library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles.
This commit is contained in:
parent
96ee606381
commit
93be7129fe
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
haproxy_latest_release: False
|
||||
haproxy_version: 1.5
|
||||
haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_distribution }}-backports-{{ haproxy_version }} main"
|
||||
haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main"
|
||||
haproxy_pkg_state: latest
|
||||
|
||||
haproxy_default_port: 80
|
||||
|
|
|
@ -17,11 +17,11 @@
|
|||
tags: haproxy
|
||||
|
||||
- name: Install the haproxy package
|
||||
apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports
|
||||
apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports
|
||||
when: not haproxy_latest_release
|
||||
tags: haproxy
|
||||
|
||||
- name: Install the haproxy package
|
||||
apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports-{{ haproxy_version }}
|
||||
when: not haproxy_latest_release
|
||||
apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }}
|
||||
when: haproxy_latest_release
|
||||
tags: haproxy
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
with_items:
|
||||
- rules.v4
|
||||
- rules.v6
|
||||
when: is_not_ubuntu_less_than_precise
|
||||
when: ( is_not_ubuntu_less_than_precise ) or ( is_debian7)
|
||||
notify:
|
||||
- Start the iptables service
|
||||
tags:
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
mc_pkg_state: present
|
||||
mc_enabled: True
|
||||
|
||||
mc_port: 11211
|
||||
mc_user: memcached
|
||||
mc_maxconn: 1024
|
||||
mc_cachesize: 256
|
||||
mc_options: ""
|
||||
mc_ipaddress: 127.0.0.1
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: Restart memcached
|
||||
service: name=memcached state=restarted
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: Install the memcached package
|
||||
apt: name={{ item }} state={{ mc_pkg_state }}
|
||||
with_items:
|
||||
- memcached
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
||||
- name: Install the memcached conf file
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }} owner=root group=root mode=0444
|
||||
with_items:
|
||||
- memcached.conf
|
||||
notify: Restart memcached
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
||||
- name: Enable memcached
|
||||
action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='yes' syntax=shell
|
||||
when: mc_enabled
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
||||
- name: Ensure that the memcached service is started and enabled
|
||||
service: name=memcached state=started enabled=yes
|
||||
when: mc_enabled
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
||||
- name: Ensure that the memcached service is stopped
|
||||
service: name=memcached state=stopped enabled=no
|
||||
when: not mc_enabled
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
||||
- name: Disable memcached
|
||||
action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='no' syntax=shell
|
||||
when: not mc_enabled
|
||||
tags: [ 'memcache', 'memcached' ]
