 50 ++++ .../geerlingguy.nodejs/tasks/setup-Debian.yml | 24 ++ .../geerlingguy.nodejs/tasks/setup-RedHat.yml | 18 ++ .../geerlingguy.nodejs/templates/npm.sh.j2 | 3 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/geerlingguy.nodejs/tests/test.yml | 29 +++ .../geerlingguy.php-memcached/.travis.yml | 40 ++++ .../roles/geerlingguy.php-memcached/README.md | 39 +++ .../defaults/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../geerlingguy.php-memcached/meta/main.yml | 24 ++ .../geerlingguy.php-memcached/tasks/main.yml | 28 +++ .../geerlingguy.php-memcached/tests/inventory | 1 + .../tests/memcached-test.php | 35 +++ .../geerlingguy.php-memcached/tests/test.yml | 12 + .../geerlingguy.php-memcached/vars/Debian.yml | 2 + .../geerlingguy.php-memcached/vars/RedHat.yml | 2 + .../roles/geerlingguy.php-mysql/.travis.yml | 56 +++++ .../roles/geerlingguy.php-mysql/README.md | 40 ++++ .../geerlingguy.php-mysql/defaults/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.php-mysql/meta/main.yml | 23 ++ .../geerlingguy.php-mysql/tasks/main.yml | 29 +++ .../tests/Dockerfile.centos-6 | 18 ++ .../tests/Dockerfile.centos-7 | 30 +++ .../tests/Dockerfile.ubuntu-14.04 | 14 ++ .../tests/centos7-vars.yml | 11 + .../geerlingguy.php-mysql/tests/initctl_faker | 23 ++ .../geerlingguy.php-mysql/tests/inventory | 1 + .../tests/requirements.yml | 5 + .../geerlingguy.php-mysql/tests/test.yml | 23 ++ .../geerlingguy.php-mysql/vars/Debian.yml | 2 + .../geerlingguy.php-mysql/vars/RedHat.yml | 2 + .../roles/geerlingguy.php-pecl/.travis.yml | 43 ++++ .../roles/geerlingguy.php-pecl/README.md | 45 ++++ .../geerlingguy.php-pecl/defaults/main.yml | 4 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.php-pecl/meta/main.yml | 44 ++++ .../roles/geerlingguy.php-pecl/tasks/main.yml | 7 + .../geerlingguy.php-pecl/tests/inventory | 1 + .../roles/geerlingguy.php-pecl/tests/test.yml | 6 + .../roles/geerlingguy.php-redis/.travis.yml | 40 ++++ .../roles/geerlingguy.php-redis/README.md | 63 +++++ .../geerlingguy.php-redis/defaults/main.yml | 10 + .../geerlingguy.php-redis/files/redis.ini | 1 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.php-redis/meta/main.yml | 24 ++ .../tasks/install-from-source.yml | 36 +++ .../geerlingguy.php-redis/tasks/main.yml | 36 +++ .../geerlingguy.php-redis/tests/inventory | 1 + .../tests/redis-test.php | 32 +++ .../geerlingguy.php-redis/tests/test.yml | 14 ++ .../geerlingguy.php-redis/vars/Debian.yml | 2 + .../geerlingguy.php-redis/vars/RedHat.yml | 2 + .../roles/geerlingguy.php-xdebug/.gitignore | 1 + .../roles/geerlingguy.php-xdebug/.travis.yml | 62 +++++ .../roles/geerlingguy.php-xdebug/README.md | 77 ++++++ .../geerlingguy.php-xdebug/defaults/main.yml | 20 ++ .../meta/.galaxy_install_info | 1 + .../geerlingguy.php-xdebug/meta/main.yml | 44 ++++ .../tasks/configure.yml | 12 + .../geerlingguy.php-xdebug/tasks/main.yml | 56 +++++ .../templates/xdebug.ini.j2 | 17 ++ .../tests/Dockerfile.centos-6 | 19 ++ .../tests/Dockerfile.centos-7 | 29 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.php-xdebug/tests/inventory | 1 + .../tests/test-source.yml | 21 ++ .../tests/xdebug-test.php | 21 ++ .../geerlingguy.php-xdebug/vars/Debian.yml | 3 + .../geerlingguy.php-xdebug/vars/RedHat.yml | 3 + .../roles/geerlingguy.php-xhprof/.gitignore | 1 + .../roles/geerlingguy.php-xhprof/.travis.yml | 58 +++++ .../roles/geerlingguy.php-xhprof/README.md | 52 ++++ .../geerlingguy.php-xhprof/defaults/main.yml | 14 ++ .../meta/.galaxy_install_info | 1 + .../geerlingguy.php-xhprof/meta/main.yml | 44 ++++ .../tasks/configure.yml | 18 ++ .../geerlingguy.php-xhprof/tasks/main.yml | 68 ++++++ .../tasks/setup-Debian.yml | 8 + .../tasks/setup-RedHat.yml | 8 + .../templates/xhprof.ini.j2 | 3 + .../tests/Dockerfile.centos-7 | 30 +++ .../tests/Dockerfile.ubuntu-12.04 | 13 + .../tests/Dockerfile.ubuntu-14.04 | 13 + .../geerlingguy.php-xhprof/tests/inventory | 1 + .../tests/test-source.yml | 20 ++ .../tests/xhprof-test.php | 51 ++++ .../geerlingguy.php-xhprof/vars/Debian.yml | 4 + .../geerlingguy.php-xhprof/vars/RedHat.yml | 4 + .../roles/geerlingguy.php/.travis.yml | 84 +++++++ provisioning/roles/geerlingguy.php/README.md | 204 ++++++++++++++++ .../roles/geerlingguy.php/defaults/main.yml | 116 +++++++++ .../roles/geerlingguy.php/handlers/main.yml | 13 + .../geerlingguy.php/meta/.galaxy_install_info | 1 + .../roles/geerlingguy.php/meta/main.yml | 23 ++ .../geerlingguy.php/tasks/configure-apcu.yml | 37 +++ .../geerlingguy.php/tasks/configure-fpm.yml | 76 ++++++ .../tasks/configure-opcache.yml | 37 +++ .../roles/geerlingguy.php/tasks/configure.yml | 20 ++ .../tasks/install-from-source.yml | 150 ++++++++++++ .../roles/geerlingguy.php/tasks/main.yml | 61 +++++ .../geerlingguy.php/tasks/setup-Debian.yml | 27 +++ .../geerlingguy.php/tasks/setup-RedHat.yml | 8 + .../geerlingguy.php/templates/apc.ini.j2 | 4 + .../geerlingguy.php/templates/fpm-init.j2 | 170 +++++++++++++ .../geerlingguy.php/templates/opcache.ini.j2 | 14 ++ .../geerlingguy.php/templates/php-fpm.conf.j2 | 12 + .../geerlingguy.php/templates/php.ini.j2 | 225 ++++++++++++++++++ .../geerlingguy.php/templates/www.conf.j2 | 12 + .../geerlingguy.php/tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/geerlingguy.php/tests/inventory | 1 + .../geerlingguy.php/tests/requirements.yml | 2 + .../geerlingguy.php/tests/test-package.yml | 27 +++ .../geerlingguy.php/tests/test-source.yml | 18 ++ .../tests/test-vars-ubuntu1204.yml | 23 ++ .../roles/geerlingguy.php/vars/Debian.yml | 37 +++ .../roles/geerlingguy.php/vars/RedHat.yml | 33 +++ .../roles/geerlingguy.pimpmylog/.travis.yml | 41 ++++ .../roles/geerlingguy.pimpmylog/README.md | 49 ++++ .../geerlingguy.pimpmylog/defaults/main.yml | 5 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.pimpmylog/meta/main.yml | 23 ++ .../geerlingguy.pimpmylog/tasks/main.yml | 14 ++ .../geerlingguy.pimpmylog/tests/inventory | 1 + .../geerlingguy.pimpmylog/tests/test.yml | 11 + .../roles/geerlingguy.postfix/.travis.yml | 36 +++ .../roles/geerlingguy.postfix/README.md | 31 +++ .../geerlingguy.postfix/defaults/main.yml | 1 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.postfix/meta/main.yml | 23 ++ .../roles/geerlingguy.postfix/tasks/main.yml | 11 + .../roles/geerlingguy.postfix/tests/inventory | 1 + .../roles/geerlingguy.postfix/tests/test.yml | 5 + .../roles/geerlingguy.redis/.travis.yml | 47 ++++ .../roles/geerlingguy.redis/README.md | 92 +++++++ .../roles/geerlingguy.redis/defaults/main.yml | 30 +++ .../roles/geerlingguy.redis/handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.redis/meta/main.yml | 24 ++ .../roles/geerlingguy.redis/tasks/main.yml | 21 ++ .../geerlingguy.redis/tasks/setup-Debian.yml | 3 + .../geerlingguy.redis/tasks/setup-RedHat.yml | 3 + .../geerlingguy.redis/templates/redis.conf.j2 | 45 ++++ .../roles/geerlingguy.redis/tests/inventory | 1 + .../roles/geerlingguy.redis/tests/test.yml | 6 + .../roles/geerlingguy.redis/vars/Debian.yml | 3 + .../roles/geerlingguy.redis/vars/RedHat.yml | 3 + .../roles/geerlingguy.repo-remi/.travis.yml | 48 ++++ .../roles/geerlingguy.repo-remi/README.md | 39 +++ .../geerlingguy.repo-remi/defaults/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.repo-remi/meta/main.yml | 15 ++ .../geerlingguy.repo-remi/tasks/main.yml | 10 + .../tests/Dockerfile.centos-6 | 19 ++ .../tests/Dockerfile.centos-7 | 29 +++ .../tests/requirements.yml | 2 + .../geerlingguy.repo-remi/tests/test.yml | 5 + .../roles/geerlingguy.ruby/.travis.yml | 61 +++++ provisioning/roles/geerlingguy.ruby/README.md | 59 +++++ .../roles/geerlingguy.ruby/defaults/main.yml | 16 ++ .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.ruby/meta/main.yml | 45 ++++ .../tasks/install-from-source.yml | 60 +++++ .../roles/geerlingguy.ruby/tasks/main.yml | 26 ++ .../geerlingguy.ruby/tasks/setup-Debian.yml | 14 ++ .../geerlingguy.ruby/tasks/setup-RedHat.yml | 6 + .../roles/geerlingguy.ruby/tests/inventory | 1 + .../tests/test-install-from-source.yml | 11 + .../tests/test-install-package.yml | 5 + .../roles/geerlingguy.security/.travis.yml | 57 +++++ .../roles/geerlingguy.security/README.md | 79 ++++++ .../geerlingguy.security/defaults/main.yml | 10 + .../geerlingguy.security/handlers/main.yml | 3 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.security/meta/main.yml | 22 ++ .../tasks/autoupdate-Debian.yml | 14 ++ .../tasks/autoupdate-RedHat.yml | 13 + .../tasks/fail2ban-Debian.yml | 3 + .../tasks/fail2ban-RedHat.yml | 3 + .../roles/geerlingguy.security/tasks/main.yml | 24 ++ .../roles/geerlingguy.security/tasks/ssh.yml | 35 +++ .../templates/10periodic.j2 | 4 + .../templates/50unattended-upgrades.j2 | 6 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 17 ++ .../roles/geerlingguy.security/tests/test.yml | 19 ++ .../geerlingguy.security/vars/Debian.yml | 3 + .../geerlingguy.security/vars/RedHat.yml | 3 + .../roles/geerlingguy.solr/.travis.yml | 68 ++++++ provisioning/roles/geerlingguy.solr/README.md | 86 +++++++ .../roles/geerlingguy.solr/defaults/main.yml | 26 ++ .../roles/geerlingguy.solr/handlers/main.yml | 6 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.solr/meta/main.yml | 22 ++ .../geerlingguy.solr/tasks/configure.yml | 20 ++ .../roles/geerlingguy.solr/tasks/cores.yml | 26 ++ .../geerlingguy.solr/tasks/install-pre5.yml | 70 ++++++ .../roles/geerlingguy.solr/tasks/install.yml | 15 ++ .../roles/geerlingguy.solr/tasks/main.yml | 48 ++++ .../roles/geerlingguy.solr/tasks/user.yml | 9 + .../templates/solr-init-Debian-pre5.j2 | 94 ++++++++ .../templates/solr-init-RedHat-pre5.j2 | 91 +++++++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../geerlingguy.solr/tests/requirements.yml | 2 + .../geerlingguy.solr/tests/test-solr-3.yml | 11 + .../geerlingguy.solr/tests/test-solr-4.yml | 11 + .../geerlingguy.solr/tests/test-solr-5.yml | 11 + .../geerlingguy.solr/tests/test-solr-6.yml | 21 ++ .../roles/geerlingguy.varnish/.gitignore | 1 + .../roles/geerlingguy.varnish/.travis.yml | 54 +++++ .../roles/geerlingguy.varnish/README.md | 77 ++++++ .../geerlingguy.varnish/defaults/main.yml | 12 + .../geerlingguy.varnish/handlers/main.yml | 6 + .../meta/.galaxy_install_info | 1 + .../roles/geerlingguy.varnish/meta/main.yml | 23 ++ .../roles/geerlingguy.varnish/tasks/main.yml | 72 ++++++ .../tasks/setup-Debian.yml | 13 + .../tasks/setup-RedHat.yml | 21 ++ .../templates/default.vcl.j2 | 11 + .../geerlingguy.varnish/templates/secret.j2 | 1 + .../geerlingguy.varnish/templates/varnish.j2 | 110 +++++++++ .../templates/varnish.params.j2 | 35 +++ .../templates/varnish.service.j2 | 12 + .../tests/Dockerfile.centos-6 | 15 ++ .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 17 ++ .../roles/geerlingguy.varnish/tests/test.yml | 20 ++ .../roles/geerlingguy.varnish/vars/Debian.yml | 3 + .../roles/geerlingguy.varnish/vars/RedHat.yml | 2 + 524 files changed, 13018 insertions(+) create mode 100644 provisioning/roles/arknoll.selenium/.gitignore create mode 100644 provisioning/roles/arknoll.selenium/.travis.yml create mode 100644 provisioning/roles/arknoll.selenium/LICENSE.txt create mode 100644 provisioning/roles/arknoll.selenium/README.md create mode 100644 provisioning/roles/arknoll.selenium/defaults/main.yml create mode 100644 provisioning/roles/arknoll.selenium/handlers/main.yml create mode 100644 provisioning/roles/arknoll.selenium/meta/.galaxy_install_info create mode 100644 provisioning/roles/arknoll.selenium/meta/main.yml create mode 100644 provisioning/roles/arknoll.selenium/tasks/main.yml create mode 100644 provisioning/roles/arknoll.selenium/templates/selenium-init-Debian.j2 create mode 100644 provisioning/roles/arknoll.selenium/templates/selenium-init-RedHat.j2 create mode 100644 provisioning/roles/arknoll.selenium/tests/inventory create mode 100644 provisioning/roles/arknoll.selenium/tests/test.yml create mode 100644 provisioning/roles/arknoll.selenium/vars/main.yml create mode 100644 provisioning/roles/franklinkim.newrelic/.clog.toml create mode 100644 provisioning/roles/franklinkim.newrelic/.editorconfig create mode 100644 provisioning/roles/franklinkim.newrelic/.gitignore create mode 100644 provisioning/roles/franklinkim.newrelic/.travis.yml create mode 100644 provisioning/roles/franklinkim.newrelic/CHANGELOG.md create mode 100644 provisioning/roles/franklinkim.newrelic/LICENSE create mode 100644 provisioning/roles/franklinkim.newrelic/README.md create mode 100644 provisioning/roles/franklinkim.newrelic/Vagrantfile create mode 100644 provisioning/roles/franklinkim.newrelic/defaults/main.yml create mode 100644 provisioning/roles/franklinkim.newrelic/handlers/main.yml create mode 100644 provisioning/roles/franklinkim.newrelic/meta/main.yml create mode 100644 provisioning/roles/franklinkim.newrelic/meta/readme.yml create mode 100644 provisioning/roles/franklinkim.newrelic/tasks/install.yml create mode 100644 provisioning/roles/franklinkim.newrelic/tasks/install_debian.yml create mode 100644 provisioning/roles/franklinkim.newrelic/tasks/install_redhat.yml create mode 100644 provisioning/roles/franklinkim.newrelic/tasks/main.yml create mode 100644 provisioning/roles/franklinkim.newrelic/tasks/service.yml create mode 100644 provisioning/roles/franklinkim.newrelic/templates/etc/newrelic/nrsysmond.cfg.j2 create mode 100644 provisioning/roles/franklinkim.newrelic/tests/main.yml create mode 100755 provisioning/roles/franklinkim.newrelic/tests/run.sh create mode 100644 provisioning/roles/geerlingguy.adminer/.travis.yml create mode 100644 provisioning/roles/geerlingguy.adminer/README.md create mode 100644 provisioning/roles/geerlingguy.adminer/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.adminer/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.adminer/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.adminer/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.adminer/templates/adminer.conf.j2 create mode 100644 provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.adminer/tests/test-apache.yml create mode 100644 provisioning/roles/geerlingguy.adminer/tests/test-standalone.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/.travis.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/README.md create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-Debian.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.apache-php-fpm/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.apache/.travis.yml create mode 100644 provisioning/roles/geerlingguy.apache/README.md create mode 100644 provisioning/roles/geerlingguy.apache/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.apache/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.apache/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.apache/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/configure-Debian.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/configure-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/configure-Solaris.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/configure-Suse.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/setup-Solaris.yml create mode 100644 provisioning/roles/geerlingguy.apache/tasks/setup-Suse.yml create mode 100644 provisioning/roles/geerlingguy.apache/templates/vhosts.conf.j2 create mode 100644 provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.apache/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/Solaris.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/Suse.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/apache-22.yml create mode 100644 provisioning/roles/geerlingguy.apache/vars/apache-24.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/.travis.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/README.md create mode 100644 provisioning/roles/geerlingguy.blackfire/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.blackfire/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.blackfire/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.composer/.travis.yml create mode 100644 provisioning/roles/geerlingguy.composer/README.md create mode 100644 provisioning/roles/geerlingguy.composer/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.composer/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.composer/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.composer/tasks/global-require.yml create mode 100644 provisioning/roles/geerlingguy.composer/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.composer/templates/auth.json.j2 create mode 100644 provisioning/roles/geerlingguy.composer/templates/composer.sh.j2 create mode 100644 provisioning/roles/geerlingguy.composer/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.composer/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.composer/tests/initctl_faker create mode 100644 provisioning/roles/geerlingguy.composer/tests/inventory create mode 100644 provisioning/roles/geerlingguy.composer/tests/requirements.yml create mode 100644 provisioning/roles/geerlingguy.composer/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.daemonize/.travis.yml create mode 100644 provisioning/roles/geerlingguy.daemonize/README.md create mode 100644 provisioning/roles/geerlingguy.daemonize/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.daemonize/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.daemonize/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.daemonize/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.daemonize/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/.travis.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/README.md create mode 100644 provisioning/roles/geerlingguy.drupal-console/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.drupal-console/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/tests/inventory create mode 100644 provisioning/roles/geerlingguy.drupal-console/tests/test-self-update.yml create mode 100644 provisioning/roles/geerlingguy.drupal-console/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.drush/.travis.yml create mode 100644 provisioning/roles/geerlingguy.drush/README.md create mode 100644 provisioning/roles/geerlingguy.drush/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.drush/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.drush/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.drush/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.drush/tests/inventory create mode 100644 provisioning/roles/geerlingguy.drush/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/.travis.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/README.md create mode 100644 provisioning/roles/geerlingguy.elasticsearch/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/files/elasticsearch.repo create mode 100644 provisioning/roles/geerlingguy.elasticsearch/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.elasticsearch/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.elasticsearch/templates/elasticsearch.yml.j2 create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.elasticsearch/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.firewall/.travis.yml create mode 100644 provisioning/roles/geerlingguy.firewall/README.md create mode 100644 provisioning/roles/geerlingguy.firewall/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.firewall/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.firewall/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.firewall/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.firewall/tasks/main.yml create mode 100755 provisioning/roles/geerlingguy.firewall/templates/firewall.bash.j2 create mode 100644 provisioning/roles/geerlingguy.firewall/templates/firewall.j2 create mode 100644 provisioning/roles/geerlingguy.firewall/tests/inventory create mode 100644 provisioning/roles/geerlingguy.firewall/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.git/.gitignore create mode 100644 provisioning/roles/geerlingguy.git/.travis.yml create mode 100644 provisioning/roles/geerlingguy.git/README.md create mode 100644 provisioning/roles/geerlingguy.git/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.git/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.git/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.git/tasks/install-from-source.yml create mode 100644 provisioning/roles/geerlingguy.git/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.git/tests/test-package.yml create mode 100644 provisioning/roles/geerlingguy.git/tests/test-source.yml create mode 100644 provisioning/roles/geerlingguy.git/vars/main.yml create mode 100644 provisioning/roles/geerlingguy.java/.travis.yml create mode 100644 provisioning/roles/geerlingguy.java/README.md create mode 100644 provisioning/roles/geerlingguy.java/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.java/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.java/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.java/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.java/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.java/tasks/setup-FreeBSD.yml create mode 100644 provisioning/roles/geerlingguy.java/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.java/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/FreeBSD.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/Ubuntu-12.04.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/Ubuntu-14.04.yml create mode 100644 provisioning/roles/geerlingguy.java/vars/Ubuntu-16.04.yml create mode 100644 provisioning/roles/geerlingguy.mailhog/.travis.yml create mode 100644 provisioning/roles/geerlingguy.mailhog/README.md create mode 100644 provisioning/roles/geerlingguy.mailhog/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.mailhog/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.mailhog/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.mailhog/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.mailhog/templates/mailhog.init.j2 create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/message create mode 100644 provisioning/roles/geerlingguy.mailhog/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.memcached/.gitignore create mode 100644 provisioning/roles/geerlingguy.memcached/.travis.yml create mode 100644 provisioning/roles/geerlingguy.memcached/README.md create mode 100644 provisioning/roles/geerlingguy.memcached/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.memcached/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.memcached/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.memcached/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.memcached/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.memcached/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.memcached/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.memcached/templates/memcached-Debian.conf.j2 create mode 100644 provisioning/roles/geerlingguy.memcached/templates/memcached-RedHat.conf.j2 create mode 100644 provisioning/roles/geerlingguy.memcached/tests/inventory create mode 100644 provisioning/roles/geerlingguy.memcached/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.memcached/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.memcached/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.mysql/.travis.yml create mode 100644 provisioning/roles/geerlingguy.mysql/README.md create mode 100644 provisioning/roles/geerlingguy.mysql/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.mysql/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.mysql/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.mysql/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/configure.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/databases.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/replication.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/secure-installation.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tasks/users.yml create mode 100644 provisioning/roles/geerlingguy.mysql/templates/my.cnf.j2 create mode 100644 provisioning/roles/geerlingguy.mysql/templates/user-my.cnf.j2 create mode 100644 provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.mysql/tests/centos-7-test.yml create mode 100644 provisioning/roles/geerlingguy.mysql/tests/initctl_faker create mode 100644 provisioning/roles/geerlingguy.mysql/tests/inventory create mode 100644 provisioning/roles/geerlingguy.mysql/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.mysql/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.mysql/vars/RedHat-6.yml create mode 100644 provisioning/roles/geerlingguy.mysql/vars/RedHat-7.yml create mode 100644 provisioning/roles/geerlingguy.nginx/.travis.yml create mode 100644 provisioning/roles/geerlingguy.nginx/README.md create mode 100644 provisioning/roles/geerlingguy.nginx/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.nginx/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.nginx/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.nginx/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/setup-FreeBSD.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/setup-Ubuntu.yml create mode 100644 provisioning/roles/geerlingguy.nginx/tasks/vhosts.yml create mode 100644 provisioning/roles/geerlingguy.nginx/templates/nginx.conf.j2 create mode 100644 provisioning/roles/geerlingguy.nginx/templates/nginx.repo.j2 create mode 100644 provisioning/roles/geerlingguy.nginx/templates/vhosts.j2 create mode 100644 provisioning/roles/geerlingguy.nginx/tests/inventory create mode 100644 provisioning/roles/geerlingguy.nginx/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.nginx/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.nginx/vars/FreeBSD.yml create mode 100644 provisioning/roles/geerlingguy.nginx/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/.travis.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/README.md create mode 100644 provisioning/roles/geerlingguy.nodejs/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.nodejs/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.nodejs/templates/npm.sh.j2 create mode 100644 provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.nodejs/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/README.md create mode 100644 provisioning/roles/geerlingguy.php-memcached/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-memcached/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-memcached/tests/memcached-test.php create mode 100644 provisioning/roles/geerlingguy.php-memcached/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-memcached/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/README.md create mode 100644 provisioning/roles/geerlingguy.php-mysql/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-mysql/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/centos7-vars.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/initctl_faker create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/requirements.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-mysql/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php-pecl/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-pecl/README.md create mode 100644 provisioning/roles/geerlingguy.php-pecl/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-pecl/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-pecl/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-pecl/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-pecl/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-pecl/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/README.md create mode 100644 provisioning/roles/geerlingguy.php-redis/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/files/redis.ini create mode 100644 provisioning/roles/geerlingguy.php-redis/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-redis/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/tasks/install-from-source.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-redis/tests/redis-test.php create mode 100644 provisioning/roles/geerlingguy.php-redis/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-redis/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/.gitignore create mode 100644 provisioning/roles/geerlingguy.php-xdebug/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/README.md create mode 100644 provisioning/roles/geerlingguy.php-xdebug/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-xdebug/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tasks/configure.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/templates/xdebug.ini.j2 create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/test-source.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/tests/xdebug-test.php create mode 100644 provisioning/roles/geerlingguy.php-xdebug/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-xdebug/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/.gitignore create mode 100644 provisioning/roles/geerlingguy.php-xhprof/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/README.md create mode 100644 provisioning/roles/geerlingguy.php-xhprof/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php-xhprof/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tasks/configure.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/templates/xhprof.ini.j2 create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/test-source.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/tests/xhprof-test.php create mode 100644 provisioning/roles/geerlingguy.php-xhprof/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php-xhprof/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php/.travis.yml create mode 100644 provisioning/roles/geerlingguy.php/README.md create mode 100644 provisioning/roles/geerlingguy.php/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.php/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.php/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.php/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/configure-apcu.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/configure-fpm.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/configure-opcache.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/configure.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/install-from-source.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.php/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.php/templates/apc.ini.j2 create mode 100644 provisioning/roles/geerlingguy.php/templates/fpm-init.j2 create mode 100644 provisioning/roles/geerlingguy.php/templates/opcache.ini.j2 create mode 100644 provisioning/roles/geerlingguy.php/templates/php-fpm.conf.j2 create mode 100644 provisioning/roles/geerlingguy.php/templates/php.ini.j2 create mode 100644 provisioning/roles/geerlingguy.php/templates/www.conf.j2 create mode 100644 provisioning/roles/geerlingguy.php/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.php/tests/inventory create mode 100644 provisioning/roles/geerlingguy.php/tests/requirements.yml create mode 100644 provisioning/roles/geerlingguy.php/tests/test-package.yml create mode 100644 provisioning/roles/geerlingguy.php/tests/test-source.yml create mode 100644 provisioning/roles/geerlingguy.php/tests/test-vars-ubuntu1204.yml create mode 100644 provisioning/roles/geerlingguy.php/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.php/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.pimpmylog/.travis.yml create mode 100644 provisioning/roles/geerlingguy.pimpmylog/README.md create mode 100644 provisioning/roles/geerlingguy.pimpmylog/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.pimpmylog/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.pimpmylog/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.pimpmylog/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.pimpmylog/tests/inventory create mode 100644 provisioning/roles/geerlingguy.pimpmylog/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.postfix/.travis.yml create mode 100644 provisioning/roles/geerlingguy.postfix/README.md create mode 100644 provisioning/roles/geerlingguy.postfix/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.postfix/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.postfix/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.postfix/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.postfix/tests/inventory create mode 100644 provisioning/roles/geerlingguy.postfix/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.redis/.travis.yml create mode 100644 provisioning/roles/geerlingguy.redis/README.md create mode 100644 provisioning/roles/geerlingguy.redis/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.redis/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.redis/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.redis/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.redis/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.redis/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.redis/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.redis/templates/redis.conf.j2 create mode 100644 provisioning/roles/geerlingguy.redis/tests/inventory create mode 100644 provisioning/roles/geerlingguy.redis/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.redis/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.redis/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/.travis.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/README.md create mode 100644 provisioning/roles/geerlingguy.repo-remi/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.repo-remi/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.repo-remi/tests/requirements.yml create mode 100644 provisioning/roles/geerlingguy.repo-remi/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.ruby/.travis.yml create mode 100644 provisioning/roles/geerlingguy.ruby/README.md create mode 100644 provisioning/roles/geerlingguy.ruby/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.ruby/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.ruby/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tasks/install-from-source.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tests/inventory create mode 100644 provisioning/roles/geerlingguy.ruby/tests/test-install-from-source.yml create mode 100644 provisioning/roles/geerlingguy.ruby/tests/test-install-package.yml create mode 100644 provisioning/roles/geerlingguy.security/.travis.yml create mode 100644 provisioning/roles/geerlingguy.security/README.md create mode 100644 provisioning/roles/geerlingguy.security/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.security/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.security/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.security/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/autoupdate-Debian.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/autoupdate-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/fail2ban-Debian.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/fail2ban-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.security/tasks/ssh.yml create mode 100644 provisioning/roles/geerlingguy.security/templates/10periodic.j2 create mode 100644 provisioning/roles/geerlingguy.security/templates/50unattended-upgrades.j2 create mode 100644 provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.security/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.security/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.security/vars/RedHat.yml create mode 100644 provisioning/roles/geerlingguy.solr/.travis.yml create mode 100644 provisioning/roles/geerlingguy.solr/README.md create mode 100644 provisioning/roles/geerlingguy.solr/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.solr/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.solr/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.solr/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/configure.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/cores.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/install-pre5.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/install.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.solr/tasks/user.yml create mode 100644 provisioning/roles/geerlingguy.solr/templates/solr-init-Debian-pre5.j2 create mode 100644 provisioning/roles/geerlingguy.solr/templates/solr-init-RedHat-pre5.j2 create mode 100644 provisioning/roles/geerlingguy.solr/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.solr/tests/requirements.yml create mode 100644 provisioning/roles/geerlingguy.solr/tests/test-solr-3.yml create mode 100644 provisioning/roles/geerlingguy.solr/tests/test-solr-4.yml create mode 100644 provisioning/roles/geerlingguy.solr/tests/test-solr-5.yml create mode 100644 provisioning/roles/geerlingguy.solr/tests/test-solr-6.yml create mode 100644 provisioning/roles/geerlingguy.varnish/.gitignore create mode 100644 provisioning/roles/geerlingguy.varnish/.travis.yml create mode 100644 provisioning/roles/geerlingguy.varnish/README.md create mode 100644 provisioning/roles/geerlingguy.varnish/defaults/main.yml create mode 100644 provisioning/roles/geerlingguy.varnish/handlers/main.yml create mode 100644 provisioning/roles/geerlingguy.varnish/meta/.galaxy_install_info create mode 100644 provisioning/roles/geerlingguy.varnish/meta/main.yml create mode 100644 provisioning/roles/geerlingguy.varnish/tasks/main.yml create mode 100644 provisioning/roles/geerlingguy.varnish/tasks/setup-Debian.yml create mode 100644 provisioning/roles/geerlingguy.varnish/tasks/setup-RedHat.yml create mode 100644 provisioning/roles/geerlingguy.varnish/templates/default.vcl.j2 create mode 100644 provisioning/roles/geerlingguy.varnish/templates/secret.j2 create mode 100644 provisioning/roles/geerlingguy.varnish/templates/varnish.j2 create mode 100644 provisioning/roles/geerlingguy.varnish/templates/varnish.params.j2 create mode 100644 provisioning/roles/geerlingguy.varnish/templates/varnish.service.j2 create mode 100644 provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-6 create mode 100644 provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-7 create mode 100644 provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-12.04 create mode 100644 provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-14.04 create mode 100644 provisioning/roles/geerlingguy.varnish/tests/test.yml create mode 100644 provisioning/roles/geerlingguy.varnish/vars/Debian.yml create mode 100644 provisioning/roles/geerlingguy.varnish/vars/RedHat.yml diff --git a/provisioning/roles/arknoll.selenium/.gitignore b/provisioning/roles/arknoll.selenium/.gitignore new file mode 100644 index 000000000..7b8cfb120 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/.gitignore @@ -0,0 +1,24 @@ +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +Icon? +ehthumbs.db +Thumbs.db + +# IDE files # +################# +/.settings +/.buildpath +/.project +/nbproject +*.komodoproject +*.kpf +/.idea + +# Other files # +############### +!empty diff --git a/provisioning/roles/arknoll.selenium/.travis.yml b/provisioning/roles/arknoll.selenium/.travis.yml new file mode 100644 index 000000000..490fc5265 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/.travis.yml @@ -0,0 +1,35 @@ +--- +language: python +python: "2.7" + +env: + - ANSIBLE_VERSION=1.6 + - ANSIBLE_VERSION=1.7 + - ANSIBLE_VERSION=1.8 + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible==$ANSIBLE_VERSION + + # Add ansible.cfg to pick up roles path. + - "printf '[defaults]\\nroles_path = ../' > ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/test.yml --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo -vvvv" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + +notifications: + email: false diff --git a/provisioning/roles/arknoll.selenium/LICENSE.txt b/provisioning/roles/arknoll.selenium/LICENSE.txt new file mode 100644 index 000000000..978821a72 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/LICENSE.txt @@ -0,0 +1,13 @@ +Copyright (c) Alex Knoll + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/provisioning/roles/arknoll.selenium/README.md b/provisioning/roles/arknoll.selenium/README.md new file mode 100644 index 000000000..f2a027dfe --- /dev/null +++ b/provisioning/roles/arknoll.selenium/README.md @@ -0,0 +1,61 @@ +## selenium [![Build Status](https://travis-ci.org/arknoll/ansible-role-selenium.svg?branch=master)](https://travis-ci.org/arknoll/ansible-role-selenium) + +Set up selenium and Firefox for running selenium tests. + +#### Requirements + +* `java` + +#### Variables + +* `selenium_install_dir`: [default: `/opt`] Install directory +* `selenium_version`: [default: `2.44.0`] Install version + +## Dependencies + +None + +#### Example + +```yaml +--- +- hosts: all + roles: + - selenium +``` + +#### Start/Stop/Restart Selenium + +``` +$ service selenium start +$ service selenium stop +$ service selenium restart +``` + +#### License and Author + +Author:: Alex Knoll (arknoll@gmail.com) + +Copyright:: 2015, Alex Knoll + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +#### Contributing + +We welcome contributed improvements and bug fixes via the usual workflow: + +1. Fork this repository +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Commit your changes (`git commit -am 'Add some feature'`) +4. Push to the branch (`git push origin my-new-feature`) +5. Create a new pull request diff --git a/provisioning/roles/arknoll.selenium/defaults/main.yml b/provisioning/roles/arknoll.selenium/defaults/main.yml new file mode 100644 index 000000000..bc0af10b4 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# defaults file for selenium +selenium_install_dir: /opt +selenium_version: 2.53.0 +selenium_install_firefox: yes diff --git a/provisioning/roles/arknoll.selenium/handlers/main.yml b/provisioning/roles/arknoll.selenium/handlers/main.yml new file mode 100644 index 000000000..acf78d5ae --- /dev/null +++ b/provisioning/roles/arknoll.selenium/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for selenium +- name: restart selenium + service: name=selenium state=restarted diff --git a/provisioning/roles/arknoll.selenium/meta/.galaxy_install_info b/provisioning/roles/arknoll.selenium/meta/.galaxy_install_info new file mode 100644 index 000000000..5d2ce608f --- /dev/null +++ b/provisioning/roles/arknoll.selenium/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Sat Jul 23 03:17:21 2016', version: 1.3.0} diff --git a/provisioning/roles/arknoll.selenium/meta/main.yml b/provisioning/roles/arknoll.selenium/meta/main.yml new file mode 100644 index 000000000..77b083784 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/meta/main.yml @@ -0,0 +1,21 @@ +--- +# meta file for selenium +galaxy_info: + author: Alex Knoll + description: Set up selenium and Firefox for running selenium tests. + license: Apache V2 + min_ansible_version: 1.3 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + categories: + - web +dependencies: [] diff --git a/provisioning/roles/arknoll.selenium/tasks/main.yml b/provisioning/roles/arknoll.selenium/tasks/main.yml new file mode 100644 index 000000000..3c1ac5919 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/tasks/main.yml @@ -0,0 +1,42 @@ +--- +# Tasks file for selenium +- name: create directory + file: "path={{ selenium_install_dir }}/selenium state=directory recurse=yes" + tags: [configuration, selenium, selenium-create-directory] + +- name: download + get_url: "url=http://selenium-release.storage.googleapis.com/{{ selenium_version | regex_replace('\\.[0-9]+$', '') }}/selenium-server-standalone-{{ selenium_version }}.jar dest=/opt/selenium/selenium-server-standalone-{{ selenium_version }}.jar" + tags: [configuration, selenium, selenium-download] + +- name: Install xvfb + apt: name={{item}} + with_items: + - xvfb + when: ansible_os_family == 'Debian' + +- name: Install browser + apt: name={{item}} + with_items: + - firefox + when: ansible_os_family == 'Debian' and selenium_install_firefox + +- name: Install browser Xvfb + yum: name={{item}} + with_items: + - xorg-x11-server-Xvfb + when: ansible_os_family == 'RedHat' + +- name: Install browser + yum: name={{item}} + with_items: + - firefox + when: ansible_os_family == 'RedHat' and selenium_install_firefox + + +- name: install + template: src=selenium-init-{{ ansible_os_family }}.j2 dest=/etc/init.d/selenium owner=root group=root mode=0755 + tags: [configuration, selenium, selenium-install] + +- name: run + service: name=selenium state=started enabled=yes + tags: [configuration, selenium, selenium-run] diff --git a/provisioning/roles/arknoll.selenium/templates/selenium-init-Debian.j2 b/provisioning/roles/arknoll.selenium/templates/selenium-init-Debian.j2 new file mode 100644 index 000000000..3a8ca8598 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/templates/selenium-init-Debian.j2 @@ -0,0 +1,60 @@ +#!/bin/bash + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +DISPLAY_ID=":1" +RUN_AS=root + +JAVA_BIN=/usr/bin/java + +XVFB_BIN=/usr/bin/xvfb-run + +SELENIUM_DIR={{ selenium_install_dir }}/selenium +SELENIUM_PID_FILE="$SELENIUM_DIR/selenium.pid" +SELENIUM_JAR_FILE="$SELENIUM_DIR/selenium-server-standalone-{{ selenium_version }}.jar" +SELENIUM_LOG_FILE="$SELENIUM_DIR/selenium.log" +SELENIUM_DAEMON_OPTS=" -client -jar $SELENIUM_JAR_FILE -log $SELENIUM_LOG_FILE" + +export DISPLAY="$DISPLAY_ID" + +set -e + +. /lib/lsb/init-functions + +case "$1" in + start) + if status_of_proc -p $SELENIUM_PID_FILE "$SELENIUM_JAR_FILE" $SELENIUM_JAR_FILE > /dev/null; then + log_progress_msg "Service already running" + else + log_daemon_msg "Starting Selenium server" + log_progress_msg "selenium" + start-stop-daemon -c $RUN_AS --start --quiet --background --pidfile $SELENIUM_PID_FILE --make-pidfile --exec $XVFB_BIN $JAVA_BIN -- $SELENIUM_DAEMON_OPTS + fi + ;; + + stop) + if status_of_proc -p $SELENIUM_PID_FILE "$SELENIUM_JAR_FILE" $SELENIUM_JAR_FILE > /dev/null; then + log_daemon_msg "Stopping Selenium server" + log_progress_msg "selenium" + start-stop-daemon --stop --pidfile $SELENIUM_PID_FILE + else + log_progress_msg "Service not running" + fi + ;; + + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + + status) + status_of_proc -p $SELENIUM_PID_FILE "$SELENIUM_JAR_FILE" $SELENIUM_JAR_FILE && exit 0 || exit $? + ;; + + *) + N=/etc/init.d/selenium + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac diff --git a/provisioning/roles/arknoll.selenium/templates/selenium-init-RedHat.j2 b/provisioning/roles/arknoll.selenium/templates/selenium-init-RedHat.j2 new file mode 100644 index 000000000..bce943de0 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/templates/selenium-init-RedHat.j2 @@ -0,0 +1,81 @@ +#!/bin/bash +# +# Selenium +# +# chkconfig: 345 90 25 +# description: Selenium service + +# Source function library. +. /etc/init.d/functions + +java_bin=/usr/bin/java + +xvfb_bin=/usr/bin/xvfb-run + +selenium_dir={{ selenium_install_dir }}/selenium +selenium_jar_file="$selenium_dir/selenium-server-standalone-{{ selenium_version }}.jar" +user=root +exec="$xvfb_bin $java_bin" +args=" -client -jar $selenium_jar_file" +lockfile="/var/lock/subsys/selenium" +pidfile="$selenium_dir/selenium.pid" +logfile="$selenium_dir/selenium.log" +prog="selenium" +display=":1" +port="4444" + +RETVAL=0 + +start() { + echo -n $"Starting $prog: " + + touch $pidfile + chown $user $pidfile + + touch $logfile + chown $user $logfile + + /bin/su - $user -c "DISPLAY=\"$display\" $exec $args >> $logfile 2>&1 & echo \$! > $pidfile" + + sleep 2 + + pgrep -fl $prog + RETVAL=$? + [ $RETVAL -eq 0 ] && echo_success || echo_failure + + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile $prog + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile + return $RETVAL +} + +restart() { + stop + sleep 2 + start +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status -p ${pidfile} ${prog} + RETVAL=$? + ;; + restart) + restart + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + exit 1 +esac diff --git a/provisioning/roles/arknoll.selenium/tests/inventory b/provisioning/roles/arknoll.selenium/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/arknoll.selenium/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/arknoll.selenium/tests/test.yml b/provisioning/roles/arknoll.selenium/tests/test.yml new file mode 100644 index 000000000..640e29ed6 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/tests/test.yml @@ -0,0 +1,6 @@ +--- +# Test file for selenium +- hosts: localhost + remote_user: root + roles: + - ansible-role-selenium diff --git a/provisioning/roles/arknoll.selenium/vars/main.yml b/provisioning/roles/arknoll.selenium/vars/main.yml new file mode 100644 index 000000000..9a60dec17 --- /dev/null +++ b/provisioning/roles/arknoll.selenium/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for selenium diff --git a/provisioning/roles/franklinkim.newrelic/.clog.toml b/provisioning/roles/franklinkim.newrelic/.clog.toml new file mode 100644 index 000000000..5e4317e78 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/.clog.toml @@ -0,0 +1,4 @@ +[clog] +changelog = "CHANGELOG.md" +repository = "https://github.com/weareinteractive/ansible-newrelic" +from-latest-tag = true diff --git a/provisioning/roles/franklinkim.newrelic/.editorconfig b/provisioning/roles/franklinkim.newrelic/.editorconfig new file mode 100644 index 000000000..e99064344 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/.editorconfig @@ -0,0 +1,16 @@ +# EditorConfig helps developers define and maintain consistent +# coding styles between different editors and IDEs +# editorconfig.org + +root = true + +[*] +# Change these settings to your own preference +indent_size = 2 +indent_style = space + +# We recommend you to keep these unchanged +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true diff --git a/provisioning/roles/franklinkim.newrelic/.gitignore b/provisioning/roles/franklinkim.newrelic/.gitignore new file mode 100644 index 000000000..91bcbe432 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/.gitignore @@ -0,0 +1,6 @@ +.