library/roles/mediawiki: raw playbook that downloads and unpack a mediawiki installation and installs some of the php dependencies.

library/roles/mysql: role that installs a mysql db, secure the configuration and manage the databases.
library/roles/php-fpm: installs php-fpm and configures all the workers.
d4science-gcube: playbook to install and configure a mediawiki system.
This commit is contained in:
Andrea Dell'Amico 2015-05-29 19:42:43 +02:00
parent 73d37f81a6
commit 2735d9c8ae
20 changed files with 369 additions and 1 deletions

View File

@ -0,0 +1,23 @@
---
#
# This playbook depends on the php-fpm, mysql role and nginx or apache2
#
mw_install_from_package: False
mw_version: 1.25
mw_minor_minor: 1
mw_download_url: http://releases.wikimedia.org/mediawiki/{{ mw_version }}/mediawiki-{{ mw_version }}.{{ mw_minor_minor }}.tar.gz
mw_download_dir: /srv/mediawiki
mw_install_dir: /var/www
mw_conf_dir: /etc/mediawiki
mw_php_prereq:
- php5-intl
- php5-cli
- php5-mysqlnd
- php-apc
- php-pear
- imagemagick
# This choice is not recommended. The package has a poor list of dependencies. We do not want to deal with those
mw_package:
- mediawiki

32
mediawiki/tasks/main.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Install the php prerequisites
apt: name={{ item }} state=present
with_items: mw_php_prereq
tags: mediawiki
- name: Ensure that the download and install dirs exist
file: path={{ item }} state=directory
with_items:
- '{{ mw_download_dir }}'
- '{{ mw_install_dir }}'
tags: mediawiki
- name: Download the mediawiki tar file
get_url: url={{ mw_download_url }} dest={{ mw_download_dir }}
when: not mw_install_from_package
register: mw_download
tags: mediawiki
- name: Unpack the mediawiki tar file
unarchive: copy=no src={{ mw_download_dir }}/mediawiki-{{ mw_version }}.{{ mw_minor_minor }}.tar.gz dest={{ mw_install_dir }}
when: ( mw_download | changed )
tags: mediawiki
- name: Rename the mediawiki directory
command: mv {{ mw_install_dir }}/mediawiki-{{ mw_version }}.{{ mw_minor_minor }} {{ mw_install_dir }}/mediawiki
when: ( mw_download | changed )
tags: mediawiki
- name: Create the mediawiki conf dir
file: path={{ mw_conf_dir }} state=directory
tags: mediawiki

37
mysql/defaults/main.yml Normal file
View File

@ -0,0 +1,37 @@
---
mysql_enabled: True
mysql_pkg_state: present
mysql_conf_dir: /etc/mysql/conf.d
# python-mysqldb is needed by ansible to manage users and databases
mysql_packages_list:
- mysql-server
- mysql-client
- mytop
- python-mysqldb
mysql_db_name: db_name
mysql_db_user: db_user
mysql_db_pwd: "We cannot save the password into the repository. Use another variable and change pgpass.j2 accordingly. Encrypt the file that contains the variable with ansible-vault"
# Alternatives: utf8
mysql_default_encoding: utf8mb4
# Alternatives: utf8_unicode_ci utf8_bin
mysql_default_collation: utf8mb4_unicode_ci
mysql_db_host: localhost
mysql_db_port: 3306
mysql_db_max_connections: 100
mysqld_db_read_buffer_size: 128K
mysql_db_read_rnd_buffer_size: 256K
mysql_db_innodb_data_file_path: 'ibdata1:10M:autoextend'
mysql_db_innodb_buffer_pool_size: 256M
mysql_db_innodb_additional_mem_pool_size: 5M
# Set .._log_file_size to 25 % of buffer pool size
mysql_db_innodb_log_file_size: 64M
mysql_db_innodb_log_buffer_size: 9M
mysql_safe_open_files_limit: 1024
mysql_listen_on_ext_int: False
#mysql_db_data:
# - { name: '{{ mysql_db_name }}', collation: '{{ mysql_default_collation }}', encoding: '{{ mysql_default_encoding }}', user: '{{ mysql_db_user }}', pwd: '{{ mysql_db_pwd }}', user_grant: 'ALL', allowed_hosts: [ 'localhost', 'yyy.yyy.yyy.yyy/32' ] }

1
mysql/files/mysql-backup.cron Executable file
View File

@ -0,0 +1 @@
0 0 * * * root /usr/local/bin/mysql-backup > /var/log/mysql-backup.log 2>&1

