[ { "path": ".github/workflows/main.yml", "content": "name: Ansible Lint\n\non: [push, pull_request]\n\njobs:\n build:\n\n runs-on: ubuntu-latest\n\n steps:\n # Important: This sets up your GITHUB_WORKSPACE environment variable\n - uses: actions/checkout@v2\n\n - name: Lint Ansible Playbook\n # replace \"master\" with any valid ref\n uses: ansible/ansible-lint-action@master\n with:\n # [required]\n # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)\n # or valid Ansible directories according to the Ansible role\n # directory structure.\n # If you want to lint multiple ansible files, use the following syntax\n # targets: |\n # playbook_1.yml\n # playbook_2.yml\n targets: wordpress-nginx/site.yml\n" }, { "path": ".gitignore", "content": "wordpress-nginx/hosts\n.DS_Store" }, { "path": "README.md", "content": "\nAnsible Examples\n----------------\n\nThis repository contains examples and best practices for building Ansible Playbooks.\n\n" }, { "path": "jboss-standalone/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "jboss-standalone/README.md", "content": "## Standalone JBoss Deployment\n\n- Requires Ansible 1.2 or newer\n- Expects CentOS/RHEL 6 or 7 hosts\n\nThese playbooks deploy a very basic implementation of JBoss Application Server,\nversion 7. To use them, first edit the `hosts` inventory file to contain the\nhostnames of the machines on which you want JBoss deployed, and edit the \ngroup_vars/all file to set any JBoss configuration parameters you need.\n\nThen run the playbook, like this:\n\n\tansible-playbook -i hosts site.yml\n\nWhen the playbook run completes, you should be able to see the JBoss\nApplication Server running on the ports you chose, on the target machines.\n\nThis is a very simple playbook and could serve as a starting point for more\ncomplex JBoss-based projects. \n\n## Application deployment\n\nThe playbook deploy-application.yml may be used to deploy the HelloWorld and Ticket Monster demo applications to JBoss hosts that have been deployed using site.yml, as above.\n\nRun the playbook using:\n\n\tansible-playbook -i hosts deploy-application.yml\n\t\nThe HelloWorld application will be available at `http://:/helloworld`\n\nThe Ticket Monster application will be available at `http://:/ticket-monster`\n\n## Provisioning for Amazon Web Services\n\nA simple playbook is provided, as an example, to provision hosts in preparation for running this JBoss deployment example.\n\n\tansible-playbook -i hosts demo-aws-launch.yml\n\n### Ideas for Improvement\n\nHere are some ideas for ways that these playbooks could be extended:\n\n- Write a playbook or an Ansible module to configure JBoss users.\n- Extend this configuration to multiple application servers fronted by a load\nbalancer or other web server frontend.\n\nWe would love to see contributions and improvements, so please fork this\nrepository on GitHub and send us your changes via pull requests.\n" }, { "path": "jboss-standalone/demo-aws-launch.yml", "content": "---\n- name: Provision instances\n hosts: localhost\n connection: local\n gather_facts: False\n\n # load AWS variables from this group vars file\n vars_files:\n - group_vars/all\n\n tasks:\n - name: Launch instances\n ec2:\n access_key: \"{{ ec2_access_key }}\"\n secret_key: \"{{ ec2_secret_key }}\"\n keypair: \"{{ ec2_keypair }}\"\n group: \"{{ ec2_security_group }}\"\n type: \"{{ ec2_instance_type }}\"\n image: \"{{ ec2_image }}\"\n region: \"{{ ec2_region }}\"\n instance_tags: \"{'ansible_group':'jboss', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count: \"{{ ec2_instance_count }}\"\n wait: true\n register: ec2\n\n - name: Wait for SSH to come up\n wait_for:\n host: \"{{ item.public_dns_name }}\"\n port: 22\n delay: 60\n timeout: 320\n state: started\n with_items: \"{{ ec2.instances }}\"\n" }, { "path": "jboss-standalone/deploy-application.yml", "content": "---\n# This playbook deploys two simple applications to JBoss server.\n\n- hosts: all\n\n roles:\n# Optionally, (re)deploy JBoss here.\n# - jboss-standalone\n - java-app\n" }, { "path": "jboss-standalone/group_vars/all", "content": "# Here are variables related to the standalone JBoss installation\n\nhttp_port: 8080\nhttps_port: 8443\n\n# AWS specific variables\nec2_access_key:\nec2_secret_key:\nec2_region: us-east-1\nec2_zone:\nec2_image: ami-6c1e8f04\nec2_instance_type: m1.small\nec2_keypair: djohnson\nec2_security_group: default\nec2_instance_count: 3\nec2_tag: demo\nec2_tag_name_prefix: dj\nec2_hosts: all\nwait_for_port: 22\n\n# This user name will be set by Tower, when run through Tower\ntower_user_name: admin\n" }, { "path": "jboss-standalone/hosts", "content": "appserver1\n" }, { "path": "jboss-standalone/roles/java-app/tasks/main.yml", "content": "---\n- name: Copy application WAR file to host\n copy:\n src: jboss-helloworld.war\n dest: /tmp\n\n- name: Deploy HelloWorld to JBoss\n jboss:\n deploy_path: /usr/share/jboss-as/standalone/deployments/\n src: /tmp/jboss-helloworld.war\n deployment: helloworld.war\n state: present\n\n- name: Copy application WAR file to host\n copy:\n src: ticket-monster.war\n dest: /tmp\n\n- name: Deploy Ticket Monster to JBoss\n jboss:\n deploy_path: /usr/share/jboss-as/standalone/deployments/\n src: /tmp/ticket-monster.war\n deployment: ticket-monster.war\n state: present\n" }, { "path": "jboss-standalone/roles/jboss-standalone/files/jboss-as-standalone.sh", "content": "#!/bin/sh\n#\n# JBoss standalone control script\n#\n# chkconfig: - 80 20\n# description: JBoss AS Standalone\n# processname: standalone\n# pidfile: /var/run/jboss-as/jboss-as-standalone.pid\n# config: /etc/jboss-as/jboss-as.conf\n\n# Source function library.\n. /etc/init.d/functions\n\n# Load Java configuration.\n[ -r /etc/java/java.conf ] && . /etc/java/java.conf\nexport JAVA_HOME\n\n##\n# Set the JBoss user\nJBOSS_USER=jboss \nexport JBOSS_USER \n\n# Load JBoss AS init.d configuration.\nif [ -z \"$JBOSS_CONF\" ]; then\n JBOSS_CONF=\"/etc/jboss-as/jboss-as.conf\"\nfi\n\n[ -r \"$JBOSS_CONF\" ] && . \"${JBOSS_CONF}\"\n\n# Set defaults.\n\nif [ -z \"$JBOSS_HOME\" ]; then\n JBOSS_HOME=/usr/share/jboss-as\nfi\nexport JBOSS_HOME\n\nif [ -z \"$JBOSS_PIDFILE\" ]; then\n JBOSS_PIDFILE=/var/run/jboss-as/jboss-as-standalone.pid\nfi\nexport JBOSS_PIDFILE\n\nif [ -z \"$JBOSS_CONSOLE_LOG\" ]; then\n JBOSS_CONSOLE_LOG=/var/log/jboss-as/console.log\nfi\n\nif [ -z \"$STARTUP_WAIT\" ]; then\n STARTUP_WAIT=30\nfi\n\nif [ -z \"$SHUTDOWN_WAIT\" ]; then\n SHUTDOWN_WAIT=30\nfi\n\nif [ -z \"$JBOSS_CONFIG\" ]; then\n JBOSS_CONFIG=standalone.xml\nfi\n\nJBOSS_SCRIPT=$JBOSS_HOME/bin/standalone.sh\n\nprog='jboss-as'\n\nCMD_PREFIX=''\n\nif [ ! -z \"$JBOSS_USER\" ]; then\n if [ -x /etc/rc.d/init.d/functions ]; then\n CMD_PREFIX=\"daemon --user $JBOSS_USER\"\n else\n CMD_PREFIX=\"su - $JBOSS_USER -c\"\n fi\nfi\n\nstart() {\n echo -n \"Starting $prog: \"\n if [ -f $JBOSS_PIDFILE ]; then\n read ppid < $JBOSS_PIDFILE\n if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then\n echo -n \"$prog is already running\"\n failure\n echo\n return 1 \n else\n rm -f $JBOSS_PIDFILE\n fi\n fi\n mkdir -p $(dirname $JBOSS_CONSOLE_LOG)\n cat /dev/null > $JBOSS_CONSOLE_LOG\n\n mkdir -p $(dirname $JBOSS_PIDFILE)\n chown $JBOSS_USER $(dirname $JBOSS_PIDFILE) || true\n #$CMD_PREFIX JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT 2>&1 > $JBOSS_CONSOLE_LOG &\n #$CMD_PREFIX JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT &\n\n if [ ! -z \"$JBOSS_USER\" ]; then\n if [ -x /etc/rc.d/init.d/functions ]; then\n daemon --user $JBOSS_USER LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG 2>&1 > $JBOSS_CONSOLE_LOG &\n else\n su - $JBOSS_USER -c \"LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG\" 2>&1 > $JBOSS_CONSOLE_LOG &\n fi\n fi\n\n count=0\n launched=false\n\n until [ $count -gt $STARTUP_WAIT ]\n do\n grep 'JBoss AS.*started in' $JBOSS_CONSOLE_LOG > /dev/null \n if [ $? -eq 0 ] ; then\n launched=true\n break\n fi \n sleep 1\n let count=$count+1;\n done\n \n success\n echo\n return 0\n}\n\nstop() {\n echo -n $\"Stopping $prog: \"\n count=0;\n\n if [ -f $JBOSS_PIDFILE ]; then\n read kpid < $JBOSS_PIDFILE\n let kwait=$SHUTDOWN_WAIT\n\n # Try issuing SIGTERM\n\n kill -15 $kpid\n until [ `ps --pid $kpid 2> /dev/null | grep -c $kpid 2> /dev/null` -eq '0' ] || [ $count -gt $kwait ]\n do\n sleep 1\n let count=$count+1;\n done\n\n if [ $count -gt $kwait ]; then\n kill -9 $kpid\n fi\n fi\n rm -f $JBOSS_PIDFILE\n success\n echo\n}\n\nstatus() {\n if [ -f $JBOSS_PIDFILE ]; then\n read ppid < $JBOSS_PIDFILE\n if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then\n echo \"$prog is running (pid $ppid)\"\n return 0\n else\n echo \"$prog dead but pid file exists\"\n return 1\n fi\n fi\n echo \"$prog is not running\"\n return 3\n}\n\ncase \"$1\" in\n start)\n start\n ;;\n stop)\n stop\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n status)\n status\n ;;\n *)\n ## If no parameters are given, print which are avaiable.\n echo \"Usage: $0 {start|stop|status|restart|reload}\"\n exit 1\n ;;\nesac\n" }, { "path": "jboss-standalone/roles/jboss-standalone/handlers/main.yml", "content": "---\n- name: restart jboss\n service:\n name: jboss\n state: restarted\n\n- name: restart iptables\n service:\n name: iptables\n state: restarted\n" }, { "path": "jboss-standalone/roles/jboss-standalone/tasks/main.yml", "content": "---\n- name: Install Java 1.7 and some basic dependencies\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - unzip\n - java-1.7.0-openjdk\n - libselinux-python\n - libsemanage-python\n\n- name: Download JBoss from jboss.org\n get_url:\n url: http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip\n dest: /opt/jboss-as-7.1.1.Final.zip\n\n- name: Extract archive\n unarchive:\n dest: /usr/share\n src: /opt/jboss-as-7.1.1.Final.zip\n creates: /usr/share/jboss-as\n copy: no\n\n # Rename the dir to avoid encoding the version in the init script\n- name: Rename install directory\n command: /bin/mv jboss-as-7.1.1.Final jboss-as \n args:\n chdir: /usr/share \n creates: /usr/share/jboss-as\n\n- name: Copying standalone.xml configuration file\n template:\n src: standalone.xml\n dest: /usr/share/jboss-as/standalone/configuration/\n notify: restart jboss\n\n- name: Add group \"jboss\"\n group:\n name: jboss\n\n- name: Add user \"jboss\"\n user:\n name: jboss\n group: jboss\n home: /usr/share/jboss-as\n\n- name: Change ownership of JBoss installation\n file:\n path: /usr/share/jboss-as/\n owner: jboss\n group: jboss\n state: directory\n recurse: yes\n\n- name: Copy the init script\n copy:\n src: jboss-as-standalone.sh\n dest: /etc/init.d/jboss\n mode: 0755\n\n- name: Workaround for systemd bug\n shell: service jboss start && chkconfig jboss on\n ignore_errors: yes\n\n- name: Enable JBoss to be started at boot\n service:\n name: jboss\n enabled: yes\n state: started\n\n- name: deploy iptables rules\n template:\n src: iptables-save\n dest: /etc/sysconfig/iptables\n when: ansible_distribution_major_version != \"7\"\n notify: restart iptables\n\n- name: Ensure that firewalld is installed\n yum:\n name: firewalld\n state: present\n when: ansible_distribution_major_version == \"7\"\n\n- name: Ensure that firewalld is started\n service:\n name: firewalld\n state: started\n when: ansible_distribution_major_version == \"7\"\n\n- name: deploy firewalld rules\n firewalld:\n immediate: yes\n port: \"{{ item }}\"\n state: enabled\n permanent: yes\n when: ansible_distribution_major_version == \"7\"\n with_items:\n - \"{{ http_port }}/tcp\"\n - \"{{ https_port }}/tcp\"\n\n" }, { "path": "jboss-standalone/roles/jboss-standalone/templates/iptables-save", "content": "# {{ ansible_managed }}\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [4:512]\n-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ http_port }} -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ https_port }} -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n" }, { "path": "jboss-standalone/roles/jboss-standalone/templates/standalone.xml", "content": "\r\n\r\n\r\n\r\n\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n jdbc:h2:mem:test;DB_CLOSE_DELAY=-1\r\n h2\r\n \r\n sa\r\n sa\r\n \r\n \r\n \r\n \r\n org.h2.jdbcx.JdbcDataSource\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n true\r\n ${jboss.bind.address:127.0.0.1}\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n" }, { "path": "jboss-standalone/site.yml", "content": "---\n# This playbook deploys a simple standalone JBoss server.\n\n- hosts: all\n\n roles:\n - jboss-standalone\n" }, { "path": "lamp_haproxy/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "lamp_haproxy/README.md", "content": "LAMP Stack + HAProxy: Example Playbooks\n-----------------------------------------------------------------------------\n\n- Requires Ansible 1.2\n- Expects CentOS/RHEL 6 hosts\n\nThis example is an extension of the simple LAMP deployment. Here we'll install\nand configure a web server with an HAProxy load balancer in front, and deploy\nan application to the web servers. This set of playbooks also have the\ncapability to dynamically add and remove web server nodes from the deployment.\nIt also includes examples to do a rolling update of a stack without affecting\nthe service.\n\n(To use this demonstration with Amazon Web Services, please use the `aws` sub-directory.)\n\nYou can also optionally configure a Nagios monitoring node.\n\n### Initial Site Setup\n\nFirst we configure the entire stack by listing our hosts in the 'hosts'\ninventory file, grouped by their purpose:\n\n\t\t[webservers]\n\t\twebserver1\n\t\twebserver2\n\t\t\n\t\t[dbservers]\n\t\tdbserver\n\t\t\n\t\t[lbservers]\n\t\tlbserver\n\t\t\n\t\t[monitoring]\n\t\tnagios\n\nAfter which we execute the following command to deploy the site:\n\n\t\tansible-playbook -i hosts site.yml\n\nThe deployment can be verified by accessing the IP address of your load\nbalancer host in a web browser: http://:8888. Reloading the page\nshould have you hit different webservers.\n\nThe Nagios web interface can be reached at http:///nagios/\n\nThe default username and password are `nagiosadmin` / `nagiosadmin`.\n\n### Removing and Adding a Node\n\nRemoval and addition of nodes to the cluster is as simple as editing the\nhosts inventory and re-running:\n\n ansible-playbook -i hosts site.yml\n\n### Rolling Update\n\nRolling updates are the preferred way to update the web server software or\ndeployed application, since the load balancer can be dynamically configured\nto take the hosts to be updated out of the pool. This will keep the service\nrunning on other servers so that the users are not interrupted.\n\nIn this example the hosts are updated in serial fashion, which means that\nonly one server will be updated at one time. If you have a lot of web server\nhosts, this behaviour can be changed by setting the `serial` keyword in\n`webservers.yml` file.\n\nOnce the code has been updated in the source repository for your application\nwhich can be defined in the group_vars/all file, execute the following\ncommand:\n\n\t ansible-playbook -i hosts rolling_update.yml\n\nYou can optionally pass: `-e webapp_version=xxx` to the `rolling_update`\nplaybook to specify a specific version of the example webapp to deploy.\n" }, { "path": "lamp_haproxy/aws/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "lamp_haproxy/aws/README.md", "content": "LAMP Stack + HAProxy: Example Playbooks for Amazon Web Services\n-----------------------------------------------------------------------------\n\n- Requires Ansible 1.2\n- Expects CentOS/RHEL 6 hosts\n\nThis example is an extension of the simple LAMP deployment. Here we'll install\nand configure a web server with an HAProxy load balancer in front, and deploy\nan application to the web servers. This set of playbooks also have the\ncapability to dynamically add and remove web server nodes from the deployment.\nIt also includes examples to do a rolling update of a stack without affecting\nthe service.\n\nYou can also optionally configure a Nagios monitoring node.\n\n### Initial Site Setup\n\nFirst, we provision the hosts necessary for this demonstration using the included playbook, \"demo-aws-launch.yml\". This will provision the following instances, with the group structure specified below. The hosts are tagged via AWS EC2 tagging and the Ansible inventory sync script (or Tower) will create the appropriate groups from these tags.\n\n\t\t[tag_ansible_group_webservers]\n\t\twebserver1\n\t\twebserver2\n\t\t\n\t\t[tag_ansible_group_dbservers]\n\t\tdbserver\n\t\t\n\t\t[tag_ansible_group_lbservers]\n\t\tlbserver\n\t\t\n\t\t[tag_ansible_group_monitoring]\n\t\tnagios\n\nAfter which we execute the following command to deploy the site:\n\n\t\tansible-playbook -i ec2.py site.yml\n\nThe deployment can be verified by accessing the IP address of your load\nbalancer host in a web browser: http://:8888. Reloading the page\nshould have you hit different webservers.\n\nThe Nagios web interface can be reached at http:///nagios/\n\nThe default username and password are \"nagiosadmin\" / \"nagiosadmin\".\n\n### Removing and Adding a Node\n\nRemoval and addition of nodes to the cluster is as simple as creating new instances, syncing the\nAnsible inventory and re-running:\n\n ansible-playbook -i ec2.py site.yml\n\n### Rolling Update\n\nRolling updates are the preferred way to update the web server software or\ndeployed application, since the load balancer can be dynamically configured\nto take the hosts to be updated out of the pool. This will keep the service\nrunning on other servers so that the users are not interrupted.\n\nIn this example the hosts are updated in serial fashion, which means that\nonly one server will be updated at one time. If you have a lot of web server\nhosts, this behaviour can be changed by setting the 'serial' keyword in\nwebservers.yml file.\n\nOnce the code has been updated in the source repository for your application\nwhich can be defined in the group_vars/all file, execute the following\ncommand:\n\n\t ansible-playbook -i ec2.py rolling_update.yml\n\nYou can optionally pass: -e webapp_version=xxx to the rolling_update\nplaybook to specify a specific version of the example webapp to deploy.\n" }, { "path": "lamp_haproxy/aws/demo-aws-launch.yml", "content": "---\n# Provision instances in AWS specific to the LAMP HA Proxy demo\n- name: Provision instances in AWS\n hosts: localhost\n connection: local\n gather_facts: False\n\n # load AWS variables from this group vars file\n vars_files:\n - group_vars/all\n\n tasks:\n - name: Launch webserver instances\n ec2:\n access_key: \"{{ ec2_access_key }}\"\n secret_key: \"{{ ec2_secret_key }}\"\n keypair: \"{{ ec2_keypair }}\"\n group: \"{{ ec2_security_group }}\"\n type: \"{{ ec2_instance_type }}\"\n image: \"{{ ec2_image }}\"\n region: \"{{ ec2_region }}\"\n instance_tags: \"{'ansible_group':'webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count: \"{{ ec2_instance_count }}\"\n wait: true\n register: ec2\n\n - name: Launch database instance\n ec2:\n access_key: \"{{ ec2_access_key }}\"\n secret_key: \"{{ ec2_secret_key }}\"\n keypair: \"{{ ec2_keypair }}\"\n group: \"{{ ec2_security_group }}\"\n type: \"{{ ec2_instance_type }}\"\n image: \"{{ ec2_image }}\"\n region: \"{{ ec2_region }}\"\n instance_tags: \"{'ansible_group':'dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count: \"1\"\n wait: true\n register: ec2\n\n - name: Launch load balancing instance\n ec2:\n access_key: \"{{ ec2_access_key }}\"\n secret_key: \"{{ ec2_secret_key }}\"\n keypair: \"{{ ec2_keypair }}\"\n group: \"{{ ec2_security_group }}\"\n type: \"{{ ec2_instance_type }}\"\n image: \"{{ ec2_image }}\"\n region: \"{{ ec2_region }}\"\n instance_tags: \"{'ansible_group':'lbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count: \"1\"\n wait: true\n register: ec2\n\n - name: Launch monitoring instance\n ec2:\n access_key: \"{{ ec2_access_key }}\"\n secret_key: \"{{ ec2_secret_key }}\"\n keypair: \"{{ ec2_keypair }}\"\n group: \"{{ ec2_security_group }}\"\n type: \"{{ ec2_instance_type }}\"\n image: \"{{ ec2_image }}\"\n region: \"{{ ec2_region }}\"\n instance_tags: \"{'ansible_group':'monitoring', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count: \"1\"\n wait: true\n register: ec2\n\n - name: Wait for SSH to come up\n wait_for:\n host: \"{{ item.public_dns_name }}\"\n port: 22\n delay: 60\n timeout: 320\n state: started\n with_items: \"{{ ec2.instances }}\"\n" }, { "path": "lamp_haproxy/aws/group_vars/all", "content": "---\n# Variables here are applicable to all host groups\n\nhttpd_port: 80\nntpserver: 192.168.1.2\n\n# AWS specific variables\nec2_access_key:\nec2_secret_key:\nec2_region: us-east-1\nec2_zone:\nec2_image: ami-bc8131d4\nec2_instance_type: m1.small\nec2_keypair: djohnson\nec2_security_group: default\nec2_instance_count: 3\nec2_tag: demo\nec2_tag_name_prefix: dj\nec2_hosts: all\nwait_for_port: 22\n\n# This user name will be set by Tower, when run through Tower\ntower_user_name: admin\n" }, { "path": "lamp_haproxy/aws/group_vars/tag_ansible_group_dbservers", "content": "---\n# The variables file used by the playbooks in the dbservers group.\n# These don't have to be explicitly imported by vars_files: they are autopopulated.\n\nmysqlservice: mysqld\nmysql_port: 3306\ndbuser: root\ndbname: foodb\nupassword: abc\n" }, { "path": "lamp_haproxy/aws/group_vars/tag_ansible_group_lbservers", "content": "---\n# Variables for the HAproxy configuration\n\n# HAProxy supports \"http\" and \"tcp\". For SSL, SMTP, etc, use \"tcp\".\nmode: http\n\n# Port on which HAProxy should listen\nlistenport: 8888\n\n# A name for the proxy daemon, this wil be the suffix in the logs.\ndaemonname: myapplb\n\n# Balancing Algorithm. Available options:\n# roundrobin, source, leastconn, source, uri\n# (if persistance is required use, \"source\")\nbalance: roundrobin \n\n# Ethernet interface on which the load balancer should listen\n# Defaults to the first interface. Change this to:\n#\n# iface: eth1\n#\n# ...to override.\n#\niface: '{{ ansible_default_ipv4.interface }}'\n" }, { "path": "lamp_haproxy/aws/group_vars/tag_ansible_group_webservers", "content": "---\n# Variables for the web server configuration\n\n# Ethernet interface on which the web server should listen.\n# Defaults to the first interface. Change this to:\n#\n# iface: eth1\n#\n# ...to override.\n#\niface: '{{ ansible_default_ipv4.interface }}'\n\n# this is the repository that holds our sample webapp\nrepository: https://github.com/bennojoy/mywebapp.git\n\n# this is the sha1sum of V5 of the test webapp.\nwebapp_version: 351e47276cc66b018f4890a04709d4cc3d3edb0d\n" }, { "path": "lamp_haproxy/aws/roles/base-apache/tasks/main.yml", "content": "---\n# This role installs httpd\n\n- name: Install http\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - httpd\n - php\n - php-mysql\n - git\n\n- name: Configure SELinux to allow httpd to connect to remote database\n seboolean:\n name: httpd_can_network_connect_db\n state: true\n persistent: yes\n when: sestatus.rc != 0\n\n- name: http service state\n service:\n name: httpd\n state: started\n enabled: yes\n" }, { "path": "lamp_haproxy/aws/roles/common/files/RPM-GPG-KEY-EPEL-6", "content": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\nmQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1\nJXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B\nM9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn\nXtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6\npQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV\nQqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp\nXo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq\n3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu\nvBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar\n1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g\nYgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB\ntCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS\nKUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9\nqO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT\n9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP\nQ4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS\nWtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft\nHpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF\np0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP\nx1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8\nwB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J\nl/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG\niVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR\nXtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==\n=V/6I\n-----END PGP PUBLIC KEY BLOCK-----\n" }, { "path": "lamp_haproxy/aws/roles/common/files/epel.repo", "content": "[epel]\nname=Extra Packages for Enterprise Linux 6 - $basearch\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch\nfailovermethod=priority\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\n\n[epel-debuginfo]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Debug\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n\n[epel-source]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Source\n#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n" }, { "path": "lamp_haproxy/aws/roles/common/handlers/main.yml", "content": "---\n# Handlers for common notifications\n\n- name: restart ntp\n service: name=ntpd state=restarted\n\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "lamp_haproxy/aws/roles/common/tasks/main.yml", "content": "---\n# This role contains common plays that will run on all nodes.\n\n- name: Install python bindings for SE Linux\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - libselinux-python\n - libsemanage-python\n\n- name: Create the repository for EPEL\n copy:\n src: epel.repo\n dest: /etc/yum.repos.d/epel.repo\n\n- name: Create the GPG key for EPEL\n copy:\n src: RPM-GPG-KEY-EPEL-6\n dest: /etc/pki/rpm-gpg\n\n- name: install some useful nagios plugins\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - nagios-nrpe\n - nagios-plugins-swap\n - nagios-plugins-users\n - nagios-plugins-procs\n - nagios-plugins-load\n - nagios-plugins-disk\n\n- name: Install ntp\n yum:\n name: ntp\n state: present\n tags: ntp\n\n- name: Configure ntp file\n template:\n src: ntp.conf.j2\n dest: /etc/ntp.conf\n tags: ntp\n notify: restart ntp\n\n- name: Start the ntp service\n service:\n name: ntpd\n state: started\n enabled: yes\n tags: ntp\n\n# work around RHEL 7, for now\n- name: insert iptables template\n template:\n src: iptables.j2\n dest: /etc/sysconfig/iptables\n when: ansible_distribution_major_version != '7'\n notify: restart iptables\n\n- name: test to see if selinux is running\n command: getenforce\n register: sestatus\n changed_when: false\n" }, { "path": "lamp_haproxy/aws/roles/common/templates/iptables.j2", "content": "# {{ ansible_managed }}\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n\n{% if (inventory_hostname in groups.tag_ansible_group_webservers) or (inventory_hostname in groups.tag_ansible_group_monitoring) %}\n-A INPUT -p tcp --dport 80 -j ACCEPT\n{% endif %}\n\n{% if (inventory_hostname in groups.tag_ansible_group_dbservers) %}\n-A INPUT -p tcp --dport 3306 -j ACCEPT\n{% endif %}\n\n{% if (inventory_hostname in groups.tag_ansible_group_lbservers) %}\n-A INPUT -p tcp --dport {{ listenport }} -j ACCEPT\n{% endif %}\n\n{% for host in groups.tag_ansible_group_monitoring %}\n-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT\n{% endfor %}\n\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n" }, { "path": "lamp_haproxy/aws/roles/common/templates/ntp.conf.j2", "content": "\ndriftfile /var/lib/ntp/drift\n\nrestrict 127.0.0.1 \nrestrict -6 ::1\n\nserver {{ ntpserver }}\n\nincludefile /etc/ntp/crypto/pw\n\nkeys /etc/ntp/keys\n\n" }, { "path": "lamp_haproxy/aws/roles/db/handlers/main.yml", "content": "---\n# Handler to handle DB tier notifications\n\n- name: restart mysql\n service: name=mysqld state=restarted\n\n" }, { "path": "lamp_haproxy/aws/roles/db/tasks/main.yml", "content": "---\n# This role will install MySQL and create db user and give permissions.\n\n- name: Install Mysql package\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - mysql-server\n - MySQL-python\n\n- name: Configure SELinux to start mysql on any port\n seboolean:\n name: mysql_connect_any\n state: true\n persistent: yes\n when: sestatus.rc != 0\n\n- name: Create Mysql configuration file\n template:\n src: my.cnf.j2\n dest: /etc/my.cnf\n notify:\n - restart mysql\n\n- name: Start Mysql Service\n service:\n name: mysqld\n state: started\n enabled: yes\n\n- name: Create Application Database\n mysql_db:\n name: \"{{ dbname }}\"\n state: present\n\n- name: Create Application DB User\n mysql_user:\n name: \"{{ dbuser }}\"\n password: \"{{ upassword }}\"\n priv: \"*.*:ALL\"\n host: '%'\n state: present\n" }, { "path": "lamp_haproxy/aws/roles/db/templates/my.cnf.j2", "content": "[mysqld]\ndatadir=/var/lib/mysql\nsocket=/var/lib/mysql/mysql.sock\nuser=mysql\n# Disabling symbolic-links is recommended to prevent assorted security risks\nsymbolic-links=0\nport={{ mysql_port }}\n\n[mysqld_safe]\nlog-error=/var/log/mysqld.log\npid-file=/var/run/mysqld/mysqld.pid\n" }, { "path": "lamp_haproxy/aws/roles/haproxy/handlers/main.yml", "content": "---\n# Handlers for HAproxy\n\n- name: restart haproxy\n service: name=haproxy state=restarted\n\n- name: reload haproxy\n service: name=haproxy state=reloaded\n\n" }, { "path": "lamp_haproxy/aws/roles/haproxy/tasks/main.yml", "content": "---\n# This role installs HAProxy and configures it.\n\n- name: Download and install haproxy\n yum:\n name: haproxy\n state: present\n\n- name: Configure the haproxy cnf file with hosts\n template:\n src: haproxy.cfg.j2\n dest: /etc/haproxy/haproxy.cfg\n notify: restart haproxy\n\n- name: Start the haproxy service\n service:\n name: haproxy\n state: started\n enabled: yes\n" }, { "path": "lamp_haproxy/aws/roles/haproxy/templates/haproxy.cfg.j2", "content": "global\n log 127.0.0.1 local2 \n\n chroot /var/lib/haproxy\n pidfile /var/run/haproxy.pid\n maxconn 4000\n user root\n group root\n daemon\n\n # turn on stats unix socket\n stats socket /var/lib/haproxy/stats level admin\n\ndefaults\n mode {{ mode }}\n log global\n option httplog\n option dontlognull\n option http-server-close\n option forwardfor except 127.0.0.0/8\n option redispatch\n retries 3\n timeout http-request 10s\n timeout queue 1m\n timeout connect 10s\n timeout client 1m\n timeout server 1m\n timeout http-keep-alive 10s\n timeout check 10s\n maxconn 3000\n\nbackend app\n {% for host in groups.tag_ansible_group_lbservers %}\n \tlisten {{ daemonname }} 0.0.0.0:{{ listenport }}\n {% endfor %}\n balance {{ balance }}\n {% for host in groups.tag_ansible_group_webservers %}\n server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }}\n {% endfor %}\n" }, { "path": "lamp_haproxy/aws/roles/nagios/files/ansible-managed-services.cfg", "content": "# {{ ansible_managed }}\n\n# service checks to be applied to all hosts\n\ndefine service {\n use local-service\n host_name localhost\n service_description Root Partition\n check_command check_local_disk!20%!10%!/\n}\n\ndefine service {\n use local-service\n host_name * \n service_description Current Users\n check_command check_local_users!20!50\n}\n\n\ndefine service {\n use local-service\n host_name * \n service_description Total Processes\n check_command check_local_procs!250!400!RSZDT\n}\n\ndefine service {\n use local-service\n host_name \t\t \t*\t\n service_description Current Load\n check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0\n}\n\ndefine service {\n use local-service\n host_name * \n service_description Swap Usage\n check_command check_local_swap!20!10\n}\n" }, { "path": "lamp_haproxy/aws/roles/nagios/files/localhost.cfg", "content": "###############################################################################\n# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE\n#\n# Last Modified: 05-31-2007\n#\n# NOTE: This config file is intended to serve as an *extremely* simple \n# example of how you can create configuration entries to monitor\n# the local (Linux) machine.\n#\n###############################################################################\n\n\n\n\n###############################################################################\n###############################################################################\n#\n# HOST DEFINITION\n#\n###############################################################################\n###############################################################################\n\n# Define a host for the local machine\n\ndefine host{\n use linux-server ; Name of host template to use\n\t\t\t\t\t\t\t; This host definition will inherit all variables that are defined\n\t\t\t\t\t\t\t; in (or inherited by) the linux-server host template definition.\n host_name localhost\n alias localhost\n address 127.0.0.1\n }\n\n\n\n###############################################################################\n###############################################################################\n#\n# HOST GROUP DEFINITION\n#\n###############################################################################\n###############################################################################\n\n# Define an optional hostgroup for Linux machines\n\ndefine hostgroup{\n hostgroup_name linux-servers ; The name of the hostgroup\n alias Linux Servers ; Long name of the group\n members localhost ; Comma separated list of hosts that belong to this group\n }\n\n\n\n###############################################################################\n###############################################################################\n#\n# SERVICE DEFINITIONS\n#\n###############################################################################\n###############################################################################\n\n\n# Define a service to \"ping\" the local machine\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description PING\n\tcheck_command\t\t\tcheck_ping!100.0,20%!500.0,60%\n }\n\n\n# Define a service to check the disk space of the root partition\n# on the local machine. Warning if < 20% free, critical if\n# < 10% free space on partition.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Root Partition\n\tcheck_command\t\t\tcheck_local_disk!20%!10%!/\n }\n\n\n\n# Define a service to check the number of currently logged in\n# users on the local machine. Warning if > 20 users, critical\n# if > 50 users.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Current Users\n\tcheck_command\t\t\tcheck_local_users!20!50\n }\n\n\n# Define a service to check the number of currently running procs\n# on the local machine. Warning if > 250 processes, critical if\n# > 400 users.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Total Processes\n\tcheck_command\t\t\tcheck_local_procs!250!400!RSZDT\n }\n\n\n\n# Define a service to check the load on the local machine. \n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Current Load\n\tcheck_command\t\t\tcheck_local_load!5.0,4.0,3.0!10.0,6.0,4.0\n }\n\n\n\n# Define a service to check the swap usage the local machine. \n# Critical if less than 10% of swap is free, warning if less than 20% is free\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Swap Usage\n\tcheck_command\t\t\tcheck_local_swap!20!10\n }\n\n\n\n# Define a service to check SSH on the local machine.\n# Disable notifications for this service by default, as not all users may have SSH enabled.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description SSH\n\tcheck_command\t\t\tcheck_ssh\n\tnotifications_enabled\t\t0\n }\n\n" }, { "path": "lamp_haproxy/aws/roles/nagios/files/nagios.cfg", "content": "##############################################################################\n#\n# NAGIOS.CFG - Sample Main Config File for Nagios 3.4.4\n#\n# Read the documentation for more information on this configuration\n# file. I've provided some comments here, but things may not be so\n# clear without further explanation.\n#\n# Last Modified: 12-14-2008\n#\n##############################################################################\n\n\n# LOG FILE\n# This is the main log file where service and host events are logged\n# for historical purposes. This should be the first option specified \n# in the config file!!!\n\nlog_file=/var/log/nagios/nagios.log\n\n\n\n# OBJECT CONFIGURATION FILE(S)\n# These are the object configuration files in which you define hosts,\n# host groups, contacts, contact groups, services, etc.\n# You can split your object definitions across several config files\n# if you wish (as shown below), or keep them all in a single config file.\n\n# You can specify individual object config files as shown below:\ncfg_file=/etc/nagios/objects/commands.cfg\ncfg_file=/etc/nagios/objects/contacts.cfg\ncfg_file=/etc/nagios/objects/timeperiods.cfg\ncfg_file=/etc/nagios/objects/templates.cfg\n\n# Definitions for monitoring the local (Linux) host\ncfg_file=/etc/nagios/objects/localhost.cfg\n\ncfg_file=/etc/nagios/ansible-managed-services.cfg\ncfg_dir=/etc/nagios/ansible-managed\n\n\n# OBJECT CACHE FILE\n# This option determines where object definitions are cached when\n# Nagios starts/restarts. The CGIs read object definitions from \n# this cache file (rather than looking at the object config files\n# directly) in order to prevent inconsistencies that can occur\n# when the config files are modified after Nagios starts.\n\nobject_cache_file=/var/log/nagios/objects.cache\n\n\n\n# PRE-CACHED OBJECT FILE\n# This options determines the location of the precached object file.\n# If you run Nagios with the -p command line option, it will preprocess\n# your object configuration file(s) and write the cached config to this\n# file. You can then start Nagios with the -u option to have it read\n# object definitions from this precached file, rather than the standard\n# object configuration files (see the cfg_file and cfg_dir options above).\n# Using a precached object file can speed up the time needed to (re)start \n# the Nagios process if you've got a large and/or complex configuration.\n# Read the documentation section on optimizing Nagios to find our more\n# about how this feature works.\n\nprecached_object_file=/var/log/nagios/objects.precache\n\n\n\n# RESOURCE FILE\n# This is an optional resource file that contains $USERx$ macro\n# definitions. Multiple resource files can be specified by using\n# multiple resource_file definitions. The CGIs will not attempt to\n# read the contents of resource files, so information that is\n# considered to be sensitive (usernames, passwords, etc) can be\n# defined as macros in this file and restrictive permissions (600)\n# can be placed on this file.\n\nresource_file=/etc/nagios/private/resource.cfg\n\n\n\n# STATUS FILE\n# This is where the current status of all monitored services and\n# hosts is stored. Its contents are read and processed by the CGIs.\n# The contents of the status file are deleted every time Nagios\n# restarts.\n\nstatus_file=/var/log/nagios/status.dat\n\n\n\n# STATUS FILE UPDATE INTERVAL\n# This option determines the frequency (in seconds) that\n# Nagios will periodically dump program, host, and \n# service status data.\n\nstatus_update_interval=10\n\n\n\n# NAGIOS USER\n# This determines the effective user that Nagios should run as. \n# You can either supply a username or a UID.\n\nnagios_user=nagios\n\n\n\n# NAGIOS GROUP\n# This determines the effective group that Nagios should run as. \n# You can either supply a group name or a GID.\n\nnagios_group=nagios\n\n\n\n# EXTERNAL COMMAND OPTION\n# This option allows you to specify whether or not Nagios should check\n# for external commands (in the command file defined below). By default\n# Nagios will *not* check for external commands, just to be on the\n# cautious side. If you want to be able to use the CGI command interface\n# you will have to enable this.\n# Values: 0 = disable commands, 1 = enable commands\n\ncheck_external_commands=1\n\n\n\n# EXTERNAL COMMAND CHECK INTERVAL\n# This is the interval at which Nagios should check for external commands.\n# This value works of the interval_length you specify later. If you leave\n# that at its default value of 60 (seconds), a value of 1 here will cause\n# Nagios to check for external commands every minute. If you specify a\n# number followed by an \"s\" (i.e. 15s), this will be interpreted to mean\n# actual seconds rather than a multiple of the interval_length variable.\n# Note: In addition to reading the external command file at regularly \n# scheduled intervals, Nagios will also check for external commands after\n# event handlers are executed.\n# NOTE: Setting this value to -1 causes Nagios to check the external\n# command file as often as possible.\n\n#command_check_interval=15s\ncommand_check_interval=-1\n\n\n\n# EXTERNAL COMMAND FILE\n# This is the file that Nagios checks for external command requests.\n# It is also where the command CGI will write commands that are submitted\n# by users, so it must be writeable by the user that the web server\n# is running as (usually 'nobody'). Permissions should be set at the \n# directory level instead of on the file, as the file is deleted every\n# time its contents are processed.\n\ncommand_file=/var/spool/nagios/cmd/nagios.cmd\n\n\n\n# EXTERNAL COMMAND BUFFER SLOTS\n# This settings is used to tweak the number of items or \"slots\" that\n# the Nagios daemon should allocate to the buffer that holds incoming \n# external commands before they are processed. As external commands \n# are processed by the daemon, they are removed from the buffer. \n\nexternal_command_buffer_slots=4096\n\n\n\n# LOCK FILE\n# This is the lockfile that Nagios will use to store its PID number\n# in when it is running in daemon mode.\n\nlock_file=/var/run/nagios.pid\n\n\n\n# TEMP FILE\n# This is a temporary file that is used as scratch space when Nagios\n# updates the status log, cleans the comment file, etc. This file\n# is created, used, and deleted throughout the time that Nagios is\n# running.\n\ntemp_file=/var/log/nagios/nagios.tmp\n\n\n\n# TEMP PATH\n# This is path where Nagios can create temp files for service and\n# host check results, etc.\n\ntemp_path=/tmp\n\n\n\n# EVENT BROKER OPTIONS\n# Controls what (if any) data gets sent to the event broker.\n# Values: 0 = Broker nothing\n# -1 = Broker everything\n# = See documentation\n\nevent_broker_options=-1\n\n\n\n# EVENT BROKER MODULE(S)\n# This directive is used to specify an event broker module that should\n# by loaded by Nagios at startup. Use multiple directives if you want\n# to load more than one module. Arguments that should be passed to\n# the module at startup are seperated from the module path by a space.\n#\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n#\n# Do NOT overwrite modules while they are being used by Nagios or Nagios\n# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation\n# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios...\n#\n# The correct/safe way of updating a module is by using one of these methods:\n# 1. Shutdown Nagios, replace the module file, restart Nagios\n# 2. Delete the original module file, move the new module file into place, restart Nagios\n#\n# Example:\n#\n# broker_module= [moduleargs]\n\n#broker_module=/somewhere/module1.o\n#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0\n\n\n\n# LOG ROTATION METHOD\n# This is the log rotation method that Nagios should use to rotate\n# the main log file. Values are as follows..\n#\tn\t= None - don't rotate the log\n#\th\t= Hourly rotation (top of the hour)\n#\td\t= Daily rotation (midnight every day)\n#\tw\t= Weekly rotation (midnight on Saturday evening)\n#\tm\t= Monthly rotation (midnight last day of month)\n\nlog_rotation_method=d\n\n\n\n# LOG ARCHIVE PATH\n# This is the directory where archived (rotated) log files should be \n# placed (assuming you've chosen to do log rotation).\n\nlog_archive_path=/var/log/nagios/archives\n\n\n\n# LOGGING OPTIONS\n# If you want messages logged to the syslog facility, as well as the\n# Nagios log file set this option to 1. If not, set it to 0.\n\nuse_syslog=1\n\n\n\n# NOTIFICATION LOGGING OPTION\n# If you don't want notifications to be logged, set this value to 0.\n# If notifications should be logged, set the value to 1.\n\nlog_notifications=1\n\n\n\n# SERVICE RETRY LOGGING OPTION\n# If you don't want service check retries to be logged, set this value\n# to 0. If retries should be logged, set the value to 1.\n\nlog_service_retries=1\n\n\n\n# HOST RETRY LOGGING OPTION\n# If you don't want host check retries to be logged, set this value to\n# 0. If retries should be logged, set the value to 1.\n\nlog_host_retries=1\n\n\n\n# EVENT HANDLER LOGGING OPTION\n# If you don't want host and service event handlers to be logged, set\n# this value to 0. If event handlers should be logged, set the value\n# to 1.\n\nlog_event_handlers=1\n\n\n\n# INITIAL STATES LOGGING OPTION\n# If you want Nagios to log all initial host and service states to\n# the main log file (the first time the service or host is checked)\n# you can enable this option by setting this value to 1. If you\n# are not using an external application that does long term state\n# statistics reporting, you do not need to enable this option. In\n# this case, set the value to 0.\n\nlog_initial_states=0\n\n\n\n# EXTERNAL COMMANDS LOGGING OPTION\n# If you don't want Nagios to log external commands, set this value\n# to 0. If external commands should be logged, set this value to 1.\n# Note: This option does not include logging of passive service\n# checks - see the option below for controlling whether or not\n# passive checks are logged.\n\nlog_external_commands=1\n\n\n\n# PASSIVE CHECKS LOGGING OPTION\n# If you don't want Nagios to log passive host and service checks, set\n# this value to 0. If passive checks should be logged, set\n# this value to 1.\n\nlog_passive_checks=1\n\n\n\n# GLOBAL HOST AND SERVICE EVENT HANDLERS\n# These options allow you to specify a host and service event handler\n# command that is to be run for every host or service state change.\n# The global event handler is executed immediately prior to the event\n# handler that you have optionally specified in each host or\n# service definition. The command argument is the short name of a\n# command definition that you define in your host configuration file.\n# Read the HTML docs for more information.\n\n#global_host_event_handler=somecommand\n#global_service_event_handler=somecommand\n\n\n\n# SERVICE INTER-CHECK DELAY METHOD\n# This is the method that Nagios should use when initially\n# \"spreading out\" service checks when it starts monitoring. The\n# default is to use smart delay calculation, which will try to\n# space all service checks out evenly to minimize CPU load.\n# Using the dumb setting will cause all checks to be scheduled\n# at the same time (with no delay between them)! This is not a\n# good thing for production, but is useful when testing the\n# parallelization functionality.\n#\tn\t= None - don't use any delay between checks\n#\td\t= Use a \"dumb\" delay of 1 second between checks\n#\ts\t= Use \"smart\" inter-check delay calculation\n# x.xx = Use an inter-check delay of x.xx seconds\n\nservice_inter_check_delay_method=s\n\n\n\n# MAXIMUM SERVICE CHECK SPREAD\n# This variable determines the timeframe (in minutes) from the\n# program start time that an initial check of all services should\n# be completed. Default is 30 minutes.\n\nmax_service_check_spread=30\n\n\n\n# SERVICE CHECK INTERLEAVE FACTOR\n# This variable determines how service checks are interleaved.\n# Interleaving the service checks allows for a more even\n# distribution of service checks and reduced load on remote\n# hosts. Setting this value to 1 is equivalent to how versions\n# of Nagios previous to 0.0.5 did service checks. Set this\n# value to s (smart) for automatic calculation of the interleave\n# factor unless you have a specific reason to change it.\n# s = Use \"smart\" interleave factor calculation\n# x = Use an interleave factor of x, where x is a\n# number greater than or equal to 1.\n\nservice_interleave_factor=s\n\n\n\n# HOST INTER-CHECK DELAY METHOD\n# This is the method that Nagios should use when initially\n# \"spreading out\" host checks when it starts monitoring. The\n# default is to use smart delay calculation, which will try to\n# space all host checks out evenly to minimize CPU load.\n# Using the dumb setting will cause all checks to be scheduled\n# at the same time (with no delay between them)!\n#\tn\t= None - don't use any delay between checks\n#\td\t= Use a \"dumb\" delay of 1 second between checks\n#\ts\t= Use \"smart\" inter-check delay calculation\n# x.xx = Use an inter-check delay of x.xx seconds\n\nhost_inter_check_delay_method=s\n\n\n\n# MAXIMUM HOST CHECK SPREAD\n# This variable determines the timeframe (in minutes) from the\n# program start time that an initial check of all hosts should\n# be completed. Default is 30 minutes.\n\nmax_host_check_spread=30\n\n\n\n# MAXIMUM CONCURRENT SERVICE CHECKS\n# This option allows you to specify the maximum number of \n# service checks that can be run in parallel at any given time.\n# Specifying a value of 1 for this variable essentially prevents\n# any service checks from being parallelized. A value of 0\n# will not restrict the number of concurrent checks that are\n# being executed.\n\nmax_concurrent_checks=0\n\n\n\n# HOST AND SERVICE CHECK REAPER FREQUENCY\n# This is the frequency (in seconds!) that Nagios will process\n# the results of host and service checks.\n\ncheck_result_reaper_frequency=10\n\n\n\n\n# MAX CHECK RESULT REAPER TIME\n# This is the max amount of time (in seconds) that a single\n# check result reaper event will be allowed to run before \n# returning control back to Nagios so it can perform other\n# duties.\n\nmax_check_result_reaper_time=30\n\n\n\n\n# CHECK RESULT PATH\n# This is directory where Nagios stores the results of host and\n# service checks that have not yet been processed.\n#\n# Note: Make sure that only one instance of Nagios has access\n# to this directory! \n\ncheck_result_path=/var/log/nagios/spool/checkresults\n\n\n\n\n# MAX CHECK RESULT FILE AGE\n# This option determines the maximum age (in seconds) which check\n# result files are considered to be valid. Files older than this \n# threshold will be mercilessly deleted without further processing.\n\nmax_check_result_file_age=3600\n\n\n\n\n# CACHED HOST CHECK HORIZON\n# This option determines the maximum amount of time (in seconds)\n# that the state of a previous host check is considered current.\n# Cached host states (from host checks that were performed more\n# recently that the timeframe specified by this value) can immensely\n# improve performance in regards to the host check logic.\n# Too high of a value for this option may result in inaccurate host\n# states being used by Nagios, while a lower value may result in a\n# performance hit for host checks. Use a value of 0 to disable host\n# check caching.\n\ncached_host_check_horizon=15\n\n\n\n# CACHED SERVICE CHECK HORIZON\n# This option determines the maximum amount of time (in seconds)\n# that the state of a previous service check is considered current.\n# Cached service states (from service checks that were performed more\n# recently that the timeframe specified by this value) can immensely\n# improve performance in regards to predictive dependency checks.\n# Use a value of 0 to disable service check caching.\n\ncached_service_check_horizon=15\n\n\n\n# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS\n# This option determines whether or not Nagios will attempt to execute\n# checks of hosts when it predicts that future dependency logic test\n# may be needed. These predictive checks can help ensure that your\n# host dependency logic works well.\n# Values:\n# 0 = Disable predictive checks\n# 1 = Enable predictive checks (default)\n\nenable_predictive_host_dependency_checks=1\n\n\n\n# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS\n# This option determines whether or not Nagios will attempt to execute\n# checks of service when it predicts that future dependency logic test\n# may be needed. These predictive checks can help ensure that your\n# service dependency logic works well.\n# Values:\n# 0 = Disable predictive checks\n# 1 = Enable predictive checks (default)\n\nenable_predictive_service_dependency_checks=1\n\n\n\n# SOFT STATE DEPENDENCIES\n# This option determines whether or not Nagios will use soft state \n# information when checking host and service dependencies. Normally \n# Nagios will only use the latest hard host or service state when \n# checking dependencies. If you want it to use the latest state (regardless\n# of whether its a soft or hard state type), enable this option. \n# Values:\n# 0 = Don't use soft state dependencies (default) \n# 1 = Use soft state dependencies \n\nsoft_state_dependencies=0\n\n\n\n# TIME CHANGE ADJUSTMENT THRESHOLDS\n# These options determine when Nagios will react to detected changes\n# in system time (either forward or backwards).\n\n#time_change_threshold=900\n\n\n\n# AUTO-RESCHEDULING OPTION\n# This option determines whether or not Nagios will attempt to\n# automatically reschedule active host and service checks to\n# \"smooth\" them out over time. This can help balance the load on\n# the monitoring server. \n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_reschedule_checks=0\n\n\n\n# AUTO-RESCHEDULING INTERVAL\n# This option determines how often (in seconds) Nagios will\n# attempt to automatically reschedule checks. This option only\n# has an effect if the auto_reschedule_checks option is enabled.\n# Default is 30 seconds.\n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_rescheduling_interval=30\n\n\n\n# AUTO-RESCHEDULING WINDOW\n# This option determines the \"window\" of time (in seconds) that\n# Nagios will look at when automatically rescheduling checks.\n# Only host and service checks that occur in the next X seconds\n# (determined by this variable) will be rescheduled. This option\n# only has an effect if the auto_reschedule_checks option is\n# enabled. Default is 180 seconds (3 minutes).\n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_rescheduling_window=180\n\n\n\n# SLEEP TIME\n# This is the number of seconds to sleep between checking for system\n# events and service checks that need to be run.\n\nsleep_time=0.25\n\n\n\n# TIMEOUT VALUES\n# These options control how much time Nagios will allow various\n# types of commands to execute before killing them off. Options\n# are available for controlling maximum time allotted for\n# service checks, host checks, event handlers, notifications, the\n# ocsp command, and performance data commands. All values are in\n# seconds.\n\nservice_check_timeout=60\nhost_check_timeout=30\nevent_handler_timeout=30\nnotification_timeout=30\nocsp_timeout=5\nperfdata_timeout=5\n\n\n\n# RETAIN STATE INFORMATION\n# This setting determines whether or not Nagios will save state\n# information for services and hosts before it shuts down. Upon\n# startup Nagios will reload all saved service and host state\n# information before starting to monitor. This is useful for \n# maintaining long-term data on state statistics, etc, but will\n# slow Nagios down a bit when it (re)starts. Since its only\n# a one-time penalty, I think its well worth the additional\n# startup delay.\n\nretain_state_information=1\n\n\n\n# STATE RETENTION FILE\n# This is the file that Nagios should use to store host and\n# service state information before it shuts down. The state \n# information in this file is also read immediately prior to\n# starting to monitor the network when Nagios is restarted.\n# This file is used only if the retain_state_information\n# variable is set to 1.\n\nstate_retention_file=/var/log/nagios/retention.dat\n\n\n\n# RETENTION DATA UPDATE INTERVAL\n# This setting determines how often (in minutes) that Nagios\n# will automatically save retention data during normal operation.\n# If you set this value to 0, Nagios will not save retention\n# data at regular interval, but it will still save retention\n# data before shutting down or restarting. If you have disabled\n# state retention, this option has no effect.\n\nretention_update_interval=60\n\n\n\n# USE RETAINED PROGRAM STATE\n# This setting determines whether or not Nagios will set \n# program status variables based on the values saved in the\n# retention file. If you want to use retained program status\n# information, set this value to 1. If not, set this value\n# to 0.\n\nuse_retained_program_state=1\n\n\n\n# USE RETAINED SCHEDULING INFO\n# This setting determines whether or not Nagios will retain\n# the scheduling info (next check time) for hosts and services\n# based on the values saved in the retention file. If you\n# If you want to use retained scheduling info, set this\n# value to 1. If not, set this value to 0.\n\nuse_retained_scheduling_info=1\n\n\n\n# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE)\n# The following variables are used to specify specific host and\n# service attributes that should *not* be retained by Nagios during\n# program restarts.\n#\n# The values of the masks are bitwise ANDs of values specified\n# by the \"MODATTR_\" definitions found in include/common.h. \n# For example, if you do not want the current enabled/disabled state\n# of flap detection and event handlers for hosts to be retained, you\n# would use a value of 24 for the host attribute mask...\n# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24\n\n# This mask determines what host attributes are not retained\nretained_host_attribute_mask=0\n\n# This mask determines what service attributes are not retained\nretained_service_attribute_mask=0\n\n# These two masks determine what process attributes are not retained.\n# There are two masks, because some process attributes have host and service\n# options. For example, you can disable active host checks, but leave active\n# service checks enabled.\nretained_process_host_attribute_mask=0\nretained_process_service_attribute_mask=0\n\n# These two masks determine what contact attributes are not retained.\n# There are two masks, because some contact attributes have host and\n# service options. For example, you can disable host notifications for\n# a contact, but leave service notifications enabled for them.\nretained_contact_host_attribute_mask=0\nretained_contact_service_attribute_mask=0\n\n\n\n# INTERVAL LENGTH\n# This is the seconds per unit interval as used in the\n# host/contact/service configuration files. Setting this to 60 means\n# that each interval is one minute long (60 seconds). Other settings\n# have not been tested much, so your mileage is likely to vary...\n\ninterval_length=60\n\n\n\n# CHECK FOR UPDATES\n# This option determines whether Nagios will automatically check to\n# see if new updates (releases) are available. It is recommend that you\n# enable this option to ensure that you stay on top of the latest critical\n# patches to Nagios. Nagios is critical to you - make sure you keep it in\n# good shape. Nagios will check once a day for new updates. Data collected\n# by Nagios Enterprises from the update check is processed in accordance \n# with our privacy policy - see http://api.nagios.org for details.\n\ncheck_for_updates=1\n\n\n\n# BARE UPDATE CHECK\n# This option deterines what data Nagios will send to api.nagios.org when\n# it checks for updates. By default, Nagios will send information on the \n# current version of Nagios you have installed, as well as an indicator as\n# to whether this was a new installation or not. Nagios Enterprises uses\n# this data to determine the number of users running specific version of \n# Nagios. Enable this option if you do not want this information to be sent.\n\nbare_update_check=0\n\n\n\n# AGGRESSIVE HOST CHECKING OPTION\n# If you don't want to turn on aggressive host checking features, set\n# this value to 0 (the default). Otherwise set this value to 1 to\n# enable the aggressive check option. Read the docs for more info\n# on what aggressive host check is or check out the source code in\n# base/checks.c\n\nuse_aggressive_host_checking=0\n\n\n\n# SERVICE CHECK EXECUTION OPTION\n# This determines whether or not Nagios will actively execute\n# service checks when it initially starts. If this option is \n# disabled, checks are not actively made, but Nagios can still\n# receive and process passive check results that come in. Unless\n# you're implementing redundant hosts or have a special need for\n# disabling the execution of service checks, leave this enabled!\n# Values: 1 = enable checks, 0 = disable checks\n\nexecute_service_checks=1\n\n\n\n# PASSIVE SERVICE CHECK ACCEPTANCE OPTION\n# This determines whether or not Nagios will accept passive\n# service checks results when it initially (re)starts.\n# Values: 1 = accept passive checks, 0 = reject passive checks\n\naccept_passive_service_checks=1\n\n\n\n# HOST CHECK EXECUTION OPTION\n# This determines whether or not Nagios will actively execute\n# host checks when it initially starts. If this option is \n# disabled, checks are not actively made, but Nagios can still\n# receive and process passive check results that come in. Unless\n# you're implementing redundant hosts or have a special need for\n# disabling the execution of host checks, leave this enabled!\n# Values: 1 = enable checks, 0 = disable checks\n\nexecute_host_checks=1\n\n\n\n# PASSIVE HOST CHECK ACCEPTANCE OPTION\n# This determines whether or not Nagios will accept passive\n# host checks results when it initially (re)starts.\n# Values: 1 = accept passive checks, 0 = reject passive checks\n\naccept_passive_host_checks=1\n\n\n\n# NOTIFICATIONS OPTION\n# This determines whether or not Nagios will sent out any host or\n# service notifications when it is initially (re)started.\n# Values: 1 = enable notifications, 0 = disable notifications\n\nenable_notifications=1\n\n\n\n# EVENT HANDLER USE OPTION\n# This determines whether or not Nagios will run any host or\n# service event handlers when it is initially (re)started. Unless\n# you're implementing redundant hosts, leave this option enabled.\n# Values: 1 = enable event handlers, 0 = disable event handlers\n\nenable_event_handlers=1\n\n\n\n# PROCESS PERFORMANCE DATA OPTION\n# This determines whether or not Nagios will process performance\n# data returned from service and host checks. If this option is\n# enabled, host performance data will be processed using the\n# host_perfdata_command (defined below) and service performance\n# data will be processed using the service_perfdata_command (also\n# defined below). Read the HTML docs for more information on\n# performance data.\n# Values: 1 = process performance data, 0 = do not process performance data\n\nprocess_performance_data=0\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS\n# These commands are run after every host and service check is\n# performed. These commands are executed only if the\n# enable_performance_data option (above) is set to 1. The command\n# argument is the short name of a command definition that you \n# define in your host configuration file. Read the HTML docs for\n# more information on performance data.\n\n#host_perfdata_command=process-host-perfdata\n#service_perfdata_command=process-service-perfdata\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILES\n# These files are used to store host and service performance data.\n# Performance data is only written to these files if the\n# enable_performance_data option (above) is set to 1.\n\n#host_perfdata_file=/tmp/host-perfdata\n#service_perfdata_file=/tmp/service-perfdata\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES\n# These options determine what data is written (and how) to the\n# performance data files. The templates may contain macros, special\n# characters (\\t for tab, \\r for carriage return, \\n for newline)\n# and plain text. A newline is automatically added after each write\n# to the performance data file. Some examples of what you can do are\n# shown below.\n\n#host_perfdata_file_template=[HOSTPERFDATA]\\t$TIMET$\\t$HOSTNAME$\\t$HOSTEXECUTIONTIME$\\t$HOSTOUTPUT$\\t$HOSTPERFDATA$\n#service_perfdata_file_template=[SERVICEPERFDATA]\\t$TIMET$\\t$HOSTNAME$\\t$SERVICEDESC$\\t$SERVICEEXECUTIONTIME$\\t$SERVICELATENCY$\\t$SERVICEOUTPUT$\\t$SERVICEPERFDATA$\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE MODES\n# This option determines whether or not the host and service\n# performance data files are opened in write (\"w\") or append (\"a\")\n# mode. If you want to use named pipes, you should use the special\n# pipe (\"p\") mode which avoid blocking at startup, otherwise you will\n# likely want the defult append (\"a\") mode.\n\n#host_perfdata_file_mode=a\n#service_perfdata_file_mode=a\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL\n# These options determine how often (in seconds) the host and service\n# performance data files are processed using the commands defined\n# below. A value of 0 indicates the files should not be periodically\n# processed.\n\n#host_perfdata_file_processing_interval=0\n#service_perfdata_file_processing_interval=0\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS\n# These commands are used to periodically process the host and\n# service performance data files. The interval at which the\n# processing occurs is determined by the options above.\n\n#host_perfdata_file_processing_command=process-host-perfdata-file\n#service_perfdata_file_processing_command=process-service-perfdata-file\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA PROCESS EMPTY RESULTS\n# THese options determine wether the core will process empty perfdata\n# results or not. This is needed for distributed monitoring, and intentionally\n# turned on by default.\n# If you don't require empty perfdata - saving some cpu cycles\n# on unwanted macro calculation - you can turn that off. Be careful!\n# Values: 1 = enable, 0 = disable\n\n#host_perfdata_process_empty_results=1\n#service_perfdata_process_empty_results=1\n\n\n# OBSESS OVER SERVICE CHECKS OPTION\n# This determines whether or not Nagios will obsess over service\n# checks and run the ocsp_command defined below. Unless you're\n# planning on implementing distributed monitoring, do not enable\n# this option. Read the HTML docs for more information on\n# implementing distributed monitoring.\n# Values: 1 = obsess over services, 0 = do not obsess (default)\n\nobsess_over_services=0\n\n\n\n# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND\n# This is the command that is run for every service check that is\n# processed by Nagios. This command is executed only if the\n# obsess_over_services option (above) is set to 1. The command \n# argument is the short name of a command definition that you\n# define in your host configuration file. Read the HTML docs for\n# more information on implementing distributed monitoring.\n\n#ocsp_command=somecommand\n\n\n\n# OBSESS OVER HOST CHECKS OPTION\n# This determines whether or not Nagios will obsess over host\n# checks and run the ochp_command defined below. Unless you're\n# planning on implementing distributed monitoring, do not enable\n# this option. Read the HTML docs for more information on\n# implementing distributed monitoring.\n# Values: 1 = obsess over hosts, 0 = do not obsess (default)\n\nobsess_over_hosts=0\n\n\n\n# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND\n# This is the command that is run for every host check that is\n# processed by Nagios. This command is executed only if the\n# obsess_over_hosts option (above) is set to 1. The command \n# argument is the short name of a command definition that you\n# define in your host configuration file. Read the HTML docs for\n# more information on implementing distributed monitoring.\n\n#ochp_command=somecommand\n\n\n\n# TRANSLATE PASSIVE HOST CHECKS OPTION\n# This determines whether or not Nagios will translate\n# DOWN/UNREACHABLE passive host check results into their proper\n# state for this instance of Nagios. This option is useful\n# if you have distributed or failover monitoring setup. In\n# these cases your other Nagios servers probably have a different\n# \"view\" of the network, with regards to the parent/child relationship\n# of hosts. If a distributed monitoring server thinks a host\n# is DOWN, it may actually be UNREACHABLE from the point of\n# this Nagios instance. Enabling this option will tell Nagios\n# to translate any DOWN or UNREACHABLE host states it receives\n# passively into the correct state from the view of this server.\n# Values: 1 = perform translation, 0 = do not translate (default)\n\ntranslate_passive_host_checks=0\n\n\n\n# PASSIVE HOST CHECKS ARE SOFT OPTION\n# This determines whether or not Nagios will treat passive host\n# checks as being HARD or SOFT. By default, a passive host check\n# result will put a host into a HARD state type. This can be changed\n# by enabling this option.\n# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT\n\npassive_host_checks_are_soft=0\n\n\n\n# ORPHANED HOST/SERVICE CHECK OPTIONS\n# These options determine whether or not Nagios will periodically \n# check for orphaned host service checks. Since service checks are\n# not rescheduled until the results of their previous execution \n# instance are processed, there exists a possibility that some\n# checks may never get rescheduled. A similar situation exists for\n# host checks, although the exact scheduling details differ a bit\n# from service checks. Orphaned checks seem to be a rare\n# problem and should not happen under normal circumstances.\n# If you have problems with service checks never getting\n# rescheduled, make sure you have orphaned service checks enabled.\n# Values: 1 = enable checks, 0 = disable checks\n\ncheck_for_orphaned_services=1\ncheck_for_orphaned_hosts=1\n\n\n\n# SERVICE FRESHNESS CHECK OPTION\n# This option determines whether or not Nagios will periodically\n# check the \"freshness\" of service results. Enabling this option\n# is useful for ensuring passive checks are received in a timely\n# manner.\n# Values: 1 = enabled freshness checking, 0 = disable freshness checking\n\ncheck_service_freshness=1\n\n\n\n# SERVICE FRESHNESS CHECK INTERVAL\n# This setting determines how often (in seconds) Nagios will\n# check the \"freshness\" of service check results. If you have\n# disabled service freshness checking, this option has no effect.\n\nservice_freshness_check_interval=60\n\n\n\n# SERVICE CHECK TIMEOUT STATE\n# This setting determines the state Nagios will report when a\n# service check times out - that is does not respond within\n# service_check_timeout seconds. This can be useful if a\n# machine is running at too high a load and you do not want\n# to consider a failed service check to be critical (the default).\n# Valid settings are:\n# c - Critical (default)\n# u - Unknown\n# w - Warning\n# o - OK\n\nservice_check_timeout_state=c\n\n\n\n# HOST FRESHNESS CHECK OPTION\n# This option determines whether or not Nagios will periodically\n# check the \"freshness\" of host results. Enabling this option\n# is useful for ensuring passive checks are received in a timely\n# manner.\n# Values: 1 = enabled freshness checking, 0 = disable freshness checking\n\ncheck_host_freshness=0\n\n\n\n# HOST FRESHNESS CHECK INTERVAL\n# This setting determines how often (in seconds) Nagios will\n# check the \"freshness\" of host check results. If you have\n# disabled host freshness checking, this option has no effect.\n\nhost_freshness_check_interval=60\n\n\n\n\n# ADDITIONAL FRESHNESS THRESHOLD LATENCY\n# This setting determines the number of seconds that Nagios\n# will add to any host and service freshness thresholds that\n# it calculates (those not explicitly specified by the user).\n\nadditional_freshness_latency=15\n\n\n\n\n# FLAP DETECTION OPTION\n# This option determines whether or not Nagios will try\n# and detect hosts and services that are \"flapping\". \n# Flapping occurs when a host or service changes between\n# states too frequently. When Nagios detects that a \n# host or service is flapping, it will temporarily suppress\n# notifications for that host/service until it stops\n# flapping. Flap detection is very experimental, so read\n# the HTML documentation before enabling this feature!\n# Values: 1 = enable flap detection\n# 0 = disable flap detection (default)\n\nenable_flap_detection=1\n\n\n\n# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES\n# Read the HTML documentation on flap detection for\n# an explanation of what this option does. This option\n# has no effect if flap detection is disabled.\n\nlow_service_flap_threshold=5.0\nhigh_service_flap_threshold=20.0\nlow_host_flap_threshold=5.0\nhigh_host_flap_threshold=20.0\n\n\n\n# DATE FORMAT OPTION\n# This option determines how short dates are displayed. Valid options\n# include:\n#\tus\t\t(MM-DD-YYYY HH:MM:SS)\n#\teuro \t(DD-MM-YYYY HH:MM:SS)\n#\tiso8601\t\t(YYYY-MM-DD HH:MM:SS)\n#\tstrict-iso8601\t(YYYY-MM-DDTHH:MM:SS)\n#\n\ndate_format=us\n\n\n\n\n# TIMEZONE OFFSET\n# This option is used to override the default timezone that this\n# instance of Nagios runs in. If not specified, Nagios will use\n# the system configured timezone.\n#\n# NOTE: In order to display the correct timezone in the CGIs, you\n# will also need to alter the Apache directives for the CGI path \n# to include your timezone. Example:\n#\n# \n# SetEnv TZ \"Australia/Brisbane\"\n# ...\n# \n\n#use_timezone=US/Mountain\n#use_timezone=Australia/Brisbane\n\n\n\n\n# P1.PL FILE LOCATION\n# This value determines where the p1.pl perl script (used by the\n# embedded Perl interpreter) is located. If you didn't compile\n# Nagios with embedded Perl support, this option has no effect.\n\np1_file=/usr/sbin/p1.pl\n\n\n\n# EMBEDDED PERL INTERPRETER OPTION\n# This option determines whether or not the embedded Perl interpreter\n# will be enabled during runtime. This option has no effect if Nagios\n# has not been compiled with support for embedded Perl.\n# Values: 0 = disable interpreter, 1 = enable interpreter\n\nenable_embedded_perl=1\n\n\n\n# EMBEDDED PERL USAGE OPTION\n# This option determines whether or not Nagios will process Perl plugins\n# and scripts with the embedded Perl interpreter if the plugins/scripts\n# do not explicitly indicate whether or not it is okay to do so. Read\n# the HTML documentation on the embedded Perl interpreter for more \n# information on how this option works.\n\nuse_embedded_perl_implicitly=1\n\n\n\n# ILLEGAL OBJECT NAME CHARACTERS\n# This option allows you to specify illegal characters that cannot\n# be used in host names, service descriptions, or names of other\n# object types.\n\nillegal_object_name_chars=`~!$%^&*|'\"<>?,()=\n\n\n\n# ILLEGAL MACRO OUTPUT CHARACTERS\n# This option allows you to specify illegal characters that are\n# stripped from macros before being used in notifications, event\n# handlers, etc. This DOES NOT affect macros used in service or\n# host check commands.\n# The following macros are stripped of the characters you specify:\n#\t$HOSTOUTPUT$\n#\t$HOSTPERFDATA$\n#\t$HOSTACKAUTHOR$\n#\t$HOSTACKCOMMENT$\n#\t$SERVICEOUTPUT$\n#\t$SERVICEPERFDATA$\n#\t$SERVICEACKAUTHOR$\n#\t$SERVICEACKCOMMENT$\n\nillegal_macro_output_chars=`~$&|'\"<>\n\n\n\n# REGULAR EXPRESSION MATCHING\n# This option controls whether or not regular expression matching\n# takes place in the object config files. Regular expression\n# matching is used to match host, hostgroup, service, and service\n# group names/descriptions in some fields of various object types.\n# Values: 1 = enable regexp matching, 0 = disable regexp matching\n\nuse_regexp_matching=0\n\n\n\n# \"TRUE\" REGULAR EXPRESSION MATCHING\n# This option controls whether or not \"true\" regular expression \n# matching takes place in the object config files. This option\n# only has an effect if regular expression matching is enabled\n# (see above). If this option is DISABLED, regular expression\n# matching only occurs if a string contains wildcard characters\n# (* and ?). If the option is ENABLED, regexp matching occurs\n# all the time (which can be annoying).\n# Values: 1 = enable true matching, 0 = disable true matching\n\nuse_true_regexp_matching=0\n\n\n\n# ADMINISTRATOR EMAIL/PAGER ADDRESSES\n# The email and pager address of a global administrator (likely you).\n# Nagios never uses these values itself, but you can access them by\n# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification\n# commands.\n\nadmin_email=nagios@localhost\nadmin_pager=pagenagios@localhost\n\n\n\n# DAEMON CORE DUMP OPTION\n# This option determines whether or not Nagios is allowed to create\n# a core dump when it runs as a daemon. Note that it is generally\n# considered bad form to allow this, but it may be useful for\n# debugging purposes. Enabling this option doesn't guarantee that\n# a core file will be produced, but that's just life...\n# Values: 1 - Allow core dumps\n# 0 - Do not allow core dumps (default)\n\ndaemon_dumps_core=0\n\n\n\n# LARGE INSTALLATION TWEAKS OPTION\n# This option determines whether or not Nagios will take some shortcuts\n# which can save on memory and CPU usage in large Nagios installations.\n# Read the documentation for more information on the benefits/tradeoffs\n# of enabling this option.\n# Values: 1 - Enabled tweaks\n# 0 - Disable tweaks (default)\n\nuse_large_installation_tweaks=0\n\n\n\n# ENABLE ENVIRONMENT MACROS\n# This option determines whether or not Nagios will make all standard\n# macros available as environment variables when host/service checks\n# and system commands (event handlers, notifications, etc.) are\n# executed. Enabling this option can cause performance issues in \n# large installations, as it will consume a bit more memory and (more\n# importantly) consume more CPU.\n# Values: 1 - Enable environment variable macros (default)\n# 0 - Disable environment variable macros\n\nenable_environment_macros=1\n\n\n\n# CHILD PROCESS MEMORY OPTION\n# This option determines whether or not Nagios will free memory in\n# child processes (processed used to execute system commands and host/\n# service checks). If you specify a value here, it will override\n# program defaults.\n# Value: 1 - Free memory in child processes\n# 0 - Do not free memory in child processes\n\n#free_child_process_memory=1\n\n\n\n# CHILD PROCESS FORKING BEHAVIOR\n# This option determines how Nagios will fork child processes\n# (used to execute system commands and host/service checks). Normally\n# child processes are fork()ed twice, which provides a very high level\n# of isolation from problems. Fork()ing once is probably enough and will\n# save a great deal on CPU usage (in large installs), so you might\n# want to consider using this. If you specify a value here, it will\n# program defaults.\n# Value: 1 - Child processes fork() twice\n# 0 - Child processes fork() just once\n\n#child_processes_fork_twice=1\n\n\n\n# DEBUG LEVEL\n# This option determines how much (if any) debugging information will\n# be written to the debug file. OR values together to log multiple\n# types of information.\n# Values: \n# -1 = Everything\n# 0 = Nothing\n#\t 1 = Functions\n# 2 = Configuration\n# 4 = Process information\n#\t 8 = Scheduled events\n# 16 = Host/service checks\n# 32 = Notifications\n# 64 = Event broker\n# 128 = External commands\n# 256 = Commands\n# 512 = Scheduled downtime\n# 1024 = Comments\n# 2048 = Macros\n\ndebug_level=0\n\n\n\n# DEBUG VERBOSITY\n# This option determines how verbose the debug log out will be.\n# Values: 0 = Brief output\n# 1 = More detailed\n# 2 = Very detailed\n\ndebug_verbosity=1\n\n\n\n# DEBUG FILE\n# This option determines where Nagios should write debugging information.\n\ndebug_file=/var/log/nagios/nagios.debug\n\n\n\n# MAX DEBUG FILE SIZE\n# This option determines the maximum size (in bytes) of the debug file. If\n# the file grows larger than this size, it will be renamed with a .old\n# extension. If a file already exists with a .old extension it will\n# automatically be deleted. This helps ensure your disk space usage doesn't\n# get out of control when debugging Nagios.\n\nmax_debug_file_size=1000000\n\n\n" }, { "path": "lamp_haproxy/aws/roles/nagios/handlers/main.yml", "content": "---\n# handlers for nagios\n- name: restart httpd\n service: name=httpd state=restarted\n\n- name: restart nagios\n service: name=nagios state=restarted\n" }, { "path": "lamp_haproxy/aws/roles/nagios/tasks/main.yml", "content": "---\n# This will install nagios\n\n- name: install nagios\n yum:\n pkg: \"{{ item }}\"\n state: present\n with_items:\n - nagios\n - nagios-plugins\n - nagios-plugins-nrpe\n - nagios-plugins-ping\n - nagios-plugins-ssh\n - nagios-plugins-http\n - nagios-plugins-mysql\n - nagios-devel\n notify: restart httpd\n\n- name: create nagios config dir\n file:\n path: /etc/nagios/ansible-managed\n state: directory\n\n- name: configure nagios\n copy:\n src: nagios.cfg\n dest: /etc/nagios/nagios.cfg\n notify: restart nagios\n\n- name: configure localhost monitoring\n copy:\n src: localhost.cfg\n dest: /etc/nagios/objects/localhost.cfg\n notify: restart nagios\n\n- name: configure nagios services\n copy:\n src: ansible-managed-services.cfg\n dest: /etc/nagios/\n\n- name: create the nagios object files\n template:\n src: \"{{ item + '.j2' }}\"\n dest: \"/etc/nagios/ansible-managed/{{ item }}\"\n with_items:\n - webservers.cfg\n - dbservers.cfg\n - lbservers.cfg\n notify: restart nagios\n\n- name: start nagios\n service: name=nagios state=started enabled=yes\n" }, { "path": "lamp_haproxy/aws/roles/nagios/templates/dbservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name dbservers \n alias Database Servers\n}\n\n{% for host in groups.tag_ansible_group_dbservers %}\n define host {\n use linux-server\n host_name {{ host }}\n alias {{ host }}\n address {{ hostvars[host].ansible_default_ipv4.address }}\n hostgroups dbservers \n }\n{% endfor %}\n\n#define service {\n#\tuse\t\t\t\tlocal-service\n#\thostgroup_name\t\t\tdbservers\n#\tservice_description\t\tMySQL Database Server\n#\tcheck_command\t\t\tcheck_mysql\n#\tnotifications_enabled\t\t0\n#}\n\n" }, { "path": "lamp_haproxy/aws/roles/nagios/templates/lbservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name loadbalancers \n alias Load Balancers\n}\n\n{% for host in groups.tag_ansible_group_lbservers %}\ndefine host {\n use linux-server\n host_name {{ host }}\n alias {{ host }}\n address {{ hostvars[host].ansible_default_ipv4.address }}\n hostgroups loadbalancers \n}\ndefine service {\n\tuse\t\t\t\tlocal-service\n\thost_name\t\t\t{{ host }}\n\tservice_description\t\tHAProxy Load Balancer\n\tcheck_command\t\t\tcheck_http!-p{{ hostvars[host].listenport }}\n}\n{% endfor %}\n" }, { "path": "lamp_haproxy/aws/roles/nagios/templates/webservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name webservers\n alias Web Servers\n}\n\n{% for host in groups.tag_ansible_group_webservers %}\n define host {\n\tuse linux-server\n\thost_name {{ host }} \n\talias {{ host }}\n\taddress {{ hostvars[host].ansible_default_ipv4.address }}\n\thostgroups \t\twebservers\n } \n{% endfor %}\n\n# service checks to be applied to the web server\ndefine service {\n\tuse\t\t\t\tlocal-service\n\thostgroup_name\t\t\twebservers\n\tservice_description\t webserver\t\n\tcheck_command\t\t\tcheck_http\n\tnotifications_enabled\t\t0\n}\n" }, { "path": "lamp_haproxy/aws/roles/web/tasks/main.yml", "content": "---\n- name: Copy the code from repository\n git:\n repo: \"{{ repository }}\"\n version: \"{{ webapp_version }}\"\n dest: /var/www/html/\n" }, { "path": "lamp_haproxy/aws/rolling_update.yml", "content": "---\n# This playbook does a rolling update for all webservers serially (one at a time).\n# Change the value of serial: to adjust the number of server to be updated.\n#\n# The three roles that apply to the webserver hosts will be applied: common,\n# base-apache, and web. So any changes to configuration, package updates, etc,\n# will be applied as part of the rolling update process.\n#\n\n# gather facts from monitoring nodes for iptables rules\n- hosts: tag_ansible_group_monitoring\n tasks: []\n\n- hosts: tag_ansible_group_webservers\n serial: 1\n\n # These are the tasks to run before applying updates:\n pre_tasks:\n - name: disable nagios alerts for this host webserver service\n nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.tag_ansible_group_monitoring }}\"\n\n - name: disable the server in haproxy\n haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.tag_ansible_group_lbservers }}\"\n\n roles:\n - web\n ## Optionally, re-run the common and base-apache roles\n #- common\n #- base-apache\n\n # These tasks run after the roles:\n post_tasks:\n - name: wait for webserver to come up\n wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80'\n\n - name: enable the server in haproxy\n haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.tag_ansible_group_lbservers }}\"\n\n - name: re-enable nagios alerts\n nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.tag_ansible_group_monitoring }}\"\n" }, { "path": "lamp_haproxy/aws/site.yml", "content": "---\n## This playbook deploys the whole application stack in this site.\n\n# Apply common configuration to all hosts\n- hosts: all\n\n roles:\n - common\n\n# Configure and deploy database servers.\n- hosts: tag_ansible_group_dbservers\n\n roles:\n - db\n\n tags:\n - db\n\n# Configure and deploy the web servers. Note that we include two roles here,\n# the 'base-apache' role which simply sets up Apache, and 'web' which includes\n# our example web application.\n- hosts: tag_ansible_group_webservers\n\n roles:\n - base-apache\n - web\n\n tags:\n - web\n\n# Configure and deploy the load balancer(s).\n- hosts: tag_ansible_group_lbservers\n\n roles:\n - haproxy\n\n tags:\n - lb\n\n# Configure and deploy the Nagios monitoring node(s).\n- hosts: tag_ansible_group_monitoring\n\n roles:\n - base-apache\n - nagios\n\n tags:\n - monitoring\n" }, { "path": "lamp_haproxy/group_vars/all", "content": "---\n# Variables here are applicable to all host groups\n\nhttpd_port: 80\nntpserver: 192.168.1.2\n" }, { "path": "lamp_haproxy/group_vars/dbservers", "content": "---\n# The variables file used by the playbooks in the dbservers group.\n# These don't have to be explicitly imported by vars_files: they are autopopulated.\n\nmysqlservice: mysqld\nmysql_port: 3306\ndbuser: root\ndbname: foodb\nupassword: abc\n" }, { "path": "lamp_haproxy/group_vars/lbservers", "content": "---\n# Variables for the HAproxy configuration\n\n# HAProxy supports \"http\" and \"tcp\". For SSL, SMTP, etc, use \"tcp\".\nmode: http\n\n# Port on which HAProxy should listen\nlistenport: 8888\n\n# A name for the proxy daemon, this wil be the suffix in the logs.\ndaemonname: myapplb\n\n# Balancing Algorithm. Available options:\n# roundrobin, source, leastconn, source, uri\n# (if persistance is required use, \"source\")\nbalance: roundrobin \n\n# Ethernet interface on which the load balancer should listen\n# Defaults to the first interface. Change this to:\n#\n# iface: eth1\n#\n# ...to override.\n#\niface: '{{ ansible_default_ipv4.interface }}'\n" }, { "path": "lamp_haproxy/group_vars/webservers", "content": "---\n# Variables for the web server configuration\n\n# Ethernet interface on which the web server should listen.\n# Defaults to the first interface. Change this to:\n#\n# iface: eth1\n#\n# ...to override.\n#\niface: '{{ ansible_default_ipv4.interface }}'\n\n# this is the repository that holds our sample webapp\nrepository: https://github.com/bennojoy/mywebapp.git\n\n# this is the sha1sum of V5 of the test webapp.\nwebapp_version: 351e47276cc66b018f4890a04709d4cc3d3edb0d\n" }, { "path": "lamp_haproxy/hosts", "content": "[webservers]\nweb1\nweb2\n\n[dbservers]\ndb1\n\n[lbservers]\nlb1\n\n[monitoring]\nnagios\n" }, { "path": "lamp_haproxy/provision.yml", "content": "---\n#Provision some instances:\n- hosts: localhost\n connection: local\n gather_facts: False\n\n vars_files:\n - group_vars/all\n\n tasks:\n - name: Launch webserver instances\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"{{ ec2_image }}\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'{{ ec2_tag_webservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"{{ ec2_instance_count }}\"\n register: ec2\n\n - name: Launch database instance\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"{{ ec2_image }}\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'{{ ec2_tag_dbservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"1\"\n register: ec2\n\n - name: Launch load balancing instance\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"{{ ec2_image }}\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'{{ ec2_tag_lbservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"1\"\n register: ec2\n\n - name: Launch monitoring instance\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"{{ ec2_image }}\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'{{ ec2_tag_monitoring }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"1\"\n register: ec2\n\n\n - name: Wait for SSH to come up\n local_action: wait_for host={{ item.public_dns_name }}\n port=22 delay=60 timeout=320 state=started\n with_items: \"{{ ec2.instances }}\"\n" }, { "path": "lamp_haproxy/roles/base-apache/tasks/main.yml", "content": "---\n# This role installs httpd\n\n- name: Install http\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - httpd\n - php\n - php-mysql\n - git\n\n- name: Configure SELinux to allow httpd to connect to remote database\n seboolean:\n name: httpd_can_network_connect_db\n state: true\n persistent: yes\n when: sestatus.rc != 0\n\n- name: http service state\n service:\n name: httpd\n state: started\n enabled: yes\n" }, { "path": "lamp_haproxy/roles/common/files/RPM-GPG-KEY-EPEL-6", "content": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\nmQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1\nJXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B\nM9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn\nXtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6\npQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV\nQqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp\nXo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq\n3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu\nvBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar\n1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g\nYgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB\ntCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS\nKUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9\nqO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT\n9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP\nQ4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS\nWtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft\nHpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF\np0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP\nx1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8\nwB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J\nl/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG\niVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR\nXtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==\n=V/6I\n-----END PGP PUBLIC KEY BLOCK-----\n" }, { "path": "lamp_haproxy/roles/common/files/epel.repo", "content": "[epel]\nname=Extra Packages for Enterprise Linux 6 - $basearch\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch\nfailovermethod=priority\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\n\n[epel-debuginfo]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Debug\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n\n[epel-source]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Source\n#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n" }, { "path": "lamp_haproxy/roles/common/handlers/main.yml", "content": "---\n# Handlers for common notifications\n\n- name: restart ntp\n service: name=ntpd state=restarted\n\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "lamp_haproxy/roles/common/tasks/main.yml", "content": "---\n# This role contains common plays that will run on all nodes.\n\n- name: Install python bindings for SE Linux\n yum: name={{ item }} state=present\n with_items:\n - libselinux-python\n - libsemanage-python\n\n- name: Create the repository for EPEL\n copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo\n\n- name: Create the GPG key for EPEL\n copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg\n\n- name: install some useful nagios plugins\n yum: name={{ item }} state=present\n with_items:\n - nagios-nrpe\n - nagios-plugins-swap\n - nagios-plugins-users\n - nagios-plugins-procs\n - nagios-plugins-load\n - nagios-plugins-disk\n\n- name: Install ntp\n yum: name=ntp state=present\n tags: ntp\n\n- name: Configure ntp file\n template: src=ntp.conf.j2 dest=/etc/ntp.conf\n tags: ntp\n notify: restart ntp\n\n- name: Start the ntp service\n service: name=ntpd state=started enabled=yes\n tags: ntp\n\n# work around RHEL 7, for now\n- name: insert iptables template\n template: src=iptables.j2 dest=/etc/sysconfig/iptables\n when: ansible_distribution_major_version != '7'\n notify: restart iptables\n\n- name: test to see if selinux is running\n command: getenforce\n register: sestatus\n changed_when: false\n" }, { "path": "lamp_haproxy/roles/common/templates/iptables.j2", "content": "# {{ ansible_managed }}\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n\n{% if (inventory_hostname in groups.webservers) or (inventory_hostname in groups.monitoring) %}\n-A INPUT -p tcp --dport 80 -j ACCEPT\n{% endif %}\n\n{% if (inventory_hostname in groups.dbservers) %}\n-A INPUT -p tcp --dport 3306 -j ACCEPT\n{% endif %}\n\n{% if (inventory_hostname in groups.lbservers) %}\n-A INPUT -p tcp --dport {{ listenport }} -j ACCEPT\n{% endif %}\n\n{% for host in groups.monitoring %}\n-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT\n{% endfor %}\n\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n" }, { "path": "lamp_haproxy/roles/common/templates/ntp.conf.j2", "content": "\ndriftfile /var/lib/ntp/drift\n\nrestrict 127.0.0.1 \nrestrict -6 ::1\n\nserver {{ ntpserver }}\n\nincludefile /etc/ntp/crypto/pw\n\nkeys /etc/ntp/keys\n\n" }, { "path": "lamp_haproxy/roles/db/handlers/main.yml", "content": "---\n# Handler to handle DB tier notifications\n\n- name: restart mysql\n service: name=mysqld state=restarted\n\n" }, { "path": "lamp_haproxy/roles/db/tasks/main.yml", "content": "---\n# This role will install MySQL and create db user and give permissions.\n\n- name: Install Mysql package\n yum: name={{ item }} state=present\n with_items:\n - mysql-server\n - MySQL-python\n\n- name: Configure SELinux to start mysql on any port\n seboolean: name=mysql_connect_any state=true persistent=yes\n when: sestatus.rc != 0\n\n- name: Create Mysql configuration file\n template: src=my.cnf.j2 dest=/etc/my.cnf\n notify:\n - restart mysql\n\n- name: Start Mysql Service\n service: name=mysqld state=started enabled=yes\n\n- name: Create Application Database\n mysql_db: name={{ dbname }} state=present\n\n- name: Create Application DB User\n mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present\n" }, { "path": "lamp_haproxy/roles/db/templates/my.cnf.j2", "content": "[mysqld]\ndatadir=/var/lib/mysql\nsocket=/var/lib/mysql/mysql.sock\nuser=mysql\n# Disabling symbolic-links is recommended to prevent assorted security risks\nsymbolic-links=0\nport={{ mysql_port }}\n\n[mysqld_safe]\nlog-error=/var/log/mysqld.log\npid-file=/var/run/mysqld/mysqld.pid\n" }, { "path": "lamp_haproxy/roles/haproxy/handlers/main.yml", "content": "---\n# Handlers for HAproxy\n\n- name: restart haproxy\n service: name=haproxy state=restarted\n\n- name: reload haproxy\n service: name=haproxy state=reloaded\n\n" }, { "path": "lamp_haproxy/roles/haproxy/tasks/main.yml", "content": "---\n# This role installs HAProxy and configures it.\n\n- name: Download and install haproxy\n yum: name=haproxy state=present\n\n- name: Configure the haproxy cnf file with hosts\n template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg\n notify: restart haproxy\n\n- name: Start the haproxy service\n service: name=haproxy state=started enabled=yes\n" }, { "path": "lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2", "content": "global\n log 127.0.0.1 local2 \n\n chroot /var/lib/haproxy\n pidfile /var/run/haproxy.pid\n maxconn 4000\n user root\n group root\n daemon\n\n # turn on stats unix socket\n stats socket /var/lib/haproxy/stats level admin\n\ndefaults\n mode {{ mode }}\n log global\n option httplog\n option dontlognull\n option http-server-close\n option forwardfor except 127.0.0.0/8\n option redispatch\n retries 3\n timeout http-request 10s\n timeout queue 1m\n timeout connect 10s\n timeout client 1m\n timeout server 1m\n timeout http-keep-alive 10s\n timeout check 10s\n maxconn 3000\n\nbackend app\n {% for host in groups.lbservers %}\n \tlisten {{ daemonname }} 0.0.0.0:{{ listenport }}\n {% endfor %}\n balance {{ balance }}\n {% for host in groups.webservers %}\n server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }}\n {% endfor %}\n" }, { "path": "lamp_haproxy/roles/nagios/files/ansible-managed-services.cfg", "content": "# {{ ansible_managed }}\n\n# service checks to be applied to all hosts\n\ndefine service {\n use local-service\n host_name localhost\n service_description Root Partition\n check_command check_local_disk!20%!10%!/\n}\n\ndefine service {\n use local-service\n host_name * \n service_description Current Users\n check_command check_local_users!20!50\n}\n\n\ndefine service {\n use local-service\n host_name * \n service_description Total Processes\n check_command check_local_procs!250!400!RSZDT\n}\n\ndefine service {\n use local-service\n host_name \t\t \t*\t\n service_description Current Load\n check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0\n}\n\ndefine service {\n use local-service\n host_name * \n service_description Swap Usage\n check_command check_local_swap!20!10\n}\n" }, { "path": "lamp_haproxy/roles/nagios/files/localhost.cfg", "content": "###############################################################################\n# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE\n#\n# Last Modified: 05-31-2007\n#\n# NOTE: This config file is intended to serve as an *extremely* simple \n# example of how you can create configuration entries to monitor\n# the local (Linux) machine.\n#\n###############################################################################\n\n\n\n\n###############################################################################\n###############################################################################\n#\n# HOST DEFINITION\n#\n###############################################################################\n###############################################################################\n\n# Define a host for the local machine\n\ndefine host{\n use linux-server ; Name of host template to use\n\t\t\t\t\t\t\t; This host definition will inherit all variables that are defined\n\t\t\t\t\t\t\t; in (or inherited by) the linux-server host template definition.\n host_name localhost\n alias localhost\n address 127.0.0.1\n }\n\n\n\n###############################################################################\n###############################################################################\n#\n# HOST GROUP DEFINITION\n#\n###############################################################################\n###############################################################################\n\n# Define an optional hostgroup for Linux machines\n\ndefine hostgroup{\n hostgroup_name linux-servers ; The name of the hostgroup\n alias Linux Servers ; Long name of the group\n members localhost ; Comma separated list of hosts that belong to this group\n }\n\n\n\n###############################################################################\n###############################################################################\n#\n# SERVICE DEFINITIONS\n#\n###############################################################################\n###############################################################################\n\n\n# Define a service to \"ping\" the local machine\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description PING\n\tcheck_command\t\t\tcheck_ping!100.0,20%!500.0,60%\n }\n\n\n# Define a service to check the disk space of the root partition\n# on the local machine. Warning if < 20% free, critical if\n# < 10% free space on partition.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Root Partition\n\tcheck_command\t\t\tcheck_local_disk!20%!10%!/\n }\n\n\n\n# Define a service to check the number of currently logged in\n# users on the local machine. Warning if > 20 users, critical\n# if > 50 users.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Current Users\n\tcheck_command\t\t\tcheck_local_users!20!50\n }\n\n\n# Define a service to check the number of currently running procs\n# on the local machine. Warning if > 250 processes, critical if\n# > 400 users.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Total Processes\n\tcheck_command\t\t\tcheck_local_procs!250!400!RSZDT\n }\n\n\n\n# Define a service to check the load on the local machine. \n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Current Load\n\tcheck_command\t\t\tcheck_local_load!5.0,4.0,3.0!10.0,6.0,4.0\n }\n\n\n\n# Define a service to check the swap usage the local machine. \n# Critical if less than 10% of swap is free, warning if less than 20% is free\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description Swap Usage\n\tcheck_command\t\t\tcheck_local_swap!20!10\n }\n\n\n\n# Define a service to check SSH on the local machine.\n# Disable notifications for this service by default, as not all users may have SSH enabled.\n\ndefine service{\n use local-service ; Name of service template to use\n host_name localhost\n service_description SSH\n\tcheck_command\t\t\tcheck_ssh\n\tnotifications_enabled\t\t0\n }\n\n" }, { "path": "lamp_haproxy/roles/nagios/files/nagios.cfg", "content": "##############################################################################\n#\n# NAGIOS.CFG - Sample Main Config File for Nagios 3.4.4\n#\n# Read the documentation for more information on this configuration\n# file. I've provided some comments here, but things may not be so\n# clear without further explanation.\n#\n# Last Modified: 12-14-2008\n#\n##############################################################################\n\n\n# LOG FILE\n# This is the main log file where service and host events are logged\n# for historical purposes. This should be the first option specified \n# in the config file!!!\n\nlog_file=/var/log/nagios/nagios.log\n\n\n\n# OBJECT CONFIGURATION FILE(S)\n# These are the object configuration files in which you define hosts,\n# host groups, contacts, contact groups, services, etc.\n# You can split your object definitions across several config files\n# if you wish (as shown below), or keep them all in a single config file.\n\n# You can specify individual object config files as shown below:\ncfg_file=/etc/nagios/objects/commands.cfg\ncfg_file=/etc/nagios/objects/contacts.cfg\ncfg_file=/etc/nagios/objects/timeperiods.cfg\ncfg_file=/etc/nagios/objects/templates.cfg\n\n# Definitions for monitoring the local (Linux) host\ncfg_file=/etc/nagios/objects/localhost.cfg\n\ncfg_file=/etc/nagios/ansible-managed-services.cfg\ncfg_dir=/etc/nagios/ansible-managed\n\n\n# OBJECT CACHE FILE\n# This option determines where object definitions are cached when\n# Nagios starts/restarts. The CGIs read object definitions from \n# this cache file (rather than looking at the object config files\n# directly) in order to prevent inconsistencies that can occur\n# when the config files are modified after Nagios starts.\n\nobject_cache_file=/var/log/nagios/objects.cache\n\n\n\n# PRE-CACHED OBJECT FILE\n# This options determines the location of the precached object file.\n# If you run Nagios with the -p command line option, it will preprocess\n# your object configuration file(s) and write the cached config to this\n# file. You can then start Nagios with the -u option to have it read\n# object definitions from this precached file, rather than the standard\n# object configuration files (see the cfg_file and cfg_dir options above).\n# Using a precached object file can speed up the time needed to (re)start \n# the Nagios process if you've got a large and/or complex configuration.\n# Read the documentation section on optimizing Nagios to find our more\n# about how this feature works.\n\nprecached_object_file=/var/log/nagios/objects.precache\n\n\n\n# RESOURCE FILE\n# This is an optional resource file that contains $USERx$ macro\n# definitions. Multiple resource files can be specified by using\n# multiple resource_file definitions. The CGIs will not attempt to\n# read the contents of resource files, so information that is\n# considered to be sensitive (usernames, passwords, etc) can be\n# defined as macros in this file and restrictive permissions (600)\n# can be placed on this file.\n\nresource_file=/etc/nagios/private/resource.cfg\n\n\n\n# STATUS FILE\n# This is where the current status of all monitored services and\n# hosts is stored. Its contents are read and processed by the CGIs.\n# The contents of the status file are deleted every time Nagios\n# restarts.\n\nstatus_file=/var/log/nagios/status.dat\n\n\n\n# STATUS FILE UPDATE INTERVAL\n# This option determines the frequency (in seconds) that\n# Nagios will periodically dump program, host, and \n# service status data.\n\nstatus_update_interval=10\n\n\n\n# NAGIOS USER\n# This determines the effective user that Nagios should run as. \n# You can either supply a username or a UID.\n\nnagios_user=nagios\n\n\n\n# NAGIOS GROUP\n# This determines the effective group that Nagios should run as. \n# You can either supply a group name or a GID.\n\nnagios_group=nagios\n\n\n\n# EXTERNAL COMMAND OPTION\n# This option allows you to specify whether or not Nagios should check\n# for external commands (in the command file defined below). By default\n# Nagios will *not* check for external commands, just to be on the\n# cautious side. If you want to be able to use the CGI command interface\n# you will have to enable this.\n# Values: 0 = disable commands, 1 = enable commands\n\ncheck_external_commands=1\n\n\n\n# EXTERNAL COMMAND CHECK INTERVAL\n# This is the interval at which Nagios should check for external commands.\n# This value works of the interval_length you specify later. If you leave\n# that at its default value of 60 (seconds), a value of 1 here will cause\n# Nagios to check for external commands every minute. If you specify a\n# number followed by an \"s\" (i.e. 15s), this will be interpreted to mean\n# actual seconds rather than a multiple of the interval_length variable.\n# Note: In addition to reading the external command file at regularly \n# scheduled intervals, Nagios will also check for external commands after\n# event handlers are executed.\n# NOTE: Setting this value to -1 causes Nagios to check the external\n# command file as often as possible.\n\n#command_check_interval=15s\ncommand_check_interval=-1\n\n\n\n# EXTERNAL COMMAND FILE\n# This is the file that Nagios checks for external command requests.\n# It is also where the command CGI will write commands that are submitted\n# by users, so it must be writeable by the user that the web server\n# is running as (usually 'nobody'). Permissions should be set at the \n# directory level instead of on the file, as the file is deleted every\n# time its contents are processed.\n\ncommand_file=/var/spool/nagios/cmd/nagios.cmd\n\n\n\n# EXTERNAL COMMAND BUFFER SLOTS\n# This settings is used to tweak the number of items or \"slots\" that\n# the Nagios daemon should allocate to the buffer that holds incoming \n# external commands before they are processed. As external commands \n# are processed by the daemon, they are removed from the buffer. \n\nexternal_command_buffer_slots=4096\n\n\n\n# LOCK FILE\n# This is the lockfile that Nagios will use to store its PID number\n# in when it is running in daemon mode.\n\nlock_file=/var/run/nagios.pid\n\n\n\n# TEMP FILE\n# This is a temporary file that is used as scratch space when Nagios\n# updates the status log, cleans the comment file, etc. This file\n# is created, used, and deleted throughout the time that Nagios is\n# running.\n\ntemp_file=/var/log/nagios/nagios.tmp\n\n\n\n# TEMP PATH\n# This is path where Nagios can create temp files for service and\n# host check results, etc.\n\ntemp_path=/tmp\n\n\n\n# EVENT BROKER OPTIONS\n# Controls what (if any) data gets sent to the event broker.\n# Values: 0 = Broker nothing\n# -1 = Broker everything\n# = See documentation\n\nevent_broker_options=-1\n\n\n\n# EVENT BROKER MODULE(S)\n# This directive is used to specify an event broker module that should\n# by loaded by Nagios at startup. Use multiple directives if you want\n# to load more than one module. Arguments that should be passed to\n# the module at startup are seperated from the module path by a space.\n#\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n#\n# Do NOT overwrite modules while they are being used by Nagios or Nagios\n# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation\n# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios...\n#\n# The correct/safe way of updating a module is by using one of these methods:\n# 1. Shutdown Nagios, replace the module file, restart Nagios\n# 2. Delete the original module file, move the new module file into place, restart Nagios\n#\n# Example:\n#\n# broker_module= [moduleargs]\n\n#broker_module=/somewhere/module1.o\n#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0\n\n\n\n# LOG ROTATION METHOD\n# This is the log rotation method that Nagios should use to rotate\n# the main log file. Values are as follows..\n#\tn\t= None - don't rotate the log\n#\th\t= Hourly rotation (top of the hour)\n#\td\t= Daily rotation (midnight every day)\n#\tw\t= Weekly rotation (midnight on Saturday evening)\n#\tm\t= Monthly rotation (midnight last day of month)\n\nlog_rotation_method=d\n\n\n\n# LOG ARCHIVE PATH\n# This is the directory where archived (rotated) log files should be \n# placed (assuming you've chosen to do log rotation).\n\nlog_archive_path=/var/log/nagios/archives\n\n\n\n# LOGGING OPTIONS\n# If you want messages logged to the syslog facility, as well as the\n# Nagios log file set this option to 1. If not, set it to 0.\n\nuse_syslog=1\n\n\n\n# NOTIFICATION LOGGING OPTION\n# If you don't want notifications to be logged, set this value to 0.\n# If notifications should be logged, set the value to 1.\n\nlog_notifications=1\n\n\n\n# SERVICE RETRY LOGGING OPTION\n# If you don't want service check retries to be logged, set this value\n# to 0. If retries should be logged, set the value to 1.\n\nlog_service_retries=1\n\n\n\n# HOST RETRY LOGGING OPTION\n# If you don't want host check retries to be logged, set this value to\n# 0. If retries should be logged, set the value to 1.\n\nlog_host_retries=1\n\n\n\n# EVENT HANDLER LOGGING OPTION\n# If you don't want host and service event handlers to be logged, set\n# this value to 0. If event handlers should be logged, set the value\n# to 1.\n\nlog_event_handlers=1\n\n\n\n# INITIAL STATES LOGGING OPTION\n# If you want Nagios to log all initial host and service states to\n# the main log file (the first time the service or host is checked)\n# you can enable this option by setting this value to 1. If you\n# are not using an external application that does long term state\n# statistics reporting, you do not need to enable this option. In\n# this case, set the value to 0.\n\nlog_initial_states=0\n\n\n\n# EXTERNAL COMMANDS LOGGING OPTION\n# If you don't want Nagios to log external commands, set this value\n# to 0. If external commands should be logged, set this value to 1.\n# Note: This option does not include logging of passive service\n# checks - see the option below for controlling whether or not\n# passive checks are logged.\n\nlog_external_commands=1\n\n\n\n# PASSIVE CHECKS LOGGING OPTION\n# If you don't want Nagios to log passive host and service checks, set\n# this value to 0. If passive checks should be logged, set\n# this value to 1.\n\nlog_passive_checks=1\n\n\n\n# GLOBAL HOST AND SERVICE EVENT HANDLERS\n# These options allow you to specify a host and service event handler\n# command that is to be run for every host or service state change.\n# The global event handler is executed immediately prior to the event\n# handler that you have optionally specified in each host or\n# service definition. The command argument is the short name of a\n# command definition that you define in your host configuration file.\n# Read the HTML docs for more information.\n\n#global_host_event_handler=somecommand\n#global_service_event_handler=somecommand\n\n\n\n# SERVICE INTER-CHECK DELAY METHOD\n# This is the method that Nagios should use when initially\n# \"spreading out\" service checks when it starts monitoring. The\n# default is to use smart delay calculation, which will try to\n# space all service checks out evenly to minimize CPU load.\n# Using the dumb setting will cause all checks to be scheduled\n# at the same time (with no delay between them)! This is not a\n# good thing for production, but is useful when testing the\n# parallelization functionality.\n#\tn\t= None - don't use any delay between checks\n#\td\t= Use a \"dumb\" delay of 1 second between checks\n#\ts\t= Use \"smart\" inter-check delay calculation\n# x.xx = Use an inter-check delay of x.xx seconds\n\nservice_inter_check_delay_method=s\n\n\n\n# MAXIMUM SERVICE CHECK SPREAD\n# This variable determines the timeframe (in minutes) from the\n# program start time that an initial check of all services should\n# be completed. Default is 30 minutes.\n\nmax_service_check_spread=30\n\n\n\n# SERVICE CHECK INTERLEAVE FACTOR\n# This variable determines how service checks are interleaved.\n# Interleaving the service checks allows for a more even\n# distribution of service checks and reduced load on remote\n# hosts. Setting this value to 1 is equivalent to how versions\n# of Nagios previous to 0.0.5 did service checks. Set this\n# value to s (smart) for automatic calculation of the interleave\n# factor unless you have a specific reason to change it.\n# s = Use \"smart\" interleave factor calculation\n# x = Use an interleave factor of x, where x is a\n# number greater than or equal to 1.\n\nservice_interleave_factor=s\n\n\n\n# HOST INTER-CHECK DELAY METHOD\n# This is the method that Nagios should use when initially\n# \"spreading out\" host checks when it starts monitoring. The\n# default is to use smart delay calculation, which will try to\n# space all host checks out evenly to minimize CPU load.\n# Using the dumb setting will cause all checks to be scheduled\n# at the same time (with no delay between them)!\n#\tn\t= None - don't use any delay between checks\n#\td\t= Use a \"dumb\" delay of 1 second between checks\n#\ts\t= Use \"smart\" inter-check delay calculation\n# x.xx = Use an inter-check delay of x.xx seconds\n\nhost_inter_check_delay_method=s\n\n\n\n# MAXIMUM HOST CHECK SPREAD\n# This variable determines the timeframe (in minutes) from the\n# program start time that an initial check of all hosts should\n# be completed. Default is 30 minutes.\n\nmax_host_check_spread=30\n\n\n\n# MAXIMUM CONCURRENT SERVICE CHECKS\n# This option allows you to specify the maximum number of \n# service checks that can be run in parallel at any given time.\n# Specifying a value of 1 for this variable essentially prevents\n# any service checks from being parallelized. A value of 0\n# will not restrict the number of concurrent checks that are\n# being executed.\n\nmax_concurrent_checks=0\n\n\n\n# HOST AND SERVICE CHECK REAPER FREQUENCY\n# This is the frequency (in seconds!) that Nagios will process\n# the results of host and service checks.\n\ncheck_result_reaper_frequency=10\n\n\n\n\n# MAX CHECK RESULT REAPER TIME\n# This is the max amount of time (in seconds) that a single\n# check result reaper event will be allowed to run before \n# returning control back to Nagios so it can perform other\n# duties.\n\nmax_check_result_reaper_time=30\n\n\n\n\n# CHECK RESULT PATH\n# This is directory where Nagios stores the results of host and\n# service checks that have not yet been processed.\n#\n# Note: Make sure that only one instance of Nagios has access\n# to this directory! \n\ncheck_result_path=/var/log/nagios/spool/checkresults\n\n\n\n\n# MAX CHECK RESULT FILE AGE\n# This option determines the maximum age (in seconds) which check\n# result files are considered to be valid. Files older than this \n# threshold will be mercilessly deleted without further processing.\n\nmax_check_result_file_age=3600\n\n\n\n\n# CACHED HOST CHECK HORIZON\n# This option determines the maximum amount of time (in seconds)\n# that the state of a previous host check is considered current.\n# Cached host states (from host checks that were performed more\n# recently that the timeframe specified by this value) can immensely\n# improve performance in regards to the host check logic.\n# Too high of a value for this option may result in inaccurate host\n# states being used by Nagios, while a lower value may result in a\n# performance hit for host checks. Use a value of 0 to disable host\n# check caching.\n\ncached_host_check_horizon=15\n\n\n\n# CACHED SERVICE CHECK HORIZON\n# This option determines the maximum amount of time (in seconds)\n# that the state of a previous service check is considered current.\n# Cached service states (from service checks that were performed more\n# recently that the timeframe specified by this value) can immensely\n# improve performance in regards to predictive dependency checks.\n# Use a value of 0 to disable service check caching.\n\ncached_service_check_horizon=15\n\n\n\n# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS\n# This option determines whether or not Nagios will attempt to execute\n# checks of hosts when it predicts that future dependency logic test\n# may be needed. These predictive checks can help ensure that your\n# host dependency logic works well.\n# Values:\n# 0 = Disable predictive checks\n# 1 = Enable predictive checks (default)\n\nenable_predictive_host_dependency_checks=1\n\n\n\n# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS\n# This option determines whether or not Nagios will attempt to execute\n# checks of service when it predicts that future dependency logic test\n# may be needed. These predictive checks can help ensure that your\n# service dependency logic works well.\n# Values:\n# 0 = Disable predictive checks\n# 1 = Enable predictive checks (default)\n\nenable_predictive_service_dependency_checks=1\n\n\n\n# SOFT STATE DEPENDENCIES\n# This option determines whether or not Nagios will use soft state \n# information when checking host and service dependencies. Normally \n# Nagios will only use the latest hard host or service state when \n# checking dependencies. If you want it to use the latest state (regardless\n# of whether its a soft or hard state type), enable this option. \n# Values:\n# 0 = Don't use soft state dependencies (default) \n# 1 = Use soft state dependencies \n\nsoft_state_dependencies=0\n\n\n\n# TIME CHANGE ADJUSTMENT THRESHOLDS\n# These options determine when Nagios will react to detected changes\n# in system time (either forward or backwards).\n\n#time_change_threshold=900\n\n\n\n# AUTO-RESCHEDULING OPTION\n# This option determines whether or not Nagios will attempt to\n# automatically reschedule active host and service checks to\n# \"smooth\" them out over time. This can help balance the load on\n# the monitoring server. \n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_reschedule_checks=0\n\n\n\n# AUTO-RESCHEDULING INTERVAL\n# This option determines how often (in seconds) Nagios will\n# attempt to automatically reschedule checks. This option only\n# has an effect if the auto_reschedule_checks option is enabled.\n# Default is 30 seconds.\n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_rescheduling_interval=30\n\n\n\n# AUTO-RESCHEDULING WINDOW\n# This option determines the \"window\" of time (in seconds) that\n# Nagios will look at when automatically rescheduling checks.\n# Only host and service checks that occur in the next X seconds\n# (determined by this variable) will be rescheduled. This option\n# only has an effect if the auto_reschedule_checks option is\n# enabled. Default is 180 seconds (3 minutes).\n# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE\n# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY\n\nauto_rescheduling_window=180\n\n\n\n# SLEEP TIME\n# This is the number of seconds to sleep between checking for system\n# events and service checks that need to be run.\n\nsleep_time=0.25\n\n\n\n# TIMEOUT VALUES\n# These options control how much time Nagios will allow various\n# types of commands to execute before killing them off. Options\n# are available for controlling maximum time allotted for\n# service checks, host checks, event handlers, notifications, the\n# ocsp command, and performance data commands. All values are in\n# seconds.\n\nservice_check_timeout=60\nhost_check_timeout=30\nevent_handler_timeout=30\nnotification_timeout=30\nocsp_timeout=5\nperfdata_timeout=5\n\n\n\n# RETAIN STATE INFORMATION\n# This setting determines whether or not Nagios will save state\n# information for services and hosts before it shuts down. Upon\n# startup Nagios will reload all saved service and host state\n# information before starting to monitor. This is useful for \n# maintaining long-term data on state statistics, etc, but will\n# slow Nagios down a bit when it (re)starts. Since its only\n# a one-time penalty, I think its well worth the additional\n# startup delay.\n\nretain_state_information=1\n\n\n\n# STATE RETENTION FILE\n# This is the file that Nagios should use to store host and\n# service state information before it shuts down. The state \n# information in this file is also read immediately prior to\n# starting to monitor the network when Nagios is restarted.\n# This file is used only if the retain_state_information\n# variable is set to 1.\n\nstate_retention_file=/var/log/nagios/retention.dat\n\n\n\n# RETENTION DATA UPDATE INTERVAL\n# This setting determines how often (in minutes) that Nagios\n# will automatically save retention data during normal operation.\n# If you set this value to 0, Nagios will not save retention\n# data at regular interval, but it will still save retention\n# data before shutting down or restarting. If you have disabled\n# state retention, this option has no effect.\n\nretention_update_interval=60\n\n\n\n# USE RETAINED PROGRAM STATE\n# This setting determines whether or not Nagios will set \n# program status variables based on the values saved in the\n# retention file. If you want to use retained program status\n# information, set this value to 1. If not, set this value\n# to 0.\n\nuse_retained_program_state=1\n\n\n\n# USE RETAINED SCHEDULING INFO\n# This setting determines whether or not Nagios will retain\n# the scheduling info (next check time) for hosts and services\n# based on the values saved in the retention file. If you\n# If you want to use retained scheduling info, set this\n# value to 1. If not, set this value to 0.\n\nuse_retained_scheduling_info=1\n\n\n\n# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE)\n# The following variables are used to specify specific host and\n# service attributes that should *not* be retained by Nagios during\n# program restarts.\n#\n# The values of the masks are bitwise ANDs of values specified\n# by the \"MODATTR_\" definitions found in include/common.h. \n# For example, if you do not want the current enabled/disabled state\n# of flap detection and event handlers for hosts to be retained, you\n# would use a value of 24 for the host attribute mask...\n# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24\n\n# This mask determines what host attributes are not retained\nretained_host_attribute_mask=0\n\n# This mask determines what service attributes are not retained\nretained_service_attribute_mask=0\n\n# These two masks determine what process attributes are not retained.\n# There are two masks, because some process attributes have host and service\n# options. For example, you can disable active host checks, but leave active\n# service checks enabled.\nretained_process_host_attribute_mask=0\nretained_process_service_attribute_mask=0\n\n# These two masks determine what contact attributes are not retained.\n# There are two masks, because some contact attributes have host and\n# service options. For example, you can disable host notifications for\n# a contact, but leave service notifications enabled for them.\nretained_contact_host_attribute_mask=0\nretained_contact_service_attribute_mask=0\n\n\n\n# INTERVAL LENGTH\n# This is the seconds per unit interval as used in the\n# host/contact/service configuration files. Setting this to 60 means\n# that each interval is one minute long (60 seconds). Other settings\n# have not been tested much, so your mileage is likely to vary...\n\ninterval_length=60\n\n\n\n# CHECK FOR UPDATES\n# This option determines whether Nagios will automatically check to\n# see if new updates (releases) are available. It is recommend that you\n# enable this option to ensure that you stay on top of the latest critical\n# patches to Nagios. Nagios is critical to you - make sure you keep it in\n# good shape. Nagios will check once a day for new updates. Data collected\n# by Nagios Enterprises from the update check is processed in accordance \n# with our privacy policy - see http://api.nagios.org for details.\n\ncheck_for_updates=1\n\n\n\n# BARE UPDATE CHECK\n# This option deterines what data Nagios will send to api.nagios.org when\n# it checks for updates. By default, Nagios will send information on the \n# current version of Nagios you have installed, as well as an indicator as\n# to whether this was a new installation or not. Nagios Enterprises uses\n# this data to determine the number of users running specific version of \n# Nagios. Enable this option if you do not want this information to be sent.\n\nbare_update_check=0\n\n\n\n# AGGRESSIVE HOST CHECKING OPTION\n# If you don't want to turn on aggressive host checking features, set\n# this value to 0 (the default). Otherwise set this value to 1 to\n# enable the aggressive check option. Read the docs for more info\n# on what aggressive host check is or check out the source code in\n# base/checks.c\n\nuse_aggressive_host_checking=0\n\n\n\n# SERVICE CHECK EXECUTION OPTION\n# This determines whether or not Nagios will actively execute\n# service checks when it initially starts. If this option is \n# disabled, checks are not actively made, but Nagios can still\n# receive and process passive check results that come in. Unless\n# you're implementing redundant hosts or have a special need for\n# disabling the execution of service checks, leave this enabled!\n# Values: 1 = enable checks, 0 = disable checks\n\nexecute_service_checks=1\n\n\n\n# PASSIVE SERVICE CHECK ACCEPTANCE OPTION\n# This determines whether or not Nagios will accept passive\n# service checks results when it initially (re)starts.\n# Values: 1 = accept passive checks, 0 = reject passive checks\n\naccept_passive_service_checks=1\n\n\n\n# HOST CHECK EXECUTION OPTION\n# This determines whether or not Nagios will actively execute\n# host checks when it initially starts. If this option is \n# disabled, checks are not actively made, but Nagios can still\n# receive and process passive check results that come in. Unless\n# you're implementing redundant hosts or have a special need for\n# disabling the execution of host checks, leave this enabled!\n# Values: 1 = enable checks, 0 = disable checks\n\nexecute_host_checks=1\n\n\n\n# PASSIVE HOST CHECK ACCEPTANCE OPTION\n# This determines whether or not Nagios will accept passive\n# host checks results when it initially (re)starts.\n# Values: 1 = accept passive checks, 0 = reject passive checks\n\naccept_passive_host_checks=1\n\n\n\n# NOTIFICATIONS OPTION\n# This determines whether or not Nagios will sent out any host or\n# service notifications when it is initially (re)started.\n# Values: 1 = enable notifications, 0 = disable notifications\n\nenable_notifications=1\n\n\n\n# EVENT HANDLER USE OPTION\n# This determines whether or not Nagios will run any host or\n# service event handlers when it is initially (re)started. Unless\n# you're implementing redundant hosts, leave this option enabled.\n# Values: 1 = enable event handlers, 0 = disable event handlers\n\nenable_event_handlers=1\n\n\n\n# PROCESS PERFORMANCE DATA OPTION\n# This determines whether or not Nagios will process performance\n# data returned from service and host checks. If this option is\n# enabled, host performance data will be processed using the\n# host_perfdata_command (defined below) and service performance\n# data will be processed using the service_perfdata_command (also\n# defined below). Read the HTML docs for more information on\n# performance data.\n# Values: 1 = process performance data, 0 = do not process performance data\n\nprocess_performance_data=0\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS\n# These commands are run after every host and service check is\n# performed. These commands are executed only if the\n# enable_performance_data option (above) is set to 1. The command\n# argument is the short name of a command definition that you \n# define in your host configuration file. Read the HTML docs for\n# more information on performance data.\n\n#host_perfdata_command=process-host-perfdata\n#service_perfdata_command=process-service-perfdata\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILES\n# These files are used to store host and service performance data.\n# Performance data is only written to these files if the\n# enable_performance_data option (above) is set to 1.\n\n#host_perfdata_file=/tmp/host-perfdata\n#service_perfdata_file=/tmp/service-perfdata\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES\n# These options determine what data is written (and how) to the\n# performance data files. The templates may contain macros, special\n# characters (\\t for tab, \\r for carriage return, \\n for newline)\n# and plain text. A newline is automatically added after each write\n# to the performance data file. Some examples of what you can do are\n# shown below.\n\n#host_perfdata_file_template=[HOSTPERFDATA]\\t$TIMET$\\t$HOSTNAME$\\t$HOSTEXECUTIONTIME$\\t$HOSTOUTPUT$\\t$HOSTPERFDATA$\n#service_perfdata_file_template=[SERVICEPERFDATA]\\t$TIMET$\\t$HOSTNAME$\\t$SERVICEDESC$\\t$SERVICEEXECUTIONTIME$\\t$SERVICELATENCY$\\t$SERVICEOUTPUT$\\t$SERVICEPERFDATA$\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE MODES\n# This option determines whether or not the host and service\n# performance data files are opened in write (\"w\") or append (\"a\")\n# mode. If you want to use named pipes, you should use the special\n# pipe (\"p\") mode which avoid blocking at startup, otherwise you will\n# likely want the defult append (\"a\") mode.\n\n#host_perfdata_file_mode=a\n#service_perfdata_file_mode=a\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL\n# These options determine how often (in seconds) the host and service\n# performance data files are processed using the commands defined\n# below. A value of 0 indicates the files should not be periodically\n# processed.\n\n#host_perfdata_file_processing_interval=0\n#service_perfdata_file_processing_interval=0\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS\n# These commands are used to periodically process the host and\n# service performance data files. The interval at which the\n# processing occurs is determined by the options above.\n\n#host_perfdata_file_processing_command=process-host-perfdata-file\n#service_perfdata_file_processing_command=process-service-perfdata-file\n\n\n\n# HOST AND SERVICE PERFORMANCE DATA PROCESS EMPTY RESULTS\n# THese options determine wether the core will process empty perfdata\n# results or not. This is needed for distributed monitoring, and intentionally\n# turned on by default.\n# If you don't require empty perfdata - saving some cpu cycles\n# on unwanted macro calculation - you can turn that off. Be careful!\n# Values: 1 = enable, 0 = disable\n\n#host_perfdata_process_empty_results=1\n#service_perfdata_process_empty_results=1\n\n\n# OBSESS OVER SERVICE CHECKS OPTION\n# This determines whether or not Nagios will obsess over service\n# checks and run the ocsp_command defined below. Unless you're\n# planning on implementing distributed monitoring, do not enable\n# this option. Read the HTML docs for more information on\n# implementing distributed monitoring.\n# Values: 1 = obsess over services, 0 = do not obsess (default)\n\nobsess_over_services=0\n\n\n\n# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND\n# This is the command that is run for every service check that is\n# processed by Nagios. This command is executed only if the\n# obsess_over_services option (above) is set to 1. The command \n# argument is the short name of a command definition that you\n# define in your host configuration file. Read the HTML docs for\n# more information on implementing distributed monitoring.\n\n#ocsp_command=somecommand\n\n\n\n# OBSESS OVER HOST CHECKS OPTION\n# This determines whether or not Nagios will obsess over host\n# checks and run the ochp_command defined below. Unless you're\n# planning on implementing distributed monitoring, do not enable\n# this option. Read the HTML docs for more information on\n# implementing distributed monitoring.\n# Values: 1 = obsess over hosts, 0 = do not obsess (default)\n\nobsess_over_hosts=0\n\n\n\n# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND\n# This is the command that is run for every host check that is\n# processed by Nagios. This command is executed only if the\n# obsess_over_hosts option (above) is set to 1. The command \n# argument is the short name of a command definition that you\n# define in your host configuration file. Read the HTML docs for\n# more information on implementing distributed monitoring.\n\n#ochp_command=somecommand\n\n\n\n# TRANSLATE PASSIVE HOST CHECKS OPTION\n# This determines whether or not Nagios will translate\n# DOWN/UNREACHABLE passive host check results into their proper\n# state for this instance of Nagios. This option is useful\n# if you have distributed or failover monitoring setup. In\n# these cases your other Nagios servers probably have a different\n# \"view\" of the network, with regards to the parent/child relationship\n# of hosts. If a distributed monitoring server thinks a host\n# is DOWN, it may actually be UNREACHABLE from the point of\n# this Nagios instance. Enabling this option will tell Nagios\n# to translate any DOWN or UNREACHABLE host states it receives\n# passively into the correct state from the view of this server.\n# Values: 1 = perform translation, 0 = do not translate (default)\n\ntranslate_passive_host_checks=0\n\n\n\n# PASSIVE HOST CHECKS ARE SOFT OPTION\n# This determines whether or not Nagios will treat passive host\n# checks as being HARD or SOFT. By default, a passive host check\n# result will put a host into a HARD state type. This can be changed\n# by enabling this option.\n# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT\n\npassive_host_checks_are_soft=0\n\n\n\n# ORPHANED HOST/SERVICE CHECK OPTIONS\n# These options determine whether or not Nagios will periodically \n# check for orphaned host service checks. Since service checks are\n# not rescheduled until the results of their previous execution \n# instance are processed, there exists a possibility that some\n# checks may never get rescheduled. A similar situation exists for\n# host checks, although the exact scheduling details differ a bit\n# from service checks. Orphaned checks seem to be a rare\n# problem and should not happen under normal circumstances.\n# If you have problems with service checks never getting\n# rescheduled, make sure you have orphaned service checks enabled.\n# Values: 1 = enable checks, 0 = disable checks\n\ncheck_for_orphaned_services=1\ncheck_for_orphaned_hosts=1\n\n\n\n# SERVICE FRESHNESS CHECK OPTION\n# This option determines whether or not Nagios will periodically\n# check the \"freshness\" of service results. Enabling this option\n# is useful for ensuring passive checks are received in a timely\n# manner.\n# Values: 1 = enabled freshness checking, 0 = disable freshness checking\n\ncheck_service_freshness=1\n\n\n\n# SERVICE FRESHNESS CHECK INTERVAL\n# This setting determines how often (in seconds) Nagios will\n# check the \"freshness\" of service check results. If you have\n# disabled service freshness checking, this option has no effect.\n\nservice_freshness_check_interval=60\n\n\n\n# SERVICE CHECK TIMEOUT STATE\n# This setting determines the state Nagios will report when a\n# service check times out - that is does not respond within\n# service_check_timeout seconds. This can be useful if a\n# machine is running at too high a load and you do not want\n# to consider a failed service check to be critical (the default).\n# Valid settings are:\n# c - Critical (default)\n# u - Unknown\n# w - Warning\n# o - OK\n\nservice_check_timeout_state=c\n\n\n\n# HOST FRESHNESS CHECK OPTION\n# This option determines whether or not Nagios will periodically\n# check the \"freshness\" of host results. Enabling this option\n# is useful for ensuring passive checks are received in a timely\n# manner.\n# Values: 1 = enabled freshness checking, 0 = disable freshness checking\n\ncheck_host_freshness=0\n\n\n\n# HOST FRESHNESS CHECK INTERVAL\n# This setting determines how often (in seconds) Nagios will\n# check the \"freshness\" of host check results. If you have\n# disabled host freshness checking, this option has no effect.\n\nhost_freshness_check_interval=60\n\n\n\n\n# ADDITIONAL FRESHNESS THRESHOLD LATENCY\n# This setting determines the number of seconds that Nagios\n# will add to any host and service freshness thresholds that\n# it calculates (those not explicitly specified by the user).\n\nadditional_freshness_latency=15\n\n\n\n\n# FLAP DETECTION OPTION\n# This option determines whether or not Nagios will try\n# and detect hosts and services that are \"flapping\". \n# Flapping occurs when a host or service changes between\n# states too frequently. When Nagios detects that a \n# host or service is flapping, it will temporarily suppress\n# notifications for that host/service until it stops\n# flapping. Flap detection is very experimental, so read\n# the HTML documentation before enabling this feature!\n# Values: 1 = enable flap detection\n# 0 = disable flap detection (default)\n\nenable_flap_detection=1\n\n\n\n# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES\n# Read the HTML documentation on flap detection for\n# an explanation of what this option does. This option\n# has no effect if flap detection is disabled.\n\nlow_service_flap_threshold=5.0\nhigh_service_flap_threshold=20.0\nlow_host_flap_threshold=5.0\nhigh_host_flap_threshold=20.0\n\n\n\n# DATE FORMAT OPTION\n# This option determines how short dates are displayed. Valid options\n# include:\n#\tus\t\t(MM-DD-YYYY HH:MM:SS)\n#\teuro \t(DD-MM-YYYY HH:MM:SS)\n#\tiso8601\t\t(YYYY-MM-DD HH:MM:SS)\n#\tstrict-iso8601\t(YYYY-MM-DDTHH:MM:SS)\n#\n\ndate_format=us\n\n\n\n\n# TIMEZONE OFFSET\n# This option is used to override the default timezone that this\n# instance of Nagios runs in. If not specified, Nagios will use\n# the system configured timezone.\n#\n# NOTE: In order to display the correct timezone in the CGIs, you\n# will also need to alter the Apache directives for the CGI path \n# to include your timezone. Example:\n#\n# \n# SetEnv TZ \"Australia/Brisbane\"\n# ...\n# \n\n#use_timezone=US/Mountain\n#use_timezone=Australia/Brisbane\n\n\n\n\n# P1.PL FILE LOCATION\n# This value determines where the p1.pl perl script (used by the\n# embedded Perl interpreter) is located. If you didn't compile\n# Nagios with embedded Perl support, this option has no effect.\n\np1_file=/usr/sbin/p1.pl\n\n\n\n# EMBEDDED PERL INTERPRETER OPTION\n# This option determines whether or not the embedded Perl interpreter\n# will be enabled during runtime. This option has no effect if Nagios\n# has not been compiled with support for embedded Perl.\n# Values: 0 = disable interpreter, 1 = enable interpreter\n\nenable_embedded_perl=1\n\n\n\n# EMBEDDED PERL USAGE OPTION\n# This option determines whether or not Nagios will process Perl plugins\n# and scripts with the embedded Perl interpreter if the plugins/scripts\n# do not explicitly indicate whether or not it is okay to do so. Read\n# the HTML documentation on the embedded Perl interpreter for more \n# information on how this option works.\n\nuse_embedded_perl_implicitly=1\n\n\n\n# ILLEGAL OBJECT NAME CHARACTERS\n# This option allows you to specify illegal characters that cannot\n# be used in host names, service descriptions, or names of other\n# object types.\n\nillegal_object_name_chars=`~!$%^&*|'\"<>?,()=\n\n\n\n# ILLEGAL MACRO OUTPUT CHARACTERS\n# This option allows you to specify illegal characters that are\n# stripped from macros before being used in notifications, event\n# handlers, etc. This DOES NOT affect macros used in service or\n# host check commands.\n# The following macros are stripped of the characters you specify:\n#\t$HOSTOUTPUT$\n#\t$HOSTPERFDATA$\n#\t$HOSTACKAUTHOR$\n#\t$HOSTACKCOMMENT$\n#\t$SERVICEOUTPUT$\n#\t$SERVICEPERFDATA$\n#\t$SERVICEACKAUTHOR$\n#\t$SERVICEACKCOMMENT$\n\nillegal_macro_output_chars=`~$&|'\"<>\n\n\n\n# REGULAR EXPRESSION MATCHING\n# This option controls whether or not regular expression matching\n# takes place in the object config files. Regular expression\n# matching is used to match host, hostgroup, service, and service\n# group names/descriptions in some fields of various object types.\n# Values: 1 = enable regexp matching, 0 = disable regexp matching\n\nuse_regexp_matching=0\n\n\n\n# \"TRUE\" REGULAR EXPRESSION MATCHING\n# This option controls whether or not \"true\" regular expression \n# matching takes place in the object config files. This option\n# only has an effect if regular expression matching is enabled\n# (see above). If this option is DISABLED, regular expression\n# matching only occurs if a string contains wildcard characters\n# (* and ?). If the option is ENABLED, regexp matching occurs\n# all the time (which can be annoying).\n# Values: 1 = enable true matching, 0 = disable true matching\n\nuse_true_regexp_matching=0\n\n\n\n# ADMINISTRATOR EMAIL/PAGER ADDRESSES\n# The email and pager address of a global administrator (likely you).\n# Nagios never uses these values itself, but you can access them by\n# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification\n# commands.\n\nadmin_email=nagios@localhost\nadmin_pager=pagenagios@localhost\n\n\n\n# DAEMON CORE DUMP OPTION\n# This option determines whether or not Nagios is allowed to create\n# a core dump when it runs as a daemon. Note that it is generally\n# considered bad form to allow this, but it may be useful for\n# debugging purposes. Enabling this option doesn't guarantee that\n# a core file will be produced, but that's just life...\n# Values: 1 - Allow core dumps\n# 0 - Do not allow core dumps (default)\n\ndaemon_dumps_core=0\n\n\n\n# LARGE INSTALLATION TWEAKS OPTION\n# This option determines whether or not Nagios will take some shortcuts\n# which can save on memory and CPU usage in large Nagios installations.\n# Read the documentation for more information on the benefits/tradeoffs\n# of enabling this option.\n# Values: 1 - Enabled tweaks\n# 0 - Disable tweaks (default)\n\nuse_large_installation_tweaks=0\n\n\n\n# ENABLE ENVIRONMENT MACROS\n# This option determines whether or not Nagios will make all standard\n# macros available as environment variables when host/service checks\n# and system commands (event handlers, notifications, etc.) are\n# executed. Enabling this option can cause performance issues in \n# large installations, as it will consume a bit more memory and (more\n# importantly) consume more CPU.\n# Values: 1 - Enable environment variable macros (default)\n# 0 - Disable environment variable macros\n\nenable_environment_macros=1\n\n\n\n# CHILD PROCESS MEMORY OPTION\n# This option determines whether or not Nagios will free memory in\n# child processes (processed used to execute system commands and host/\n# service checks). If you specify a value here, it will override\n# program defaults.\n# Value: 1 - Free memory in child processes\n# 0 - Do not free memory in child processes\n\n#free_child_process_memory=1\n\n\n\n# CHILD PROCESS FORKING BEHAVIOR\n# This option determines how Nagios will fork child processes\n# (used to execute system commands and host/service checks). Normally\n# child processes are fork()ed twice, which provides a very high level\n# of isolation from problems. Fork()ing once is probably enough and will\n# save a great deal on CPU usage (in large installs), so you might\n# want to consider using this. If you specify a value here, it will\n# program defaults.\n# Value: 1 - Child processes fork() twice\n# 0 - Child processes fork() just once\n\n#child_processes_fork_twice=1\n\n\n\n# DEBUG LEVEL\n# This option determines how much (if any) debugging information will\n# be written to the debug file. OR values together to log multiple\n# types of information.\n# Values: \n# -1 = Everything\n# 0 = Nothing\n#\t 1 = Functions\n# 2 = Configuration\n# 4 = Process information\n#\t 8 = Scheduled events\n# 16 = Host/service checks\n# 32 = Notifications\n# 64 = Event broker\n# 128 = External commands\n# 256 = Commands\n# 512 = Scheduled downtime\n# 1024 = Comments\n# 2048 = Macros\n\ndebug_level=0\n\n\n\n# DEBUG VERBOSITY\n# This option determines how verbose the debug log out will be.\n# Values: 0 = Brief output\n# 1 = More detailed\n# 2 = Very detailed\n\ndebug_verbosity=1\n\n\n\n# DEBUG FILE\n# This option determines where Nagios should write debugging information.\n\ndebug_file=/var/log/nagios/nagios.debug\n\n\n\n# MAX DEBUG FILE SIZE\n# This option determines the maximum size (in bytes) of the debug file. If\n# the file grows larger than this size, it will be renamed with a .old\n# extension. If a file already exists with a .old extension it will\n# automatically be deleted. This helps ensure your disk space usage doesn't\n# get out of control when debugging Nagios.\n\nmax_debug_file_size=1000000\n\n\n" }, { "path": "lamp_haproxy/roles/nagios/handlers/main.yml", "content": "---\n# handlers for nagios\n- name: restart httpd\n service: name=httpd state=restarted\n\n- name: restart nagios\n service: name=nagios state=restarted\n" }, { "path": "lamp_haproxy/roles/nagios/tasks/main.yml", "content": "---\n# This will install nagios\n\n- name: install nagios\n yum: pkg={{ item }} state=present\n with_items:\n - nagios\n - nagios-plugins\n - nagios-plugins-nrpe\n - nagios-plugins-ping\n - nagios-plugins-ssh\n - nagios-plugins-http\n - nagios-plugins-mysql\n - nagios-devel\n notify: restart httpd\n\n- name: create nagios config dir\n file: path=/etc/nagios/ansible-managed state=directory\n\n- name: configure nagios\n copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg\n notify: restart nagios\n\n- name: configure localhost monitoring\n copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg\n notify: restart nagios\n\n- name: configure nagios services\n copy: src=ansible-managed-services.cfg dest=/etc/nagios/\n\n- name: create the nagios object files\n template: src={{ item + \".j2\" }}\n dest=/etc/nagios/ansible-managed/{{ item }}\n with_items:\n - webservers.cfg\n - dbservers.cfg\n - lbservers.cfg\n notify: restart nagios\n\n- name: start nagios\n service: name=nagios state=started enabled=yes\n" }, { "path": "lamp_haproxy/roles/nagios/templates/dbservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name dbservers \n alias Database Servers\n}\n\n{% for host in groups.dbservers %}\n define host {\n use linux-server\n host_name {{ host }}\n alias {{ host }}\n address {{ hostvars[host].ansible_default_ipv4.address }}\n hostgroups dbservers \n }\n{% endfor %}\n\n#define service {\n#\tuse\t\t\t\tlocal-service\n#\thostgroup_name\t\t\tdbservers\n#\tservice_description\t\tMySQL Database Server\n#\tcheck_command\t\t\tcheck_mysql\n#\tnotifications_enabled\t\t0\n#}\n\n" }, { "path": "lamp_haproxy/roles/nagios/templates/lbservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name loadbalancers \n alias Load Balancers\n}\n\n{% for host in groups.lbservers %}\ndefine host {\n use linux-server\n host_name {{ host }}\n alias {{ host }}\n address {{ hostvars[host].ansible_default_ipv4.address }}\n hostgroups loadbalancers \n}\ndefine service {\n\tuse\t\t\t\tlocal-service\n\thost_name\t\t\t{{ host }}\n\tservice_description\t\tHAProxy Load Balancer\n\tcheck_command\t\t\tcheck_http!-p{{ hostvars[host].listenport }}\n}\n{% endfor %}\n" }, { "path": "lamp_haproxy/roles/nagios/templates/webservers.cfg.j2", "content": "# {{ ansible_managed }}\n\ndefine hostgroup {\n\thostgroup_name webservers\n alias Web Servers\n}\n\n{% for host in groups.webservers %}\n define host {\n\tuse linux-server\n\thost_name {{ host }} \n\talias {{ host }}\n\taddress {{ hostvars[host].ansible_default_ipv4.address }}\n\thostgroups \t\twebservers\n } \n{% endfor %}\n\n# service checks to be applied to the web server\ndefine service {\n\tuse\t\t\t\tlocal-service\n\thostgroup_name\t\t\twebservers\n\tservice_description\t webserver\t\n\tcheck_command\t\t\tcheck_http\n\tnotifications_enabled\t\t0\n}\n" }, { "path": "lamp_haproxy/roles/web/tasks/main.yml", "content": "---\n- name: Copy the code from repository\n git: repo={{ repository }} version={{ webapp_version }} dest=/var/www/html/\n" }, { "path": "lamp_haproxy/rolling_update.yml", "content": "---\n# This playbook does a rolling update for all webservers serially (one at a time).\n# Change the value of serial: to adjust the number of server to be updated.\n#\n# The three roles that apply to the webserver hosts will be applied: common,\n# base-apache, and web. So any changes to configuration, package updates, etc,\n# will be applied as part of the rolling update process.\n#\n\n# gather facts from monitoring nodes for iptables rules\n- hosts: monitoring\n tasks: []\n\n- hosts: webservers\n serial: 1\n\n # These are the tasks to run before applying updates:\n pre_tasks:\n - name: disable nagios alerts for this host webserver service\n nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.monitoring }}\"\n\n - name: disable the server in haproxy\n haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.lbservers }}\"\n\n roles:\n - common\n - base-apache\n - web\n\n # These tasks run after the roles:\n post_tasks:\n - name: wait for webserver to come up\n wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80'\n\n - name: enable the server in haproxy\n haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.lbservers }}\"\n\n - name: re-enable nagios alerts\n nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver'\n delegate_to: \"{{ item }}\"\n with_items: \"{{ groups.monitoring }}\"\n" }, { "path": "lamp_haproxy/site.yml", "content": "---\n## This playbook deploys the whole application stack in this site.\n\n# Apply common configuration to all hosts\n- hosts: all\n\n roles:\n - common\n\n# Configure and deploy database servers.\n- hosts: dbservers\n\n roles:\n - db\n\n tags:\n - db\n\n# Configure and deploy the web servers. Note that we include two roles here,\n# the 'base-apache' role which simply sets up Apache, and 'web' which includes\n# our example web application.\n- hosts: webservers\n\n roles:\n - base-apache\n - web\n\n tags:\n - web\n\n# Configure and deploy the load balancer(s).\n- hosts: lbservers\n\n roles:\n - haproxy\n\n tags:\n - lb\n\n# Configure and deploy the Nagios monitoring node(s).\n- hosts: monitoring\n\n roles:\n - base-apache\n - nagios\n\n tags:\n - monitoring\n" }, { "path": "lamp_simple/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "lamp_simple/README.md", "content": "Building a simple LAMP stack and deploying Application using Ansible Playbooks.\n-------------------------------------------\n\nThese playbooks require Ansible 1.2.\n\nThese playbooks are meant to be a reference and starter's guide to building\nAnsible Playbooks. These playbooks were tested on CentOS 6.x so we recommend\nthat you use CentOS or RHEL to test these modules.\n\nThis LAMP stack can be on a single node or multiple nodes. The inventory file\n'hosts' defines the nodes in which the stacks should be configured.\n\n [webservers]\n localhost\n\n [dbservers]\n bensible\n\nHere the webserver would be configured on the local host and the dbserver on a\nserver called `bensible`. The stack can be deployed using the following\ncommand:\n\n ansible-playbook -i hosts site.yml\n\nOnce done, you can check the results by browsing to http://localhost/index.php.\nYou should see a simple test page and a list of databases retrieved from the\ndatabase server.\n" }, { "path": "lamp_simple/group_vars/all", "content": "---\n# Variables listed here are applicable to all host groups\n\nhttpd_port: 80\nntpserver: 192.168.1.2\nrepository: https://github.com/bennojoy/mywebapp.git\n" }, { "path": "lamp_simple/group_vars/dbservers", "content": "---\n# The variables file used by the playbooks in the dbservers group.\n# These don't have to be explicitly imported by vars_files: they are autopopulated.\n\nmysqlservice: mysqld\nmysql_port: 3306\ndbuser: foouser\ndbname: foodb\nupassword: abc\n" }, { "path": "lamp_simple/hosts", "content": "[webservers]\nweb3\n\n[dbservers]\nweb2\n\n\n" }, { "path": "lamp_simple/roles/common/handlers/main.yml", "content": "---\n# Handler to handle common notifications. Handlers are called by other plays.\n# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.\n\n- name: restart ntp\n service:\n name: ntpd\n state: restarted\n" }, { "path": "lamp_simple/roles/common/tasks/main.yml", "content": "---\n# This playbook contains common plays that will be run on all nodes.\n\n- name: Install ntp\n yum:\n name: ntp\n state: present\n tags: ntp\n\n- name: Configure ntp file\n template:\n src: ntp.conf.j2\n dest: /etc/ntp.conf\n tags: ntp\n notify: restart ntp\n\n- name: Start the ntp service\n service:\n name: ntpd\n state: started\n enabled: yes\n tags: ntp\n\n- name: test to see if selinux is running\n command: getenforce\n register: sestatus\n changed_when: false\n" }, { "path": "lamp_simple/roles/common/templates/ntp.conf.j2", "content": "\ndriftfile /var/lib/ntp/drift\n\nrestrict 127.0.0.1 \nrestrict -6 ::1\n\nserver {{ ntpserver }}\n\nincludefile /etc/ntp/crypto/pw\n\nkeys /etc/ntp/keys\n\n" }, { "path": "lamp_simple/roles/db/handlers/main.yml", "content": "---\n# Handler to handle DB tier notifications\n\n- name: restart mysql\n service:\n name: mysqld\n state: restarted\n\n- name: restart iptables\n service:\n name: iptables\n state: restarted\n" }, { "path": "lamp_simple/roles/db/tasks/main.yml", "content": "---\n# This playbook will install mysql and create db user and give permissions.\n\n- name: Install Mysql package\n yum:\n name: \"{{ item }}\"\n state: installed\n with_items:\n - mysql-server\n - MySQL-python\n - libselinux-python\n - libsemanage-python\n\n- name: Configure SELinux to start mysql on any port\n seboolean:\n name: mysql_connect_any\n state: true\n persistent: yes\n when: sestatus.rc != 0\n\n- name: Create Mysql configuration file\n template:\n src: my.cnf.j2\n dest: /etc/my.cnf\n notify:\n - restart mysql\n\n- name: Start Mysql Service\n service:\n name: mysqld\n state: started\n enabled: yes\n\n- name: insert iptables rule\n lineinfile:\n dest: /etc/sysconfig/iptables\n state: present\n regexp: \"{{ mysql_port }}\"\n insertafter: \"^:OUTPUT \"\n line: \"-A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT\"\n notify: restart iptables\n\n- name: Create Application Database\n mysql_db:\n name: \"{{ dbname }}\"\n state: present\n\n- name: Create Application DB User\n mysql_user:\n name: \"{{ dbuser }}\"\n password: \"{{ upassword }}\"\n priv: \"*.*:ALL\"\n host: '%'\n state: present\n" }, { "path": "lamp_simple/roles/db/templates/my.cnf.j2", "content": "[mysqld]\ndatadir=/var/lib/mysql\nsocket=/var/lib/mysql/mysql.sock\nuser=mysql\n# Disabling symbolic-links is recommended to prevent assorted security risks\nsymbolic-links=0\nport={{ mysql_port }}\n\n[mysqld_safe]\nlog-error=/var/log/mysqld.log\npid-file=/var/run/mysqld/mysqld.pid\n" }, { "path": "lamp_simple/roles/web/handlers/main.yml", "content": "---\n# Handler for the webtier: handlers are called by other plays.\n# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.\n\n- name: restart iptables\n service:\n name: iptables\n state: restarted\n" }, { "path": "lamp_simple/roles/web/tasks/copy_code.yml", "content": "---\n# These tasks are responsible for copying the latest dev/production code from\n# the version control system.\n\n- name: Copy the code from repository\n git:\n repo: \"{{ repository }}\"\n dest: /var/www/html/\n\n- name: Creates the index.php file\n template:\n src: index.php.j2\n dest: /var/www/html/index.php\n" }, { "path": "lamp_simple/roles/web/tasks/install_httpd.yml", "content": "---\n# These tasks install http and the php modules.\n\n- name: Install http and php etc\n yum:\n name: \"{{ item }}\"\n state: present\n with_items:\n - httpd\n - php\n - php-mysql\n - git\n - libsemanage-python\n - libselinux-python\n\n- name: insert iptables rule for httpd\n lineinfile:\n dest: /etc/sysconfig/iptables\n create: yes\n state: present\n regexp: \"{{ httpd_port }}\"\n insertafter: \"^:OUTPUT \"\n line: \"-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT\"\n notify: restart iptables\n\n- name: http service state\n service:\n name: httpd\n state: started\n enabled: yes\n\n- name: Configure SELinux to allow httpd to connect to remote database\n seboolean:\n name: httpd_can_network_connect_db\n state: true\n persistent: yes\n when: sestatus.rc != 0\n" }, { "path": "lamp_simple/roles/web/tasks/main.yml", "content": "---\n- include: install_httpd.yml\n- include: copy_code.yml\n" }, { "path": "lamp_simple/roles/web/templates/index.php.j2", "content": "\n \n Ansible Application\n \n \n
\n Homepage\n
\n\";\necho \"List of Databases:
\";\n {% for host in groups['dbservers'] %}\n $link = mysqli_connect('{{ hostvars[host].ansible_default_ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysqli_connect_error($link));\n {% endfor %}\n $res = mysqli_query($link, \"SHOW DATABASES;\");\n while ($row = mysqli_fetch_assoc($res)) {\n echo $row['Database'] . \"\\n\";\n }\n?>\n\n\n\n" }, { "path": "lamp_simple/site.yml", "content": "---\n# This playbook deploys the whole application stack in this site.\n\n- name: apply common configuration to all nodes\n hosts: all\n remote_user: root\n\n roles:\n - common\n\n- name: configure and deploy the webservers and application code\n hosts: webservers\n remote_user: root\n\n roles:\n - web\n\n- name: deploy MySQL and configure the databases\n hosts: dbservers\n remote_user: root\n\n roles:\n - db\n" }, { "path": "lamp_simple_rhel7/LICENSE.md", "content": "Copyright (C) 2015 Eugene Varnavsky (varnavruz@gmail.com)\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "lamp_simple_rhel7/README.md", "content": "Building a simple LAMP stack and deploying Application using Ansible Playbooks.\n-------------------------------------------\n\nThese playbooks require Ansible 1.2.\n\nThese playbooks are meant to be a reference and starter's guide to building\nAnsible Playbooks. These playbooks were tested on CentOS 7.x so we recommend\nthat you use CentOS or RHEL to test these modules.\n\nRHEL7 version reflects changes in Red Hat Enterprise Linux and CentOS 7:\n1. Network device naming scheme has changed\n2. iptables is replaced with firewalld\n3. MySQL is replaced with MariaDB\n\nThis LAMP stack can be on a single node or multiple nodes. The inventory file\n'hosts' defines the nodes in which the stacks should be configured.\n\n [webservers]\n localhost\n\n [dbservers]\n bensible\n\nHere the webserver would be configured on the local host and the dbserver on a\nserver called `bensible`. The stack can be deployed using the following\ncommand:\n\n ansible-playbook -i hosts site.yml\n\nOnce done, you can check the results by browsing to http://localhost/index.php.\nYou should see a simple test page and a list of databases retrieved from the\ndatabase server.\n" }, { "path": "lamp_simple_rhel7/group_vars/all", "content": "---\n# Variables listed here are applicable to all host groups\n\nhttpd_port: 80\nntpserver: 192.168.1.2\nrepository: https://github.com/bennojoy/mywebapp.git\n" }, { "path": "lamp_simple_rhel7/group_vars/dbservers", "content": "---\n# The variables file used by the playbooks in the dbservers group.\n# These don't have to be explicitly imported by vars_files: they are autopopulated.\n\nmysqlservice: mysqld\nmysql_port: 3306\ndbuser: foouser\ndbname: foodb\nupassword: abc\n" }, { "path": "lamp_simple_rhel7/hosts", "content": "[webservers]\nwebserver.local\n\n[dbservers]\ndbserver.local\n\n\n" }, { "path": "lamp_simple_rhel7/roles/common/handlers/main.yml", "content": "---\n# Handler to handle common notifications. Handlers are called by other plays.\n# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.\n\n- name: restart ntp\n service: name=ntpd state=restarted\n" }, { "path": "lamp_simple_rhel7/roles/common/tasks/main.yml", "content": "---\n# This playbook contains common plays that will be run on all nodes.\n\n- name: Install ntp\n yum: name=ntp state=present\n tags: ntp\n\n- name: Install common dependencies\n yum: name={{ item }} state=installed\n with_items:\n - libselinux-python\n - libsemanage-python\n - firewalld\n\n- name: Configure ntp file\n template: src=ntp.conf.j2 dest=/etc/ntp.conf\n tags: ntp\n notify: restart ntp\n\n- name: Start the ntp service\n service: name=ntpd state=started enabled=yes\n tags: ntp\n" }, { "path": "lamp_simple_rhel7/roles/common/templates/ntp.conf.j2", "content": "\ndriftfile /var/lib/ntp/drift\n\nrestrict 127.0.0.1 \nrestrict -6 ::1\n\nserver {{ ntpserver }}\n\nincludefile /etc/ntp/crypto/pw\n\nkeys /etc/ntp/keys\n\n" }, { "path": "lamp_simple_rhel7/roles/db/handlers/main.yml", "content": "---\n# Handler to handle DB tier notifications\n\n- name: restart mariadb\n service: name=mariadb state=restarted\n" }, { "path": "lamp_simple_rhel7/roles/db/tasks/main.yml", "content": "---\n# This playbook will install MariaDB and create db user and give permissions.\n\n- name: Install MariaDB package\n yum: name={{ item }} state=installed\n with_items:\n - mariadb-server\n - MySQL-python\n\n- name: Configure SELinux to start mysql on any port\n seboolean: name=mysql_connect_any state=true persistent=yes\n\n- name: Create Mysql configuration file\n template: src=my.cnf.j2 dest=/etc/my.cnf\n notify:\n - restart mariadb\n\n- name: Create MariaDB log file\n file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775\n\n- name: Create MariaDB PID directory\n file: path=/var/run/mysqld state=directory owner=mysql group=mysql mode=0775\n\n- name: Start MariaDB Service\n service: name=mariadb state=started enabled=yes\n\n- name: Start firewalld\n service: name=firewalld state=started enabled=yes\n\n- name: insert firewalld rule\n firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes\n\n- name: Create Application Database\n mysql_db: name={{ dbname }} state=present\n\n- name: Create Application DB User\n mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present\n" }, { "path": "lamp_simple_rhel7/roles/db/templates/my.cnf.j2", "content": "[mysqld]\ndatadir=/var/lib/mysql\nsocket=/var/lib/mysql/mysql.sock\nuser=mysql\n# Disabling symbolic-links is recommended to prevent assorted security risks\nsymbolic-links=0\nport={{ mysql_port }}\n\n[mysqld_safe]\nlog-error=/var/log/mysqld.log\npid-file=/var/run/mysqld/mysqld.pid\n" }, { "path": "lamp_simple_rhel7/roles/web/tasks/copy_code.yml", "content": "---\n# These tasks are responsible for copying the latest dev/production code from\n# the version control system.\n\n- name: Copy the code from repository\n git: repo={{ repository }} dest=/var/www/html/\n\n- name: Creates the index.php file\n template: src=index.php.j2 dest=/var/www/html/index.php\n" }, { "path": "lamp_simple_rhel7/roles/web/tasks/install_httpd.yml", "content": "---\n# These tasks install http and the php modules.\n\n- name: Install httpd and php\n yum: name={{ item }} state=present\n with_items:\n - httpd\n - php\n - php-mysql\n\n- name: Install web role specific dependencies\n yum: name={{ item }} state=installed\n with_items:\n - git\n\n- name: Start firewalld\n service: name=firewalld state=started enabled=yes\n\n- name: insert firewalld rule for httpd\n firewalld: port={{ httpd_port }}/tcp permanent=true state=enabled immediate=yes\n\n- name: http service state\n service: name=httpd state=started enabled=yes\n\n- name: Configure SELinux to allow httpd to connect to remote database\n seboolean: name=httpd_can_network_connect_db state=true persistent=yes\n" }, { "path": "lamp_simple_rhel7/roles/web/tasks/main.yml", "content": "---\n- include: install_httpd.yml\n- include: copy_code.yml\n" }, { "path": "lamp_simple_rhel7/roles/web/templates/index.php.j2", "content": "\n \n Ansible Application\n \n \n
\n Homepage\n
\n\";\necho \"List of Databases:
\";\n {% for host in groups['dbservers'] %}\n $link = mysqli_connect('{{ hostvars[host].ansible_default_ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysqli_connect_error($link));\n {% endfor %}\n $res = mysqli_query($link, \"SHOW DATABASES;\");\n while ($row = mysqli_fetch_assoc($res)) {\n echo $row['Database'] . \"\\n\";\n }\n?>\n\n\n\n" }, { "path": "lamp_simple_rhel7/site.yml", "content": "---\n# This playbook deploys the whole application stack in this site.\n\n- name: apply common configuration to all nodes\n hosts: all\n remote_user: root\n\n roles:\n - common\n\n- name: configure and deploy the webservers and application code\n hosts: webservers\n remote_user: root\n\n roles:\n - web\n\n- name: deploy MySQL and configure the databases\n hosts: dbservers\n remote_user: root\n\n roles:\n - db\n" }, { "path": "language_features/ansible_pull.yml", "content": "# ansible-pull setup\n#\n# on remote hosts, set up ansible to run periodically using the latest code\n# from a particular checkout, in pull based fashion, inverting Ansible's\n# usual push-based operating mode.\n#\n# This particular pull based mode is ideal for:\n#\n# (A) massive scale out\n# (B) continual system remediation\n#\n# DO NOT RUN THIS AGAINST YOUR HOSTS WITHOUT CHANGING THE repo_url\n# TO SOMETHING YOU HAVE PERSONALLY VERIFIED\n#\n#\n---\n\n- hosts: pull_mode_hosts\n remote_user: root\n\n vars:\n\n # schedule is fed directly to cron\n schedule: '*/15 * * * *'\n\n # User to run ansible-pull as from cron\n cron_user: root\n\n # File that ansible will use for logs\n logfile: /var/log/ansible-pull.log\n\n # Directory to where repository will be cloned\n workdir: /var/lib/ansible/local\n\n # Repository to check out -- YOU MUST CHANGE THIS\n # repo must contain a local.yml file at top level\n #repo_url: git://github.com/sfromm/ansible-playbooks.git\n repo_url: SUPPLY_YOUR_OWN_GIT_URL_HERE\n\n tasks:\n\n - name: Install ansible\n yum: pkg=ansible state=installed\n\n - name: Create local directory to work from\n file: path={{workdir}} state=directory owner=root group=root mode=0751\n\n - name: Copy ansible inventory file to client\n copy: src=/etc/ansible/hosts dest=/etc/ansible/hosts\n owner=root group=root mode=0644\n\n - name: Create crontab entry to clone/pull git repository\n template: src=templates/etc_cron.d_ansible-pull.j2 dest=/etc/cron.d/ansible-pull owner=root group=root mode=0644\n\n - name: Create logrotate entry for ansible-pull.log\n template: src=templates/etc_logrotate.d_ansible-pull.j2 dest=/etc/logrotate.d/ansible-pull owner=root group=root mode=0644\n" }, { "path": "language_features/batch_size_control.yml", "content": "# ordinarily, without the 'serial' keyword set, ansible will control all of your machines in a play at once, in parallel.\n# if you want to perform a rolling update, so that each play completes all the way through on a certain number of hosts\n# before moving on to the remaining hosts, use the 'serial' keyword like so:\n\n---\n- hosts: all\n serial: 3\n\n# now each of the tasks below will complete on 3 hosts before moving on to the next 3, regardless of how many\n# hosts are selected by the \"hosts:\" line\n\n tasks:\n\n - name: ping\n ping:\n - name: ping2\n ping:\n\n\n" }, { "path": "language_features/cloudformation.yaml", "content": "---\n# This playbook demonstrates how to use the ansible cloudformation module to launch an AWS CloudFormation stack.\n#\n# This module requires that the boto python library is installed, and that you have your AWS credentials\n# in $HOME/.boto\n\n#The thought here is to bring up a bare infrastructure with CloudFormation, but use ansible to configure it.\n#I generally do this in 2 different playbook runs as to allow the ec2.py inventory to be updated.\n\n#This module also uses \"complex arguments\" which were introduced in ansible 1.1 allowing you to specify the\n#Cloudformation template parameters\n\n#This example launches a 3 node AutoScale group, with a security group, and an InstanceProfile with root permissions.\n\n#If a stack does not exist, it will be created. If it does exist and the template file has changed, the stack will be updated.\n#If the parameters are different, the stack will also be updated.\n\n#CloudFormation stacks can take awhile to provision, if you are curious about its status, use the AWS\n#web console or one of the CloudFormation CLI's.\n\n#Example update -- try first launching the stack with 3 as the ClusterSize. After it is launched, change it to 4\n#and run the playbook again.\n\n- name: provision stack\n hosts: localhost\n connection: local\n gather_facts: false\n\n # Launch the cloudformation-example.json template. Register the output.\n\n tasks:\n - name: launch ansible cloudformation example\n cloudformation: >\n stack_name=\"ansible-cloudformation\" state=present\n region=us-east-1 disable_rollback=true\n template=files/cloudformation-example.json\n args:\n template_parameters:\n KeyName: jmartin\n DiskType: ephemeral\n InstanceType: m1.small\n ClusterSize: 3\n register: stack\n - name: show stack outputs\n debug: msg=\"My stack outputs are {{stack.stack_outputs}}\"\n" }, { "path": "language_features/complex_args.yml", "content": "---\n\n# this is a bit of an advanced topic.\n#\n# generally Ansible likes to pass simple key=value arguments to modules. It\n# occasionally comes up though that you might want to write a module that takes\n# COMPLEX arguments, like lists and dictionaries.\n#\n# In order for this to happen, at least right now, it should be a Python\n# module, so it can leverage some common code in Ansible that makes this easy.\n# If you write a non-Python module, you can still pass data across, but only\n# hashes that do not contain lists or other hashes. If you write the Python\n# module, you can do anything.\n#\n# note that if you were to use BOTH the key=value form and the 'args' form for\n# passing data in, the behaviour is currently undefined. Ansible is working to\n# standardize on returning a duplicate parameter failure in this case but\n# modules which don't use the common module framework may do something\n# different.\n\n- hosts: localhost\n gather_facts: no\n\n vars:\n complex:\n ghostbusters: [ 'egon', 'ray', 'peter', 'winston' ]\n mice: [ 'pinky', 'brain', 'larry' ]\n\n tasks:\n\n - name: this is the basic way data passing works for any module\n action: ping data='Hi Mom'\n\n - name: of course this can also be written like so, which is shorter\n ping: data='Hi Mom'\n\n - name: but what if you have a complex module that needs complicated data?\n ping:\n data:\n moo: cow\n asdf: [1,2,3,4]\n\n - name: can we make that cleaner? sure!\n ping:\n data: \"{{ complex }}\"\n" }, { "path": "language_features/conditionals_part1.yml", "content": "---\n# this is a demo of conditional imports. This is a powerful concept\n# and can be used to use the same recipe for different types of hosts,\n# based on variables that bubble up from the hosts from tools such\n# as ohai or facter.\n#\n# Here's an example use case:\n#\n# what to do if the service for apache is named 'httpd' on CentOS\n# but is named 'apache' on Debian?\n\n\n# there is only one play in this playbook, it runs on all hosts\n# as root\n\n- hosts: all\n remote_user: root\n\n# we have a common list of variables stored in /vars/external_vars.yml\n# that we will always import\n\n# next, we want to import files that are different per operating system\n# and if no per operating system file is found, load a defaults file.\n# for instance, if the OS was \"CentOS\", we'd try to load vars/CentOS.yml.\n# if that was found, we would immediately stop. However if that wasn't\n# present, we'd try to load vars/defaults.yml. If that in turn was not\n# found, we would fail immediately, because we had gotten to the end of\n# the list without importing anything.\n\n vars_files:\n\n - \"vars/external_vars.yml\"\n\n - [ \"vars/{{ facter_operatingsystem }}.yml\", \"vars/defaults.yml\" ]\n\n# and this is just a regular task line from a playbook, as we're used to.\n# but with variables in it that come from above. Note that the variables\n# from above are *also* available in templates\n\n tasks:\n\n - name: ensure apache is latest\n action: \"{{ packager }} pkg={{ apache }} state=latest\"\n\n - name: ensure apache is running\n service: name={{ apache }} state=running\n\n\n\n\n" }, { "path": "language_features/conditionals_part2.yml", "content": "---\n# this is a demo of conditional executions using 'when' statements, which can skip\n# certain tasks on machines/platforms/etc where they do not apply.\n\n- hosts: all\n remote_user: root\n\n vars:\n favcolor: \"red\"\n dog: \"fido\"\n cat: \"whiskers\"\n ssn: 8675309\n\n tasks:\n\n - name: \"do this if my favcolor is blue, and my dog is named fido\"\n shell: /bin/false\n when: favcolor == 'blue' and dog == 'fido'\n\n - name: \"do this if my favcolor is not blue, and my dog is named fido\"\n shell: /bin/true\n when: favcolor != 'blue' and dog == 'fido'\n\n - name: \"do this if my SSN is over 9000\"\n shell: /bin/true\n when: ssn > 9000\n\n - name: \"do this if I have one of these SSNs\"\n shell: /bin/true\n when: ssn in [ 8675309, 8675310, 8675311 ]\n\n - name: \"do this if a variable named hippo is NOT defined\"\n shell: /bin/true\n when: hippo is not defined\n\n - name: \"do this if a variable named hippo is defined\"\n shell: /bin/true\n when: hippo is defined\n\n\n" }, { "path": "language_features/custom_filters.yml", "content": "---\n\n- name: Demonstrate custom jinja2 filters\n hosts: all\n tasks:\n - template: src=templates/custom-filters.j2 dest=/tmp/custom-filters.txt\n" }, { "path": "language_features/delegation.yml", "content": "---\n\n# this is an example of how we can perform actions on a given host on behalf of all the hosts\n# in a play.\n#\n# The two main uses of this would be signalling an outage window for hosts that\n# we are going to start upgrading, or to take a machine out of rotation by talking to a load\n# balancer.\n#\n# This example cheats by replacing the load balancer script with the 'echo' command,\n# leaving actual communication with the load balancer as an exercise to the reader. In reality,\n# you could call anything you want, the main thing is that it should do something with\n# {{inventory_hostname}}\n\n# NOTE: see batch_size_control.yml for an example of the 'serial' keyword, which you almost certainly\n# want to use in this kind of example. Here we have a mocked up example that does something to\n# 5 hosts at a time\n\n- hosts: all\n serial: 5\n\n tasks:\n\n - name: take the machine out of rotation\n command: echo taking out of rotation {{inventory_hostname}}\n delegate_to: 127.0.0.1\n\n# here's an alternate notation if you are delegating to 127.0.0.1, you can use 'local_action'\n# instead of 'action' and leave off the 'delegate_to' part.\n#\n# - local_action: command echo taking out of rotation {{inventory_hostname}}\n\n - name: do several things on the actual host\n command: echo hi mom {{inventory_hostname}}\n\n - name: put machine back into rotation\n command: echo inserting into rotation {{inventory_hostname}}\n delegate_to: 127.0.0.1\n\n" }, { "path": "language_features/environment.yml", "content": "---\n\n# it is often useful to be able to set the environment for one command and have that environment be totally\n# different for another. An example is you might use a HTTP proxy for some packages but not for others.\n#\n# in Ansible 1.1 and later, you can pass the environment to any module using either a dictionary variable\n# or a dictionary itself.\n\n\n- hosts: all\n remote_user: root\n\n # here we make a variable named \"env\" that is a dictionary\n vars:\n env:\n HI: test2\n http_proxy: http://proxy.example.com:8080\n\n tasks:\n\n # here we just define the dictionary directly and use it\n # (here $HI is the shell variable as nothing in Ansible will replace it)\n\n - shell: echo $HI\n environment:\n HI: test1\n\n # here we are using the \"env\" map variable above\n\n - shell: echo $HI\n environment: \"{{ env }}\"\n" }, { "path": "language_features/eucalyptus-ec2.yml", "content": "---\n# This playbook is an example for deploying multiple instances into\n# EC2/Euca and \"doing something\" with them.\n#\n# - uses the ec2 and ec2_vol module.\n#\n# Run this with ansible-playbook and supply the private key for your\n# EC2/Euca user (to access the instance in the second play), e.g:\n#\n# ansible-playbook eucalyptus-ec2-deploy.yml -v --private-key=/path/to/ec2/pri/key\n#\n\n# The play operates on the local (Ansible control) machine.\n- name: Stage instance(s)\n hosts: local\n connection: local\n remote_user: root\n gather_facts: false\n\n vars:\n keypair: mykeypair\n instance_type: m1.small\n security_group: default\n image: emi-048B3A37\n\n # Launch 5 instances with the following parameters. Register the output.\n\n tasks:\n - name: Launch instance\n ec2: keypair={{keypair}} group={{security_group}}\n instance_type={{instance_type}} image={{image}}\n wait=true count=5\n register: ec2\n\n # Use with_items to add each instances public IP to a new hostgroup for use in the next play.\n\n - name: Add new instances to host group\n add_host: hostname={{item.public_ip}} groupname=deploy\n with_items: ec2.instances\n\n - name: Wait for the instances to boot by checking the ssh port\n wait_for: host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started\n with_items: ec2.instances\n\n # Use the ec2_vol module to create volumes for attachment to each instance.\n # Use with_items to attach to each instance (by returned id) launched previously.\n\n - name: Create a volume and attach\n ec2_vol: volume_size=20 instance={{item.id}}\n with_items: ec2.instances\n\n\n# This play targets the new host group\n- name: Configure instance\n hosts: deploy\n remote_user: root\n\n # Do some stuff on each instance ....\n\n tasks:\n - name: Ensure NTP is up and running\n service: name=ntpd state=started\n\n - name: Install Apache Web Server\n yum: pkg=httpd state=latest\n" }, { "path": "language_features/file_secontext.yml", "content": "---\n# This is a demo of how to manage the selinux context using the file module\n- hosts: test\n remote_user: root\n tasks:\n - name: Change setype of /etc/exports to non-default value\n file: path=/etc/exports setype=etc_t\n - name: Change seuser of /etc/exports to non-default value\n file: path=/etc/exports seuser=unconfined_u\n - name: Set selinux context back to default value\n file: path=/etc/exports context=default\n - name: Create empty file\n command: /bin/touch /tmp/foo\n - name: Change setype of /tmp/foo\n file: path=/tmp/foo setype=default_t\n - name: Try to set secontext to default, but this will fail\n because of the lack of a default in the policy\n file: path=/tmp/foo context=default\n" }, { "path": "language_features/files/cloudformation-example.json", "content": "{\n \"Outputs\" : {\n \"ClusterSecGroup\" : {\n \"Description\" : \"Name of RegionalManagerSecGroup\",\n \"Value\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n }\n }\n },\n \"AWSTemplateFormatVersion\" : \"2010-09-09\",\n \"Description\" : \"Launches an example cluster\",\n \"Mappings\" : {\n \"ebs\" : {\n \"ap-northeast-1\" : {\n \"AMI\" : \"ami-4e6cd34f\"\n },\n \"ap-southeast-1\" : {\n \"AMI\" : \"ami-a6a7e7f4\"\n },\n \"eu-west-1\" : {\n \"AMI\" : \"ami-c37474b7\"\n },\n \"sa-east-1\" : {\n \"AMI\" : \"ami-1e08d103\"\n },\n \"us-east-1\" : {\n \"AMI\" : \"ami-1624987f\"\n },\n \"us-west-1\" : {\n \"AMI\" : \"ami-1bf9de5e\"\n },\n \"us-west-2\" : {\n \"AMI\" : \"ami-2a31bf1a\"\n }\n },\n \"ephemeral\" : {\n \"ap-northeast-1\" : {\n \"AMI\" : \"ami-5a6cd35b\"\n },\n \"ap-southeast-1\" : {\n \"AMI\" : \"ami-a8a7e7fa\"\n },\n \"eu-west-1\" : {\n \"AMI\" : \"ami-b57474c1\"\n },\n \"sa-east-1\" : {\n \"AMI\" : \"ami-1608d10b\"\n },\n \"us-east-1\" : {\n \"AMI\" : \"ami-e8249881\"\n },\n \"us-west-1\" : {\n \"AMI\" : \"ami-21f9de64\"\n },\n \"us-west-2\" : {\n \"AMI\" : \"ami-2e31bf1e\"\n }\n }\n },\n \"Parameters\" : {\n \"ClusterSize\" : {\n \"Description\" : \"Number of nodes in the cluster\",\n \"Type\" : \"String\"\n },\n \"DiskType\" : {\n \"AllowedValues\" : [\n \"ephemeral\",\n \"ebs\"\n ],\n \"Default\" : \"ephemeral\",\n \"Description\" : \"Type of Disk to use ( ephemeral/ebs )\",\n \"Type\" : \"String\"\n },\n \"InstanceType\" : {\n \"AllowedValues\" : [\n \"t1.micro\",\n \"m1.small\",\n \"m1.medium\",\n \"m1.large\",\n \"m1.xlarge\",\n \"m2.xlarge\",\n \"m2.2xlarge\",\n \"m2.4xlarge\",\n \"c1.medium\",\n \"c1.xlarge\",\n \"cc1.4xlarge\"\n ],\n \"ConstraintDescription\" : \"must be valid instance type. \",\n \"Default\" : \"m1.large\",\n \"Description\" : \"Type of EC2 instance for cluster\",\n \"Type\" : \"String\"\n },\n \"KeyName\" : {\n \"Description\" : \"Name of an existing EC2 KeyPair to enable SSH access to the cluster\",\n \"Type\" : \"String\"\n }\n },\n \"Resources\" : {\n \"ApplicationWaitCondition\" : {\n \"DependsOn\" : \"ClusterServerGroup\",\n \"Properties\" : {\n \"Handle\" : {\n \"Ref\" : \"ApplicationWaitHandle\"\n },\n \"Timeout\" : \"4500\"\n },\n \"Type\" : \"AWS::CloudFormation::WaitCondition\"\n },\n \"ApplicationWaitHandle\" : {\n \"Type\" : \"AWS::CloudFormation::WaitConditionHandle\"\n },\n \"CFNInitUser\" : {\n \"Properties\" : {\n \"Path\" : \"/\",\n \"Policies\" : [\n {\n \"PolicyDocument\" : {\n \"Statement\" : [\n {\n \"Action\" : [\n \"cloudformation:DescribeStackResource\",\n \"s3:GetObject\"\n ],\n \"Effect\" : \"Allow\",\n \"Resource\" : \"*\"\n }\n ]\n },\n \"PolicyName\" : \"AccessForCFNInit\"\n }\n ]\n },\n \"Type\" : \"AWS::IAM::User\"\n },\n \"CFNKeys\" : {\n \"Properties\" : {\n \"UserName\" : {\n \"Ref\" : \"CFNInitUser\"\n }\n },\n \"Type\" : \"AWS::IAM::AccessKey\"\n },\n \"ClusterCommunication1\" : {\n \"Properties\" : {\n \"FromPort\" : \"-1\",\n \"GroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"IpProtocol\" : \"icmp\",\n \"SourceSecurityGroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"ToPort\" : \"-1\"\n },\n \"Type\" : \"AWS::EC2::SecurityGroupIngress\"\n },\n \"ClusterCommunication2\" : {\n \"Properties\" : {\n \"FromPort\" : \"1\",\n \"GroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"IpProtocol\" : \"tcp\",\n \"SourceSecurityGroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"ToPort\" : \"65356\"\n },\n \"Type\" : \"AWS::EC2::SecurityGroupIngress\"\n },\n \"ClusterCommunication3\" : {\n \"Properties\" : {\n \"FromPort\" : \"1\",\n \"GroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"IpProtocol\" : \"udp\",\n \"SourceSecurityGroupName\" : {\n \"Ref\" : \"InstanceSecurityGroup\"\n },\n \"ToPort\" : \"65356\"\n },\n \"Type\" : \"AWS::EC2::SecurityGroupIngress\"\n },\n \"InstanceSecurityGroup\" : {\n \"Properties\" : {\n \"GroupDescription\" : \"Enable SSH access via port 22\",\n \"SecurityGroupIngress\" : [\n {\n \"CidrIp\" : \"0.0.0.0/0\",\n \"FromPort\" : \"22\",\n \"IpProtocol\" : \"tcp\",\n \"ToPort\" : \"22\"\n }\n ]\n },\n \"Type\" : \"AWS::EC2::SecurityGroup\"\n },\n \"LaunchConfig\" : {\n \"Properties\" : {\n \"IamInstanceProfile\" : {\n \"Ref\" : \"RootInstanceProfile\"\n },\n \"ImageId\" : {\n \"Fn::FindInMap\" : [\n {\n \"Ref\" : \"DiskType\"\n },\n {\n \"Ref\" : \"AWS::Region\"\n },\n \"AMI\"\n ]\n },\n \"InstanceType\" : {\n \"Ref\" : \"InstanceType\"\n },\n \"KeyName\" : {\n \"Ref\" : \"KeyName\"\n },\n \"SecurityGroups\" : [\n {\n \"Ref\" : \"InstanceSecurityGroup\"\n }\n ],\n \"UserData\" : {\n \"Fn::Base64\" : {\n \"Fn::Join\" : [\n \"\\n\",\n [\n \"#!/bin/bash -v\",\n \"exec > >(tee /var/log/cfn-data.log|logger -t user-data -s 2>/dev/console) 2>&1\",\n \"\",\n \"sleep 10\",\n \"\",\n \"function retry {\",\n \" nTrys=0\",\n \" maxTrys=5\",\n \" status=256\",\n \" until [ $status == 0 ] ; do\",\n \" $1\",\n \" status=$?\",\n \" nTrys=$(($nTrys + 1))\",\n \" if [ $nTrys -gt $maxTrys ] ; then\",\n \" echo \\\"Number of re-trys exceeded. Exit code: $status\\\"\",\n \" exit $status\",\n \" fi\",\n \" if [ $status != 0 ] ; then\",\n \" echo \\\"Failed (exit code $status)... retry $nTrys\\\"\",\n \" sleep 10\",\n \" fi\",\n \" done\",\n \"}\",\n \"\",\n \"yum update -y aws-cfn-bootstrap\",\n \"\",\n \"#for all the stuff that complains about sudo and tty\",\n \"sed -i 's,Defaults requiretty,#Defaults requiretty,g' /etc/sudoers\",\n \"\",\n \"function error_exit\",\n \"{\",\n {\n \"Fn::Join\" : [\n \"\",\n [\n \" /opt/aws/bin/cfn-signal -e 1 -r \\\"$1\\\" '\",\n {\n \"Ref\" : \"ApplicationWaitHandle\"\n },\n \"'\"\n ]\n ]\n },\n \"}\",\n \"yum update -y aws-cfn-bootstrap\",\n \"#this runs the first stage of cfinit\",\n {\n \"Fn::Join\" : [\n \"\",\n [\n \"#/opt/aws/bin/cfn-init -c ascending -v --region \",\n {\n \"Ref\" : \"AWS::Region\"\n },\n \" -s \",\n {\n \"Ref\" : \"AWS::StackName\"\n },\n \" -r \",\n \"LaunchConfig\",\n \" --access-key \",\n {\n \"Ref\" : \"CFNKeys\"\n },\n \" --secret-key \",\n {\n \"Fn::GetAtt\" : [\n \"CFNKeys\",\n \"SecretAccessKey\"\n ]\n },\n \" || error_exit 'Failed to initialize client using cfn-init'\"\n ]\n ]\n },\n \"\",\n \"\",\n \"\",\n \"result_code=$?\",\n {\n \"Fn::Join\" : [\n \"\",\n [\n \"/opt/aws/bin/cfn-signal -e $result_code '\",\n {\n \"Ref\" : \"ApplicationWaitHandle\"\n },\n \"'\"\n ]\n ]\n }\n ]\n ]\n }\n }\n },\n \"Type\" : \"AWS::AutoScaling::LaunchConfiguration\"\n },\n \"ClusterServerGroup\" : {\n \"Properties\" : {\n \"AvailabilityZones\" : {\n \"Fn::GetAZs\" : \"\"\n },\n \"LaunchConfigurationName\" : {\n \"Ref\" : \"LaunchConfig\"\n },\n \"MaxSize\" : {\n \"Ref\" : \"ClusterSize\"\n },\n \"MinSize\" : {\n \"Ref\" : \"ClusterSize\"\n }\n },\n \"Type\" : \"AWS::AutoScaling::AutoScalingGroup\"\n },\n \"RolePolicies\" : {\n \"Properties\" : {\n \"PolicyDocument\" : {\n \"Statement\" : [\n {\n \"Action\" : \"*\",\n \"Effect\" : \"Allow\",\n \"Resource\" : \"*\"\n }\n ]\n },\n \"PolicyName\" : \"root\",\n \"Roles\" : [\n {\n \"Ref\" : \"RootRole\"\n }\n ]\n },\n \"Type\" : \"AWS::IAM::Policy\"\n },\n \"RootInstanceProfile\" : {\n \"Properties\" : {\n \"Path\" : \"/\",\n \"Roles\" : [\n {\n \"Ref\" : \"RootRole\"\n }\n ]\n },\n \"Type\" : \"AWS::IAM::InstanceProfile\"\n },\n \"RootRole\" : {\n \"Properties\" : {\n \"AssumeRolePolicyDocument\" : {\n \"Statement\" : [\n {\n \"Action\" : [\n \"sts:AssumeRole\"\n ],\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"Service\" : [\n \"ec2.amazonaws.com\"\n ]\n }\n }\n ]\n },\n \"Path\" : \"/\"\n },\n \"Type\" : \"AWS::IAM::Role\"\n }\n }\n}" }, { "path": "language_features/filter_plugins/custom_plugins.py", "content": "# (c) 2012, Jeroen Hoekx \n#\n# This file is part of Ansible\n#\n# Ansible is free software: you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation, either version 3 of the License, or\n# (at your option) any later version.\n#\n# Ansible is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with Ansible. If not, see .\n\nclass FilterModule(object):\n ''' Custom filters are loaded by FilterModule objects '''\n\n def filters(self):\n ''' FilterModule objects return a dict mapping filter names to\n filter functions. '''\n return {\n 'generate_answer': self.generate_answer,\n }\n\n def generate_answer(self, value):\n return '42'\n" }, { "path": "language_features/get_url.yml", "content": "---\n- hosts: webservers\n vars:\n - jquery_directory: /var/www/html/javascript\n - person: 'Susie%20Smith'\n tasks:\n - name: Create directory for jQuery\n file: dest={{jquery_directory}} state=directory mode=0755\n - name: Grab a bunch of jQuery stuff\n get_url: url=http://code.jquery.com/{{item}} dest={{jquery_directory}} mode=0444\n with_items:\n - jquery.min.js\n - mobile/latest/jquery.mobile.min.js\n - ui/jquery-ui-git.css\n #- name: Pass urlencoded name to CGI\n # get_url: url=http://example.com/name.cgi?name='{{person}}' dest=/tmp/test\n" }, { "path": "language_features/group_by.yml", "content": "---\n# Example playbook to demonstrate the group_by action plugin.\n#\n# as we know, the setup module will automatically run in each play, and sets up various\n# facts. We can then create temporary (in memory only) groups based on those facts, which\n# are useful ways of selecting similar sets of hosts.\n#\n# Additionally, we can use the 'register' keyword in Ansible to set similar variables\n# and use those for grouping. This is not shown in this example.\n\n- hosts: all\n\n tasks:\n\n - name: Create a group of all hosts by operating system\n group_by: key={{ansible_distribution}}-{{ansible_distribution_version}}\n\n# the following host group does not exist in inventory and was created by the group_by\n# module.\n\n- hosts: CentOS-6.2\n\n tasks:\n\n - name: ping all CentOS 6.2 hosts\n ping:\n\n- hosts: CentOS-6.3\n\n tasks:\n\n - name: ping all CentOS 6.3 hosts\n ping:\n\n\n" }, { "path": "language_features/group_commands.yml", "content": "---\n# This is a demo of how the group command works.\n\n- hosts: all\n remote_user: root\n become: yes\n become_method: sudo\n\n tasks:\n\n # Walk through group creation, modification, and deletion\n - name: create a group\n group: name=tset\n\n # You can only modify the group's gid\n - group: name=tset gid=7777\n\n # And finally remove the group\n - group: name=tset state=absent\n" }, { "path": "language_features/handlers/handlers.yml", "content": "---\n\n# this is an example to show that handlers can be included from yaml files,\n# to promote reuse between different plays or even playbooks. They work\n# just like normal handlers.\n\n- name: restart apache\n service: name=httpd state=restarted\n- name: restart memcached\n service: name=memcached state=restarted\n" }, { "path": "language_features/intermediate_example.yml", "content": "---\n# see intro_example.yml first!\n# This file explains some more advanced features of playbooks.\n# because of the comments it's less concise than it normally is. But feel\n# free to comment your playbooks if you like.\n\n- hosts: all\n\n # we can define variables the normal way...\n\n vars:\n release: 2.0\n\n # but they can also come from other files. This can be a relative\n # or absolute path. This is a good way to store 'secret' variable\n # files but still keep the playbook in public source control\n\n vars_files:\n - vars/external_vars.yml\n\n # as with before, every play has a list of tasks in it\n\n tasks:\n\n # tasks can be written the normal way...\n\n - name: arbitrary command\n command: /bin/true\n\n # or we can promote reuse and simplicity by including tasks\n # from other files, for instance, to reuse common tasks\n\n - include: tasks/base.yml\n\n # we could also have done something like:\n # - include: wordpress.yml user=timmy\n # and had access to the template variable $user in the\n # included file, if we wanted to. Variables from vars\n # and vars_files are also available inside include files\n\n handlers:\n\n # handlers can also be included from files, to promote reuse\n # and simpler recipes, you may wish to only have one\n # handler file for all your plays and playbooks. This example really\n # doesn't notify any handlers, it is just showing you how they would\n # be included (see intro_example for usage).\n\n - include: handlers/handlers.yml\n\n # you can mix things that are directly in the file with things\n # that are included. Order is executed as written, but only\n # handlers that have been notified get executed\n\n - name: restart foo\n service: name=foo state=restarted\n\n# ===============================================================\n\n# Here's a second play in the same playbook. This will be run\n# after the first playbook completes on all hosts. You may want\n# a different play for each class of systems, or may want a different\n# play for each stage in a complex multi-node deployment push\n# process. How you use them are up to you.\n\n# any play in a playbook can be executed by a user other than root\n# if you want. sudo support is coming too.\n\n- hosts: webservers\n remote_user: mdehaan\n\n # vars must be specified again for the next play in the playbook\n # but can be reused by including from vars_files if you want\n # you can use vars, vars_files, or both. vars_files overrides\n # those set in vars.\n\n vars:\n release: 2.0\n vars_files:\n - vars/external_vars.yml\n\n\n # these all runs as the user 'mdehaan'. If there were any handlers\n # they would as well.\n\n tasks:\n\n - name: some random command\n command: /bin/true\n\n\n" }, { "path": "language_features/intro_example.yml", "content": "---\n# this is an annotated example of some features available in playbooks\n# it shows how to make sure packages are updated, how to make sure\n# services are running, and how to template files. It also demos\n# change handlers that can restart things (or trigger other actions)\n# when resources change. For more advanced examples, see example2.yml\n\n# on all hosts, run as the user root...\n\n- name: example play\n hosts: all\n remote_user: root\n\n# could have also have done:\n# remote_user: mdehaan\n# become: yes\n# become_method: sudo\n\n # make these variables available inside of templates\n # for when we use the 'template' action/module later on...\n\n vars:\n http_port: 80\n max_clients: 200\n\n # define the tasks that are part of this play...\n\n tasks:\n\n # task #1 is to run an arbitrary command\n # we'll simulate a long running task, wait for up to 45 seconds, poll every 5\n # obviously this does nothing useful but you get the idea\n\n - name: longrunner\n command: /bin/sleep 15\n async: 45\n poll: 5\n\n # let's demo file operations.\n #\n # We can 'copy' files or 'template' them instead, using jinja2\n # as the templating engine. This is done using the variables\n # from the vars section above mixed in with variables bubbled up\n # automatically from tools like facter and ohai. 'copy'\n # works just like 'template' but does not do variable subsitution.\n #\n # If and only if the file changes, restart apache at the very\n # end of the playbook run\n\n - name: write some_random_foo configuration\n template: src=templates/foo.j2 dest=/etc/some_random_foo.conf\n notify:\n - restart apache\n\n # make sure httpd is installed at the latest version\n\n - name: install httpd\n yum: pkg=httpd state=latest\n\n # make sure httpd is running\n\n - name: httpd start\n service: name=httpd state=running\n\n # handlers are only run when things change, at the very end of each\n # play. Let's define some. The names are significant and must\n # match the 'notify' sections above\n\n handlers:\n\n # this particular handler is run when some_random_foo.conf\n # is changed, and only then\n\n - name: restart apache\n service: name=httpd state=restarted\n\n\n" }, { "path": "language_features/loop_nested.yml", "content": "---\n# this is a trivial example of how to do a nested loop.\n\n- hosts: all\n tasks:\n - shell: echo \"nested test a={{ item[0] }} b={{ item[1] }} c={{ item[2] }}\"\n with_nested:\n - [ 'red', 'blue', 'green' ]\n - [ 1, 2, 3 ]\n - [ 'up', 'down', 'strange']\n\n# you can reference a raw variable name without putting it in {{ brackets }}\n\n- hosts: all\n vars:\n listvar1:\n - 'a'\n - 'b'\n - 'c'\n tasks:\n - shell: echo \"nested test a={{ item[0] }} b={{ item[1] }}\"\n with_nested:\n - listvar1\n - [ 1, 2, 3 ]\n" }, { "path": "language_features/loop_plugins.yml", "content": "---\n\n# in addition to loop_with_items, the loop that works over a variable, ansible can do more sophisticated looping.\n\n# developer types: these are powered by 'lookup_plugins' should you ever decide to write your own\n# see lib/ansible/runner/lookup_plugins/fileglob.py -- they can do basically anything!\n\n- hosts: all\n gather_facts: no\n\n tasks:\n\n # this will copy a bunch of config files over -- dir must be created first\n\n - file: dest=/etc/fooapp state=directory\n\n - copy: src={{ item }} dest=/etc/fooapp/ owner=root mode=600\n with_fileglob: /playbooks/files/fooapp/*\n\n\n" }, { "path": "language_features/loop_with_items.yml", "content": "---\n# this is an example of how to run repeated task elements over lists\n# of items, for example, installing multiple packages or configuring\n# multiple users\n\n- hosts: all\n remote_user: root\n\n tasks:\n\n - name: install packages\n yum: name={{ item }} state=installed\n with_items:\n - cobbler\n - httpd\n\n - name: configure users\n user: name={{ item }} state=present groups=wheel\n with_items:\n - testuser1\n - testuser2\n\n - name: remove users\n user: name={{ item }} state=absent\n with_items:\n - testuser1\n - testuser2\n\n - name: copy templates\n template: src={{ item.src }} dest={{ item.dest }}\n with_items:\n - src: templates/testsource1\n dest: /example/dest1/test.conf\n - src: templates/testsource2\n dest: /example/dest2/test.conf\n" }, { "path": "language_features/mysql.yml", "content": "##\n# Example Ansible playbook that uses the MySQL module.\n#\n\n---\n- hosts: all\n remote_user: root\n\n tasks:\n\n - name: Create database user\n mysql_user: user=bob password=12345 priv=*.*:ALL state=present\n\n - name: Create database\n mysql_db: db=bobdata state=present\n\n - name: Ensure no user named 'sally' exists and delete if found.\n mysql_user: user=sally state=absent\n" }, { "path": "language_features/nested_playbooks.yml", "content": "---\n# it is possible to have top level playbook files import other playbook\n# files. For example, a playbook called could include three\n# different playbooks, such as webservers, workers, dbservers, etc.\n#\n# Running the site playbook would run all playbooks, while individual\n# playbooks could still be run directly. This is somewhat like\n# the tag feature and can be used in conjunction for very fine grained\n# control over what you want to target when running ansible.\n\n- name: this is a play at the top level of a file\n hosts: all\n remote_user: root\n tasks:\n - name: say hi\n tags: foo\n shell: echo \"hi...\"\n\n# and this is how we include another playbook, be careful and\n# don't recurse infinitely or anything. Note you can't use\n# any variables in the include path here.\n\n- include: intro_example.yml\n\n# and if we wanted, we can continue with more includes here,\n# or more plays inline in this file\n" }, { "path": "language_features/netscaler.yml", "content": "---\n#\n# NetScaler module example\n#\n\n- hosts: web-pool\n serial: 3\n vars:\n nsc_host: nsc.example.com\n nsc_user: admin\n nsc_pass: nimda\n # type of the netscaler object you want to manipulate\n type: service\n # netscaler object name\n name: \"{{facter_fqdn}}:8080\"\n\n tasks:\n - name: disable service in the lb\n netscaler: nsc_host={{nsc_host}} user={{nsc_user}} password={{nsc_pass}} name={{name}} type={{type}} action=disable\n\n - name: deploy new code\n shell: yum upgrade -y\n\n - name: enable in the lb\n netscaler: nsc_host={{nsc_host}} user={{nsc_user}} password={{nsc_pass}} name={{name}} type={{type}} action=enable\n" }, { "path": "language_features/postgresql.yml", "content": "##\n# Example Ansible playbook that uses the PostgreSQL module.\n#\n# This installs PostgreSQL on an Ubuntu system, creates a database called\n# \"myapp\" and a user called \"django\" with password \"mysupersecretpassword\"\n# with access to the \"myapp\" database.\n#\n---\n- hosts: webservers\n become: yes\n gather_facts: no\n\n tasks:\n - name: ensure apt cache is up to date\n apt: update_cache=yes\n - name: ensure packages are installed\n apt: name={{item}}\n with_items:\n - postgresql\n - libpq-dev\n - python-psycopg2\n\n- hosts: webservers\n become: yes\n become_user: postgres\n gather_facts: no\n\n vars:\n dbname: myapp\n dbuser: django\n dbpassword: mysupersecretpassword\n\n tasks:\n - name: ensure database is created\n postgresql_db: name={{dbname}}\n\n - name: ensure user has access to database\n postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL\n\n - name: ensure user does not have unnecessary privilege\n postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB\n \n - name: ensure no other user can access the database\n postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent\n\n" }, { "path": "language_features/prompts.yml", "content": "---\n\n# it is possible to ask for variables from the user at the start\n# of a playbook run, for example, as part of a release script.\n\n- hosts: all\n remote_user: root\n\n# regular variables are a dictionary of keys and values\n\n vars:\n this_is_a_regular_var: 'moo'\n so_is_this: 'quack'\n\n# alternatively, they can ALSO be passed in from the outside:\n# ansible-playbook foo.yml --extra-vars=\"foo=100 bar=101\"\n# or through external inventory scripts (see online API docs)\n\n# here's basic mode prompting. Specify a hash of variable names and a prompt for\n# each.\n#\n# vars_prompt:\n# release_version: \"product release version\"\n\n# prompts can also be specified like this, allowing for hiding the prompt as\n# entered. In the future, this may also be used to support crypted variables\n\n vars_prompt:\n - name: \"some_password\"\n prompt: \"Enter password\"\n private: yes\n\n - name: \"release_version\"\n prompt: \"Product release version\"\n default: \"my_default_version\"\n private: no\n\n - name: \"my_password2\"\n prompt: \"Enter password2\"\n private: yes\n encrypt: \"md5_crypt\"\n confirm: yes\n salt_size: 7\n salt: \"foo\"\n\n# this is just a simple example to show that vars_prompt works, but\n# you might ask for a tag to use with the git module or perhaps\n# a package version to use with the yum module.\n\n tasks:\n\n - name: imagine this did something interesting with {{release_version}}\n shell: echo foo >> /tmp/{{release_version}}-alpha\n\n - name: look we crypted a password\n shell: echo my password is {{my_password2}}\n\n\n\n\n" }, { "path": "language_features/rabbitmq.yml", "content": "---\n- hosts: rabbitmq\n become: true\n become_method: sudo\n vars:\n rabbitmq_version: 3.0.2-1\n\n tasks:\n - name: ensure python-software-properties is installed\n apt: pkg=python-software-properties state=installed\n\n - name: add rabbitmq official apt repository\n apt_repository: repo='deb http://www.rabbitmq.com/debian/ testing main' state=present\n\n - name: add trusted key\n apt_key: url=https://www.rabbitmq.com/rabbitmq-signing-key-public.asc state=present\n\n - name: install package\n apt: name={{ item }} update_cache=yes state=installed\n with_items:\n - rabbitmq-server\n\n - name: enable rabbitmq plugins\n rabbitmq_plugin: names=rabbitmq_management,rabbitmq_tracing,rabbitmq_federation state=enabled\n notify:\n - restart rabbitmq\n\n - name: add users\n rabbitmq_user: user={{item.username}} password={{item.password}} tags=administrator,{{item.username}} vhost=/ configure_priv=.* write_priv=.* read_priv=.* state=present\n with_items:\n - { username: user1, password: changeme }\n - { username: user2, password: changeme }\n\n - name: remove default guest user\n rabbitmq_user: user=guest state=absent\n\n - name: ensure vhost /test is present\n rabbitmq_vhost: name=/test state=present\n\n handlers:\n - name: restart rabbitmq\n service: name=rabbitmq-server state=restarted\n" }, { "path": "language_features/register_logic.yml", "content": "# here's a cool advanced topic about how to perform conditional logic in ansible without resorting\n# to writing your own module that defines facts. You can do that too, and it's easy to do, but\n# often you just want to run a command and then decide whether to run some steps or not. That's\n# easy to do, and here we'll show you how.\n\n- name: test playbook\n remote_user: root\n hosts: all\n\n tasks:\n\n # it is possible to save the result of any command in a named register. This variable will be made\n # available to tasks and templates made further down in the execution flow.\n\n - shell: grep hi /etc/motd\n ignore_errors: yes\n register: motd_result\n\n # and here we access the register. Note that variable is structured data because\n # it is a return from the command module. The shell module makes available variables such as\n # as 'stdout', 'stderr', and 'rc'.\n\n # here we run the next action only if the previous grep returned true\n\n - shell: echo \"motd contains the word hi\"\n when: motd_result.rc == 0\n\n # alternatively:\n\n - shell: echo \"motd contains the word hi\"\n when: motd_result.stdout.find('hi') != -1\n\n # or also:\n\n - shell: echo \"motd contains word hi\"\n when: \"'hi' in motd_result.stdout\"\n\n # you can use 'stdout_lines' to loop over the registered output lines\n - name: motd lines matching 'hi'\n shell: echo \"{{ item }}\"\n with_items: motd_result.stdout_lines\n\n # you can also split 'stdout' yourself\n - name: motd lines matching 'hi'\n shell: echo \"{{ item }}\"\n with_items: motd_result.stdout.split('\\n')\n\n\n" }, { "path": "language_features/roles/foo/files/foo.txt", "content": "This is a file\n\n" }, { "path": "language_features/roles/foo/handlers/main.yml", "content": "---\n\n- name: blippy\n shell: echo notifier called, and the value of x is '{{ x }}'\n\n# within a role, it's possible to include other task files as well. By default, we\n# can reference files in the same directory without doing anything special:\n\n# - include: other.yml\n\n" }, { "path": "language_features/roles/foo/tasks/main.yml", "content": "---\n\n- name: copy operation\n copy: src=foo.txt dest=/tmp/roles_test1.txt\n\n- name: template operation\n template: src=foo.j2 dest=/tmp/roles_test2.txt\n notify:\n - blippy\n\n- name: demo that parameterized roles work\n shell: echo just FYI, param1={{ param1 }}, param2 ={{ param2 }}\n\n\n" }, { "path": "language_features/roles/foo/templates/foo.j2", "content": "I am a {{ ansible_os_family }} distribution.\n" }, { "path": "language_features/roles/foo/vars/main.yml", "content": "---\nx: '{{ ansible_machine }}'\n\n" }, { "path": "language_features/roletest.yml", "content": "# in Ansible 1.2 and later, roles allow easy best-practices organization of content\n# and maximize shareability of ansible building blocks.\n#\n# suppose a playbook applied to a group of hosts includes two roles, foo and bar.\n#\n# what do roles do in this case?\n#\n# listing the roles as foo and bar will auto include the following:\n#\n# tasks from ./roles/foo/tasks/main.yml, then ./roles/bar/tasks/main.yml\n# handlers from ./roles/foo/handlers/main.yml, then ./roles/bar/handlers/main.yml\n# vars from ./roles/foo/vars/main.yml, then ./roles/bar/vars/main.yml\n#\n# should any of these files not exist, that is ok, and they will simply not be loaded.\n#\n# should the task file in foo/tasks/main.yml want to include subtasks in other files, that\n# is also permitted.\n#\n# templates and copy operations also get smarter about where to look for content when using\n# roles.\n#\n# as an example, a task in foo/tasks/main.yml could copy or template a file by\n# referencing a \"src=foo.j2\" rather than having to explicitly path src=roles/foo/templates/foo.j2.\n\n---\n\n - hosts: all\n\n pre_tasks:\n\n # these tasks are executed prior to roles.\n # this might be a good time to signal an outage window or take a host out of a load balanced pool\n\n - local_action: shell echo \"hi this is a pre_task step about {{ inventory_hostname }}\"\n\n roles:\n\n # a role can be listed flat like this:\n #\n # - common\n # - webservers\n\n # but you can also pass variables to them, so they can be parameterized. You can call\n # a role more than once with different parameters too. It might look like the section\n # below. Note I can also declare tags at this time.\n\n - { role: foo, param1: 1000, param2: 2000, tags: [ 'foo', 'bar' ] }\n - { role: foo, param1: 8000, param2: 9000, tags: [ 'baz' ] }\n\n # add as many roles as you like, roles takes a list of roles names\n # these paths can be qualified, but if bare, it will look from them in\n # roles/{{rolename}} relative to the playbook\n\n # explicit tasks and handlers can be used, but are not required.\n # they will run after the roles if present.\n\n tasks:\n\n # you can still have loose tasks/handlers and they will execute after roles are applied\n\n - shell: echo 'this is a loose task'\n\n post_tasks:\n\n # just to provide a syntactic mirroring to 'pre_tasks', these run absolute last in the play.\n # this might be a good time to put a host back in a load balanced pool or end an outage window\n\n - local_action: shell echo 'this is a post_task about {{ inventory_hostname }}'\n\n\n\n" }, { "path": "language_features/roletest2.yml", "content": "# in Ansible 1.2 and later, roles allow easy best-practices organization of content\n# and maximize shareability of ansible building blocks.\n#\n# suppose a playbook applied to a group of hosts includes two roles, foo and bar.\n#\n# what do roles do in this case?\n#\n# listing the roles as foo and bar will auto include the following:\n#\n# tasks from ./roles/foo/tasks/main.yml, then ./roles/bar/tasks/main.yml\n# handlers from ./roles/foo/handlers/main.yml, then ./roles/bar/handlers/main.yml\n# vars from ./roles/foo/vars/main.yml, then ./roles/bar/vars/main.yml\n#\n# should any of these files not exist, that is ok, and they will simply not be loaded.\n#\n# should the task file in foo/tasks/main.yml want to include subtasks in other files, that\n# is also permitted.\n#\n# templates and copy operations also get smarter about where to look for content when using\n# roles.\n#\n# as an example, a task in foo/tasks/main.yml could copy or template a file by\n# referencing a \"src=foo.j2\" rather than having to explicitly path src=roles/foo/templates/foo.j2.\n\n---\n\n - hosts: all\n roles:\n\n # a role can be listed flat like this:\n #\n # - common\n # - webservers\n\n # but you can also pass variables to them, so they can be parameterized. You can call\n # a role more than once with different parameters too. It might look like this:\n\n - role: foo\n param1: '{{ foo }}'\n param2: '{{ some_var1 + \"/\" + some_var2 }}'\n when: ansible_os_family == 'RedHat'\n\n # add as many roles as you like, roles takes a list of roles names\n # these paths can be qualified, but if bare, it will look from them in\n # roles/{{rolename}} relative to the playbook\n\n # explicit tasks and handlers can be used, but are not required.\n # they will run after the roles if present.\n\n tasks:\n\n # you can still have loose tasks/handlers and they will execute after roles\n\n - shell: echo 'this is a loose task'\n\n\n" }, { "path": "language_features/selective_file_sources.yml", "content": "---\n# this is an example of how to template a file over using some variables derived\n# from the system. For instance, if you wanted to have different configuration\n# templates by OS version, this is a neat way to do it. Any Ansible facts, facter facts,\n# or ohai facts could be used to do this.\n\n- hosts: all\n\n tasks:\n\n - name: template a config file\n template: dest=/etc/imaginary_file.conf\n first_available_file:\n\n # first see if we have a file for this specific host\n - /srv/whatever/{{ansible_hostname}}.conf\n\n # next try to load something like CentOS6.2.conf\n - /srv/whatever/{{ansible_distribution}}{{ansible_distribution_version}}.conf\n\n # next see if there's a CentOS.conf\n - /srv/whatever/{{ansible_distribution}}.conf\n\n # finally give up and just use something generic\n - /srv/whatever/default\n\n\n\n" }, { "path": "language_features/tags.yml", "content": "---\n# tags allow us to run all of a playbook or part of it.\n#\n# assume: ansible-playbook tags.yml --tags foo\n#\n# try this with:\n# --tags foo\n# --tags bar\n# --tags extra\n#\n# the value of a 'tags:' element can be a string or list\n# of tag names. Variables are not usable in tag names.\n\n- name: example play one\n hosts: all\n remote_user: root\n\n # any tags applied to the play are shorthand to applying\n # the tag to all tasks in it. Here, each task is given\n # the tag extra\n\n tags:\n - extra\n\n tasks:\n\n # this task will run if you don't specify any tags,\n # if you specify 'foo' or if you specify 'extra'\n\n - name: hi\n tags: ['foo']\n shell: echo \"first task ran\"\n\n- name: example play two\n hosts: all\n remote_user: root\n tasks:\n - name: hi\n tags:\n - bar\n shell: echo \"second task ran\"\n - include: tasks/base.yml\n tags:\n - base\n\n" }, { "path": "language_features/tasks/base.yml", "content": "---\n\n# this is the example of an included tasks file. It contains a flat list of tasks\n# they can notify other tasks, and have full access to variables from 'vars'\n# or 'vars_files' directives. Further, if ohai or facter were installed on\n# the remote machines, variables from those tools can be accessed on the 'action'\n# line or in templates. Just prefix with 'facter_' or 'ohai_' before the particular\n# variable.\n\n# possible uses for a included yaml file might be to represent a 'class' of a system\n# like defining what makes up a webserver, or you might have a common 'base.yml'\n# (like this) that might be applied to all your systems as well.\n\n- name: no selinux\n command: /usr/sbin/setenforce 0\n\n- name: no iptables\n service: name=iptables state=stopped\n\n- name: made up task just to show variables work here\n command: /bin/echo release is $release\n" }, { "path": "language_features/templates/custom-filters.j2", "content": "1 + 1 = {{ '1+1' | generate_answer }}\n" }, { "path": "language_features/templates/etc_cron.d_ansible-pull.j2", "content": "# Cron job to git clone/pull a repo and then run locally\n{{ schedule }} {{ cron_user }} ansible-pull -d {{ workdir }} -U {{ repo_url }} >>{{ logfile }} 2>&1\n" }, { "path": "language_features/templates/etc_logrotate.d_ansible-pull.j2", "content": "{{ logfile }} {\n rotate 7\n daily\n compress\n missingok\n notifempty\n}\n" }, { "path": "language_features/templates/foo.j2", "content": "# This is a very simple Jinja2 template representing an imaginary configuration file\n# for an imaginary app.\n\n# this is an example of loading a fact from the setup module\nsystem={{ ansible_system }}\n\n# here is a variable that could be set in a playbook or inventory file\nhttp_port={{ http_port }}\n\n\n" }, { "path": "language_features/templates/hostvars.j2", "content": "# example of how to get the ipaddress of every machine in the webservers group\n# for use in a template\n\n{% for host in groups['webservers'] %}\n HOST: {{ host }} IP: {{ hostvars[host]['ansible_all_ipv4_addresses'][0] }}\n{% endfor %}\n\n" }, { "path": "language_features/upgraded_vars.yml", "content": "# this just shows some tricks possible with variables in Ansible 1.2 and later.\n\n---\n\n - hosts: all\n\n vars:\n a_list:\n - a\n - b\n - c\n\n tasks:\n - debug: msg=\"hello {{ ansible_hostname.upper() }}\"\n\n - shell: echo match\n when: 2 == 2\n\n - shell: echo no match\n when: 2 == 2 + 1\n\n - debug: msg=\"{{ ansible_os_family }}\"\n\n - shell: echo {{ item }}\n with_items: a_list\n\n - shell: echo 'RedHat'\n when: ansible_os_family == 'RedHat'\n\n\n" }, { "path": "language_features/user_commands.yml", "content": "---\n# this is a demo of how the user commands work and how to reference salted passwords\n# in vars sections. You could also use vars_files if you like (see other examples)\n\n- hosts: all\n remote_user: root\n vars:\n # created with:\n # python -c 'import crypt; print crypt.crypt(\"This is my Password\", \"$1$SomeSalt$\")'\n password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.\n\n tasks:\n\n # Walk through account creation, modification, and deletion\n - name: test basic user account creation\n user: name=tset comment=TsetUser group=users shell=/sbin/nologin createhome=no\n\n # the following is just a simple example of how you don't have to include\n # the 'name' element for each task\n\n - user: name=tset comment=NyetUser\n - user: name=tset password={{password}}\n\n # The following will add the user to supplementary groups.\n\n # Add the user to the groups dialout and uucp.\n - user: name=tset groups=dialout,uucp\n\n # Add the user to the groups dialout and wheel,\n # This will remove tset from the group uucp.\n - user: name=tset groups=dialout,wheel\n\n # Add the user to the group uucp. Because append=yes, the user\n # will not be removed from the groups dialout and wheel.\n - user: name=tset groups=uucp append=yes\n\n # Finally, remove the user.\n - user: name=tset state=absent\n" }, { "path": "language_features/vars/CentOS.yml", "content": "---\napache: httpd\npackager: yum\n" }, { "path": "language_features/vars/defaults.yml", "content": "---\npackager: apt\napache: apache\n" }, { "path": "language_features/vars/external_vars.yml", "content": "---\nalpha: one\nbeta: two\n" }, { "path": "language_features/zfs.yml", "content": "---\n##\n# Example Ansible playbook that uses the Zfs module.\n#\n\n- hosts: webservers\n gather_facts: no\n become: yes\n become_method: sudo \n\n vars:\n pool: rpool\n\n tasks:\n\n - name: Create a zfs file system\n zfs: name={{pool}}/var/log/httpd state=present\n\n - name: Create a zfs file system with quota of 10GiB and visible snapdir\n zfs: name={{pool}}/ansible quota='10G' snapdir=visible state=present\n\n - name: Create zfs snapshot of the above file system\n zfs: name={{pool}}/ansible@mysnapshot state=present\n\n - name: Create zfs volume named smallvol with a size of 10MiB\n zfs: name={{pool}}/smallvol volsize=10M state=present\n\n - name: Removes snapshot of rpool/oldfs\n zfs: name={{pool}}/oldfs@oldsnapshot state=absent\n\n - name: Removes file system rpool/oldfs\n zfs: name={{pool}}/oldfs state=absent\n\n\n" }, { "path": "mongodb/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "mongodb/README.md", "content": "## Deploying a sharded, production-ready MongoDB cluster with Ansible\n------------------------------------------------------------------------------\n\n- Requires Ansible 1.2\n- Expects CentOS/RHEL 6 hosts\n\n### A Primer\n---------------------------------------------\n\n![Alt text](images/nosql_primer.png \"Primer NoSQL\")\n\nThe above diagram shows how MongoDB differs from the traditional relational\ndatabase model. In an RDBMS, the data associated with 'user' is stored in a\ntable, and the records of users are stored in rows and columns. In MongoDB, the\n'table' is replaced by a 'collection' and the individual 'records' are called\n'documents'. One thing to notice is that the data is stored as key/value pairs\nin BJSON format.\n\nAnother thing to notice is that NoSQL-style databases have a looser consistency\nmodel. As an example, the second document in the users collection has an\nadditional field of 'last name'.\n \n### Data Replication\n------------------------------------\n\n![Alt text](images/replica_set.png \"Replica Set\")\n\nData backup is achieved in MongoDB via _replica sets_. As the figure above shows,\na single replication set consists of a replication master (active) and several\nother replications slaves (passive). All the database operations like\nadd/delete/update happen on the replication master and the master replicates\nthe data to the slave nodes. _mongod_ is the process which is responsible for all\nthe database activities as well as replication processes. The minimum\nrecommended number of slave servers are 3.\n\n### Sharding (Horizontal Scaling) .\n------------------------------------------------\n\n![Alt text](images/sharding.png \"Sharding\")\n\nSharding works by partitioning the data into separate chunks and allocating\ndifferent ranges of chunks to different shard servers. The figure above shows a\ncollection which has 90 documents which have been sharded across the three\nservers: the first shard getting ranges from 1-29, and so on. When a client wants\nto access a certain document, it contacts the query router (mongos process),\nwhich in turn contacts the 'configuration node', a lightweight mongod\nprocess) that keeps a record of which ranges of chunks are distributed across\nwhich shards. \n\nPlease do note that every shard server should be backed by a replica set, so\nthat when data is written/queried copies of the data are available. So in a\nthree-shard deployment we would require 3 replica sets and primaries of each\nwould act as the sharding server.\n\nHere are the basic steps of how sharding works:\n\n1) A new database is created, and collections are added.\n\n2) New documents get updated when clients update, and all the new documents\ngoes into a single shard.\n\n3) When the size of collection in a shard exceeds the 'chunk_size' the\ncollection is split and balanced across shards.\n\n\n### Deploying MongoDB Ansible\n--------------------------------------------\n\n#### Deploy the Cluster\n----------------------------\n\n![Alt text](images/site.png \"Site\")\n \nThe diagram above illustrates the deployment model for a MongoDB cluster deployed by\nAnsible. This deployment model focuses on deploying three shard servers,\neach having a replica set, with the backup replica servers serving as the other two shard\nprimaries. The configuration servers are co-located with the shards. The _mongos_\nservers are best deployed on separate servers. This is the minimum recommended\nconfiguration for a production-grade MongoDB deployment. Please note that the\nplaybooks are capable of deploying N node clusters, not limited to three. Also,\nall the processes are secured using keyfiles.\n\n#### Prerequisite\n\nEdit the group_vars/all file to reflect the below variables.\n\n1) `iface: 'eth1' # the interface to be used for all communication`.\n\t\t\n2) Set a unique `mongod_port` variable in the inventory file for each MongoDB\nserver.\n\n3) The default directory for storing data is `/data`, please do change it if\nrequired. Make sure it has sufficient space: 10G is recommended.\n\n### Deployment Example\n\nThe inventory file looks as follows:\n\n\t\t#The site wide list of mongodb servers\n\t\t[mongo_servers]\n\t\tmongo1 mongod_port=2700\n\t\tmongo2 mongod_port=2701\n\t\tmongo3 mongod_port=2702\n\n\t\t#The list of servers where replication should happen, including the master server.\n\t\t[replication_servers]\n\t\tmongo3\n\t\tmongo1\n\t\tmongo2\n\n\t\t#The list of mongodb configuration servers, make sure it is 1 or 3\n\t\t[mongoc_servers]\n\t\tmongo1\n\t\tmongo2\n\t\tmongo3\n\n\t\t#The list of servers where mongos servers would run. \n\t\t[mongos_servers]\n\t\tmongos1\n\t\tmongos2\n\nBuild the site with the following command:\n\n\t\tansible-playbook -i hosts site.yml\n\n\n#### Verifying the Deployment \n---------------------------------------------\n\nOnce configuration and deployment has completed we can check replication set\navailability by connecting to individual primary replication set nodes, `mongo\n--host 192.168.1.1 --port 2700` and issue the command to query the status of\nreplication set, we should get a similar output.\n\n\t\t\n\t\tweb2:PRIMARY> rs.status()\n\t\t{\n\t\t\t\"set\" : \"web2\",\n\t\t\t\"date\" : ISODate(\"2013-03-19T10:26:35Z\"),\n\t\t\t\"myState\" : 1,\n\t\t\t\"members\" : [\n\t\t\t{\n\t\t\t\t\"_id\" : 0,\n\t\t\t\t\"name\" : \"web2:2013\",\n\t\t\t\t\"health\" : 1,\n\t\t\t\t\"state\" : 1,\n\t\t\t\t\"stateStr\" : \"PRIMARY\",\n\t\t\t\t\"uptime\" : 102,\n\t\t\t\t\"optime\" : Timestamp(1363688755000, 1),\n\t\t\t\t\"optimeDate\" : ISODate(\"2013-03-19T10:25:55Z\"),\n\t\t\t\t\"self\" : true\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"_id\" : 1,\n\t\t\t\t\"name\" : \"web3:2013\",\n\t\t\t\t\"health\" : 1,\n\t\t\t\t\"state\" : 2,\n\t\t\t\t\"stateStr\" : \"SECONDARY\",\n\t\t\t\t\"uptime\" : 40,\n\t\t\t\t\"optime\" : Timestamp(1363688755000, 1),\n\t\t\t\t\"optimeDate\" : ISODate(\"2013-03-19T10:25:55Z\"),\n\t\t\t\t\"lastHeartbeat\" : ISODate(\"2013-03-19T10:26:33Z\"),\n\t\t\t\t\"pingMs\" : 1\n\t\t\t}\n\t\t\t],\n\t\t\t\"ok\" : 1\n\t\t}\n\n\nWe can check the status of the shards as follows: connect to the mongos service\n`mongo localhost:8888/admin -u admin -p 123456` and issue the following command to get\nthe status of the Shards:\n\n\n\t\t \n\t\tmongos> sh.status()\n\t\t--- Sharding Status --- \n\t\t sharding version: { \"_id\" : 1, \"version\" : 3 }\n\t\t shards:\n\t\t\t{ \"_id\" : \"web2\", \"host\" : \"web2/web2:2013,web3:2013\" }\n\t\t\t{ \"_id\" : \"web3\", \"host\" : \"web3/web2:2014,web3:2014\" }\n \t\tdatabases:\n\t\t\t{ \"_id\" : \"admin\", \"partitioned\" : false, \"primary\" : \"config\" }\n\n\nWe can also make sure the sharding works by creating a database, a collection,\nand populate it with documents and check if the chunks of the collection are\nbalanced equally across nodes. The below diagram illustrates the verification\nstep.\n\n-------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n![Alt text](images/check.png \"check\")\n\nThe above mentioned steps can be tested with an automated playbook.\n\nIssue the following command to run the test. Pass one of the _mongos_ servers\nin the _servername_ variable.\n\t\t\n\t\tansible-playbook -i hosts playbooks/testsharding.yml -e servername=server1\n\n\nOnce the playbook completes, we check if the sharding has succeeded by logging\non to any mongos server and issuing the following command. The output displays\nthe number of chunks spread across the shards.\n\n\t\tmongos> sh.status()\n\t\t\t--- Sharding Status --- \n \t\t\tsharding version: { \"_id\" : 1, \"version\" : 3 }\n \t\t\tshards:\n\t\t\t{ \"_id\" : \"bensible\", \"host\" : \"bensible/bensible:20103,web2:20103,web3:20103\" }\n\t\t\t{ \"_id\" : \"web2\", \"host\" : \"web2/bensible:20105,web2:20105,web3:20105\" }\n\t\t\t{ \"_id\" : \"web3\", \"host\" : \"web3/bensible:20102,web2:20102,web3:20102\" }\n \t\t\tdatabases:\n\t\t\t{ \"_id\" : \"admin\", \"partitioned\" : false, \"primary\" : \"config\" }\n\t\t\t{ \"_id\" : \"test\", \"partitioned\" : true, \"primary\" : \"web3\" }\n\t\t\t\n\t\t\t\ttest.test_collection chunks:\n\t\t\t\t\n\t\t\t\tbensible\t7\n\t\t\t\tweb2\t6\n\t\t\t\tweb3\t7\n\t\t\t\n\t\t\t\n\n \n### Scaling the Cluster\n---------------------------------------\n\n![Alt text](images/scale.png \"scale\")\n\nTo add a new node to the existing MongoDB Cluster, modify the inventory file as follows:\n\n\t\t#The site wide list of mongodb servers\n\t\t[mongoservers]\n\t\tmongo1 mongod_port=2700\n\t\tmongo2 mongod_port=2701\n\t\tmongo3 mongod_port=2702\n\t\tmongo4 mongod_port=2703\n\n\t\t#The list of servers where replication should happen, make sure the new node is listed here.\n\t\t[replicationservers]\n\t\tmongo4\n\t\tmongo3\n\t\tmongo1\n\t\tmongo2\n\n\t\t#The list of mongodb configuration servers, make sure it is 1 or 3\n\t\t[mongoc_servers]\n\t\tmongo1\n\t\tmongo2\n\t\tmongo3\n\n\t\t#The list of servers where mongos servers would run. \n\t\t[mongos_servers]\n\t\tmongos1\n\t\tmongos2\n\nMake sure you have the new node added in the _replicationservers_ section and\nexecute the following command:\n\n\t\tansible-playbook -i hosts site.yml\n\n### Verification\n-----------------------------\n\nThe newly added node can be easily verified by checking the sharding status and\nseeing the chunks being rebalanced to the newly added node.\n\n\t\t\t$/usr/bin/mongo localhost:8888/admin -u admin -p 123456\n\t\t\tmongos> sh.status()\n\t\t\t\t--- Sharding Status --- \n \t\t\t\tsharding version: { \"_id\" : 1, \"version\" : 3 }\n \t\t\tshards:\n\t\t\t{ \"_id\" : \"bensible\", \"host\" : \"bensible/bensible:20103,web2:20103,web3:20103\" }\n\t\t\t{ \"_id\" : \"web2\", \"host\" : \"web2/bensible:20105,web2:20105,web3:20105\" }\n\t\t\t{ \"_id\" : \"web3\", \"host\" : \"web3/bensible:20102,web2:20102,web3:20102\" }\n\t\t\t{ \"_id\" : \"web4\", \"host\" : \"web4/bensible:20101,web3:20101,web4:20101\" }\n \t\t\tdatabases:\n\t\t\t{ \"_id\" : \"admin\", \"partitioned\" : false, \"primary\" : \"config\" }\n\t\t\t{ \"_id\" : \"test\", \"partitioned\" : true, \"primary\" : \"bensible\" }\n\t\t\n\t\t\ttest.test_collection chunks:\n\t\t\t\n\t\t\t\tweb4\t3\n\t\t\t\tweb3\t6\n\t\t\t\tweb2\t6\n\t\t\t\tbensible\t5\n\n \n" }, { "path": "mongodb/group_vars/all", "content": "# The global variable file mongodb installation\n\n# The chunksize for shards in MB\nmongos_chunk_size: 1\n\n# The port in which mongos server should listen on \nmongos_port: 8888\n\n# The port for mongo config server\nmongoc_port: 7777\n\n# The directory prefix where the database files would be stored\nmongodb_datadir_prefix: /data/\n\n# The interface where the mongodb process should listen on.\n# Defaults to the first interface. Change this to:\n# \n# iface: eth1\n#\n# ...to override.\n# \niface: '{{ ansible_default_ipv4.interface }}'\n\n# The password for admin user\nmongo_admin_pass: 123456\n" }, { "path": "mongodb/hosts", "content": "#The site wide list of mongodb servers\n\n# the mongo servers need a mongod_port variable set, and they must not conflict.\n[mongo_servers]\nmongo1 mongod_port=2700\nmongo2 mongod_port=2701\nmongo3 mongod_port=2702\nmongo4 mongod_port=2703\n\n#The list of servers where replication should happen, by default include all servers\n[replication_servers]\nmongo4\nmongo3\nmongo1\nmongo2\n\n#The list of mongodb configuration servers, make sure it is 1 or 3\n[mongoc_servers]\nmongo1\nmongo2\nmongo3\n\n\n#The list of servers where mongos servers would run. \n[mongos_servers]\nmongo1\nmongo2\n\n\n" }, { "path": "mongodb/playbooks/testsharding.yml", "content": "---\n# The playbook creates a new database test and populates data in the database to test the sharding.\n\n- hosts: $servername\n remote_user: root\n tasks:\n - name: Create a new database and user\n mongodb_user: login_user=admin login_password=${mongo_admin_pass} login_port=${mongos_port} database=test user=admin password=${mongo_admin_pass} state=present\n\n - name: Pause for the user to get created and replicated\n pause: minutes=3\n\n - name: Execute the collection creation script\n command: /usr/bin/mongo localhost:${mongos_port}/test -u admin -p ${mongo_admin_pass} /tmp/testsharding.js\n\n - name: Enable sharding on the database and collection\n command: /usr/bin/mongo localhost:${mongos_port}/admin -u admin -p ${mongo_admin_pass} /tmp/enablesharding.js\n" }, { "path": "mongodb/roles/common/files/10gen.repo.j2", "content": "[10gen]\nname=10gen Repository\nbaseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64\ngpgcheck=0\nenabled=1\n\n" }, { "path": "mongodb/roles/common/files/RPM-GPG-KEY-EPEL-6", "content": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\nmQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1\nJXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B\nM9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn\nXtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6\npQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV\nQqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp\nXo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq\n3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu\nvBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar\n1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g\nYgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB\ntCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS\nKUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9\nqO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT\n9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP\nQ4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS\nWtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft\nHpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF\np0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP\nx1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8\nwB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J\nl/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG\niVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR\nXtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==\n=V/6I\n-----END PGP PUBLIC KEY BLOCK-----\n" }, { "path": "mongodb/roles/common/files/epel.repo.j2", "content": "[epel]\nname=Extra Packages for Enterprise Linux 6 - $basearch\nbaseurl=http://download.fedoraproject.org/pub/epel/6/$basearch\n#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch\nfailovermethod=priority\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\n\n[epel-debuginfo]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Debug\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n\n[epel-source]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Source\n#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n" }, { "path": "mongodb/roles/common/handlers/main.yml", "content": "---\n# Handler for mongod\n\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "mongodb/roles/common/tasks/main.yml", "content": "---\n# This Playbook runs all the common plays in the deployment\n\n- name: Create the hosts file for all machines\n template: src=hosts.j2 dest=/etc/hosts\n\n- name: Create the repository for 10Gen\n copy: src=10gen.repo.j2 dest=/etc/yum.repos.d/10gen.repo\n\n- name: Create the EPEL Repository.\n copy: src=epel.repo.j2 dest=/etc/yum.repos.d/epel.repo\n\n- name: Create the GPG key for EPEL\n copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg\n\n- name: Create the mongod user\n user: name=mongod comment=\"MongoD\"\n\n- name: Create the data directory for the namenode metadata\n file: path={{ mongodb_datadir_prefix }} owner=mongod group=mongod state=directory\n\n- name: Install the mongodb package\n yum: name={{ item }} state=installed\n with_items:\n - libselinux-python\n - mongo-10gen\n - mongo-10gen-server\n - bc\n - python-pip\n\n- name: Install the latest pymongo package\n pip: name=pymongo state=latest use_mirrors=no\n\n- name: Create the iptables file\n template: src=iptables.j2 dest=/etc/sysconfig/iptables\n notify: restart iptables\n" }, { "path": "mongodb/roles/common/templates/hosts.j2", "content": "127.0.0.1 localhost\n{% for host in groups['all'] %}\n{{ hostvars[host]['ansible_' + iface].ipv4.address }} {{ host }}\n{% endfor %}\n" }, { "path": "mongodb/roles/common/templates/iptables.j2", "content": "# Firewall configuration written by system-config-firewall\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n{% if 'mongoc_servers' in group_names %}\n-A INPUT -p tcp --dport 7777 -j ACCEPT\n{% endif %}\n{% if 'mongos_servers' in group_names %}\n-A INPUT -p tcp --dport 8888 -j ACCEPT\n{% endif %}\n{% if 'mongo_servers' in group_names %}\n{% for host in groups['mongo_servers'] %}\n-A INPUT -p tcp --dport {{ hostvars[host]['mongod_port'] }} -j ACCEPT\n{% endfor %}\n{% endif %}\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n\n\n\n" }, { "path": "mongodb/roles/mongoc/files/secret", "content": "qGO6OYb64Uth9p9Tm8s9kqarydmAg1AUdgVz+ecjinaLZ1SlWxXMY1ug8AO7C/Vu\nD8kA3+rE37Gv1GuZyPYi87NSfDhKXo4nJWxI00BxTBppmv2PTzbi7xLCx1+8A1uQ\n4XU0HA\n" }, { "path": "mongodb/roles/mongoc/tasks/main.yml", "content": "---\n# This playbook deploys the mongodb configurationdb servers\n\n- name: Create data directory for mongoc configuration server\n file: path={{ mongodb_datadir_prefix }}/configdb state=directory owner=mongod group=mongod\n\n- name: Create the mongo configuration server startup file\n template: src=mongoc.j2 dest=/etc/init.d/mongoc mode=0655\n\n\n- name: Create the mongo configuration server file\n template: src=mongoc.conf.j2 dest=/etc/mongoc.conf\n\n\n- name: Copy the keyfile for authentication\n copy: src=roles/mongod/files/secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400\n\n- name: Start the mongo configuration server service\n command: creates=/var/lock/subsys/mongoc /etc/init.d/mongoc start\n\n- name: pause\n pause: seconds=20\n\n- name: add the admin user\n mongodb_user: database=admin name=admin password={{ mongo_admin_pass }} login_port={{ mongoc_port }} state=present\n ignore_errors: yes\n" }, { "path": "mongodb/roles/mongoc/templates/adduser.j2", "content": "db.addUser('admin','{{ mongo_admin_pass }}')\n" }, { "path": "mongodb/roles/mongoc/templates/mongoc.conf.j2", "content": "\n#where to log\nlogpath=/var/log/mongo/mongod-config.log\n\nlogappend=true\n\n# fork and run in background\nfork = true\n\nport = {{ mongoc_port }}\n\ndbpath={{ mongodb_datadir_prefix }}configdb\nkeyFile={{ mongodb_datadir_prefix }}secret\n# location of pidfile\npidfilepath = /var/run/mongo/mongoc.pid\n\nconfigsvr=true\n" }, { "path": "mongodb/roles/mongoc/templates/mongoc.j2", "content": "#!/bin/bash\n\n# mongod - Startup script for mongod\n\n# chkconfig: 35 85 15\n# description: Mongo is a scalable, document-oriented database.\n# processname: mongod\n# config: /etc/mongod.conf\n# pidfile: /var/run/mongo/mongod.pid\n\n. /etc/rc.d/init.d/functions\n\n# things from mongod.conf get there by mongod reading it\nexport LC_ALL=\"C\"\n\n# NOTE: if you change any OPTIONS here, you get what you pay for:\n# this script assumes all options are in the config file.\nCONFIGFILE=\"/etc/mongoc.conf\"\nOPTIONS=\" -f $CONFIGFILE\"\nSYSCONFIG=\"/etc/sysconfig/mongod\"\n\n# FIXME: 1.9.x has a --shutdown flag that parses the config file and\n# shuts down the correct running pid, but that's unavailable in 1.8\n# for now. This can go away when this script stops supporting 1.8.\nDBPATH=`awk -F= '/^dbpath=/{print $2}' \"$CONFIGFILE\"`\nPIDFILE=`awk -F= '/^dbpath\\s=\\s/{print $2}' \"$CONFIGFILE\"`\nmongod=${MONGOD-/usr/bin/mongod}\n\nMONGO_USER=mongod\nMONGO_GROUP=mongod\n\nif [ -f \"$SYSCONFIG\" ]; then\n . \"$SYSCONFIG\"\nfi\n\n# Handle NUMA access to CPUs (SERVER-3574)\n# This verifies the existence of numactl as well as testing that the command works\nNUMACTL_ARGS=\"--interleave=all\"\nif which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null\nthen\n NUMACTL=\"numactl $NUMACTL_ARGS\"\nelse\n NUMACTL=\"\"\nfi\n\nstart()\n{\n echo -n $\"Starting mongod: \"\n daemon --user \"$MONGO_USER\" $NUMACTL $mongod $OPTIONS\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongoc\n}\n\nstop()\n{\n echo -n $\"Stopping mongod: \"\n killproc -p \"$PIDFILE\" -d 300 /usr/bin/mongod\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongoc\n}\n\nrestart () {\n\tstop\n\tstart\n}\n\nulimit -n 12000\nRETVAL=0\n\ncase \"$1\" in\n start)\n start\n ;;\n stop)\n stop\n ;;\n restart|reload|force-reload)\n restart\n ;;\n condrestart)\n [ -f /var/lock/subsys/mongod ] && restart || :\n ;;\n status)\n status $mongod\n RETVAL=$?\n ;;\n *)\n echo \"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}\"\n RETVAL=1\nesac\n\nexit $RETVAL\n" }, { "path": "mongodb/roles/mongod/files/secret", "content": "qGO6OYb64Uth9p9Tm8s9kqarydmAg1AUdgVz+ecjinaLZ1SlWxXMY1ug8AO7C/Vu\nD8kA3+rE37Gv1GuZyPYi87NSfDhKXo4nJWxI00BxTBppmv2PTzbi7xLCx1+8A1uQ\n4XU0HA\n" }, { "path": "mongodb/roles/mongod/tasks/main.yml", "content": "---\n# This role deploys the mongod processes and sets up the replication set.\n\n- name: create data directory for mongodb\n file: path={{ mongodb_datadir_prefix }}/mongo-{{ inventory_hostname }} state=directory owner=mongod group=mongod\n delegate_to: '{{ item }}'\n with_items: groups.replication_servers\n\n- name: create log directory for mongodb\n file: path=/var/log/mongo state=directory owner=mongod group=mongod\n\n- name: create run directory for mongodb\n file: path=/var/run/mongo state=directory owner=mongod group=mongod\n\n- name: Create the mongodb startup file\n template: src=mongod.j2 dest=/etc/init.d/mongod-{{ inventory_hostname }} mode=0655\n delegate_to: '{{ item }}'\n with_items: groups.replication_servers\n\n\n- name: Create the mongodb configuration file\n template: src=mongod.conf.j2 dest=/etc/mongod-{{ inventory_hostname }}.conf\n delegate_to: '{{ item }}'\n with_items: groups.replication_servers\n\n- name: Copy the keyfile for authentication\n copy: src=secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400\n\n\n- name: Start the mongodb service\n command: creates=/var/lock/subsys/mongod-{{ inventory_hostname }} /etc/init.d/mongod-{{ inventory_hostname }} start\n delegate_to: '{{ item }}'\n with_items: groups.replication_servers\n\n- name: Create the file to initialize the mongod replica set\n template: src=repset_init.j2 dest=/tmp/repset_init.js\n\n- name: Pause for a while\n pause: seconds=20\n\n- name: Initialize the replication set\n shell: /usr/bin/mongo --port \"{{ mongod_port }}\" /tmp/repset_init.js\n" }, { "path": "mongodb/roles/mongod/tasks/shards.yml", "content": "---\n#This Playbooks adds shards to the mongos servers once everythig is added\n\n\n- name: Create the file to initialize the mongod Shard\n template: src=shard_init.j2 dest=/tmp/shard_init_{{ inventory_hostname }}.js\n delegate_to: '{{ item }}'\n with_items: groups.mongos_servers\n\n- name: Add the shard to the mongos\n shell: /usr/bin/mongo localhost:{{ mongos_port }}/admin -u admin -p {{ mongo_admin_pass }} /tmp/shard_init_{{ inventory_hostname }}.js\n delegate_to: '{{ item }}'\n with_items: groups.mongos_servers\n\n\n" }, { "path": "mongodb/roles/mongod/templates/mongod.conf.j2", "content": "# mongo.conf\nsmallfiles=true\n\n#where to log\nlogpath=/var/log/mongo/mongod-{{ inventory_hostname }}.log\n\nlogappend=true\n\n# fork and run in background\nfork = true\n\nport = {{ mongod_port }}\n\ndbpath={{ mongodb_datadir_prefix }}mongo-{{ inventory_hostname }}\nkeyFile={{ mongodb_datadir_prefix }}/secret\n\n# location of pidfile\npidfilepath = /var/run/mongo/mongod-{{ inventory_hostname }}.pid\n\n\n# Ping interval for Mongo monitoring server.\n#mms-interval = \n\n# Replication Options\nreplSet={{ inventory_hostname }}\n" }, { "path": "mongodb/roles/mongod/templates/mongod.j2", "content": "#!/bin/bash\n\n# mongod - Startup script for mongod\n\n# chkconfig: 35 85 15\n# description: Mongo is a scalable, document-oriented database.\n# processname: mongod\n# config: /etc/mongod.conf\n# pidfile: /var/run/mongo/mongod.pid\n\n. /etc/rc.d/init.d/functions\n\n# things from mongod.conf get there by mongod reading it\nexport LC_ALL=\"C\"\n\n# NOTE: if you change any OPTIONS here, you get what you pay for:\n# this script assumes all options are in the config file.\nCONFIGFILE=\"/etc/mongod-{{ inventory_hostname }}.conf\"\nOPTIONS=\" -f $CONFIGFILE\"\nSYSCONFIG=\"/etc/sysconfig/mongod\"\n\n# FIXME: 1.9.x has a --shutdown flag that parses the config file and\n# shuts down the correct running pid, but that's unavailable in 1.8\n# for now. This can go away when this script stops supporting 1.8.\nDBPATH=`awk -F= '/^dbpath=/{print $2}' \"$CONFIGFILE\"`\nPIDFILE=`awk -F= '/^dbpath\\s=\\s/{print $2}' \"$CONFIGFILE\"`\nmongod=${MONGOD-/usr/bin/mongod}\n\nMONGO_USER=mongod\nMONGO_GROUP=mongod\n\nif [ -f \"$SYSCONFIG\" ]; then\n . \"$SYSCONFIG\"\nfi\n\n# Handle NUMA access to CPUs (SERVER-3574)\n# This verifies the existence of numactl as well as testing that the command works\nNUMACTL_ARGS=\"--interleave=all\"\nif which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null\nthen\n NUMACTL=\"numactl $NUMACTL_ARGS\"\nelse\n NUMACTL=\"\"\nfi\n\nstart()\n{\n echo -n $\"Starting mongod: \"\n daemon --user \"$MONGO_USER\" $NUMACTL $mongod $OPTIONS\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongod-{{ inventory_hostname }}\n}\n\nstop()\n{\n echo -n $\"Stopping mongod: \"\n killproc -p \"$PIDFILE\" -d 300 /usr/bin/mongod\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongod-{{ inventory_hostname }}\n}\n\nrestart () {\n\tstop\n\tstart\n}\n\nulimit -n 12000\nRETVAL=0\n\ncase \"$1\" in\n start)\n start\n ;;\n stop)\n stop\n ;;\n restart|reload|force-reload)\n restart\n ;;\n condrestart)\n [ -f /var/lock/subsys/mongod ] && restart || :\n ;;\n status)\n status $mongod\n RETVAL=$?\n ;;\n *)\n echo \"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}\"\n RETVAL=1\nesac\n\nexit $RETVAL\n" }, { "path": "mongodb/roles/mongod/templates/repset_init.j2", "content": "rs.initiate()\nsleep(13000)\n{% for host in groups['replication_servers'] %}\nrs.add(\"{{ host }}:{{ mongod_port }}\")\nsleep(8000)\n{% endfor %}\nprintjson(rs.status())\n" }, { "path": "mongodb/roles/mongod/templates/shard_init.j2", "content": "sh.addShard(\"{{ inventory_hostname}}/{{ inventory_hostname }}:{{ mongod_port }}\")\nprintjson(rs.status())\n" }, { "path": "mongodb/roles/mongos/files/secret", "content": "qGO6OYb64Uth9p9Tm8s9kqarydmAg1AUdgVz+ecjinaLZ1SlWxXMY1ug8AO7C/Vu\nD8kA3+rE37Gv1GuZyPYi87NSfDhKXo4nJWxI00BxTBppmv2PTzbi7xLCx1+8A1uQ\n4XU0HA\n" }, { "path": "mongodb/roles/mongos/tasks/main.yml", "content": "---\n#This Playbook configures the mongos service of mongodb\n\n- name: Create the mongos startup file\n template: src=mongos.j2 dest=/etc/init.d/mongos mode=0655\n\n\n- name: Create the mongos configuration file\n template: src=mongos.conf.j2 dest=/etc/mongos.conf\n\n- name: Copy the keyfile for authentication\n copy: src=roles/mongod/files/secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400\n\n- name: Start the mongos service\n command: creates=/var/lock/subsys/mongos /etc/init.d/mongos start\n- name: pause\n pause: seconds=20\n\n- name: copy the file for shard test\n template: src=testsharding.j2 dest=/tmp/testsharding.js\n\n- name: copy the file enable sharding\n template: src=enablesharding.j2 dest=/tmp/enablesharding.js\n" }, { "path": "mongodb/roles/mongos/templates/enablesharding.j2", "content": "db.runCommand( { enableSharding : \"test\" } )\ndb.runCommand( { shardCollection : \"test.test_collection\", key : {\"number\":1} })\n\n" }, { "path": "mongodb/roles/mongos/templates/mongos.conf.j2", "content": "#where to log\nlogpath=/var/log/mongo/mongos.log\n\nlogappend=true\n\n# fork and run in background\nfork = true\n\nport = {{ mongos_port }}\n{% set hosts = '' %}\n {% for host in groups['mongoc_servers'] %}\n {% if loop.last %}\n {% set hosts = hosts + host + ':' ~ mongoc_port %}\n configdb = {{ hosts }}\n {% else %}\n {% set hosts = hosts + host + ':' ~ mongoc_port + ',' %}\n {% endif %}\n {% endfor %}\n\n# location of pidfile\npidfilepath = /var/run/mongodb/mongos.pid\nkeyFile={{ mongodb_datadir_prefix }}/secret\nchunkSize={{ mongos_chunk_size }}\n" }, { "path": "mongodb/roles/mongos/templates/mongos.j2", "content": "#!/bin/bash\n\n# mongod - Startup script for mongod\n\n# chkconfig: 35 85 15\n# description: Mongo is a scalable, document-oriented database.\n# processname: mongod\n# config: /etc/mongod.conf\n# pidfile: /var/run/mongo/mongod.pid\n\n. /etc/rc.d/init.d/functions\n\n# things from mongod.conf get there by mongod reading it\nexport LC_ALL=\"C\"\n\n# NOTE: if you change any OPTIONS here, you get what you pay for:\n# this script assumes all options are in the config file.\nCONFIGFILE=\"/etc/mongos.conf\"\nOPTIONS=\" -f $CONFIGFILE\"\nSYSCONFIG=\"/etc/sysconfig/mongod\"\n\n# FIXME: 1.9.x has a --shutdown flag that parses the config file and\n# shuts down the correct running pid, but that's unavailable in 1.8\n# for now. This can go away when this script stops supporting 1.8.\nDBPATH=`awk -F= '/^dbpath=/{print $2}' \"$CONFIGFILE\"`\nPIDFILE=`awk -F= '/^dbpath\\s=\\s/{print $2}' \"$CONFIGFILE\"`\nmongod=${MONGOD-/usr/bin/mongos}\n\nMONGO_USER=mongod\nMONGO_GROUP=mongod\n\nif [ -f \"$SYSCONFIG\" ]; then\n . \"$SYSCONFIG\"\nfi\n\n# Handle NUMA access to CPUs (SERVER-3574)\n# This verifies the existence of numactl as well as testing that the command works\nNUMACTL_ARGS=\"--interleave=all\"\nif which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null\nthen\n NUMACTL=\"numactl $NUMACTL_ARGS\"\nelse\n NUMACTL=\"\"\nfi\n\nstart()\n{\n echo -n $\"Starting mongod: \"\n daemon --user \"$MONGO_USER\" $NUMACTL $mongod $OPTIONS\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongos\n}\n\nstop()\n{\n echo -n $\"Stopping mongod: \"\n killproc -p \"$PIDFILE\" -d 300 /usr/bin/mongos\n RETVAL=$?\n echo\n [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongos\n}\n\nrestart () {\n\tstop\n\tstart\n}\n\nulimit -n 12000\nRETVAL=0\n\ncase \"$1\" in\n start)\n start\n ;;\n stop)\n stop\n ;;\n restart|reload|force-reload)\n restart\n ;;\n condrestart)\n [ -f /var/lock/subsys/mongod ] && restart || :\n ;;\n status)\n status $mongod\n RETVAL=$?\n ;;\n *)\n echo \"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}\"\n RETVAL=1\nesac\n\nexit $RETVAL\n\n" }, { "path": "mongodb/roles/mongos/templates/testsharding.j2", "content": "people = [\"Marc\", \"Bill\", \"George\", \"Eliot\", \"Matt\", \"Trey\", \"Tracy\", \"Greg\", \"Steve\", \"Kristina\", \"Katie\", \"Jeff\"];\n\nfor(var i=0; i<100000; i++){\n name = people[Math.floor(Math.random()*people.length)];\n user_id = i;\n boolean = [true, false][Math.floor(Math.random()*2)];\n added_at = new Date();\n number = Math.floor(Math.random()*10001);\n db.test_collection.save({\"name\":name, \"user_id\":user_id, \"boolean\": boolean, \"added_at\":added_at, \"number\":number });\n }\ndb.test_collection.ensureIndex({number:1})\n\n" }, { "path": "mongodb/site.yml", "content": "---\n# This Playbook would deploy the whole mongodb cluster with replication and sharding.\n\n- hosts: all\n roles:\n - role: common\n\n- hosts: mongo_servers\n roles:\n - role: mongod\n\n- hosts: mongoc_servers\n roles:\n - role: mongoc\n\n- hosts: mongos_servers\n roles:\n - role: mongos\n\n- hosts: mongo_servers\n tasks:\n - include: roles/mongod/tasks/shards.yml\n" }, { "path": "phillips_hue/README.md", "content": "## HUE LIGHTS WITH ANSIBLE\n\nThis README written on September 5th, 2018 by [Sean Cavanaugh](https://github.com/ipvsean). The original username feature seems to have been disabled since James Cammarata wrote the original modules and URI based Playbooks in 2016. I updated my Phillips Hue Bulbs to the latest firmware as of this post and made some new Playbooks based off the original Cammarata URI playbooks :)\n\n## PREREQUISITES\n\n- Ansible\n - [Install Guide](https://www.amazon.com/gp/product/B07D1J5QC7/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1)\n- Phillips Hue Lights \n - The kit used for this particular demo was a Philips Hue White and Color Ambiance A19 60W Equivalent LED Smart Light Bulb Starter Kit. The link on Amazon can [be found here](https://www.amazon.com/gp/product/B07D1J5QC7/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1)\n- IP Address of the Hue Controller (known as the bridge).\n - Most home networks will allow you to pin a static IP address to the Hue bridge. I use Google Wifi and this took a couple clicks on my iPhone.\n\nAlso make sure that you can control the lights normally from the free iPhone or Android app. This may require you adding the serial numbers manually which can be found on the side of the bulbs.\n\n## SETUP\n\n### Step 1\n\nOpen up the [username_info.yml](username_info.yml) file and change the IP Address to the IP address of your Hue bridge.\n\n```nano username_info.yml```\n\n```yaml\n---\nusername: FmAXS-XpnLIxBQwyaw1tkIw04YzIt-BIG4YL0v8X\nip_address: \"192.168.86.30\"\nbody_info:\n devicetype: \"Ansible!\"\n```\n\nIgnore the `username` and `body_info` fields. The `username` is automatically generated by the Hue bridge and updated in this file in the following step. The `body_info` is just used to register this particular computer (the computer you are executing Ansible from) in the following step, the `devicetype` could be anything. Please refer to the [getting started guide](https://www.developers.meethue.com/documentation/getting-started) from Phillips for more information.\n\n### Step 2\n\nFor the Playbooks to work correctly you must run the `register.yml` playbook first:\n\n```ansible-playbook register.yml```\n\nThe playbook will run and then prompt you on the terminal window:\n\n```\n[PROMPT USER TO PRESS PHYSICAL BUTTON HUE HUB]\nPress the button on the hub now...:\n```\n\nYou must physically touch the button on the Hue bridge (the top of it where the word PHILLIPS is clearly printed) as a security measure. Press enter on the terminal window after you have pressed the Hue bridge button.\n\nThis will save a unique Hue generated authorized user to `username_info` which will look like a long string of text (e.g. `elY1xx9p5twUBYDjELgMUuQT99kLaVqGT1p0eDrl`).\n\n## PLAYBOOKS \n\nThere are three demo playbooks included. All three of them use the [include_vars](https://docs.ansible.com/ansible/latest/modules/include_vars_module.html) task to grab the IP address and username information from `username_info.yml`. Run them with `ansible-playbook .yml` e.g. `ansible-playbook on_off.yml`.\n\n - `on_off.yml `\n\n This playbook turns off all bulbs that are registered to the Hue bridge. It then prompts the user, and then turns them back on.\n - `ansible_colors.yml `\n\n This playbook cycles all bulbs between Ansible mango and Ansible pool a couple times You can find the [official Ansible colors and logos here](https://www.ansible.com/logos).\n\n - `effect.yml`\n\n This playbook takes all bulbs and puts them into a mode called colorloop where the bulbs will randomly cycle colors. This will happen for 5 seconds then it will turn off the effect.\n\n## DEMONSTRATION\n\n![hue screencast](hue.gif)\n\n## License\n\nGPLv3\n" }, { "path": "phillips_hue/ansible.cfg", "content": "# config file for ansible -- http://ansible.com/\n# ==============================================\n\n# nearly all parameters can be overridden in ansible-playbook\n# or with command line flags. ansible will read ANSIBLE_CONFIG,\n# ansible.cfg in the current working directory, .ansible.cfg in\n# the home directory or /etc/ansible/ansible.cfg, whichever it\n# finds first\n\n[defaults]\n\n# some basic default values...\n\ninventory = hosts\nforks = 50\nhost_key_checking = False\nretry_files_enabled = False\nno_target_syslog = False\ncallback_whitelist = time\n\n[ssh_connection]\nscp_if_ssh = True\n" }, { "path": "phillips_hue/ansible_colors.yml", "content": "- hosts: localhost\n gather_facts: no\n connection: local\n vars:\n ansible_mango:\n \"on\": true\n \"bri\": 254\n \"xy\": [0.5701, 0.313]\n ansible_pool:\n \"on\": true\n \"bri\": 254\n \"xy\": [0.1593, 0.2522]\n tasks:\n - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML\n include_vars:\n file: username_info.yml\n\n - name: GRAB HUE LIGHT INFORMATION\n uri:\n url: \"http://{{ip_address}}/api/{{username}}\"\n method: GET\n body: '{{body_info|to_json}}'\n register: light_info\n\n - name: TURN LIGHTS TO MANGO\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_mango|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n - name: TURN LIGHTS TO POOL\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_pool|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n - name: TURN LIGHTS TO MANGO\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_mango|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n - name: TURN LIGHTS TO POOL\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_pool|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n" }, { "path": "phillips_hue/effect.yml", "content": "- hosts: localhost\n gather_facts: no\n connection: local\n vars:\n ansible_effect:\n \"on\": true\n \"effect\": \"colorloop\"\n ansible_none:\n \"on\": true\n \"effect\": \"none\"\n tasks:\n - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML\n include_vars:\n file: username_info.yml\n\n - name: GRAB HUE LIGHT INFORMATION\n uri:\n url: \"http://{{ip_address}}/api/{{username}}\"\n method: GET\n body: '{{body_info|to_json}}'\n register: light_info\n\n - name: TURN LIGHTS INTO COLORLOOP EFFECT\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_effect|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n # Pause for 10 seconds\n - pause:\n seconds: 5\n\n - name: TURN LIGHTS INTO COLORLOOP EFFECT\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{ansible_none|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n" }, { "path": "phillips_hue/hosts", "content": "localhost\n" }, { "path": "phillips_hue/on_off.yml", "content": "- hosts: localhost\n gather_facts: no\n connection: local\n\n vars:\n off_state:\n \"on\": false\n on_state:\n \"on\": true\n\n tasks:\n - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML\n include_vars:\n file: username_info.yml\n\n - name: GRAB HUE LIGHT INFORMATION\n uri:\n url: \"http://{{ip_address}}/api/{{username}}\"\n method: GET\n body: '{{body_info|to_json}}'\n register: light_info\n\n - name: PRINT DATA TO TERMINAL WINDOW\n debug:\n var: light_info.json.lights\n\n - name: PRINT AMOUNT OF LIGHTS TO TERMINAL WINDOW\n debug:\n msg: \"THERE ARE {{light_info.json.lights | length}} HUE LIGHTS PRESENT\"\n\n # - name: PRINT OUT LOOP VARS\n # debug:\n # msg: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n # loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n - name: TURN LIGHTS OFF\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{off_state|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n\n - name: PROMPT USER TO TURN BACK ON\n pause:\n prompt: \"Turn them back on?\"\n\n - name: TURN LIGHTS ON\n uri:\n url: \"http://{{ip_address}}/api/{{username}}/lights/{{item}}/state\"\n method: PUT\n body: '{{on_state|to_json}}'\n loop: \"{{ range(1, light_info.json.lights | length + 1)|list }}\"\n" }, { "path": "phillips_hue/register.yml", "content": "- hosts: localhost\n gather_facts: no\n connection: local\n\n tasks:\n\n - name: PROMPT USER TO PRESS PHYSICAL BUTTON HUE HUB\n pause:\n prompt: \"Press the button on the hub now...\"\n\n - name: INCLUDE IP ADDRESS FROM username_info.yml\n include_vars:\n file: username_info.yml\n\n - name: GRAB UNIQUE USERNAME\n uri:\n url: \"http://{{ip_address}}/api\"\n method: POST\n body: '{{body_info|to_json}}'\n register: username_info\n\n - name: PRINT DATA TO TERMINAL WINDOW\n debug:\n var: username_info.json\n - lineinfile:\n path: \"./username_info.yml\"\n regexp: '^username'\n insertafter: EOF\n line: 'username: {{username_info.json[0][\"success\"][\"username\"]}}'\n" }, { "path": "phillips_hue/username_info.yml", "content": "---\nusername: elY1xx9p5twUBYDjELgMUuQT99kLaVqGT1p0eDrl\nip_address: \"192.168.86.30\"\nbody_info:\n devicetype: \"Ansible!\"\n" }, { "path": "rust-module-hello-world/Makefile", "content": ".PHONY: all clean rust\n\nall: rust\n\nclean:\n\trm -f library/rust_helloworld\n\tcd module-src && \\\n\tcargo clean\n\nrust:\n\tcd module-src && \\\n\tcargo build && \\\n\tcp -v target/debug/helloworld ../library/rust_helloworld\n" }, { "path": "rust-module-hello-world/library/.gitignore", "content": "!/.gitignore\n/.*\n/*\n" }, { "path": "rust-module-hello-world/module-src/Cargo.toml", "content": "[package]\nname = \"helloworld\"\nversion = \"0.1.0\"\nauthors = [\"Sviatoslav Sydorenko \"]\n\n[dependencies]\nserde = \"1.0.66\"\nserde_derive = \"1.0.66\"\nserde_json = \"1.0.20\"\n" }, { "path": "rust-module-hello-world/module-src/src/main.rs", "content": "extern crate serde;\nextern crate serde_json;\n\nuse std::env;\nuse std::fs::File;\nuse std::io::prelude::*;\nuse std::process;\n\n#[macro_use]\nextern crate serde_derive;\n\nuse serde_json::Error;\n\n\nfn default_name_arg() -> String {\n String::from(\"World\")\n}\n\n\n#[derive(Serialize, Deserialize)]\nstruct ModuleArgs {\n #[serde(default = \"default_name_arg\")]\n name: String,\n}\n\n\n#[derive(Clone, Serialize, Deserialize)]\nstruct Response {\n\tmsg: String,\n\tchanged: bool,\n\tfailed: bool,\n}\n\n\nfn exit_json(response_body: Response) {\n\treturn_response(response_body)\n}\n\n\nfn fail_json(response_body: Response) {\n let failed_response = &mut response_body.clone();\n\tfailed_response.failed = true;\n\treturn_response(failed_response.clone())\n}\n\n\nfn return_response(resp: Response) {\n println!(\"{}\", serde_json::to_string(&resp).unwrap());\n process::exit(resp.failed as i32);\n}\n\n\nfn read_file_contents(file_name: &str) -> Result> {\n let mut json_string = String::new();\n File::open(file_name)?.read_to_string(&mut json_string)?;\n Ok(json_string)\n}\n\n\nfn parse_module_args(json_input: String) -> Result {\n Ok(\n ModuleArgs::from(\n serde_json::from_str(\n json_input.as_str()\n )?\n )\n )\n}\n\n\nfn main() {\n let args: Vec = env::args().collect();\n let program = &args[0];\n let input_file_name = match args.len() {\n 2 => &args[1],\n _ => {\n eprintln!(\"module '{}' expects exactly one argument!\", program);\n fail_json(Response {\n msg: \"No module arguments file provided\".to_owned(),\n changed: false,\n failed: true,\n });\n \"\"\n }\n };\n let json_input = read_file_contents(input_file_name).map_err(|err| {\n eprintln!(\"Could not read file '{}': {}\", input_file_name, err);\n fail_json(Response {\n msg: format!(\"Could not read input JSON file '{}': {}\", input_file_name, err),\n changed: false,\n failed: true,\n })\n }).unwrap();\n let module_args = parse_module_args(json_input).map_err(|err| {\n eprintln!(\"Error during parsing JSON module arguments: {}\", err);\n fail_json(Response {\n msg: format!(\"Malformed input JSON module arguments: {}\", err),\n changed: false,\n failed: true,\n })\n }).unwrap();\n exit_json(Response {\n msg: format!(\"Hello, {}!\", module_args.name.as_str()),\n changed: true,\n failed: false,\n });\n}\n" }, { "path": "rust-module-hello-world/module-src/target/.gitignore", "content": "!/.gitignore\n/.*\n/*\n" }, { "path": "rust-module-hello-world/rust.yml", "content": "---\n- hosts: localhost\n tasks:\n - debug:\n msg: Testing a binary module written in Rust\n \n - debug:\n var: ansible_system\n \n - name: ping\n ping:\n \n - name: Hello, World!\n rust_helloworld:\n register: hello_world\n \n - assert:\n that:\n - >\n hello_world.msg == \"Hello, World!\"\n \n - name: Hello, Ansible!\n rust_helloworld:\n name: Ansible\n register: hello_ansible\n \n - assert:\n that:\n - >\n hello_ansible.msg == \"Hello, Ansible!\"\n \n - name: Async Hello, World!\n rust_helloworld:\n async: 10\n poll: 1\n register: async_hello_world\n \n - assert:\n that:\n - >\n async_hello_world.msg == \"Hello, World!\"\n \n - name: Async Hello, Ansible!\n rust_helloworld:\n name: Ansible\n async: 10\n poll: 1\n register: async_hello_ansible\n \n - assert:\n that:\n - >\n async_hello_ansible.msg == \"Hello, Ansible!\"\n" }, { "path": "tomcat-memcached-failover/LICENSE.md", "content": "Copyright (c) 2015 Cuong Nguyen\n\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n" }, { "path": "tomcat-memcached-failover/README.md", "content": "## Tomcat failover with Memcached + Memcached Session Manager + Nginx (load balancer)\n\n- Tested on Ansible 1.9.3 for Debian\n- Expects hosts: CentOS 6.x\n\nThis playbook deploys a failover solution for clustered Tomcat using Nginx as load balancer and Memcached + MSM as session manager.\n\n- Nginx: balances the requests by round robin.\n- Memcached: stores `sessionid` of tomcat.\n- MSM: manages tomcat session.\n\nFor more detail about session management, see https://github.com/magro/memcached-session-manager\n\nThis playbook also deploys a [demo web app](https://github.com/magro/msm-sample-webapp) to test the session management.\n\n\n## Initial setup of inventory file\n\n```\n[lb_servers]\nlbserver\n\n[backend_servers]\ntomcat_server_1\ntomcat_server_2\n\n[memcached_servers]\ncached_server1\ncached_server2\n```\n\nEdit inventory file `hosts` to suit your requirements and run playbook:\n\n```\n $ ansible-playbook -i hosts site.yml\n```\n\nWhen finished, open web browser and access to http://nginx_ip/ to start testing.\n\n## Ideas and improvements\n\n- Setup SSL for load balancer.\n- HA load balancer.\n- Hardening iptables rules.\n\nPull requests are welcome.\n\n## License\n\nThis work is licensed under MIT license.\n" }, { "path": "tomcat-memcached-failover/group_vars/all", "content": "# Java variables\n\n# Nginx variables\nnginx_http_port: 80\n# nginx_https_port: 443\n\n# Tomcat variables\ntomcat_http_port: 8080\ntomcat_https_port: 8443\n\n# Memcached variables\nmemcached_port: 11211\n" }, { "path": "tomcat-memcached-failover/hosts", "content": "[lb_servers]\nlbserver\n\n[backend_servers]\ntomcat_server_1\ntomcat_server_2\n\n[memcached_servers]\ncached_server1\ncached_server2\n" }, { "path": "tomcat-memcached-failover/roles/common/handlers/main.yml", "content": "---\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "tomcat-memcached-failover/roles/common/tasks/main.yml", "content": "---\n- name: Install libselinux-python\n yum: name=libselinux-python state=present\n\n- name: Install GPG key for EPEL\n get_url: url=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\n\n- name: Install EPEL repository\n yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present\n\n- name: Setup Iptables rules\n template: src=iptables.j2 dest=/etc/sysconfig/iptables\n notify: restart iptables\n" }, { "path": "tomcat-memcached-failover/roles/common/templates/iptables.j2", "content": "# {{ ansible_managed }}\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n\n{% if (inventory_hostname in groups['lb_servers']) %}\n-A INPUT -p tcp --dport {{ nginx_http_port }} -j ACCEPT\n{% endif %}\n\n{% if inventory_hostname in groups['backend_servers'] %}\n-A INPUT -p tcp --dport {{ tomcat_http_port }} -j ACCEPT\n-A INPUT -p tcp --dport {{ tomcat_https_port }} -j ACCEPT\n{% endif %}\n\n{% if inventory_hostname in groups['memcached_servers'] %}\n-A INPUT -p tcp --dport {{ memcached_port }} -j ACCEPT\n{% endif %}\n\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\nCOMMIT\n" }, { "path": "tomcat-memcached-failover/roles/lb-nginx/handlers/main.yml", "content": "---\n- name: restart nginx\n service: name=nginx state=restarted\n" }, { "path": "tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml", "content": "---\n - name: Install nginx\n yum: name=nginx state=present\n\n - name: Deliver main configuration file\n template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf\n notify: restart nginx\n\n - name: Copy configuration file to nginx/sites-avaiable\n template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf\n notify: restart nginx\n\n - name: Make sure nginx start with boot\n service: name=nginx state=started enabled=yes\n" }, { "path": "tomcat-memcached-failover/roles/lb-nginx/templates/default.conf.j2", "content": "upstream tomcat {\n{% for host in groups['backend_servers'] %}\n server {{ host }}:{{ tomcat_http_port }};\n{% endfor %}\n}\n\nserver {\n listen 80 default_server;\n server_name {{ inventory_hostname }};\n include /etc/nginx/default.d/*.conf;\n\n location / {\n proxy_pass http://tomcat;\n }\n\n}\n" }, { "path": "tomcat-memcached-failover/roles/lb-nginx/templates/nginx.conf.j2", "content": "# For more information on configuration, see:\n# * Official English Documentation: http://nginx.org/en/docs/\n# * Official Russian Documentation: http://nginx.org/ru/docs/\n\nuser nginx;\nworker_processes 1;\n\nerror_log /var/log/nginx/error.log;\n#error_log /var/log/nginx/error.log notice;\n#error_log /var/log/nginx/error.log info;\n\npid /var/run/nginx.pid;\n\n\nevents {\n worker_connections 1024;\n}\n\n\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n\n log_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n '$status $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n access_log /var/log/nginx/access.log main;\n\n sendfile on;\n #tcp_nopush on;\n\n #keepalive_timeout 0;\n keepalive_timeout 65;\n\n #gzip on;\n\n # Load config files from the /etc/nginx/conf.d directory\n # The default server is in conf.d/default.conf\n include /etc/nginx/conf.d/*.conf;\n\n}\n" }, { "path": "tomcat-memcached-failover/roles/memcached/handlers/main.yml", "content": "---\n- name: restart memcached\n service: name=memcached state=restarted\n" }, { "path": "tomcat-memcached-failover/roles/memcached/tasks/main.yml", "content": "---\n- name: Install memcached\n yum: name=memcached state=present\n\n- name: Deliver configuration file\n template: src=memcached.conf.j2 dest=/etc/sysconfig/memcached backup=yes\n notify: restart memcached\n\n- name: Deliver init script\n template: src=init.sh.j2 dest=/etc/init.d/memcached mode=0755\n notify: restart memcached\n\n- name: Start memcached service\n service: name=memcached state=started enabled=yes\n" }, { "path": "tomcat-memcached-failover/roles/memcached/templates/init.sh.j2", "content": "#! /bin/sh\n#\n# chkconfig: - 55 45\n# description:\tThe memcached daemon is a network memory cache service.\n# processname: memcached\n# config: /etc/sysconfig/memcached\n# pidfile: /var/run/memcached/memcached.pid\n\n# Standard LSB functions\n#. /lib/lsb/init-functions\n\n# Source function library.\n. /etc/init.d/functions\n\nPORT=11211\nUSER=memcached\nMAXCONN=1024\nCACHESIZE=64\nOPTIONS=\"\"\n\nif [ -f /etc/sysconfig/memcached ];then\n\t. /etc/sysconfig/memcached\nfi\n\n# Check that networking is up.\n. /etc/sysconfig/network\n\nif [ \"$NETWORKING\" = \"no\" ]\nthen\n\texit 0\nfi\n\nRETVAL=0\nprog=\"memcached\"\npidfile=${PIDFILE-/var/run/memcached/memcached.pid}\nlockfile=${LOCKFILE-/var/lock/subsys/memcached}\n\nstart () {\n\techo -n $\"Starting $prog: \"\n\t# Ensure that /var/run/memcached has proper permissions\n\tif [ \"`stat -c %U /var/run/memcached`\" != \"$USER\" ]; then\n\t\tchown $USER /var/run/memcached\n\tfi\n\n#\tdaemon --pidfile ${pidfile} memcached -d -p $PORT -u $USER -m $CACHESIZE -c $MAXCONN -P ${pidfile} $OPTIONS \ndaemon --pidfile ${pidfile} memcached -d -p $PORT -u $USER -m $CACHESIZE -c $MAXCONN -P ${pidfile} $OPTIONS -vv > $LOGFILE 2>&1\n\tRETVAL=$?\n\techo\n\t[ $RETVAL -eq 0 ] && touch ${lockfile}\n}\nstop () {\n\techo -n $\"Stopping $prog: \"\n\tkillproc -p ${pidfile} /usr/bin/memcached\n\tRETVAL=$?\n\techo\n\tif [ $RETVAL -eq 0 ] ; then\n\t\trm -f ${lockfile} ${pidfile}\n\tfi\n}\n\nrestart () {\n stop\n start\n}\n\n\n# See how we were called.\ncase \"$1\" in\n start)\n\tstart\n\t;;\n stop)\n\tstop\n\t;;\n status)\n\tstatus -p ${pidfile} memcached\n\tRETVAL=$?\n\t;;\n restart|reload|force-reload)\n\trestart\n\t;;\n condrestart|try-restart)\n\t[ -f ${lockfile} ] && restart || :\n\t;;\n *)\n\techo $\"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|try-restart}\"\n\tRETVAL=2\n ;;\nesac\n\nexit $RETVAL\n" }, { "path": "tomcat-memcached-failover/roles/memcached/templates/memcached.conf.j2", "content": "# Running on Port 11211\nPORT=\"{{ memcached_port }}\"\n\n# Start as memcached daemon\nUSER=\"memcached\"\n\n# Set max simultaneous connections to 1024\nMAXCONN=\"1024\"\n\n# Set log file\nLOGFILE=\"/var/log/memcached.log\"\n\n# Set Memory size to half of all memory\nCACHESIZE=\"{{ ansible_memtotal_mb / 2 }}\"\n\n#Set server IP address\nOPTIONS=\"-l {{ ansible_default_ipv4['address'] }}\"\n" }, { "path": "tomcat-memcached-failover/roles/tomcat/handlers/main.yml", "content": "---\n- name: restart tomcat\n service: name=tomcat state=restarted\n" }, { "path": "tomcat-memcached-failover/roles/tomcat/tasks/main.yml", "content": "---\n - name: Install OpenJDK\n yum: name=java-1.7.0-openjdk state=present\n\n - name: Install Tomcat\n yum: name=tomcat state=present\n\n - name: Deliver configuration files for tomcat\n template: src={{ item.src }} dest={{ item.dest }} backup=yes\n with_items:\n - { src: 'default.j2', dest: '/etc/tomcat/default' }\n - { src: 'server.xml.j2', dest: '/etc/tomcat/server.xml' }\n - { src: 'context.xml.j2', dest: '/etc/tomcat/context.xml' }\n notify: restart tomcat\n\n - name: Deliver libraries support memcached\n get_url: url=\"{{ item }}\" dest=/usr/share/tomcat/lib/\n with_items:\n - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/1.8.0/memcached-session-manager-1.8.0.jar\n - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc7/1.8.0/memcached-session-manager-tc7-1.8.0.jar\n - https://spymemcached.googlecode.com/files/spymemcached-2.10.2.jar\n\n - name: Deploy sample app\n copy: src=msm-sample-webapp-1.0-SNAPSHOT.war dest=/var/lib/tomcat/webapps/ROOT.war owner=tomcat group=tomcat\n\n - name: Start tomcat service\n service: name=tomcat state=started enabled=yes\n" }, { "path": "tomcat-memcached-failover/roles/tomcat/templates/context.xml.j2", "content": "\n\n\n\n\n \n WEB-INF/web.xml\n\n \n \n \n \n \n\n\n" }, { "path": "tomcat-memcached-failover/roles/tomcat/templates/default.j2", "content": "# Service-specific configuration file for tomcat. This will be sourced by\n# the SysV init script after the global configuration file\n# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in\n# a per-service manner.\n#\n# NEVER change the init script itself. To change values for all services make\n# your changes in /etc/tomcat/tomcat.conf\n#\n# To change values for a specific service make your edits here.\n# To create a new service create a link from /etc/init.d/ to\n# /etc/init.d/tomcat (do not copy the init script) and make a copy of the\n# /etc/sysconfig/tomcat file to /etc/sysconfig/ and change\n# the property values so the two services won't conflict. Register the new\n# service in the system as usual (see chkconfig and similars).\n#\n\n# Where your java installation lives\n#JAVA_HOME=\"/usr/lib/jvm/java\"\n\n# Where your tomcat installation lives\n#CATALINA_BASE=\"/usr/share/tomcat\"\n#CATALINA_HOME=\"/usr/share/tomcat\"\n#JASPER_HOME=\"/usr/share/tomcat\"\n#CATALINA_TMPDIR=\"/var/cache/tomcat/temp\"\n\n# You can pass some parameters to java here if you wish to\n#JAVA_OPTS=\"-Xminf0.1 -Xmaxf0.3\"\n\n# Use JAVA_OPTS to set java.library.path for libtcnative.so\n#JAVA_OPTS=\"-Djava.library.path=/usr/lib\"\n\n# What user should run tomcat\n#TOMCAT_USER=\"tomcat\"\n\n# You can change your tomcat locale here\n#LANG=\"en_US\"\n\n# Run tomcat under the Java Security Manager\n#SECURITY_MANAGER=\"false\"\n\n# Time to wait in seconds, before killing process\n#SHUTDOWN_WAIT=\"30\"\n\n# Whether to annoy the user with \"attempting to shut down\" messages or not\n#SHUTDOWN_VERBOSE=\"false\"\n\n# Set the TOMCAT_PID location\n#CATALINA_PID=\"/var/run/tomcat.pid\"\n\n# Connector port is 8080 for this tomcat instance\n#CONNECTOR_PORT=\"8080\"\n\n# If you wish to further customize your tomcat environment,\n# put your own definitions here\n# (i.e. LD_LIBRARY_PATH for some jdbc drivers)\n" }, { "path": "tomcat-memcached-failover/roles/tomcat/templates/server.xml.j2", "content": "\n\n\n\n \n \n \n \n \n \n \n \n \n\n \n \n \n \n \n\n \n \n\n \n \n\n\n \n \n \n \n \n \n\n \n \n\n\n \n\n \n \n\n \n \n\n \n \n \n \n \n\n \n\n \n \n\n \n \n\n \n \n \n\n" }, { "path": "tomcat-memcached-failover/site.yml", "content": "---\n- hosts: all\n remote_user: root\n roles:\n - common\n\n- hosts: lb_servers\n remote_user: root\n roles:\n - lb-nginx\n\n- hosts: backend_servers\n remote_user: root\n roles:\n - tomcat\n\n- hosts: memcached_servers\n remote_user: root\n roles:\n - memcached\n" }, { "path": "tomcat-standalone/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "tomcat-standalone/README.md", "content": "## Standalone Tomcat Deployment\n\n- Requires Ansible 1.2 or newer\n- Expects CentOS/RHEL 6.x hosts\n\nThese playbooks deploy a very basic implementation of Tomcat Application Server,\nversion 7. To use them, first edit the `hosts` inventory file to contain the\nhostnames of the machines on which you want Tomcat deployed, and edit the \ngroup_vars/tomcat-servers file to set any Tomcat configuration parameters you need.\n\nThen run the playbook, like this:\n\n\tansible-playbook -i hosts site.yml\n\nWhen the playbook run completes, you should be able to see the Tomcat\nApplication Server running on the ports you chose, on the target machines.\n\nThis is a very simple playbook and could serve as a starting point for more\ncomplex Tomcat-based projects. \n\n### Ideas for Improvement\n\nHere are some ideas for ways that these playbooks could be extended:\n\n- Write a playbook to deploy an actual application into the server.\n- Deploy Tomcat clustered with a load balancer in front.\n\nWe would love to see contributions and improvements, so please fork this\nrepository on GitHub and send us your changes via pull requests.\n" }, { "path": "tomcat-standalone/group_vars/tomcat-servers", "content": "# Here are variables related to the Tomcat installation\n\nhttp_port: 8080\nhttps_port: 8443\n\n# This will configure a default manager-gui user:\n\nadmin_username: admin\nadmin_password: adminsecret\n" }, { "path": "tomcat-standalone/hosts", "content": "[tomcat-servers]\nwebserver1\n" }, { "path": "tomcat-standalone/roles/selinux/tasks/main.yml", "content": "---\n# Download and install EPEL for Centos/RHEL version 6\n- name: Download EPEL Repo - Centos/RHEL 6\n get_url: url=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm dest=/tmp/epel-release-latest-6.noarch.rpm\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'\"\n\n- name: Install EPEL Repo - Centos/RHEL 6\n command: rpm -ivh /tmp/epel-release-latest-6.noarch.rpm creates=/etc/yum.repos.d/epel.repo\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'\"\n\n# Download and install EPEL for Centos/RHEL version 7\n- name: Download EPEL Repo - Centos/RHEL 7\n get_url: url=http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm dest=/tmp/epel-release-latest-7.noarch.rpm\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'\"\n\n- name: Install EPEL Repo - Centos/RHEL 7\n command: rpm -ivh /tmp/epel-release-latest-7.noarch.rpm creates=/etc/yum.repos.d/epel.repo\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'\"\n\n- name: Install libselinux-python\n yum: name=libselinux-python\n" }, { "path": "tomcat-standalone/roles/tomcat/files/tomcat-initscript.sh", "content": "#!/bin/bash\n#\n# chkconfig: 345 99 28\n# description: Starts/Stops Apache Tomcat\n#\n# Tomcat 7 start/stop/status script\n# Forked from: https://gist.github.com/valotas/1000094\n# @author: Miglen Evlogiev \n#\n# Release updates:\n# Updated method for gathering pid of the current proccess\n# Added usage of CATALINA_BASE\n# Added coloring and additional status\n# Added check for existence of the tomcat user\n#\n \n#Location of JAVA_HOME (bin files)\nexport JAVA_HOME=/usr/lib/jvm/jre\n \n#Add Java binary files to PATH\nexport PATH=$JAVA_HOME/bin:$PATH\n \n#CATALINA_HOME is the location of the bin files of Tomcat \nexport CATALINA_HOME=/usr/share/tomcat \n \n#CATALINA_BASE is the location of the configuration files of this instance of Tomcat\nexport CATALINA_BASE=/usr/share/tomcat\n \n#TOMCAT_USER is the default user of tomcat\nexport TOMCAT_USER=tomcat\n \n#TOMCAT_USAGE is the message if this script is called without any options\nTOMCAT_USAGE=\"Usage: $0 {\\e[00;32mstart\\e[00m|\\e[00;31mstop\\e[00m|\\e[00;32mstatus\\e[00m|\\e[00;31mrestart\\e[00m}\"\n \n#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop\nSHUTDOWN_WAIT=20\n \ntomcat_pid() {\n echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s \" \"|cut -d\" \" -f2`\n}\n \nstart() {\n pid=$(tomcat_pid)\n if [ -n \"$pid\" ]\n then\n echo -e \"\\e[00;31mTomcat is already running (pid: $pid)\\e[00m\"\n else\n # Start tomcat\n echo -e \"\\e[00;32mStarting tomcat\\e[00m\"\n #ulimit -n 100000\n #umask 007\n #/bin/su -p -s /bin/sh tomcat\n if [ `user_exists $TOMCAT_USER` = \"1\" ]\n then\n su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh\n else\n sh $CATALINA_HOME/bin/startup.sh\n fi\n status\n fi\n return 0\n}\n \nstatus(){\n pid=$(tomcat_pid)\n if [ -n \"$pid\" ]; then echo -e \"\\e[00;32mTomcat is running with pid: $pid\\e[00m\"\n else echo -e \"\\e[00;31mTomcat is not running\\e[00m\"\n fi\n}\n \nstop() {\n pid=$(tomcat_pid)\n if [ -n \"$pid\" ]\n then\n echo -e \"\\e[00;31mStoping Tomcat\\e[00m\"\n #/bin/su -p -s /bin/sh tomcat\n sh $CATALINA_HOME/bin/shutdown.sh\n \n let kwait=$SHUTDOWN_WAIT\n count=0;\n until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]\n do\n echo -n -e \"\\n\\e[00;31mwaiting for processes to exit\\e[00m\";\n sleep 1\n let count=$count+1;\n done\n \n if [ $count -gt $kwait ]; then\n echo -n -e \"\\n\\e[00;31mkilling processes which didn't stop after $SHUTDOWN_WAIT seconds\\e[00m\"\n kill -9 $pid\n fi\n else\n echo -e \"\\e[00;31mTomcat is not running\\e[00m\"\n fi\n \n return 0\n}\n \nuser_exists(){\n if id -u $1 >/dev/null 2>&1; then\n echo \"1\"\n else\n echo \"0\"\n fi\n}\n \ncase $1 in\n \n start)\n start\n ;;\n \n stop) \n stop\n ;;\n \n restart)\n stop\n start\n ;;\n \n status)\n status\n \n ;;\n \n *)\n echo -e $TOMCAT_USAGE\n ;;\nesac \nexit 0\n" }, { "path": "tomcat-standalone/roles/tomcat/handlers/main.yml", "content": "---\n- name: restart tomcat\n service: name=tomcat state=restarted\n\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "tomcat-standalone/roles/tomcat/tasks/main.yml", "content": "---\r\n- name: Install Java 1.7\r\n yum: name=java-1.7.0-openjdk state=present\r\n\r\n- name: add group \"tomcat\"\r\n group: name=tomcat\r\n\r\n- name: add user \"tomcat\"\r\n user: name=tomcat group=tomcat home=/usr/share/tomcat createhome=no\r\n become: True\r\n become_method: sudo\r\n\r\n- name: Download Tomcat\r\n get_url: url=http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.61/bin/apache-tomcat-7.0.61.tar.gz dest=/opt/apache-tomcat-7.0.61.tar.gz\r\n\r\n- name: Extract archive\r\n command: chdir=/usr/share /bin/tar xvf /opt/apache-tomcat-7.0.61.tar.gz -C /opt/ creates=/opt/apache-tomcat-7.0.61\r\n\r\n- name: Symlink install directory\r\n file: src=/opt/apache-tomcat-7.0.61 path=/usr/share/tomcat state=link\r\n\r\n- name: Change ownership of Tomcat installation\r\n file: path=/usr/share/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes\r\n\r\n- name: Configure Tomcat server\r\n template: src=server.xml dest=/usr/share/tomcat/conf/\r\n notify: restart tomcat\r\n\r\n- name: Configure Tomcat users\r\n template: src=tomcat-users.xml dest=/usr/share/tomcat/conf/\r\n notify: restart tomcat\r\n\r\n- name: Install Tomcat init script\r\n copy: src=tomcat-initscript.sh dest=/etc/init.d/tomcat mode=0755\r\n\r\n- name: Start Tomcat\r\n service: name=tomcat state=started enabled=yes\r\n\r\n- name: deploy iptables rules\r\n template: src=iptables-save dest=/etc/sysconfig/iptables\r\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'\"\r\n notify: restart iptables\r\n\r\n- name: insert firewalld rule for tomcat http port\r\n firewalld: port={{ http_port }}/tcp permanent=true state=enabled immediate=yes\r\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'\"\r\n\r\n- name: insert firewalld rule for tomcat https port\r\n firewalld: port={{ https_port }}/tcp permanent=true state=enabled immediate=yes\r\n when: \"ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'\"\r\n\r\n- name: wait for tomcat to start\r\n wait_for: port={{http_port}}\r\n" }, { "path": "tomcat-standalone/roles/tomcat/templates/iptables-save", "content": "# {{ ansible_managed }}\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [4:512]\n-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ http_port }} -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ https_port }} -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n" }, { "path": "tomcat-standalone/roles/tomcat/templates/server.xml", "content": "\n\n\n\n\n\n\n \n \n \n \n \n \n \n \n \n\n \n \n \n \n \n\n \n \n\n \n \n\n\n \n \n \n \n \n \n\n \n \n\n\n \n\n \n \n\n \n \n\n \n \n \n \n \n\n \n\n \n \n\n \n \n\n \n \n \n\n" }, { "path": "tomcat-standalone/roles/tomcat/templates/tomcat-users.xml", "content": "\n\n\n\n\n\n\n\n\n \n\n\n\n\n" }, { "path": "tomcat-standalone/site.yml", "content": "---\n# This playbook deploys a simple standalone Tomcat 7 server.\n\n- hosts: tomcat-servers\n remote_user: root\n become: yes\n become_method: sudo\n\n roles:\n - selinux\n - tomcat\n" }, { "path": "windows/create-user.yml", "content": "---\n- name: Add a user\n hosts: all\n gather_facts: false\n tasks:\n - name: Add User\n win_user:\n name: ansible\n password: \"@ns1bl3\"\n state: present\n" }, { "path": "windows/deploy-site.yml", "content": "---\n# This playbook uses the win_get_url module to download a simple HTML file for IIS\n- name: Download simple web site \n hosts: all \n\n gather_facts: false\n tasks:\n - name: Download simple web site to 'C:\\inetpub\\wwwroot\\ansible.html'\n win_get_url:\n url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html'\n dest: 'C:\\inetpub\\wwwroot\\ansible.html'\n" }, { "path": "windows/enable-iis.yml", "content": "---\n# This playbook installs and enables IIS on Windows hosts\n\n- name: Install IIS\n hosts: all\n gather_facts: false\n tasks:\n - name: Install IIS\n win_feature:\n name: \"Web-Server\"\n state: present\n restart: yes\n include_sub_features: yes\n include_management_tools: yes\n" }, { "path": "windows/files/helloworld.ps1", "content": "# Filename: helloworld.ps1\nWrite-Host\nWrite-Host 'Hello World!'\nWrite-Host \"Good-bye World! `n\"\n# end of script\n" }, { "path": "windows/install-msi.yml", "content": "---\n- name: Install Apache from an MSI \n hosts: all \n \n tasks:\n - name: Download the Apache installer\n win_get_url:\n url: 'http://mirror.cc.columbia.edu/pub/software/apache//httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi'\n dest: 'C:\\Users\\Administrator\\Downloads\\httpd-2.2.25-win32-x86-no_ssl.msi'\n\n - name: Install MSI\n win_package: \n path: 'C:\\Users\\Administrator\\Downloads\\httpd-2.2.25-win32-x86-no_ssl.msi'\n state: present\n \n" }, { "path": "windows/ping.yml", "content": "---\n# This playbook uses the win_ping module to test connectivity to Windows hosts\n- name: Ping \n hosts: all \n\n tasks:\n - name: ping\n win_ping:\n\n" }, { "path": "windows/run-powershell.yml", "content": "---\n# This playbook tests the script module on Windows hosts\n\n- name: Run powershell script\n hosts: all \n gather_facts: false\n tasks:\n - name: Run powershell script\n script: files/helloworld.ps1\n" }, { "path": "windows/test.yml", "content": "---\n- name: test raw module\n hosts: all \n tasks:\n - name: run ipconfig\n raw: ipconfig\n register: ipconfig\n - debug: var=ipconfig\n\n- name: test stat module\n hosts: windows\n tasks:\n - name: test stat module on file\n win_stat: path=\"C:/Windows/win.ini\"\n register: stat_file\n\n - debug: var=stat_file\n\n - name: check stat_file result\n assert:\n that:\n - \"stat_file.stat.exists\"\n - \"not stat_file.stat.isdir\"\n - \"stat_file.stat.size > 0\"\n - \"stat_file.stat.md5\"\n" }, { "path": "windows/wamp_haproxy/demo-aws-wamp-launch.yml", "content": "---\n#Provision some instances:\n- hosts: localhost\n connection: local\n gather_facts: False\n\n vars_files:\n - group_vars/all\n \n tasks:\n - name: Launch webserver instances\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"ami-0d789266\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'windows_webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"{{ ec2_instance_count }}\"\n wait=true\n register: ec2\n\n tags:\n - web\n\n - name: Launch database instance\n ec2: >\n access_key=\"{{ ec2_access_key }}\"\n secret_key=\"{{ ec2_secret_key }}\"\n keypair=\"{{ ec2_keypair }}\"\n group=\"{{ ec2_security_group }}\"\n type=\"{{ ec2_instance_type }}\"\n image=\"ami-17d66f7c\"\n region=\"{{ ec2_region }}\"\n instance_tags=\"{'ansible_group':'windows_dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}\"\n count=\"1\"\n wait=true\n register: ec2\n\n tags:\n - db\n\n - name: Wait for WinRM to come up\n local_action: wait_for host={{ item.public_dns_name }}\n port=5986 delay=60 timeout=320 state=started\n with_items: ec2.instances\n\n tags:\n - web\n - db\n\n" }, { "path": "windows/wamp_haproxy/group_vars/all", "content": "---\nec2_access_key: \nec2_secret_key: \nec2_region: us-east-1 \nec2_zone: \nec2_image: ami-bc8131d4 \nec2_instance_type: m1.small \nec2_keypair: djohnson \nec2_security_group: default\nec2_instance_count: 3\n\ntower_user_name: admin\n" }, { "path": "windows/wamp_haproxy/group_vars/windows_dbservers", "content": "---\n# The variables file used by the playbooks in the dbservers group.\n# These don't have to be explicitly imported by vars_files: they are autopopulated.\n\nsql_port: 3306\ndbuser: root\ndbname: foodb\nupassword: abc\n" }, { "path": "windows/wamp_haproxy/group_vars/windows_webservers", "content": "---\n# Variables for the web server configuration\n\n# Ethernet interface on which the web server should listen.\n# Defaults to the first interface. Change this to:\n#\n# iface: eth1\n#\n# ...to override.\n#\niface: '{{ ansible_default_ipv4.interface }}'\n\n# this is the repository that holds our sample webapp\nrepository: https://github.com/bennojoy/mywebapp.git\n\n# this is the sha1sum of V5 of the test webapp.\nwebapp_version: 351e47276cc66b018f4890a04709d4cc3d3edb0d\n" }, { "path": "windows/wamp_haproxy/roles/elb/tasks/main.yml", "content": "---\n# This role creates the AWS ELB and configures it.\n- name: Create the ELB in AWS\n ec2_elb_lb:\n name: \"ansible-windows-demo-lb\"\n state: present\n region: us-east-1\n zones:\n - us-east-1b\n - us-east-1d\n - us-east-1e\n listeners:\n - protocol: http # options are http, https, ssl, tcp\n load_balancer_port: 80\n instance_port: 80\n\n" }, { "path": "windows/wamp_haproxy/roles/iis/tasks/main.yml", "content": "---\n# This playbook installs and enables IIS on Windows hosts\n- name: Install IIS\n win_feature:\n name: \"Web-Server\"\n state: present\n restart: yes\n include_sub_features: yes\n include_management_tools: yes\n" }, { "path": "windows/wamp_haproxy/roles/mssql/files/create-db.ps1", "content": "# Create the database\nset-psdebug -strict\n$error[0]|format-list -force\n[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | out-null\n$srv = new-Object Microsoft.SqlServer.Management.Smo.Server(\"(local)\")\n$db = New-Object Microsoft.SqlServer.Management.Smo.Database($srv, \"Ansible Demo DB\")\n$db.Create()\n\n" }, { "path": "windows/wamp_haproxy/roles/mssql/tasks/main.yml", "content": "---\n# This role will create the DB for MS SQL \n\n#- name: Copy the database creation script\n# win_copy: src=create-db.ps1 dest=c:\\create-db.ps1\n\n- name: Create Application Database\n script: \"create-db.ps1\"\n\n\n \n" }, { "path": "windows/wamp_haproxy/roles/web/tasks/main.yml", "content": "---\n# This playbook uses the win_get_url module to download a simple HTML file for IIS\n\n- name: Download simple web site to 'C:\\inetpub\\wwwroot\\ansible.html'\n win_get_url:\n url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html'\n dest: 'C:\\inetpub\\wwwroot\\ansible.html'\n" }, { "path": "windows/wamp_haproxy/rolling_update.yml", "content": "---\n# This playbook does a rolling update for all webservers serially (one at a time).\n# Change the value of serial: to adjust the number of server to be updated.\n#\n# The three roles that apply to the webserver hosts will be applied: web\n\n- hosts: tag_ansible_group_windows_webservers\n serial: 1\n gather_facts: False\n connection: winrm\n\n vars:\n ansible_ssh_port : 5986\n\n # These are the tasks to run before applying updates:\n pre_tasks:\n - name: Remove host from load balancing pool\n local_action:\n module: ec2_elb\n region: us-east-1\n instance_id: \"{{ ec2_id }}\"\n ec2_elbs: \"ansible-windows-demo-lb\"\n wait_timeout: 330\n state: 'absent'\n\n roles:\n# - iis \n - web\n\n # These tasks run after the roles:\n post_tasks:\n - name: Wait for webserver to come up\n local_action: wait_for host={{ inventory_hostname }} port=80 state=started timeout=80\n\n - name: Add host to load balancing pool\n local_action:\n module: ec2_elb\n region: us-east-1\n instance_id: \"{{ ec2_id }}\"\n ec2_elbs: \"ansible-windows-demo-lb\"\n wait_timeout: 330\n state: 'present'\n" }, { "path": "windows/wamp_haproxy/site.yml", "content": "---\n## This playbook deploys the whole application stack in this site. \n\n# Configure and deploy database servers.\n- hosts: tag_ansible_group_windows_dbservers\n connection: winrm\n\n vars:\n ansible_ssh_port : 5986\n\n roles:\n - mssql\n\n tags: \n - db\n\n# Configure and deploy the web servers. Note that we include two roles here, \n# the 'base-apache' role which simply sets up Apache, and 'web' which includes\n# our example web application.\n- hosts: tag_ansible_group_windows_webservers\n connection: winrm\n\n vars:\n ansible_ssh_port : 5986\n\n roles:\n - iis \n - web\n\n tags: \n - web\n\n# Configure and deploy the load balancer(s).\n- hosts: localhost\n connection: local \n gather_facts: False\n\n roles:\n - elb\n \n tags: \n - lb\n\n# Add the webservers to the load balancer(s)\n- hosts: tag_ansible_group_windows_webservers\n connection: winrm\n gather_facts: False\n\n vars:\n ansible_ssh_port : 5986\n\n tasks:\n\n - name: Wait for webserver to come up\n local_action: wait_for host={{ inventory_hostname }} port=80 state=started timeout=80\n\n - name: Add host to load balancing pool \n local_action: \n module: ec2_elb\n region: us-east-1\n instance_id: \"{{ ec2_id }}\"\n ec2_elbs: \"ansible-windows-demo-lb\"\n wait_timeout: 330\n state: 'present'\n\n tags:\n - lb\n" }, { "path": "wordpress-nginx/LICENSE.md", "content": "Copyright (C) 2013 AnsibleWorks, Inc.\n\nThis work is licensed under the Creative Commons Attribution 3.0 Unported License. \nTo view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. \n" }, { "path": "wordpress-nginx/README.md", "content": "## WordPress+Nginx+PHP-FPM Deployment\n\n- Requires Ansible 1.2 or newer\n- Expects CentOS/RHEL 6.x hosts\n\nThese playbooks deploy a simple all-in-one configuration of the popular\nWordPress blogging platform and CMS, frontend by the Nginx web server and the\nPHP-FPM process manager. To use, copy the `hosts.example` file to `hosts` and \nedit the `hosts` inventory file to include the names or URLs of the servers\nyou want to deploy.\n\nThen run the playbook, like this:\n\n\tansible-playbook -i hosts site.yml\n\nThe playbooks will configure MySQL, WordPress, Nginx, and PHP-FPM. When the run\nis complete, you can hit access server to begin the WordPress configuration.\n\n### Ideas for Improvement\n\nHere are some ideas for ways that these playbooks could be extended:\n\n- Parameterize the WordPress deployment to handle multi-site configurations.\n- Separate the components (PHP-FPM, MySQL, Nginx) onto separate hosts and \nhandle the configuration appropriately.\n- Handle WordPress upgrades automatically.\n\nWe would love to see contributions and improvements, so please fork this\nrepository on GitHub and send us your changes via pull requests.\n" }, { "path": "wordpress-nginx/group_vars/all", "content": "---\n# Which version of WordPress to deploy\nwp_version: 4.2.4\nwp_sha256sum: 42ca594afc709cbef8528a6096f5a1efe96dcf3164e7ce321e87d57ae015cc82\n\n# These are the WordPress database settings\nwp_db_name: wordpress \nwp_db_user: wordpress\nwp_db_password: secret\n\n# You shouldn't need to change this.\nmysql_port: 3306\n\n# This is used for the nginx server configuration, but access to the\n# WordPress site is not restricted by a named host.\nserver_hostname: www.example.com\n\n# Disable All Updates\n# By default automatic updates are enabled, set this value to true to disable all automatic updates\nauto_up_disable: false\n\n#Define Core Update Level\n#true = Development, minor, and major updates are all enabled\n#false = Development, minor, and major updates are all disabled\n#minor = Minor updates are enabled, development, and major updates are disabled\ncore_update_level: true\n" }, { "path": "wordpress-nginx/hosts.example", "content": "[wordpress-server]\nwebserver2\n" }, { "path": "wordpress-nginx/roles/common/files/RPM-GPG-KEY-EPEL-6", "content": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\nmQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1\nJXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B\nM9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn\nXtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6\npQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV\nQqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp\nXo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq\n3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu\nvBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar\n1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g\nYgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB\ntCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS\nKUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9\nqO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT\n9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP\nQ4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS\nWtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft\nHpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF\np0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP\nx1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8\nwB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J\nl/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG\niVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR\nXtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==\n=V/6I\n-----END PGP PUBLIC KEY BLOCK-----\n" }, { "path": "wordpress-nginx/roles/common/files/epel.repo", "content": "[epel]\nname=Extra Packages for Enterprise Linux 6 - $basearch\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch\nfailovermethod=priority\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\n\n[epel-debuginfo]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Debug\n#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n\n[epel-source]\nname=Extra Packages for Enterprise Linux 6 - $basearch - Source\n#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS\nmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch\nfailovermethod=priority\nenabled=0\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6\ngpgcheck=1\n" }, { "path": "wordpress-nginx/roles/common/files/iptables-save", "content": "# {{ ansible_managed }}\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [37:13960]\n-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n" }, { "path": "wordpress-nginx/roles/common/handlers/main.yml", "content": "---\n- name: restart iptables\n service: name=iptables state=restarted\n" }, { "path": "wordpress-nginx/roles/common/tasks/main.yml", "content": "---\n- name: Install libselinux-python\n yum: name=libselinux-python state=present\n\n- name: Reload ansible_facts\n setup:\n\n- name: Copy the EPEL repository definition\n copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo\n\n- name: Create the GPG key for EPEL\n copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg\n\n- name: Set up iptables rules\n copy: src=iptables-save dest=/etc/sysconfig/iptables\n notify: restart iptables\n" }, { "path": "wordpress-nginx/roles/mysql/handlers/main.yml", "content": "---\n- name: restart mysql\n service: name=mysqld state=restarted\n" }, { "path": "wordpress-nginx/roles/mysql/tasks/main.yml", "content": "---\n- name: Install Mysql package\n yum: name={{ item }} state=present\n with_items:\n - mysql-server\n - MySQL-python\n - libselinux-python\n - libsemanage-python\n\n- name: Configure SELinux to start mysql on any port\n seboolean: name=mysql_connect_any state=true persistent=yes\n when: ansible_selinux.status == \"enabled\"\n\n- name: Create Mysql configuration file\n template: src=my.cnf.j2 dest=/etc/my.cnf\n notify:\n - restart mysql\n\n- name: Start Mysql Service\n service: name=mysqld state=started enabled=yes\n" }, { "path": "wordpress-nginx/roles/mysql/templates/my.cnf.j2", "content": "[mysqld]\ndatadir=/var/lib/mysql\nsocket=/var/lib/mysql/mysql.sock\nuser=mysql\n# Disabling symbolic-links is recommended to prevent assorted security risks\nsymbolic-links=0\nport={{ mysql_port }}\n\n[mysqld_safe]\nlog-error=/var/log/mysqld.log\npid-file=/var/run/mysqld/mysqld.pid\n" }, { "path": "wordpress-nginx/roles/nginx/handlers/main.yml", "content": "---\n- name: restart nginx\n service: name=nginx state=restarted enabled=yes\n" }, { "path": "wordpress-nginx/roles/nginx/tasks/main.yml", "content": "---\n- name: Install nginx\n yum: name=nginx state=present\n\n- name: Copy nginx configuration for wordpress\n template: src=default.conf dest=/etc/nginx/conf.d/default.conf\n notify: restart nginx\n" }, { "path": "wordpress-nginx/roles/nginx/templates/default.conf", "content": "server {\n listen 80 default_server;\n server_name {{ server_hostname }};\n root /srv/wordpress/ ;\n \n\tclient_max_body_size 64M;\n \n\t# Deny access to any files with a .php extension in the uploads directory\n location ~* /(?:uploads|files)/.*\\.php$ {\n deny all;\n }\n \n location / {\n index index.php index.html index.htm;\n try_files $uri $uri/ /index.php?$args;\n }\n \n location ~* \\.(gif|jpg|jpeg|png|css|js)$ {\n expires max;\n }\n \n location ~ \\.php$ {\n try_files $uri =404;\n fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n fastcgi_index index.php;\n fastcgi_pass unix:/var/run/php-fpm/wordpress.sock;\n fastcgi_param SCRIPT_FILENAME\n $document_root$fastcgi_script_name;\n include fastcgi_params;\n }\n}\n" }, { "path": "wordpress-nginx/roles/php-fpm/handlers/main.yml", "content": "---\n- name: restart php-fpm\n service: name=php-fpm state=restarted\n" }, { "path": "wordpress-nginx/roles/php-fpm/tasks/main.yml", "content": "---\n- name: Install php-fpm and deps\n yum: name={{ item }} state=present\n with_items:\n - php\n - php-fpm\n - php-enchant\n - php-IDNA_Convert\n - php-mbstring\n - php-mysql\n - php-PHPMailer\n - php-process\n - php-simplepie\n - php-xml\n\n- name: Disable default pool\n command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled\n notify: restart php-fpm\n\n- name: Copy php-fpm configuration\n template: src=wordpress.conf dest=/etc/php-fpm.d/\n notify: restart php-fpm\n" }, { "path": "wordpress-nginx/roles/php-fpm/templates/wordpress.conf", "content": "[wordpress]\nlisten = /var/run/php-fpm/wordpress.sock\nlisten.owner = nginx\nlisten.group = nginx\nlisten.mode = 0660\nuser = wordpress\ngroup = wordpress\npm = dynamic\npm.max_children = 10\npm.start_servers = 1\npm.min_spare_servers = 1\npm.max_spare_servers = 3\npm.max_requests = 500\nchdir = /srv/wordpress/\nphp_admin_value[open_basedir] = /srv/wordpress/:/tmp\n" }, { "path": "wordpress-nginx/roles/wordpress/tasks/main.yml", "content": "---\n- name: Download WordPress\n get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz\n sha256sum=\"{{ wp_sha256sum }}\"\n\n- name: Extract archive\n unarchive:\n creates: /srv/wordpress\n src: /srv/wordpress-{{ wp_version }}.tar.gz\n dest: /srv/wordpress\n\n- name: Add group \"wordpress\"\n group: name=wordpress\n\n- name: Add user \"wordpress\"\n user: name=wordpress group=wordpress home=/srv/wordpress/\n\n- name: Fetch random salts for WordPress config\n get_url:\n url: https://api.wordpress.org/secret-key/1.1/salt/\n register: \"wp_salt\"\n become: no\n become_method: sudo\n changed_when: true\n delegate_to: localhost\n\n- name: Create WordPress database\n mysql_db: name={{ wp_db_name }} state=present\n\n- name: Create WordPress database user\n mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present\n\n- name: Copy WordPress config file\n template: src=wp-config.php dest=/srv/wordpress/\n\n- name: Change ownership of WordPress installation\n file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes setype=httpd_sys_content_t\n\n- name: Start php-fpm Service\n service: name=php-fpm state=started enabled=yes\n" }, { "path": "wordpress-nginx/roles/wordpress/templates/wp-config.php", "content": "