From c84512a4f0942637bc419804f05d3445dad646ee Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 17 Mar 2016 21:35:04 +0100 Subject: [PATCH] library/roles/mysql: Ansible 2 compatibility. Manage a different data directory. library/roles/php-fpm: Ansible 2 compatibility. library/roles/piwik: Install and configure a piwik instance. infrastructure-services: Install a piwik instance as analytics.d4science.org. --- mysql/tasks/configure_root_access.yml | 20 ++++----- mysql/tasks/disable-mysql-service.yml | 7 ---- mysql/tasks/main.yml | 3 +- mysql/tasks/manage-mysql-service.yml | 11 +++++ mysql/tasks/manage_my_db.yml | 14 +++---- mysql/tasks/mysql-backup.yml | 2 +- mysql/tasks/mysql-conf.yml | 13 ++++-- mysql/tasks/packages.yml | 12 +----- mysql/templates/server.cnf.j2 | 6 ++- php-fpm/handlers/main.yml | 2 + php-fpm/tasks/main.yml | 60 ++++++++++----------------- piwik/defaults/main.yml | 23 ++++++++++ piwik/tasks/main.yml | 28 +++++++++++++ piwik/templates/piwik-archive.cron.j2 | 0 14 files changed, 115 insertions(+), 86 deletions(-) delete mode 100644 mysql/tasks/disable-mysql-service.yml create mode 100644 mysql/tasks/manage-mysql-service.yml create mode 100644 piwik/defaults/main.yml create mode 100644 piwik/tasks/main.yml create mode 100644 piwik/templates/piwik-archive.cron.j2 diff --git a/mysql/tasks/configure_root_access.yml b/mysql/tasks/configure_root_access.yml index bad83df..bbbcab9 100644 --- a/mysql/tasks/configure_root_access.yml +++ b/mysql/tasks/configure_root_access.yml @@ -9,8 +9,7 @@ - ::1 - localhost ignore_errors: True - tags: - - mysql + tags: mysql - name: Secure the mysql root user mysql_user: name=root host={{ item }} password="" @@ -21,26 +20,21 @@ - ::1 - localhost ignore_errors: True - tags: - - mysql + tags: mysql - name: Install the .my.cnf file with root password credentials template: src=dot_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0400 when: mysql_root_password is defined - tags: - - mysql + tags: mysql -- name: delete anonymous MySQL server user for {{ server_hostname }} +- name: delete anonymous MySQL server user for the server hostname mysql_user: user="" host="{{ ansible_hostname }}" state="absent" - tags: - - mysql + tags: mysql - name: delete anonymous MySQL server user for localhost mysql_user: user="" state="absent" - tags: - - mysql + tags: mysql - name: remove the MySQL test database mysql_db: db=test state=absent - tags: - - mysql + tags: mysql diff --git a/mysql/tasks/disable-mysql-service.yml b/mysql/tasks/disable-mysql-service.yml deleted file mode 100644 index 1e878be..0000000 --- a/mysql/tasks/disable-mysql-service.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Stop and disable the mysql server if we do not want it running - service: name=mysql state=stopped enabled=no - when: not mysql_enabled - tags: - - mysql - diff --git a/mysql/tasks/main.yml b/mysql/tasks/main.yml index 4529d1b..ebd97c5 100644 --- a/mysql/tasks/main.yml +++ b/mysql/tasks/main.yml @@ -2,8 +2,7 @@ - include: packages.yml - include: mysql-conf.yml when: mysql_enabled -- include: disable-mysql-service.yml - when: not mysql_enabled +- include: manage-mysql-service.yml - include: configure_root_access.yml when: mysql_enabled - include: manage_my_db.yml diff --git a/mysql/tasks/manage-mysql-service.yml b/mysql/tasks/manage-mysql-service.yml new file mode 100644 index 0000000..730d399 --- /dev/null +++ b/mysql/tasks/manage-mysql-service.yml @@ -0,0 +1,11 @@ +--- +- name: Ensure that the mysql server is enabled and running + service: name=mysql state=started enabled=yes + when: mysql_enabled + tags: [ 'mysql', 'mariadb' ] + +- name: Stop and disable the mysql server if we do not want it running + service: name=mysql state=stopped enabled=no + when: not mysql_enabled + tags: [ 'mysql', 'mariadb' ] + diff --git a/mysql/tasks/manage_my_db.yml b/mysql/tasks/manage_my_db.yml index dfbd6e4..35f9a8c 100644 --- a/mysql/tasks/manage_my_db.yml +++ b/mysql/tasks/manage_my_db.yml @@ -1,18 +1,14 @@ --- - name: Add databases to mysql, if any mysql_db: name={{ item.name }} collation={{ item.collation }} encoding={{ item.encoding }} state=present - with_items: mysql_db_data - when: - - mysql_db_data is defined - - item.name is defined + with_items: '{{ mysql_db_data | default([]) }}' + when: item.name is defined tags: [ 'mysql', 'mysql_db' ] - name: Add a user for the databases - mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv={{ item.0.name }}.*:"{{ item.0.user_grant }}" state=present + mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv="{{ item.0.name }}.*:{{ item.0.user_grant }}" state=present with_subelements: - - mysql_db_data + - '{{ mysql_db_data | default([]) }}' - allowed_hosts - when: - - mysql_db_data is defined - - item.0.name is defined + when: item.0.name is defined tags: [ 'mysql', 'mysql_db' ] diff --git a/mysql/tasks/mysql-backup.yml b/mysql/tasks/mysql-backup.yml index 65bf203..036891b 100644 --- a/mysql/tasks/mysql-backup.yml +++ b/mysql/tasks/mysql-backup.yml @@ -8,5 +8,5 @@ tags: [ 'mysql', 'mysql_backup' ] - name: Cron job that executes mysql nightly backups - copy: src=mysql-backup.cron dest=/etc/cron.daily/mysql-backup owner=root group=root mode=0755 + template: src=mysql-backup.cron.j2 dest=/etc/cron.daily/mysql-backup owner=root group=root mode=0755 tags: [ 'mysql', 'mysql_backup' ] diff --git a/mysql/tasks/mysql-conf.yml b/mysql/tasks/mysql-conf.yml index 11194f4..33265b6 100644 --- a/mysql/tasks/mysql-conf.yml +++ b/mysql/tasks/mysql-conf.yml @@ -1,4 +1,12 @@ --- +- name: Create the data directory + file: dest={{ mysql_data_dir }} state=directory owner=mysql group=mysql mode=0700 + tags: [ 'mysql', 'mariadb', 'mysql-conf' ] + +- name: Create the log directory + file: dest={{ mysql_log_dir }} state=directory owner=mysql group=adm mode=1750 + tags: [ 'mysql', 'mariadb', 'mysql-conf' ] + - name: Install the main configuration files. template: src={{ item }}.cnf.j2 dest={{ mysql_conf_dir }}/{{ item }}.cnf owner=root group=root mode=0644 with_items: @@ -7,7 +15,4 @@ - mysql-clients when: mysql_enabled notify: Restart mysql - tags: - - mysql - - mariadb - - mysql-conf + tags: [ 'mysql', 'mariadb', 'mysql-conf' ] diff --git a/mysql/tasks/packages.yml b/mysql/tasks/packages.yml index 4369a2c..c11164b 100644 --- a/mysql/tasks/packages.yml +++ b/mysql/tasks/packages.yml @@ -1,14 +1,6 @@ --- - name: install the mysql packages apt: pkg={{ item }} state={{ mysql_pkg_state }} - with_items: mysql_packages_list - tags: - - mysql - -- name: Ensure that the mysql server is enabled and running - service: name=mysql state=started enabled=yes - when: mysql_enabled - tags: - - mysql - - mariadb + with_items: '{{ mysql_packages_list }}' + tags: mysql diff --git a/mysql/templates/server.cnf.j2 b/mysql/templates/server.cnf.j2 index 71dc007..27e107b 100644 --- a/mysql/templates/server.cnf.j2 +++ b/mysql/templates/server.cnf.j2 @@ -5,6 +5,8 @@ port = {{ mysql_db_port }} socket = {{ mysql_socket }} max_connections = {{ mysql_db_max_connections }} +datadir = {{ mysql_data_dir }} +log_error = {{ mysql_log_dir }}/error.log skip-external-locking key_buffer_size = 16M max_allowed_packet = 1M @@ -35,9 +37,9 @@ log-bin=mysql-bin binlog_format=mixed # Uncomment the following if you are using InnoDB tables -innodb_data_home_dir = /var/lib/mysql +innodb_data_home_dir = {{ mysql_data_dir }} innodb_data_file_path = {{ mysql_db_innodb_data_file_path }} -innodb_log_group_home_dir = /var/lib/mysql +innodb_log_group_home_dir = {{ mysql_data_dir }} # You can set .._buffer_pool_size up to 50 - 80 % # of RAM but beware of setting memory usage too high innodb_buffer_pool_size = {{ mysql_db_innodb_buffer_pool_size }} diff --git a/php-fpm/handlers/main.yml b/php-fpm/handlers/main.yml index 9fbf705..c640cb3 100644 --- a/php-fpm/handlers/main.yml +++ b/php-fpm/handlers/main.yml @@ -1,6 +1,8 @@ --- - name: Reload php-fpm service: name=php5-fpm state=reloaded + when: phpfpm_service_enabled - name: Restart php-fpm service: name=php5-fpm state=restarted + when: phpfpm_service_enabled diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml index fe68505..c5abeae 100644 --- a/php-fpm/tasks/main.yml +++ b/php-fpm/tasks/main.yml @@ -2,84 +2,68 @@ # php as a standalone service - name: Install the php-fpm package apt: pkg={{ item }} state=present - with_items: php_fpm_packages - tags: - - php + with_items: '{{ php_fpm_packages }}' + tags: php - name: Set the timezone if we have one ini_file: dest={{ phpfpm_base_dir }}/php.ini section=Date option=date.timezone value={{ timezone }} backup=yes when: timezone is defined notify: Reload php-fpm - tags: - - php - - php_ini + tags: [ 'php', 'php_ini' ] - name: Activate the memcache sessions support and redundancy if needed action: configfile path={{ phpfpm_base_dir }}/conf.d/20-memcache.ini key={{ item.prop }} value='{{ item.value }}' when: phpfpm_use_memcache_redundancy_sessions - with_items: memcache_session + with_items: '{{ memcache_session }}' notify: Reload php-fpm - tags: - - php - - php_ini + tags: [ 'php', 'php_ini' ] - name: remove php-fpm default pool file: dest={{ phpfpm_base_dir }}/pool.d/www.conf state=absent when: phpfpm_remove_default_pool notify: Restart php-fpm - tags: - - php + tags: php - name: Create the users under the php-fpm processes will run user: name={{ item.user }} comment="{{ item.user }}" home=/dev/null createhome=no shell=/sbin/nologin - with_items: phpfpm_pools + with_items: '{{ phpfpm_pools }}' when: phpfpm_create_users notify: Restart php-fpm - tags: - - php - - fpm_pool + tags: [ 'php', 'fpm_pool' ] - name: Create the directories where to store the sessions files. One for each pool file: dest={{ phpfpm_session_prefix }}/{{ item.pool_name }} owner={{ item.user }} group=root mode=0750 state=directory - with_items: phpfpm_pools + with_items: '{{ phpfpm_pools }}' when: phpfpm_use_default_template - tags: - - php - - fpm_pool + tags: [ 'php', 'fpm_pool' ] - name: Create the directories where to store the log files file: dest={{ phpfpm_logdir }} owner=root group=root mode=0750 state=directory - tags: - - php - - fpm_pool + tags: [ 'php', 'fpm_pool' ] - name: Install the php-fpm logrotate file template: src=php-fpm.logrotate.j2 dest=/etc/logrotate.d/php-fpm owner=root group=root mode=0444 - tags: - - php - - fpm_conf + tags: [ 'php', 'fpm_conf' ] - name: Install the php-fpm main config file template: src=php-fpm.conf.j2 dest={{ phpfpm_base_dir }}/php-fpm.conf owner=root group=root mode=0444 notify: Restart php-fpm - tags: - - php - - fpm_pool - - fpm_conf + tags: [ 'php', 'fpm_conf', 'fpm_pool' ] - name: Install the php-fpm pools template: src=php-fpm-pool.conf.j2 dest={{ phpfpm_base_dir }}/pool.d/{{ item.pool_name }}.conf owner=root group=root mode=0444 - with_items: phpfpm_pools + with_items: '{{ phpfpm_pools }}' when: phpfpm_use_default_template notify: Restart php-fpm - tags: - - php - - fpm_conf - - fpm_pool - - fpm_pool_conf + tags: [ 'php', 'fpm_conf', 'fpm_pool', 'fpm_pool_conf' ] - name: Ensure that the php-fpm service is started and enabled service: name=php5-fpm state=started enabled=yes - tags: - - php + when: phpfpm_service_enabled + tags: php + +- name: Ensure that the php-fpm service is stopped and disabled + service: name=php5-fpm state=stopped enabled=no + when: not phpfpm_service_enabled + tags: php diff --git a/piwik/defaults/main.yml b/piwik/defaults/main.yml new file mode 100644 index 0000000..14ea16f --- /dev/null +++ b/piwik/defaults/main.yml @@ -0,0 +1,23 @@ +--- +piwik_repo_key: 'https://debian.piwik.org/repository.gpg' +piwik_repo: 'deb https://debian.piwik.org/ piwik main' + +piwik_under_nginx: True +piwik_under_phpfpm: True +piwik_user: piwik +piwik_http_doc_root: '/usr/share/piwik' +piwik_owned_data: + - /etc/piwik/ + - /var/lib/piwik/data/tmp + - /var/log/piwik/ + - /usr/share/piwik/misc + - /usr/share/piwik/plugins + +piwik_url: 'http://{{ ansible_fqdn }}/' +piwik_pkgs: + - piwik + - php5-mysql + - php5-json + - php5-ldap + - php5-gd + diff --git a/piwik/tasks/main.yml b/piwik/tasks/main.yml new file mode 100644 index 0000000..49bb62f --- /dev/null +++ b/piwik/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Install the piwik repo key + apt_key: url={{ piwik_repo_key }} state=present + tags: [ 'piwik', 'analytics' ] + +- name: Install the piwik debian repo + apt_repository: repo='{{ piwik_repo }}' state=present + tags: [ 'piwik', 'analytics' ] + +- name: Install piwik and some dependencies + apt: name={{ item }} + with_items: '{{ piwik_pkgs }}' + tags: [ 'piwik', 'analytics' ] + +- name: Restore the piwik permissions so that they match the fpm config + shell: find {{ item }} -user www-data -exec chown {{ piwik_user }} {} \; ; find {{ item }} -group www-data -exec chgrp {{ piwik_user }} {} \; + with_items: '{{ piwik_owned_data }}' + when: piwik_under_phpfpm + tags: [ 'piwik', 'analytics' ] + +- name: Install a cron job to archive the old logs data + cron: minute="5" user={{ piwik_user }} name="Archive Piwik Log Data" job='[ -e /usr/share/piwik/console ] && [ -x /usr/bin/php ] && nice /usr/bin/php /usr/share/piwik/console core:archive --url="{{ piwik_url }}" >> /var/log/piwik/piwik-archive.log 2>&1' cron_file=piwik-archive + tags: [ 'piwik', 'analytics' ] + +- name: Create a directory for the fcgi cache + file: dest=/var/cache/nginx/fcgicache type=directory owner=piwik + when: piwik_under_nginx + tags: [ 'piwik', 'analytics' ] diff --git a/piwik/templates/piwik-archive.cron.j2 b/piwik/templates/piwik-archive.cron.j2 new file mode 100644 index 0000000..e69de29