* +*~ +!.git* +!.clog.toml +!.travis.yml +!.editorconfig diff --git a/provisioning/roles/franklinkim.newrelic/.travis.yml b/provisioning/roles/franklinkim.newrelic/.travis.yml new file mode 100644 index 000000000..f2bd5cf73 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/.travis.yml @@ -0,0 +1,10 @@ +--- + +language: ruby +sudo: required +services: + - docker +install: + - docker pull franklinkim/ansible:ubuntu-trusty +script: + - docker run -v $(pwd):/opt/ansible franklinkim/ansible:ubuntu-trusty tests/run.sh diff --git a/provisioning/roles/franklinkim.newrelic/CHANGELOG.md b/provisioning/roles/franklinkim.newrelic/CHANGELOG.md new file mode 100644 index 000000000..2b6672b66 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/CHANGELOG.md @@ -0,0 +1,20 @@ + +## 1.2.0 (2016-02-13) + + +#### Breaking Changes + +* add configurable `newrelic_group` and `newrelic_groups` ([b06cf9f4](https://github.com/weareinteractive/ansible-newrelic/commit/b06cf9f4bbaeb6edd3bae8b600d351a27dbd28d5), breaks [#](https://github.com/weareinteractive/ansible-newrelic/issues/)) + +#### Bug Fixes + +* make docker container monitoring work ([89986c76](https://github.com/weareinteractive/ansible-newrelic/commit/89986c7649e3bc3d9f08d1d2027596b9e089b6c5)) + +#### Features + +* add configurable `newrelic_group` and `newrelic_groups` ([b06cf9f4](https://github.com/weareinteractive/ansible-newrelic/commit/b06cf9f4bbaeb6edd3bae8b600d351a27dbd28d5), breaks [#](https://github.com/weareinteractive/ansible-newrelic/issues/)) +* use ansible-role docgen for README generation ([23b5e65f](https://github.com/weareinteractive/ansible-newrelic/commit/23b5e65fb9fe82851ec450f99d80b7db42663e58)) +* add CHANGELOG ([86830e8f](https://github.com/weareinteractive/ansible-newrelic/commit/86830e8f5d84195c2b3c11a8d3b1235a74cb136f)) + + + diff --git a/provisioning/roles/franklinkim.newrelic/LICENSE b/provisioning/roles/franklinkim.newrelic/LICENSE new file mode 100644 index 000000000..ebdf0f1dc --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) We Are Interactive + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. diff --git a/provisioning/roles/franklinkim.newrelic/README.md b/provisioning/roles/franklinkim.newrelic/README.md new file mode 100644 index 000000000..9650109b1 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/README.md @@ -0,0 +1,127 @@ +# Ansible franklinkim.newrelic role + +[![Build Status](https://img.shields.io/travis/weareinteractive/ansible-newrelic.svg)](https://travis-ci.org/weareinteractive/ansible-newrelic) +[![Galaxy](http://img.shields.io/badge/galaxy-franklinkim.apt-blue.svg)](https://galaxy.ansible.com/list#/roles/3917) +[![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-newrelic.svg)](https://github.com/weareinteractive/ansible-newrelic) +[![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-newrelic.svg)](https://github.com/weareinteractive/ansible-newrelic) + +> `franklinkim.newrelic` is an [Ansible](http://www.ansible.com) role which: +> +> * installs newrelic +> * configures newrelic +> * configures service + +## Installation + +Using `ansible-galaxy`: + +```shell +$ ansible-galaxy install franklinkim.newrelic +``` + +Using `requirements.yml`: + +```yaml +- src: franklinkim.newrelic +``` + +Using `git`: + +```shell +$ git clone https://github.com/weareinteractive/ansible-newrelic.git franklinkim.newrelic +``` + +## Dependencies + +* Ansible >= 1.9 + +## Variables + +Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`. + +```yaml +--- +# +# newrelic_license_key: yourkey + +# User name +newrelic_user: newrelic +# User group +newrelic_group: newrelic +# User groups to append to user +newrelic_groups: [] +# Name of the file where the server monitor will store it's log messages. +newrelic_logfile: /var/log/newrelic/nrsysmond.log +# Level of detail you want in the log file +newrelic_loglevel: info +# Set to true to disable NFS client statistics gathering. +newrelic_disable_nfs: yes +# Set to true to disable Docker container statistics gathering. +newrelic_disable_docker: yes +# start on boot +newrelic_service_enabled: yes +# current state: started, stopped +newrelic_service_state: started + +``` + +## Handlers + +These are the handlers that are defined in `handlers/main.yml`. + +```yaml +--- + +- name: restart newrelic + service: + name: newrelic-sysmond + state: restarted + when: newrelic_service_state != 'stopped' + +``` + + +## Usage + +This is an example playbook: + +```yaml +--- + +- hosts: all + sudo: yes + roles: + - franklinkim.newrelic + vars: + newrelic_license_key: yes + newrelic_service_state: started + newrelic_license_key: ab2fa361cd4d0d373833cad619d7bcc424d27c16 + +``` + +## Testing + +```shell +$ git clone https://github.com/weareinteractive/ansible-newrelic.git +$ cd ansible-newrelic +$ vagrant up +``` + +## Contributing +In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality. + +1. Fork it +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Commit your changes (`git commit -am 'Add some feature'`) +4. Push to the branch (`git push origin my-new-feature`) +5. Create new Pull Request + +*Note: To update the `README.md` file please install and run `ansible-role`:* + +```shell +$ gem install ansible-role +$ ansible-role docgen +``` + +## License +Copyright (c) We Are Interactive under the MIT license. diff --git a/provisioning/roles/franklinkim.newrelic/Vagrantfile b/provisioning/roles/franklinkim.newrelic/Vagrantfile new file mode 100644 index 000000000..6898da7a4 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/Vagrantfile @@ -0,0 +1,23 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vbguest.no_remote = true + config.vbguest.auto_update = false + + config.vm.define 'trusty' do |instance| + instance.vm.box = 'ubuntu/trusty64' + end + + config.vm.define 'centos7' do |instance| + instance.vm.box = 'geerlingguy/centos7' + end + + # View the documentation for the provider you're using for more + # information on available options. + config.vm.provision "ansible" do |ansible| + ansible.playbook = "tests/main.yml" + ansible.verbose = 'vv' + ansible.sudo = true + end +end diff --git a/provisioning/roles/franklinkim.newrelic/defaults/main.yml b/provisioning/roles/franklinkim.newrelic/defaults/main.yml new file mode 100644 index 000000000..7195e1f1c --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/defaults/main.yml @@ -0,0 +1,22 @@ +--- +# +# newrelic_license_key: yourkey + +# User name +newrelic_user: newrelic +# User group +newrelic_group: newrelic +# User groups to append to user +newrelic_groups: [] +# Name of the file where the server monitor will store it's log messages. +newrelic_logfile: /var/log/newrelic/nrsysmond.log +# Level of detail you want in the log file +newrelic_loglevel: info +# Set to true to disable NFS client statistics gathering. +newrelic_disable_nfs: yes +# Set to true to disable Docker container statistics gathering. +newrelic_disable_docker: yes +# start on boot +newrelic_service_enabled: yes +# current state: started, stopped +newrelic_service_state: started diff --git a/provisioning/roles/franklinkim.newrelic/handlers/main.yml b/provisioning/roles/franklinkim.newrelic/handlers/main.yml new file mode 100644 index 000000000..2ea02f7e8 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: restart newrelic + service: + name: newrelic-sysmond + state: restarted + when: newrelic_service_state != 'stopped' diff --git a/provisioning/roles/franklinkim.newrelic/meta/main.yml b/provisioning/roles/franklinkim.newrelic/meta/main.yml new file mode 100644 index 000000000..a1cbde7de --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/meta/main.yml @@ -0,0 +1,104 @@ +--- +galaxy_info: + author: franklin + company: We Are Interactive + description: Installs and configure newrelic + min_ansible_version: 1.9 + license: MIT + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + platforms: + - name: EL + versions: + # - all + # - 5 + # - 6 + - 7 + # - name: GenericUNIX + # versions: + # - all + # - any + # - name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + # - name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + # - name: GenericBSD + # versions: + # - all + # - any + # - name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + - name: Ubuntu + versions: + - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + # - name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + # - name: GenericLinux + # versions: + # - all + # - any + - name: Debian + versions: + - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + # The number of tags imported by Galaxy is limited to 20, + # and tag values containing non-alphanumeric characters will be ignored. + # Tag values containing a : will be split into multiple tags. + # The tag cloud:ec2, for example, will become two tags: cloud and ec2. + # + galaxy_tags: + - monitoring + - newrelic +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/provisioning/roles/franklinkim.newrelic/meta/readme.yml b/provisioning/roles/franklinkim.newrelic/meta/readme.yml new file mode 100644 index 000000000..db694e9c7 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/meta/readme.yml @@ -0,0 +1,14 @@ +--- + +galaxy_name: franklinkim.newrelic +github_user: weareinteractive +github_name: ansible-newrelic +badges: | + [![Build Status](https://img.shields.io/travis/weareinteractive/ansible-newrelic.svg)](https://travis-ci.org/weareinteractive/ansible-newrelic) + [![Galaxy](http://img.shields.io/badge/galaxy-franklinkim.apt-blue.svg)](https://galaxy.ansible.com/list#/roles/3917) + [![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-newrelic.svg)](https://github.com/weareinteractive/ansible-newrelic) + [![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-newrelic.svg)](https://github.com/weareinteractive/ansible-newrelic) +description: | + > * installs newrelic + > * configures newrelic + > * configures service diff --git a/provisioning/roles/franklinkim.newrelic/tasks/install.yml b/provisioning/roles/franklinkim.newrelic/tasks/install.yml new file mode 100644 index 000000000..f56069d09 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tasks/install.yml @@ -0,0 +1,7 @@ +--- + +- include: install_debian.yml + when: ansible_os_family == 'Debian' + +- include: install_redhat.yml + when: ansible_os_family == 'RedHat' diff --git a/provisioning/roles/franklinkim.newrelic/tasks/install_debian.yml b/provisioning/roles/franklinkim.newrelic/tasks/install_debian.yml new file mode 100644 index 000000000..6f0e16d58 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tasks/install_debian.yml @@ -0,0 +1,23 @@ +--- + +- name: Installing dependencies + apt: + pkg: apt-transport-https + state: present + +- name: Adding APT key + apt_key: + id: 548C16BF + url: https://download.newrelic.com/548C16BF.gpg + +- name: Add APT repository + apt_repository: + repo: "deb http://apt.newrelic.com/debian/ newrelic non-free" + update_cache: yes + +- name: Installing packages + apt: + pkg: "{{ item }}" + state: present + with_items: + - newrelic-sysmond diff --git a/provisioning/roles/franklinkim.newrelic/tasks/install_redhat.yml b/provisioning/roles/franklinkim.newrelic/tasks/install_redhat.yml new file mode 100644 index 000000000..38516fb94 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tasks/install_redhat.yml @@ -0,0 +1,13 @@ +--- + +- name: Installing dependencies + yum: + name: http://download.newrelic.com/pub/newrelic/el5/i386/newrelic-repo-5-3.noarch.rpm + state: present + +- name: Installing packages + yum: + name: "{{ item }}" + state: present + with_items: + - newrelic-sysmond diff --git a/provisioning/roles/franklinkim.newrelic/tasks/main.yml b/provisioning/roles/franklinkim.newrelic/tasks/main.yml new file mode 100644 index 000000000..514a108ba --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: Checking for key + fail: + msg: "newrelic_license_key has not been defined" + when: newrelic_license_key|default(False) == False + +- include: install.yml + tags: + - monitoring + - newrelic + - install + - newrelic-install + +- include: config.yml + tags: + - monitoring + - newrelic + - config + - newrelic-config + +- include: service.yml + tags: + - monitoring + - newrelic + - service + - newrelic-service + diff --git a/provisioning/roles/franklinkim.newrelic/tasks/service.yml b/provisioning/roles/franklinkim.newrelic/tasks/service.yml new file mode 100644 index 000000000..c5314c313 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tasks/service.yml @@ -0,0 +1,7 @@ +--- + +- name: Configuring service + service: + name: newrelic-sysmond + state: "{{ newrelic_service_state }}" + enabled: "{{ newrelic_service_enabled }}" diff --git a/provisioning/roles/franklinkim.newrelic/templates/etc/newrelic/nrsysmond.cfg.j2 b/provisioning/roles/franklinkim.newrelic/templates/etc/newrelic/nrsysmond.cfg.j2 new file mode 100644 index 000000000..4185604f3 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/templates/etc/newrelic/nrsysmond.cfg.j2 @@ -0,0 +1,205 @@ +# {{ ansible_managed }} +# +# New Relic Server Monitor configuration file. +# +# Lines that begin with a # are comment lines and are ignored by the server +# monitor. For those options that have command line equivalents, if the +# option is specified on the command line it will over-ride any value set +# in this file. +# + +# +# Option : license_key +# Value : 40-character hexadecimal string provided by New Relic. This is +# required in order for the server monitor to start. +# Default: none +# +license_key={{ newrelic_license_key }} + +# +# Option : loglevel +# Value : Level of detail you want in the log file (as defined by the logfile +# setting below. Valid values are (in increasing levels of verbosity): +# error - show errors only +# warning - show errors and warnings +# info - show minimal additional information messages +# verbose - show more detailed information messages +# debug - show debug messages +# verbosedebug - show very detailed debug messages +# Default: error +# Note : Can also be set with the -d command line option. +# +loglevel={{ newrelic_loglevel }} + +# +# Option : logfile +# Value : Name of the file where the server monitor will store it's log +# messages. The amount of detail stored in this file is controlled +# by the loglevel option (above). +# Default: none. However it is highly recommended you set a value for this. +# Note : Can also be set with the -l command line option. +# +logfile={{ newrelic_logfile }} + +# +# Option : proxy +# Value : The name and optional login credentials of the proxy server to use +# for all communication with the New Relic collector. In its simplest +# form this setting is just a hostname[:port] setting. The default +# port if none is specified is 1080. If your proxy requires a user +# name, use the syntax user@host[:port]. If it also requires a +# password use the format user:password@host[:port]. For example: +# fred:secret@proxy.mydomain.com:8181 +# Default: none (use a direct connection) +# +#proxy= + +# +# Setting: ssl +# Type : boolean +# Purpose: If you prefer the daemon to use the secure HTTP (https) protocol +# when communicating with the New Relic collector servers, set this +# to true. +# Default: true (as of version 1.4) +# +#ssl=true + +# +# Setting: docker_connection +# Type : string +# Purpose: Determine how to communicate with the Docker API on the local host. +# Valid values are: +# +# uds:///path/to/socket +# unix:///path/to/socket +# /path/to/socket +# These three forms are all equivalent and are used to point to the +# UNIX-domain socket (UDS). The socket path must be absolute and the +# socket must be writeable. +# +# tcp://localhost:port +# http://localhost:port +# Use an unencrypted connection to the local host on the specified +# port. If the :port portion is missing it defaults to 2376. The +# host name MUST be localhost or 127.0.0.1. No other host name is +# valid. +# +# https://localhost:port +# Use an encrypted connection to the local host om the specified +# port. If the :port portion is missing it defaults to 2376. The +# host name MUST be localhost or 127.0.0.1. No other host name is +# valid. In order to use TLS authentication you may need to set +# the various key and certificate options below. +# +# If no value is set, attempt to use the default (/var/run/docker.sock) +# if it exists and is writable. If that fails, attempt to use the value +# of the environment variable DOCKER_HOST. +# +# You may need to add the user that you run LSM as to the docker +# group. Please consult the Docker web site for details and security +# implications. +# Default: empty +#docker_connection= + +# +# Setting: docker_cert_path +# Type : string +# Purpose: Set the default location to look for the certificate, key and CA +# certificate for using TLS. If no value is set and the directory +# $HOME/.docker exists, that is used as the default value. LSM will +# look in this directory for the cert.pem, key.pem and cacert.pem +# files, and use them if present. If set, the environment variable +# $DOCKER_CERT_PATH will be used as the default value if no value +# is explicitly set here. +# Default: empty +#docker_cert_path= + +# +# Setting: docker_cert +# docker_key +# docker_cacert +# Type : string +# Purpose: Set the name of the certificate, key and CA certificate files to +# use for TLS. If these are not absolute paths they are searched for +# in the directory determined by docker_cert_path above. +# Default: empty +#docker_cert= +#docker_key= +#docker_cacert= + +# +# Setting: ssl_ca_bundle +# Type : string +# Purpose: Sets the location of a file containing CA certificates in PEM +# format. When set, the certificates in this file will be used +# to authenticate the New Relic collector servers. If ssl_ca_path +# is also set (see below), the certificates in this file will be +# searched first, followed by the certificates contained in the +# ssl_ca_path directory. This setting has no effect when ssl +# is set to false. +# Default: none +# Note : Can also be set with the -b command line option. +# +#ssl_ca_bundle= + +# +# Setting: ssl_ca_path +# Type : string +# Purpose: Sets the location of a directory containing trusted CA certificates +# in PEM format. When set, the certificates in this directory will be +# used to authenticate the New Relic collector servers. If +# ssl_ca_bundle is also set (see above), it will be searched first +# followed by the certificates contained in ssl_ca_path. This +# setting has no effect when ssl is set to false. +# Default: none +# Note : Can also be set with the -S command line option. +# +#ssl_ca_path= + +# +# Option : pidfile +# Value : Name of a file where the server monitoring daemon will store it's +# process ID (PID). This is used by the startup and shutdown script +# to determine if the monitor is already running, and to start it up +# or shut it down. +# Default: /tmp/nrsysmond.pid +# Note : Can also be set with the -p command line option. +# +#pidfile=/var/run/newrelic/nrsysmond.pid + +# Option : collector_host +# Value : The name of the New Relic collector to connect to. This should only +# ever be changed on advise from a New Relic support staff member. +# The format is host[:port]. Using a port number of 0 means the default +# port, which is 80 (if not using the ssl option - see below) or 443 +# if SSL is enabled. If the port is omitted the default value is used. +# Default: collector.newrelic.com +# +#collector_host=collector.newrelic.com + +# +# Option : labels +# Value : A series of label_type/label_value pairings +# Each item in the pair is separated by a colon +# Each pair is separated by a semicolon +# e.g. +# labels = Environment:Production;DataCenter:EastUS; +# Default: none +# +#labels=label_type:label_value + +# +# Option : disable_nfs +# Type : boolean +# Value : Set to true to disable NFS client statistics gathering. +# Default: false +# +disable_nfs={{ newrelic_disable_nfs | to_nice_json }} + +# +# Option : disable_docker +# Type : boolean +# Value : Set to true to disable Docker container statistics gathering. +# Default: false +# +disable_docker={{ newrelic_disable_docker | to_nice_json }} diff --git a/provisioning/roles/franklinkim.newrelic/tests/main.yml b/provisioning/roles/franklinkim.newrelic/tests/main.yml new file mode 100644 index 000000000..0b30d6d30 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tests/main.yml @@ -0,0 +1,10 @@ +--- + +- hosts: all + sudo: yes + roles: + - franklinkim.newrelic + vars: + newrelic_license_key: yes + newrelic_service_state: started + newrelic_license_key: ab2fa361cd4d0d373833cad619d7bcc424d27c16 diff --git a/provisioning/roles/franklinkim.newrelic/tests/run.sh b/provisioning/roles/franklinkim.newrelic/tests/run.sh new file mode 100755 index 000000000..72e2f4dc5 --- /dev/null +++ b/provisioning/roles/franklinkim.newrelic/tests/run.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# define variables +ROLE_NAME=franklinkim.newrelic + +# install dependencies +# echo '* installing dependencies' +# ansible-galaxy install franklinkim.openssl + +# create role symlink +echo '* creating symlink' +ln -s $(pwd) /usr/share/ansible/roles/$ROLE_NAME + +# run tests +echo 'running playbook' +ansible-playbook --syntax-check -i 'localhost,' -c local $(pwd)/tests/main.yml +ansible-playbook -vvvv -i 'localhost,' -c local $(pwd)/tests/main.yml diff --git a/provisioning/roles/geerlingguy.adminer/.travis.yml b/provisioning/roles/geerlingguy.adminer/.travis.yml new file mode 100644 index 000000000..45c461ac7 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/.travis.yml @@ -0,0 +1,66 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + test_file: test-apache.yml + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + test_file: test-apache.yml + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + test_file: test-apache.yml + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + test_file: test-apache.yml + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + test_file: test-standalone.yml + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install required Galaxy roles. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.apache' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${test_file} --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${test_file}' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${test_file} + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.adminer/README.md b/provisioning/roles/geerlingguy.adminer/README.md new file mode 100644 index 000000000..4693bd86a --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/README.md @@ -0,0 +1,47 @@ +# Ansible Role: Adminer + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-adminer.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-adminer) + +An Ansible Role that installs [Adminer](http://www.adminer.org/) on almost any computer. + +## Requirements + +You need to have PHP and MySQL for Adminer to do anything useful. If you have Apache installed, Adminer will add in configuration to make Adminer accessible on any virtualhost at `/adminer`; set `adminer_add_apache_config` to `false` to disable this behavior. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + adminer_install_dir: /opt/adminer + +The directory in which Adminer will be downloaded/installed. + + adminer_install_filename: adminer.php + +The filename for the downloaded Adminer application. If you're managing virtualhosts or server directives manually, it might be simpler to set the document root to your configured `adminer_install_dir`, and the filename to `index.php`, so you don't have to enter `/adminer.php` in the URL to access Adminer. + + adminer_symlink_dirs: [] + +Directories inside which you would like `adminer.php` symlinked. Can be useful if you just want to toss the script into a docroot and access it at `sitename/adminer.php`. + + adminer_add_apache_config: false + +Set this to `true` to tell Adminer to add a config file to Apache so you can access it at `hostname/adminer` on any configured virtualhost, using an Apache `Alias` directive. The role will also restart Apache so this configuration takes effect immediately. + +## Dependencies + +None. If `adminer_add_apache_config` is set to `true`, it will use some variables and handlers defined by the `geerlingguy.apache` role, so there's a soft dependency on that role. + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.adminer } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2015 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). It is originally a fork of [Oefenweb/ansible-adminer](https://github.com/Oefenweb/ansible-adminer). diff --git a/provisioning/roles/geerlingguy.adminer/defaults/main.yml b/provisioning/roles/geerlingguy.adminer/defaults/main.yml new file mode 100644 index 000000000..2a0f61580 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/defaults/main.yml @@ -0,0 +1,5 @@ +--- +adminer_install_dir: /opt/adminer +adminer_install_filename: adminer.php +adminer_symlink_dirs: [] +adminer_add_apache_config: false diff --git a/provisioning/roles/geerlingguy.adminer/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.adminer/meta/.galaxy_install_info new file mode 100644 index 000000000..4a97db086 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Sat Jul 23 03:17:26 2016', version: 1.1.0} diff --git a/provisioning/roles/geerlingguy.adminer/meta/main.yml b/provisioning/roles/geerlingguy.adminer/meta/main.yml new file mode 100644 index 000000000..36278933b --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Installs Adminer for Database management. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - system + - database + - development diff --git a/provisioning/roles/geerlingguy.adminer/tasks/main.yml b/provisioning/roles/geerlingguy.adminer/tasks/main.yml new file mode 100644 index 000000000..377725513 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tasks/main.yml @@ -0,0 +1,40 @@ +--- +# Install Adminer. +- name: Ensure Adminer directory exists. + file: + path: "{{ adminer_install_dir }}" + state: directory + recurse: yes + +- name: Download Adminer to configured directory. + get_url: + url: http://www.adminer.org/latest.php + dest: "{{ adminer_install_dir }}/{{ adminer_install_filename }}" + mode: 0644 + +- name: Symlink Adminer into configured directories. + file: + src: "{{ adminer_install_dir }}/adminer.php" + dest: "{{ item }}/adminer.php" + state: link + with_items: "{{ adminer_symlink_dirs }}" + +# Add Apache configuration (if configured). +- name: Set the proper Apache configuration directory (Debian). + set_fact: + apache_extra_conf_dir: "{{ 'conf-enabled' if apache_vhosts_version == '2.4' else 'conf.d' }}" + when: adminer_add_apache_config and ansible_os_family == 'Debian' + +- name: Add Apache configuration file for Adminer (Debian). + template: + src: adminer.conf.j2 + dest: "{{ apache_conf_path }}/{{ apache_extra_conf_dir }}/adminer.conf" + when: adminer_add_apache_config and ansible_os_family == 'Debian' + notify: restart apache + +- name: Add Apache configuration file for Adminer (RedHat). + template: + src: adminer.conf.j2 + dest: "{{ apache_conf_path }}/adminer.conf" + when: adminer_add_apache_config and ansible_os_family == 'RedHat' + notify: restart apache diff --git a/provisioning/roles/geerlingguy.adminer/templates/adminer.conf.j2 b/provisioning/roles/geerlingguy.adminer/templates/adminer.conf.j2 new file mode 100644 index 000000000..93f23f2e7 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/templates/adminer.conf.j2 @@ -0,0 +1,9 @@ +Alias /adminer "{{ adminer_install_dir }}/adminer.php" + +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + diff --git a/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.adminer/tests/test-apache.yml b/provisioning/roles/geerlingguy.adminer/tests/test-apache.yml new file mode 100644 index 000000000..b45153296 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/test-apache.yml @@ -0,0 +1,8 @@ +- hosts: all + + vars: + adminer_add_apache_config: true + + roles: + - geerlingguy.apache + - role_under_test diff --git a/provisioning/roles/geerlingguy.adminer/tests/test-standalone.yml b/provisioning/roles/geerlingguy.adminer/tests/test-standalone.yml new file mode 100644 index 000000000..5a696a9a6 --- /dev/null +++ b/provisioning/roles/geerlingguy.adminer/tests/test-standalone.yml @@ -0,0 +1,8 @@ +- hosts: all + + vars: + adminer_install_dir: /opt/adminer + adminer_add_apache_config: false + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/.travis.yml b/provisioning/roles/geerlingguy.apache-php-fpm/.travis.yml new file mode 100644 index 000000000..a74f40609 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/.travis.yml @@ -0,0 +1,53 @@ +--- +sudo: required + +env: + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state. + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install required Galaxy roles. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.repo-remi geerlingguy.apache geerlingguy.php' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/README.md b/provisioning/roles/geerlingguy.apache-php-fpm/README.md new file mode 100644 index 000000000..5591e6a41 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/README.md @@ -0,0 +1,57 @@ +# Ansible Role: Apache PHP-FPM + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache-php-fpm.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache-php-fpm) + +An Ansible Role that configures Apache for PHP-FPM usage on RHEL/CentOS and Debian/Ubuntu. + +## Requirements + +This role is dependent upon `geerlingguy.apache`, and also requires you have PHP running with PHP-FPM somewhere on the server or elsewhere (I usually configure PHP with the `geerlingguy.php` role). + +Additionally, this role will only work correctly if you have Apache 2.4.9+ installed; on older versions of Debian/Ubuntu Linux (e.g. 12.04), you can add `ppa:ondrej/apache2` prior to Apache installation to install Apache 2.4, for example: + + - name: Add repository for Apache 2.4 on Ubuntu 12.04. + apt_repository: repo='ppa:ondrej/apache2' + when: ansible_distribution_version == "12.04" + +When configuring your Apache virtual hosts, you can add the following line to any vhost definition to enable passthrough to PHP-FPM: + + # If using a TCP port: + ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/example" + + # If using a Unix socket: + ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/example" + +For a full usage example with the `geerlingguy.apache` role, see the Example Playbook later in this README. + +## Role Variables + +None. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + + vars: + apache_vhosts: + - servername: "www.example.com" + documentroot: "/var/www/example" + extra_parameters: | + ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/example" + + roles: + - { role: geerlingguy.apache } + - { role: geerlingguy.php } + - { role: geerlingguy.apache-fastcgi-php } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2016 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://www.ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.apache-php-fpm/meta/.galaxy_install_info new file mode 100644 index 000000000..5882bc048 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:33 2016', version: 1.0.2} diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/meta/main.yml b/provisioning/roles/geerlingguy.apache-php-fpm/meta/main.yml new file mode 100644 index 000000000..153a07bf0 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/meta/main.yml @@ -0,0 +1,26 @@ +--- +dependencies: + - geerlingguy.apache + +galaxy_info: + author: geerlingguy + description: Apache 2.4+ PHP-FPM support for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - wheezy + - jessie + - name: Ubuntu + versions: + - precise + - trusty + - xenial + galaxy_tags: + - web diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-Debian.yml b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-Debian.yml new file mode 100644 index 000000000..f4eb185df --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-Debian.yml @@ -0,0 +1,10 @@ +--- +- name: Enable mod_proxy_fcgi. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: + - proxy.load + - proxy_fcgi.load + notify: restart apache diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-RedHat.yml b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-RedHat.yml new file mode 100644 index 000000000..b42a7be4c --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/configure-RedHat.yml @@ -0,0 +1,7 @@ +--- +# RHEL/CentOS 7 automatically installs and enables mod_proxy_fcgi by default. + +# RHEL/CentOS 6 installs Apache 2.2... and is much harder to get configured with +# FastCGI, but here are two guides: +# - Apache 2.2 + mod_fastcgi: http://stackoverflow.com/a/21409702/100134 +# - Apache 2.4 + mod_proxy_fcgi: http://unix.stackexchange.com/a/138903/16194 diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tasks/main.yml b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/main.yml new file mode 100644 index 000000000..545b65d0c --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tasks/main.yml @@ -0,0 +1,7 @@ +--- +# Configuration tasks. +- include: configure-Debian.yml + when: ansible_os_family == 'Debian' + +- include: configure-RedHat.yml + when: ansible_os_family == 'RedHat' diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.apache-php-fpm/tests/test.yml b/provisioning/roles/geerlingguy.apache-php-fpm/tests/test.yml new file mode 100644 index 000000000..88f3d7caf --- /dev/null +++ b/provisioning/roles/geerlingguy.apache-php-fpm/tests/test.yml @@ -0,0 +1,27 @@ +--- +- hosts: all + + vars: + php_enablerepo: "remi,remi-php56" + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" + + pre_tasks: + - name: Add repository for PHP 5.5 + Apache 2.4 on Ubuntu 12.04. + apt_repository: repo='ppa:ondrej/php5' + when: ansible_distribution_version == "12.04" + + - name: Update apt cache on Ubuntu 12.04. + apt: update_cache=yes + when: ansible_distribution_version == "12.04" + + roles: + - role: geerlingguy.repo-remi + when: ansible_os_family == 'RedHat' + - role: geerlingguy.apache + - role: geerlingguy.php + - role: role_under_test diff --git a/provisioning/roles/geerlingguy.apache/.travis.yml b/provisioning/roles/geerlingguy.apache/.travis.yml new file mode 100644 index 000000000..163e4c3b4 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/.travis.yml @@ -0,0 +1,54 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.apache/README.md b/provisioning/roles/geerlingguy.apache/README.md new file mode 100644 index 000000000..100614d0d --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/README.md @@ -0,0 +1,124 @@ +# Ansible Role: Apache 2.x + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) + +An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. + +## Requirements + +If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. + +If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + apache_enablerepo: "" + +The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + + apache_listen_ip: "*" + apache_listen_port: 80 + apache_listen_port_ssl: 443 + +The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. + + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + +If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. + + apache_remove_default_vhost: false + +On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + + apache_global_vhost_settings: | + DirectoryIndex index.php index.html + # Add other global settings on subsequent lines. + +You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. + + apache_vhosts: + # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). + +Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: + + - servername: "www.local.dev" + serveralias: "local.dev" + documentroot: "/var/www/html" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. + + apache_vhosts_ssl: [] + +No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: + + apache_vhosts_ssl: + - { + servername: "local.dev", + documentroot: "/var/www/html", + certificate_file: "/home/vagrant/example.crt", + certificate_key_file: "/home/vagrant/example.key", + certificate_chain_file: "/path/to/certificate_chain.crt" + } + +Other SSL directives can be managed with other SSL-related role variables. + + apache_ssl_protocol: "All -SSLv2 -SSLv3" + apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. + + apache_mods_enabled: + - rewrite.load + - ssl.load + apache_mods_disabled: [] + +(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + + apache_packages: + - [platform-specific] + +The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + + apache_state: started + +Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. + + apache_ignore_missing_ssl_certificate: true + +If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.apache } + +*Inside `vars/main.yml`*: + + apache_listen_port: 8080 + apache_vhosts: + - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.apache/defaults/main.yml b/provisioning/roles/geerlingguy.apache/defaults/main.yml new file mode 100644 index 000000000..4acdfce37 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/defaults/main.yml @@ -0,0 +1,44 @@ +--- +apache_enablerepo: "" + +apache_listen_ip: "*" +apache_listen_port: 80 +apache_listen_port_ssl: 443 + +apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" + +# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. +# Set this to `true` to remove that default. +apache_remove_default_vhost: false + +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + +apache_vhosts: + # Additional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +apache_vhosts_ssl: [] + # Additional properties: 'serveradmin, extra_parameters'. + # - servername: "local.dev", + # documentroot: "/var/www/html", + # certificate_file: "/path/to/certificate.crt", + # certificate_key_file: "/path/to/certificate.key", + # # Optional. + # certificate_chain_file: "/path/to/certificate_chain.crt" + +apache_ignore_missing_ssl_certificate: true + +apache_ssl_protocol: "All -SSLv2 -SSLv3" +apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +# Only used on Debian/Ubuntu. +apache_mods_enabled: + - rewrite.load + - ssl.load +apache_mods_disabled: [] + +# Set initial apache state. Recommended values: `started` or `stopped` +apache_state: started diff --git a/provisioning/roles/geerlingguy.apache/handlers/main.yml b/provisioning/roles/geerlingguy.apache/handlers/main.yml new file mode 100644 index 000000000..25d14ec17 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart apache + service: + name: "{{ apache_service }}" + state: restarted diff --git a/provisioning/roles/geerlingguy.apache/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.apache/meta/.galaxy_install_info new file mode 100644 index 000000000..be7d7d1ac --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:30 2016', version: 1.7.2} diff --git a/provisioning/roles/geerlingguy.apache/meta/main.yml b/provisioning/roles/geerlingguy.apache/meta/main.yml new file mode 100644 index 000000000..12200db07 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/meta/main.yml @@ -0,0 +1,31 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - xenial + - name: Suse + versions: + - all + - name: Solaris + versions: + - 11.3 + galaxy_tags: + - web diff --git a/provisioning/roles/geerlingguy.apache/tasks/configure-Debian.yml b/provisioning/roles/geerlingguy.apache/tasks/configure-Debian.yml new file mode 100644 index 000000000..94b9b2380 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/configure-Debian.yml @@ -0,0 +1,54 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Enable Apache mods. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: "{{ apache_mods_enabled }}" + notify: restart apache + +- name: Disable Apache mods. + file: + path: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: absent + with_items: "{{ apache_mods_disabled }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: "path={{ item.certificate_file }}" + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" + state: link + notify: restart apache + when: apache_create_vhosts + +- name: Remove default vhost in sites-enabled. + file: + path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" + state: absent + notify: restart apache + when: apache_remove_default_vhost diff --git a/provisioning/roles/geerlingguy.apache/tasks/configure-RedHat.yml b/provisioning/roles/geerlingguy.apache/tasks/configure-RedHat.yml new file mode 100644 index 000000000..0c3a01f5a --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/configure-RedHat.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/provisioning/roles/geerlingguy.apache/tasks/configure-Solaris.yml b/provisioning/roles/geerlingguy.apache/tasks/configure-Solaris.yml new file mode 100644 index 000000000..a95654bed --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/configure-Solaris.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/provisioning/roles/geerlingguy.apache/tasks/configure-Suse.yml b/provisioning/roles/geerlingguy.apache/tasks/configure-Suse.yml new file mode 100644 index 000000000..16d89f81c --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/configure-Suse.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/listen.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/provisioning/roles/geerlingguy.apache/tasks/main.yml b/provisioning/roles/geerlingguy.apache/tasks/main.yml new file mode 100644 index 000000000..0715fc2bc --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define apache_packages. + set_fact: + apache_packages: "{{ __apache_packages | list }}" + when: apache_packages is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Suse.yml + when: ansible_os_family == 'Suse' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include: setup-Solaris.yml + when: ansible_os_family == 'Solaris' + +# Figure out what version of Apache is installed. +- name: Get installed version of Apache. + shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" + changed_when: false + always_run: yes + register: _apache_version + +- name: Create apache_version variable. + set_fact: + apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" + +- include_vars: apache-22.yml + when: "apache_version.split('.')[1] == '2'" + +- include_vars: apache-24.yml + when: "apache_version.split('.')[1] == '4'" + +# Configure Apache. +- include: configure-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: configure-Suse.yml + when: ansible_os_family == 'Suse' + +- include: configure-Debian.yml + when: ansible_os_family == 'Debian' + +- include: configure-Solaris.yml + when: ansible_os_family == 'Solaris' + +- name: Ensure Apache has selected state and enabled on boot. + service: + name: "{{ apache_service }}" + state: "{{ apache_state }}" + enabled: yes diff --git a/provisioning/roles/geerlingguy.apache/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.apache/tasks/setup-Debian.yml new file mode 100644 index 000000000..8d72deb1b --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/setup-Debian.yml @@ -0,0 +1,7 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure Apache is installed on Debian. + apt: "name={{ item }} state=installed" + with_items: "{{ apache_packages }}" diff --git a/provisioning/roles/geerlingguy.apache/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.apache/tasks/setup-RedHat.yml new file mode 100644 index 000000000..f4a838f20 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/setup-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure Apache is installed on RHEL. + yum: + name: "{{ item }}" + state: installed + enablerepo: "{{ apache_enablerepo }}" + with_items: "{{ apache_packages }}" diff --git a/provisioning/roles/geerlingguy.apache/tasks/setup-Solaris.yml b/provisioning/roles/geerlingguy.apache/tasks/setup-Solaris.yml new file mode 100644 index 000000000..989e32e86 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/setup-Solaris.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Solaris. + pkg5: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/provisioning/roles/geerlingguy.apache/tasks/setup-Suse.yml b/provisioning/roles/geerlingguy.apache/tasks/setup-Suse.yml new file mode 100644 index 000000000..80c65cafa --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tasks/setup-Suse.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Suse. + zypper: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/provisioning/roles/geerlingguy.apache/templates/vhosts.conf.j2 b/provisioning/roles/geerlingguy.apache/templates/vhosts.conf.j2 new file mode 100644 index 000000000..766554fb3 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/templates/vhosts.conf.j2 @@ -0,0 +1,82 @@ +{{ apache_global_vhost_settings }} + +{# Set up VirtualHosts #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts #} +{% for vhost in apache_vhosts_ssl %} +{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On +{% if apache_vhosts_version == "2.4" %} + SSLCompression off +{% endif %} + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endif %} +{% endfor %} diff --git a/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.apache/tests/test.yml b/provisioning/roles/geerlingguy.apache/tests/test.yml new file mode 100644 index 000000000..f5c5ca6cb --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/tests/test.yml @@ -0,0 +1,13 @@ +--- +- hosts: all + + vars: + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.apache/vars/Debian.yml b/provisioning/roles/geerlingguy.apache/vars/Debian.yml new file mode 100644 index 000000000..7ff09c5f8 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_service: apache2 +apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2 + +__apache_packages: + - apache2 + - apache2-utils + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" diff --git a/provisioning/roles/geerlingguy.apache/vars/RedHat.yml b/provisioning/roles/geerlingguy.apache/vars/RedHat.yml new file mode 100644 index 000000000..d79fa5ac5 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/RedHat.yml @@ -0,0 +1,20 @@ +--- +apache_service: httpd +apache_daemon: httpd +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/provisioning/roles/geerlingguy.apache/vars/Solaris.yml b/provisioning/roles/geerlingguy.apache/vars/Solaris.yml new file mode 100644 index 000000000..576291e8d --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/Solaris.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache24 +apache_daemon: httpd +apache_daemon_path: /usr/apache2/2.4/bin/ +apache_server_root: /etc/apache2/2.4/ +apache_conf_path: /etc/apache2/2.4/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - web/server/apache-24 + - web/server/apache-24/module/apache-ssl + - web/server/apache-24/module/apache-security + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/provisioning/roles/geerlingguy.apache/vars/Suse.yml b/provisioning/roles/geerlingguy.apache/vars/Suse.yml new file mode 100644 index 000000000..27703f336 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/Suse.yml @@ -0,0 +1,18 @@ +--- +apache_service: apache2 +apache_daemon: httpd2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/provisioning/roles/geerlingguy.apache/vars/apache-22.yml b/provisioning/roles/geerlingguy.apache/vars/apache-22.yml new file mode 100644 index 000000000..c932f93f5 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/apache-22.yml @@ -0,0 +1,12 @@ +--- +apache_vhosts_version: "2.2" +apache_default_vhost_filename: 000-default +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^#?NameVirtualHost ", + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" + } diff --git a/provisioning/roles/geerlingguy.apache/vars/apache-24.yml b/provisioning/roles/geerlingguy.apache/vars/apache-24.yml new file mode 100644 index 000000000..449a444e8 --- /dev/null +++ b/provisioning/roles/geerlingguy.apache/vars/apache-24.yml @@ -0,0 +1,8 @@ +--- +apache_vhosts_version: "2.4" +apache_default_vhost_filename: 000-default.conf +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } diff --git a/provisioning/roles/geerlingguy.blackfire/.travis.yml b/provisioning/roles/geerlingguy.blackfire/.travis.yml new file mode 100644 index 000000000..8f7ae13c7 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/.travis.yml @@ -0,0 +1,55 @@ +--- +sudo: required + +env: + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install geerlingguy.php' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure Blackfire is installed. + #- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm TODO' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.blackfire/README.md b/provisioning/roles/geerlingguy.blackfire/README.md new file mode 100644 index 000000000..b42dd7ba5 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/README.md @@ -0,0 +1,41 @@ +# Ansible Role: Blackfire + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-blackfire.