41
mysql/files/mysql-backup.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/sh
if [ ! -f /root/.my.cnf ] ; then
exit 1
fi
MY_BACKUP_DIR=/var/lib/mysql-backup
umask 0077
MY_DATA_DIR=/var/lib/mysql
LOCKFILE=$MY_DATA_DIR/.mysqldump.lock
if [ ! -d $MY_BACKUP_DIR ] ; then
mkdir -p $MY_BACKUP_DIR
fi
if [ ! -d $MY_BACKUP_DIR/log ] ; then
mkdir -p $MY_BACKUP_DIR/log
fi
if [ ! -d $MY_BACKUP_DIR/old ] ; then
mkdir -p $MY_BACKUP_DIR/old
fi
chmod -R 700 $MY_BACKUP_DIR
if [ ! -f $LOCKFILE ] ; then
touch $LOCKFILE
for db in $( /bin/ls -1 /var/lib/mysql/ ) ; do
if [ -d /var/lib/mysql/$db ] ; then
if [ -f $MY_BACKUP_DIR/$db.sql ] ; then
mv -f $MY_BACKUP_DIR/$db.sql $MY_BACKUP_DIR/old
fi
#mysqldump -uroot -f --opt -p$MYSQLPASS $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log
mysqldump -f --opt $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log
chmod 600 $MY_BACKUP_DIR/$db.sql
fi
done
# Do a "flush-hosts" after the backup
mysqladmin flush-hosts 2> $MY_BACKUP_DIR/log/flush-hosts.log
rm -f $LOCKFILE
fi
exit 0

6
mysql/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Restart mysql
service: name=mysql state=restarted
- name: Reload mysql
service: name=mysql state=reloaded

View File

@ -0,0 +1,46 @@
---
# 'localhost' needs to be the last item for idempotency, the mysql_user docs
- name: Secure the mysql root user
mysql_user: name=root host={{ item }} password={{ mysql_root_password }}
when: mysql_root_password is defined
with_items:
- '{{ ansible_hostname }}'
- 127.0.0.1
- ::1
- localhost
ignore_errors: True
tags:
- mysql
- name: Secure the mysql root user
mysql_user: name=root host={{ item }} password=""
when: mysql_root_password is not defined
with_items:
- '{{ ansible_hostname }}'
- 127.0.0.1
- ::1
- localhost
ignore_errors: True
tags:
- mysql
- name: Install the .my.cnf file with root password credentials
template: src=dot_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0400
when: mysql_root_password is defined
tags:
- mysql
- name: delete anonymous MySQL server user for {{ server_hostname }}
mysql_user: user="" host="{{ ansible_hostname }}" state="absent"
tags:
- mysql
- name: delete anonymous MySQL server user for localhost
mysql_user: user="" state="absent"
tags:
- mysql
- name: remove the MySQL test database
mysql_db: db=test state=absent
tags:
- mysql

View File

@ -0,0 +1,7 @@
---
- name: Stop and disable the mysql server if we do not want it running
service: name=mysql state=stopped enabled=no
when: not mysql_enabled
tags:
- mysql

View File

@ -0,0 +1,7 @@
---
- name: Stop and disable the mysql server if we do not want it running
service: name=mysql state=stopped enabled=no
when: not mysql_enabled
tags:
- mysql

13
mysql/tasks/main.yml Normal file
View File

@ -0,0 +1,13 @@
---
- include: packages.yml
- include: mysql-conf.yml
when: mysql_enabled
- include: disable-mysql-service.yml
when: not mysql_enabled
- include: configure_root_access.yml
when: mysql_enabled
- include: manage_my_db.yml
when: mysql_enabled
- include: mysql-backup.yml
when: mysql_enabled

View File

@ -0,0 +1,23 @@
---
- name: Add databases to mysql, if any
mysql_db: name={{ item.name }} collation={{ item.collation }} encoding={{ item.encoding }} state=present
with_items: mysql_db_data
when:
- mysql_db_data is defined
- item.name is defined
tags:
- mysql
- mysql_db
- name: Add a user for the databases
mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv={{ item.0.name }}.*:"{{ item.0.user_grant }}" state=present
with_subelements:
- mysql_db_data
- allowed_hosts
when:
- mysql_db_data is defined
- item.0.name is defined
tags:
- mysql
- mysql_db

