Init repo

d51718b1 · Radosław Piliszek · d51718b1 · d51718b1 · d51718b1 · d51718b1
Commit d51718b1 authored 2 years ago by Radosław Piliszek
--- a/config.yaml
+++ b/config.yaml
+---
+iac:
+- terraform
+- piacere_monitoring
+- piacere_security
+- mysql
+- nginx
+...
\ No newline at end of file
--- a/mysql/config.yaml
+++ b/mysql/config.yaml
+---
+input:
+  - instance_ip_mysql_vm
+  - instance_server_private_key_mysql_vm_credentials
+output: []
+engine: ansible
+...
--- a/mysql/inventory.j2
+++ b/mysql/inventory.j2
+[servers_for_mysql]
+{{ instance_ip_mysql_vm }}
+[servers_for_mysql:vars]
+ansible_connection=ssh
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ssh_key
--- a/mysql/main.yml
+++ b/mysql/main.yml
+---
+- hosts: DB
+  become: yes
+  pre_tasks:
+  - name: Install MySQL
+    apt: name= update_cache=yes cache_valid_time=3600 state=present
+    with_items:
+    - mysql-server
+    - mysql-client
+    - python-setuptools
+    - python-mysqldb
+    - libmysqlclient-dev
+    - python3-pip
+  - name: Remove a symbolic link
+    ansible.builtin.file: 
+      path: /usr/bin/python
+      state: absent
+  - name: Create a symbolic link
+    ansible.builtin.file: 
+      src: /usr/bin/python3
+      dest: /usr/bin/python
+      state: link
+    register: result
+    retries: 3
+    delay: 5
+    until: result is not failed
+  - name: Create a symbolic link
+    ansible.builtin.file: 
+      src: /usr/bin/pip3
+      dest: /usr/bin/pip
+      state: link
+    register: result
+    retries: 3
+    delay: 5
+    until: result is not failed
+  - name: Install Python packages
+    pip: "name= state=present"
+    with_items:
+      - PyMySQL
+  - name: edit firewall
+    service:
+      name: ufw
+      state: stopped
+      enabled: false
+  tasks:
+  - name: Start the MySQL service
+    service:
+      name: mysql
+      state: started
+      enabled: true
+  - name: Creation mysql file configuration
+    file:
+      path: "/root/.my.cnf"
+      state: touch
+  - name: Editing configuration file
+    replace:
+      path: /etc/mysql/mysql.conf.d/mysqld.cnf
+      regexp: '(.*bind-addres.*)'
+      replace: '#\1'
+  - name: Restart MySQL
+    service: name=mysql state=restarted
+  - name: Ensure MySQL started
+    service:
+      name: mysql
+      state: started
+  - name: update mysql password for application account
+    mysql_user:
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+      name: ""
+      host: "%"
+      password: ""
+      state: present
+      login_user: root
+      login_password: test
+      check_implicit_admin: yes
+      priv: "*.*:ALL,GRANT"
+  - name: Add the application database
+    mysql_db: 
+      name: ""
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+  - name: Restart MySQL
+    service: name=mysql state=restarted
--- a/mysql/ssh_key.j2
+++ b/mysql/ssh_key.j2
+{{ instance_server_private_key_mysql_vm_credentials }}
--- a/nginx/config.yaml
+++ b/nginx/config.yaml
+---
+input:
+  - instance_ip_nginx_vm
+  - instance_server_private_key_nginx_vm_credentials
+output: []
+engine: ansible
+...
--- a/nginx/inventory.j2
+++ b/nginx/inventory.j2
+[servers_for_nginx]
+{{ instance_ip_nginx_vm }}
+[servers_for_nginx:vars]
+ansible_connection=ssh
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ssh_key
--- a/nginx/main.yml
+++ b/nginx/main.yml
+---
+- hosts: servers_for_nginx
+  gather_facts: no
+  become: yes
+  tasks:
+    - name: Update repositories
+      apt:
+        update_cache: yes
+    - name: Install nginx
+      package:
+        name: nginx
+    - name: Start nginx
+      service:
+        name: nginx
+        enabled: yes
+        state: started
+    - name: Set attributes
+      set_stats:
+        data:
+          site_config_dir: /etc/nginx/conf.d
+    - name: Install sample site
+      copy:
+        dest: "{{ item }}"
+        content: |
+          <!doctype html>
+          <html lang="en">
+          <head>
+            <title>Hello World!</title>
+          </head>
+          <body>
+            <h1>Sample web page</h1>
+            <p>With little content ;)</p>
+          </body>
+          </html>
+      with_items:
+        - /var/www/html/index.html
+        - 
--- a/nginx/ssh_key.j2
+++ b/nginx/ssh_key.j2
+{{ instance_server_private_key_nginx_vm_credentials }}
--- a/piacere_monitoring/ansible.cfg
+++ b/piacere_monitoring/ansible.cfg
+# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+[defaults]
+host_key_checking = False
+inventory = {{CWD}}/hosts.yaml  ; This points to the file that lists your hosts
+remote_user = esilab
+deprecation_warnings=False ; to remove the python version depretation warning
+display_skipped_hosts = no 
\ No newline at end of file
--- a/piacere_monitoring/ansible_requirements.yml
+++ b/piacere_monitoring/ansible_requirements.yml
+roles:
+#  - name: dj-wasabi.telegraf
+#    version: 0.13.3
+#    source: https://galaxy.ansible.com
+  - name: dj-wasabi.telegraf
+    src: https://github.com/dj-wasabi/ansible-telegraf.git
+    scm: git
+    version: 0.13.3
--- a/piacere_monitoring/config.yaml
+++ b/piacere_monitoring/config.yaml
+---
+input:
+  - instance_ip_nginx_vm
+  - instance_server_private_key_nginx_vm_credentials
+output: []
+engine: ansible
+...
--- a/piacere_monitoring/hosts.yaml
+++ b/piacere_monitoring/hosts.yaml
+all:
+  hosts:
+    localhost:
+      ansible_connection: local
--- a/piacere_monitoring/install_playbook_requirements.sh
+++ b/piacere_monitoring/install_playbook_requirements.sh
+#!/bin/bash
+set -e
+SCRIPT_DIR=$(dirname "$0")
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+fi
--- a/piacere_monitoring/inventory.j2
+++ b/piacere_monitoring/inventory.j2
+[servers_for_piacere_monitoring]
+{{ instance_ip_nginx_vm }}
+[servers_for_piacere_monitoring:vars]
+ansible_connection=ssh
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ssh_key
--- a/piacere_monitoring/main.yml
+++ b/piacere_monitoring/main.yml
+---
+- hosts: localhost
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml
+- hosts: all
+  pre_tasks:
+    - name: Ensure gnupg package
+      package:
+        name: gnupg
+        state: present
+      become: true
+  vars_files:
+    - vars/main.yaml
+  tasks:
+    - name: Install telegraf
+      ansible.builtin.include_role:
+        name: dj-wasabi.telegraf
--- a/piacere_monitoring/run-playbook.sh
+++ b/piacere_monitoring/run-playbook.sh
+#!/bin/bash
+set -e
+SCRIPT_DIR=$(dirname "$0")
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site.yaml
+    ansible-playbook $SCRIPT_DIR/site.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+fi
--- a/piacere_monitoring/site.yaml
+++ b/piacere_monitoring/site.yaml
+- hosts: all
+  pre_tasks:
+    - name: Check parameters
+      fail:
+        msg: 'variable {{item}} not defined'
+      when: item is not defined
+      with_items:
+        - pma_deployment_id
+        - pma_influxdb_bucket
+        - pma_influxdb_token
+        - pma_influxdb_org
+        - pma_influxdb_addr
+    - name: Print parameters
+      debug:
+        msg: 
+          - "pma_deployment_id: {{ pma_deployment_id }}"
+          - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
+          - "pma_influxdb_token: {{ pma_influxdb_token }}"
+          - "pma_influxdb_org: {{ pma_influxdb_org }}"
+          - "pma_influxdb_addr: {{ pma_influxdb_addr }}"
+    - name: Ensure gnupg package
+      package:
+        name: gnupg
+        state: present
+      become: true
+  vars_files:
+    - vars/main.yaml
+  roles:
+    - dj-wasabi.telegraf
--- a/piacere_monitoring/site_requirements.yaml
+++ b/piacere_monitoring/site_requirements.yaml
+- hosts: localhost
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml
--- a/piacere_monitoring/ssh_key.j2
+++ b/piacere_monitoring/ssh_key.j2
+{{ instance_server_private_key_nginx_vm_credentials }}