library/roles/mysql: Ansible 2 compatibility. Manage a different data directory.

library/roles/php-fpm: Ansible 2 compatibility. library/roles/piwik: Install and configure a piwik instance. infrastructure-services: Install a piwik instance as analytics.d4science.org.
2016-03-17 21:35:04 +01:00 · 2016-03-17 21:35:04 +01:00 · c84512a4f0
parent 600b8eb864
commit c84512a4f0
14 changed files with 115 additions and 86 deletions
--- a/mysql/tasks/configure_root_access.yml
+++ b/mysql/tasks/configure_root_access.yml
@ -9,8 +9,7 @@
    - ::1
    - localhost
  ignore_errors: True
-  tags:
-    - mysql
+  tags: mysql

 - name: Secure the mysql root user
  mysql_user: name=root host={{ item }} password=""
@ -21,26 +20,21 @@
    - ::1
    - localhost
  ignore_errors: True
-  tags:
-    - mysql
+  tags: mysql

 - name: Install the .my.cnf file with root password credentials
  template: src=dot_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0400
  when: mysql_root_password is defined
-  tags:
-    - mysql
+  tags: mysql

- name: delete anonymous MySQL server user for {{ server_hostname }}
+- name: delete anonymous MySQL server user for the server hostname
  mysql_user: user="" host="{{ ansible_hostname }}" state="absent"
-  tags:
-    - mysql
+  tags: mysql

 - name: delete anonymous MySQL server user for localhost
  mysql_user: user="" state="absent"
-  tags:
-    - mysql
+  tags: mysql

 - name: remove the MySQL test database
  mysql_db: db=test state=absent
-  tags:
-    - mysql
+  tags: mysql
--- a/mysql/tasks/disable-mysql-service.yml
+++ b/mysql/tasks/disable-mysql-service.yml
@ -1,7 +0,0 @@
---
- name: Stop and disable the mysql server if we do not want it running
-  service: name=mysql state=stopped enabled=no
-  when: not mysql_enabled
-  tags:
-    - mysql
-
--- a/mysql/tasks/main.yml
+++ b/mysql/tasks/main.yml
@ -2,8 +2,7 @@
 - include: packages.yml
 - include: mysql-conf.yml
  when: mysql_enabled
- include: disable-mysql-service.yml
-  when: not mysql_enabled
+- include: manage-mysql-service.yml
 - include: configure_root_access.yml
  when: mysql_enabled
 - include: manage_my_db.yml
--- a/mysql/tasks/manage-mysql-service.yml
+++ b/mysql/tasks/manage-mysql-service.yml
@ -0,0 +1,11 @@
+---
+- name: Ensure that the mysql server is enabled and running
+  service: name=mysql state=started enabled=yes
+  when: mysql_enabled
+  tags: [ 'mysql', 'mariadb' ]
+
+- name: Stop and disable the mysql server if we do not want it running
+  service: name=mysql state=stopped enabled=no
+  when: not mysql_enabled
+  tags: [ 'mysql', 'mariadb' ]
+
--- a/mysql/tasks/manage_my_db.yml
+++ b/mysql/tasks/manage_my_db.yml
@ -1,18 +1,14 @@
 ---
 - name: Add databases to mysql, if any
  mysql_db: name={{ item.name }} collation={{ item.collation }} encoding={{ item.encoding }} state=present
-  with_items: mysql_db_data
-  when:
-    - mysql_db_data is defined
-    - item.name is defined
+  with_items: '{{ mysql_db_data | default([]) }}'
+  when: item.name is defined
  tags: [ 'mysql', 'mysql_db' ]

 - name: Add a user for the databases
-  mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv={{ item.0.name }}.*:"{{ item.0.user_grant }}" state=present
+  mysql_user: name={{ item.0.user }} password={{ item.0.pwd }} host={{ item.1 }} priv="{{ item.0.name }}.*:{{ item.0.user_grant }}" state=present
  with_subelements:
-    - mysql_db_data
+    - '{{ mysql_db_data | default([]) }}'
    - allowed_hosts
-  when:
-    - mysql_db_data is defined
-    - item.0.name is defined
+  when: item.0.name is defined
  tags: [ 'mysql', 'mysql_db' ]
--- a/mysql/tasks/mysql-backup.yml
+++ b/mysql/tasks/mysql-backup.yml
@ -8,5 +8,5 @@
  tags: [ 'mysql', 'mysql_backup' ]