View File

@ -0,0 +1,10 @@
---
- name: Install a script that performs mysql dumps
copy: src=mysql-backup.sh dest=/usr/local/bin/mysql-backup owner=root group=root mode=0750
tags:
- mysql
- name: Cron job that executes mysql nightly backups
copy: src=mysql-backup.cron dest=/etc/cron.d/mysql-backup owner=root group=root mode=0644
tags:
- mysql

View File

@ -0,0 +1,13 @@
---
- name: Install the main configuration files.
template: src={{ item }}.cnf.j2 dest={{ mysql_conf_dir }}/{{ item }}.cnf owner=root group=root mode=0644
with_items:
- client
- server
- mysql-clients
when: mysql_enabled
notify: Restart mysql
tags:
- mysql
- mariadb
- mysql-conf

14
mysql/tasks/packages.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: install the mysql packages
apt: pkg={{ item }} state={{ mysql_pkg_state }}
with_items: mysql_packages_list
tags:
- mysql
- name: Ensure that the mysql server is enabled and running
service: name=mysql state=started enabled=yes
when: mysql_enabled
tags:
- mysql
- mariadb

View File

@ -0,0 +1,6 @@
# The following options will be passed to all MariaDB clients
[client]
#password = your_password
port = 3306
socket = /var/lib/mysql/mysql.sock

View File

@ -0,0 +1,4 @@
[client]
user=root
password={{ mysql_root_password }}

View File

@ -0,0 +1,20 @@
[mysql]
[mysql_upgrade]
[mysqladmin]
[mysqlbinlog]
[mysqlcheck]
[mysqldump]
quick
max_allowed_packet = 16M
[mysqlimport]
[mysqlshow]
[mysqlslap]

View File

@ -0,0 +1,13 @@
PG_SERVICE='postgresql-{{ psql_version }}'
PG_VERSION='{{ psql_version }}'
PG_DUMP_BIN='{{ pg_backup_pgdump_bin }}'
PG_BCK_BIN='{{ pg_backup_bin }}'
USE_NAGIOS='{{ pg_backup_use_nagios }}'
LOG_DIR='{{ pg_backup_logdir }}'
LOG_FILE='{{ pg_backup_logfile}}'
N_DAYS_TO_SPARE='{{ pg_backup_retain_copies }}'
BUILD_DBLIST='{{ pg_backup_build_db_list }}'
DB_LIST="{{ pg_backup_db_list }}"
PG_USE_AUTH='{{ pg_backup_use_auth }}'
PG_PASS_FILE='{{ pg_backup_pass_file }}'
BACKUPDIR='{{ pg_backup_destdir }}'

View File

@ -0,0 +1,52 @@
# Here follows entries for some specific programs
# The MariaDB server
[mysqld]
port = {{ mysql_db_port }}
socket = /var/lib/mysql/mysql.sock
max_connections = {{ mysql_db_max_connections }}
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 512
sort_buffer_size = 8M
net_buffer_length = 8K
read_buffer_size = {{ mysqld_db_read_buffer_size }}
read_rnd_buffer_size = {{ mysql_db_read_rnd_buffer_size }}
myisam_sort_buffer_size = 16M
# Point the following paths to different dedicated disks
#tmpdir = /tmp/
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Enable binary logging. This is required for acting as a MASTER in a
# replication configuration. You also need the binary log if you need
# the ability to do point in time recovery from your latest backup.
log-bin=mysql-bin
# binary logging format - mixed recommended
binlog_format=mixed
# Uncomment the following if you are using InnoDB tables
innodb_data_home_dir = /var/lib/mysql
innodb_data_file_path = {{ mysql_db_innodb_data_file_path }}
innodb_log_group_home_dir = /var/lib/mysql
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = {{ mysql_db_innodb_buffer_pool_size }}
innodb_additional_mem_pool_size = {{ mysql_db_innodb_additional_mem_pool_size }}
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = {{ mysql_db_innodb_log_file_size }}
innodb_log_buffer_size = {{ mysql_db_innodb_log_buffer_size }}
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
[mysqld_safe]
open-files-limit = {{ mysql_safe_open_files_limit }}

View File

@ -1,6 +1,6 @@
--- ---
# php as a standalone service # php as a standalone service
- name: The nagios and ganglia web interfaces use php-fpm - name: Install the php-fpm package
apt: pkg={{ item }} state=present apt: pkg={{ item }} state=present
with_items: php_fpm_packages with_items: php_fpm_packages
tags: tags: