Compare commits

...

2 Commits

Author SHA1 Message Date
1990413fbe
Reorg en1 inventory vars 2020-12-07 20:27:09 -05:00
ae0be16dd6
Implement configure-webproxy for setting up basic nginx server
Fix init playbook
Add nginx config
Fix networkd install on fedora
2020-12-07 20:27:09 -05:00
7 changed files with 158 additions and 70 deletions

74
en1.yml
View File

@ -11,10 +11,8 @@ all:
omni_host_webproxy: jupiter omni_host_webproxy: jupiter
children: children:
servers: servers:
children:
virtualization: {}
virtualization:
vars: vars:
omni_local_hosts: omni_local_hosts:
- hostname: jupiter.svr.local - hostname: jupiter.svr.local
@ -27,7 +25,6 @@ all:
jupiter: jupiter:
ansible_host: jupiter.net.enp.one ansible_host: jupiter.net.enp.one
omni_description: EN1 System Control Server omni_description: EN1 System Control Server
omni_docker_swarm_iface: eno2
omni_networking: omni_networking:
eno1: eno1:
dhcp: true dhcp: true
@ -35,26 +32,57 @@ all:
eno2: eno2:
dhcp: false dhcp: false
addresses: ["192.168.42.10/24"] addresses: ["192.168.42.10/24"]
remus:
ansible_host: remus.net.enp.one
omni_description: EN1 Hypervisor/Datastore
omni_networking:
eno1:
dhcp: true
dhcp_address: 10.42.101.20/24
eno2:
dhcp: false
addresses: ["192.168.42.20/24"]
romulus:
ansible_host: romulus.net.enp.one
omni_description: EN1 Hypervisor/Datastore
omni_networking:
eno1:
dhcp: true
dhcp_address: 10.42.101.30/24
eno2:
dhcp: false
addresses: ["192.168.42.30/24"]
children: children:
worker: virtualization: {}
datastore: {}
virtualization:
hosts:
jupiter:
omni_docker_swarm_iface: eno2
children:
virtualization_worker:
hosts: hosts:
remus: remus:
ansible_host: remus.net.enp.one omni_docker_swarm_iface: eno2
omni_description: EN1 Hypervisor/Datastore
omni_networking:
eno1:
dhcp: true
dhcp_address: 10.42.101.20/24
eno2:
dhcp: false
addresses: ["192.168.42.20/24"]
romulus: romulus:
ansible_host: romulus.net.enp.one omni_docker_swarm_iface: eno2
omni_description: EN1 Hypervisor/Datastore
omni_networking: datastore:
eno1: children:
dhcp: true datastore_arbiter:
dhcp_address: 10.42.101.30/24 hosts:
eno2: jupiter:
dhcp: false omni_gluster_brick:
addresses: ["192.168.42.30/24"] mount: /mnt/brick0
fs: xfs
datastore_block:
hosts:
remus:
omni_gluster_brick:
mount: /mnt/brick0
fs: xfs
romulus:
omni_gluster_brick:
mount: /mnt/brick0
fs: xfs

View File

@ -1,37 +1,28 @@
--- ---
# TBW - import_playbook: initialize.yml
# - name: Install Nginx
# hosts: jupiter - name: Install Nginx
# handlers: hosts: jupiter
# - name: restart_nginx handlers:
# become: true - name: restart-nginx
# systemd: import_tasks: tasks/nginx/services.yml
# name: nginx tasks:
# state: restarted - import_tasks: tasks/nginx/install.yml
# tasks:
# - name: Install nginx and certbot - name: Install configuration
# become: true become: true
# dnf: copy:
# name: src: nginx.conf
# - nginx dest: /etc/nginx/nginx.conf
# - certbot notify:
# - python3-certbot-nginx - restart-nginx
# state: present
# - name: Set required SELinux options
# - name: Enable and start nginx become: true
# become: true seboolean:
# systemd: name: httpd_can_network_connect
# name: nginx persistent: true
# state: started state: true
# enabled: true notify:
# - restart-nginx
# - name: Install configuration
# become: true
# copy:
# src: nginx.conf
# dest: /etc/nginx/nginx.conf
# notify:
# - restart_nginx
#
# # sudo setsebool -P httpd_can_network_connect on

View File

@ -1,7 +1,6 @@
--- ---
- name: Bootstrap remote ansible environment - name: Bootstrap remote ansible environment
hosts: all hosts: all
tags: tags:
- always - always
vars: vars:
@ -39,16 +38,6 @@
cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages" cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
creates: "{{ omni_ansible_venv }}/bin/python" creates: "{{ omni_ansible_venv }}/bin/python"
# - name: Assign ownership of the virtualenv to ansible
# become: true
# file:
# path: "{{ omni_ansible_venv }}"
# state: directory
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# mode: 0755
# follow: false
- name: Generate remote requirements file locally - name: Generate remote requirements file locally
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
command: command:

37
resources/nginx.conf Normal file
View File

@ -0,0 +1,37 @@
# Ansible managed file
# DO NOT MANUALLY EDIT
#
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
#
# EOF

View File

@ -17,7 +17,7 @@
- name: Install systemd-networkd on Fedora - name: Install systemd-networkd on Fedora
when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8" when: ansible_distribution == "Fedora"
become: true become: true
dnf: dnf:
state: "{{ _runtime_update_state }}" state: "{{ _runtime_update_state }}"

36
tasks/nginx/install.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Install Nginx and CertBot on CentOS 8 and Fedora
when: >-
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
or
ansible_distribution == "Fedora"
become: true
dnf:
state: "{{ _runtime_update_state }}"
name:
- nginx
- certbot
- python3-certbot-nginx
notify:
- restart-nginx
- name: Install Nginx and CertBot on CentOS 7
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
state: "{{ _runtime_update_state }}"
name:
- nginx
- certbot
- python-certbot-nginx
notify:
- restart-nginx
#
# - name: Install configuration
# become: true
# copy:
# src: nginx.conf
# dest: /etc/nginx/nginx.conf
# notify:
# - restart_nginx

7
tasks/nginx/services.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Restart nginx
become: true
systemd:
name: nginx
state: restarted
enabled: true