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-blackfire) + +Installs [Blackfire](https://blackfire.io/) on RHEL/CentOS or Debian/Ubuntu. + +## Requirements + +After installation, you need to complete Blackfire setup manually before profiling: + + 1. Register the Blackfire agent: `sudo blackfire-agent -register` + 2. Configure Blackfire: `blackfire config` + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + blackfire_packages: + - blackfire-agent + - blackfire-php + +The Blackfire packages this role will install on the server. Note that `blackfire-php` may not work well with XHProf and/or XDebug. + +## Dependencies + +Requires the `geerlingguy.php` role. + +## Example Playbook + + - hosts: webserver + roles: + - geerlingguy.php + - geerlingguy.blackfire + +## License + +MIT / BSD + +## Author Information + +This role was created in 2016 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.blackfire/defaults/main.yml b/provisioning/roles/geerlingguy.blackfire/defaults/main.yml new file mode 100644 index 000000000..68e1bff63 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/defaults/main.yml @@ -0,0 +1,6 @@ +--- +blackfire_gpg_key_url: https://packagecloud.io/gpg.key + +blackfire_packages: + - blackfire-agent + - blackfire-php diff --git a/provisioning/roles/geerlingguy.blackfire/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.blackfire/meta/.galaxy_install_info new file mode 100644 index 000000000..3dcb0aeb3 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:37 2016', version: 1.0.0} diff --git a/provisioning/roles/geerlingguy.blackfire/meta/main.yml b/provisioning/roles/geerlingguy.blackfire/meta/main.yml new file mode 100644 index 000000000..9d50ce884 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/meta/main.yml @@ -0,0 +1,28 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: Blackfire installation for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.0 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - xenial + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.blackfire/tasks/main.yml b/provisioning/roles/geerlingguy.blackfire/tasks/main.yml new file mode 100644 index 000000000..2dc893ece --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Ensure Blackfire packages are installed. + package: + name: "{{ blackfire_packages }}" + state: present + notify: + - restart webserver + - restart php-fpm diff --git a/provisioning/roles/geerlingguy.blackfire/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.blackfire/tasks/setup-Debian.yml new file mode 100644 index 000000000..e3bd66149 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tasks/setup-Debian.yml @@ -0,0 +1,17 @@ +--- +- name: Add packagecloud apt key. + apt_key: + url: "{{ blackfire_gpg_key_url }}" + state: present + +- name: Add packagecloud repository. + apt_repository: + repo: "{{ item }}" + state: present + register: packagecloud_repos + with_items: + - "deb http://packages.blackfire.io/debian any main" + +- name: Update apt caches after repo is added. + apt: update_cache=yes + when: packagecloud_repos.changed diff --git a/provisioning/roles/geerlingguy.blackfire/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.blackfire/tasks/setup-RedHat.yml new file mode 100644 index 000000000..9d5b515f6 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tasks/setup-RedHat.yml @@ -0,0 +1,18 @@ +--- +- name: Add packagecloud GPG key. + rpm_key: + key: "{{ blackfire_gpg_key_url }}" + state: present + +- name: Add Blackfire repository. + get_url: + url: http://packages.blackfire.io/fedora/blackfire.repo + dest: /etc/yum.repos.d/blackfire.repo + mode: 0644 + +- name: Disable gpg_repocheck for non-bleeding-edge CentOS. + lineinfile: > + dest=/etc/yum.repos.d/blackfire.repo + regexp="^repo_gpgcheck=" + line="repo_gpgcheck=0" + state=present diff --git a/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.blackfire/tests/test.yml b/provisioning/roles/geerlingguy.blackfire/tests/test.yml new file mode 100644 index 000000000..8e5a02d46 --- /dev/null +++ b/provisioning/roles/geerlingguy.blackfire/tests/test.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_enable_php_fpm: true + + roles: + - geerlingguy.php + - role_under_test diff --git a/provisioning/roles/geerlingguy.composer/.travis.yml b/provisioning/roles/geerlingguy.composer/.travis.yml new file mode 100644 index 000000000..319088cb4 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/.travis.yml @@ -0,0 +1,52 @@ +--- +sudo: required + +env: + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure Composer is installed and working. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm composer' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.composer/README.md b/provisioning/roles/geerlingguy.composer/README.md new file mode 100644 index 000000000..11def0422 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/README.md @@ -0,0 +1,68 @@ +# Ansible Role: Composer + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-composer.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-composer) + +Installs Composer, the PHP Dependency Manager, on any Linux or UNIX system. + +## Requirements + + - `php` (version 5.4+) should be installed and working (you can use the `geerlingguy.php` role to install). + - `git` should be installed and working (you can use the `geerlingguy.git` role to install). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + composer_path: /usr/local/bin/composer + +The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `composer` instead of the full path. + + composer_keep_updated: false + +Set this to `true` to update Composer to the latest release every time the playbook is run. + + composer_home_path: '~/.composer' + composer_home_owner: root + composer_home_group: root + +The `COMPOSER_HOME` path and directory ownership; this is the directory where global packages will be installed. + + composer_version: '' + +You can install a specific release of Composer, e.g. `composer_version: '1.0.0-alpha11'`. If left empty the latest development version will be installed. Note that `composer_keep_updated` will override this variable, as it will always install the latest development version. + + composer_global_packages: {} + +A list of packages to install globally (using `composer global require`). If you want to install any packages globally, add a list item with a dictionary with the `name` of the package and a `release`, e.g. `- { name: phpunit/phpunit, release: "4.7.*" }`. The 'release' is optional, and defaults to `@stable`. + + composer_add_to_path: true + +If `true`, and if there are any configured `composer_global_packages`, the `vendor/bin` directory inside `composer_home_path` will be added to the system's default `$PATH` (for all users). + + composer_github_oauth_token: '' + +GitHub OAuth token, used to avoid GitHub API rate limiting errors when building and rebuilding applications using Composer. Follow GitHub's directions to [Create a personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) if you run into these rate limit errors. + + php_executable: php + +The executable name or full path to the PHP executable. This is defaulted to `php` if you don't override the variable. + +## Dependencies + +None (but make sure you've installed PHP; the `geerlingguy.php` role is recommended). + +## Example Playbook + + - hosts: servers + roles: + - geerlingguy.composer + +After the playbook runs, `composer` will be placed in `/usr/local/bin/composer` (this location is configurable), and will be accessible via normal system accounts. + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.composer/defaults/main.yml b/provisioning/roles/geerlingguy.composer/defaults/main.yml new file mode 100644 index 000000000..a6313ea6b --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/defaults/main.yml @@ -0,0 +1,20 @@ +--- +composer_path: /usr/local/bin/composer +composer_keep_updated: false +composer_version: '' + +# The directory where global packages will be installed. +composer_home_path: '~/.composer' +composer_home_owner: root +composer_home_group: root + +# A list of packages to install globally. See commented examples below for +# usage; the 'release' is optional, and defaults to '@stable'. +composer_global_packages: [] + # - { name: phpunit/phpunit, release: "4.7.x" } + # - { name: phpunit/phpunit, release: "@stable" } + +composer_add_to_path: true + +# GitHub OAuth token (used to help overcome API rate limits). +composer_github_oauth_token: '' diff --git a/provisioning/roles/geerlingguy.composer/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.composer/meta/.galaxy_install_info new file mode 100644 index 000000000..0e05813ff --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:40 2016', version: 1.4.1} diff --git a/provisioning/roles/geerlingguy.composer/meta/main.yml b/provisioning/roles/geerlingguy.composer/meta/main.yml new file mode 100644 index 000000000..c4b0b3130 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/meta/main.yml @@ -0,0 +1,43 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Composer PHP Dependency Manager + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - packaging + - web diff --git a/provisioning/roles/geerlingguy.composer/tasks/global-require.yml b/provisioning/roles/geerlingguy.composer/tasks/global-require.yml new file mode 100644 index 000000000..6f20b4c93 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tasks/global-require.yml @@ -0,0 +1,17 @@ +--- +- name: Install configured globally-required packages. + become: yes + become_user: "{{ composer_home_owner }}" + shell: > + COMPOSER_HOME={{ composer_home_path }} + {{ composer_path }} global require {{ item.name }}:{{ item.release | default('@stable') }} --no-progress + creates={{ composer_home_path }}/vendor/{{ item.name }} + register: composer_global_require_result + with_items: "{{ composer_global_packages }}" + +- name: Add composer_home_path bin directory to global $PATH. + template: + src: composer.sh.j2 + dest: /etc/profile.d/composer.sh + mode: 0644 + when: composer_add_to_path diff --git a/provisioning/roles/geerlingguy.composer/tasks/main.yml b/provisioning/roles/geerlingguy.composer/tasks/main.yml new file mode 100644 index 000000000..6a65e991f --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- name: Set php_executable variable to a default if not defined. + set_fact: + php_executable: php + when: php_executable is not defined + +- name: Check if Composer is installed. + stat: "path={{ composer_path }}" + register: composer_bin + +- name: Download Composer installer. + get_url: + url: https://getcomposer.org/installer + dest: /tmp/composer-installer.php + mode: 0755 + when: not composer_bin.stat.exists + +- name: Run Composer installer. + command: > + {{ php_executable }} composer-installer.php {% if composer_version != '' %} --version={{ composer_version }}{% endif %} + chdir=/tmp + when: not composer_bin.stat.exists + +- name: Move Composer into globally-accessible location. + shell: > + mv /tmp/composer.phar {{ composer_path }} + creates={{ composer_path }} + when: not composer_bin.stat.exists + +- name: Update Composer to latest version (if configured). + shell: > + {{ php_executable }} {{ composer_path }} self-update + register: composer_update + changed_when: "'Updating to version' in composer_update.stdout" + when: composer_keep_updated + +- name: Ensure composer directory exists. + file: + path: "{{ composer_home_path }}" + owner: "{{ composer_home_owner }}" + group: "{{ composer_home_group }}" + state: directory + +- name: Add GitHub OAuth token for Composer (if configured). + template: + src: "auth.json.j2" + dest: "{{ composer_home_path }}/auth.json" + owner: "{{ composer_home_owner }}" + group: "{{ composer_home_group }}" + when: composer_github_oauth_token != '' + +- include: global-require.yml + when: composer_global_packages|length > 0 diff --git a/provisioning/roles/geerlingguy.composer/templates/auth.json.j2 b/provisioning/roles/geerlingguy.composer/templates/auth.json.j2 new file mode 100644 index 000000000..a41c2142d --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/templates/auth.json.j2 @@ -0,0 +1,5 @@ +{ + "github-oauth": { + "github.com": "{{ composer_github_oauth_token }}" + } +} diff --git a/provisioning/roles/geerlingguy.composer/templates/composer.sh.j2 b/provisioning/roles/geerlingguy.composer/templates/composer.sh.j2 new file mode 100644 index 000000000..3e6cd7a36 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/templates/composer.sh.j2 @@ -0,0 +1 @@ +export PATH=$PATH:{{ composer_home_path }}/vendor/bin diff --git a/provisioning/roles/geerlingguy.composer/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.composer/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.composer/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.composer/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..f81cabec6 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,14 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +COPY initctl_faker . +RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.composer/tests/initctl_faker b/provisioning/roles/geerlingguy.composer/tests/initctl_faker new file mode 100644 index 000000000..a2267f30d --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/initctl_faker @@ -0,0 +1,23 @@ +#!/bin/sh +ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" + +case "$ALIAS_CMD" in + start|stop|restart|reload|status) + exec service $1 $ALIAS_CMD + ;; +esac + +case "$1" in + list ) + exec service --status-all + ;; + reload-configuration ) + exec service $2 restart + ;; + start|stop|restart|reload|status) + exec service $2 $1 + ;; + \?) + exit 0 + ;; +esac diff --git a/provisioning/roles/geerlingguy.composer/tests/inventory b/provisioning/roles/geerlingguy.composer/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.composer/tests/requirements.yml b/provisioning/roles/geerlingguy.composer/tests/requirements.yml new file mode 100644 index 000000000..80e765f13 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.repo-remi +- src: geerlingguy.php diff --git a/provisioning/roles/geerlingguy.composer/tests/test.yml b/provisioning/roles/geerlingguy.composer/tests/test.yml new file mode 100644 index 000000000..c76d2a4b3 --- /dev/null +++ b/provisioning/roles/geerlingguy.composer/tests/test.yml @@ -0,0 +1,21 @@ +--- +- hosts: localhost + remote_user: root + + vars: + php_enablerepo: "remi,remi-php70" + php_enable_webserver: false + + # Test a global requirement. + composer_global_packages: + - { name: phpunit/phpunit, release: "@stable" } + + pre_tasks: + - name: Add repository for PHP 7.0. + apt_repository: repo='ppa:ondrej/php' + when: ansible_os_family == 'Debian' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - geerlingguy.php + - role_under_test diff --git a/provisioning/roles/geerlingguy.daemonize/.travis.yml b/provisioning/roles/geerlingguy.daemonize/.travis.yml new file mode 100644 index 000000000..fee7c8ba1 --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/.travis.yml @@ -0,0 +1,57 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Ensure daemonize is available. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which daemonize' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.daemonize/README.md b/provisioning/roles/geerlingguy.daemonize/README.md new file mode 100644 index 000000000..5beefbffd --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/README.md @@ -0,0 +1,43 @@ +# Ansible Role: Daemonize + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-daemonize.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-daemonize) + +Installs [Daemonize](http://software.clapper.org/daemonize/), a tool for running commands as a Unix daemon. + +## Requirements + +Make sure you have `gcc` or other build tools installed (e.g. `yum install make automake gcc gcc-c++ kernel-devel` on RedHat, or `apt-get install build-essential` on Debian) prior to running this role, as it builds Daemonize from source. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + workspace: /root + +The location where code will be downloaded and compiled. + + daemonize_version: 1.7.5 + +The daemonize release version to install. + + daemonize_install_path: "/usr" + +The path where the compiled daemonize binary will be installed. + +## Dependencies + +None. + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.daemonize } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.daemonize/defaults/main.yml b/provisioning/roles/geerlingguy.daemonize/defaults/main.yml new file mode 100644 index 000000000..29b95d5a3 --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/defaults/main.yml @@ -0,0 +1,5 @@ +--- +workspace: /root + +daemonize_version: 1.7.7 +daemonize_install_path: "/usr" diff --git a/provisioning/roles/geerlingguy.daemonize/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.daemonize/meta/.galaxy_install_info new file mode 100644 index 000000000..6e1de8afa --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:43 2016', version: 1.1.0} diff --git a/provisioning/roles/geerlingguy.daemonize/meta/main.yml b/provisioning/roles/geerlingguy.daemonize/meta/main.yml new file mode 100644 index 000000000..09258d152 --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/meta/main.yml @@ -0,0 +1,28 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: "Daemonize for Unix-like operating systems" + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.6 + platforms: + - name: EL + versions: + - all + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + - name: GenericUNIX + versions: + - all + - any + galaxy_tags: + - development + - web + - system + - mail diff --git a/provisioning/roles/geerlingguy.daemonize/tasks/main.yml b/provisioning/roles/geerlingguy.daemonize/tasks/main.yml new file mode 100644 index 000000000..38334682a --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: Download daemonize archive. + get_url: + url: "https://github.com/bmc/daemonize/archive/release-{{ daemonize_version }}.tar.gz" + dest: "{{ workspace }}/daemonize-{{ daemonize_version }}.tar.gz" + +- name: Expand daemonize archive. + unarchive: + src: "{{ workspace }}/daemonize-{{ daemonize_version }}.tar.gz" + dest: "{{ workspace }}" + creates: "{{ workspace }}/daemonize-release-{{ daemonize_version }}/INSTALL" + copy: no + +- name: Check if daemonize is installed. + command: which daemonize + changed_when: false + failed_when: false + register: daemonize_installed + +- name: Build daemonize. + command: > + {{ item }} + chdir={{ workspace }}/daemonize-release-{{ daemonize_version }} + when: daemonize_installed | failed + with_items: + - "./configure --prefix={{ daemonize_install_path }}" + - make + - make install + become: yes diff --git a/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.daemonize/tests/test.yml b/provisioning/roles/geerlingguy.daemonize/tests/test.yml new file mode 100644 index 000000000..4b03ee45e --- /dev/null +++ b/provisioning/roles/geerlingguy.daemonize/tests/test.yml @@ -0,0 +1,24 @@ +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: 'name="{{ item }}" state=present' + with_items: + - "@Development tools" + - tar + - unzip + - sudo + - which + when: ansible_os_family == 'RedHat' + + - name: Ensure build dependencies are installed (Debian). + apt: 'name="{{ item }}" state=installed' + with_items: + - build-essential + - unzip + - tar + - sudo + when: ansible_os_family == 'Debian' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.drupal-console/.travis.yml b/provisioning/roles/geerlingguy.drupal-console/.travis.yml new file mode 100644 index 000000000..816fbddfa --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/.travis.yml @@ -0,0 +1,41 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + - SITE=test-self-update.yml + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install required dependencies. + - ansible-galaxy install geerlingguy.php + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check if Drupal Console is installed and working. + - drupal + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.drupal-console/README.md b/provisioning/roles/geerlingguy.drupal-console/README.md new file mode 100644 index 000000000..83aa15b1d --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/README.md @@ -0,0 +1,45 @@ +# Ansible Role: Drupal Console + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-drupal-console.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-drupal-console) + +Installs [Drupal Console](http://drupalconsole.com/) on any Linux or UNIX system. + +## Requirements + +`php` (version 5.4+) should be installed and working. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + drupal_console_path: /usr/local/bin/drupal + +The path where Drupal Console will be installed and available to your system. Should be in your user's `$PATH` so you can use Drupal Console by entering `drupal` instead of the full path. + + drupal_console_keep_updated: false + +By default, this role not update Drupal Console when it is run again. If you'd like always update Drupal Console to the latest version when this role is run, switch this variable to `true`. + + drupal_console_config: ~/.console + +The path to the Drupal Console configuration file. + +## Dependencies + + - geerlingguy.php (Installs PHP). + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.drupal-console } + +After the playbook runs, `drupal` will be placed in `/usr/local/bin/drupal` (this location is configurable), and will be accessible via normal system accounts. + +## License + +MIT / BSD + +## Author Information + +This role was created in 2015 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.drupal-console/defaults/main.yml b/provisioning/roles/geerlingguy.drupal-console/defaults/main.yml new file mode 100644 index 000000000..5885c7a4e --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/defaults/main.yml @@ -0,0 +1,4 @@ +--- +drupal_console_path: /usr/local/bin/drupal +drupal_console_keep_updated: false +drupal_console_config: ~/.console diff --git a/provisioning/roles/geerlingguy.drupal-console/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.drupal-console/meta/.galaxy_install_info new file mode 100644 index 000000000..57fafd60d --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:47 2016', version: 1.0.7} diff --git a/provisioning/roles/geerlingguy.drupal-console/meta/main.yml b/provisioning/roles/geerlingguy.drupal-console/meta/main.yml new file mode 100644 index 000000000..b08456f77 --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: Drupal Console + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - packaging + - web diff --git a/provisioning/roles/geerlingguy.drupal-console/tasks/main.yml b/provisioning/roles/geerlingguy.drupal-console/tasks/main.yml new file mode 100644 index 000000000..5be21946f --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install Drupal Console. + get_url: + url: https://drupalconsole.com/installer + dest: "{{ drupal_console_path }}" + +- name: Ensure Drupal Console is executable. + file: + path: "{{ drupal_console_path }}" + mode: 0755 + +- name: Run Drupal Console init. + shell: > + php {{ drupal_console_path }} init + creates={{ drupal_console_config }} + +- name: Update Drupal Console to latest version (if configured). + shell: > + php {{ drupal_console_path }} self-update + register: drupal_console_update + changed_when: "'console has been updated' in drupal_console_update.stdout" + when: drupal_console_keep_updated diff --git a/provisioning/roles/geerlingguy.drupal-console/tests/inventory b/provisioning/roles/geerlingguy.drupal-console/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.drupal-console/tests/test-self-update.yml b/provisioning/roles/geerlingguy.drupal-console/tests/test-self-update.yml new file mode 100644 index 000000000..cb5934cc4 --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/tests/test-self-update.yml @@ -0,0 +1,15 @@ +--- +- hosts: localhost + remote_user: root + + vars: + php_enable_webserver: false + drupal_console_keep_updated: true + + pre_tasks: + - name: Add ondrej repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + + roles: + - geerlingguy.php + - ansible-role-drupal-console diff --git a/provisioning/roles/geerlingguy.drupal-console/tests/test.yml b/provisioning/roles/geerlingguy.drupal-console/tests/test.yml new file mode 100644 index 000000000..cf4c49ce2 --- /dev/null +++ b/provisioning/roles/geerlingguy.drupal-console/tests/test.yml @@ -0,0 +1,14 @@ +--- +- hosts: localhost + remote_user: root + + vars: + php_enable_webserver: false + + pre_tasks: + - name: Add ondrej repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + + roles: + - geerlingguy.php + - ansible-role-drupal-console diff --git a/provisioning/roles/geerlingguy.drush/.travis.yml b/provisioning/roles/geerlingguy.drush/.travis.yml new file mode 100644 index 000000000..7125a00a3 --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/.travis.yml @@ -0,0 +1,42 @@ +--- +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo add-apt-repository ppa:ondrej/php5 -y + - sudo apt-get update -q + - sudo apt-get update -qq + - sudo apt-get install curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install required dependencies. + - ansible-galaxy install geerlingguy.php geerlingguy.composer geerlingguy.git + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check if drush is installed and working. + - drush --version + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.drush/README.md b/provisioning/roles/geerlingguy.drush/README.md new file mode 100644 index 000000000..6e8dc8883 --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/README.md @@ -0,0 +1,56 @@ +# Ansible Role: Drush + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-drush.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-drush) + +Installs Drush, a command line shell and scripting interface for Drupal, on any Linux or UNIX system. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + drush_install_path: /usr/local/share/drush + +The location of the entire drush installation (includes all the supporting files, as well as the `drush` executable file. + + drush_path: /usr/local/bin/drush + +The path where drush will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `drush` instead of the full path. + + drush_version: "master" + +The version of Drush to install (examples: `"master"` for the bleeding edge, `"7.x"`, `"6.x"`, `"6.2.0"`). This should be a string as it refers to a git branch, tag, or commit hash. + + drush_keep_updated: no + drush_force_update: no + +Whether to keep Drush up-to-date with the latest revision of the branch specified by `drush_version`, and whether to force the update (e.g. overwrite local modifications to the drush repository). + + drush_composer_cli_options: "--prefer-source --no-interaction" + +These options are the safest for avoiding GitHub API rate limits when installing Drush, and can be very helpful when working on dependencies/installation, but builds can be sped up substantially by changing the first option to --prefer-dist. + +## Dependencies + + - geerlingguy.git (Installs Git). + - geerlingguy.php (Installs PHP). + - geerlingguy.composer (Installs Composer). + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.drush } + +After the playbook runs, the `drush` command will be accessible from normal system accounts. + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.drush/defaults/main.yml b/provisioning/roles/geerlingguy.drush/defaults/main.yml new file mode 100644 index 000000000..eff2827a0 --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/defaults/main.yml @@ -0,0 +1,10 @@ +--- +drush_install_path: /usr/local/share/drush +drush_path: /usr/local/bin/drush +drush_version: "master" +drush_keep_updated: no +drush_force_update: no + +# These options are the safest for avoiding GitHub API rate limits, but builds +# can be sped up substantially by changing to --prefer-dist. +drush_composer_cli_options: "--prefer-source --no-interaction" diff --git a/provisioning/roles/geerlingguy.drush/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.drush/meta/.galaxy_install_info new file mode 100644 index 000000000..f0864c071 --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:50 2016', version: 1.1.2} diff --git a/provisioning/roles/geerlingguy.drush/meta/main.yml b/provisioning/roles/geerlingguy.drush/meta/main.yml new file mode 100644 index 000000000..46be0d34d --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/meta/main.yml @@ -0,0 +1,46 @@ +--- +dependencies: + - geerlingguy.git + - geerlingguy.php + - geerlingguy.composer + +galaxy_info: + author: geerlingguy + description: Drush - command line shell for Drupal + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + categories: + - development + - web diff --git a/provisioning/roles/geerlingguy.drush/tasks/main.yml b/provisioning/roles/geerlingguy.drush/tasks/main.yml new file mode 100644 index 000000000..5b907aa64 --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Clone Drush from GitHub. + git: + repo: https://github.com/drush-ops/drush.git + dest: "{{ drush_install_path }}" + version: "{{ drush_version }}" + update: "{{ drush_keep_updated }}" + force: "{{ drush_force_update }}" + register: drush_clone + +- name: Check for composer.json + stat: path={{ drush_install_path }}/composer.json + register: drush_composer + +# See: https://github.com/geerlingguy/ansible-role-drush/issues/6 +- name: Ensure Drush can be installed on Debian Wheezy. + shell: > + {{ composer_path }} update {{ drush_composer_cli_options }} + chdir={{ drush_install_path }} + when: drush_clone.changed and ansible_distribution == "Debian" and ansible_distribution_release == "wheezy" and drush_composer.stat.exists + +- name: Install Drush dependencies with Composer. + shell: > + {{ composer_path }} install {{ drush_composer_cli_options }} + chdir={{ drush_install_path }} + when: drush_clone.changed and drush_composer.stat.exists + +- name: Create drush symlink. + file: + src: "{{ drush_install_path }}/drush" + dest: "{{ drush_path }}" + state: link + +- name: Run drush to finish setting it up. + command: "{{ drush_path }}" + register: drush_result + changed_when: "'Execute a drush command' not in drush_result.stdout" diff --git a/provisioning/roles/geerlingguy.drush/tests/inventory b/provisioning/roles/geerlingguy.drush/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.drush/tests/test.yml b/provisioning/roles/geerlingguy.drush/tests/test.yml new file mode 100644 index 000000000..df2c5033f --- /dev/null +++ b/provisioning/roles/geerlingguy.drush/tests/test.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + remote_user: root + vars: + php_opcache_enable: "0" + roles: + - geerlingguy.php + - geerlingguy.composer + - geerlingguy.git + - ansible-role-drush diff --git a/provisioning/roles/geerlingguy.elasticsearch/.travis.yml b/provisioning/roles/geerlingguy.elasticsearch/.travis.yml new file mode 100644 index 000000000..dcd413c48 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/.travis.yml @@ -0,0 +1,58 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install required Galaxy roles. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.java' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # TODO: Test if elasticsearch is working. + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.elasticsearch/README.md b/provisioning/roles/geerlingguy.elasticsearch/README.md new file mode 100644 index 000000000..31c741162 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/README.md @@ -0,0 +1,44 @@ +# Ansible Role: Elasticsearch + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-elasticsearch.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-elasticsearch) + +An Ansible Role that installs Elasticsearch on RedHat/CentOS or Debian/Ubuntu. + +## Requirements + +None. + +## Role Variables +Available variables are listed below, along with default values (see `defaults/main.yml`): + + elasticsearch_network_host: localhost + +Network host to listen for incoming connections on. By default we only listen on the localhost interface. Change this to the IP address to listen on a specific interface, or `0.0.0.0` to listen on all interfaces. + + elasticsearch_http_port: 9200 + +The port to listen for HTTP connections on. + + elasticsearch_script_inline: true + elasticsearch_script_indexed: true + +Whether to allow inline scripting against ElasticSearch. You should read the following link as there are possible security implications for enabling these options: [Enable Dynamic Scripting](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#enable-dynamic-scripting). Available options include: `true`, `false`, and `sandbox`. + +## Dependencies + + - geerlingguy.java + +## Example Playbook + + - hosts: search + roles: + - geerlingguy.java + - geerlingguy.elasticsearch + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.elasticsearch/defaults/main.yml b/provisioning/roles/geerlingguy.elasticsearch/defaults/main.yml new file mode 100644 index 000000000..758877f5e --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/defaults/main.yml @@ -0,0 +1,5 @@ +--- +elasticsearch_network_host: localhost +elasticsearch_http_port: 9200 +elasticsearch_script_inline: true +elasticsearch_script_indexed: true diff --git a/provisioning/roles/geerlingguy.elasticsearch/files/elasticsearch.repo b/provisioning/roles/geerlingguy.elasticsearch/files/elasticsearch.repo new file mode 100644 index 000000000..e9d28a615 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/files/elasticsearch.repo @@ -0,0 +1,6 @@ +[elasticsearch-2.x] +name=Elasticsearch repository for 2.x packages +baseurl=http://packages.elastic.co/elasticsearch/2.x/centos +gpgcheck=1 +gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch +enabled=1 diff --git a/provisioning/roles/geerlingguy.elasticsearch/handlers/main.yml b/provisioning/roles/geerlingguy.elasticsearch/handlers/main.yml new file mode 100644 index 000000000..a4c1162a1 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart elasticsearch + service: name=elasticsearch state=restarted diff --git a/provisioning/roles/geerlingguy.elasticsearch/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.elasticsearch/meta/.galaxy_install_info new file mode 100644 index 000000000..2c762e161 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:53 2016', version: 2.1.0} diff --git a/provisioning/roles/geerlingguy.elasticsearch/meta/main.yml b/provisioning/roles/geerlingguy.elasticsearch/meta/main.yml new file mode 100644 index 000000000..8285a4b94 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/meta/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: + - { role: geerlingguy.java } + +galaxy_info: + author: geerlingguy + description: Elasticsearch for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - web + - system + - monitoring diff --git a/provisioning/roles/geerlingguy.elasticsearch/tasks/main.yml b/provisioning/roles/geerlingguy.elasticsearch/tasks/main.yml new file mode 100644 index 000000000..a4ce2d04a --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Configure Elasticsearch. + template: + src: elasticsearch.yml.j2 + dest: /etc/elasticsearch/elasticsearch.yml + owner: root + group: elasticsearch + mode: 0750 + notify: restart elasticsearch + +- name: Start Elasticsearch. + service: name=elasticsearch state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-Debian.yml new file mode 100644 index 000000000..bafa0d5a1 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-Debian.yml @@ -0,0 +1,14 @@ +--- +- name: Add Elasticsearch apt key. + apt_key: + url: https://packages.elastic.co/GPG-KEY-elasticsearch + state: present + +- name: Add Elasticsearch repository. + apt_repository: + repo: 'deb http://packages.elastic.co/elasticsearch/2.x/debian stable main' + state: present + update_cache: yes + +- name: Install Elasticsearch. + apt: pkg=elasticsearch state=present diff --git a/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-RedHat.yml new file mode 100644 index 000000000..543cce2f0 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tasks/setup-RedHat.yml @@ -0,0 +1,14 @@ +--- +- name: Add Elasticsearch GPG key. + rpm_key: + key: https://packages.elastic.co/GPG-KEY-elasticsearch + state: present + +- name: Add Elasticsearch repository. + copy: + src: elasticsearch.repo + dest: /etc/yum.repos.d/elasticsearch.repo + mode: 0644 + +- name: Install Elasticsearch. + yum: pkg=elasticsearch state=installed diff --git a/provisioning/roles/geerlingguy.elasticsearch/templates/elasticsearch.yml.j2 b/provisioning/roles/geerlingguy.elasticsearch/templates/elasticsearch.yml.j2 new file mode 100644 index 000000000..58182a1f9 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/templates/elasticsearch.yml.j2 @@ -0,0 +1,97 @@ +# {{ ansible_managed }} +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please see the documentation for further information on configuration options: +# +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +# cluster.name: my-application +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +# node.name: node-1 +# +# Add custom attributes to the node: +# +# node.rack: r1 +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +# path.data: /path/to/data +# +# Path to log files: +# +# path.logs: /path/to/logs +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +# bootstrap.mlockall: true +# +# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory +# available on the system and that the owner of the process is allowed to use this limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: {{ elasticsearch_network_host }} +# +# Set a custom port for HTTP: +# +http.port: {{ elasticsearch_http_port }} +# +# For more information, see the documentation at: +# +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when new node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +# discovery.zen.ping.unicast.hosts: ["host1", "host2"] +# +# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): +# +# discovery.zen.minimum_master_nodes: 3 +# +# For more information, see the documentation at: +# +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +# gateway.recover_after_nodes: 3 +# +# For more information, see the documentation at: +# +# +# ---------------------------------- Various ----------------------------------- +# +# Disable starting multiple nodes on a single system: +# +# node.max_local_storage_nodes: 1 +# +# Require explicit names when deleting indices: +# +# action.destructive_requires_name: true +script.inline: {{ elasticsearch_script_inline }} +script.indexed: {{ elasticsearch_script_indexed }} diff --git a/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.elasticsearch/tests/test.yml b/provisioning/roles/geerlingguy.elasticsearch/tests/test.yml new file mode 100644 index 000000000..a289f8d1d --- /dev/null +++ b/provisioning/roles/geerlingguy.elasticsearch/tests/test.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - geerlingguy.java + - role_under_test diff --git a/provisioning/roles/geerlingguy.firewall/.travis.yml b/provisioning/roles/geerlingguy.firewall/.travis.yml new file mode 100644 index 000000000..a26b16a82 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/.travis.yml @@ -0,0 +1,60 @@ +--- +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check if TCP port 9123 is open. + - > + sudo iptables -L -n + | grep -q "ACCEPT.*dpt:9123" + && (echo 'Port 9123 is open - pass' && exit 0) + || (echo 'Port 9123 is not open - fail' && exit 1) + + # Check running firewall has exit code 0 + - > + sudo service firewall status + && (echo 'Status of running firewall is 0 - pass' && exit 0) + || (echo 'Status of running firewall is not 0 - fail' && exit 1) + + # Stop firewall + - > + sudo service firewall stop + && (echo 'Stopping firewall - pass' && exit 0) + || (echo 'Stopping firewall - fail' && exit 1) + + # Check stopped firewall has exit code 3 + - > + sudo service firewall status; + EXIT=$?; + if [ 3 -eq $EXIT ]; then + echo 'Status of stopped firewall is 3 - pass' && exit 0; + else + echo 'Status of stopped firewall is not 3 - fail' && exit 1; + fi diff --git a/provisioning/roles/geerlingguy.firewall/README.md b/provisioning/roles/geerlingguy.firewall/README.md new file mode 100644 index 000000000..415dec0cd --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/README.md @@ -0,0 +1,72 @@ +# Ansible Role: Firewall (iptables) + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-firewall.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-firewall) + +Installs a simple iptables-based firewall for RHEL/CentOS or Debian/Ubunty systems. + +This firewall aims for simplicity over complexity, and only opens a few specific ports for incoming traffic (configurable through Ansible variables). If you have a rudimentary knowledge of `iptables` and/or firewalls in general, this role should be a good starting point for a secure system firewall. + +After the role is run, a `firewall` init service will be available on the server. You can use `service firewall [start|stop|restart|status]` to control the firewall. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `vars/main.yml`): + + firewall_allowed_tcp_ports: + - "22" + - "80" + ... + firewall_allowed_udp_ports: [] + +A list of TCP or UDP ports (respectively) to open to incoming traffic. + + firewall_forwarded_tcp_ports: + - { src: "22", dest: "2222" } + - { src: "80", dest: "8080" } + firewall_forwarded_udp_ports: [] + +Forward `src` port to `dest` port, either TCP or UDP (respectively). + + firewall_additional_rules: [] + +Any additional (custom) rules to be added to the firewall (in the same format you would add them via command line, e.g. `iptables [rule]`). + + firewall_log_dropped_packets: true + +Whether to log dropped packets to syslog (messages will be prefixed with "Dropped by firewall: "). + +## Dependencies + +None. + +## Example Playbook + + - hosts: server + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.firewall } + +*Inside `vars/main.yml`*: + + firewall_allowed_tcp_ports: + - "22" + - "25" + - "80" + +## TODO + + - Make outgoing ports more configurable. + - Make other firewall features (like logging) configurable. + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.firewall/defaults/main.yml b/provisioning/roles/geerlingguy.firewall/defaults/main.yml new file mode 100644 index 000000000..e20845849 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/defaults/main.yml @@ -0,0 +1,11 @@ +--- +firewall_allowed_tcp_ports: + - "22" + - "25" + - "80" + - "443" +firewall_allowed_udp_ports: [] +firewall_forwarded_tcp_ports: [] +firewall_forwarded_udp_ports: [] +firewall_additional_rules: [] +firewall_log_dropped_packets: true diff --git a/provisioning/roles/geerlingguy.firewall/handlers/main.yml b/provisioning/roles/geerlingguy.firewall/handlers/main.yml new file mode 100644 index 000000000..378095524 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart firewall + service: name=firewall state=restarted diff --git a/provisioning/roles/geerlingguy.firewall/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.firewall/meta/.galaxy_install_info new file mode 100644 index 000000000..419b46e75 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:48:57 2016', version: 1.0.9} diff --git a/provisioning/roles/geerlingguy.firewall/meta/main.yml b/provisioning/roles/geerlingguy.firewall/meta/main.yml new file mode 100644 index 000000000..fb1434993 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/meta/main.yml @@ -0,0 +1,22 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Simple iptables firewall for most Unix-like systems. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + categories: + - networking + - system diff --git a/provisioning/roles/geerlingguy.firewall/tasks/main.yml b/provisioning/roles/geerlingguy.firewall/tasks/main.yml new file mode 100644 index 000000000..b8bd8357e --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure iptables is installed (RedHat). + yum: pkg=iptables state=installed + when: ansible_os_family == 'RedHat' + +- name: Ensure iptables is installed (Debian). + apt: pkg=iptables state=installed + when: ansible_os_family == 'Debian' + +- name: Flush iptables the first time playbook runs. + command: iptables -F creates=/etc/init.d/firewall + +- name: Copy firewall script into place. + template: src=firewall.bash.j2 dest=/etc/firewall.bash owner=root group=root mode=0744 + notify: restart firewall + +- name: Copy firewall init script into place. + template: src=firewall.j2 dest=/etc/init.d/firewall owner=root group=root mode=0755 + +- name: Ensure the firewall is enabled and will start on boot. + service: name=firewall state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.firewall/templates/firewall.bash.j2 b/provisioning/roles/geerlingguy.firewall/templates/firewall.bash.j2 new file mode 100755 index 000000000..bbe6436e9 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/templates/firewall.bash.j2 @@ -0,0 +1,83 @@ +#!/bin/bash +# iptables firewall for common LAMP servers. +# +# This file should be located at /etc/firewall.bash, and is meant to work with +# Jeff Geerling's firewall init script. +# +# Common port reference: +# 22: SSH +# 25: SMTP +# 80: HTTP +# 123: DNS +# 443: HTTPS +# 2222: SSH alternate +# 4949: Munin +# 6082: Varnish admin +# 8080: HTTP alternate (often used with Tomcat) +# 8983: Tomcat HTTP +# 8443: Tomcat HTTPS +# 9000: SonarQube +# +# @author Jeff Geerling + +# No spoofing. +if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] +then +for filter in /proc/sys/net/ipv4/conf/*/rp_filter +do +echo 1 > $filter +done +fi + +# Remove all rules and chains. +iptables -F +iptables -X + +# Accept traffic from loopback interface (localhost). +iptables -A INPUT -i lo -j ACCEPT + +# Forwarded ports. +{# Add a rule for each forwarded port #} +{% for forwarded_port in firewall_forwarded_tcp_ports %} +iptables -t nat -I PREROUTING -p tcp --dport {{ forwarded_port.src }} -j REDIRECT --to-port {{ forwarded_port.dest }} +iptables -t nat -I OUTPUT -p tcp -o lo --dport {{ forwarded_port.src }} -j REDIRECT --to-port {{ forwarded_port.dest }} +{% endfor %} +{% for forwarded_port in firewall_forwarded_udp_ports %} +iptables -t nat -I PREROUTING -p udp --dport {{ forwarded_port.src }} -j REDIRECT --to-port {{ forwarded_port.dest }} +iptables -t nat -I OUTPUT -p udp -o lo --dport {{ forwarded_port.src }} -j REDIRECT --to-port {{ forwarded_port.dest }} +{% endfor %} + +# Open ports. +{# Add a rule for each open port #} +{% for port in firewall_allowed_tcp_ports %} +iptables -A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT +{% endfor %} +{% for port in firewall_allowed_udp_ports %} +iptables -A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT +{% endfor %} + +# Accept icmp ping requests. +iptables -A INPUT -p icmp -j ACCEPT + +# Allow NTP traffic for time synchronization. +iptables -A OUTPUT -p udp --dport 123 -j ACCEPT +iptables -A INPUT -p udp --sport 123 -j ACCEPT + +# Additional custom rules. +{% for rule in firewall_additional_rules %} +{{ rule }} +{% endfor %} + +# Allow established connections: +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + +# Log EVERYTHING (ONLY for Debug). +# iptables -A INPUT -j LOG + +{% if firewall_log_dropped_packets %} +# Log other incoming requests (all of which are dropped) at 15/minute max. +iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "Dropped by firewall: " +{% endif %} + +# Drop all other traffic. +iptables -A INPUT -j DROP diff --git a/provisioning/roles/geerlingguy.firewall/templates/firewall.j2 b/provisioning/roles/geerlingguy.firewall/templates/firewall.j2 new file mode 100644 index 000000000..e2705f609 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/templates/firewall.j2 @@ -0,0 +1,49 @@ +#! /bin/sh +# /etc/init.d/firewall +# +# Firewall init script, to be used with /etc/firewall.bash by Jeff Geerling. +# +# @author Jeff Geerling + +### BEGIN INIT INFO +# Provides: firewall +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start firewall at boot time. +# Description: Enable the firewall. +### END INIT INFO + +# Carry out specific functions when asked to by the system +case "$1" in + start) + echo "Starting firewall." + /etc/firewall.bash + ;; + stop) + echo "Stopping firewall." + iptables -F + ;; + restart) + echo "Restarting firewall." + /etc/firewall.bash + ;; + status) + echo -e "`iptables -L -n`" + EXIT=4 # program or service status is unknown + NUMBER_OF_RULES=$(iptables-save | grep '^\-' | wc -l) + if [ 0 -eq $NUMBER_OF_RULES ]; then + EXIT=3 # program is not running + else + EXIT=0 # program is running or service is OK + fi + exit $EXIT + ;; + *) + echo "Usage: /etc/init.d/firewall {start|stop|status|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/provisioning/roles/geerlingguy.firewall/tests/inventory b/provisioning/roles/geerlingguy.firewall/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.firewall/tests/test.yml b/provisioning/roles/geerlingguy.firewall/tests/test.yml new file mode 100644 index 000000000..20809d1f8 --- /dev/null +++ b/provisioning/roles/geerlingguy.firewall/tests/test.yml @@ -0,0 +1,8 @@ +--- +- hosts: localhost + remote_user: root + vars: + - firewall_allowed_tcp_ports: + - "9123" + roles: + - ansible-role-firewall diff --git a/provisioning/roles/geerlingguy.git/.gitignore b/provisioning/roles/geerlingguy.git/.gitignore new file mode 100644 index 000000000..b066709e0 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/.gitignore @@ -0,0 +1 @@ +.LSOverride diff --git a/provisioning/roles/geerlingguy.git/.travis.yml b/provisioning/roles/geerlingguy.git/.travis.yml new file mode 100644 index 000000000..a221fcc27 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/.travis.yml @@ -0,0 +1,84 @@ +--- +sudo: required + +env: + # Only test source install on latest supported OSes. + # - distribution: centos + # version: 7 + # init: /usr/lib/systemd/systemd + # run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + # SITE: source + # GIT_VERSION: 2.7.1 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: source + GIT_VERSION: 2.7.1 + + # Test package install on all supported OSes. + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + SITE: package + GIT_VERSION: 1.7.1 + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: package + GIT_VERSION: 1.8.3.1 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: package + GIT_VERSION: 1.9.1 + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + SITE: package + GIT_VERSION: 1.7.9.5 + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure Git is installed and at the right version. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which git' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm test -x /usr/bin/git' + + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm git --version' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm /usr/bin/git --version | grep -qF "$GIT_VERSION"' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.git/README.md b/provisioning/roles/geerlingguy.git/README.md new file mode 100644 index 000000000..e7b66763a --- /dev/null +++ b/provisioning/roles/geerlingguy.git/README.md @@ -0,0 +1,55 @@ +# Ansible Role: Git + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-git.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-git) + +Installs Git, a distributed version control system, on any RHEL/CentOS or Debian/Ubuntu Linux system. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + workspace: /root + +Where certain files will be downloaded and adjusted prior to git installation, if needed. + + git_enablerepo: "" + +This variable, a well as `git_packages`, will be used to install git via a particular `yum` repo if `git_install_from_source` is false (CentOS only). Any additional repositories you have installed that you would like to use for a newer/different Git version. + + git_packages: + - git + - git-svn + +The specific Git packages that will be installed. By default, `git-svn` is included, but you can easily add this variable to your playbook's variables and remove `git-svn` if desired. + + git_install_from_source: false + git_install_path: "/usr" + git_version: "2.1.0" + +Whether to install Git from source; if set to `true`, `git_version` is required and will be used to install a particular version of git (see all available versions here: https://www.kernel.org/pub/software/scm/git/), and `git_install_path` defines where git should be installed. + + git_install_from_source_force_update: false + +If git is already installed at and older version, force a new source build. Only applies if `git_install_from_source` is `true`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.git } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.git/defaults/main.yml b/provisioning/roles/geerlingguy.git/defaults/main.yml new file mode 100644 index 000000000..7c64bc22d --- /dev/null +++ b/provisioning/roles/geerlingguy.git/defaults/main.yml @@ -0,0 +1,23 @@ +--- +workspace: /root + +# If git_install_from_source is set to false, these two variables define whether +# to use an additional repo for the package installation, and which git packages +# will be installed. +git_enablerepo: "" +git_packages: + - git + - git-svn + +# If set to TRUE, git will be installed from source, using the version set with +# the 'git_version' variable instead of using a package. +git_install_from_source: false +git_install_path: "/usr" +git_version: "2.7.1" + +# If git is already installed at and older version, force a new source build. +# Only applies if git_install_from_source is `true`. +git_install_from_source_force_update: false + +# Leave this at it's default. +git_reinstall_from_source: false diff --git a/provisioning/roles/geerlingguy.git/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.git/meta/.galaxy_install_info new file mode 100644 index 000000000..683f63a38 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:01 2016', version: 1.1.1} diff --git a/provisioning/roles/geerlingguy.git/meta/main.yml b/provisioning/roles/geerlingguy.git/meta/main.yml new file mode 100644 index 000000000..d119d20d0 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/meta/main.yml @@ -0,0 +1,22 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Git version control software + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - system diff --git a/provisioning/roles/geerlingguy.git/tasks/install-from-source.yml b/provisioning/roles/geerlingguy.git/tasks/install-from-source.yml new file mode 100644 index 000000000..3dc0458e9 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tasks/install-from-source.yml @@ -0,0 +1,62 @@ +--- +- name: Ensure git's dependencies are installed (RedHat). + yum: "pkg={{ item }} state=installed" + with_items: + - gettext-devel + - expat-devel + - curl-devel + - zlib-devel + - perl-devel + - openssl-devel + - subversion-perl + - make + - gcc + when: ansible_os_family == 'RedHat' + +- name: Ensure git's dependencies are installed (Debian). + apt: "pkg={{ item }} state=installed" + with_items: + - libcurl4-gnutls-dev + - libexpat1-dev + - gettext + - libssl-dev + - build-essential + - gcc + when: ansible_os_family == 'Debian' + +- name: Get installed version + command: git --version + changed_when: false + failed_when: false + # Ansible 1.8 feature. + # warn: no + register: git_installed_version + +- name: Force git install if the version numbers do not match + set_fact: + git_reinstall_from_source: true + when: 'git_install_from_source_force_update and (git_installed_version|success and (git_installed_version.stdout | regex_replace("^.*?([0-9\.]+)$", "\\1") | version_compare(git_version, operator="!=")))' + +- name: Download git. + get_url: + url: "https://www.kernel.org/pub/software/scm/git/git-{{ git_version }}.tar.gz" + dest: "{{ workspace }}/git-{{ git_version }}.tar.gz" + when: git_installed_version|failed or git_reinstall_from_source + +- name: Expand git archive. + unarchive: + src: "{{ workspace }}/git-{{ git_version }}.tar.gz" + dest: "{{ workspace }}" + creates: "{{ workspace }}/git-{{ git_version }}/README" + copy: no + when: git_installed_version|failed or git_reinstall_from_source + +- name: Build git. + command: > + make prefix={{ git_install_path }} {{ item }} + chdir={{ workspace }}/git-{{ git_version }} + with_items: + - all + - install + when: git_installed_version|failed or git_reinstall_from_source + become: yes diff --git a/provisioning/roles/geerlingguy.git/tasks/main.yml b/provisioning/roles/geerlingguy.git/tasks/main.yml new file mode 100644 index 000000000..22f2b81f6 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Ensure git is installed (RedHat). + yum: + name: "{{ item }}" + state: installed + enablerepo: "{{ git_enablerepo }}" + with_items: "{{ git_packages }}" + when: (git_install_from_source == false) and (ansible_os_family == 'RedHat') + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Ensure git is installed (Debian). + apt: + name: "{{ item }}" + state: installed + with_items: "{{ git_packages }}" + when: (git_install_from_source == false) and (ansible_os_family == 'Debian') + +# Install git from source when git_install_from_source is true. +- include: install-from-source.yml + when: git_install_from_source == true diff --git a/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.git/tests/test-package.yml b/provisioning/roles/geerlingguy.git/tests/test-package.yml new file mode 100644 index 000000000..e76a3e01c --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/test-package.yml @@ -0,0 +1,14 @@ +--- +- hosts: all + + vars: + git_install_from_source: false + git_install_path: /usr/local + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.git/tests/test-source.yml b/provisioning/roles/geerlingguy.git/tests/test-source.yml new file mode 100644 index 000000000..a31cc4e7d --- /dev/null +++ b/provisioning/roles/geerlingguy.git/tests/test-source.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + + vars: + git_install_from_source: true + git_install_from_source_force_update: true + git_version: 2.7.1 + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.git/vars/main.yml b/provisioning/roles/geerlingguy.git/vars/main.yml new file mode 100644 index 000000000..10e268ab3 --- /dev/null +++ b/provisioning/roles/geerlingguy.git/vars/main.yml @@ -0,0 +1,2 @@ +--- +# This space intentionally left blank. diff --git a/provisioning/roles/geerlingguy.java/.travis.yml b/provisioning/roles/geerlingguy.java/.travis.yml new file mode 100644 index 000000000..e14ea79f1 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/.travis.yml @@ -0,0 +1,57 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure daemonize is available. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which java' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + diff --git a/provisioning/roles/geerlingguy.java/README.md b/provisioning/roles/geerlingguy.java/README.md new file mode 100644 index 000000000..483ad3f52 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/README.md @@ -0,0 +1,62 @@ +# Ansible Role: Java + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-java.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-java) + +Installs Java for RedHat/CentOS and Debian/Ubuntu linux servers. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values: + + # The defaults provided by this role are specific to each distribution. + java_packages: + - java-1.7.0-openjdk + +Set the version/development kit of Java to install, along with any other necessary Java packages. Some other options include are included in the distribution-specific files in this role's 'defaults' folder. + +## Dependencies + +None. + +## Example Playbook (using default package, usually OpenJDK 7) + + - hosts: servers + roles: + - geerlingguy.java + +## Example Playbook (install OpenJDK 8) + +For RHEL / CentOS: + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'RedHat'" + java_packages: + - java-1.8.0-openjdk + +For Ubuntu < 16.04: + + - hosts: server + tasks: + - name: installing repo for Java 8 in Ubuntu + apt_repository: repo='ppa:openjdk-r/ppa' + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'Debian'" + java_packages: + - openjdk-8-jdk + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.java/defaults/main.yml b/provisioning/roles/geerlingguy.java/defaults/main.yml new file mode 100644 index 000000000..43a7a0226 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# Set java_packages if you would like to use a different version than the +# default (OpenJDK 1.7). +# java_packages: [] diff --git a/provisioning/roles/geerlingguy.java/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.java/meta/.galaxy_install_info new file mode 100644 index 000000000..79c2cbc1a --- /dev/null +++ b/provisioning/roles/geerlingguy.java/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:05 2016', version: 1.4.0} diff --git a/provisioning/roles/geerlingguy.java/meta/main.yml b/provisioning/roles/geerlingguy.java/meta/main.yml new file mode 100644 index 000000000..526ffadc2 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/meta/main.yml @@ -0,0 +1,27 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Java for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + - name: FreeBSD + versions: + - 10.2 + galaxy_tags: + - development + - system + - web diff --git a/provisioning/roles/geerlingguy.java/tasks/main.yml b/provisioning/roles/geerlingguy.java/tasks/main.yml new file mode 100644 index 000000000..95f5b56ba --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: ansible_distribution != 'Ubuntu' + +- name: Include version-specific variables for Ubuntu. + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" + when: ansible_distribution == 'Ubuntu' + +- name: Define java_packages. + set_fact: + java_packages: "{{ __java_packages | list }}" + when: java_packages is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include: setup-FreeBSD.yml + when: ansible_os_family == 'FreeBSD' diff --git a/provisioning/roles/geerlingguy.java/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.java/tasks/setup-Debian.yml new file mode 100644 index 000000000..f1adc7574 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tasks/setup-Debian.yml @@ -0,0 +1,7 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure Java is installed. + apt: "name={{ item }} state=installed" + with_items: "{{ java_packages }}" diff --git a/provisioning/roles/geerlingguy.java/tasks/setup-FreeBSD.yml b/provisioning/roles/geerlingguy.java/tasks/setup-FreeBSD.yml new file mode 100644 index 000000000..f3d1fa310 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tasks/setup-FreeBSD.yml @@ -0,0 +1,10 @@ +--- +- name: Ensure Java is installed. + pkgng: "name={{ item }} state=present" + with_items: "{{ java_packages }}" + +- name: ensure proc is mounted + mount: name=/proc fstype=procfs src=proc opts=rw state=mounted + +- name: ensure fdesc is mounted + mount: name=/dev/fd fstype=fdescfs src=fdesc opts=rw state=mounted diff --git a/provisioning/roles/geerlingguy.java/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.java/tasks/setup-RedHat.yml new file mode 100644 index 000000000..4a616adce --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tasks/setup-RedHat.yml @@ -0,0 +1,4 @@ +--- +- name: Ensure Java is installed. + yum: "name={{ item }} state=installed" + with_items: "{{ java_packages }}" diff --git a/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.java/tests/test.yml b/provisioning/roles/geerlingguy.java/tests/test.yml new file mode 100644 index 000000000..b29465406 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/tests/test.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.java/vars/Debian.yml b/provisioning/roles/geerlingguy.java/vars/Debian.yml new file mode 100644 index 000000000..8d620e47a --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/Debian.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/provisioning/roles/geerlingguy.java/vars/FreeBSD.yml b/provisioning/roles/geerlingguy.java/vars/FreeBSD.yml new file mode 100644 index 000000000..0d712eb4d --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/FreeBSD.yml @@ -0,0 +1,7 @@ +--- +# JDK version options for FreeBSD include: +# - openjdk +# - openjdk6 +# - openjdk8 +__java_packages: + - openjdk diff --git a/provisioning/roles/geerlingguy.java/vars/RedHat.yml b/provisioning/roles/geerlingguy.java/vars/RedHat.yml new file mode 100644 index 000000000..70694b7af --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/RedHat.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - java-1.6.0-openjdk +# - java-1.7.0-openjdk +__java_packages: + - java-1.7.0-openjdk diff --git a/provisioning/roles/geerlingguy.java/vars/Ubuntu-12.04.yml b/provisioning/roles/geerlingguy.java/vars/Ubuntu-12.04.yml new file mode 100644 index 000000000..8d620e47a --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/Ubuntu-12.04.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/provisioning/roles/geerlingguy.java/vars/Ubuntu-14.04.yml b/provisioning/roles/geerlingguy.java/vars/Ubuntu-14.04.yml new file mode 100644 index 000000000..8d620e47a --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/Ubuntu-14.04.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/provisioning/roles/geerlingguy.java/vars/Ubuntu-16.04.yml b/provisioning/roles/geerlingguy.java/vars/Ubuntu-16.04.yml new file mode 100644 index 000000000..0a0bd8209 --- /dev/null +++ b/provisioning/roles/geerlingguy.java/vars/Ubuntu-16.04.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-8-jdk +# - openjdk-9-jdk +__java_packages: + - openjdk-8-jdk diff --git a/provisioning/roles/geerlingguy.mailhog/.travis.yml b/provisioning/roles/geerlingguy.mailhog/.travis.yml new file mode 100644 index 000000000..135e0d568 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/.travis.yml @@ -0,0 +1,67 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach -p 8025:8025 --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install required Galaxy roles. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.daemonize' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - idempotence=$(mktemp) + - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | tee -a ${idempotence} + - > + tail ${idempotence} + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure mailhog is listening on ports 1025 and 8025. + # TODO. + + # Send an email via mhsendmail. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm sh -c "cat /etc/ansible/roles/role_under_test/tests/message | /opt/mailhog/mhsendmail johndoe@example.com"' + + # Test retrieving messages via MailHog API. + - 'curl http://localhost:8025/api/v2/messages | grep id' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.mailhog/README.md b/provisioning/roles/geerlingguy.mailhog/README.md new file mode 100644 index 000000000..9fac45635 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/README.md @@ -0,0 +1,55 @@ +# Ansible Role: MailHog + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-mailhog.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-mailhog) + +Installs [MailHog](https://github.com/mailhog/MailHog), a Go-based SMTP server and web UI/API for displaying captured emails, on RedHat or Debian-based linux systems. + +Also installs [mhsendmail](https://github.com/mailhog/mhsendmail) so you can redirect system mail to MailHog's built-in SMTP server. + +If you're using PHP and would like to route all PHP email into MailHog, you will need to update the `sendmail_path` configuration option in php.ini, like so: + + sendmail_path = "{{ mailhog_install_dir }}/mhsendmail" + +(Replace `{{ mailhog_install_dir }}` with the actual MailHog installation directory, which is `/opt/mailhog` by default—e.g. `/opt/mailhog/mhsendmail`). + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + mailhog_install_dir: /opt/mailhog + +The directory into which the MailHog binary will be installed. + + mailhog_binary_url: https://github.com/mailhog/MailHog/releases/download/v0.2.0/MailHog_linux_amd64 + +The MailHog binary that will be installed. You can find the latest version or a 32-bit version by visiting the [MailHog project releases page](https://github.com/mailhog/MailHog/releases). + + mailhog_daemonize_bin_path: /usr/sbin/daemonize + +The path to `daemonize`, which is used to launch MailHog via init script. + + mhsendmail_binary_url: https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendmail_linux_amd64 + +The mhsendmail binary that will be installed. You can find the latest version or a 32-bit version by visiting the [mhsendmail project releases page](https://github.com/mailhog/mhsendmail/releases). + +## Dependencies + + - geerlingguy.daemonize + +## Example Playbook + + - hosts: servers + roles: + - { role: geerlingguy.mailhog } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.mailhog/defaults/main.yml b/provisioning/roles/geerlingguy.mailhog/defaults/main.yml new file mode 100644 index 000000000..73d66df85 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/defaults/main.yml @@ -0,0 +1,7 @@ +--- +mailhog_install_dir: /opt/mailhog +mailhog_binary_url: https://github.com/mailhog/MailHog/releases/download/v0.2.0/MailHog_linux_amd64 +mhsendmail_binary_url: https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendmail_linux_amd64 + +# Path to daemonize, which is used to launch MailHog via init script. +mailhog_daemonize_bin_path: /usr/sbin/daemonize diff --git a/provisioning/roles/geerlingguy.mailhog/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.mailhog/meta/.galaxy_install_info new file mode 100644 index 000000000..d49e3f771 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:08 2016', version: 2.0.0} diff --git a/provisioning/roles/geerlingguy.mailhog/meta/main.yml b/provisioning/roles/geerlingguy.mailhog/meta/main.yml new file mode 100644 index 000000000..16a2c2b78 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/meta/main.yml @@ -0,0 +1,25 @@ +--- +dependencies: + - geerlingguy.daemonize + +galaxy_info: + author: geerlingguy + description: "MailHog for Linux" + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - development + - web + - system + - mail diff --git a/provisioning/roles/geerlingguy.mailhog/tasks/main.yml b/provisioning/roles/geerlingguy.mailhog/tasks/main.yml new file mode 100644 index 000000000..3ee62d118 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tasks/main.yml @@ -0,0 +1,33 @@ +--- +# Install and configure MailHog. +- name: Ensure mailhog install directory exists. + file: + path: "{{ mailhog_install_dir }}" + owner: root + group: root + state: directory + mode: 0755 + +- name: Download MailHog and mhsendmail binaries. + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0755 + with_items: + - url: "{{ mailhog_binary_url }}" + dest: "{{ mailhog_install_dir }}/mailhog" + - url: "{{ mhsendmail_binary_url }}" + dest: "{{ mailhog_install_dir }}/mhsendmail" + +- name: Copy mailhog init script into place. + template: + src: mailhog.init.j2 + dest: /etc/init.d/mailhog + owner: root + group: root + mode: 0755 + +- name: Ensure mailhog is enabled and will start on boot. + service: name=mailhog state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.mailhog/templates/mailhog.init.j2 b/provisioning/roles/geerlingguy.mailhog/templates/mailhog.init.j2 new file mode 100644 index 000000000..c20904c79 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/templates/mailhog.init.j2 @@ -0,0 +1,61 @@ +#! /bin/sh +# /etc/init.d/mailhog +# +# MailHog init script. +# +# @author Jeff Geerling + +### BEGIN INIT INFO +# Provides: mailhog +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start MailHog at boot time. +# Description: Enable MailHog. +### END INIT INFO + +PID=/var/run/mailhog.pid +LOCK=/var/lock/mailhog.lock +USER=nobody +BIN={{ mailhog_install_dir }}/mailhog +DAEMONIZE_BIN={{ mailhog_daemonize_bin_path }} + +# Carry out specific functions when asked to by the system +case "$1" in + start) + echo "Starting mailhog." + $DAEMONIZE_BIN -p $PID -l $LOCK -u $USER $BIN + ;; + stop) + if [ -f $PID ]; then + echo "Stopping mailhog."; + kill -TERM $(cat $PID); + rm -f $PID; + else + echo "MailHog is not running."; + fi + ;; + restart) + echo "Restarting mailhog." + if [ -f $PID ]; then + kill -TERM $(cat $PID); + rm -f $PID; + fi + $DAEMONIZE_BIN -p $PID -l $LOCK -u $USER $BIN + ;; + status) + if [ -f $PID ]; then + echo "MailHog is running."; + else + echo "MailHog is not running."; + exit 3 + fi + ;; + *) + echo "Usage: /etc/init.d/mailhog {start|stop|status|restart}" + exit 1 + ;; +esac + +exit 0 \ No newline at end of file diff --git a/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.mailhog/tests/message b/provisioning/roles/geerlingguy.mailhog/tests/message new file mode 100644 index 000000000..582ec1e91 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/message @@ -0,0 +1,5 @@ +From: johndoe@example.com +To: janedoe@example.com +Subject: Test email + +Hello world! \ No newline at end of file diff --git a/provisioning/roles/geerlingguy.mailhog/tests/test.yml b/provisioning/roles/geerlingguy.mailhog/tests/test.yml new file mode 100644 index 000000000..3fd4e5d05 --- /dev/null +++ b/provisioning/roles/geerlingguy.mailhog/tests/test.yml @@ -0,0 +1,27 @@ +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: 'name="{{ item }}" state=present' + with_items: + - "@Development tools" + - tar + - unzip + - sudo + - which + - net-tools + when: ansible_os_family == 'RedHat' + + - name: Ensure build dependencies are installed (Debian). + apt: 'name="{{ item }}" state=installed' + with_items: + - build-essential + - unzip + - tar + - sudo + - net-tools + when: ansible_os_family == 'Debian' + + roles: + - geerlingguy.daemonize + - role_under_test diff --git a/provisioning/roles/geerlingguy.memcached/.gitignore b/provisioning/roles/geerlingguy.memcached/.gitignore new file mode 100644 index 000000000..e43b0f988 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/provisioning/roles/geerlingguy.memcached/.travis.yml b/provisioning/roles/geerlingguy.memcached/.travis.yml new file mode 100644 index 000000000..3f9719b3b --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/.travis.yml @@ -0,0 +1,34 @@ +--- +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check the version of Memcached (if this output fails, it's not running). + - memcached -h | head -1 diff --git a/provisioning/roles/geerlingguy.memcached/README.md b/provisioning/roles/geerlingguy.memcached/README.md new file mode 100644 index 000000000..79af09a0c --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/README.md @@ -0,0 +1,53 @@ +# Ansible Role: Memcached + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-memcached.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-memcached) + +An Ansible Role that installs Memcached on RedHat/CentOS or Debian/Ubuntu Linux. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + memcached_user: memcache + +The user under which the Memcached daemon will run. + + memcached_port: 11211 + memcached_listen_ip: 127.0.0.1 + +The port and IP address (127.0.0.1 for localhost) on which Memcached will listen for requests. + + memcached_memory_limit: 64 + memcached_connections: 1024 + +Memcached limits. The maximum amount of RAM `memcached` will consume (64MB is the default), and the maximum number of simultaneous connections memcached will handle. + + memcached_log_file: /var/log/memcached.log + +The location of the memcached log file. + + memcached_log_verbosity: "" + +Normally memcached does not log anything. Change to "-v" to enable logging or to "-vv" for debug logging. + +## Dependencies + +None. + +## Example Playbook + + - hosts: cache + roles: + - { role: geerlingguy.memcached } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.memcached/defaults/main.yml b/provisioning/roles/geerlingguy.memcached/defaults/main.yml new file mode 100644 index 000000000..9f4768446 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/defaults/main.yml @@ -0,0 +1,9 @@ +--- +memcached_port: 11211 +memcached_listen_ip: 127.0.0.1 + +memcached_memory_limit: 64 +memcached_connections: 1024 + +memcached_log_file: /var/log/memcached.log +memcached_log_verbosity: "" diff --git a/provisioning/roles/geerlingguy.memcached/handlers/main.yml b/provisioning/roles/geerlingguy.memcached/handlers/main.yml new file mode 100644 index 000000000..9aaea02cb --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart memcached + service: name=memcached state=restarted diff --git a/provisioning/roles/geerlingguy.memcached/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.memcached/meta/.galaxy_install_info new file mode 100644 index 000000000..19a1059f6 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:12 2016', version: 1.0.4} diff --git a/provisioning/roles/geerlingguy.memcached/meta/main.yml b/provisioning/roles/geerlingguy.memcached/meta/main.yml new file mode 100644 index 000000000..876bbbc8f --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/meta/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Memcached for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - precise + - trusty + - name: Debian + versions: + - all + categories: + - web + - database diff --git a/provisioning/roles/geerlingguy.memcached/tasks/main.yml b/provisioning/roles/geerlingguy.memcached/tasks/main.yml new file mode 100644 index 000000000..2aa71cf0a --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/tasks/main.yml @@ -0,0 +1,29 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define memcached_user. + set_fact: + memcached_user: "{{ __memcached_user }}" + when: memcached_user is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +# Configure Memcached. +- name: Copy Memcached configuration. + template: + src: memcached-{{ ansible_os_family }}.conf.j2 + dest: "{{ memcached_config_file }}" + owner: root + group: root + mode: 0644 + notify: restart memcached + +- name: Ensure Memcached is started and set to run on startup. + service: name=memcached state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.memcached/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.memcached/tasks/setup-Debian.yml new file mode 100644 index 000000000..2a5b4145b --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/tasks/setup-Debian.yml @@ -0,0 +1,6 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Install Memcached. + apt: name=memcached state=installed diff --git a/provisioning/roles/geerlingguy.memcached/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.memcached/tasks/setup-RedHat.yml new file mode 100644 index 000000000..461cc3538 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/tasks/setup-RedHat.yml @@ -0,0 +1,3 @@ +--- +- name: Install Memcached. + yum: name=memcached state=installed diff --git a/provisioning/roles/geerlingguy.memcached/templates/memcached-Debian.conf.j2 b/provisioning/roles/geerlingguy.memcached/templates/memcached-Debian.conf.j2 new file mode 100644 index 000000000..25f0aacdf --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/templates/memcached-Debian.conf.j2 @@ -0,0 +1,27 @@ +# Run memcached as a daemon. This command is implied, and is not needed for the +# daemon to run. +-d + +# Log memcached's output to /var/log/memcached +logfile {{ memcached_log_file }} +{{ memcached_log_verbosity }} + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +-m {{ memcached_memory_limit }} + +# Default connection port is 11211 +-p {{ memcached_port }} + +# Run the daemon as root. The start-memcached will default to running as root if no +# -u command is present in this config file +-u {{ memcached_user }} + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l {{ memcached_listen_ip }} + +# Limit the number of simultaneous incoming connections. The daemon default is 1024 +-c {{ memcached_connections }} diff --git a/provisioning/roles/geerlingguy.memcached/templates/memcached-RedHat.conf.j2 b/provisioning/roles/geerlingguy.memcached/templates/memcached-RedHat.conf.j2 new file mode 100644 index 000000000..e57d425a4 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/templates/memcached-RedHat.conf.j2 @@ -0,0 +1,19 @@ +# Default connection port is 11211 +PORT="{{ memcached_port }}" + +# The user to run memcached as. +USER="{{ memcached_user }}" + +# Limit the number of simultaneous incoming connections. The daemon default is 1024. +MAXCONN="{{ memcached_connections }}" + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +CACHESIZE="{{ memcached_memory_limit }}" + +# Extra options: +# -l Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +OPTIONS="-l {{ memcached_listen_ip }} {{ memcached_log_verbosity }} >> {{ memcached_log_file }} 2>&1" diff --git a/provisioning/roles/geerlingguy.memcached/tests/inventory b/provisioning/roles/geerlingguy.memcached/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.memcached/tests/test.yml b/provisioning/roles/geerlingguy.memcached/tests/test.yml new file mode 100644 index 000000000..cc7aee226 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-memcached diff --git a/provisioning/roles/geerlingguy.memcached/vars/Debian.yml b/provisioning/roles/geerlingguy.memcached/vars/Debian.yml new file mode 100644 index 000000000..6167345d3 --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +__memcached_user: memcache +memcached_config_file: /etc/memcached.conf diff --git a/provisioning/roles/geerlingguy.memcached/vars/RedHat.yml b/provisioning/roles/geerlingguy.memcached/vars/RedHat.yml new file mode 100644 index 000000000..520ab013e --- /dev/null +++ b/provisioning/roles/geerlingguy.memcached/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +__memcached_user: memcached +memcached_config_file: /etc/sysconfig/memcached diff --git a/provisioning/roles/geerlingguy.mysql/.travis.yml b/provisioning/roles/geerlingguy.mysql/.travis.yml new file mode 100644 index 000000000..24c1c0910 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/.travis.yml @@ -0,0 +1,78 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + playbook: test.yml + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + playbook: centos-7-test.yml + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + playbook: test.yml + # - distribution: ubuntu + # version: 12.04 + # init: /sbin/init + # run_opts: "" + # playbook: test.yml + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}' + + # Test role idempotence. + - idempotence=$(mktemp) + - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} | tee -a ${idempotence} + - > + tail ${idempotence} + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Some MySQL debugging (show all the logs). + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ls -lah /var/log + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql/error.log || true + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.err || true + + # Check to make sure we can connect to MySQL via Unix socket. + - > + sudo docker exec "$(cat ${container_id})" mysql -u root -proot -e 'show databases;' + | grep -q 'information_schema' + && (echo 'MySQL running normally' && exit 0) + || (echo 'MySQL not running' && exit 1) + + # Check to make sure we can connect to MySQL via TCP. + - > + sudo docker exec "$(cat ${container_id})" mysql -u root -proot -h 127.0.0.1 -e 'show databases;' + | grep -q 'information_schema' + && (echo 'MySQL running normally' && exit 0) + || (echo 'MySQL not running' && exit 1) + + # Clean up + - sudo docker stop "$(cat ${container_id})" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.mysql/README.md b/provisioning/roles/geerlingguy.mysql/README.md new file mode 100644 index 000000000..3218d1888 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/README.md @@ -0,0 +1,144 @@ +# Ansible Role: MySQL + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-mysql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-mysql) + +Installs and configures MySQL or MariaDB server on RHEL/CentOS or Debian/Ubuntu servers. + +## Requirements + +No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like: + + - hosts: database + roles: + - role: geerlingguy.mysql + become: yes + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + mysql_user_home: /root + +The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role. + + mysql_root_password: root + +The MySQL root user account password. + + mysql_root_password_update: no + +Whether to force update the MySQL root user's password. By default, this role will only change the root user's password when MySQL is first configured. You can force an update by setting this to `yes`. + +> Note: If you get an error like `ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)` after a failed or interrupted playbook run, this usually means the root password wasn't originally updated to begin with. Try either removing the `.my.cnf` file inside the configured `mysql_user_home` or updating it and setting `password=''` (the insecure default password). Run the playbook again, with `mysql_root_password_update` set to `yes`, and the setup should complete. + + mysql_enabled_on_startup: yes + +Whether MySQL should be enabled on startup. + + overwrite_global_mycnf: yes + +Whether the global my.cnf should be overwritten each time this role is run. Setting this to `no` tells Ansible to only create the `my.cnf` file if it doesn't exist. This should be left at its default value (`yes`) if you'd like to use this role's variables to configure MySQL. + + mysql_config_include_files: [] + +A list of files that should override the default global my.cnf. Each item in the array requires a "src" parameter which is a path to a file. An optional "force" parameter can force the file to be updated each time ansible runs. + + mysql_databases: [] + +The MySQL databases to create. A database has the values `name`, `encoding` (defaults to `utf8`), `collation` (defaults to `utf8_general_ci`) and `replicate` (defaults to `1`, only used if replication is configured). The formats of these are the same as in the `mysql_db` module. + + mysql_users: [] + +The MySQL users and their privileges. A user has the values `name`, `host` (defaults to `localhost`), `password`, `priv` (defaults to `*.*:USAGE`), `append_privs` (defaults to `no`), `state` (defaults to `present`). The formats of these are the same as in the `mysql_user` module. + + mysql_packages: + - mysql + - mysql-server + +(OS-specific, RedHat/CentOS defaults listed here) Packages to be installed. In some situations, you may need to add additional packages, like `mysql-devel`. + + mysql_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install later versions of MySQL. + + mysql_port: "3306" + mysql_bind_address: '0.0.0.0' + mysql_datadir: /var/lib/mysql + +Default MySQL connection configuration. + + mysql_log: "" + mysql_log_error: /var/log/mysqld.log + mysql_syslog_tag: mysqld + +MySQL logging configuration. Setting `mysql_log` (the general query log) or `mysql_log_error` to `syslog` will make MySQL log to syslog using the `mysql_syslog_tag`. + + mysql_slow_query_log_enabled: no + mysql_slow_query_log_file: /var/log/mysql-slow.log + mysql_slow_query_time: 2 + +Slow query log settings. Note that the log file will be created by this role, but if you're running on a server with SELinux or AppArmor, you may need to add this path to the allowed paths for MySQL, or disable the mysql profile. For example, on Debian/Ubuntu, you can run `sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld && sudo service apparmor restart`. + + mysql_key_buffer_size: "256M" + mysql_max_allowed_packet: "64M" + mysql_table_open_cache: "256" + [...] + +The rest of the settings in `defaults/main.yml` control MySQL's memory usage and some other common settings. The default values are tuned for a server where MySQL can consume ~512 MB RAM, so you should consider adjusting them to suit your particular server better. + + mysql_server_id: "1" + mysql_max_binlog_size: "100M" + mysql_binlog_format: "ROW" + mysql_expire_logs_days: "10" + mysql_replication_role: '' + mysql_replication_master: '' + mysql_replication_user: [] + +Replication settings. Set `mysql_server_id` and `mysql_replication_role` by server (e.g. the master would be ID `1`, with the `mysql_replication_role` of `master`, and the slave would be ID `2`, with the `mysql_replication_role` of `slave`). The `mysql_replication_user` uses the same keys as `mysql_users`, and is created on master servers, and used to replicate on all the slaves. + +### MariaDB usage + +This role works with either MySQL or a compatible version of MariaDB. On RHEL/CentOS 7+, the mariadb database engine was substituted as the default MySQL replacement package. No modifications are necessary though all of the variables still reference 'mysql' instead of mariadb. + +#### Ubuntu 14.04 and 16.04 MariaDB configuration + +On Ubuntu, the package names are named differently, so the `mysql_package` variable needs to be altered. Set the following variables (at a minimum): + + mysql_packages: + - mariadb-client + - mariadb-server + - python-mysqldb + +## Dependencies + +None. + +## Example Playbook + + - hosts: db-servers + become: yes + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.mysql } + +*Inside `vars/main.yml`*: + + mysql_root_password: super-secure-password + mysql_databases: + - name: example_db + encoding: latin1 + collation: latin1_general_ci + mysql_users: + - name: example_user + host: "%" + password: similarly-secure-password + priv: "example_db.*:ALL" + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.mysql/defaults/main.yml b/provisioning/roles/geerlingguy.mysql/defaults/main.yml new file mode 100644 index 000000000..7f25f14f3 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/defaults/main.yml @@ -0,0 +1,101 @@ +--- +mysql_user_home: /root +mysql_root_username: root +mysql_root_password: root + +# Set this to `yes` to forcibly update the root password. +mysql_root_password_update: no + +mysql_enabled_on_startup: yes + +# update my.cnf. each time role is run? yes | no +overwrite_global_mycnf: yes + +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only +# for RedHat systems (and derivatives). +mysql_enablerepo: "" + +# Define a custom list of packages to install; if none provided, the default +# package list from vars/[OS-family].yml will be used. +# mysql_packages: +# - mysql +# - mysql-server +# - MySQL-python + +# MySQL connection settings. +mysql_port: "3306" +mysql_bind_address: '0.0.0.0' +mysql_datadir: /var/lib/mysql +mysql_pid_file: /var/run/mysqld/mysqld.pid +mysql_skip_name_resolve: no + +# Slow query log settings. +mysql_slow_query_log_enabled: no +mysql_slow_query_log_file: /var/log/mysql-slow.log +mysql_slow_query_time: "2" + +# Memory settings (default values optimized ~512MB RAM). +mysql_key_buffer_size: "256M" +mysql_max_allowed_packet: "64M" +mysql_table_open_cache: "256" +mysql_sort_buffer_size: "1M" +mysql_read_buffer_size: "1M" +mysql_read_rnd_buffer_size: "4M" +mysql_myisam_sort_buffer_size: "64M" +mysql_thread_cache_size: "8" +mysql_query_cache_size: "16M" +mysql_max_connections: "151" + +# Other settings. +mysql_lower_case_table_names: "0" +mysql_wait_timeout: "28800" + +# InnoDB settings. +mysql_innodb_file_per_table: "1" +# Set .._buffer_pool_size up to 80% of RAM but beware of setting too high. +mysql_innodb_buffer_pool_size: "256M" +# Set .._log_file_size to 25% of buffer pool size. +mysql_innodb_log_file_size: "64M" +mysql_innodb_log_buffer_size: "8M" +mysql_innodb_flush_log_at_trx_commit: "1" +mysql_innodb_lock_wait_timeout: "50" + +# These settings require MySQL > 5.5. +mysql_innodb_large_prefix: "1" +mysql_innodb_file_format: "barracuda" + +# mysqldump settings. +mysql_mysqldump_max_allowed_packet: "64M" + +# Logging settings. +mysql_log: "" +mysql_log_error: /var/log/mysql.err +mysql_syslog_tag: mysql + +mysql_config_include_files: [] +# - src: path/relative/to/playbook/file.cnf +# - { src: path/relative/to/playbook/anotherfile.cnf, force: yes } + +# Databases. +mysql_databases: [] +# - name: example +# collation: utf8_general_ci +# encoding: utf8 +# replicate: 1 + +# Users. +mysql_users: [] +# - name: example +# host: 127.0.0.1 +# password: secret +# priv: *.*:USAGE + +# Replication settings (replication is only enabled if master/user have values). +mysql_server_id: "1" +mysql_max_binlog_size: "100M" +mysql_binlog_format: "ROW" +mysql_expire_logs_days: "10" +mysql_replication_role: '' +mysql_replication_master: '' +# Same keys as `mysql_users` above. +mysql_replication_user: [] diff --git a/provisioning/roles/geerlingguy.mysql/handlers/main.yml b/provisioning/roles/geerlingguy.mysql/handlers/main.yml new file mode 100644 index 000000000..429abe31b --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart mysql + service: "name={{ mysql_daemon }} state=restarted sleep=5" diff --git a/provisioning/roles/geerlingguy.mysql/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.mysql/meta/.galaxy_install_info new file mode 100644 index 000000000..272443920 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:15 2016', version: 2.3.0} diff --git a/provisioning/roles/geerlingguy.mysql/meta/main.yml b/provisioning/roles/geerlingguy.mysql/meta/main.yml new file mode 100644 index 000000000..0432274a6 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/meta/main.yml @@ -0,0 +1,22 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: MySQL server for RHEL/CentOS and Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - database diff --git a/provisioning/roles/geerlingguy.mysql/tasks/configure.yml b/provisioning/roles/geerlingguy.mysql/tasks/configure.yml new file mode 100644 index 000000000..d8a458574 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/configure.yml @@ -0,0 +1,69 @@ +--- +- name: Copy my.cnf global MySQL configuration. + template: + src: my.cnf.j2 + dest: "{{ mysql_config_file }}" + owner: root + group: root + mode: 0644 + force: "{{ overwrite_global_mycnf }}" + notify: restart mysql + +- name: Verify mysql include directory exists. + file: + path: "{{ mysql_config_include_dir }}" + state: directory + owner: root + group: root + mode: 0755 + when: mysql_config_include_files | length + +- name: Copy my.cnf override files into include directory. + template: + src: "{{ item.src }}" + dest: "{{ mysql_config_include_dir }}/{{ item.src | basename }}" + owner: root + group: root + mode: 0644 + force: "{{ item.force | default(False) }}" + with_items: "{{ mysql_config_include_files }}" + notify: restart mysql + +- name: Create slow query log file (if configured). + shell: "touch {{ mysql_slow_query_log_file }} creates={{ mysql_slow_query_log_file }}" + when: mysql_slow_query_log_enabled + +- name: Create datadir if it does not exist + file: + path: "{{ mysql_datadir }}" + state: directory + owner: mysql + group: mysql + mode: 0755 + setype: mysqld_db_t + +- name: Set ownership on slow query log file (if configured). + file: + path: "{{ mysql_slow_query_log_file }}" + state: file + owner: mysql + group: mysql + mode: 0640 + when: mysql_slow_query_log_enabled + +- name: Create error log file (if configured). + shell: "touch {{ mysql_log_error }} creates={{ mysql_log_error }}" + when: mysql_log == "" and mysql_log_error != "" + +- name: Set ownership on error log file (if configured). + file: + path: "{{ mysql_log_error }}" + state: file + owner: mysql + group: mysql + mode: 0640 + when: mysql_log == "" and mysql_log_error != "" + +- name: Ensure MySQL is started and enabled on boot. + service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}" + register: mysql_service_configuration diff --git a/provisioning/roles/geerlingguy.mysql/tasks/databases.yml b/provisioning/roles/geerlingguy.mysql/tasks/databases.yml new file mode 100644 index 000000000..681e51501 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/databases.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure MySQL databases are present. + mysql_db: + name: "{{ item.name }}" + collation: "{{ item.collation | default('utf8_general_ci') }}" + encoding: "{{ item.encoding | default('utf8') }}" + state: present + with_items: "{{ mysql_databases }}" diff --git a/provisioning/roles/geerlingguy.mysql/tasks/main.yml b/provisioning/roles/geerlingguy.mysql/tasks/main.yml new file mode 100644 index 000000000..627d917ee --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/main.yml @@ -0,0 +1,42 @@ +--- +# Variable configuration. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: ansible_os_family != "RedHat" + +- name: Include OS-specific variables (RedHat). + include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" + when: ansible_os_family == "RedHat" + +- name: Define mysql_packages. + set_fact: + mysql_packages: "{{ __mysql_packages | list }}" + when: mysql_packages is not defined + +- name: Define mysql_daemon. + set_fact: + mysql_daemon: "{{ __mysql_daemon }}" + when: mysql_daemon is not defined + +- name: Define mysql_slow_query_log_file. + set_fact: + mysql_slow_query_log_file: "{{ __mysql_slow_query_log_file }}" + when: mysql_slow_query_log_file is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Check if MySQL packages were installed. + set_fact: + mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed) or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed) }}" + +# Configure MySQL. +- include: configure.yml +- include: secure-installation.yml +- include: databases.yml +- include: users.yml +- include: replication.yml diff --git a/provisioning/roles/geerlingguy.mysql/tasks/replication.yml b/provisioning/roles/geerlingguy.mysql/tasks/replication.yml new file mode 100644 index 000000000..ec56dfc29 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/replication.yml @@ -0,0 +1,51 @@ +--- +- name: Ensure replication user exists on master. + mysql_user: + name: "{{ mysql_replication_user.name }}" + host: "{{ mysql_replication_user.host | default('%') }}" + password: "{{ mysql_replication_user.password }}" + priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE') }}" + state: present + when: > + (mysql_replication_role == 'master') + and mysql_replication_user + and (mysql_replication_master != '') + +- name: Check slave replication status. + mysql_replication: mode=getslave + ignore_errors: true + register: slave + when: > + mysql_replication_role == 'slave' + and (mysql_replication_master != '') + +- name: Check master replication status. + mysql_replication: mode=getmaster + delegate_to: "{{ mysql_replication_master }}" + register: master + when: > + slave|failed + and (mysql_replication_role == 'slave') + and (mysql_replication_master != '') + +- name: Configure replication on the slave. + mysql_replication: + mode: changemaster + master_host: "{{ mysql_replication_master }}" + master_user: "{{ mysql_replication_user.name }}" + master_password: "{{ mysql_replication_user.password }}" + master_log_file: "{{ master.File }}" + master_log_pos: "{{ master.Position }}" + ignore_errors: True + when: > + slave|failed + and (mysql_replication_role == 'slave') + and (mysql_replication_master != '') + and mysql_replication_user + +- name: Start replication. + mysql_replication: mode=startslave + when: > + slave|failed + and (mysql_replication_role == 'slave') + and (mysql_replication_master != '') diff --git a/provisioning/roles/geerlingguy.mysql/tasks/secure-installation.yml b/provisioning/roles/geerlingguy.mysql/tasks/secure-installation.yml new file mode 100644 index 000000000..db4a8edeb --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/secure-installation.yml @@ -0,0 +1,60 @@ +--- +- name: Get MySQL version. + command: 'mysql --version' + register: mysql_cli_version + changed_when: false + +- name: Disallow root login remotely + command: 'mysql -NBe "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') + changed_when: false + +- name: Get list of hosts for the root user. + command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC' + register: mysql_root_hosts + changed_when: false + always_run: true + +# Note: We do not use mysql_user for this operation, as it doesn't always update +# the root password correctly. See: https://goo.gl/MSOejW +# Set root password for MySQL >= 5.7.x. +- name: Update MySQL root password for localhost root account (5.7.x). + shell: > + mysql -u root -NBe + 'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";' + with_items: "{{ mysql_root_hosts.stdout_lines }}" + when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' in mysql_cli_version.stdout) + +# Set root password for MySQL < 5.7.x. +- name: Update MySQL root password for localhost root account (< 5.7.x). + shell: > + mysql -u root -NBe + 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");' + with_items: "{{ mysql_root_hosts.stdout_lines }}" + when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' not in mysql_cli_version.stdout) + +# Has to be after the root password assignment, for idempotency. +- name: Copy .my.cnf file with root password credentials. + template: + src: "user-my.cnf.j2" + dest: "{{ mysql_user_home }}/.my.cnf" + owner: root + group: root + mode: 0600 + +- name: Get list of hosts for the anonymous user. + command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""' + register: mysql_anonymous_hosts + changed_when: false + always_run: true + +- name: Remove anonymous MySQL users. + mysql_user: + name: "" + host: "{{ item }}" + state: absent + with_items: "{{ mysql_anonymous_hosts.stdout_lines }}" + +- name: Remove MySQL test database. + mysql_db: "name='test' state=absent" diff --git a/provisioning/roles/geerlingguy.mysql/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.mysql/tasks/setup-Debian.yml new file mode 100644 index 000000000..85770f2a8 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/setup-Debian.yml @@ -0,0 +1,29 @@ +--- +- name: Check if MySQL is already installed. + stat: path=/etc/init.d/mysql + register: mysql_installed + +- name: Update apt cache if MySQL is not yet installed. + apt: update_cache=yes + when: mysql_installed.stat.exists == false + +- name: Ensure MySQL Python libraries are installed. + apt: "name=python-mysqldb state=installed" + +- name: Ensure MySQL packages are installed. + apt: "name={{ item }} state=installed" + with_items: "{{ mysql_packages }}" + register: deb_mysql_install_packages + +# Because Ubuntu starts MySQL as part of the install process, we need to stop +# mysql and remove the logfiles in case the user set a custom log file size. +- name: Ensure MySQL is stopped after initial install. + service: "name={{ mysql_daemon }} state=stopped" + when: mysql_installed.stat.exists == false + +- name: Delete innodb log files created by apt package after initial install. + file: path={{ mysql_datadir }}/{{item}} state=absent + with_items: + - "ib_logfile0" + - "ib_logfile1" + when: mysql_installed.stat.exists == false diff --git a/provisioning/roles/geerlingguy.mysql/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.mysql/tasks/setup-RedHat.yml new file mode 100644 index 000000000..fc05bee62 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/setup-RedHat.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure MySQL packages are installed. + yum: "name={{ item }} state=installed enablerepo={{ mysql_enablerepo }}" + with_items: "{{ mysql_packages }}" + register: rh_mysql_install_packages + +- name: Ensure MySQL Python libraries are installed. + yum: "name=MySQL-python state=installed enablerepo={{ mysql_enablerepo }}" diff --git a/provisioning/roles/geerlingguy.mysql/tasks/users.yml b/provisioning/roles/geerlingguy.mysql/tasks/users.yml new file mode 100644 index 000000000..6c41ce770 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tasks/users.yml @@ -0,0 +1,11 @@ +--- +- name: Ensure MySQL users are present. + mysql_user: + name: "{{ item.name }}" + host: "{{ item.host | default('localhost') }}" + password: "{{ item.password }}" + priv: "{{ item.priv | default('*.*:USAGE') }}" + state: "{{ item.state | default('present') }}" + append_privs: "{{ item.append_privs | default('no') }}" + with_items: "{{ mysql_users }}" + no_log: true diff --git a/provisioning/roles/geerlingguy.mysql/templates/my.cnf.j2 b/provisioning/roles/geerlingguy.mysql/templates/my.cnf.j2 new file mode 100644 index 000000000..c16a91d3a --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/templates/my.cnf.j2 @@ -0,0 +1,111 @@ +[client] +#password = your_password +port = {{ mysql_port }} +socket = {{ mysql_socket }} + +[mysqld] +port = {{ mysql_port }} +bind-address = {{ mysql_bind_address }} +datadir = {{ mysql_datadir }} +socket = {{ mysql_socket }} +pid-file = {{ mysql_pid_file }} +{% if mysql_skip_name_resolve %} +skip-name-resolve +{% endif %} + +# Logging configuration. +{% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %} +syslog +syslog-tag = {{ mysql_syslog_tag }} +{% else %} +{% if mysql_log %} +log = {{ mysql_log }} +{% endif %} +log-error = {{ mysql_log_error }} +{% endif %} + +{% if mysql_slow_query_log_enabled %} +# Slow query log configuration. +slow_query_log = 1 +slow_query_log_file = {{ mysql_slow_query_log_file }} +long_query_time = {{ mysql_slow_query_time }} +{% endif %} + +{% if mysql_replication_master %} +# Replication +server-id = {{ mysql_server_id }} + +{% if mysql_replication_role == 'master' %} +log_bin = mysql-bin +log-bin-index = mysql-bin.index +expire_logs_days = {{ mysql_expire_logs_days }} +max_binlog_size = {{ mysql_max_binlog_size }} +binlog_format = {{mysql_binlog_format}} + +{% for db in mysql_databases %} +{% if db.replicate|default(1) %} +binlog_do_db = {{ db.name }} +{% else %} +binlog_ignore_db = {{ db.name }} +{% endif %} +{% endfor %} +{% endif %} + +{% if mysql_replication_role == 'slave' %} +read_only +relay-log = relay-bin +relay-log-index = relay-bin.index +{% endif %} +{% endif %} + +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links = 0 + +# User is ignored when systemd is used (fedora >= 15). +user = mysql + +# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html +;performance_schema + +# Memory settings. +key_buffer_size = {{ mysql_key_buffer_size }} +max_allowed_packet = {{ mysql_max_allowed_packet }} +table_open_cache = {{ mysql_table_open_cache }} +sort_buffer_size = {{ mysql_sort_buffer_size }} +read_buffer_size = {{ mysql_read_buffer_size }} +read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }} +myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }} +thread_cache_size = {{ mysql_thread_cache_size }} +query_cache_size = {{ mysql_query_cache_size }} +max_connections = {{ mysql_max_connections }} + +# Other settings. +wait_timeout = {{ mysql_wait_timeout }} +lower_case_table_names = {{ mysql_lower_case_table_names }} + +# InnoDB settings. +{% if mysql_supports_innodb_large_prefix %} +innodb_large_prefix = {{ mysql_innodb_large_prefix }} +innodb_file_format = {{ mysql_innodb_file_format }} +{% endif %} +innodb_file_per_table = {{ mysql_innodb_file_per_table }} +innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }} +innodb_log_file_size = {{ mysql_innodb_log_file_size }} +innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }} +innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }} +innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }} + +[mysqldump] +quick +max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }} + +[mysqld_safe] +pid-file = {{ mysql_pid_file }} + +{% if mysql_config_include_files | length %} +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# +!includedir {{ mysql_config_include_dir }} +{% endif %} + diff --git a/provisioning/roles/geerlingguy.mysql/templates/user-my.cnf.j2 b/provisioning/roles/geerlingguy.mysql/templates/user-my.cnf.j2 new file mode 100644 index 000000000..95cae6622 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/templates/user-my.cnf.j2 @@ -0,0 +1,3 @@ +[client] +user={{ mysql_root_username }} +password="{{ mysql_root_password }}" diff --git a/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..8aebd6558 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,14 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +COPY initctl_faker . +RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..f81cabec6 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,14 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +COPY initctl_faker . +RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.mysql/tests/centos-7-test.yml b/provisioning/roles/geerlingguy.mysql/tests/centos-7-test.yml new file mode 100644 index 000000000..57a617147 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/centos-7-test.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + vars: + mysql_packages: + - mariadb + - mariadb-server + - mariadb-libs + - MySQL-python + - perl-DBD-MySQL + mysql_daemon: mariadb + mysql_log_error: /var/log/mariadb/mariadb.log + mysql_syslog_tag: mariadb + mysql_pid_file: /var/run/mariadb/mariadb.pid + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.mysql/tests/initctl_faker b/provisioning/roles/geerlingguy.mysql/tests/initctl_faker new file mode 100644 index 000000000..a2267f30d --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/initctl_faker @@ -0,0 +1,23 @@ +#!/bin/sh +ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" + +case "$ALIAS_CMD" in + start|stop|restart|reload|status) + exec service $1 $ALIAS_CMD + ;; +esac + +case "$1" in + list ) + exec service --status-all + ;; + reload-configuration ) + exec service $2 restart + ;; + start|stop|restart|reload|status) + exec service $2 $1 + ;; + \?) + exit 0 + ;; +esac diff --git a/provisioning/roles/geerlingguy.mysql/tests/inventory b/provisioning/roles/geerlingguy.mysql/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.mysql/tests/test.yml b/provisioning/roles/geerlingguy.mysql/tests/test.yml new file mode 100644 index 000000000..0ed0b4324 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/tests/test.yml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.mysql/vars/Debian.yml b/provisioning/roles/geerlingguy.mysql/vars/Debian.yml new file mode 100644 index 000000000..e191526e0 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/vars/Debian.yml @@ -0,0 +1,10 @@ +--- +__mysql_daemon: mysql +__mysql_packages: + - mysql-common + - mysql-server +__mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log +mysql_config_file: /etc/mysql/my.cnf +mysql_config_include_dir: /etc/mysql/conf.d +mysql_socket: /var/run/mysqld/mysqld.sock +mysql_supports_innodb_large_prefix: false diff --git a/provisioning/roles/geerlingguy.mysql/vars/RedHat-6.yml b/provisioning/roles/geerlingguy.mysql/vars/RedHat-6.yml new file mode 100644 index 000000000..2cb7e3827 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/vars/RedHat-6.yml @@ -0,0 +1,10 @@ +--- +__mysql_daemon: mysqld +__mysql_packages: + - mysql + - mysql-server +__mysql_slow_query_log_file: /var/log/mysql-slow.log +mysql_config_file: /etc/my.cnf +mysql_config_include_dir: /etc/my.cnf.d +mysql_socket: /var/lib/mysql/mysql.sock +mysql_supports_innodb_large_prefix: false diff --git a/provisioning/roles/geerlingguy.mysql/vars/RedHat-7.yml b/provisioning/roles/geerlingguy.mysql/vars/RedHat-7.yml new file mode 100644 index 000000000..60cefcd91 --- /dev/null +++ b/provisioning/roles/geerlingguy.mysql/vars/RedHat-7.yml @@ -0,0 +1,16 @@ +--- +__mysql_daemon: mariadb +__mysql_packages: + - mariadb + - mariadb-server + - mariadb-libs + - MySQL-python + - perl-DBD-MySQL +__mysql_slow_query_log_file: /var/log/mysql-slow.log +mysql_log_error: /var/log/mariadb/mariadb.log +mysql_syslog_tag: mariadb +mysql_pid_file: /var/run/mariadb/mariadb.pid +mysql_config_file: /etc/my.cnf +mysql_config_include_dir: /etc/my.cnf.d +mysql_socket: /var/lib/mysql/mysql.sock +mysql_supports_innodb_large_prefix: false diff --git a/provisioning/roles/geerlingguy.nginx/.travis.yml b/provisioning/roles/geerlingguy.nginx/.travis.yml new file mode 100644 index 000000000..13d7de0a9 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/.travis.yml @@ -0,0 +1,39 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # TODO - get the test working. Probably need to add a virtual host. + # Request a page via Nginx, to make sure Nginx is running and responds. + # - "curl http://localhost/" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.nginx/README.md b/provisioning/roles/geerlingguy.nginx/README.md new file mode 100644 index 000000000..854fa3294 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/README.md @@ -0,0 +1,122 @@ +# Ansible Role: Nginx + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx) + +Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, or FreeBSD servers. + +This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + nginx_vhosts: [] + +A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. + + nginx_vhosts: + - listen: "80 default_server" + server_name: "example.com" + root: "/var/www/example.com" + index: "index.php index.html index.htm" + error_page: "" + access_log: "" + error_log: "" + extra_parameters: | + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`. + + nginx_remove_default_vhost: false + +Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. + + nginx_upstreams: [] + +If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information. + + nginx_user: "nginx" + +The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. + + nginx_worker_processes: "1" + nginx_worker_connections: "1024" + nginx_multi_accept: "off" + +`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately. + + nginx_error_log: "/var/log/nginx/error.log warn" + nginx_access_log: "/var/log/nginx/access.log main buffer=16k" + +Configuration of the default error and access logs. Set to `off` to disable a log entirely. + + nginx_sendfile: "on" + nginx_tcp_nopush: "on" + nginx_tcp_nodelay: "on" + +TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives. + + nginx_keepalive_timeout: "65" + nginx_keepalive_requests: "100" + +Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. + + nginx_client_max_body_size: "64m" + +This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. + + nginx_server_names_hash_bucket_size: "64" + +If you have many server names, or have very long server names, you might get an Nginx error on startup requiring this value to be increased. + + nginx_proxy_cache_path: "" + +Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + + nginx_extra_http_options: "" + +Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example: + + nginx_extra_http_options: | + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + + nginx_default_release: "" + +(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. + + nginx_ppa_use: false + nginx_ppa_version: stable + +(For Ubuntu only) Allows you to use the official Nginx PPA instead of the system's package. You can set the version to `stable` or `development`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: server + roles: + - { role: geerlingguy.nginx } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.nginx/defaults/main.yml b/provisioning/roles/geerlingguy.nginx/defaults/main.yml new file mode 100644 index 000000000..620dc098e --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/defaults/main.yml @@ -0,0 +1,68 @@ +--- +# Used only for Debian/Ubuntu installation, as the -t option for apt. +nginx_default_release: "" + +# Use the official Nginx PPA for Ubuntu, and the version to use if so. +nginx_ppa_use: false +nginx_ppa_version: stable + +# The name of the nginx apt/yum package to install. +nginx_package_name: "nginx" + +nginx_worker_processes: "1" +nginx_worker_connections: "1024" +nginx_multi_accept: "off" + +nginx_error_log: "/var/log/nginx/error.log warn" +nginx_access_log: "/var/log/nginx/access.log main buffer=16k" + +nginx_sendfile: "on" +nginx_tcp_nopush: "on" +nginx_tcp_nodelay: "on" + +nginx_keepalive_timeout: "65" +nginx_keepalive_requests: "100" + +nginx_client_max_body_size: "64m" + +nginx_server_names_hash_bucket_size: "64" + +nginx_proxy_cache_path: "" + +nginx_extra_conf_options: "" +# Example extra main options, used within the main nginx's context: +# nginx_extra_conf_options: | +# env VARIABLE; +# include /etc/nginx/main.d/*.conf; + +nginx_extra_http_options: "" +# Example extra http options, printed inside the main server http config: +# nginx_extra_http_options: | +# proxy_buffering off; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Scheme $scheme; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $http_host; + +nginx_remove_default_vhost: false +nginx_vhosts: [] +# Example vhost below, showing all available options: +# - listen: "80 default_server" # default: "80 default_server" +# server_name: "example.com" # default: N/A +# root: "/var/www/example.com" # default: N/A +# index: "index.html index.htm" # default: "index.html index.htm" +# +# # Properties that are only added if defined: +# error_page: "" +# access_log: "" +# error_log: "" +# extra_parameters: "" # Can be used to add extra config blocks (multiline). + +nginx_upstreams: [] +# - name: myapp1 +# strategy: "ip_hash" # "least_conn", etc. +# servers: { +# "srv1.example.com", +# "srv2.example.com weight=3", +# "srv3.example.com" +# } diff --git a/provisioning/roles/geerlingguy.nginx/handlers/main.yml b/provisioning/roles/geerlingguy.nginx/handlers/main.yml new file mode 100644 index 000000000..3f6d02478 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart nginx + service: name=nginx state=restarted + +- name: validate nginx configuration + command: nginx -t -c /etc/nginx/nginx.conf + changed_when: False + +- name: reload nginx + service: name=nginx state=reloaded diff --git a/provisioning/roles/geerlingguy.nginx/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.nginx/meta/.galaxy_install_info new file mode 100644 index 000000000..dbf11e272 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:19 2016', version: 1.9.2} diff --git a/provisioning/roles/geerlingguy.nginx/meta/main.yml b/provisioning/roles/geerlingguy.nginx/meta/main.yml new file mode 100644 index 000000000..fab65e4ea --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/meta/main.yml @@ -0,0 +1,30 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Nginx installation for Linux and FreeBSD. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + - name: FreeBSD + versions: + - 10.3 + - 10.2 + - 10.1 + - 10.0 + - 9.3 + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.nginx/tasks/main.yml b/provisioning/roles/geerlingguy.nginx/tasks/main.yml new file mode 100644 index 000000000..23638387f --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/main.yml @@ -0,0 +1,39 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define nginx_user. + set_fact: + nginx_user: "{{ __nginx_user }}" + when: nginx_user is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include: setup-FreeBSD.yml + when: ansible_os_family == 'FreeBSD' + +# Vhost configuration. +- include: vhosts.yml + +# Nginx setup. +- name: Copy nginx configuration in place. + template: + src: nginx.conf.j2 + dest: "{{ nginx_conf_file_path }}" + owner: root + group: "{{ root_group }}" + mode: 0644 + notify: + - reload nginx + +- name: Ensure nginx is started and enabled to start at boot. + service: name=nginx state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.nginx/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.nginx/tasks/setup-Debian.yml new file mode 100644 index 000000000..43f9ab84d --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/setup-Debian.yml @@ -0,0 +1,9 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure nginx is installed. + apt: + name: "{{ nginx_package_name }}" + state: installed + default_release: "{{ nginx_default_release }}" diff --git a/provisioning/roles/geerlingguy.nginx/tasks/setup-FreeBSD.yml b/provisioning/roles/geerlingguy.nginx/tasks/setup-FreeBSD.yml new file mode 100644 index 000000000..7aa883769 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/setup-FreeBSD.yml @@ -0,0 +1,13 @@ +--- +- name: Update pkg cache. + shell: pkg update -f + +- name: Ensure nginx is installed. + pkgng: + name: "{{ nginx_package_name }}" + state: present + +- name: Create logs directory. + file: + path: /var/log/nginx + state: directory diff --git a/provisioning/roles/geerlingguy.nginx/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.nginx/tasks/setup-RedHat.yml new file mode 100644 index 000000000..a1563b79c --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/setup-RedHat.yml @@ -0,0 +1,14 @@ +--- +- name: Enable nginx repo. + template: + src: nginx.repo.j2 + dest: /etc/yum.repos.d/nginx.repo + owner: root + group: root + mode: 0644 + +- name: Ensure nginx is installed. + yum: + name: "{{ nginx_package_name }}" + state: installed + enablerepo: nginx diff --git a/provisioning/roles/geerlingguy.nginx/tasks/setup-Ubuntu.yml b/provisioning/roles/geerlingguy.nginx/tasks/setup-Ubuntu.yml new file mode 100644 index 000000000..920dc0b2b --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/setup-Ubuntu.yml @@ -0,0 +1,14 @@ +--- +- name: Add PPA for Nginx. + apt_repository: + repo: 'ppa:nginx/{{ nginx_ppa_version }}' + state: present + update_cache: yes + register: nginx_ppa_added + when: nginx_ppa_use + +- name: Ensure nginx will reinstall if the PPA was just added. + apt: + name: nginx + state: absent + when: nginx_ppa_added.changed diff --git a/provisioning/roles/geerlingguy.nginx/tasks/vhosts.yml b/provisioning/roles/geerlingguy.nginx/tasks/vhosts.yml new file mode 100644 index 000000000..583ff7773 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tasks/vhosts.yml @@ -0,0 +1,26 @@ +--- +- name: Remove default nginx vhost config file (if configured). + file: + path: "{{ nginx_default_vhost_path }}" + state: absent + when: nginx_remove_default_vhost + notify: + - reload nginx + +- name: Add managed vhost config file (if any vhosts are configured). + template: + src: vhosts.j2 + dest: "{{ nginx_vhost_path }}/vhosts.conf" + mode: 0644 + when: nginx_vhosts|length > 0 + notify: + - reload nginx + +- name: Remove managed vhost config file (if no vhosts are configured). + file: + path: "{{ nginx_vhost_path }}/vhosts.conf" + state: absent + when: nginx_vhosts|length == 0 + notify: + - reload nginx + diff --git a/provisioning/roles/geerlingguy.nginx/templates/nginx.conf.j2 b/provisioning/roles/geerlingguy.nginx/templates/nginx.conf.j2 new file mode 100644 index 000000000..e9499e706 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/templates/nginx.conf.j2 @@ -0,0 +1,63 @@ +user {{ nginx_user }}; + +error_log {{ nginx_error_log }}; +pid {{ nginx_pidfile }}; + +worker_processes {{ nginx_worker_processes }}; + +events { + worker_connections {{ nginx_worker_connections }}; + multi_accept {{ nginx_multi_accept }}; +} + +{% if nginx_extra_conf_options %} +{{ nginx_extra_conf_options }} +{% endif %} + +http { + include {{ nginx_mime_file_path }}; + default_type application/octet-stream; + + server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }}; + + client_max_body_size {{ nginx_client_max_body_size }}; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log {{ nginx_access_log }}; + + sendfile {{ nginx_sendfile }}; + tcp_nopush {{ nginx_tcp_nopush }}; + tcp_nodelay {{ nginx_tcp_nodelay }}; + + keepalive_timeout {{ nginx_keepalive_timeout }}; + keepalive_requests {{ nginx_keepalive_requests }}; + + #gzip on; + +{% if nginx_proxy_cache_path %} + proxy_cache_path {{ nginx_proxy_cache_path }}; +{% endif %} + +{% if nginx_extra_http_options %} + {{ nginx_extra_http_options }} +{% endif %} + +{% for upstream in nginx_upstreams %} + upstream {{ upstream.name }} { +{% if upstream.strategy is defined %} + {{ upstream.strategy }}; +{% endif %} +{% for server in upstream.servers %} + server {{ server }}; +{% endfor %} + } +{% endfor %} + + include {{ nginx_conf_path }}/*.conf; +{% if nginx_conf_path != nginx_vhost_path %} + include {{ nginx_vhost_path }}/*; +{% endif %} +} diff --git a/provisioning/roles/geerlingguy.nginx/templates/nginx.repo.j2 b/provisioning/roles/geerlingguy.nginx/templates/nginx.repo.j2 new file mode 100644 index 000000000..9a853b70b --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/templates/nginx.repo.j2 @@ -0,0 +1,5 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/ +gpgcheck=0 +enabled=1 diff --git a/provisioning/roles/geerlingguy.nginx/templates/vhosts.j2 b/provisioning/roles/geerlingguy.nginx/templates/vhosts.j2 new file mode 100644 index 000000000..04dbf9ea3 --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/templates/vhosts.j2 @@ -0,0 +1,33 @@ +{% for vhost in nginx_vhosts %} +server { + listen {{ vhost.listen | default('80 default_server') }}; + + {% if vhost.server_name is defined %} + server_name {{ vhost.server_name }}; + {% endif %} + + {% if vhost.root is defined %} + root {{ vhost.root }}; + {% endif %} + + index {{ vhost.index | default('index.html index.htm') }}; + + {% if vhost.error_page is defined %} + error_page {{ vhost.error_page }}; + {% endif %} + {% if vhost.access_log is defined %} + access_log {{ vhost.access_log }}; + {% endif %} + {% if vhost.error_log is defined %} + error_log {{ vhost.error_log }} error; + {% endif %} + + {% if vhost.return is defined %} + return {{ vhost.return }}; + {% endif %} + + {% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} + {% endif %} +} +{% endfor %} diff --git a/provisioning/roles/geerlingguy.nginx/tests/inventory b/provisioning/roles/geerlingguy.nginx/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.nginx/tests/test.yml b/provisioning/roles/geerlingguy.nginx/tests/test.yml new file mode 100644 index 000000000..5b55b97fb --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + roles: + - role: ansible-role-nginx + nginx_use_ppa: true diff --git a/provisioning/roles/geerlingguy.nginx/vars/Debian.yml b/provisioning/roles/geerlingguy.nginx/vars/Debian.yml new file mode 100644 index 000000000..cb127706c --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/vars/Debian.yml @@ -0,0 +1,9 @@ +--- +root_group: root +nginx_conf_path: /etc/nginx/conf.d +nginx_conf_file_path: /etc/nginx/nginx.conf +nginx_mime_file_path: /etc/nginx/mime.types +nginx_pidfile: /run/nginx.pid +nginx_vhost_path: /etc/nginx/sites-enabled +nginx_default_vhost_path: /etc/nginx/sites-enabled/default +__nginx_user: "www-data" diff --git a/provisioning/roles/geerlingguy.nginx/vars/FreeBSD.yml b/provisioning/roles/geerlingguy.nginx/vars/FreeBSD.yml new file mode 100644 index 000000000..b032f98bc --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/vars/FreeBSD.yml @@ -0,0 +1,9 @@ +--- +root_group: wheel +nginx_conf_path: /usr/local/etc/nginx/conf.d +nginx_conf_file_path: /usr/local/etc/nginx/nginx.conf +nginx_mime_file_path: /usr/local/etc/nginx/mime.types +nginx_pidfile: /var/run/nginx.pid +nginx_vhost_path: /usr/local/etc/nginx/sites-enabled +nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default +__nginx_user: "www" diff --git a/provisioning/roles/geerlingguy.nginx/vars/RedHat.yml b/provisioning/roles/geerlingguy.nginx/vars/RedHat.yml new file mode 100644 index 000000000..0138f8daa --- /dev/null +++ b/provisioning/roles/geerlingguy.nginx/vars/RedHat.yml @@ -0,0 +1,9 @@ +--- +root_group: root +nginx_conf_path: /etc/nginx/conf.d +nginx_conf_file_path: /etc/nginx/nginx.conf +nginx_mime_file_path: /etc/nginx/mime.types +nginx_pidfile: /var/run/nginx.pid +nginx_vhost_path: /etc/nginx/conf.d +nginx_default_vhost_path: /etc/nginx/conf.d/default.conf +__nginx_user: "nginx" diff --git a/provisioning/roles/geerlingguy.nodejs/.travis.yml b/provisioning/roles/geerlingguy.nodejs/.travis.yml new file mode 100644 index 000000000..6512b6b9e --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/.travis.yml @@ -0,0 +1,62 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure Node.js is installed. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which node' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm node -v' + + # Ensure npm packages are installed globally. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm bash --login -c "npm list -g --depth=0 jslint"' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm bash --login -c "npm list -g --depth=0 node-sass"' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm bash --login -c "npm list -g --depth=0 yo"' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.nodejs/README.md b/provisioning/roles/geerlingguy.nodejs/README.md new file mode 100644 index 000000000..0fce6fcb4 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/README.md @@ -0,0 +1,66 @@ +# Ansible Role: Node.js + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nodejs.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nodejs) + +Installs Node.js on RHEL/CentOS or Debian/Ubuntu. + +## Requirements + +Requires the EPEL repository on RedHat/CentOS (you can install it by simply adding the `geerlingguy.repo-epel` role to your playbook). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + nodejs_version: "0.12" + +The Node.js version to install. "0.12" is the default and works on all supported OSes. Other versions such as "0.10", "4.x", "5.x", and "6.x" should work on the latest versions of Debian/Ubuntu and RHEL/CentOS. + + nodejs_install_npm_user: "{{ ansible_ssh_user }}" + +The user for whom the npm packages will be installed can be set here, this defaults to ansible_user + + npm_config_prefix: "~/.npm-global" + +The global installation directory. This should be writeable by the nodejs_install_npm_user. + + npm_config_unsafe_perm: "false" + +Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail. + + nodejs_npm_global_packages: [] + +Add a list of npm packages with a `name` and (optional) `version` to be installed globally. For example: + + nodejs_npm_global_packages: + # Install a specific version of a package. + - name: jslint + version: 0.9.3 + # Install the latest stable release of a package. + - name: node-sass + +## Dependencies + +None. + +## Example Playbook + + - hosts: utility + vars_files: + - vars/main.yml + roles: + - geerlingguy.nodejs + +*Inside `vars/main.yml`*: + + nodejs_npm_global_packages: + - name: jslint + - name: node-sass + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.nodejs/defaults/main.yml b/provisioning/roles/geerlingguy.nodejs/defaults/main.yml new file mode 100644 index 000000000..9a2b39227 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# Set the version of Node.js to install ("0.10", "0.12", "4.x", "5.x", "6.x"). +# Version numbers from Nodesource: https://github.com/nodesource/distributions +nodejs_version: "0.12" + +# The user for whom the npm packages will be installed. +# nodejs_install_npm_user: username + +# The directory for global installations. +npm_config_prefix: "/usr/local/lib/npm" + +# Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail. +npm_config_unsafe_perm: "false" + +# Define a list of global packages to be installed with NPM. +nodejs_npm_global_packages: [] +# # Install a specific version of a package. +# - name: jslint +# version: 0.9.3 +# # Install the latest stable release of a package. +# - name: node-sass diff --git a/provisioning/roles/geerlingguy.nodejs/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.nodejs/meta/.galaxy_install_info new file mode 100644 index 000000000..1f626c47a --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:23 2016', version: 3.2.0} diff --git a/provisioning/roles/geerlingguy.nodejs/meta/main.yml b/provisioning/roles/geerlingguy.nodejs/meta/main.yml new file mode 100644 index 000000000..8925daaf8 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/meta/main.yml @@ -0,0 +1,27 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Node.js installation for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - xenial + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.nodejs/tasks/main.yml b/provisioning/roles/geerlingguy.nodejs/tasks/main.yml new file mode 100644 index 000000000..70b650367 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Define nodejs_install_npm_user + set_fact: + nodejs_install_npm_user: "{{ ansible_user }}" + when: nodejs_install_npm_user is not defined + +- name: Create npm global directory + file: + path: "{{ npm_config_prefix }}" + owner: "{{ nodejs_install_npm_user }}" + group: "{{ nodejs_install_npm_user }}" + state: directory + +- name: Add npm_config_prefix bin directory to global $PATH. + template: + src: npm.sh.j2 + dest: /etc/profile.d/npm.sh + mode: 0644 + +# TODO: Remove this task after Ansible 2.x npm module bug is fixed. See: +# https://github.com/ansible/ansible-modules-extras/issues/1375 +- name: Ensure npm global packages are installed. + npm: + name: "{{ item.name }}" + version: "{{ item.version | default('latest') }}" + global: yes + state: present + environment: + NPM_CONFIG_PREFIX: "{{ npm_config_prefix }}" + NODE_PATH: "{{ npm_config_prefix }}/lib/node_modules" + NPM_CONFIG_UNSAFE_PERM: "{{ npm_config_unsafe_perm }}" + with_items: "{{ nodejs_npm_global_packages }}" + +- name: Ensure npm global packages are at the latest release. + npm: + name: "{{ item.name }}" + version: "{{ item.version | default('latest') }}" + global: yes + state: latest + environment: + NPM_CONFIG_PREFIX: "{{ npm_config_prefix }}" + NODE_PATH: "{{ npm_config_prefix }}/lib/node_modules" + NPM_CONFIG_UNSAFE_PERM: "{{ npm_config_unsafe_perm }}" + with_items: "{{ nodejs_npm_global_packages }}" diff --git a/provisioning/roles/geerlingguy.nodejs/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.nodejs/tasks/setup-Debian.yml new file mode 100644 index 000000000..f88c4eef0 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tasks/setup-Debian.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure apt-transport-https is installed. + apt: name=apt-transport-https state=present + +- name: Add Nodesource apt key. + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + state: present + +- name: Add NodeSource repositories for Node.js. + apt_repository: + repo: "{{ item }}" + state: present + with_items: + - "deb https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main" + - "deb-src https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main" + register: node_repo + +- name: Update apt cache if repo was added. + apt: update_cache=yes + when: node_repo.changed + +- name: Ensure Node.js and npm are installed. + apt: "name=nodejs={{ nodejs_version|regex_replace('x', '') }}* state=present" diff --git a/provisioning/roles/geerlingguy.nodejs/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.nodejs/tasks/setup-RedHat.yml new file mode 100644 index 000000000..984b1814d --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tasks/setup-RedHat.yml @@ -0,0 +1,18 @@ +--- +- name: Set up the Nodesource RPM directory for Node.js > 0.10. + set_fact: + nodejs_rhel_rpm_dir: "pub_{{ nodejs_version }}" + when: nodejs_version != '0.10' + +- name: Set up the Nodesource RPM variable for Node.js == 0.10. + set_fact: + nodejs_rhel_rpm_dir: "pub" + when: nodejs_version == '0.10' + +- name: Add Nodesource repositories for Node.js. + yum: + name: "https://rpm.nodesource.com/{{ nodejs_rhel_rpm_dir }}/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm" + state: present + +- name: Ensure Node.js and npm are installed. + yum: "name=nodejs state=present enablerepo='epel,nodesource'" diff --git a/provisioning/roles/geerlingguy.nodejs/templates/npm.sh.j2 b/provisioning/roles/geerlingguy.nodejs/templates/npm.sh.j2 new file mode 100644 index 000000000..67caa7897 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/templates/npm.sh.j2 @@ -0,0 +1,3 @@ +export PATH={{ npm_config_prefix }}/bin:$PATH +export NPM_CONFIG_PREFIX={{ npm_config_prefix }} +export NODE_PATH=$NODE_PATH:{{ npm_config_prefix }}/lib/node_modules diff --git a/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.nodejs/tests/test.yml b/provisioning/roles/geerlingguy.nodejs/tests/test.yml new file mode 100644 index 000000000..9dfa879bf --- /dev/null +++ b/provisioning/roles/geerlingguy.nodejs/tests/test.yml @@ -0,0 +1,29 @@ +--- +- hosts: all + + vars: + nodejs_version: "5.x" + nodejs_install_npm_user: root + npm_config_prefix: /root/.npm-global + npm_config_unsafe_perm: "true" + nodejs_npm_global_packages: + - name: node-sass + - name: jslint + version: 0.9.6 + - name: yo + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: 'name="{{ item }}" state=present' + with_items: + - which + when: ansible_os_family == 'RedHat' + + - name: Ensure build dependencies are installed (Debian). + apt: 'name="{{ item }}" state=installed' + with_items: + - sudo + when: ansible_os_family == 'Debian' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.php-memcached/.travis.yml b/provisioning/roles/geerlingguy.php-memcached/.travis.yml new file mode 100644 index 000000000..8115dc351 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/.travis.yml @@ -0,0 +1,40 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install dependencies. + - ansible-galaxy install geerlingguy.memcached geerlingguy.php + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Run script to test if Memcached is available and working. + - php tests/memcached-test.php + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-memcached/README.md b/provisioning/roles/geerlingguy.php-memcached/README.md new file mode 100644 index 000000000..b565c6781 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/README.md @@ -0,0 +1,39 @@ +# Ansible Role: PHP-Memcached + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-memcached.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-memcached) + +Installs PHP Memcached support on RedHat/CentOS/Debian/Ubuntu. + +## Requirements + +This role doesn't *explicitly* require Memcached to be installed, but if you don't have the daemon running somewhere (either on the same server, or somewhere else), this role won't be all that helpful. Check out `geerlingguy.memcached` for a simple role to install and configure Memcached (either on the same server, or separate servers). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install the latest version of PHP from Remi's repository. + + php_memcached_package: php-memcached + +The package to install for PHP Memcached support. For Debian/Ubuntu and PHP 5.x, use `php5-memcached`. + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.php-memcached } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-memcached/defaults/main.yml b/provisioning/roles/geerlingguy.php-memcached/defaults/main.yml new file mode 100644 index 000000000..f6a43ca96 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). +php_enablerepo: "" diff --git a/provisioning/roles/geerlingguy.php-memcached/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-memcached/meta/.galaxy_install_info new file mode 100644 index 000000000..d2366c484 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:30 2016', version: 2.0.0} diff --git a/provisioning/roles/geerlingguy.php-memcached/meta/main.yml b/provisioning/roles/geerlingguy.php-memcached/meta/main.yml new file mode 100644 index 000000000..02d5e2087 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/meta/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PHP Memcached support for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - database + - web diff --git a/provisioning/roles/geerlingguy.php-memcached/tasks/main.yml b/provisioning/roles/geerlingguy.php-memcached/tasks/main.yml new file mode 100644 index 000000000..f11ffab53 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_memcached_package. + set_fact: + php_memcached_package: "{{ __php_memcached_package }}" + when: php_memcached_package is not defined + +- name: Install PHP Memcached extension (RedHat). + yum: + name: "{{ php_memcached_package }}" + state: installed + enablerepo: "{{ php_enablerepo }}" + notify: + - restart webserver + - restart php-fpm + when: ansible_os_family == 'RedHat' + +- name: Install PHP Memcached extension (Debian). + apt: + name: "{{ php_memcached_package }}" + state: installed + notify: + - restart webserver + - restart php-fpm + when: ansible_os_family == 'Debian' diff --git a/provisioning/roles/geerlingguy.php-memcached/tests/inventory b/provisioning/roles/geerlingguy.php-memcached/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-memcached/tests/memcached-test.php b/provisioning/roles/geerlingguy.php-memcached/tests/memcached-test.php new file mode 100644 index 000000000..4d16d96ca --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/tests/memcached-test.php @@ -0,0 +1,35 @@ +addServer('127.0.0.1', 11211); + + // Test adding a value to memcached. + if ($memcached->add($key, $value, 1)) { + $result = $memcached->get($key); + + // If we get the expected result, it was a success. + if ($result == $value) { + $success = TRUE; + print "Memcached connection successful.\r\n"; + exit(0); + } + } +} + +if (!$success) { + print "Memcached not working properly.\r\n"; + exit(1); +} diff --git a/provisioning/roles/geerlingguy.php-memcached/tests/test.yml b/provisioning/roles/geerlingguy.php-memcached/tests/test.yml new file mode 100644 index 000000000..8ff255785 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/tests/test.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + remote_user: root + + vars: + php_enable_webserver: false + php_memcached_package: php5-memcached + + roles: + - geerlingguy.memcached + - geerlingguy.php + - ansible-role-php-memcached diff --git a/provisioning/roles/geerlingguy.php-memcached/vars/Debian.yml b/provisioning/roles/geerlingguy.php-memcached/vars/Debian.yml new file mode 100644 index 000000000..456072e2f --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/vars/Debian.yml @@ -0,0 +1,2 @@ +--- +__php_memcached_package: php-memcached diff --git a/provisioning/roles/geerlingguy.php-memcached/vars/RedHat.yml b/provisioning/roles/geerlingguy.php-memcached/vars/RedHat.yml new file mode 100644 index 000000000..73c7bf134 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-memcached/vars/RedHat.yml @@ -0,0 +1,2 @@ +--- +__php_memcached_package: php-pecl-memcached diff --git a/provisioning/roles/geerlingguy.php-mysql/.travis.yml b/provisioning/roles/geerlingguy.php-mysql/.travis.yml new file mode 100644 index 000000000..293ca81d0 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/.travis.yml @@ -0,0 +1,56 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure PHP mysql support is enabled. + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php -i | grep 'MySQL Support => enabled' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-mysql/README.md b/provisioning/roles/geerlingguy.php-mysql/README.md new file mode 100644 index 000000000..dcc731417 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/README.md @@ -0,0 +1,40 @@ +# Ansible Role: PHP-MySQL + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-mysql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-mysql) + +Installs PHP MySQL support on RedHat/CentOS/Debian/Ubuntu. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install the latest version of PHP 5.4, which is in the Remi repository. + + php_mysql_package: php-mysql # RedHat + php_mysql_package: php5-mysql # Debian + +The PHP MySQL package to install via apt/yum. This should only be overridden if you need to install a unique/special package for MySQL support, as in the case of using software collections on Enterprise Linux. + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.php-mysql } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-mysql/defaults/main.yml b/provisioning/roles/geerlingguy.php-mysql/defaults/main.yml new file mode 100644 index 000000000..f6a43ca96 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). +php_enablerepo: "" diff --git a/provisioning/roles/geerlingguy.php-mysql/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-mysql/meta/.galaxy_install_info new file mode 100644 index 000000000..5c2d3df86 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:34 2016', version: 2.0.0} diff --git a/provisioning/roles/geerlingguy.php-mysql/meta/main.yml b/provisioning/roles/geerlingguy.php-mysql/meta/main.yml new file mode 100644 index 000000000..b46eaeffa --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PHP MySQL support for RedHat/CentOS and Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - database + - web diff --git a/provisioning/roles/geerlingguy.php-mysql/tasks/main.yml b/provisioning/roles/geerlingguy.php-mysql/tasks/main.yml new file mode 100644 index 000000000..bf5c8a07c --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tasks/main.yml @@ -0,0 +1,29 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_mysql_package. + set_fact: + php_mysql_package: "{{ __php_mysql_package }}" + when: php_mysql_package is not defined + +# Installation. +- name: Install PHP MySQL dependencies (RedHat). + yum: + name: "{{ php_mysql_package }}" + state: present + enablerepo: "{{ php_enablerepo }}" + notify: + - restart webserver + - restart php-fpm + when: ansible_os_family == 'RedHat' + +- name: Install PHP MySQL dependencies (Debian). + apt: + name: "{{ php_mysql_package }}" + state: present + notify: + - restart webserver + - restart php-fpm + when: ansible_os_family == 'Debian' diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..db3f5b684 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-6 @@ -0,0 +1,18 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir - p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..55bc14de6 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.centos-7 @@ -0,0 +1,30 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir - p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..f81cabec6 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,14 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +COPY initctl_faker . +RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/centos7-vars.yml b/provisioning/roles/geerlingguy.php-mysql/tests/centos7-vars.yml new file mode 100644 index 000000000..1b0b69304 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/centos7-vars.yml @@ -0,0 +1,11 @@ +--- +mysql_packages: + - mariadb + - mariadb-server + - mariadb-libs + - MySQL-python + - perl-DBD-MySQL +mysql_daemon: mariadb +mysql_log_error: /var/log/mariadb/mariadb.log +mysql_syslog_tag: mariadb +mysql_pid_file: /var/run/mariadb/mariadb.pid diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/initctl_faker b/provisioning/roles/geerlingguy.php-mysql/tests/initctl_faker new file mode 100644 index 000000000..a2267f30d --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/initctl_faker @@ -0,0 +1,23 @@ +#!/bin/sh +ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" + +case "$ALIAS_CMD" in + start|stop|restart|reload|status) + exec service $1 $ALIAS_CMD + ;; +esac + +case "$1" in + list ) + exec service --status-all + ;; + reload-configuration ) + exec service $2 restart + ;; + start|stop|restart|reload|status) + exec service $2 $1 + ;; + \?) + exit 0 + ;; +esac diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/inventory b/provisioning/roles/geerlingguy.php-mysql/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/requirements.yml b/provisioning/roles/geerlingguy.php-mysql/tests/requirements.yml new file mode 100644 index 000000000..d11269582 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/requirements.yml @@ -0,0 +1,5 @@ +--- +- src: geerlingguy.repo-remi +- src: geerlingguy.apache +- src: geerlingguy.mysql +- src: geerlingguy.php diff --git a/provisioning/roles/geerlingguy.php-mysql/tests/test.yml b/provisioning/roles/geerlingguy.php-mysql/tests/test.yml new file mode 100644 index 000000000..2ac82459b --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/tests/test.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + remote_user: root + + vars: + php_version: 5.6 + php_enablerepo: "remi,remi-php56" + + pre_tasks: + - name: Include CentOS 7-specific vars. + include_vars: centos7-vars.yml + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "7" + + - name: Add repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + when: ansible_os_family == 'Debian' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - geerlingguy.apache + - geerlingguy.mysql + - geerlingguy.php + - role_under_test diff --git a/provisioning/roles/geerlingguy.php-mysql/vars/Debian.yml b/provisioning/roles/geerlingguy.php-mysql/vars/Debian.yml new file mode 100644 index 000000000..7ba3ec0e5 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/vars/Debian.yml @@ -0,0 +1,2 @@ +--- +__php_mysql_package: php7.0-mysql diff --git a/provisioning/roles/geerlingguy.php-mysql/vars/RedHat.yml b/provisioning/roles/geerlingguy.php-mysql/vars/RedHat.yml new file mode 100644 index 000000000..d10126b4c --- /dev/null +++ b/provisioning/roles/geerlingguy.php-mysql/vars/RedHat.yml @@ -0,0 +1,2 @@ +--- +__php_mysql_package: php-mysql diff --git a/provisioning/roles/geerlingguy.php-pecl/.travis.yml b/provisioning/roles/geerlingguy.php-pecl/.travis.yml new file mode 100644 index 000000000..e0a3f7cc7 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/.travis.yml @@ -0,0 +1,43 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install required dependencies. + - ansible-galaxy install geerlingguy.php + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure Pecl is installed. + - > + which pecl + && (echo 'Pecl is installed' && exit 0) + || (echo 'Pecl is not installed' && exit 1) + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-pecl/README.md b/provisioning/roles/geerlingguy.php-pecl/README.md new file mode 100644 index 000000000..cf642b1ca --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/README.md @@ -0,0 +1,45 @@ +# Ansible Role: PHP PECL extensions + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-pecl.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-pecl) + +Installs PHP PECL extensions on servers with PHP already installed. + +## Requirements + +PHP must already be installed on the server (along with the package `php-pear`), so the `pecl` command can be run. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_pecl_extensions: [] + +A list of extensions that should be installed via `pecl install`. If you'd like to have this role install extensions like XDebug, just add it in the list, like so: + + php_pecl_extensions: + - xdebug + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.php-pecl } + +*Inside `vars/main.yml`*: + + php_pecl_extensions: + - xdebug + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-pecl/defaults/main.yml b/provisioning/roles/geerlingguy.php-pecl/defaults/main.yml new file mode 100644 index 000000000..397c65753 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# Add extensions to this list to have them installed with this role. +php_pecl_extensions: [] + # - xdebug diff --git a/provisioning/roles/geerlingguy.php-pecl/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-pecl/meta/.galaxy_install_info new file mode 100644 index 000000000..65a0492ff --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:37 2016', version: 1.2.1} diff --git a/provisioning/roles/geerlingguy.php-pecl/meta/main.yml b/provisioning/roles/geerlingguy.php-pecl/meta/main.yml new file mode 100644 index 000000000..06c138d81 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PHP PECL extension installation. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.php-pecl/tasks/main.yml b/provisioning/roles/geerlingguy.php-pecl/tasks/main.yml new file mode 100644 index 000000000..840b61e70 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Install PECL libaries. + shell: "yes \"\" | pecl install {{ item }}" + register: pecl_result + changed_when: "pecl_result.rc == 0" + failed_when: "not (('already installed' in pecl_result.stdout) or ('install ok:' in pecl_result.stdout))" + with_items: "{{ php_pecl_extensions }}" diff --git a/provisioning/roles/geerlingguy.php-pecl/tests/inventory b/provisioning/roles/geerlingguy.php-pecl/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-pecl/tests/test.yml b/provisioning/roles/geerlingguy.php-pecl/tests/test.yml new file mode 100644 index 000000000..a1369f2e5 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-pecl/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + roles: + - geerlingguy.php + - ansible-role-php-pecl diff --git a/provisioning/roles/geerlingguy.php-redis/.travis.yml b/provisioning/roles/geerlingguy.php-redis/.travis.yml new file mode 100644 index 000000000..f4fe38645 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/.travis.yml @@ -0,0 +1,40 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install dependencies. + - ansible-galaxy install geerlingguy.redis geerlingguy.php + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Run script to test if Redis is available and working. + - php tests/redis-test.php + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-redis/README.md b/provisioning/roles/geerlingguy.php-redis/README.md new file mode 100644 index 000000000..74f5dfe8d --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/README.md @@ -0,0 +1,63 @@ +# Ansible Role: PhpRedis + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-redis.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-redis) + +Installs PhpRedis support on Linux. + +## Requirements + +This role doesn't *explicitly* require Redis to be installed, but if you don't have the daemon running somewhere (either on the same server, or somewhere else), this role won't be all that helpful. Check out `geerlingguy.redis` for a simple role to install and configure Redis (either on the same server, or separate servers). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install the latest version of PHP from Remi's repository. + + php_redis_package: php-redis + +(Default for Debian/Ubuntu shown). If installing from apt or yum, which package to install which provides the PhpRedis extension. (For PHP 5.x on Debian, this should be `php5-redis`). + +### Install from source + +If you want to install PhpRedis directly from source (if you're on an OS that doesn't have it available as a package, or if you want a newer version than is available through your package manager), you can use the variables below to configure the source installation: + + php_redis_install_from_source: false + +Whether to install PhpRedis from source. If you'd like to install a specific version of PhpRedis not available via the system package manager, you can compile the extension from source. Note that source installation is forced on Ubuntu 12.04. + + php_redis_source_repo: https://github.com/phpredis/phpredis.git + +The git repository for the PhpRedis extension. + + php_redis_source_version: develop + +The branch, tag, or commit hash to use when cloning the source repository. Can be a branch (e.g. `develop` or `php7`), a tag (e.g. `2.2.7`), or a commit hash (e.g. `5241a5c`). + + php_redis_source_clone_dir: ~/phpredis + +The location where the PhpRedis source code will be cloned locally. + + php_redis_source_configure_command: "./configure" + +The command to configure a PhpRedis source install. You can modify this command if you want to do something like add `--enable-redis-igbinary`. + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.php-redis } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2015 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-redis/defaults/main.yml b/provisioning/roles/geerlingguy.php-redis/defaults/main.yml new file mode 100644 index 000000000..a561b7971 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). +php_enablerepo: "" + +# Whether to install the extension from source or from an apt or yum repo. +php_redis_install_from_source: false +php_redis_source_repo: https://github.com/phpredis/phpredis.git +php_redis_source_version: develop +php_redis_source_clone_dir: ~/phpredis +php_redis_source_configure_command: "./configure" diff --git a/provisioning/roles/geerlingguy.php-redis/files/redis.ini b/provisioning/roles/geerlingguy.php-redis/files/redis.ini new file mode 100644 index 000000000..6aecae489 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/files/redis.ini @@ -0,0 +1 @@ +extension=redis.so diff --git a/provisioning/roles/geerlingguy.php-redis/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-redis/meta/.galaxy_install_info new file mode 100644 index 000000000..0d0322513 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:41 2016', version: 3.0.0} diff --git a/provisioning/roles/geerlingguy.php-redis/meta/main.yml b/provisioning/roles/geerlingguy.php-redis/meta/main.yml new file mode 100644 index 000000000..810ac2ce1 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/meta/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PhpRedis support for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - database + - web diff --git a/provisioning/roles/geerlingguy.php-redis/tasks/install-from-source.yml b/provisioning/roles/geerlingguy.php-redis/tasks/install-from-source.yml new file mode 100644 index 000000000..73c40fc7e --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/tasks/install-from-source.yml @@ -0,0 +1,36 @@ +--- +- name: Clone the PhpRedis repo. + git: + repo: "{{ php_redis_source_repo }}" + dest: "{{ php_redis_source_clone_dir }}" + version: "{{ php_redis_source_version }}" + accept_hostkey: yes + depth: 1 + +- name: Run phpize. + shell: > + phpize + chdir={{ php_redis_source_clone_dir }} + creates={{ php_extension_conf_paths[0] }}/redis.ini + +- name: Run configure script. + shell: > + {{ php_redis_source_configure_command }} + chdir={{ php_redis_source_clone_dir }} + creates={{ php_extension_conf_paths[0] }}/redis.ini + +- name: Make and install PHP. + shell: > + {{ item }} + chdir={{ php_redis_source_clone_dir }} + creates={{ php_extension_conf_paths[0] }}/redis.ini + with_items: + - make + - make install + +- name: Ensure the Redis extension is present in PHP's configuration. + copy: + src: redis.ini + dest: "{{ php_extension_conf_paths[0] }}/redis.ini" + mode: 0644 + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php-redis/tasks/main.yml b/provisioning/roles/geerlingguy.php-redis/tasks/main.yml new file mode 100644 index 000000000..bca9bef4e --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/tasks/main.yml @@ -0,0 +1,36 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_redis_package. + set_fact: + php_redis_package: "{{ __php_redis_package }}" + when: php_redis_package is not defined + +- name: Force install from source on Ubuntu 12.04. + set_fact: + php_redis_install_from_source: true + when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise' + +# Install PhpRedis from the system package manager. +- name: Install PhpRedis extension (RedHat). + yum: + name: "{{ php_redis_package }}" + state: installed + enablerepo: "{{ php_enablerepo }}" + notify: + - restart webserver + - restart php-fpm + when: (php_redis_install_from_source == false) and (ansible_os_family == 'RedHat') + +- name: Install PhpRedis extension (Debian). + apt: "name={{ php_redis_package }} state=installed" + notify: + - restart webserver + - restart php-fpm + when: (php_redis_install_from_source == false) and (ansible_os_family == 'Debian') + +# Install PhpRedis from source. +- include: install-from-source.yml + when: php_redis_install_from_source == true diff --git a/provisioning/roles/geerlingguy.php-redis/tests/inventory b/provisioning/roles/geerlingguy.php-redis/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-redis/tests/redis-test.php b/provisioning/roles/geerlingguy.php-redis/tests/redis-test.php new file mode 100644 index 000000000..b86c65aa9 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/tests/redis-test.php @@ -0,0 +1,32 @@ +connect('127.0.0.1', 6379); + + // Test adding a value to redis. + if ($redis->set($key, $value)) { + $result = $redis->get($key); + + // If we get the expected result, it was a success. + if ($result == $value) { + $success = TRUE; + print "Redis connection successful.\r\n"; + exit(0); + } + } +} + +if (!$success) { + print "Redis not working properly.\r\n"; + exit(1); +} diff --git a/provisioning/roles/geerlingguy.php-redis/tests/test.yml b/provisioning/roles/geerlingguy.php-redis/tests/test.yml new file mode 100644 index 000000000..f101e0872 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/tests/test.yml @@ -0,0 +1,14 @@ +--- +- hosts: localhost + remote_user: root + + vars: + # Because Travis runs on Ubuntu 12.04, PhpRedis is not available via package + # so we have to install from source. + php_redis_install_from_source: true + php_enable_webserver: false + + roles: + - geerlingguy.redis + - geerlingguy.php + - ansible-role-php-redis diff --git a/provisioning/roles/geerlingguy.php-redis/vars/Debian.yml b/provisioning/roles/geerlingguy.php-redis/vars/Debian.yml new file mode 100644 index 000000000..db5f96108 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/vars/Debian.yml @@ -0,0 +1,2 @@ +--- +__php_redis_package: php-redis diff --git a/provisioning/roles/geerlingguy.php-redis/vars/RedHat.yml b/provisioning/roles/geerlingguy.php-redis/vars/RedHat.yml new file mode 100644 index 000000000..11c6873d7 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-redis/vars/RedHat.yml @@ -0,0 +1,2 @@ +--- +__php_redis_package: php-pecl-redis diff --git a/provisioning/roles/geerlingguy.php-xdebug/.gitignore b/provisioning/roles/geerlingguy.php-xdebug/.gitignore new file mode 100644 index 000000000..e43b0f988 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/provisioning/roles/geerlingguy.php-xdebug/.travis.yml b/provisioning/roles/geerlingguy.php-xdebug/.travis.yml new file mode 100644 index 000000000..f67ce39ed --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/.travis.yml @@ -0,0 +1,62 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + SITE: source + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: source + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: source + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + SITE: source + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install geerlingguy.php geerlingguy.repo-remi' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + # Run script to test if Xdebug is available and working. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php /etc/ansible/roles/role_under_test/tests/xdebug-test.php' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-xdebug/README.md b/provisioning/roles/geerlingguy.php-xdebug/README.md new file mode 100644 index 000000000..6fe84800d --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/README.md @@ -0,0 +1,77 @@ +# Ansible Role: PHP-XDebug + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-xdebug.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-xdebug) + +Installs PHP [XDebug](http://xdebug.org/) on Linux servers. + +## Requirements + +Prior to running this role, make sure the `php-devel` and `@Development Tools` (for RHEL/CentOS) or `php5-dev` + `build-essential` packages (for Debian/Ubuntu) are present on the system, as they are required for the build of Xdebug. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + workspace: /root + +Where Xdebug setup files will be downloaded and built. + + php_xdebug_version: 2.4.0 + +The version of Xdebug to be installed (see [Updates](https://xdebug.org/updates.php) for a current listing). + + php_xdebug_default_enable: 1 + php_xdebug_coverage_enable: 1 + +Whether to enable XDebug coverage and default exception handling or not. Disable these for slightly improved PHP performance, enable these to use XDebug to the fullest extent. + + php_xdebug_cli_enable: 1 + +Whether xdebug is enabled for the CLI. + + php_xdebug_module_path: /usr/lib64/php/modules + +The path where `xdebug.so` will be installed. + + php_xdebug_remote_enable: "false" + +Whether remote debugging is enabled. + + php_xdebug_remote_connect_back: "false" + +If this is set to true, Xdebug will respond to any request from any IP address; use only for local development on non-public installations! + + php_xdebug_remote_host: localhost + php_xdebug_remote_port: "9000" + +The host and port on which Xdebug will listen. + + php_xdebug_remote_log: /tmp/xdebug.log + +The location of the xdebug log (useful if you're having trouble connecting). + + php_xdebug_idekey: sublime.xdebug + +The IDE key to use in the URL when making Xdebug requests (e.g. `http://example.local/?XDEBUG_SESSION_START=sublime.xdebug`). + + php_xdebug_max_nesting_level: 100 + +The maximimum function nesting level before Xdebug bails and throws a fatal exception. + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.php-xdebug } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-xdebug/defaults/main.yml b/provisioning/roles/geerlingguy.php-xdebug/defaults/main.yml new file mode 100644 index 000000000..ecccbf1ec --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/defaults/main.yml @@ -0,0 +1,20 @@ +--- +workspace: /root + +php_xdebug_version: 2.4.0 + +php_xdebug_coverage_enable: 1 +php_xdebug_default_enable: 1 +php_xdebug_cli_enable: 1 + +php_xdebug_remote_enable: "false" +php_xdebug_remote_connect_back: "false" +php_xdebug_remote_host: localhost +php_xdebug_remote_port: "9000" +php_xdebug_remote_log: /tmp/xdebug.log +php_xdebug_remote_autostart: "false" + +php_xdebug_idekey: sublime.xdebug + +php_xdebug_max_nesting_level: 256 + diff --git a/provisioning/roles/geerlingguy.php-xdebug/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-xdebug/meta/.galaxy_install_info new file mode 100644 index 000000000..ce1859dd6 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:44 2016', version: 2.1.0} diff --git a/provisioning/roles/geerlingguy.php-xdebug/meta/main.yml b/provisioning/roles/geerlingguy.php-xdebug/meta/main.yml new file mode 100644 index 000000000..8724d2929 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PHP XDebug for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.php-xdebug/tasks/configure.yml b/provisioning/roles/geerlingguy.php-xdebug/tasks/configure.yml new file mode 100644 index 000000000..944e35b5f --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tasks/configure.yml @@ -0,0 +1,12 @@ +--- +- name: Copy xdebug ini into main extension config folder. + template: + src: xdebug.ini.j2 + dest: "{{ item }}/{{ php_xdebug_config_filename }}" + owner: root + group: root + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + notify: + - restart webserver + - restart php-fpm diff --git a/provisioning/roles/geerlingguy.php-xdebug/tasks/main.yml b/provisioning/roles/geerlingguy.php-xdebug/tasks/main.yml new file mode 100644 index 000000000..2a0302e2e --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tasks/main.yml @@ -0,0 +1,56 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Ensure dependencies for building from source are installed (RedHat). + yum: "pkg={{ item }} state=installed" + with_items: + - make + when: ansible_os_family == 'RedHat' + +- name: Ensure dependencies for building from source are installed (Debian). + apt: "pkg={{ item }} state=installed" + with_items: + - make + when: ansible_os_family == 'Debian' + +- name: Download Xdebug. + get_url: + url: "https://xdebug.org/files/xdebug-{{ php_xdebug_version }}.tgz" + dest: "{{ workspace }}/xdebug-{{ php_xdebug_version }}.tgz" + +# TODO: In 2.0, we can set the 'src' to the URL from the get_url task above and +# cut out one extra task :) +- name: Untar Xdebug. + unarchive: + src: "{{ workspace }}/xdebug-{{ php_xdebug_version }}.tgz" + dest: "{{ workspace }}" + copy: no + + +- name: Build Xdebug. + shell: > + {{ item }} + chdir={{ workspace }}/xdebug-{{ php_xdebug_version }} + creates={{ workspace }}/xdebug-{{ php_xdebug_version }}/modules/xdebug.so + with_items: + - phpize + - ./configure + - make + notify: restart webserver + +- name: Ensure Xdebug module path exists. + file: + path: "{{ php_xdebug_module_path }}" + state: directory + owner: root + group: root + mode: 0755 + +- name: Move Xdebug module into place. + shell: > + cp {{ workspace }}/xdebug-{{ php_xdebug_version }}/modules/xdebug.so {{ php_xdebug_module_path }}/xdebug.so + creates={{ php_xdebug_module_path }}/xdebug.so + notify: restart webserver + +- include: configure.yml diff --git a/provisioning/roles/geerlingguy.php-xdebug/templates/xdebug.ini.j2 b/provisioning/roles/geerlingguy.php-xdebug/templates/xdebug.ini.j2 new file mode 100644 index 000000000..e787262f2 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/templates/xdebug.ini.j2 @@ -0,0 +1,17 @@ +[XDebug] +zend_extension="{{ php_xdebug_module_path }}/xdebug.so" + +xdebug.coverage_enable={{ php_xdebug_coverage_enable }} +xdebug.default_enable={{ php_xdebug_default_enable }} + +xdebug.remote_enable={{ php_xdebug_remote_enable }} +xdebug.remote_connect_back={{ php_xdebug_remote_connect_back }} +xdebug.remote_host={{ php_xdebug_remote_host }} +xdebug.remote_port={{ php_xdebug_remote_port }} +xdebug.remote_handler=dbgp +xdebug.remote_log={{ php_xdebug_remote_log }} +xdebug.remote_autostart={{ php_xdebug_remote_autostart }} + +xdebug.idekey="{{ php_xdebug_idekey }}" + +xdebug.max_nesting_level={{ php_xdebug_max_nesting_level }} diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..7adc80e49 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-6 @@ -0,0 +1,19 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum update openssl +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir -p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..7df59cdbb --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.centos-7 @@ -0,0 +1,29 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir -p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/inventory b/provisioning/roles/geerlingguy.php-xdebug/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/test-source.yml b/provisioning/roles/geerlingguy.php-xdebug/tests/test-source.yml new file mode 100644 index 000000000..9f1e024b9 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/test-source.yml @@ -0,0 +1,21 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_version: 5.6 + php_enablerepo: "remi,remi-php56" + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + - name: Add repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + when: ansible_os_family == 'Debian' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - geerlingguy.php + - role_under_test diff --git a/provisioning/roles/geerlingguy.php-xdebug/tests/xdebug-test.php b/provisioning/roles/geerlingguy.php-xdebug/tests/xdebug-test.php new file mode 100644 index 000000000..d5ff4f47a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xdebug/tests/xdebug-test.php @@ -0,0 +1,21 @@ + "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install geerlingguy.php geerlingguy.repo-remi' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Run script to test if XHProf is available and working. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php /etc/ansible/roles/role_under_test/tests/xhprof-test.php' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php-xhprof/README.md b/provisioning/roles/geerlingguy.php-xhprof/README.md new file mode 100644 index 000000000..fb2171cce --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/README.md @@ -0,0 +1,52 @@ +# Ansible Role: PHP-XHProf + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-xhprof.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-xhprof) + +Installs PHP [XHProf](http://php.net/manual/en/book.xhprof.php) on Linux servers. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + workspace: /root + +Where XHProf setup files will be downloaded and built. + + xhprof_download_url: https://github.com/RustJason/xhprof/archive/php7.zip + xhprof_download_folder_name: xhprof-php7 + +The URL from which XHProf will be downloaded. Note that this default is for the PHP 7-compatible version of XHProf. If you're using PHP 5.x, you should probably switch to the 'official' upstream source: `https://github.com/phacility/xhprof/archive/master.tar.gz`. + + xhprof_output_dir: /tmp + +Directory where XHProf runs are stored. + + php_xhprof_lib_dir: /usr/share/php/xhprof_lib + +Directory where the XHProf PHP library is stored. + + php_xhprof_html_dir: /usr/share/php/xhprof_html + +Directory where the XHProf UI is stored. + +## Dependencies + + - geerlingguy.php + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.php-xhprof } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php-xhprof/defaults/main.yml b/provisioning/roles/geerlingguy.php-xhprof/defaults/main.yml new file mode 100644 index 000000000..5466cdcfe --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/defaults/main.yml @@ -0,0 +1,14 @@ +--- +workspace: /root + +# Use the commented URL and folder below if you want to use the 'official' +# XHProf project. +xhprof_download_url: https://github.com/RustJason/xhprof/archive/php7.zip +#xhprof_download_url: https://github.com/phacility/xhprof/archive/master.tar.gz +xhprof_download_folder_name: xhprof-php7 +# xhprof_download_folder_name: xhprof-master + +xhprof_output_dir: /tmp + +php_xhprof_lib_dir: /usr/share/php/xhprof_lib +php_xhprof_html_dir: /usr/share/php/xhprof_html diff --git a/provisioning/roles/geerlingguy.php-xhprof/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php-xhprof/meta/.galaxy_install_info new file mode 100644 index 000000000..87ecc7639 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:48 2016', version: 2.1.2} diff --git a/provisioning/roles/geerlingguy.php-xhprof/meta/main.yml b/provisioning/roles/geerlingguy.php-xhprof/meta/main.yml new file mode 100644 index 000000000..f4fd533b2 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: + - geerlingguy.php + +galaxy_info: + author: geerlingguy + description: PHP XHProf for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.php-xhprof/tasks/configure.yml b/provisioning/roles/geerlingguy.php-xhprof/tasks/configure.yml new file mode 100644 index 000000000..67fcbfc2b --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tasks/configure.yml @@ -0,0 +1,18 @@ +--- +- name: Ensure PHP configuration directories exist. + file: + path: "{{ item }}" + state: directory + mode: 0755 + follow: true + with_items: "{{ php_extension_conf_paths }}" + +- name: Copy XHProf INI into various other conf folders. + template: + src: xhprof.ini.j2 + dest: "{{ item }}/{{ php_xhprof_config_filename }}" + owner: root + group: root + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php-xhprof/tasks/main.yml b/provisioning/roles/geerlingguy.php-xhprof/tasks/main.yml new file mode 100644 index 000000000..8189bacfb --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tasks/main.yml @@ -0,0 +1,68 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Download XHProf source. + get_url: + url: "{{ xhprof_download_url }}" + dest: "{{ workspace }}/xhprof.tar.gz" + register: xhprof_download_get_url + +# TODO: In 2.0, we can set the 'src' to the URL from the get_url task above and +# cut out one extra task :) +- name: Untar XHProf. + unarchive: + src: "{{ workspace }}/xhprof.tar.gz" + dest: "{{ workspace }}" + copy: no + when: xhprof_download_get_url.changed + +- name: Build XHProf. + shell: > + {{ item }} + chdir={{ workspace }}/{{ xhprof_download_folder_name }}/extension + creates={{ workspace }}/{{ xhprof_download_folder_name }}/extension/modules/xhprof.so + with_items: + - phpize + - ./configure + - make + notify: restart webserver + +- name: Ensure XHProf module path exists. + file: + path: "{{ php_xhprof_module_path }}" + state: directory + owner: root + group: root + mode: 0755 + +- name: Move XHProf module into place. + shell: > + cp {{ workspace }}/{{ xhprof_download_folder_name }}/extension/modules/xhprof.so {{ php_xhprof_module_path }}/xhprof.so + creates={{ php_xhprof_module_path }}/xhprof.so + notify: restart webserver + +- name: Move XHProf PHP library into place. + shell: > + cp -r {{ workspace }}/{{ xhprof_download_folder_name }}/xhprof_lib {{ php_xhprof_lib_dir }} + creates={{ php_xhprof_lib_dir }}/utils/xhprof_lib.php + +- name: Move XHProf UI into place. + shell: > + cp -r {{ workspace }}/{{ xhprof_download_folder_name }}/xhprof_html {{ php_xhprof_html_dir }} + creates={{ php_xhprof_html_dir }}/index.php + +- include: configure.yml + +- name: Ensure XHProf output directory exists. + file: + path: "{{ xhprof_output_dir }}" + state: directory + mode: 0777 diff --git a/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-Debian.yml new file mode 100644 index 000000000..085cd098c --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-Debian.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure dependencies for installing from source are installed. + apt: "pkg={{ item }} state=installed" + with_items: + - make + +- name: Ensure GraphViz is installed. + apt: pkg=graphviz state=installed diff --git a/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-RedHat.yml new file mode 100644 index 000000000..334d8f5c6 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tasks/setup-RedHat.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure dependencies for installing from source are installed. + yum: "pkg={{ item }} state=installed" + with_items: + - make + +- name: Ensure GraphViz is installed. + yum: pkg=graphviz state=installed diff --git a/provisioning/roles/geerlingguy.php-xhprof/templates/xhprof.ini.j2 b/provisioning/roles/geerlingguy.php-xhprof/templates/xhprof.ini.j2 new file mode 100644 index 000000000..8caedae53 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/templates/xhprof.ini.j2 @@ -0,0 +1,3 @@ +[xhprof] +extension="{{ php_xhprof_module_path }}/xhprof.so" +xhprof.output_dir="{{ xhprof_output_dir }}" diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..10c2684ce --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.centos-7 @@ -0,0 +1,30 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +RUN yum install -y unzip +RUN yum groupinstall -y "Development Tools" + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..576e3bce8 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,13 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +RUN apt-get install -y unzip + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..cb7a7bda4 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,13 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +RUN apt-get install -y unzip + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/inventory b/provisioning/roles/geerlingguy.php-xhprof/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/test-source.yml b/provisioning/roles/geerlingguy.php-xhprof/tests/test-source.yml new file mode 100644 index 000000000..dee464c36 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/test-source.yml @@ -0,0 +1,20 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_enablerepo: "remi,remi-php70" + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + - name: Add repository for PHP 7.0. + apt_repository: repo='ppa:ondrej/php' + when: ansible_os_family == 'Debian' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - geerlingguy.php + - role_under_test diff --git a/provisioning/roles/geerlingguy.php-xhprof/tests/xhprof-test.php b/provisioning/roles/geerlingguy.php-xhprof/tests/xhprof-test.php new file mode 100644 index 000000000..1dd28b956 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/tests/xhprof-test.php @@ -0,0 +1,51 @@ +xhprof_disable'])) { + print "XHProf profiling working.\r\n"; +} +else { + print "XHProf profiling not working.\r\n"; + $success = FALSE; +} + +include $xhprof_root_dir . '/xhprof_lib/utils/xhprof_lib.php'; +include $xhprof_root_dir . '/xhprof_lib/utils/xhprof_runs.php'; + +$xhprof_runs = new XHProfRuns_Default(); +$run_id = $xhprof_runs->save_run($data, "xhprof_testing"); +$output_dir = ini_get("xhprof.output_dir"); +$filename = "$output_dir/$run_id.xhprof_testing.xhprof"; + +if (file_exists($filename)) { + print "XHProf PHP library writing to output directory.\r\n"; +} +else { + print "XHProf PHP library not working.\r\n"; + $success = FALSE; +} + +ob_start(); +include $xhprof_root_dir . '/xhprof_html/index.php'; +$html = ob_get_clean(); +if (strpos($html, "?run=$run_id") !== FALSE) { + print "XHProf UI working.\r\n"; +} +else { + print "XHProf UI not working.\r\n"; + $success = FALSE; +} + +if (!$success) { + exit(1); +} diff --git a/provisioning/roles/geerlingguy.php-xhprof/vars/Debian.yml b/provisioning/roles/geerlingguy.php-xhprof/vars/Debian.yml new file mode 100644 index 000000000..37fae2e1d --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/vars/Debian.yml @@ -0,0 +1,4 @@ +--- +php_xhprof_module_path: /usr/lib/php5/modules + +php_xhprof_config_filename: 20-xhprof.ini diff --git a/provisioning/roles/geerlingguy.php-xhprof/vars/RedHat.yml b/provisioning/roles/geerlingguy.php-xhprof/vars/RedHat.yml new file mode 100644 index 000000000..e487f1b91 --- /dev/null +++ b/provisioning/roles/geerlingguy.php-xhprof/vars/RedHat.yml @@ -0,0 +1,4 @@ +--- +php_xhprof_module_path: /usr/lib64/php/modules + +php_xhprof_config_filename: xhprof.ini diff --git a/provisioning/roles/geerlingguy.php/.travis.yml b/provisioning/roles/geerlingguy.php/.travis.yml new file mode 100644 index 000000000..0fe9aaedf --- /dev/null +++ b/provisioning/roles/geerlingguy.php/.travis.yml @@ -0,0 +1,84 @@ +--- +sudo: required + +env: + # Only test source install on latest supported OSes. + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: source + PHP_VERSION: 7.0.5 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: source + PHP_VERSION: 7.0.5 + + # Test package install on all supported OSes. + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: package + PHP_VERSION: 7.0 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: package + PHP_VERSION: 7.0 + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + SITE: package + PHP_VERSION: 5.6 + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' + + # Test role. + - 'travis_wait 30 sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure PHP is installed and at the right version. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which php' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm test -x /usr/bin/php' + + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php --version' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm /usr/bin/php --version | grep -qF "PHP $PHP_VERSION"' + + # Ensure PHP configurations have taken effect. + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php -i | grep 'memory_limit.*192' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.php/README.md b/provisioning/roles/geerlingguy.php/README.md new file mode 100644 index 000000000..9bdd4e36b --- /dev/null +++ b/provisioning/roles/geerlingguy.php/README.md @@ -0,0 +1,204 @@ +# Ansible Role: PHP + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) + +Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. + +## Requirements + +If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_packages: [] + +A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). + +_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ + + php_enable_webserver: true + +If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. + + php_webserver_daemon: "httpd" + +The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. + + php_packages_state: "installed" + +If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to 'installed'. You can now override this variable to 'latest'. Combined with php_enablerepo, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. + + php_executable: "php" + +The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. + +### PHP-FPM + +PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). + +When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: + + php_enable_php_fpm: false + +If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. + + php_fpm_listen: "127.0.0.1:9000" + php_fpm_listen_allowed_clients: "127.0.0.1" + php_fpm_pm_max_children: 50 + php_fpm_pm_start_servers: 5 + php_fpm_pm_min_spare_servers: 5 + php_fpm_pm_max_spare_servers: 5 + +Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure.yml`. + +### php.ini settings + + php_use_managed_ini: true + +By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). + + php_memory_limit: "256M" + php_max_execution_time: "60" + php_max_input_time: "60" + php_max_input_vars: "1000" + php_realpath_cache_size: "32K" + php_upload_max_filesize: "64M" + php_post_max_size: "32M" + php_date_timezone: "America/Chicago" + php_allow_url_fopen: "On" + php_sendmail_path: "/usr/sbin/sendmail -t -i" + php_output_buffering: "4096" + php_short_open_tag: false + php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" + php_display_errors: "Off" + php_display_startup_errors: "On" + php_expose_php: "On" + php_session_cookie_lifetime: 0 + php_session_gc_probability: 1 + php_session_gc_divisor: 1000 + php_session_gc_maxlifetime: 1440 + php_session_save_handler: files + php_session_save_path: '' + +Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. + +### OpCache-related Variables + +The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. + + php_opcache_enable: "1" + php_opcache_enable_cli: "0" + php_opcache_memory_consumption: "96" + php_opcache_interned_strings_buffer: "16" + php_opcache_max_accelerated_files: "4096" + php_opcache_max_wasted_percentage: "5" + php_opcache_validate_timestamps: "1" + php_opcache_revalidate_path: "0" + php_opcache_revalidate_freq: "2" + php_opcache_max_file_size: "0" + +OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! + + php_opcache_conf_filename: [platform-specific] + +The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +### APCu-related Variables + + php_enable_apc: true + +Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. + + php_apc_shm_size: "96M" + php_apc_enable_cli: "0" + +APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). + + php_apc_conf_filename: [platform-specific] + +The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +#### Ensuring APC is installed + +If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): + + - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. + - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. + +### Installing from Source + +If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. + +Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). + + php_install_from_source: false + +Set this to `true` to install PHP from source instead of installing from packages. + + php_source_version: "master" + +The version of PHP to install from source (a git branch, tag, or commit hash). + + php_source_clone_dir: "~/php-src" + php_source_install_path: "/opt/php" + php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" + +Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific). + + php_source_make_command: "make" + +Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. + + php_source_configure_command: > + [...] + +The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! + +A few other notes/caveats for specific configurations: + + - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). + - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. + - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.php } + +*Inside `vars/main.yml`*: + + php_memory_limit: "128M" + php_max_execution_time: "90" + php_upload_max_filesize: "256M" + php_packages: + - php + - php-cli + - php-common + - php-devel + - php-gd + - php-mbstring + - php-pdo + - php-pecl-apcu + - php-xml + ... + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.php/defaults/main.yml b/provisioning/roles/geerlingguy.php/defaults/main.yml new file mode 100644 index 000000000..f0941f4e9 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/defaults/main.yml @@ -0,0 +1,116 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). +php_enablerepo: "" + +# PHP package state; use 'installed' to make sure it's installed, or 'latest' if +# you want to upgrade or switch versions using a new repo. +php_packages_state: installed + +# Set this to false if you're not using PHP with Apache/Nginx/etc. +php_enable_webserver: true + +# PHP-FPM configuration. +php_enable_php_fpm: false +php_fpm_listen: "127.0.0.1:9000" +php_fpm_listen_allowed_clients: "127.0.0.1" +php_fpm_pm_max_children: 50 +php_fpm_pm_start_servers: 5 +php_fpm_pm_min_spare_servers: 5 +php_fpm_pm_max_spare_servers: 5 + +# The executable to run when calling PHP from the command line. +php_executable: "php" + +# OpCache settings (useful for PHP >=5.5). +php_opcache_enable: "1" +php_opcache_enable_cli: "0" +php_opcache_memory_consumption: "96" +php_opcache_interned_strings_buffer: "16" +php_opcache_max_accelerated_files: "4096" +php_opcache_max_wasted_percentage: "5" +php_opcache_validate_timestamps: "1" +php_opcache_revalidate_path: "0" +php_opcache_revalidate_freq: "2" +php_opcache_max_file_size: "0" +php_opcache_blacklist_filename: "" + +# APCu settings. +php_enable_apc: true +php_apc_shm_size: "96M" +php_apc_enable_cli: "0" + +# If this is set to false, none of the following options will have any effect. +# Any and all changes to /etc/php.ini will be your responsibility. +php_use_managed_ini: true + +php_expose_php: "On" +php_memory_limit: "256M" +php_max_execution_time: "60" +php_max_input_time: "60" +php_max_input_vars: "1000" +php_realpath_cache_size: "32K" +php_upload_max_filesize: "64M" +php_post_max_size: "32M" +php_date_timezone: "America/Chicago" +php_allow_url_fopen: "On" + +php_sendmail_path: "/usr/sbin/sendmail -t -i" +php_output_buffering: "4096" +php_short_open_tag: false + +php_session_cookie_lifetime: 0 +php_session_gc_probability: 1 +php_session_gc_divisor: 1000 +php_session_gc_maxlifetime: 1440 +php_session_save_handler: files +php_session_save_path: '' + +php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" +php_display_errors: "Off" +php_display_startup_errors: "Off" + +# Install PHP from source (instead of using a package manager) with these vars. +php_install_from_source: false +php_source_version: "master" +php_source_clone_dir: "~/php-src" +php_source_install_path: "/opt/php" +php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" +# For faster compile time: "make --jobs=X" where X is # of cores present. +php_source_make_command: "make" +php_source_configure_command: > + ./configure + --prefix={{ php_source_install_path }} + --with-config-file-path={{ php_conf_paths | first }} + --enable-mbstring + --enable-zip + --enable-bcmath + --enable-pcntl + --enable-ftp + --enable-exif + --enable-calendar + --enable-opcache + --enable-pdo + --enable-sysvmsg + --enable-sysvsem + --enable-sysvshm + --enable-wddx + --with-curl + --with-mcrypt + --with-iconv + --with-gmp + --with-pspell + --with-gd + --with-jpeg-dir=/usr + --with-png-dir=/usr + --with-zlib-dir=/usr + --with-xpm-dir=/usr + --with-freetype-dir=/usr + --enable-gd-native-ttf + --enable-gd-jis-conv + --with-openssl + --with-pdo-mysql=/usr + --with-gettext=/usr + --with-zlib=/usr + --with-bz2=/usr + --with-recode=/usr + --with-mysqli=/usr/bin/mysql_config diff --git a/provisioning/roles/geerlingguy.php/handlers/main.yml b/provisioning/roles/geerlingguy.php/handlers/main.yml new file mode 100644 index 000000000..454476dbc --- /dev/null +++ b/provisioning/roles/geerlingguy.php/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: restart webserver + service: + name: "{{ php_webserver_daemon }}" + state: restarted + notify: restart php-fpm + when: php_enable_webserver + +- name: restart php-fpm + service: + name: "{{ php_fpm_daemon }}" + state: restarted + when: php_enable_php_fpm diff --git a/provisioning/roles/geerlingguy.php/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.php/meta/.galaxy_install_info new file mode 100644 index 000000000..d879b8800 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:27 2016', version: 3.2.2} diff --git a/provisioning/roles/geerlingguy.php/meta/main.yml b/provisioning/roles/geerlingguy.php/meta/main.yml new file mode 100644 index 000000000..fb04c15fd --- /dev/null +++ b/provisioning/roles/geerlingguy.php/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: PHP for RedHat/CentOS/Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.0 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.php/tasks/configure-apcu.yml b/provisioning/roles/geerlingguy.php/tasks/configure-apcu.yml new file mode 100644 index 000000000..5a3badba2 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/configure-apcu.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing APCu config files. + find: + paths: "{{ item }}" + contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' + register: php_installed_apc_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied APCu config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_apc_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_apc_confs.results }}" + - files + notify: restart webserver + +- name: Ensure APCu config file is present. + template: + src: apc.ini.j2 + dest: "{{ item }}/{{ php_apc_conf_filename }}" + owner: root + group: root + force: yes + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc + notify: restart webserver + +- name: Remove APCu config file if APC is disabled. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_enable_apc + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php/tasks/configure-fpm.yml b/provisioning/roles/geerlingguy.php/tasks/configure-fpm.yml new file mode 100644 index 000000000..00f7427b6 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/configure-fpm.yml @@ -0,0 +1,76 @@ +--- +- name: Define php_fpm_daemon. + set_fact: + php_fpm_daemon: "{{ __php_fpm_daemon }}" + when: php_fpm_daemon is not defined + +- name: Define php_fpm_pool_conf_path. + set_fact: + php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" + when: php_fpm_pool_conf_path is not defined + +- name: Define php_fpm_pool_user. + set_fact: + php_fpm_pool_user: "{{ __php_fpm_pool_user }}" + when: php_fpm_pool_user is not defined + +- name: Define php_fpm_pool_group. + set_fact: + php_fpm_pool_group: "{{ __php_fpm_pool_group }}" + when: php_fpm_pool_group is not defined + +- name: Stat php_fpm_pool_conf_path + stat: + path: "{{ php_fpm_pool_conf_path | dirname }}" + register: php_fpm_pool_conf_path_dir_stat + +- name: Ensure the default pool directory exists. + file: + path: "{{ php_fpm_pool_conf_path | dirname }}" + state: directory + owner: root + group: root + mode: 0755 + when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined + +- name: Ensure the default pool exists. + template: + src: www.conf.j2 + dest: "{{ php_fpm_pool_conf_path }}" + owner: root + group: root + mode: 0644 + force: no + +- name: Configure php-fpm pool (if enabled). + lineinfile: + dest: "{{ php_fpm_pool_conf_path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - regexp: "^user.?=.+$" + line: "user = {{ php_fpm_pool_user }}" + - regexp: "^group.?=.+$" + line: "group = {{ php_fpm_pool_group }}" + - regexp: "^listen.?=.+$" + line: "listen = {{ php_fpm_listen }}" + - regexp: '^listen\.allowed_clients.?=.+$' + line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" + - regexp: '^pm\.max_children.?=.+$' + line: "pm.max_children = {{ php_fpm_pm_max_children }}" + - regexp: '^pm\.start_servers.?=.+$' + line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" + - regexp: '^pm\.min_spare_servers.?=.+$' + line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" + - regexp: '^pm\.max_spare_servers.?=.+$' + line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" + when: php_enable_php_fpm + notify: restart php-fpm + +- name: Ensure php-fpm is started and enabled at boot (if configured). + service: + name: "{{ php_fpm_daemon }}" + state: started + enabled: yes + when: php_enable_php_fpm diff --git a/provisioning/roles/geerlingguy.php/tasks/configure-opcache.yml b/provisioning/roles/geerlingguy.php/tasks/configure-opcache.yml new file mode 100644 index 000000000..cd02e3f18 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/configure-opcache.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing OpCache config files. + find: + paths: "{{ item }}" + contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' + register: php_installed_opcache_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied OpCache config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_opcache_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_opcache_confs.results }}" + - files + notify: restart webserver + +- name: Ensure OpCache config file is present. + template: + src: opcache.ini.j2 + dest: "{{ item }}/{{ php_opcache_conf_filename }}" + owner: root + group: root + force: yes + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable + notify: restart webserver + +- name: Remove OpCache config file if OpCache is disabled. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_opcache_enable + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php/tasks/configure.yml b/provisioning/roles/geerlingguy.php/tasks/configure.yml new file mode 100644 index 000000000..f4fa94c4d --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/configure.yml @@ -0,0 +1,20 @@ +--- +- name: Ensure configuration directories exist. + file: + path: "{{ item }}" + state: directory + follow: true + with_flattened: + - "{{ php_conf_paths }}" + - "{{ php_extension_conf_paths }}" + +- name: Place PHP configuration file in place. + template: + src: php.ini.j2 + dest: "{{ item }}/php.ini" + owner: root + group: root + mode: 0644 + with_items: "{{ php_conf_paths }}" + notify: restart webserver + when: php_use_managed_ini diff --git a/provisioning/roles/geerlingguy.php/tasks/install-from-source.yml b/provisioning/roles/geerlingguy.php/tasks/install-from-source.yml new file mode 100644 index 000000000..83a52a383 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/install-from-source.yml @@ -0,0 +1,150 @@ +--- +- name: Ensure dependencies for building from source are installed (RedHat). + yum: "pkg={{ item }} state=installed" + with_items: + - autoconf + - automake + - libtool + - bison + - make + - curl-devel + - recode-devel + - aspell-devel + - libxml2-devel + - pkgconfig + - libmcrypt-devel + - t1lib-devel + - libXpm-devel + - libpng-devel + - libjpeg-turbo-devel + - bzip2-devel + - openssl-devel + - freetype-devel + - libicu-devel + - mariadb-devel + - gmp-devel + when: ansible_os_family == 'RedHat' + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Ensure dependencies for building from source are installed (Debian). + apt: "pkg={{ item }} state=installed" + with_items: + - build-essential + - autoconf + - automake + - libtool + - bison + - pkg-config + - re2c + - libxml2-dev + - libcurl4-openssl-dev + - libbz2-dev + - libjpeg-dev + - libpng12-dev + - libxpm-dev + - libfreetype6-dev + - libgmp3-dev + - libmcrypt-dev + - libmysqlclient-dev + - libpspell-dev + - librecode-dev + - libssl-dev + when: ansible_os_family == 'Debian' + +- name: Define php_fpm_daemon (if not defined already). + set_fact: + php_fpm_daemon: "php-fpm" + when: php_fpm_daemon is not defined + +- name: Check if gmp.h is already in a location accessible to gcc. + stat: path=/usr/include/gmp.h + register: gmp_file + +- name: Ensure gmp.h is symlinked into a location accessible to gcc. + file: + src: "{{ php_source_install_gmp_path }}" + dest: /usr/include/gmp.h + state: link + when: gmp_file.stat.exists == false + +- name: Check if PHP is installed. + command: which php + changed_when: false + failed_when: false + register: php_installed + +- name: Clone the PHP repository. + git: + repo: https://git.php.net/repository/php-src.git + dest: "{{ php_source_clone_dir }}" + version: "{{ php_source_version }}" + accept_hostkey: yes + depth: 1 + when: php_installed|failed + +- name: Ensure PHP installation path exists. + file: + path: "{{ php_source_install_path }}" + state: directory + mode: 0755 + when: php_installed|failed + +- name: Build configure script. + shell: > + ./buildconf --force + chdir={{ php_source_clone_dir }} + when: php_installed|failed + +- name: Run configure script. + shell: > + {{ php_source_configure_command }} + chdir={{ php_source_clone_dir }} + when: php_installed|failed + +- name: Make and install PHP. + shell: > + {{ item }} + chdir={{ php_source_clone_dir }} + with_items: + - "{{ php_source_make_command }}" + - make install + when: php_installed|failed + +- name: Ensure php executable is symlinked into a standard path. + file: + src: "{{ php_source_install_path }}/bin/php" + dest: /usr/bin/php + state: link + +# PHP FPM configuration. +- name: Ensure php-fpm executable is symlinked into a standard path. + file: + src: "{{ php_source_install_path }}/sbin/php-fpm" + dest: "/usr/sbin/{{ php_fpm_daemon }}" + state: link + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm init script is installed. + template: + src: fpm-init.j2 + dest: "/etc/init.d/{{ php_fpm_daemon }}" + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm + +- name: Ensure php-fpm config directory exists. + file: + path: "{{ php_fpm_conf_path }}" + state: directory + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm config file is installed. + template: + src: php-fpm.conf.j2 + dest: "{{ php_fpm_conf_path }}/php-fpm.conf" + mode: 0644 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm diff --git a/provisioning/roles/geerlingguy.php/tasks/main.yml b/provisioning/roles/geerlingguy.php/tasks/main.yml new file mode 100644 index 000000000..1e82ceedd --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/main.yml @@ -0,0 +1,61 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_packages. + set_fact: + php_packages: "{{ __php_packages | list }}" + when: php_packages is not defined + +- name: Define php_webserver_daemon. + set_fact: + php_webserver_daemon: "{{ __php_webserver_daemon }}" + when: php_webserver_daemon is not defined + +- name: Define php_conf_paths. + set_fact: + php_conf_paths: "{{ __php_conf_paths }}" + when: php_conf_paths is not defined + +- name: Define php_extension_conf_paths. + set_fact: + php_extension_conf_paths: "{{ __php_extension_conf_paths }}" + when: php_extension_conf_paths is not defined + +- name: Define php_apc_conf_filename. + set_fact: + php_apc_conf_filename: "{{ __php_apc_conf_filename }}" + when: php_apc_conf_filename is not defined + +- name: Define php_opcache_conf_filename (Ubuntu 16.04). + set_fact: + php_opcache_conf_filename: "10-opcache.ini" + when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" + +- name: Define php_opcache_conf_filename. + set_fact: + php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" + when: php_opcache_conf_filename is not defined + +- name: Define php_fpm_conf_path. + set_fact: + php_fpm_conf_path: "{{ __php_fpm_conf_path }}" + when: php_fpm_conf_path is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: (php_install_from_source == false) and (ansible_os_family == 'RedHat') + +- include: setup-Debian.yml + when: (php_install_from_source == false) and (ansible_os_family == 'Debian') + +# Install PHP from source when php_install_from_source is true. +- include: install-from-source.yml + when: php_install_from_source == true + +# Configure PHP. +- include: configure.yml +- include: configure-apcu.yml +- include: configure-opcache.yml +- include: configure-fpm.yml diff --git a/provisioning/roles/geerlingguy.php/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.php/tasks/setup-Debian.yml new file mode 100644 index 000000000..f77278a35 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/setup-Debian.yml @@ -0,0 +1,27 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure PHP packages are installed. + apt: + name: "{{ item }}" + state: "{{ php_packages_state }}" + with_items: "{{ php_packages }}" + register: php_package_install + notify: restart webserver + +- name: Delete APCu configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc and php_package_install.changed + notify: restart webserver + +- name: Delete OpCache configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable and php_package_install.changed + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.php/tasks/setup-RedHat.yml new file mode 100644 index 000000000..6cfde8cb0 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tasks/setup-RedHat.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure PHP packages are installed. + yum: + name: "{{ item }}" + state: "{{ php_packages_state }}" + enablerepo: "{{ php_enablerepo }}" + with_items: "{{ php_packages }}" + notify: restart webserver diff --git a/provisioning/roles/geerlingguy.php/templates/apc.ini.j2 b/provisioning/roles/geerlingguy.php/templates/apc.ini.j2 new file mode 100644 index 000000000..bfd570646 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/apc.ini.j2 @@ -0,0 +1,4 @@ +extension=apcu.so +apc.shm_size={{ php_apc_shm_size }} +apc.enable_cli={{ php_apc_enable_cli }} +apc.rfc1867=1 diff --git a/provisioning/roles/geerlingguy.php/templates/fpm-init.j2 b/provisioning/roles/geerlingguy.php/templates/fpm-init.j2 new file mode 100644 index 000000000..4d6a6d5dc --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/fpm-init.j2 @@ -0,0 +1,170 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm {{ php_fpm_daemon }} +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts {{ php_fpm_daemon }} +# Description: Starts The PHP FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP FastCGI Process Manager" +NAME={{ php_fpm_daemon }} +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" +PIDFILE=/var/run/{{ php_fpm_daemon }}.pid +TIMEOUT=2 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Don't run if we are running upstart +if init_is_upstart; then + exit 1 +fi + +# +# Function to check the correctness of the config file +# +do_check() +{ + /usr/lib/php5/php5-fpm-checkconf || return 1 + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: diff --git a/provisioning/roles/geerlingguy.php/templates/opcache.ini.j2 b/provisioning/roles/geerlingguy.php/templates/opcache.ini.j2 new file mode 100644 index 000000000..f60fb8927 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/opcache.ini.j2 @@ -0,0 +1,14 @@ +zend_extension=opcache.so +opcache.enable={{ php_opcache_enable }} +opcache.enable_cli={{ php_opcache_enable_cli }} +opcache.memory_consumption={{ php_opcache_memory_consumption }} +opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} +opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} +opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} +opcache.validate_timestamps={{ php_opcache_validate_timestamps }} +opcache.revalidate_path={{ php_opcache_revalidate_path }} +opcache.revalidate_freq={{ php_opcache_revalidate_freq }} +opcache.max_file_size={{ php_opcache_max_file_size }} +{% if php_opcache_blacklist_filename != '' %} +opcache.blacklist_filename={{ php_opcache_blacklist_filename }} +{% endif %} diff --git a/provisioning/roles/geerlingguy.php/templates/php-fpm.conf.j2 b/provisioning/roles/geerlingguy.php/templates/php-fpm.conf.j2 new file mode 100644 index 000000000..12b277fbe --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/php-fpm.conf.j2 @@ -0,0 +1,12 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +include={{ php_fpm_conf_path }}/pool.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +error_log = /var/log/php-fpm.log diff --git a/provisioning/roles/geerlingguy.php/templates/php.ini.j2 b/provisioning/roles/geerlingguy.php/templates/php.ini.j2 new file mode 100644 index 000000000..d6ad9df97 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/php.ini.j2 @@ -0,0 +1,225 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +engine = On +short_open_tag = {{ php_short_open_tag }} +asp_tags = Off +precision = 14 +output_buffering = {{ php_output_buffering }} + +zlib.output_compression = Off + +implicit_flush = Off +unserialize_callback_func = +serialize_precision = 17 +disable_functions = +disable_classes = + +zend.enable_gc = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +expose_php = {{ php_expose_php }} + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +max_execution_time = {{ php_max_execution_time }} +max_input_time = {{ php_max_input_time }} +max_input_vars = {{ php_max_input_vars }} +memory_limit = {{ php_memory_limit }} + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +error_reporting = {{ php_error_reporting }} +display_errors = {{ php_display_errors }} +display_startup_errors = {{ php_display_startup_errors }} +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +track_errors = Off +html_errors = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On + +post_max_size = {{ php_post_max_size }} +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" +always_populate_raw_post_data = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +doc_root = +user_dir = + +enable_dl = Off + +realpath_cache_size = {{ php_realpath_cache_size }} + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +file_uploads = On +upload_max_filesize = {{ php_upload_max_filesize }} +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +allow_url_fopen = {{ php_allow_url_fopen }} +allow_url_include = Off + +default_socket_timeout = 60 + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ php_date_timezone }} + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= + +[mail function] +; For Win32 only. +SMTP = localhost +smtp_port = 25 + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +sendmail_path = {{ php_sendmail_path }} + +mail.add_x_header = On + +[SQL] +sql.safe_mode = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[MySQL] +mysql.allow_local_infile = On +mysql.allow_persistent = On +mysql.cache_size = 2000 +mysql.max_persistent = -1 +mysql.max_links = -1 +mysql.default_port = +mysql.default_socket = +mysql.default_host = +mysql.default_user = +mysql.default_password = +mysql.connect_timeout = 60 +mysql.trace_mode = Off + +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = {{ php_session_save_handler }} +session.save_path = {{ php_session_save_path }} +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 + +session.cookie_lifetime = {{ php_session_cookie_lifetime }} +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = + +session.serialize_handler = php + +session.gc_probability = {{ php_session_gc_probability }} +session.gc_divisor = {{ php_session_gc_divisor }} +session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} + +session.bug_compat_42 = Off +session.bug_compat_warn = Off +session.referer_check = + +session.cache_limiter = nocache +session.cache_expire = 180 + +session.use_trans_sid = 0 + +session.hash_function = 0 +session.hash_bits_per_character = 5 + +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +mssql.allow_persistent = On +mssql.max_persistent = -1 +mssql.max_links = -1 +mssql.min_error_severity = 10 +mssql.min_message_severity = 10 +mssql.compatability_mode = Off +mssql.secure_connection = Off + +[Tidy] +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 + +[ldap] +ldap.max_links = -1 diff --git a/provisioning/roles/geerlingguy.php/templates/www.conf.j2 b/provisioning/roles/geerlingguy.php/templates/www.conf.j2 new file mode 100644 index 000000000..aaab17aa4 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/templates/www.conf.j2 @@ -0,0 +1,12 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = {{ php_fpm_pool_user }} +group = {{ php_fpm_pool_group }} + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 5 +pm.max_requests = 500 diff --git a/provisioning/roles/geerlingguy.php/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.php/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.php/tests/inventory b/provisioning/roles/geerlingguy.php/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.php/tests/requirements.yml b/provisioning/roles/geerlingguy.php/tests/requirements.yml new file mode 100644 index 000000000..711227acc --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.repo-remi diff --git a/provisioning/roles/geerlingguy.php/tests/test-package.yml b/provisioning/roles/geerlingguy.php/tests/test-package.yml new file mode 100644 index 000000000..8e749e8d8 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/test-package.yml @@ -0,0 +1,27 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_memory_limit: "192M" + php_enablerepo: "remi,remi-php70" + + pre_tasks: + - include_vars: test-vars-ubuntu1204.yml + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '12.04' + + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + - name: Add repository for PHP 7. + apt_repository: repo='ppa:ondrej/php' + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version != '12.04' + + - name: Add repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '12.04' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - role_under_test diff --git a/provisioning/roles/geerlingguy.php/tests/test-source.yml b/provisioning/roles/geerlingguy.php/tests/test-source.yml new file mode 100644 index 000000000..cac53496a --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/test-source.yml @@ -0,0 +1,18 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_install_from_source: true + php_source_clone_dir: /root/php-src + php_source_make_command: "make --jobs=2" + php_source_version: "php-7.0.5" + php_memory_limit: "192M" + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.php/tests/test-vars-ubuntu1204.yml b/provisioning/roles/geerlingguy.php/tests/test-vars-ubuntu1204.yml new file mode 100644 index 000000000..9fabcac42 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/tests/test-vars-ubuntu1204.yml @@ -0,0 +1,23 @@ +--- +php_version: "5.6" +php_packages: + - php5 + - php5-mcrypt + - php5-cli + - php5-common + - php5-curl + - php5-dev + - php5-fpm + - php5-gd + - php-pear + - libpcre3-dev +php_conf_paths: + - /etc/php5/fpm + - /etc/php5/apache2 + - /etc/php5/cli +php_extension_conf_paths: + - /etc/php5/fpm/conf.d + - /etc/php5/apache2/conf.d + - /etc/php5/cli/conf.d +php_fpm_daemon: php5-fpm +php_fpm_conf_path: "/etc/php5/fpm" diff --git a/provisioning/roles/geerlingguy.php/vars/Debian.yml b/provisioning/roles/geerlingguy.php/vars/Debian.yml new file mode 100644 index 000000000..ae927c200 --- /dev/null +++ b/provisioning/roles/geerlingguy.php/vars/Debian.yml @@ -0,0 +1,37 @@ +--- +__php_packages: + - php7.0-common + - php7.0-cli + - php7.0-dev + - php7.0-fpm + - libpcre3-dev + - php7.0-gd + - php7.0-curl + - php7.0-imap + - php7.0-json + - php7.0-opcache + - php7.0-xml + - php7.0-mbstring + - php-sqlite3 + - php-apcu +__php_webserver_daemon: "apache2" + +# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. +__php_conf_paths: + - /etc/php/7.0/fpm + - /etc/php/7.0/apache2 + - /etc/php/7.0/cli + +__php_extension_conf_paths: + - /etc/php/7.0/fpm/conf.d + - /etc/php/7.0/apache2/conf.d + - /etc/php/7.0/cli/conf.d + +__php_apc_conf_filename: 20-apcu.ini +__php_opcache_conf_filename: 05-opcache.ini +__php_fpm_daemon: php7.0-fpm +__php_fpm_conf_path: "/etc/php/7.0/fpm" +__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" + +__php_fpm_pool_user: www-data +__php_fpm_pool_group: www-data diff --git a/provisioning/roles/geerlingguy.php/vars/RedHat.yml b/provisioning/roles/geerlingguy.php/vars/RedHat.yml new file mode 100644 index 000000000..f17b982ee --- /dev/null +++ b/provisioning/roles/geerlingguy.php/vars/RedHat.yml @@ -0,0 +1,33 @@ +--- +__php_packages: + - php + - php-cli + - php-common + - php-devel + - php-fpm + - php-gd + - php-imap + - php-ldap + - php-mbstring + - php-opcache + - php-pdo + - php-pear + - php-pecl-apcu + - php-xml + - php-xmlrpc +__php_webserver_daemon: "httpd" + +__php_conf_paths: + - /etc + +__php_extension_conf_paths: + - /etc/php.d + +__php_apc_conf_filename: 50-apc.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php-fpm +__php_fpm_conf_path: "/etc/fpm" +__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" + +__php_fpm_pool_user: apache +__php_fpm_pool_group: apache diff --git a/provisioning/roles/geerlingguy.pimpmylog/.travis.yml b/provisioning/roles/geerlingguy.pimpmylog/.travis.yml new file mode 100644 index 000000000..ba14ee002 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/.travis.yml @@ -0,0 +1,41 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + # Install dependencies. + - ansible-galaxy install geerlingguy.apache geerlingguy.php + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check if Pimp my Log is reachable. + - curl http://127.0.0.1/pimpmylog/ + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.pimpmylog/README.md b/provisioning/roles/geerlingguy.pimpmylog/README.md new file mode 100644 index 000000000..b46539e87 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/README.md @@ -0,0 +1,49 @@ +# Ansible Role: Pimp My Log + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pimpmylog.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pimpmylog) + +Installs [Pimp my Log](http://pimpmylog.com/). + +## Requirements + +Requires PHP to be installed on the server, and a web server like Apache, Nginx, IIS. You can get Pimp my Log set up pretty quickly with this role in tandem with `geerlingguy.apache` and `geerlingguy.php` available on Ansible Galaxy. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + pimpmylog_install_dir: /var/www/pimpmylog + +The location where Pimp my Log will be installed. You should configure a virtual host or server entry pointing to this directory so you can access the interface. Otherwise, you could choose a location that's within an existing docroot, e.g. the default docroot `/var/www/html/pimpmylog`, and access Pimp my Log at `http://localhost/pimpmylog/`. + + pimpmylog_repo: https://github.com/potsky/PimpMyLog.git + +The git repository URL from which Pimp my Log will be cloned. + + pimpmylog_version: master + +The version of Pimp my Log to install. Can be any valid tag, branch, or `HEAD`. + + pimpmylog_grant_all_privs: no + +The setup of Pimp my Log allows for auto-configuration if the installation directory has `777` privileges, but this is an insecure way to install Pimp my Log. If you're installing on a local development environment, this is relatively harmless to set to `yes` to ease in installation... but if you're running this on a production or publicly-available server, don't even _think_ about changing this value! + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + roles: + - { role: geerlingguy.apache } + - { role: geerlingguy.php } + - { role: geerlingguy.pimpmylog } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2015 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.pimpmylog/defaults/main.yml b/provisioning/roles/geerlingguy.pimpmylog/defaults/main.yml new file mode 100644 index 000000000..723fbefe4 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/defaults/main.yml @@ -0,0 +1,5 @@ +--- +pimpmylog_install_dir: /var/www/pimpmylog +pimpmylog_repo: https://github.com/potsky/PimpMyLog.git +pimpmylog_version: master +pimpmylog_grant_all_privs: no diff --git a/provisioning/roles/geerlingguy.pimpmylog/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.pimpmylog/meta/.galaxy_install_info new file mode 100644 index 000000000..58bb564f4 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:51 2016', version: 1.0.2} diff --git a/provisioning/roles/geerlingguy.pimpmylog/meta/main.yml b/provisioning/roles/geerlingguy.pimpmylog/meta/main.yml new file mode 100644 index 000000000..1c8775be3 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Pimp my Log installation for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - web + - server diff --git a/provisioning/roles/geerlingguy.pimpmylog/tasks/main.yml b/provisioning/roles/geerlingguy.pimpmylog/tasks/main.yml new file mode 100644 index 000000000..ccf0fca44 --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Clone Pimp my Log. + git: + dest: "{{ pimpmylog_install_dir }}" + repo: "{{ pimpmylog_repo }}" + version: "{{ pimpmylog_version }}" + accept_hostkey: yes + +- name: Grant all privileges on the Pimp my Log directory. + file: + path: "{{ pimpmylog_install_dir }}" + state: directory + mode: 0777 + when: pimpmylog_grant_all_privs diff --git a/provisioning/roles/geerlingguy.pimpmylog/tests/inventory b/provisioning/roles/geerlingguy.pimpmylog/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.pimpmylog/tests/test.yml b/provisioning/roles/geerlingguy.pimpmylog/tests/test.yml new file mode 100644 index 000000000..0b6322eff --- /dev/null +++ b/provisioning/roles/geerlingguy.pimpmylog/tests/test.yml @@ -0,0 +1,11 @@ +--- +- hosts: localhost + remote_user: root + + vars: + pimpmylog_grant_all_privs: yes + + roles: + - geerlingguy.apache + - geerlingguy.php + - ansible-role-pimpmylog diff --git a/provisioning/roles/geerlingguy.postfix/.travis.yml b/provisioning/roles/geerlingguy.postfix/.travis.yml new file mode 100644 index 000000000..df7b65408 --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/.travis.yml @@ -0,0 +1,36 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # TODO - Add test to check if postfix is working correctly. + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.postfix/README.md b/provisioning/roles/geerlingguy.postfix/README.md new file mode 100644 index 000000000..6bb46a155 --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/README.md @@ -0,0 +1,31 @@ +# Ansible Role: Postfix + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postfix.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postfix) + +Installs postfix on RedHat/CentOS or Debian/Ubuntu. + +## Requirements + +If you're using this as an SMTP relay server, you will need to do that on your own, and open TCP port 25 in your server firewall. + +## Role Variables + +None. + +## Dependencies + +None. + +## Example Playbook + + - hosts: all + roles: + - { role: geerlingguy.postfix } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.postfix/defaults/main.yml b/provisioning/roles/geerlingguy.postfix/defaults/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/provisioning/roles/geerlingguy.postfix/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.postfix/meta/.galaxy_install_info new file mode 100644 index 000000000..6d641a107 --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:54 2016', version: 1.1.0} diff --git a/provisioning/roles/geerlingguy.postfix/meta/main.yml b/provisioning/roles/geerlingguy.postfix/meta/main.yml new file mode 100644 index 000000000..1f034f178 --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Postfix for RedHat/CentOS or Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - networking + - system + - mail diff --git a/provisioning/roles/geerlingguy.postfix/tasks/main.yml b/provisioning/roles/geerlingguy.postfix/tasks/main.yml new file mode 100644 index 000000000..6d0ca1a7c --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Ensure postfix is installed (RedHat). + yum: name=postfix state=installed + when: ansible_os_family == 'RedHat' + +- name: Ensure postfix is installed (Debian). + apt: name=postfix state=installed + when: ansible_os_family == 'Debian' + +- name: Ensure postfix is started and enabled at boot. + service: name=postfix state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.postfix/tests/inventory b/provisioning/roles/geerlingguy.postfix/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.postfix/tests/test.yml b/provisioning/roles/geerlingguy.postfix/tests/test.yml new file mode 100644 index 000000000..f404e408f --- /dev/null +++ b/provisioning/roles/geerlingguy.postfix/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-postfix diff --git a/provisioning/roles/geerlingguy.redis/.travis.yml b/provisioning/roles/geerlingguy.redis/.travis.yml new file mode 100644 index 000000000..70111384e --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/.travis.yml @@ -0,0 +1,47 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + + # Remove pre-existing Redis installation. + - sudo apt-get remove -y --purge redis-server + - sudo rm -rf /etc/redis + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure Redis is running, and can be stopped and started cleanly. + - sudo service redis-server status + - sudo service redis-server stop + - sudo service redis-server start + +after_failure: + - sudo cat /var/log/redis/redis-server.log + - sudo cat /etc/redis/redis.conf + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.redis/README.md b/provisioning/roles/geerlingguy.redis/README.md new file mode 100644 index 000000000..4f746790a --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/README.md @@ -0,0 +1,92 @@ +# Ansible Role: Redis + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-redis.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-redis) + +Installs [Redis](http://redis.io/) on RHEL/CentOS or Debian/Ubuntu. + +## Requirements + +On RedHat-based distributions, requires the EPEL repository (you can simply add the role `geerlingguy.repo-epel` to install ensure EPEL is available). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + redis_port: 6379 + redis_bind_interface: 127.0.0.1 + +Port and interface on which Redis will listen. Set the interface to `0.0.0.0` to listen on all interfaces. + + redis_unixsocket: '' + +If set, Redis will also listen on a local Unix socket. + + redis_timeout: 300 + +Close a connection after a client is idle `N` seconds. Set to `0` to disable timeout. + + redis_loglevel: "notice" + redis_logfile: /var/log/redis/redis-server.log + +Log level and log location (valid levels are `debug`, `verbose`, `notice`, and `warning`). + + redis_databases: 16 + +The number of Redis databases. + + # Set to an empty set to disable persistence (saving the DB to disk). + redis_save: + - 900 1 + - 300 10 + - 60 10000 + +Snapshotting configuration; setting values in this list will save the database to disk if the given number of seconds (e.g. `900`) and the given number of write operations (e.g. `1`) have occurred. + + redis_rdbcompression: "yes" + redis_dbfilename: dump.rdb + redis_dbdir: /var/lib/redis + +Database compression and location configuration. + + redis_maxmemory: 0 + +Limit memory usage to the specified amount of bytes. Leave at 0 for unlimited. + + redis_maxmemory_policy: "noeviction" + +The method to use to keep memory usage below the limit, if specified. See [Using Redis as an LRU cache](http://redis.io/topics/lru-cache). + + redis_maxmemory_samples: 5 + +Number of samples to use to approximate LRU. See [Using Redis as an LRU cache](http://redis.io/topics/lru-cache). + + redis_appendonly: "no" + +The appendonly option, if enabled, affords better data durability guarantees, at the cost of slightly slower performance. + + redis_appendfsync: "everysec" + +Valid values are `always` (slower, safest), `everysec` (happy medium), or `no` (let the filesystem flush data when it wants, most risky). + + # Add extra include files for local configuration/overrides. + redis_includes: [] + +Add extra include file paths to this list to include more/localized Redis configuration. + +## Dependencies + +None. + +## Example Playbook + + - hosts: all + roles: + - { role: geerlingguy.redis } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.redis/defaults/main.yml b/provisioning/roles/geerlingguy.redis/defaults/main.yml new file mode 100644 index 000000000..15e94a2f4 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/defaults/main.yml @@ -0,0 +1,30 @@ +--- +redis_port: 6379 +redis_bind_interface: 127.0.0.1 +redis_unixsocket: '' +redis_timeout: 300 + +redis_loglevel: "notice" +redis_logfile: /var/log/redis/redis-server.log + +redis_databases: 16 + +# Set to an empty set to disable persistence (saving the DB to disk). +redis_save: + - 900 1 + - 300 10 + - 60 10000 + +redis_rdbcompression: "yes" +redis_dbfilename: dump.rdb +redis_dbdir: /var/lib/redis + +redis_maxmemory: 0 +redis_maxmemory_policy: "noeviction" +redis_maxmemory_samples: 5 + +redis_appendonly: "no" +redis_appendfsync: "everysec" + +# Add extra include files for local configuration/overrides. +redis_includes: [] diff --git a/provisioning/roles/geerlingguy.redis/handlers/main.yml b/provisioning/roles/geerlingguy.redis/handlers/main.yml new file mode 100644 index 000000000..9a212039f --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart redis + service: "name={{ redis_daemon }} state=restarted" diff --git a/provisioning/roles/geerlingguy.redis/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.redis/meta/.galaxy_install_info new file mode 100644 index 000000000..69c9c0a74 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:49:59 2016', version: 1.2.0} diff --git a/provisioning/roles/geerlingguy.redis/meta/main.yml b/provisioning/roles/geerlingguy.redis/meta/main.yml new file mode 100644 index 000000000..109a5d752 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/meta/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Redis for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - database + - development + - web diff --git a/provisioning/roles/geerlingguy.redis/tasks/main.yml b/provisioning/roles/geerlingguy.redis/tasks/main.yml new file mode 100644 index 000000000..ec8de5132 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Ensure Redis is configured. + template: + src: redis.conf.j2 + dest: "{{ redis_conf_path }}" + mode: 0644 + notify: restart redis + +- name: Ensure redis is running and enabled on boot. + service: "name={{ redis_daemon }} state=started enabled=yes" diff --git a/provisioning/roles/geerlingguy.redis/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.redis/tasks/setup-Debian.yml new file mode 100644 index 000000000..c105caf18 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/tasks/setup-Debian.yml @@ -0,0 +1,3 @@ +--- +- name: Ensure redis is installed. + apt: name=redis-server state=installed diff --git a/provisioning/roles/geerlingguy.redis/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.redis/tasks/setup-RedHat.yml new file mode 100644 index 000000000..85ed9091d --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/tasks/setup-RedHat.yml @@ -0,0 +1,3 @@ +--- +- name: Ensure redis is installed. + yum: name=redis state=installed enablerepo=epel diff --git a/provisioning/roles/geerlingguy.redis/templates/redis.conf.j2 b/provisioning/roles/geerlingguy.redis/templates/redis.conf.j2 new file mode 100644 index 000000000..f7a7c5f04 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/templates/redis.conf.j2 @@ -0,0 +1,45 @@ +daemonize yes +pidfile /var/run/redis/{{ redis_daemon }}.pid +port {{ redis_port }} +bind {{ redis_bind_interface }} + +{% if redis_unixsocket %} +unixsocket {{ redis_unixsocket }} +{% endif %} + +timeout {{ redis_timeout }} + +loglevel {{ redis_loglevel }} +logfile {{ redis_logfile }} + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no +# syslog-ident redis +# syslog-facility local0 + +databases {{ redis_databases }} + +{% for save in redis_save %} +save {{ save }} +{% endfor %} + +rdbcompression {{ redis_rdbcompression }} +dbfilename {{ redis_dbfilename }} +dir {{ redis_dbdir }} + +# maxclients 128 + +{% if redis_maxmemory %} +maxmemory {{ redis_maxmemory }} +maxmemory-policy {{ redis_maxmemory_policy }} +maxmemory-samples {{ redis_maxmemory_samples }} +{% endif %} + +appendonly {{ redis_appendonly }} +appendfsync {{ redis_appendfsync }} +no-appendfsync-on-rewrite no + +{% for include in redis_includes %} +include {{ include }} +{% endfor %} diff --git a/provisioning/roles/geerlingguy.redis/tests/inventory b/provisioning/roles/geerlingguy.redis/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.redis/tests/test.yml b/provisioning/roles/geerlingguy.redis/tests/test.yml new file mode 100644 index 000000000..d24c0a9cc --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + + roles: + - ansible-role-redis diff --git a/provisioning/roles/geerlingguy.redis/vars/Debian.yml b/provisioning/roles/geerlingguy.redis/vars/Debian.yml new file mode 100644 index 000000000..517d91a1f --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +redis_daemon: redis-server +redis_conf_path: /etc/redis/redis.conf diff --git a/provisioning/roles/geerlingguy.redis/vars/RedHat.yml b/provisioning/roles/geerlingguy.redis/vars/RedHat.yml new file mode 100644 index 000000000..d4f603ce3 --- /dev/null +++ b/provisioning/roles/geerlingguy.redis/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +redis_daemon: redis +redis_conf_path: /etc/redis.conf diff --git a/provisioning/roles/geerlingguy.repo-remi/.travis.yml b/provisioning/roles/geerlingguy.repo-remi/.travis.yml new file mode 100644 index 000000000..c96ecd0f9 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/.travis.yml @@ -0,0 +1,48 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.repo-remi/README.md b/provisioning/roles/geerlingguy.repo-remi/README.md new file mode 100644 index 000000000..c93ee157a --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/README.md @@ -0,0 +1,39 @@ +# Ansible Role: Remi Repository + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-repo-remi.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-repo-remi) + +Installs [Remi's RPM repository](http://rpms.famillecollet.com/) for RHEL/CentOS. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + remi_repo_url: "http://rpms.famillecollet.com/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" + +The URL from which the Remi repo `.rpm` will be downloaded and installed. + + remi_repo_gpg_key_url: "http://rpms.remirepo.net/RPM-GPG-KEY-remi" + +Remi repo GPG key location. Can be set to a local file or to the URL from Remi's website. + +## Dependencies + +None. + +## Example Playbook + + - hosts: servers + roles: + - geerlingguy.repo-remi + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.repo-remi/defaults/main.yml b/provisioning/roles/geerlingguy.repo-remi/defaults/main.yml new file mode 100644 index 000000000..c4827c60c --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/defaults/main.yml @@ -0,0 +1,3 @@ +--- +remi_repo_url: "http://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" +remi_repo_gpg_key_url: "http://rpms.remirepo.net/RPM-GPG-KEY-remi" diff --git a/provisioning/roles/geerlingguy.repo-remi/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.repo-remi/meta/.galaxy_install_info new file mode 100644 index 000000000..e363416af --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:50:02 2016', version: 1.2.0} diff --git a/provisioning/roles/geerlingguy.repo-remi/meta/main.yml b/provisioning/roles/geerlingguy.repo-remi/meta/main.yml new file mode 100644 index 000000000..1f4e932f9 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/meta/main.yml @@ -0,0 +1,15 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Remi's RPM repository for RHEL/CentOS. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - all + galaxy_tags: + - packaging diff --git a/provisioning/roles/geerlingguy.repo-remi/tasks/main.yml b/provisioning/roles/geerlingguy.repo-remi/tasks/main.yml new file mode 100644 index 000000000..b9c50b955 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Install remi repo. + yum: + name: "{{ remi_repo_url }}" + state: present + +- name: Import remi GPG key. + rpm_key: + key: "{{ remi_repo_gpg_key_url }}" + state: present diff --git a/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..7df05ff57 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 @@ -0,0 +1,19 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir - p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..ded17f155 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 @@ -0,0 +1,29 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel +RUN yum clean all +RUN easy_install pip +RUN pip install ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN mkdir - p /etc/ansible +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.repo-remi/tests/requirements.yml b/provisioning/roles/geerlingguy.repo-remi/tests/requirements.yml new file mode 100644 index 000000000..711227acc --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/tests/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.repo-remi diff --git a/provisioning/roles/geerlingguy.repo-remi/tests/test.yml b/provisioning/roles/geerlingguy.repo-remi/tests/test.yml new file mode 100644 index 000000000..3646ff420 --- /dev/null +++ b/provisioning/roles/geerlingguy.repo-remi/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.ruby/.travis.yml b/provisioning/roles/geerlingguy.ruby/.travis.yml new file mode 100644 index 000000000..d09b9b48e --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/.travis.yml @@ -0,0 +1,61 @@ +--- +sudo: required +language: python +python: "2.7" + +env: + - SITE=test-install-from-source.yml + RUBY_VERSION=2.3.0 + RUBY_PATH_PREFIX=/usr/local + - SITE=test-install-package.yml + RUBY_VERSION=1.8.7 + RUBY_PATH_PREFIX=/usr + +before_install: + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Ensure ruby is not installed. + - yes | gem uninstall --all + - yes "yes" | rvm implode --force + - sudo apt-get purge -y ruby + - sudo rm -rf ~/.rvm + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure ruby is installed and at the correct version. + - which ruby + - test -x $RUBY_PATH_PREFIX/bin/ruby + + - ruby --version + - $RUBY_PATH_PREFIX/bin/ruby --version | grep -qF "$RUBY_VERSION" + + # Make sure bundler is installed. + - ls -lah /usr/local/bin + - which bundle + +after_failure: + # If we failed, it's likely due to Travis environment changes. + - which ruby + - ruby --version + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.ruby/README.md b/provisioning/roles/geerlingguy.ruby/README.md new file mode 100644 index 000000000..2c0061724 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/README.md @@ -0,0 +1,59 @@ +# Ansible Role: Ruby + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-ruby.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-ruby) + +Installs Ruby and bundler gem on Linux. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + workspace: /root + +The location where temporary files will be downloaded in preparation for Ruby installation. + + ruby_rubygems_package_name: rubygems + +The name of the `rubygems` package. Generally, the default should work; but it will be set to `rubygems-integration` automatically on Ubuntu Trusty (14.04). + + ruby_install_gems: [] + +A list of Ruby gems to install (just the name of the gem to be installed). This is meant as a simple convenience, and will only install the latest version of the gem. If you need to install gems with more options or specificity, you can do so elsewhere in your playbook. + + ruby_install_gems_user: username + +The user account under which Ruby gems will be installed. Defaults to the `ansible_ssh_user` if not set. + + ruby_install_from_source: false + +By default, this role will install whatever version of ruby is available through your system's package manager (`apt` or `yum`). You can install whatever version you like (including the latest release) by setting this to `true` and/or updating the `ruby_download_url` and `ruby_version`. + + ruby_download_url: http://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.1.tar.gz + +The URL from which Ruby will be downloaded (only used if `ruby_install_from_source` is `true`). + + ruby_version: 2.2.1 + +The version of ruby that will be installed (only used if `ruby_install_from_source` is `true`). + +## Dependencies + +None. + +## Example Playbook + + - hosts: server + roles: + - { role: geerlingguy.ruby } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.ruby/defaults/main.yml b/provisioning/roles/geerlingguy.ruby/defaults/main.yml new file mode 100644 index 000000000..bd0698362 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/defaults/main.yml @@ -0,0 +1,16 @@ +--- +workspace: /root + +# A list of Ruby gems to install. +ruby_install_gems: [] + +# The user account under which Ruby gems will be installed. +# ruby_install_gems_user: username + +# If set to TRUE, ruby will be installed from source, using the version set with +# the 'ruby_version' variable instead of using a package. +ruby_install_from_source: false +ruby_download_url: http://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.gz +ruby_version: 2.3.0 + +ruby_rubygems_package_name: rubygems diff --git a/provisioning/roles/geerlingguy.ruby/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.ruby/meta/.galaxy_install_info new file mode 100644 index 000000000..9f943894f --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:50:06 2016', version: 2.3.1} diff --git a/provisioning/roles/geerlingguy.ruby/meta/main.yml b/provisioning/roles/geerlingguy.ruby/meta/main.yml new file mode 100644 index 000000000..6c5c21ba1 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/meta/main.yml @@ -0,0 +1,45 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Ruby installation for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - lucid + - trusty + - precise + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - development + - web diff --git a/provisioning/roles/geerlingguy.ruby/tasks/install-from-source.yml b/provisioning/roles/geerlingguy.ruby/tasks/install-from-source.yml new file mode 100644 index 000000000..2ae8ac796 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tasks/install-from-source.yml @@ -0,0 +1,60 @@ +--- +- name: Install packages required to build ruby (RedHat). + yum: "name={{ item }} state=present" + with_items: + - zlib-devel + - openssl-static + when: ansible_os_family == 'RedHat' + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Install packages required to build ruby (Debian). + apt: "name={{ item }} state=present" + with_items: + - zlib1g-dev + - libssl-dev + - libyaml-dev + - libreadline6-dev + - zlib1g-dev + - libncurses5-dev + - libffi-dev + - libgdbm3 + - libgdbm-dev + when: ansible_os_family == 'Debian' + +- name: Download ruby. + get_url: + url: "{{ ruby_download_url }}" + dest: "{{ workspace }}/ruby-{{ ruby_version }}.tar.gz" + +- name: Extract ruby. + unarchive: + src: "{{ workspace }}/ruby-{{ ruby_version }}.tar.gz" + dest: "{{ workspace }}/" + copy: no + +- name: Build ruby. + command: > + {{ item }} + chdir={{ workspace }}/ruby-{{ ruby_version }} + creates=/usr/local/bin/ruby + with_items: + - ./configure --enable-shared + - make + - sudo make install + +- name: Add ruby symlinks. + file: + src: "/usr/local/bin/{{ item }}" + dest: "/usr/bin/{{ item }}" + state: link + force: yes + with_items: + - erb + - gem + - irb + - rake + - rdoc + - ruby diff --git a/provisioning/roles/geerlingguy.ruby/tasks/main.yml b/provisioning/roles/geerlingguy.ruby/tasks/main.yml new file mode 100644 index 000000000..b79d38b4e --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# Include OS-specific installation tasks. +- include: setup-RedHat.yml + when: (ruby_install_from_source == false) and (ansible_os_family == 'RedHat') + +- include: setup-Debian.yml + when: (ruby_install_from_source == false) and (ansible_os_family == 'Debian') + +# Install ruby from source when ruby_install_from_source is true. +- include: install-from-source.yml + when: ruby_install_from_source == true + +# Install Bundler and configured gems. +- name: Install Bundler. + gem: name=bundler state=present user_install=no + +- name: Define ruby_install_gems_user. + set_fact: + ruby_install_gems_user: "{{ ansible_ssh_user }}" + when: ruby_install_gems_user is not defined + +- name: Install configured gems. + gem: "name={{ item }} state=present" + become: yes + become_user: "{{ ruby_install_gems_user }}" + with_items: "{{ ruby_install_gems }}" diff --git a/provisioning/roles/geerlingguy.ruby/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.ruby/tasks/setup-Debian.yml new file mode 100644 index 000000000..fdcce9b89 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tasks/setup-Debian.yml @@ -0,0 +1,14 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Set rubygems package name for Ubuntu 14.04. + set_fact: + ruby_rubygems_package_name: rubygems-integration + when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'trusty' + +- name: Install ruby and rubygems. + apt: "name={{ item }} state=present" + with_items: + - ruby-full + - "{{ ruby_rubygems_package_name }}" diff --git a/provisioning/roles/geerlingguy.ruby/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.ruby/tasks/setup-RedHat.yml new file mode 100644 index 000000000..6df6be14f --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tasks/setup-RedHat.yml @@ -0,0 +1,6 @@ +--- +- name: Install ruby and rubygems. + yum: "name={{ item }} state=present" + with_items: + - ruby + - "{{ ruby_rubygems_package_name }}" diff --git a/provisioning/roles/geerlingguy.ruby/tests/inventory b/provisioning/roles/geerlingguy.ruby/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/provisioning/roles/geerlingguy.ruby/tests/test-install-from-source.yml b/provisioning/roles/geerlingguy.ruby/tests/test-install-from-source.yml new file mode 100644 index 000000000..8c0fe37f0 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tests/test-install-from-source.yml @@ -0,0 +1,11 @@ +--- +- hosts: localhost + remote_user: root + + vars: + ruby_install_from_source: true + ruby_download_url: http://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.gz + ruby_version: 2.3.0 + + roles: + - ansible-role-ruby diff --git a/provisioning/roles/geerlingguy.ruby/tests/test-install-package.yml b/provisioning/roles/geerlingguy.ruby/tests/test-install-package.yml new file mode 100644 index 000000000..125a9cd68 --- /dev/null +++ b/provisioning/roles/geerlingguy.ruby/tests/test-install-package.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-ruby diff --git a/provisioning/roles/geerlingguy.security/.travis.yml b/provisioning/roles/geerlingguy.security/.travis.yml new file mode 100644 index 000000000..8928886b2 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/.travis.yml @@ -0,0 +1,57 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu # phusion/baseimage + version: 14.04 + init: /sbin/my_init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure fail2ban process is running. + - > + sudo docker exec "$(cat ${container_id})" ps -ax | grep -q 'fail2ban' + && (echo 'fail2ban is on: pass' && exit 0) + || (echo 'fail2ban is on: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.security/README.md b/provisioning/roles/geerlingguy.security/README.md new file mode 100644 index 000000000..15afb12f1 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/README.md @@ -0,0 +1,79 @@ +# Ansible Role: Security (Basics) + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-security.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-security) + +**First, a major, MAJOR caveat**: the security of your servers is YOUR responsibility. If you think simply including this role and adding a firewall makes a server secure, then you're mistaken. Read up on Linux, network, and application security, and know that no matter how much you know, you can always make every part of your stack more secure. + +That being said, this role performs some basic security configuration on RedHat and Debian-based linux systems. It attempts to: + + - Install software to monitor bad SSH access (fail2ban) + - Configure SSH to be more secure (disabling root login, requiring key-based authentication, and allowing a custom SSH port to be set) + - Set up automatic updates (if configured to do so) + +There are a few other things you may or may not want to do (which are not included in this role) to make sure your servers are more secure, like: + + - Use logwatch or a centralized logging server to analyze and monitor log files + - Securely configure user accounts and SSH keys (this role assumes you're not using password authentication or logging in as root) + - Have a well-configured firewall (check out the `geerlingguy.firewall` role on Ansible Galaxy for a flexible example) + +Again: Your servers' security is *your* responsibility. + +## Requirements + +For obvious reasons, `sudo` must be installed if you want to manage the sudoers file with this role. + +On RedHat/CentOS systems, make sure you have the EPEL repository installed (you can include the `geerlingguy.repo-epel` role to get it installed). + +No special requirements for Debian/Ubuntu systems. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + security_ssh_port: 22 + +The port through which you'd like SSH to be accessible. The default is port 22, but if you're operating a server on the open internet, and have no firewall blocking access to port 22, you'll quickly find that thousands of login attempts per day are not uncommon. You can change the port to a nonstandard port (e.g. 2849) if you want to avoid these thousands of automated penetration attempts. + + security_ssh_password_authentication: 'no' + security_ssh_permit_root_login: 'no' + +Security settings for SSH authentication. It's best to leave these both set to `'no'`, but there are times (especially during initial server configuration or when you don't have key-based authentication in place) when one or both may be safely set to `'yes'`. + + security_sudoers_passwordless: [] + security_sudoers_passworded: [] + +A list of users who should be added to the sudoers file so they can run any command as root (via `sudo`) either without a password or requiring a password for each command, respectively. + + security_autoupdate_enabled: true + +Whether to install/enable `yum-cron` (RedHat-based systems) or `unattended-upgrades` (Debian-based systems). System restarts will not happen automatically in any case, and automatic upgrades are no excuse for sloppy patch and package management, but automatic updates can be helpful as yet another security measure. + + security_fail2ban_enabled: true + +Wether to install/enable `fail2ban`. You might not want to use fail2ban if you're already using some other service for login and intrusion detection (e.g. [ConfigServer](http://configserver.com/cp/csf.html)). + +## Dependencies + +None. + +## Example Playbook + + - hosts: servers + vars_files: + - vars/main.yml + roles: + - geerlingguy.security + +*Inside `vars/main.yml`*: + + security_sudoers_passworded: + - johndoe + - deployacct + +## License + +MIT (Expat) / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.security/defaults/main.yml b/provisioning/roles/geerlingguy.security/defaults/main.yml new file mode 100644 index 000000000..9954803c9 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/defaults/main.yml @@ -0,0 +1,10 @@ +--- +security_ssh_port: 22 +security_ssh_password_authentication: "no" +security_ssh_permit_root_login: "no" + +security_sudoers_passwordless: [] +security_sudoers_passworded: [] + +security_autoupdate_enabled: true +security_fail2ban_enabled: true diff --git a/provisioning/roles/geerlingguy.security/handlers/main.yml b/provisioning/roles/geerlingguy.security/handlers/main.yml new file mode 100644 index 000000000..f91988e3d --- /dev/null +++ b/provisioning/roles/geerlingguy.security/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart ssh + service: "name={{ security_sshd_name }} state=restarted" diff --git a/provisioning/roles/geerlingguy.security/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.security/meta/.galaxy_install_info new file mode 100644 index 000000000..aa3c5db8e --- /dev/null +++ b/provisioning/roles/geerlingguy.security/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:50:09 2016', version: 1.2.0} diff --git a/provisioning/roles/geerlingguy.security/meta/main.yml b/provisioning/roles/geerlingguy.security/meta/main.yml new file mode 100644 index 000000000..1d1ffaf16 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/meta/main.yml @@ -0,0 +1,22 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Security software installation and configuration. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - system + - security diff --git a/provisioning/roles/geerlingguy.security/tasks/autoupdate-Debian.yml b/provisioning/roles/geerlingguy.security/tasks/autoupdate-Debian.yml new file mode 100644 index 000000000..784e2c682 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/autoupdate-Debian.yml @@ -0,0 +1,14 @@ +--- +- name: Install unattended upgrades package. + apt: name=unattended-upgrades state=present + +- name: Copy unattended-upgrades configuration files in place. + template: + src: "../templates/{{ item }}.j2" + dest: "/etc/apt/apt.conf.d/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: + - 10periodic + - 50unattended-upgrades diff --git a/provisioning/roles/geerlingguy.security/tasks/autoupdate-RedHat.yml b/provisioning/roles/geerlingguy.security/tasks/autoupdate-RedHat.yml new file mode 100644 index 000000000..3e7a0a2de --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/autoupdate-RedHat.yml @@ -0,0 +1,13 @@ +--- +- name: Install yum-cron. + yum: name=yum-cron state=present + +- name: Ensure yum-cron is running and enabled on boot. + service: name=yum-cron state=started enabled=yes + +- name: Configure autoupdates (RHEL 7). + lineinfile: + dest: "/etc/yum/yum-cron.conf" + regexp: '^apply_updates = .+' + line: 'apply_updates = yes' + when: security_autoupdate_enabled and ansible_distribution_major_version | int == 7 diff --git a/provisioning/roles/geerlingguy.security/tasks/fail2ban-Debian.yml b/provisioning/roles/geerlingguy.security/tasks/fail2ban-Debian.yml new file mode 100644 index 000000000..238c1a286 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/fail2ban-Debian.yml @@ -0,0 +1,3 @@ +--- +- name: Install fail2ban. + apt: name=fail2ban state=present diff --git a/provisioning/roles/geerlingguy.security/tasks/fail2ban-RedHat.yml b/provisioning/roles/geerlingguy.security/tasks/fail2ban-RedHat.yml new file mode 100644 index 000000000..4f49ddea4 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/fail2ban-RedHat.yml @@ -0,0 +1,3 @@ +--- +- name: Install fail2ban. + yum: name=fail2ban state=present enablerepo=epel diff --git a/provisioning/roles/geerlingguy.security/tasks/main.yml b/provisioning/roles/geerlingguy.security/tasks/main.yml new file mode 100644 index 000000000..31200f84c --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +# Fail2Ban +- include: fail2ban-RedHat.yml + when: ansible_os_family == 'RedHat' and security_fail2ban_enabled + +- include: fail2ban-Debian.yml + when: ansible_os_family == 'Debian' and security_fail2ban_enabled + +- name: Ensure fail2ban is running and enabled on boot. + service: name=fail2ban state=started enabled=yes + when: security_fail2ban_enabled + +# SSH +- include: ssh.yml + +# Autoupdate +- include: autoupdate-RedHat.yml + when: ansible_os_family == 'RedHat' and security_autoupdate_enabled + +- include: autoupdate-Debian.yml + when: ansible_os_family == 'Debian' and security_autoupdate_enabled diff --git a/provisioning/roles/geerlingguy.security/tasks/ssh.yml b/provisioning/roles/geerlingguy.security/tasks/ssh.yml new file mode 100644 index 000000000..57f53f4a2 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tasks/ssh.yml @@ -0,0 +1,35 @@ +--- +- name: Update SSH configuration to be more secure. + lineinfile: + dest: "{{ security_ssh_config_path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - regexp: "^PasswordAuthentication" + line: "PasswordAuthentication {{ security_ssh_password_authentication }}" + - regexp: "^PermitRootLogin" + line: "PermitRootLogin {{ security_ssh_permit_root_login }}" + - regexp: "^Port" + line: "Port {{ security_ssh_port }}" + notify: restart ssh + +- name: Add configured user accounts to passwordless sudoers. + lineinfile: + dest: /etc/sudoers + regexp: '^{{ item }}' + line: '{{ item }} ALL=(ALL) NOPASSWD: ALL' + state: present + validate: 'visudo -cf %s' + with_items: "{{ security_sudoers_passwordless }}" + when: security_sudoers_passwordless | length > 0 + +- name: Add configured user accounts to passworded sudoers. + lineinfile: + dest: /etc/sudoers + regexp: '^{{ item }}' + line: '{{ item }} ALL=(ALL) ALL' + state: present + validate: 'visudo -cf %s' + with_items: "{{ security_sudoers_passworded }}" + when: security_sudoers_passworded | length > 0 diff --git a/provisioning/roles/geerlingguy.security/templates/10periodic.j2 b/provisioning/roles/geerlingguy.security/templates/10periodic.j2 new file mode 100644 index 000000000..5d37e9fc0 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/templates/10periodic.j2 @@ -0,0 +1,4 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::AutocleanInterval "7"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/provisioning/roles/geerlingguy.security/templates/50unattended-upgrades.j2 b/provisioning/roles/geerlingguy.security/templates/50unattended-upgrades.j2 new file mode 100644 index 000000000..c1b7d48df --- /dev/null +++ b/provisioning/roles/geerlingguy.security/templates/50unattended-upgrades.j2 @@ -0,0 +1,6 @@ +Unattended-Upgrade::Automatic-Reboot "false"; + +Unattended-Upgrade::Allowed-Origins { + "${distro_id} ${distro_codename}-security"; +// "${distro_id} ${distro_codename}-updates"; +}; diff --git a/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..949fd976a --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,17 @@ +FROM phusion/baseimage:0.9.18 +RUN apt-get update + +# Enable SSH +RUN rm -f /etc/service/sshd/down + +# Create auth.log required by fail2ban. +RUN touch /var/log/auth.log + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.security/tests/test.yml b/provisioning/roles/geerlingguy.security/tests/test.yml new file mode 100644 index 000000000..f7ab17e98 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/tests/test.yml @@ -0,0 +1,19 @@ +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: 'name="{{ item }}" state=present' + with_items: + - openssh-server + - openssh-clients + when: ansible_os_family == 'RedHat' + + - name: Ensure build dependencies are installed (Debian). + apt: 'name="{{ item }}" state=installed' + with_items: + - openssh-server + - openssh-client + when: ansible_os_family == 'Debian' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.security/vars/Debian.yml b/provisioning/roles/geerlingguy.security/vars/Debian.yml new file mode 100644 index 000000000..40512bdaf --- /dev/null +++ b/provisioning/roles/geerlingguy.security/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +security_ssh_config_path: /etc/ssh/sshd_config +security_sshd_name: ssh \ No newline at end of file diff --git a/provisioning/roles/geerlingguy.security/vars/RedHat.yml b/provisioning/roles/geerlingguy.security/vars/RedHat.yml new file mode 100644 index 000000000..d7b192126 --- /dev/null +++ b/provisioning/roles/geerlingguy.security/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +security_ssh_config_path: /etc/ssh/sshd_config +security_sshd_name: sshd diff --git a/provisioning/roles/geerlingguy.solr/.travis.yml b/provisioning/roles/geerlingguy.solr/.travis.yml new file mode 100644 index 000000000..dcf9cf90a --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/.travis.yml @@ -0,0 +1,68 @@ +--- +sudo: required + +env: + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + solr_major_version: 6 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + solr_major_version: 6 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + solr_major_version: 5 + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + solr_major_version: 4 + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + solr_major_version: 3 + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-solr-${solr_major_version}.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-solr-${solr_major_version}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-solr-${solr_major_version}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # TODO: Test Solr actually running/working. + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.solr/README.md b/provisioning/roles/geerlingguy.solr/README.md new file mode 100644 index 000000000..5b9770df9 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/README.md @@ -0,0 +1,86 @@ +# Ansible Role: Apache Solr + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-solr.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-solr) + +An Ansible Role that installs Apache Solr on Linux servers. + +## Requirements + +Java must be available on the server. You can easily install Java using the `geerlingguy.java` role. Make sure the Java version installed meets the minimum requirements of Solr (e.g. Java 8 for Solr 6+). + +This role is currently tested and working with Solr 3.x, 4.x, 5.x and 6.x. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + solr_workspace: /root + +Files will be downloaded to this path on the remote server before being moved into place. + + solr_create_user: true + solr_user: solr + +Solr will be run under the `solr_user`. Set `solr_create_user` to `false` if `solr_user` is created before this role runs, or if you're using Solr 5+ and want Solr's own installation script to set up the user. + + solr_version: "5.5.1" + +The Apache Solr version to install. + + solr_mirror: "https://archive.apache.org/dist" + +The Apache Project mirror from which the Solr tarball will be downloaded. In case of slow download speed or timeouts it is useful to set the mirror to the one suggested by Apache's [mirror download site](https://www.apache.org/dyn/closer.cgi/lucene/solr/). + + solr_install_dir: /opt + solr_install_path: /opt/solr + +The path where Apache Solr will be installed. For Solr 5+, the `solr_install_dir` will be used by Solr's installation script. For Solr < 5, the Solr installation files will be copied in place in the `solr_install_path`. + + solr_home: /var/solr + +The path where local Solr data (search collections and configuration) will be stored. Should typically be outside of the `solr_path`, to make Solr upgrades easier. + + solr_port: "8983" + +The port on which Solr will run. + + solr_xms: "256M" + solr_xmx: "512M" + +Memory settings for the JVM. These should be set as high as you can allow for best performance and to reduce the chance of Solr restarting itself due to OOM situations. + + solr_cores: + - collection1 + +A list of cores / collections which should exist on the server. Each one will be created (if it doesn't exist already) using the default example configuration that ships with Solr. Note that this variable only applies when using Solr 5+. + +### Variables used only for Solr < 5. + +The following variables are currently only applied to installations of Solr 4 and below: + + solr_log_file_path: /var/log/solr.log + +Path where Solr log file will be created. + + solr_host: "0.0.0.0" + +The hostname or IP address to which Solr will bind. Defaults to `0.0.0.0` which allows Solr to listen on all interfaces. + +## Dependencies + +None. + +## Example Playbook + + - hosts: solr-servers + roles: + - { role: geerlingguy.java } + - { role: geerlingguy.solr } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.solr/defaults/main.yml b/provisioning/roles/geerlingguy.solr/defaults/main.yml new file mode 100644 index 000000000..484e58637 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/defaults/main.yml @@ -0,0 +1,26 @@ +--- +solr_workspace: /root + +solr_create_user: true +solr_user: solr + +solr_version: "6.0.1" +solr_mirror: "https://archive.apache.org/dist" + +solr_service_name: solr +solr_install_dir: /opt +solr_install_path: /opt/solr +solr_home: /var/solr +solr_port: "8983" + +solr_xms: "256M" +solr_xmx: "512M" + +solr_cores: + - collection1 + +solr_config_file: /etc/default/solr.in.sh + +# Used only for Solr < 5. +solr_log_file_path: /var/log/solr.log +solr_host: "0.0.0.0" diff --git a/provisioning/roles/geerlingguy.solr/handlers/main.yml b/provisioning/roles/geerlingguy.solr/handlers/main.yml new file mode 100644 index 000000000..44404e0b3 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart solr + service: + name: "{{ solr_service_name }}" + state: restarted + sleep: 5 diff --git a/provisioning/roles/geerlingguy.solr/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.solr/meta/.galaxy_install_info new file mode 100644 index 000000000..4efeddcd1 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:50:12 2016', version: 3.1.0} diff --git a/provisioning/roles/geerlingguy.solr/meta/main.yml b/provisioning/roles/geerlingguy.solr/meta/main.yml new file mode 100644 index 000000000..90d9f7692 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/meta/main.yml @@ -0,0 +1,22 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Apache Solr for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development diff --git a/provisioning/roles/geerlingguy.solr/tasks/configure.yml b/provisioning/roles/geerlingguy.solr/tasks/configure.yml new file mode 100644 index 000000000..9dc575c6b --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/configure.yml @@ -0,0 +1,20 @@ +--- +- name: Remove existing SOLR_HEAP configuration. + lineinfile: + dest: "{{ solr_config_file }}" + regexp: "^SOLR_HEAP" + state: absent + notify: restart solr + +- name: Apply Solr memory configuration changes. + lineinfile: + dest: "{{ solr_config_file }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - regexp: "^.?SOLR_JAVA_MEM=" + line: 'SOLR_JAVA_MEM="-Xms{{ solr_xms }} -Xmx{{ solr_xmx }}"' + - regexp: "^SOLR_PORT=" + line: 'SOLR_PORT="{{ solr_port }}"' + notify: restart solr \ No newline at end of file diff --git a/provisioning/roles/geerlingguy.solr/tasks/cores.yml b/provisioning/roles/geerlingguy.solr/tasks/cores.yml new file mode 100644 index 000000000..cf4e134bf --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/cores.yml @@ -0,0 +1,26 @@ +--- +- name: Check current list of Solr cores. + uri: + url: http://localhost:{{ solr_port }}/solr/admin/cores + return_content: yes + register: solr_cores_current + +- name: Ensure Solr conf directories exist. + file: + path: "/var/solr/data/{{ item }}/conf" + state: directory + owner: "{{ solr_user }}" + group: "{{ solr_user }}" + recurse: yes + when: "'{{ item }}' not in '{{ solr_cores_current.content }}'" + with_items: "{{ solr_cores }}" + +- name: Ensure core configuration directories exist. + shell: "cp -r {{ solr_install_path }}/example/files/conf/ /var/solr/data/{{ item }}/" + when: "'{{ item }}' not in '{{ solr_cores_current.content }}'" + with_items: "{{ solr_cores }}" + +- name: Create configured cores. + shell: "{{ solr_install_path }}/bin/solr create -c {{ item }}" + when: "'{{ item }}' not in '{{ solr_cores_current.content }}'" + with_items: "{{ solr_cores }}" diff --git a/provisioning/roles/geerlingguy.solr/tasks/install-pre5.yml b/provisioning/roles/geerlingguy.solr/tasks/install-pre5.yml new file mode 100644 index 000000000..623133b50 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/install-pre5.yml @@ -0,0 +1,70 @@ +--- +# Install Solr. +- name: Check if Solr is already installed. + stat: "path={{ solr_install_path }}/dist/{{ solr_filename }}.war" + register: solr_war_file + +- name: Copy Solr into place. + command: "cp -r {{ solr_workspace }}/{{ solr_filename }} {{ solr_install_path }}" + when: not solr_war_file.stat.exists + +- name: Ensure Solr install files are owned by the solr_user. + file: + path: "{{ solr_install_path }}" + owner: "{{ solr_user }}" + group: "{{ solr_user }}" + recurse: yes + when: not solr_war_file.stat.exists + +# Set up solr_home. +- name: Check if solr_home is already set up. + stat: "path={{ solr_home }}/solr.xml" + register: solr_example + +- name: Ensure solr_home directory exists. + file: + path: "{{ solr_home }}" + state: directory + owner: "{{ solr_user }}" + group: "{{ solr_user }}" + mode: 0755 + when: not solr_example.stat.exists + +- name: Copy Solr example into solr_home. + shell: "cp -r {{ solr_install_path }}/example/solr/* {{ solr_home }}" + when: not solr_example.stat.exists + +- name: Fix the example solrconfig.xml file. + replace: + dest: "{{ solr_home }}/collection1/conf/solrconfig.xml" + regexp: ^.+solr\.install\.dir.+$ + replace: "" + when: "not solr_example.stat.exists and solr_version.split('.')[0] == '4'" + +- name: Ensure Solr home files are owned by the solr_user. + file: + path: "{{ solr_home }}" + owner: "{{ solr_user }}" + group: "{{ solr_user }}" + recurse: yes + when: not solr_example.stat.exists + +# Set up Solr init script. +- name: Ensure log file is created and has proper permissions. + file: + path: "/var/log/solr.log" + state: touch + owner: "{{ solr_user }}" + group: root + mode: 0664 + changed_when: false + +- name: Copy solr init script into place. + template: + src: "solr-init-{{ ansible_os_family }}-pre5.j2" + dest: "/etc/init.d/{{ solr_service_name }}" + mode: 0755 + +- name: Ensure daemon is installed (Debian). + apt: name=daemon state=installed + when: ansible_os_family == "Debian" diff --git a/provisioning/roles/geerlingguy.solr/tasks/install.yml b/provisioning/roles/geerlingguy.solr/tasks/install.yml new file mode 100644 index 000000000..a04201729 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/install.yml @@ -0,0 +1,15 @@ +--- +- name: Ensure lsof is present (RedHat). + yum: name=lsof state=present + when: ansible_os_family == "RedHat" + +- name: Run Solr installation script. + shell: > + {{ solr_workspace }}/{{ solr_filename }}/bin/install_solr_service.sh + {{ solr_workspace }}/{{ solr_filename }}.tgz + -i {{ solr_install_dir }} + -d {{ solr_home }} + -u {{ solr_user }} + -s {{ solr_service_name }} + -p {{ solr_port }} + creates={{ solr_install_dir }}/solr/bin/solr diff --git a/provisioning/roles/geerlingguy.solr/tasks/main.yml b/provisioning/roles/geerlingguy.solr/tasks/main.yml new file mode 100644 index 000000000..b9085fa38 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- include: user.yml + when: solr_create_user + +- name: Set solr_filename for Solr 4+. + set_fact: + solr_filename: "solr-{{ solr_version }}" + when: "solr_version.split('.')[0] >= '4'" + +- name: Set solr_filename for Solr 3.x. + set_fact: + solr_filename: "apache-solr-{{ solr_version }}" + when: "solr_version.split('.')[0] == '3'" + +- name: Download Solr. + get_url: + url: "{{ solr_mirror }}/lucene/solr/{{ solr_version }}/{{ solr_filename }}.tgz" + dest: "{{ solr_workspace }}/{{ solr_filename }}.tgz" + force: no + +- name: Expand Solr. + unarchive: + src: "{{ solr_workspace }}/{{ solr_filename }}.tgz" + dest: "{{ solr_workspace }}" + creates: "{{ solr_workspace }}/{{ solr_filename }}/CHANGES.txt" + copy: no + +# Install Solr < 5. +- include: install-pre5.yml + when: "solr_version.split('.')[0] < '5'" + +# Install Solr 5+. +- include: install.yml + when: "solr_version.split('.')[0] >= '5'" + +- name: Ensure solr is started and enabled on boot. + service: + name: "{{ solr_service_name }}" + state: started + enabled: yes + +# Create cores, if any are configured. +- include: cores.yml + when: "solr_cores and solr_version.split('.')[0] >= '5'" + +# Configure solr. +- include: configure.yml + when: "solr_version.split('.')[0] >= '5'" diff --git a/provisioning/roles/geerlingguy.solr/tasks/user.yml b/provisioning/roles/geerlingguy.solr/tasks/user.yml new file mode 100644 index 000000000..8c899a30c --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tasks/user.yml @@ -0,0 +1,9 @@ +--- +- name: Ensure solr_user group exists. + group: "name={{ solr_user }} state=present" + +- name: Ensure solr_user exists. + user: + name: "{{ solr_user }}" + state: present + group: "{{ solr_user }}" diff --git a/provisioning/roles/geerlingguy.solr/templates/solr-init-Debian-pre5.j2 b/provisioning/roles/geerlingguy.solr/templates/solr-init-Debian-pre5.j2 new file mode 100644 index 000000000..b4a4a8d4f --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/templates/solr-init-Debian-pre5.j2 @@ -0,0 +1,94 @@ +#!/bin/sh +# chkconfig: 2345 95 05 +# description: Controls an Apache Solr process. +# +# This script will launch Solr in a mode that will automatically respawn if it +# crashes. Output will be sent to $LOG_FILE. A PID file will be created in the +# standard location. +# +# Adapted by Jeff Geerling from http://stackoverflow.com/a/8014720/100134 + +### BEGIN INIT INFO +# Provides: solr +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Apache Solr search server +### END INIT INFO + +SOLR_DIR="{{ solr_install_path }}/example" +JAVA_OPTIONS="-Dsolr.solr.home={{ solr_home }} -Djetty.host={{ solr_host }} -Djetty.port={{ solr_port }} -Xms{{ solr_xms }} -Xmx{{ solr_xmx }}" +START_COMMAND="java -jar $JAVA_OPTIONS start.jar" +LOG_FILE="{{ solr_log_file_path }}" + +start () { + echo -n "Starting {{ solr_service_name }}... " + + daemon --chdir="$SOLR_DIR" --command "$START_COMMAND" --respawn --output=$LOG_FILE --name={{ solr_service_name }} + + RETVAL=$? + if [ $RETVAL = 0 ] + then + echo "done." + else + echo "failed. See error code for more information." + fi + return $RETVAL +} + +stop () { + echo -n "Stopping {{ solr_service_name }}... " + + daemon --stop --name={{ solr_service_name }} + + RETVAL=$? + if [ $RETVAL = 0 ] + then + echo "done." + else + echo "failed. See error code for more information." + fi + return $RETVAL +} + +restart () { + echo -n "Restarting solr... " + daemon --restart --name={{ solr_service_name }} + + RETVAL=$? + if [ $RETVAL = 0 ] + then + echo "done." + else + echo "failed. See error code for more information." + fi + return $RETVAL +} + +check_status () { + # Report on the status of the daemon + daemon --running --name={{ solr_service_name }} --verbose + return $? +} + +case "$1" in + start) + start + ;; + status) + check_status + ;; + stop) + stop + ;; + restart) + restart + ;; + *) + echo $"Usage: solr {start|status|stop|restart}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/provisioning/roles/geerlingguy.solr/templates/solr-init-RedHat-pre5.j2 b/provisioning/roles/geerlingguy.solr/templates/solr-init-RedHat-pre5.j2 new file mode 100644 index 000000000..979a2176c --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/templates/solr-init-RedHat-pre5.j2 @@ -0,0 +1,91 @@ +#!/bin/sh +# chkconfig: 2345 95 05 +# description: Controls an Apache Solr process. +# +# TODO: Describe this file. +# +# @author Jeff Geerling, 2015 + +. /etc/rc.d/init.d/functions + +SOLR_DIR="{{ solr_install_path }}/example" +JAVA_OPTIONS="-Dsolr.solr.home={{ solr_home }} -Djetty.host={{ solr_host }} -Djetty.port={{ solr_port }} -Xms{{ solr_xms }} -Xmx{{ solr_xmx }} -DSTOP.PORT=8079 -DSTOP.KEY=secret" +START_COMMAND="java -jar $JAVA_OPTIONS start.jar" +STOP_COMMAND="java -jar $JAVA_OPTIONS $SOLR_DIR/start.jar --stop" +LOG_FILE="{{ solr_log_file_path }}" + +start () { + echo -n "Starting solr... " + + if ps aux | grep "[s]olr.solr.home" > /dev/null + then + echo -n "already started... " + else + cd "$SOLR_DIR" && daemon --user="{{ solr_user }}" $START_COMMAND > $LOG_FILE & + fi + + RETVAL=$? + if [ $RETVAL = 0 ] + then + echo "done." + else + echo "failed. See error code for more information." + fi + return $RETVAL +} + +stop () { + echo -n "Stopping solr... " + + if ps aux | grep "[s]olr.solr.home" > /dev/null + then + $STOP_COMMAND + else + echo -n "already stopped... " + fi + + RETVAL=$? + if [ $RETVAL = 0 ] + then + echo "done." + else + echo "failed. See error code for more information." + fi + return $RETVAL +} + +restart () { + $0 stop + sleep 3 + $0 start +} + +check_status () { + if ps aux | grep "[s]olr.solr.home" > /dev/null + then + printf "Solr is running.\n" + else + printf "Solr is stopped.\n" + fi +} + +case "$1" in + start) + start + ;; + status) + check_status + ;; + stop) + stop + ;; + restart) + restart + ;; + *) + echo $"Usage: solr {start|status|stop|restart}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/provisioning/roles/geerlingguy.solr/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..ca332871f --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.solr/tests/requirements.yml b/provisioning/roles/geerlingguy.solr/tests/requirements.yml new file mode 100644 index 000000000..8fbe7cb66 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.java diff --git a/provisioning/roles/geerlingguy.solr/tests/test-solr-3.yml b/provisioning/roles/geerlingguy.solr/tests/test-solr-3.yml new file mode 100644 index 000000000..adf1ca6bd --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/test-solr-3.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + + vars: + solr_version: "3.6.2" + java_packages: + - openjdk-7-jdk + + roles: + - geerlingguy.java + - role_under_test diff --git a/provisioning/roles/geerlingguy.solr/tests/test-solr-4.yml b/provisioning/roles/geerlingguy.solr/tests/test-solr-4.yml new file mode 100644 index 000000000..f9c31ba9e --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/test-solr-4.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + + vars: + solr_version: "4.10.4" + java_packages: + - openjdk-7-jdk + + roles: + - geerlingguy.java + - role_under_test diff --git a/provisioning/roles/geerlingguy.solr/tests/test-solr-5.yml b/provisioning/roles/geerlingguy.solr/tests/test-solr-5.yml new file mode 100644 index 000000000..19ec04197 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/test-solr-5.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + + vars: + solr_version: "5.5.1" + java_packages: + - openjdk-7-jdk + + roles: + - geerlingguy.java + - role_under_test diff --git a/provisioning/roles/geerlingguy.solr/tests/test-solr-6.yml b/provisioning/roles/geerlingguy.solr/tests/test-solr-6.yml new file mode 100644 index 000000000..cf24a1f20 --- /dev/null +++ b/provisioning/roles/geerlingguy.solr/tests/test-solr-6.yml @@ -0,0 +1,21 @@ +--- +- hosts: all + + pre_tasks: + - set_fact: + java_packages: + - java-1.8.0-openjdk + when: ansible_os_family == "RedHat" + + - set_fact: + java_packages: + - openjdk-8-jdk + when: ansible_os_family == "Debian" and ansible_distribution_version == "14.04" + + - name: Add repository for OpenJDK 8. + apt_repository: repo='ppa:openjdk-r/ppa' + when: ansible_os_family == "Debian" and ansible_distribution_version == "14.04" + + roles: + - geerlingguy.java + - role_under_test diff --git a/provisioning/roles/geerlingguy.varnish/.gitignore b/provisioning/roles/geerlingguy.varnish/.gitignore new file mode 100644 index 000000000..496ee2ca6 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/.gitignore @@ -0,0 +1 @@ +.DS_Store \ No newline at end of file diff --git a/provisioning/roles/geerlingguy.varnish/.travis.yml b/provisioning/roles/geerlingguy.varnish/.travis.yml new file mode 100644 index 000000000..c7c83c6ad --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/.travis.yml @@ -0,0 +1,54 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/my_init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Make sure Varnish is running. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm varnishd -V' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/provisioning/roles/geerlingguy.varnish/README.md b/provisioning/roles/geerlingguy.varnish/README.md new file mode 100644 index 000000000..c15d005fe --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/README.md @@ -0,0 +1,77 @@ +# Ansible Role: Varnish + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-varnish.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-varnish) + +An Ansible Role that installs Varnish on RedHat/CentOS or Debian/Ubuntu Linux. + +## Requirements + +Requires the EPEL repository on RedHat/CentOS (you can install it using the `geerlingguy.repo-epel` role). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + varnish_version: "4.0" + +Varnish version that should be installed. See `https://repo.varnish-cache.org/redhat/` for a listing of available versions (e.g. `3.0`, `4.0`, `4.1`). _Note: Ubuntu 16.04 "Xenial" + + varnish_config_path: /etc/varnish + +The path in which Varnish configuration files will be stored. + + varnish_use_default_vcl: true + +Whether to use the included (simplistic) default Varnish VCL, using the backend host/port defined with the next two variables. Set this to `false` and copy your own `default.vcl` file into the `varnish_config_path` if you'd like to use a more complicated setup. If this variable is set to `true`, all other configuration will be taken from Varnish's own [default VCL](https://www.varnish-cache.org/trac/browser/bin/varnishd/default.vcl?rev=3.0). + + varnish_default_vcl_template_path: default.vcl.j2 + +The default VCL file to be copied (if `varnish_use_default_vcl` is `true`). Defaults the the simple template inside `templates/default.vcl.j2`. This path should be relative to the directory from which you run your playbook. + + varnish_default_backend_host: "127.0.0.1" + varnish_default_backend_port: "8080" + +Some settings for the default "default.vcl" template that will be copied to the `varnish_config_path` folder. The default backend host/port could be Apache or Nginx (or some other HTTP server) running on the same host or some other host (in which case, you might use port 80 instead). + + varnish_listen_port: "80" + +The port on which Varnish will listen (typically port 80). + + varnish_secret: "14bac2e6-1e34-4770-8078-974373b76c90" + +The secret/key to be used for connecting to Varnish's admin backend (for purge requests, etc.). + + varnish_admin_listen_host: "127.0.0.1" + varnish_admin_listen_port: "6082" + +The host and port through which Varnish will accept admin requests (like purge and status requests). + + varnish_storage: "file,/var/lib/varnish/varnish_storage.bin,256M" + +How Varnish stores cache entries (this is passed in as the argument for `-s`). If you want to use in-memory storage, change to something like `malloc,256M`. Please read Varnish's [Getting Started guide](https://www.varnish-software.com/static/book/Getting_started.html) for more information. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - geerlingguy.varnish + +*Inside `vars/main.yml`*: + + varnish_secret: "[secret generated by uuidgen]" + varnish_default_backend_host: 81 + ... etc ... + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/provisioning/roles/geerlingguy.varnish/defaults/main.yml b/provisioning/roles/geerlingguy.varnish/defaults/main.yml new file mode 100644 index 000000000..bf5aac412 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/defaults/main.yml @@ -0,0 +1,12 @@ +--- +varnish_version: "4.0" +varnish_use_default_vcl: true +varnish_default_vcl_template_path: default.vcl.j2 +varnish_default_backend_host: "127.0.0.1" +varnish_default_backend_port: "8080" +varnish_listen_port: "80" +varnish_secret: "14bac2e6-1e34-4770-8078-974373b76c90" +varnish_config_path: /etc/varnish +varnish_admin_listen_host: "127.0.0.1" +varnish_admin_listen_port: "6082" +varnish_storage: "file,/var/lib/varnish/varnish_storage.bin,256M" diff --git a/provisioning/roles/geerlingguy.varnish/handlers/main.yml b/provisioning/roles/geerlingguy.varnish/handlers/main.yml new file mode 100644 index 000000000..409075088 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload systemd + command: systemctl daemon-reload + +- name: restart varnish + service: name=varnish state=restarted diff --git a/provisioning/roles/geerlingguy.varnish/meta/.galaxy_install_info b/provisioning/roles/geerlingguy.varnish/meta/.galaxy_install_info new file mode 100644 index 000000000..517aabb19 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jul 15 19:50:16 2016', version: 1.6.1} diff --git a/provisioning/roles/geerlingguy.varnish/meta/main.yml b/provisioning/roles/geerlingguy.varnish/meta/main.yml new file mode 100644 index 000000000..f6096249f --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Varnish for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - precise + - trusty + - name: Debian + versions: + - all + galaxy_tags: + - web diff --git a/provisioning/roles/geerlingguy.varnish/tasks/main.yml b/provisioning/roles/geerlingguy.varnish/tasks/main.yml new file mode 100644 index 000000000..ffdaae452 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Copy Varnish configuration (sysvinit). + template: + src: varnish.j2 + dest: "{{ varnish_sysvinit_config_path }}/varnish" + owner: root + group: root + mode: 0644 + when: > + (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 7) or + (ansible_os_family == 'Debian' and ansible_distribution_release != "xenial") + +- name: Copy Debian Jessie/Xenial specific Varnish configs (systemd). + template: + src: varnish.service.j2 + dest: "{{ varnish_systemd_config_path }}/varnish.service" + owner: root + group: root + mode: 0655 + when: > + (ansible_os_family == 'Debian') and + (ansible_distribution_release == "jessie" or ansible_distribution_release == "xenial") + notify: + - reload systemd + - restart varnish + +- name: Copy Varnish configuration (systemd). + template: + src: varnish.params.j2 + dest: /etc/varnish/varnish.params + owner: root + group: root + mode: 0644 + when: > + (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 7) or + (ansible_os_family == 'Debian' and ansible_distribution_release == "xenial") + +- name: Ensure Varnish config path exists. + file: + path: "{{ varnish_config_path }}" + state: directory + +- name: Copy Varnish default VCL. + template: + src: "{{ varnish_default_vcl_template_path }}" + dest: "{{ varnish_config_path }}/default.vcl" + owner: root + group: root + mode: 0644 + when: varnish_use_default_vcl + notify: restart varnish + +- name: Copy varnish secret. + template: + src: secret.j2 + dest: "{{ varnish_config_path }}/secret" + owner: root + group: root + mode: 0644 + notify: restart varnish + +- name: Ensure Varnish is started and set to run on startup. + service: name=varnish state=started enabled=yes diff --git a/provisioning/roles/geerlingguy.varnish/tasks/setup-Debian.yml b/provisioning/roles/geerlingguy.varnish/tasks/setup-Debian.yml new file mode 100644 index 000000000..b7cbba314 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tasks/setup-Debian.yml @@ -0,0 +1,13 @@ +--- +- name: Add Varnish apt key. + apt_key: url=http://repo.varnish-cache.org/debian/GPG-key.txt state=present + when: ansible_distribution_release != "xenial" + +- name: Add Varnish apt repository. + apt_repository: + repo: "deb http://repo.varnish-cache.org/ubuntu {{ ansible_distribution_release }} varnish-{{ varnish_version }}" + state: present + when: ansible_distribution_release != "xenial" + +- name: Install Varnish. + apt: name=varnish state=installed diff --git a/provisioning/roles/geerlingguy.varnish/tasks/setup-RedHat.yml b/provisioning/roles/geerlingguy.varnish/tasks/setup-RedHat.yml new file mode 100644 index 000000000..b19e53985 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tasks/setup-RedHat.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure gcc is installed (Varnish dependency). + yum: name=gcc state=present + +- name: Add Varnish repository. + command: > + rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-{{ varnish_version }}.el6.rpm + creates=/var/lib/yum/repos/x86_64/6/varnish-{{ varnish_version }} + ignore_errors: true + when: ansible_distribution_major_version|int < 7 + +- name: Set repo fact appropriately. + set_fact: + varnish_yum_enablerepo: "{{ 'varnish-{{ varnish_version }},epel' if (ansible_distribution_major_version|int < 7) else 'epel' }}" + +- name: Install Varnish. + yum: + name: varnish + state: installed + enablerepo: "{{ varnish_yum_enablerepo }}" + disablerepo: "*" diff --git a/provisioning/roles/geerlingguy.varnish/templates/default.vcl.j2 b/provisioning/roles/geerlingguy.varnish/templates/default.vcl.j2 new file mode 100644 index 000000000..36a337620 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/templates/default.vcl.j2 @@ -0,0 +1,11 @@ +vcl 4.0; + +# This is a basic VCL configuration file for varnish. See the vcl(7) +# man page for details on VCL syntax and semantics. +# +# Default backend definition. Set this to point to your content +# server. +backend default { + .host = "{{ varnish_default_backend_host }}"; + .port = "{{ varnish_default_backend_port }}"; +} diff --git a/provisioning/roles/geerlingguy.varnish/templates/secret.j2 b/provisioning/roles/geerlingguy.varnish/templates/secret.j2 new file mode 100644 index 000000000..8d7047d7c --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/templates/secret.j2 @@ -0,0 +1 @@ +{{ varnish_secret }} diff --git a/provisioning/roles/geerlingguy.varnish/templates/varnish.j2 b/provisioning/roles/geerlingguy.varnish/templates/varnish.j2 new file mode 100644 index 000000000..6c3db0d5e --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/templates/varnish.j2 @@ -0,0 +1,110 @@ +# Configuration file for varnish +# +# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this +# shell script fragment. +# + +# Start varnish (only applies to Debian-based hosts) +START=yes + +# Maximum number of open files (for ulimit -n) +NFILES=131072 + +# Locked shared memory (for ulimit -l) +# Default log size is 82MB + header +MEMLOCK=82000 + +# Maximum number of threads (for ulimit -u) +NPROCS="unlimited" + +# Maximum size of corefile (for ulimit -c). Default in Fedora is 0 +# DAEMON_COREFILE_LIMIT="unlimited" + +# Set this to 1 to make init script reload try to switch vcl without restart. +# To make this work, you need to set the following variables +# explicit: VARNISH_VCL_CONF, VARNISH_ADMIN_LISTEN_ADDRESS, +# VARNISH_ADMIN_LISTEN_PORT, VARNISH_SECRET_FILE, or in short, +# use Alternative 3, Advanced configuration, below +RELOAD_VCL=1 + +# This file contains 4 alternatives, please use only one. + +## Alternative 1, Minimal configuration, no VCL +# +# Listen on port 6081, administration on localhost:6082, and forward to +# content server on localhost:8080. Use a fixed-size cache file. +# +#DAEMON_OPTS="-a :6081 \ +# -T localhost:6082 \ +# -b localhost:8080 \ +# -u varnish -g varnish \ +# -s file,/var/lib/varnish/varnish_storage.bin,1G" + + +## Alternative 2, Configuration with VCL +# +# Listen on port 6081, administration on localhost:6082, and forward to +# one content server selected by the vcl file, based on the request. Use a +# fixed-size cache file. +# +#DAEMON_OPTS="-a :6081 \ +# -T localhost:6082 \ +# -f /etc/varnish/default.vcl \ +# -u varnish -g varnish \ +# -S /etc/varnish/secret \ +# -s file,/var/lib/varnish/varnish_storage.bin,1G" + + +## Alternative 3, Advanced configuration +# +# See varnishd(1) for more information. +# +# # Main configuration file. You probably want to change it :) +VARNISH_VCL_CONF={{ varnish_config_path }}/default.vcl +# +# # Default address and port to bind to +# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify +# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. +# VARNISH_LISTEN_ADDRESS= +VARNISH_LISTEN_PORT={{ varnish_listen_port }} +# +# # Telnet admin interface listen address and port +VARNISH_ADMIN_LISTEN_ADDRESS={{ varnish_admin_listen_host }} +VARNISH_ADMIN_LISTEN_PORT={{ varnish_admin_listen_port }} +# +# # Shared secret file for admin interface +VARNISH_SECRET_FILE={{ varnish_config_path }}/secret +# +# # The minimum number of worker threads to start +VARNISH_MIN_THREADS=50 +# +# # The Maximum number of worker threads to start +VARNISH_MAX_THREADS=1000 +# +# # Idle timeout for worker threads +VARNISH_THREAD_TIMEOUT=120 +# +# # Backend storage specification +VARNISH_STORAGE="{{ varnish_storage }}" +# +# # Default TTL used when the backend does not specify one +VARNISH_TTL=120 +# +# # DAEMON_OPTS is used by the init script. If you add or remove options, make +# # sure you update this section, too. +DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ + -f ${VARNISH_VCL_CONF} \ + -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ + -t ${VARNISH_TTL} \ + -p thread_pool_min=${VARNISH_MIN_THREADS} \ + -p thread_pool_max=${VARNISH_MAX_THREADS} \ + -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \ + -u varnish -g varnish \ + -S ${VARNISH_SECRET_FILE} \ + -s ${VARNISH_STORAGE}" +# + + +## Alternative 4, Do It Yourself. See varnishd(1) for more information. +# +# DAEMON_OPTS="" diff --git a/provisioning/roles/geerlingguy.varnish/templates/varnish.params.j2 b/provisioning/roles/geerlingguy.varnish/templates/varnish.params.j2 new file mode 100644 index 000000000..bd5637e9c --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/templates/varnish.params.j2 @@ -0,0 +1,35 @@ +# Varnish environment configuration description. This was derived from +# the old style sysconfig/defaults settings + +# Set this to 1 to make systemd reload try to switch vcl without restart. +RELOAD_VCL=1 + +# Main configuration file. You probably want to change it. +VARNISH_VCL_CONF={{ varnish_config_path }}/default.vcl + +# Default address and port to bind to. Blank address means all IPv4 +# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted +# quad, or an IPv6 address in brackets. +# VARNISH_LISTEN_ADDRESS=192.168.1.5 +VARNISH_LISTEN_PORT={{ varnish_listen_port }} + +# Admin interface listen address and port +VARNISH_ADMIN_LISTEN_ADDRESS={{ varnish_admin_listen_host }} +VARNISH_ADMIN_LISTEN_PORT={{ varnish_admin_listen_port }} + +# Shared secret file for admin interface +VARNISH_SECRET_FILE={{ varnish_config_path }}/secret + +# Backend storage specification, see Storage Types in the varnishd(5) +# man page for details. +VARNISH_STORAGE="{{ varnish_storage }}" + +# Default TTL used when the backend does not specify one +VARNISH_TTL=120 + +# User and group for the varnishd worker processes +VARNISH_USER=varnish +VARNISH_GROUP=varnish + +# Other options, see the man page varnishd(1) +#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300" diff --git a/provisioning/roles/geerlingguy.varnish/templates/varnish.service.j2 b/provisioning/roles/geerlingguy.varnish/templates/varnish.service.j2 new file mode 100644 index 000000000..737a52f0f --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/templates/varnish.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Varnish Cache, a high-performance HTTP accelerator + +[Service] +Type=forking +LimitNOFILE=131072 +LimitMEMLOCK=82000 +ExecStart=/usr/sbin/varnishd -a :{{ varnish_listen_port }} -T {{ varnish_admin_listen_host }}:{{ varnish_admin_listen_port }} -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m +ExecReload=/usr/share/varnish/reload-vcl + +[Install] +WantedBy=multi-user.target diff --git a/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-6 b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-6 new file mode 100644 index 000000000..4a4e7b8d6 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-7 b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-7 new file mode 100644 index 000000000..8aa065497 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-12.04 b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 000000000..d0c130cdf --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-14.04 b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 000000000..949fd976a --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,17 @@ +FROM phusion/baseimage:0.9.18 +RUN apt-get update + +# Enable SSH +RUN rm -f /etc/service/sshd/down + +# Create auth.log required by fail2ban. +RUN touch /var/log/auth.log + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/provisioning/roles/geerlingguy.varnish/tests/test.yml b/provisioning/roles/geerlingguy.varnish/tests/test.yml new file mode 100644 index 000000000..69e2a6818 --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/tests/test.yml @@ -0,0 +1,20 @@ +- hosts: all + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat 7+). + yum: 'name="{{ item }}" state=present' + with_items: + - logrotate + - redhat-rpm-config + - systemd-sysv + - initscripts + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7' + + - name: Ensure build dependencies are installed (RedHat < 7). + yum: 'name="{{ item }}" state=present' + with_items: + - logrotate + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '7' + + roles: + - role_under_test diff --git a/provisioning/roles/geerlingguy.varnish/vars/Debian.yml b/provisioning/roles/geerlingguy.varnish/vars/Debian.yml new file mode 100644 index 000000000..98ec82dcd --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +varnish_sysvinit_config_path: /etc/default +varnish_systemd_config_path: /etc/systemd/system diff --git a/provisioning/roles/geerlingguy.varnish/vars/RedHat.yml b/provisioning/roles/geerlingguy.varnish/vars/RedHat.yml new file mode 100644 index 000000000..83b76ddde --- /dev/null +++ b/provisioning/roles/geerlingguy.varnish/vars/RedHat.yml @@ -0,0 +1,2 @@ +--- +varnish_sysvinit_config_path: /etc/sysconfig From 443999d797f442bd18d51cd35d83bcc2e1cf3fa8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:22:53 -0500 Subject: [PATCH 3/8] Issue #814: Update Vagrantfile and docs for roles-in-VM. --- Vagrantfile | 2 -- docs/other/overriding-configurations.md | 3 --- docs/other/php-56.md | 2 -- 3 files changed, 7 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index dc2971781..7cc087dfe 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -122,7 +122,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| if which('ansible-playbook') config.vm.provision 'ansible' do |ansible| ansible.playbook = "#{host_drupalvm_dir}/provisioning/playbook.yml" - ansible.galaxy_role_file = "#{host_drupalvm_dir}/provisioning/requirements.yml" ansible.extra_vars = { config_dir: host_config_dir } @@ -137,7 +136,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # else # config.vm.provision "ansible_local" do |ansible| # ansible.playbook = "#{guest_drupalvm_dir}/provisioning/playbook.yml" - # ansible.galaxy_role_file = "#{guest_drupalvm_dir}/provisioning/requirements.yml" # ansible.extra_vars = { # config_dir: guest_config_dir # } diff --git a/docs/other/overriding-configurations.md b/docs/other/overriding-configurations.md index 43f698720..36e1ccdaa 100644 --- a/docs/other/overriding-configurations.md +++ b/docs/other/overriding-configurations.md @@ -45,9 +45,6 @@ config.vm.provider :virtualbox do |v| # Cap the host CPU execution at 50% usage. v.customize ["modifyvm", :id, "--cpuexecutioncap", "50"] end - -# Disable the galaxy role re-installation during provisions. -config.vm.provisioners[0].config.galaxy_role_file = nil ``` ### Example: Using the `vagrant-aws` provider diff --git a/docs/other/php-56.md b/docs/other/php-56.md index cd1ff558a..14a6f8b8f 100644 --- a/docs/other/php-56.md +++ b/docs/other/php-56.md @@ -1,7 +1,5 @@ Drupal VM defaults to PHP 7, but you can install and use 5.6 if you need to maximize compatibility with older Drupal 6 and 7 sites. -_Note: If you have Ansible installed on your host machine, make sure you're running the latest version of all Ansible role dependencies by running `ansible-galaxy install -r provisioning/requirements.yml --force` inside the root Drupal VM project folder._ - ## Ubuntu 16.04 Ubuntu 16.04 Xenial defaults to PHP 7.0 in it's system packages. No older versions of PHP will be supported if using this base box. From 8919e9336097df382800f5cac88c3a99bf04471c Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:24:15 -0500 Subject: [PATCH 4/8] Issue #814: Ignore galaxy install info dotfiles. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b5483661c..3f516b04a 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ .vagrant/ .bundle/ *.retry +.galaxy_install_info vagrant_ansible_inventory_default local.config.yml config.yml From f912ca16bcc8e00389dba2a19130ada2ec32b8cb Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:32:48 -0500 Subject: [PATCH 5/8] Issue #814: Remove galaxy install step from Travis config. --- .travis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3a8ab7b07..104cb28f4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,9 +49,6 @@ script: # Setup directories. - 'sudo docker exec "$(cat ${container_id})" mkdir -p ${DRUPALVM_DIR}/drupal' - # Install dependencies. - - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r ${DRUPALVM_DIR}/provisioning/requirements.yml' - # Setup config directory. - '[[ ! -z "${config_dir}" ]] && sudo docker exec "$(cat ${container_id})" mkdir -p ${config_dir} || true' From 2bc448bcdc0dc79d2a9a0081a23b76b463c737c5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 22:34:31 -0500 Subject: [PATCH 6/8] Issue #814: Don't install dependencies on Windows or non-Ansible-powered hosts. --- provisioning/JJG-Ansible-Windows/windows.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provisioning/JJG-Ansible-Windows/windows.sh b/provisioning/JJG-Ansible-Windows/windows.sh index a96d5169e..4eb6e62e1 100644 --- a/provisioning/JJG-Ansible-Windows/windows.sh +++ b/provisioning/JJG-Ansible-Windows/windows.sh @@ -71,8 +71,8 @@ if ! command -v ansible >/dev/null; then fi # Install requirements. -echo "Installing Ansible roles from requirements file, if available." -find "$PLAYBOOK_DIR" \( -name "requirements.yml" -o -name "requirements.txt" \) -exec sudo ansible-galaxy install --force --ignore-errors -r {} \; +#echo "Installing Ansible roles from requirements file, if available." +#find "$PLAYBOOK_DIR" \( -name "requirements.yml" -o -name "requirements.txt" \) -exec sudo ansible-galaxy install --force --ignore-errors -r {} \; # Run the playbook. echo "Running Ansible provisioner defined in Vagrantfile." From ead6ebcd571f1219265457d804a10f06e39bd547 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 23:10:55 -0500 Subject: [PATCH 7/8] Issue #814: See what files rubocop is inspecting. --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 104cb28f4..d82226a74 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,6 +61,7 @@ script: - '[[ ! -z "${local_config}" ]] && sudo docker exec "$(cat ${container_id})" bash -c "cp ${DRUPALVM_DIR}/${local_config} ${config_dir:-$DRUPALVM_DIR}/local.config.yml" || true' # Vagrantfile syntax check + - 'rubocop --list-target-files' - 'rubocop --except LineLength,Eval,MutableConstant' # Ansible syntax check. From 6e9102572044948f7461b718badc5f6eec0cce07 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Jul 2016 23:15:12 -0500 Subject: [PATCH 8/8] Issue #814: See if we can make rubocop inspect only our own Vagrantfile. --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d82226a74..c7793e79a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,8 +61,7 @@ script: - '[[ ! -z "${local_config}" ]] && sudo docker exec "$(cat ${container_id})" bash -c "cp ${DRUPALVM_DIR}/${local_config} ${config_dir:-$DRUPALVM_DIR}/local.config.yml" || true' # Vagrantfile syntax check - - 'rubocop --list-target-files' - - 'rubocop --except LineLength,Eval,MutableConstant' + - 'rubocop ./Vagrantfile --except LineLength,Eval,MutableConstant' # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook ${DRUPALVM_DIR}/provisioning/playbook.yml --syntax-check'