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
# memcached default config file
|
||||
# 2003 - Jay Bonci <jaybonci@debian.org>
|
||||
# This configuration file is read by the start-memcached script provided as
|
||||
# part of the Debian GNU/Linux distribution.
|
||||
|
||||
# Run memcached as a daemon. This command is implied, and is not needed for the
|
||||
# daemon to run. See the README.Debian that comes with this package for more
|
||||
# information.
|
||||
-d
|
||||
|
||||
# Log memcached's output to /var/log/memcached
|
||||
logfile /var/log/memcached.log
|
||||
|
||||
# Be verbose
|
||||
# -v
|
||||
|
||||
# Be even more verbose (print client commands as well)
|
||||
# -vv
|
||||
|
||||
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
|
||||
# Note that the daemon will grow to this size, but does not start out holding this much
|
||||
# memory
|
||||
-m {{ mc_cachesize }}
|
||||
|
||||
# Default connection port is 11211
|
||||
-p {{ mc_port }}
|
||||
|
||||
# Run the daemon as root. The start-memcached will default to running as root if no
|
||||
# -u command is present in this config file
|
||||
-u nobody
|
||||
|
||||
# Specify which IP address to listen on. The default is to listen on all IP addresses
|
||||
# This parameter is one of the only security measures that memcached has, so make sure
|
||||
# it's listening on a firewalled interface.
|
||||
-l {{ mc_ipaddress }}
|
||||
|
||||
# Limit the number of simultaneous incoming connections. The daemon default is 1024
|
||||
-c {{ mc_maxconn }}
|
||||
|
||||
# Lock down all paged memory. Consult with the README and homepage before you do this
|
||||
# -k
|
||||
|
||||
# Return error when memory is exhausted (rather than removing items)
|
||||
# -M
|
||||
|
||||
# Maximize core file limit
|
||||
# -r
|
|
@ -104,14 +104,6 @@ daemonize = yes
|
|||
events.mechanism = {{ phpfpm_event_mechanism }}
|
||||
{% endif %}
|
||||
|
||||
; When FPM is build with systemd integration, specify the interval,
|
||||
; in second, between health report notification to systemd.
|
||||
; Set to 0 to disable.
|
||||
; Available Units: s(econds), m(inutes), h(ours)
|
||||
; Default Unit: seconds
|
||||
; Default value: 10
|
||||
systemd_interval = 10
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;
|
||||
; Pool Definitions ;
|
||||
;;;;;;;;;;;;;;;;;;;;
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
revive_pkg_state: latest
|
||||
|
||||
revive_ad_version: 3.1.0
|
||||
|
||||
revive_ad_download_url: 'http://download.revive-adserver.com/revive-adserver-{{ revive_ad_version }}.tar.gz'
|
||||
revive_ad_install_dir: '/opt'
|
||||
revive_ad_dir: '{{ revive_ad_install_dir }}/revive-adserver/'
|
||||
revive_ad_dest_dir: '{{ revive_ad_dir }}/ad'
|
||||
revive_ad_images_dest_dir: '{{ revive_ad_dir }}/images'
|
||||
revive_ad_user: revive
|
||||
|
||||
revive_ad_php_modules:
|
||||
- php-xml-parser
|
||||
- php5-memcache
|
||||
- php5-xcache
|
||||
- libphp-pclzip
|
||||
|
||||
revive_ad_php_db_server_modules:
|
||||
- php5-mysqlnd
|
||||
|
||||
revive_writable_dirs:
|
||||
- var
|
||||
- var/cache
|
||||
- var/plugins
|
||||
- var/templates_compiled
|
||||
- plugins
|
||||
- www/admin/plugins
|
|
@ -0,0 +1,79 @@
|
|||
---
|
||||
- name: Create the revive_adserver installation directories
|
||||
file: dest={{ item }} state=directory owner=root group=root mode=0755
|
||||
with_items:
|
||||
- '{{ revive_ad_install_dir }}'
|
||||
- '{{ revive_ad_dest_dir }}'
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Get the revive_adserver distribution file
|
||||
get_url: url={{ revive_ad_download_url }} dest={{ revive_ad_install_dir }}/ mode=0400
|
||||
register: ad_download
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Unpack the revive adserver distribution file
|
||||
unarchive: src={{ revive_ad_install_dir }}/revive-adserver-{{ revive_ad_version }}.tar.gz dest={{ revive_ad_dest_dir }} copy=no
|
||||
when: ( ad_download | changed )
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Fix the global permissions on the revive adserver directory
|
||||
command: chown -R root:root {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}
|
||||
when: ( ad_download | changed )
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Move the adserver files to the right place
|
||||
shell: mv {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}/* {{ revive_ad_dest_dir }} ; rmdir {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}
|
||||
args:
|
||||
creates: '{{ revive_ad_dest_dir }}/index.php'
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Remove the unneeded files
|
||||
file: dest={{ revive_ad_dest_dir }}/{{ item }} state=absent
|
||||
with_items:
|
||||
- RELEASE_NOTES.txt
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Give the revive user the permission to write inside a list of directories
|
||||
command: chown -R {{ revive_ad_user }} {{ revive_ad_dest_dir }}/{{ item }}
|
||||
with_items: revive_writable_dirs
|
||||
#when: ( ad_download | changed )
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Give the revive user the permission to write inside the images directories
|
||||
command: chown -R {{ revive_ad_user }} {{ revive_ad_images_dest_dir }}
|
||||
#when: ( ad_download | changed )
|
||||
tags:
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Install the php required modules
|
||||
apt: name={{ item }} state={{ revive_pkg_state }}
|
||||
with_items: revive_ad_php_modules
|
||||
notify: Reload php-fpm
|
||||
tags:
|
||||
- php
|
||||
- revive
|
||||
- revive_adserver
|
||||
|
||||
- name: Install the php modules to access the db servers
|
||||
apt: name={{ item }} state={{ revive_pkg_state }}
|
||||
with_items: revive_ad_php_db_server_modules
|
||||
notify: Reload php-fpm
|
||||
tags:
|
||||
- php
|
||||
- revive
|
||||
- revive_adserver
|
|
@ -1,22 +1,4 @@
|
|||
---
|
||||
cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm
|
||||
andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente
|
||||
tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom
|
||||
backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup
|
||||
monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja
|
||||
|
||||
old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko
|
||||
|
||||
root_ssh_keys:
|
||||
- '{{ cm_pubkey }}'
|
||||
- '{{ andrea_dellamico }}'
|
||||
- '{{ tommaso_piccioli }}'
|
||||
- '{{ backup_agent }}'
|
||||
- '{{ monja_dariva }}'
|
||||
|
||||
obsolete_root_ssh_keys:
|
||||
- '{{ old_marko_mikulicic }}'
|
||||
|
||||
#
|
||||
# Use the apt proxy
|
||||
#
|
||||
|
@ -24,6 +6,7 @@ use_apt_proxy: False
|
|||
apt_proxy_url: "http://apt.research-infrastructures.eu:9999"
|
||||
|
||||
common_packages:
|
||||
- acl
|
||||
- zile
|
||||
- dstat
|
||||
- iotop
|
||||
|
@ -90,3 +73,67 @@ configure_munin: True
|
|||
|
||||
# Manage the root ssh keys
|
||||
manage_root_ssh_keys: True
|
||||
|
||||
cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm
|
||||
andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente
|
||||
tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom
|
||||
backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup
|
||||
monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja
|
||||
|
||||
old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko
|
||||
|
||||
root_ssh_keys:
|
||||
- '{{ cm_pubkey }}'
|
||||
- '{{ andrea_dellamico }}'
|
||||
- '{{ tommaso_piccioli }}'
|
||||
- '{{ backup_agent }}'
|
||||
- '{{ monja_dariva }}'
|
||||
|
||||
obsolete_root_ssh_keys:
|
||||
- '{{ old_marko_mikulicic }}'
|
||||
|
||||
#
|
||||
# debian/ubuntu distributions controllers
|
||||
#
|
||||
has_default_grub: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6"
|
||||
|
||||
has_htop: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04 or {{ ansible_distribution_version }} == 12.04)"
|
||||
|
||||
has_apt: "('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and '{{ ansible_lsb['major_release'] }}' >= 5"
|
||||
|
||||
is_debian: "'{{ ansible_distribution }}' == 'Debian'"
|
||||
#is_debian7: "'{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 7"
|
||||
is_debian7: "'{{ ansible_distribution_release }}' == 'wheezy'"
|
||||
is_debian6: "('{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 6)"
|
||||
is_debian5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 5"
|
||||
is_debian4: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 4"
|
||||
is_not_debian6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} != 6"
|
||||
is_debian_less_than6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} < 6"
|
||||
is_not_debian_less_than_6: "('{{ ansible_distribution }}' != 'Debian') or (('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6)"
|
||||
|
||||
is_hardy: "'{{ ansible_distribution_release }}' == 'hardy'"
|
||||
is_broken_hardy_lts: "'{{ ansible_distribution }}'== 'Debian' and '{{ ansible_distribution_release }}' == 'NA'"
|
||||
is_jaunty: "'{{ ansible_distribution_release }}' == 'jaunty'"
|
||||
is_quantal: "'{{ ansible_distribution_release }}' == 'quantal'"
|
||||
is_natty: "'{{ ansible_distribution_release }}' == 'natty'"
|
||||
is_precise: "'{{ ansible_distribution_release }}' == 'precise'"
|
||||
is_trusty: "'{{ ansible_distribution_release }}' == 'trusty'"
|
||||
is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'"
|
||||
is_not_precise: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 12.04) or '{{ ansible_distribution }}' == 'Debian'"
|
||||
is_not_trusty: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 14.04) or '{{ ansible_distribution }}' == 'Debian'"
|
||||
is_not_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} >= 12)"
|
||||
is_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12)"
|
||||
is_ubuntu_less_than_trusty: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 14)"
|
||||
# Ubuntu < 10.04 or Debian 4
|
||||
is_ubuntu_between_8_and_9_and_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 8.04 or {{ ansible_distribution_version }} == 8.10 or {{ ansible_distribution_version }} == 9.04)) or ({{ is_debian4 }})"
|
||||
#is_ubuntu_between_8_and_9_or_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12) or ({{ is_debian4 }})"
|
||||
is_ubuntu_between_8_and_9_or_is_debian_4: "'{{ is_ubuntu_between_8_and_9_and_is_debian_4 }}'"
|
||||
# Ubuntu between 10.04 and 11.04
|
||||
is_ubuntu_between_10_04_and_11_04: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.04 or {{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04)"
|
||||
# Ubuntu between 10.04 and 11.04, or Debian 6
|
||||
is_ubuntu_between_10_04_and_11_04_and_is_debian_6: "({{ is_ubuntu_between_10_04_and_11_04 }} or {{ is_debian6 }})"
|
||||
# Debian >=6
|
||||
is_debian_greater_than_5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6"
|
||||
|
||||
is_trusty_or_debian7: "('{{ ansible_distribution_release }}' == 'trusty') or ('{{ ansible_distribution_release }}' == 'wheezy')"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
users_sudoers_group: wheel
|
||||
users_sudoers_group: sudo
|
||||
users_sudoers_create_group: False
|
||||
users_sudoers_create_sudo_conf: False
|
||||
users_home_dir: /home
|
||||
|
|
|
@ -13,6 +13,8 @@ varnish_listen_port: 6810
|
|||
varnish_static_c_timeout: 240s
|
||||
varnish_static_first_byte_timeout: 360s
|
||||
varnish_static_between_bytes_timeout: 360s
|
||||
varnish_min_threads: 10
|
||||
varnish_max_threads: 1000
|
||||
# We are using 3000 in production
|
||||
varnish_static_max_connections: 200
|
||||
varnish_storage_file: /var/lib/varnish/varnish_storage.bin
|
||||
|
|
|
@ -27,23 +27,19 @@
|
|||
with_items: varnish_pkg_name
|
||||
tags: varnish
|
||||
|
||||
# - name: Install the varnish parameters file. The config file needs to be set by a local task
|
||||
# template: src={{ item }}.j2 dest=/etc/varnish/{{ item }} owner=root group=root mode=0444
|
||||
# with_items:
|
||||
# - varnish.params
|
||||
# notify: Reload varnish
|
||||
# tags:
|
||||
# - varnish
|
||||
# - varnishconf
|
||||
- name: Install the varnish parameters file. The config file needs to be set by a local task
|
||||
template: src={{ item }}.j2 dest=/etc/default/varnish owner=root group=root mode=0444
|
||||
with_items:
|
||||
- varnish.params
|
||||
notify: Reload varnish
|
||||
tags: [ 'varnish', 'varnishconf' ]
|
||||
|
||||
# - name: Ensure that the varnish service is started and enabled
|
||||
# service: name=varnish state=started enabled=yes
|
||||
# when: varnish_enabled
|
||||
# tags:
|
||||
# - varnish
|
||||
- name: Ensure that the varnish service is started and enabled
|
||||
service: name=varnish state=started enabled=yes
|
||||
when: varnish_enabled
|
||||
tags: varnish
|
||||
|
||||
# - name: Ensure that the varnish service is stopped and disabled
|
||||
# service: name=varnish state=stopped enabled=no
|
||||
# when: not varnish_enabled
|
||||
# tags:
|
||||
# - varnish
|
||||
- name: Ensure that the varnish service is stopped and disabled
|
||||
service: name=varnish state=stopped enabled=no
|
||||
when: not varnish_enabled
|
||||
tags: varnish
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
|
||||
# to be set from this shell script fragment.
|
||||
#
|
||||
{% if varnish_enabled %}
|
||||
START=yes
|
||||
{% else %}
|
||||
START=no
|
||||
{% endif %}
|
||||
# Set this to 1 to make systemd reload try to switch vcl without restart.
|
||||
RELOAD_VCL=1
|
||||
|
||||
|
@ -18,7 +23,6 @@ MEMLOCK=82000
|
|||
# the -n switch, to have more instances on a single server.
|
||||
INSTANCE=$(uname -n)
|
||||
|
||||
|
||||
## Alternative 3, Advanced configuration
|
||||
#
|
||||
# See varnishd(1) for more information.
|
||||
|
@ -40,10 +44,10 @@ VARNISH_ADMIN_LISTEN_PORT=6082
|
|||
VARNISH_SECRET_FILE=/etc/varnish/secret
|
||||
|
||||
# # The minimum number of worker threads to start
|
||||
VARNISH_MIN_THREADS=2
|
||||
VARNISH_MIN_THREADS={{ varnish_min_threads }}
|
||||
#
|
||||
# # The Maximum number of worker threads to start
|
||||
VARNISH_MAX_THREADS=500
|
||||
VARNISH_MAX_THREADS={{ varnish_max_threads }}
|
||||
#
|
||||
# # Idle timeout for worker threads
|
||||
VARNISH_THREAD_TIMEOUT=120
|
||||
|
@ -65,20 +69,13 @@ VARNISH_TTL={{ varnish_ttl }}
|
|||
# User and group for the varnishd worker processes
|
||||
VARNISH_USER={{ varnish_user }}
|
||||
VARNISH_GROUP={{ varnish_group }}
|
||||
# # sure you update this section, too.
|
||||
# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
|
||||
# -f ${VARNISH_VCL_CONF} \
|
||||
# -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
|
||||
# -t ${VARNISH_TTL} \
|
||||
# -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
|
||||
# -S ${VARNISH_SECRET_FILE} \
|
||||
# -s ${VARNISH_STORAGE} \
|
||||
# -p sess_workspace=262144 \
|
||||
# -p default_keep=${VARNISH_TTL} \
|
||||
# -p sess_timeout=360 \
|
||||
# -p thread_pools=1 \
|
||||
# -p thread_pool_min=200 -p thread_pool_max=4000 \
|
||||
# -p thread_pool_add_delay=2 -p session_linger=100 \
|
||||
# -s file,{{ varnish_ram_cache_size }}M
|
||||
# "
|
||||
|
||||
#
|
||||
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
|
||||
-f ${VARNISH_VCL_CONF} \
|
||||
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
|
||||
-t ${VARNISH_TTL} \
|
||||
-p thread_pool_min=${VARNISH_MIN_THREADS} \
|
||||
-p thread_pool_max=${VARNISH_MAX_THREADS} \
|
||||
-p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \
|
||||
-S ${VARNISH_SECRET_FILE} \
|
||||
-s ${VARNISH_STORAGE}"
|
||||
|
|
|
@ -22,11 +22,9 @@ yii_php_modules:
|
|||
- php5-xcache
|
||||
- php5-gd
|
||||
- php5-mcrypt
|
||||
- libpcre
|
||||
|
||||
yii_php_db_server_modules:
|
||||
- php5-pgsql
|
||||
- php5-mysql
|
||||
- php5-mysqlnd
|
||||
|
||||
yii_unneeded_files:
|
||||
|
|
Loading…
Reference in New Issue