 - name: Cron job that executes mysql nightly backups
-  copy: src=mysql-backup.cron dest=/etc/cron.daily/mysql-backup owner=root group=root mode=0755
+  template: src=mysql-backup.cron.j2 dest=/etc/cron.daily/mysql-backup owner=root group=root mode=0755
  tags: [ 'mysql', 'mysql_backup' ]
--- a/mysql/tasks/mysql-conf.yml
+++ b/mysql/tasks/mysql-conf.yml
@ -1,4 +1,12 @@
 ---
+- name: Create the data directory
+  file: dest={{ mysql_data_dir }} state=directory owner=mysql group=mysql mode=0700
+  tags: [ 'mysql', 'mariadb', 'mysql-conf' ]
+  
+- name: Create the log directory
+  file: dest={{ mysql_log_dir }} state=directory owner=mysql group=adm mode=1750
+  tags: [ 'mysql', 'mariadb', 'mysql-conf' ]
+  
 - name: Install the main configuration files.
  template: src={{ item }}.cnf.j2 dest={{ mysql_conf_dir }}/{{ item }}.cnf owner=root group=root mode=0644
  with_items:
@ -7,7 +15,4 @@
    - mysql-clients
  when: mysql_enabled
  notify: Restart mysql
-  tags:
-    - mysql
-    - mariadb
-    - mysql-conf
+  tags: [ 'mysql', 'mariadb', 'mysql-conf' ]
--- a/mysql/tasks/packages.yml
+++ b/mysql/tasks/packages.yml
@ -1,14 +1,6 @@
 ---
 - name: install the mysql packages
  apt: pkg={{ item }} state={{ mysql_pkg_state }}
-  with_items: mysql_packages_list
-  tags:
-    - mysql
-
- name: Ensure that the mysql server is enabled and running
-  service: name=mysql state=started enabled=yes
-  when: mysql_enabled
-  tags:
-    - mysql
-    - mariadb
+  with_items: '{{ mysql_packages_list }}'
+  tags: mysql

--- a/mysql/templates/server.cnf.j2
+++ b/mysql/templates/server.cnf.j2
@ -5,6 +5,8 @@
 port            = {{ mysql_db_port }}
 socket          = {{ mysql_socket }}
 max_connections	= {{ mysql_db_max_connections }}
+datadir         = {{ mysql_data_dir }}
+log_error       = {{ mysql_log_dir }}/error.log
 skip-external-locking
 key_buffer_size = 16M
 max_allowed_packet = 1M
@ -35,9 +37,9 @@ log-bin=mysql-bin
 binlog_format=mixed

 # Uncomment the following if you are using InnoDB tables
-innodb_data_home_dir = /var/lib/mysql
+innodb_data_home_dir = {{ mysql_data_dir }}
 innodb_data_file_path = {{ mysql_db_innodb_data_file_path }}
-innodb_log_group_home_dir = /var/lib/mysql
+innodb_log_group_home_dir = {{ mysql_data_dir }}
 # You can set .._buffer_pool_size up to 50 - 80 %
 # of RAM but beware of setting memory usage too high
 innodb_buffer_pool_size = {{ mysql_db_innodb_buffer_pool_size }}
--- a/php-fpm/handlers/main.yml
+++ b/php-fpm/handlers/main.yml
@ -1,6 +1,8 @@
 ---
 - name: Reload php-fpm
  service: name=php5-fpm state=reloaded
+  when: phpfpm_service_enabled

 - name: Restart php-fpm
  service: name=php5-fpm state=restarted
+  when: phpfpm_service_enabled
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@ -2,84 +2,68 @@
 # php as a standalone service
 - name: Install the php-fpm package
  apt: pkg={{ item }} state=present
-  with_items: php_fpm_packages
-  tags:
-    - php
+  with_items: '{{ php_fpm_packages }}'
+  tags: php

 - name: Set the timezone if we have one
  ini_file: dest={{ phpfpm_base_dir }}/php.ini section=Date option=date.timezone value={{ timezone }} backup=yes
  when: timezone is defined
  notify: Reload php-fpm
-  tags:
-    - php
-    - php_ini
+  tags: [ 'php', 'php_ini' ]

 - name: Activate the memcache sessions support and redundancy if needed
  action: configfile path={{ phpfpm_base_dir }}/conf.d/20-memcache.ini key={{ item.prop }} value='{{ item.value }}'
  when: phpfpm_use_memcache_redundancy_sessions
-  with_items: memcache_session
+  with_items: '{{ memcache_session }}'
  notify: Reload php-fpm
-  tags:
-    - php
-    - php_ini
+  tags: [ 'php', 'php_ini' ]

 - name: remove php-fpm default pool
  file: dest={{ phpfpm_base_dir }}/pool.d/www.conf state=absent
  when: phpfpm_remove_default_pool
  notify: Restart php-fpm
-  tags:
-    - php
+  tags: php

 - name: Create the users under the php-fpm processes will run
  user: name={{ item.user }} comment="{{ item.user }}" home=/dev/null createhome=no shell=/sbin/nologin
-  with_items: phpfpm_pools
+  with_items: '{{ phpfpm_pools }}'
  when: phpfpm_create_users
  notify: Restart php-fpm
-  tags:
-    - php
-    - fpm_pool
+  tags: [ 'php', 'fpm_pool' ]

 - name: Create the directories where to store the sessions files. One for each pool
  file: dest={{ phpfpm_session_prefix }}/{{ item.pool_name }} owner={{ item.user }} group=root mode=0750 state=directory
-  with_items: phpfpm_pools
+  with_items: '{{ phpfpm_pools }}' 
  when: phpfpm_use_default_template
-  tags:
-    - php
-    - fpm_pool
+  tags: [ 'php', 'fpm_pool' ]

 - name: Create the directories where to store the log files
  file: dest={{ phpfpm_logdir }} owner=root group=root mode=0750 state=directory
-  tags:
-    - php
-    - fpm_pool
+  tags: [ 'php', 'fpm_pool' ]

 - name: Install the php-fpm logrotate file
  template: src=php-fpm.logrotate.j2 dest=/etc/logrotate.d/php-fpm owner=root group=root mode=0444
-  tags:
-    - php
-    - fpm_conf
+  tags: [ 'php', 'fpm_conf' ]

 - name: Install the php-fpm main config file
  template: src=php-fpm.conf.j2 dest={{ phpfpm_base_dir }}/php-fpm.conf owner=root group=root mode=0444
  notify: Restart php-fpm
-  tags:
-    - php
-    - fpm_pool
-    - fpm_conf
+  tags: [ 'php', 'fpm_conf', 'fpm_pool' ]

 - name: Install the php-fpm pools
  template: src=php-fpm-pool.conf.j2 dest={{ phpfpm_base_dir }}/pool.d/{{ item.pool_name }}.conf owner=root group=root mode=0444
-  with_items: phpfpm_pools
+  with_items: '{{ phpfpm_pools }}'
  when: phpfpm_use_default_template
  notify: Restart php-fpm
-  tags:
-    - php
-    - fpm_conf
-    - fpm_pool
-    - fpm_pool_conf
+  tags: [ 'php', 'fpm_conf', 'fpm_pool', 'fpm_pool_conf' ]

 - name: Ensure that the php-fpm service is started and enabled
  service: name=php5-fpm state=started enabled=yes
-  tags:
-    - php
+  when: phpfpm_service_enabled
+  tags: php
+
+- name: Ensure that the php-fpm service is stopped and disabled
+  service: name=php5-fpm state=stopped enabled=no
+  when: not phpfpm_service_enabled
+  tags: php

--- a/piwik/defaults/main.yml
+++ b/piwik/defaults/main.yml
@ -0,0 +1,23 @@
+---
+piwik_repo_key: 'https://debian.piwik.org/repository.gpg'
+piwik_repo: 'deb https://debian.piwik.org/ piwik main'
+
+piwik_under_nginx: True
+piwik_under_phpfpm: True
+piwik_user: piwik
+piwik_http_doc_root: '/usr/share/piwik'
+piwik_owned_data:
+  - /etc/piwik/
+  - /var/lib/piwik/data/tmp
+  - /var/log/piwik/
+  - /usr/share/piwik/misc
+  - /usr/share/piwik/plugins
+
+piwik_url: 'http://{{ ansible_fqdn }}/'
+piwik_pkgs:
+  - piwik
+  - php5-mysql
+  - php5-json
+  - php5-ldap
+  - php5-gd
+
--- a/piwik/tasks/main.yml
+++ b/piwik/tasks/main.yml
@ -0,0 +1,28 @@
+---
+- name: Install the piwik repo key
+  apt_key: url={{ piwik_repo_key }} state=present
+  tags: [ 'piwik', 'analytics' ]
+
+- name: Install the piwik debian repo
+  apt_repository: repo='{{ piwik_repo }}' state=present
+  tags: [ 'piwik', 'analytics' ]
+
+- name: Install piwik and some dependencies
+  apt: name={{ item }}
+  with_items: '{{ piwik_pkgs }}'
+  tags: [ 'piwik', 'analytics' ]
+
+- name: Restore the piwik permissions so that they match the fpm config
+  shell: find {{ item }} -user www-data -exec chown {{ piwik_user }} {} \; ; find {{ item }} -group www-data -exec chgrp {{ piwik_user }} {} \;
+  with_items: '{{ piwik_owned_data }}'
+  when: piwik_under_phpfpm
+  tags: [ 'piwik', 'analytics' ]
+
+- name: Install a cron job to archive the old logs data
+  cron: minute="5" user={{ piwik_user }} name="Archive Piwik Log Data" job='[ -e /usr/share/piwik/console ] && [ -x /usr/bin/php ] && nice /usr/bin/php /usr/share/piwik/console core:archive --url="{{ piwik_url }}" >> /var/log/piwik/piwik-archive.log 2>&1' cron_file=piwik-archive
+  tags: [ 'piwik', 'analytics' ]
+  
+- name: Create a directory for the fcgi cache
+  file: dest=/var/cache/nginx/fcgicache type=directory owner=piwik
+  when: piwik_under_nginx
+  tags: [ 'piwik', 'analytics' ]
--- a/piwik/templates/piwik-archive.cron.j2
+++ b/piwik/templates/piwik-archive.cron.j2