From 93be7129febdefbde0065fa156614e5bd25ce035 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 31 May 2015 19:35:38 +0200 Subject: [PATCH] library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles. --- haproxy/defaults/main.yml | 2 +- haproxy/tasks/main.yml | 6 +- iptables/tasks/main.yml | 2 +- memcached/defaults/main.yml | 10 +++ memcached/handlers/main.yml | 4 ++ memcached/tasks/main.yml | 34 ++++++++++ memcached/templates/memcached.conf.j2 | 47 +++++++++++++ php-fpm/templates/php-fpm.conf.j2 | 8 --- revive-adserver/defaults/main.yml | 28 ++++++++ revive-adserver/tasks/main.yml | 79 +++++++++++++++++++++ ubuntu-deb-general/defaults/main.yml | 83 ++++++++++++++++++----- users/defaults/main.yml | 2 +- varnish-cache/defaults/main.yml | 2 + varnish-cache/tasks/main.yml | 32 ++++----- varnish-cache/templates/varnish.params.j2 | 37 +++++----- yii/defaults/main.yml | 2 - 16 files changed, 306 insertions(+), 72 deletions(-) create mode 100644 memcached/defaults/main.yml create mode 100644 memcached/handlers/main.yml create mode 100644 memcached/tasks/main.yml create mode 100644 memcached/templates/memcached.conf.j2 create mode 100644 revive-adserver/defaults/main.yml create mode 100644 revive-adserver/tasks/main.yml diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml index f5ac062d..8fc878af 100644 --- a/haproxy/defaults/main.yml +++ b/haproxy/defaults/main.yml @@ -1,7 +1,7 @@ --- haproxy_latest_release: False haproxy_version: 1.5 -haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_distribution }}-backports-{{ haproxy_version }} main" +haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main" haproxy_pkg_state: latest haproxy_default_port: 80 diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index 83841985..4f9d9107 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -17,11 +17,11 @@ tags: haproxy - name: Install the haproxy package - apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports + apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports when: not haproxy_latest_release tags: haproxy - name: Install the haproxy package - apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports-{{ haproxy_version }} - when: not haproxy_latest_release + apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }} + when: haproxy_latest_release tags: haproxy diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml index da67fa44..7e5e8150 100644 --- a/iptables/tasks/main.yml +++ b/iptables/tasks/main.yml @@ -23,7 +23,7 @@ with_items: - rules.v4 - rules.v6 - when: is_not_ubuntu_less_than_precise + when: ( is_not_ubuntu_less_than_precise ) or ( is_debian7) notify: - Start the iptables service tags: diff --git a/memcached/defaults/main.yml b/memcached/defaults/main.yml new file mode 100644 index 00000000..17005fad --- /dev/null +++ b/memcached/defaults/main.yml @@ -0,0 +1,10 @@ +--- +mc_pkg_state: present +mc_enabled: True + +mc_port: 11211 +mc_user: memcached +mc_maxconn: 1024 +mc_cachesize: 256 +mc_options: "" +mc_ipaddress: 127.0.0.1 \ No newline at end of file diff --git a/memcached/handlers/main.yml b/memcached/handlers/main.yml new file mode 100644 index 00000000..75e00612 --- /dev/null +++ b/memcached/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart memcached + service: name=memcached state=restarted + diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml new file mode 100644 index 00000000..f8b2ef10 --- /dev/null +++ b/memcached/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: Install the memcached package + apt: name={{ item }} state={{ mc_pkg_state }} + with_items: + - memcached + tags: [ 'memcache', 'memcached' ] + +- name: Install the memcached conf file + template: src={{ item }}.j2 dest=/etc/{{ item }} owner=root group=root mode=0444 + with_items: + - memcached.conf + notify: Restart memcached + tags: [ 'memcache', 'memcached' ] + +- name: Enable memcached + action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='yes' syntax=shell + when: mc_enabled + tags: [ 'memcache', 'memcached' ] + +- name: Ensure that the memcached service is started and enabled + service: name=memcached state=started enabled=yes + when: mc_enabled + tags: [ 'memcache', 'memcached' ] + +- name: Ensure that the memcached service is stopped + service: name=memcached state=stopped enabled=no + when: not mc_enabled + tags: [ 'memcache', 'memcached' ] + +- name: Disable memcached + action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='no' syntax=shell + when: not mc_enabled + tags: [ 'memcache', 'memcached' ] + diff --git a/memcached/templates/memcached.conf.j2 b/memcached/templates/memcached.conf.j2 new file mode 100644 index 00000000..6e67a622 --- /dev/null +++ b/memcached/templates/memcached.conf.j2 @@ -0,0 +1,47 @@ +# memcached default config file +# 2003 - Jay Bonci +# This configuration file is read by the start-memcached script provided as +# part of the Debian GNU/Linux distribution. + +# Run memcached as a daemon. This command is implied, and is not needed for the +# daemon to run. See the README.Debian that comes with this package for more +# information. +-d + +# Log memcached's output to /var/log/memcached +logfile /var/log/memcached.log + +# Be verbose +# -v + +# Be even more verbose (print client commands as well) +# -vv + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +-m {{ mc_cachesize }} + +# Default connection port is 11211 +-p {{ mc_port }} + +# Run the daemon as root. The start-memcached will default to running as root if no +# -u command is present in this config file +-u nobody + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l {{ mc_ipaddress }} + +# Limit the number of simultaneous incoming connections. The daemon default is 1024 +-c {{ mc_maxconn }} + +# Lock down all paged memory. Consult with the README and homepage before you do this +# -k + +# Return error when memory is exhausted (rather than removing items) +# -M + +# Maximize core file limit +# -r diff --git a/php-fpm/templates/php-fpm.conf.j2 b/php-fpm/templates/php-fpm.conf.j2 index 836936b4..dfb2c2af 100644 --- a/php-fpm/templates/php-fpm.conf.j2 +++ b/php-fpm/templates/php-fpm.conf.j2 @@ -104,14 +104,6 @@ daemonize = yes events.mechanism = {{ phpfpm_event_mechanism }} {% endif %} -; When FPM is build with systemd integration, specify the interval, -; in second, between health report notification to systemd. -; Set to 0 to disable. -; Available Units: s(econds), m(inutes), h(ours) -; Default Unit: seconds -; Default value: 10 -systemd_interval = 10 - ;;;;;;;;;;;;;;;;;;;; ; Pool Definitions ; ;;;;;;;;;;;;;;;;;;;; diff --git a/revive-adserver/defaults/main.yml b/revive-adserver/defaults/main.yml new file mode 100644 index 00000000..cddfdebd --- /dev/null +++ b/revive-adserver/defaults/main.yml @@ -0,0 +1,28 @@ +--- +revive_pkg_state: latest + +revive_ad_version: 3.1.0 + +revive_ad_download_url: 'http://download.revive-adserver.com/revive-adserver-{{ revive_ad_version }}.tar.gz' +revive_ad_install_dir: '/opt' +revive_ad_dir: '{{ revive_ad_install_dir }}/revive-adserver/' +revive_ad_dest_dir: '{{ revive_ad_dir }}/ad' +revive_ad_images_dest_dir: '{{ revive_ad_dir }}/images' +revive_ad_user: revive + +revive_ad_php_modules: + - php-xml-parser + - php5-memcache + - php5-xcache + - libphp-pclzip + +revive_ad_php_db_server_modules: + - php5-mysqlnd + +revive_writable_dirs: + - var + - var/cache + - var/plugins + - var/templates_compiled + - plugins + - www/admin/plugins diff --git a/revive-adserver/tasks/main.yml b/revive-adserver/tasks/main.yml new file mode 100644 index 00000000..b15d0a51 --- /dev/null +++ b/revive-adserver/tasks/main.yml @@ -0,0 +1,79 @@ +--- +- name: Create the revive_adserver installation directories + file: dest={{ item }} state=directory owner=root group=root mode=0755 + with_items: + - '{{ revive_ad_install_dir }}' + - '{{ revive_ad_dest_dir }}' + tags: + - revive + - revive_adserver + +- name: Get the revive_adserver distribution file + get_url: url={{ revive_ad_download_url }} dest={{ revive_ad_install_dir }}/ mode=0400 + register: ad_download + tags: + - revive + - revive_adserver + +- name: Unpack the revive adserver distribution file + unarchive: src={{ revive_ad_install_dir }}/revive-adserver-{{ revive_ad_version }}.tar.gz dest={{ revive_ad_dest_dir }} copy=no + when: ( ad_download | changed ) + tags: + - revive + - revive_adserver + +- name: Fix the global permissions on the revive adserver directory + command: chown -R root:root {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }} + when: ( ad_download | changed ) + tags: + - revive + - revive_adserver + +- name: Move the adserver files to the right place + shell: mv {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}/* {{ revive_ad_dest_dir }} ; rmdir {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }} + args: + creates: '{{ revive_ad_dest_dir }}/index.php' + tags: + - revive + - revive_adserver + +- name: Remove the unneeded files + file: dest={{ revive_ad_dest_dir }}/{{ item }} state=absent + with_items: + - RELEASE_NOTES.txt + tags: + - revive + - revive_adserver + +- name: Give the revive user the permission to write inside a list of directories + command: chown -R {{ revive_ad_user }} {{ revive_ad_dest_dir }}/{{ item }} + with_items: revive_writable_dirs + #when: ( ad_download | changed ) + tags: + - revive + - revive_adserver + +- name: Give the revive user the permission to write inside the images directories + command: chown -R {{ revive_ad_user }} {{ revive_ad_images_dest_dir }} + #when: ( ad_download | changed ) + tags: + - revive + - revive_adserver + +- name: Install the php required modules + apt: name={{ item }} state={{ revive_pkg_state }} + with_items: revive_ad_php_modules + notify: Reload php-fpm + tags: + - php + - revive + - revive_adserver + +- name: Install the php modules to access the db servers + apt: name={{ item }} state={{ revive_pkg_state }} + with_items: revive_ad_php_db_server_modules + notify: Reload php-fpm + tags: + - php + - revive + - revive_adserver diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml index 4d51e02f..be8156e3 100644 --- a/ubuntu-deb-general/defaults/main.yml +++ b/ubuntu-deb-general/defaults/main.yml @@ -1,22 +1,4 @@ --- -cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm -andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente -tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom -backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup -monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja - -old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko - -root_ssh_keys: - - '{{ cm_pubkey }}' - - '{{ andrea_dellamico }}' - - '{{ tommaso_piccioli }}' - - '{{ backup_agent }}' - - '{{ monja_dariva }}' - -obsolete_root_ssh_keys: - - '{{ old_marko_mikulicic }}' - # # Use the apt proxy # @@ -24,6 +6,7 @@ use_apt_proxy: False apt_proxy_url: "http://apt.research-infrastructures.eu:9999" common_packages: + - acl - zile - dstat - iotop @@ -90,3 +73,67 @@ configure_munin: True # Manage the root ssh keys manage_root_ssh_keys: True + +cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm +andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente +tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom +backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup +monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja + +old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko + +root_ssh_keys: + - '{{ cm_pubkey }}' + - '{{ andrea_dellamico }}' + - '{{ tommaso_piccioli }}' + - '{{ backup_agent }}' + - '{{ monja_dariva }}' + +obsolete_root_ssh_keys: + - '{{ old_marko_mikulicic }}' + +# +# debian/ubuntu distributions controllers +# +has_default_grub: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6" + +has_htop: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04 or {{ ansible_distribution_version }} == 12.04)" + +has_apt: "('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and '{{ ansible_lsb['major_release'] }}' >= 5" + +is_debian: "'{{ ansible_distribution }}' == 'Debian'" +#is_debian7: "'{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 7" +is_debian7: "'{{ ansible_distribution_release }}' == 'wheezy'" +is_debian6: "('{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 6)" +is_debian5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 5" +is_debian4: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 4" +is_not_debian6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} != 6" +is_debian_less_than6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} < 6" +is_not_debian_less_than_6: "('{{ ansible_distribution }}' != 'Debian') or (('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6)" + +is_hardy: "'{{ ansible_distribution_release }}' == 'hardy'" +is_broken_hardy_lts: "'{{ ansible_distribution }}'== 'Debian' and '{{ ansible_distribution_release }}' == 'NA'" +is_jaunty: "'{{ ansible_distribution_release }}' == 'jaunty'" +is_quantal: "'{{ ansible_distribution_release }}' == 'quantal'" +is_natty: "'{{ ansible_distribution_release }}' == 'natty'" +is_precise: "'{{ ansible_distribution_release }}' == 'precise'" +is_trusty: "'{{ ansible_distribution_release }}' == 'trusty'" +is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'" +is_not_precise: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 12.04) or '{{ ansible_distribution }}' == 'Debian'" +is_not_trusty: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 14.04) or '{{ ansible_distribution }}' == 'Debian'" +is_not_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} >= 12)" +is_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12)" +is_ubuntu_less_than_trusty: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 14)" +# Ubuntu < 10.04 or Debian 4 +is_ubuntu_between_8_and_9_and_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 8.04 or {{ ansible_distribution_version }} == 8.10 or {{ ansible_distribution_version }} == 9.04)) or ({{ is_debian4 }})" +#is_ubuntu_between_8_and_9_or_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12) or ({{ is_debian4 }})" +is_ubuntu_between_8_and_9_or_is_debian_4: "'{{ is_ubuntu_between_8_and_9_and_is_debian_4 }}'" +# Ubuntu between 10.04 and 11.04 +is_ubuntu_between_10_04_and_11_04: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.04 or {{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04)" +# Ubuntu between 10.04 and 11.04, or Debian 6 +is_ubuntu_between_10_04_and_11_04_and_is_debian_6: "({{ is_ubuntu_between_10_04_and_11_04 }} or {{ is_debian6 }})" +# Debian >=6 +is_debian_greater_than_5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6" + +is_trusty_or_debian7: "('{{ ansible_distribution_release }}' == 'trusty') or ('{{ ansible_distribution_release }}' == 'wheezy')" + diff --git a/users/defaults/main.yml b/users/defaults/main.yml index ced4cea7..df1595c3 100644 --- a/users/defaults/main.yml +++ b/users/defaults/main.yml @@ -1,5 +1,5 @@ --- -users_sudoers_group: wheel +users_sudoers_group: sudo users_sudoers_create_group: False users_sudoers_create_sudo_conf: False users_home_dir: /home diff --git a/varnish-cache/defaults/main.yml b/varnish-cache/defaults/main.yml index 331e3db1..8df54a2b 100644 --- a/varnish-cache/defaults/main.yml +++ b/varnish-cache/defaults/main.yml @@ -13,6 +13,8 @@ varnish_listen_port: 6810 varnish_static_c_timeout: 240s varnish_static_first_byte_timeout: 360s varnish_static_between_bytes_timeout: 360s +varnish_min_threads: 10 +varnish_max_threads: 1000 # We are using 3000 in production varnish_static_max_connections: 200 varnish_storage_file: /var/lib/varnish/varnish_storage.bin diff --git a/varnish-cache/tasks/main.yml b/varnish-cache/tasks/main.yml index 253bac6c..87781899 100644 --- a/varnish-cache/tasks/main.yml +++ b/varnish-cache/tasks/main.yml @@ -27,23 +27,19 @@ with_items: varnish_pkg_name tags: varnish -# - name: Install the varnish parameters file. The config file needs to be set by a local task -# template: src={{ item }}.j2 dest=/etc/varnish/{{ item }} owner=root group=root mode=0444 -# with_items: -# - varnish.params -# notify: Reload varnish -# tags: -# - varnish -# - varnishconf +- name: Install the varnish parameters file. The config file needs to be set by a local task + template: src={{ item }}.j2 dest=/etc/default/varnish owner=root group=root mode=0444 + with_items: + - varnish.params + notify: Reload varnish + tags: [ 'varnish', 'varnishconf' ] -# - name: Ensure that the varnish service is started and enabled -# service: name=varnish state=started enabled=yes -# when: varnish_enabled -# tags: -# - varnish +- name: Ensure that the varnish service is started and enabled + service: name=varnish state=started enabled=yes + when: varnish_enabled + tags: varnish -# - name: Ensure that the varnish service is stopped and disabled -# service: name=varnish state=stopped enabled=no -# when: not varnish_enabled -# tags: -# - varnish +- name: Ensure that the varnish service is stopped and disabled + service: name=varnish state=stopped enabled=no + when: not varnish_enabled + tags: varnish diff --git a/varnish-cache/templates/varnish.params.j2 b/varnish-cache/templates/varnish.params.j2 index 6de1e244..fb505730 100644 --- a/varnish-cache/templates/varnish.params.j2 +++ b/varnish-cache/templates/varnish.params.j2 @@ -3,6 +3,11 @@ # /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK # to be set from this shell script fragment. # +{% if varnish_enabled %} +START=yes +{% else %} +START=no +{% endif %} # Set this to 1 to make systemd reload try to switch vcl without restart. RELOAD_VCL=1 @@ -18,7 +23,6 @@ MEMLOCK=82000 # the -n switch, to have more instances on a single server. INSTANCE=$(uname -n) - ## Alternative 3, Advanced configuration # # See varnishd(1) for more information. @@ -40,10 +44,10 @@ VARNISH_ADMIN_LISTEN_PORT=6082 VARNISH_SECRET_FILE=/etc/varnish/secret # # The minimum number of worker threads to start -VARNISH_MIN_THREADS=2 +VARNISH_MIN_THREADS={{ varnish_min_threads }} # # # The Maximum number of worker threads to start -VARNISH_MAX_THREADS=500 +VARNISH_MAX_THREADS={{ varnish_max_threads }} # # # Idle timeout for worker threads VARNISH_THREAD_TIMEOUT=120 @@ -65,20 +69,13 @@ VARNISH_TTL={{ varnish_ttl }} # User and group for the varnishd worker processes VARNISH_USER={{ varnish_user }} VARNISH_GROUP={{ varnish_group }} -# # sure you update this section, too. -# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ -# -f ${VARNISH_VCL_CONF} \ -# -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ -# -t ${VARNISH_TTL} \ -# -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ -# -S ${VARNISH_SECRET_FILE} \ -# -s ${VARNISH_STORAGE} \ -# -p sess_workspace=262144 \ -# -p default_keep=${VARNISH_TTL} \ -# -p sess_timeout=360 \ -# -p thread_pools=1 \ -# -p thread_pool_min=200 -p thread_pool_max=4000 \ -# -p thread_pool_add_delay=2 -p session_linger=100 \ -# -s file,{{ varnish_ram_cache_size }}M -# " - +# +DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ + -f ${VARNISH_VCL_CONF} \ + -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ + -t ${VARNISH_TTL} \ + -p thread_pool_min=${VARNISH_MIN_THREADS} \ + -p thread_pool_max=${VARNISH_MAX_THREADS} \ + -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \ + -S ${VARNISH_SECRET_FILE} \ + -s ${VARNISH_STORAGE}" diff --git a/yii/defaults/main.yml b/yii/defaults/main.yml index 1b2160e4..4e5273e1 100644 --- a/yii/defaults/main.yml +++ b/yii/defaults/main.yml @@ -22,11 +22,9 @@ yii_php_modules: - php5-xcache - php5-gd - php5-mcrypt - - libpcre yii_php_db_server_modules: - php5-pgsql - - php5-mysql - php5-mysqlnd yii_unneeded_files: