├── .ansible ├── books │ ├── ajenti_book.yml │ ├── app_files_book.yml │ ├── app_healthcheck_book.yml │ ├── app_postgres_book.yml │ ├── app_rubyrbenv_book.yml │ ├── aptupgrade.yml │ ├── dkim_book.yml │ ├── dkimkeys_book.yml │ ├── go.yml │ ├── localetimezone_book.yml │ ├── misc_book.yml │ ├── nginxpassenger_book.yml │ ├── postfix_book.yml │ ├── postgres_book.yml │ ├── redis_book.yml │ ├── remoteuser_book.yml │ ├── ssl_letsencrypt_book.yml │ └── staticsite_files_book.yml ├── group_vars │ ├── ajenti.yml │ ├── all.yml │ ├── passenger-nginx-app-1.yml │ ├── passenger-nginx-app-2.yml │ ├── postfix-dkim.yml │ ├── postgres-1.yml │ ├── redis.yml │ └── staticsite-1.yml ├── hosts.yml ├── roles │ ├── DavidWittman.redis │ │ ├── .gitignore │ │ ├── .kitchen.yml │ │ ├── .travis.yml │ │ ├── Gemfile │ │ ├── Gemfile.lock │ │ ├── LICENSE │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── check_vars.yml │ │ │ ├── dependencies.yml │ │ │ ├── download.yml │ │ │ ├── install.yml │ │ │ ├── local_facts.yml │ │ │ ├── main.yml │ │ │ ├── sentinel.yml │ │ │ └── server.yml │ │ ├── templates │ │ │ ├── Debian │ │ │ │ ├── redis.init.j2 │ │ │ │ └── redis_sentinel.init.j2 │ │ │ ├── RedHat │ │ │ │ ├── redis.init.j2 │ │ │ │ └── redis_sentinel.init.j2 │ │ │ ├── default │ │ │ │ ├── redis.init.j2 │ │ │ │ ├── redis.service.j2 │ │ │ │ ├── redis_sentinel.init.j2 │ │ │ │ └── redis_sentinel.service.j2 │ │ │ ├── etc │ │ │ │ ├── ansible │ │ │ │ │ └── facts.d │ │ │ │ │ │ └── redis.fact.j2 │ │ │ │ └── tmpfiles.d │ │ │ │ │ └── redis.conf.j2 │ │ │ ├── redis.conf.j2 │ │ │ ├── redis.init.conf.j2 │ │ │ └── redis_sentinel.conf.j2 │ │ ├── test │ │ │ ├── integration │ │ │ │ ├── checksum │ │ │ │ │ ├── default.yml │ │ │ │ │ └── serverspec │ │ │ │ │ │ ├── redis_spec.rb │ │ │ │ │ │ └── spec_helper.rb │ │ │ │ ├── default │ │ │ │ │ ├── default.yml │ │ │ │ │ └── serverspec │ │ │ │ │ │ ├── redis_spec.rb │ │ │ │ │ │ └── spec_helper.rb │ │ │ │ ├── logfile │ │ │ │ │ ├── default.yml │ │ │ │ │ └── serverspec │ │ │ │ │ │ ├── log_spec.rb │ │ │ │ │ │ └── spec_helper.rb │ │ │ │ ├── sentinel │ │ │ │ │ ├── default.yml │ │ │ │ │ └── serverspec │ │ │ │ │ │ ├── sentinel_spec.rb │ │ │ │ │ │ └── spec_helper.rb │ │ │ │ └── service-name │ │ │ │ │ ├── default.yml │ │ │ │ │ └── serverspec │ │ │ │ │ ├── redis_spec.rb │ │ │ │ │ └── spec_helper.rb │ │ │ ├── test_all.yml │ │ │ ├── test_sentinel.yml │ │ │ └── test_server.yml │ │ └── vars │ │ │ └── main.yml │ ├── Oefenweb.swapfile │ │ ├── .gitignore │ │ ├── .travis.yml │ │ ├── Dockerfile │ │ ├── LICENSE.txt │ │ ├── README.md │ │ ├── Vagrantfile │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── empty │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ └── empty │ │ ├── tests │ │ │ ├── inventory │ │ │ ├── test.yml │ │ │ └── vagrant.yml │ │ └── vars │ │ │ └── main.yml │ ├── anxs.postgresql │ │ ├── .gitignore │ │ ├── .travis.yml │ │ ├── LICENSE │ │ ├── README.md │ │ ├── ansible.cfg │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── configure.yml │ │ │ ├── databases.yml │ │ │ ├── extensions.yml │ │ │ ├── extensions │ │ │ │ ├── contrib.yml │ │ │ │ ├── dev_headers.yml │ │ │ │ └── postgis.yml │ │ │ ├── install.yml │ │ │ ├── install_yum.yml │ │ │ ├── main.yml │ │ │ ├── monit.yml │ │ │ ├── users.yml │ │ │ └── users_privileges.yml │ │ ├── templates │ │ │ ├── HOWTO.postgresql.conf │ │ │ ├── etc_apt_preferences.d_apt_postgresql_org_pub_repos_apt.pref.j2 │ │ │ ├── etc_monit_conf.d_postgresql.j2 │ │ │ ├── etc_systemd_system_postgresql.service.d_custom.conf.j2 │ │ │ ├── pg_hba.conf.j2 │ │ │ ├── postgresql.conf-10.j2 │ │ │ ├── postgresql.conf-10.orig │ │ │ ├── postgresql.conf-9.1.j2 │ │ │ ├── postgresql.conf-9.1.orig │ │ │ ├── postgresql.conf-9.2.j2 │ │ │ ├── postgresql.conf-9.2.orig │ │ │ ├── postgresql.conf-9.3.j2 │ │ │ ├── postgresql.conf-9.3.orig │ │ │ ├── postgresql.conf-9.4.j2 │ │ │ ├── postgresql.conf-9.4.orig │ │ │ ├── postgresql.conf-9.5.j2 │ │ │ ├── postgresql.conf-9.5.orig │ │ │ ├── postgresql.conf-9.6.j2 │ │ │ └── postgresql.conf-9.6.orig │ │ ├── tests │ │ │ ├── Dockerfile-centos6 │ │ │ ├── Dockerfile-ubuntu14.04 │ │ │ ├── docker │ │ │ │ ├── group_vars │ │ │ │ │ ├── all.yml │ │ │ │ │ └── postgresql.yml │ │ │ │ ├── hosts │ │ │ │ ├── images │ │ │ │ │ ├── Dockerfile.centos.6-builded │ │ │ │ │ ├── Dockerfile.centos.7-builded │ │ │ │ │ ├── Dockerfile.debian.8-builded │ │ │ │ │ ├── Dockerfile.debian.9-builded │ │ │ │ │ └── Dockerfile.ubuntu.16.04-builded │ │ │ │ └── site.yml │ │ │ ├── idempotence_check.sh │ │ │ ├── playbook.yml │ │ │ └── vars.yml │ │ └── vars │ │ │ ├── Debian.yml │ │ │ ├── RedHat.yml │ │ │ ├── empty.yml │ │ │ └── xenial.yml │ ├── geerlingguy.certbot │ │ ├── .gitignore │ │ ├── .travis.yml │ │ ├── LICENSE │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── molecule │ │ │ └── default │ │ │ │ ├── molecule.yml │ │ │ │ ├── playbook-source-install.yml │ │ │ │ ├── playbook-standalone-nginx-aws.yml │ │ │ │ ├── playbook.yml │ │ │ │ ├── requirements.yml │ │ │ │ ├── tests │ │ │ │ └── test_default.py │ │ │ │ └── yaml-lint.yml │ │ ├── tasks │ │ │ ├── create-cert-standalone.yml │ │ │ ├── include-vars.yml │ │ │ ├── install-from-source.yml │ │ │ ├── install-with-package.yml │ │ │ ├── main.yml │ │ │ └── renew-cron.yml │ │ └── vars │ │ │ ├── Ubuntu-16.04.yml │ │ │ └── default.yml │ ├── nickhammond.logrotate │ │ ├── .gitignore │ │ ├── .travis.yml │ │ ├── LICENSE │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ └── logrotate.d.j2 │ │ └── tests │ │ │ ├── Vagrantfile │ │ │ ├── inventory │ │ │ └── test.yml │ └── zzet.rbenv │ │ ├── .kitchen.yml │ │ ├── .travis.yml │ │ ├── README.md │ │ ├── defaults │ │ └── main.yml │ │ ├── files │ │ ├── default-gems │ │ ├── gemrc │ │ └── vars │ │ ├── handlers │ │ └── main.yml │ │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ │ ├── role.yml │ │ ├── tasks │ │ ├── apt_build_depends.yml │ │ ├── dnf_build_depends.yml │ │ ├── homebrew_build_depends.yml │ │ ├── main.yml │ │ ├── pacman_build_depends.yml │ │ ├── system_install.yml │ │ ├── user_install.yml │ │ └── yum_build_depends.yml │ │ ├── templates │ │ ├── rbenv_system.sh.j2 │ │ └── rbenv_user.sh.j2 │ │ ├── test │ │ └── integration │ │ │ ├── default │ │ │ └── serverspec │ │ │ │ └── rbenv_spec.rb │ │ │ ├── helpers │ │ │ └── serverspec │ │ │ │ └── spec_helper.rb │ │ │ └── site.yml │ │ └── vars │ │ ├── main.yml │ │ ├── system.yml │ │ └── user.yml └── templates │ ├── ajenti_config.j2 │ ├── dkim │ ├── KeyTable │ ├── SigningTable │ ├── TrustedHosts │ ├── keys │ │ ├── example.com │ │ │ ├── mail.private │ │ │ └── mail.txt │ │ └── example2.com │ │ │ ├── mail.private │ │ │ └── mail.txt │ └── opendkim.conf │ ├── nginx │ ├── app_virtualhost.conf.j2 │ ├── certbot.j2 │ ├── nginx.conf.j2 │ ├── passenger.j2 │ └── staticsite_virtualhost.conf.j2 │ ├── postfix_aliases.j2 │ └── ssh │ ├── demo_key1.pub │ └── demo_key2.pub ├── .gitignore ├── README.md ├── ansible.cfg └── config ├── database.yml └── secrets.yml /.ansible/books/ajenti_book.yml: -------------------------------------------------------------------------------- 1 | # Ajenti 1.x admin web panel setup 2 | # http://ajenti.org 3 | # https://support.ajenti.org/knowledge-bases/5/articles/1121-installing-on-ubuntu 4 | --- 5 | - name: Set up ajenti 1.x panel 6 | hosts: ajenti 7 | remote_user: root 8 | 9 | tasks: 10 | # Add specified repository into sources list using specified filename. 11 | - name: Add an Apt signing key, uses whichever key is at the URL 12 | apt_key: 13 | url: http://repo.ajenti.org/debian/key 14 | state: present 15 | 16 | - apt_repository: 17 | repo: deb http://repo.ajenti.org/ng/debian main main ubuntu 18 | state: present 19 | 20 | - name: Update repositories cache and install ajenti 21 | apt: 22 | name: ajenti 23 | update_cache: yes 24 | 25 | - name: Copy configuration 26 | template: 27 | src: ../templates/ajenti_config.j2 28 | dest: /etc/ajenti/config.json 29 | notify: restart ajenti 30 | 31 | roles: 32 | - role: nickhammond.logrotate 33 | logrotate_scripts: 34 | - name: ajenti 35 | path: /var/log/ajenti/*.log 36 | options: 37 | - weekly 38 | - rotate 4 39 | - missingok 40 | - compress 41 | - delaycompress 42 | 43 | handlers: 44 | - name: restart ajenti 45 | service: 46 | name: ajenti 47 | state: restarted 48 | -------------------------------------------------------------------------------- /.ansible/books/app_files_book.yml: -------------------------------------------------------------------------------- 1 | # Application config files provisioning: logrotate, rails options, nginx virtualhost 2 | # Logrotate role used https://github.com/nickhammond/ansible-logrotate 3 | --- 4 | - name: Prepare app dirs and configs 5 | hosts: passenger-nginx-app* 6 | remote_user: '{{ _remote_user }}' 7 | become: false 8 | 9 | roles: 10 | - role: nickhammond.logrotate 11 | become: true 12 | 13 | logrotate_scripts: 14 | - name: '{{ _app.name }}' 15 | path: '{{ _app.logs_path }}/*.log' 16 | options: 17 | - daily 18 | - rotate 7 19 | - missingok 20 | - compress 21 | - delaycompress 22 | - notifempty 23 | - create 0666 {{ _remote_user }} {{ _remote_user }} 24 | when: _app.logs_path is defined 25 | 26 | tasks: 27 | - name: Create apps dir 28 | file: 29 | path: '{{ _app.path }}' 30 | state: directory 31 | 32 | - name: Copy local files 33 | copy: 34 | src: '{{ item.src }}' 35 | dest: '{{ item.dest }}' 36 | with_items: '{{ _copy_files }}' 37 | 38 | - name: Configure virtual host 39 | become: true 40 | template: 41 | src: ../templates/nginx/app_virtualhost.conf.j2 42 | dest: /etc/nginx/sites-available/{{ _app.name }}.conf 43 | notify: restart nginx 44 | 45 | - name: Ensure virtual host is enabled 46 | become: true 47 | file: 48 | src: /etc/nginx/sites-available/{{ _app.name }}.conf 49 | dest: /etc/nginx/sites-enabled/{{ _app.name }}.conf 50 | state: link 51 | notify: restart nginx 52 | 53 | handlers: 54 | - name: restart nginx 55 | become: true 56 | service: name=nginx state=restarted -------------------------------------------------------------------------------- /.ansible/books/app_healthcheck_book.yml: -------------------------------------------------------------------------------- 1 | # Simple services health checkup for paranoics and occasional use 2 | --- 3 | - name: Services Healthchecks 4 | hosts: all 5 | remote_user: '{{ _remote_user }}' 6 | 7 | tasks: 8 | - name: Passenger 9 | shell: passenger-config validate-install --auto 10 | when: "'passenger' in '{{ group_names|join(' ') }}'" 11 | ignore_errors: yes 12 | 13 | - shell: service redis_6379 status 14 | when: "'redis' in '{{ group_names|join(' ') }}'" 15 | ignore_errors: yes 16 | 17 | - shell: service nginx status 18 | when: "'nginx' in '{{ group_names|join(' ') }}'" 19 | ignore_errors: yes 20 | 21 | - shell: service postfix status 22 | when: "'postfix' in '{{ group_names|join(' ') }}'" 23 | ignore_errors: yes 24 | 25 | - shell: service opendkim status 26 | when: "'dkim' in '{{ group_names|join(' ') }}'" 27 | ignore_errors: yes 28 | 29 | - shell: service postgresql@{{ postgresql_version }}-{{postgresql_cluster_name}} status 30 | when: "'postgres' in '{{ group_names|join(' ') }}'" 31 | ignore_errors: yes 32 | -------------------------------------------------------------------------------- /.ansible/books/app_postgres_book.yml: -------------------------------------------------------------------------------- 1 | # Rails Postgres DB provisioning for the app host 2 | # Based on typical database.yml configuration (see postgres.yml for config) 3 | # 4 | --- 5 | - name: Create PG user+DB 6 | hosts: postgres* 7 | remote_user: '{{ _remote_user }}' 8 | become: true 9 | 10 | tasks: 11 | - include_vars: 12 | file: "{{ _databaseyml_path|default ('../../config/database.yml') }}" 13 | name: railsdb 14 | 15 | # required for postgresql_ ansible tasks 16 | - apt: 17 | name: python3-psycopg2 18 | 19 | - set_fact: 20 | db: '[ {% for k, v in railsdb.items() %}{% if k in _appstages %}{{ v }},{% endif %} {% endfor %} ]' 21 | 22 | - name: Create User 23 | become_user: postgres 24 | postgresql_user: 25 | name: "{{ item.username|default (item.user) }}" 26 | password: "{{ item.password }}" 27 | conn_limit: "{{ ((item.pool|default (5))|int + 1) * 7 }}" 28 | role_attr_flags: "{{ _pguser_priveleges| default('LOGIN,CREATEDB,NOSUPERUSER,NOCREATEROLE,NOREPLICATION') }}" 29 | with_items: '{{ db }}' 30 | 31 | - name: Create DB 32 | become_user: postgres 33 | postgresql_db: 34 | name: "{{ item.database }}" 35 | encoding: "{{ item.encoding|default ('UTF-8') }}" 36 | lc_collate: "{{ item.collation|default ('') }}" 37 | lc_ctype: "{{ item.ctype|default ('') }}" 38 | template: "{{ item.template|default ('template0') }}" 39 | owner: "{{ item.username|default (item.user) }}" 40 | with_items: '{{ db }}' 41 | 42 | 43 | # 2check in psql 44 | # select * from pg_shadow; 45 | # \l 46 | # \du -------------------------------------------------------------------------------- /.ansible/books/app_rubyrbenv_book.yml: -------------------------------------------------------------------------------- 1 | # rbenv/Ruby provisioning for the app host 2 | # Role used https://github.com/zzet/ansible-rbenv-role 3 | --- 4 | - name: Ruby setup 5 | hosts: passenger-nginx-app* 6 | remote_user: '{{ _remote_user }}' 7 | become: true 8 | gather_facts: true 9 | vars: 10 | rbenv: 11 | env: user 12 | version: '{{ _rbenv }}' 13 | default_ruby: '{{ _ruby }}' 14 | rubies: 15 | - version: '{{ _ruby }}' 16 | 17 | roles: 18 | - role: zzet.rbenv 19 | rbenv_users: 20 | - '{{ _remote_user }}' 21 | 22 | post_tasks: 23 | - command: 'sudo -iu {{ _remote_user }} gem update --system' 24 | when: _ruby_updategem is defined and _ruby_updategem 25 | # https://github.com/ansible/ansible/issues/4854 -------------------------------------------------------------------------------- /.ansible/books/aptupgrade.yml: -------------------------------------------------------------------------------- 1 | # APT packages update & upgrade 2 | --- 3 | - name: APT update 4 | hosts: all 5 | remote_user: root 6 | 7 | tasks: 8 | - name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago 9 | apt: 10 | update_cache: yes 11 | cache_valid_time: 3600 12 | 13 | - name: Update all packages to the latest version 14 | apt: 15 | upgrade: full 16 | when: _aptupgrade is defined and _aptupgrade 17 | 18 | - name: Clean apt 19 | apt: 20 | autoclean: yes 21 | autoremove: yes 22 | when: _aptupgrade is defined and _aptupgrade 23 | -------------------------------------------------------------------------------- /.ansible/books/dkim_book.yml: -------------------------------------------------------------------------------- 1 | # Set up opendkim server, join DKIM and postfix with milters 2 | # 3 | --- 4 | - name: Setup DKIM 5 | hosts: postfix-dkim 6 | remote_user: '{{ _remote_user }}' 7 | become: true 8 | 9 | tasks: 10 | - apt: 11 | update_cache: yes 12 | upgrade: dist 13 | 14 | - name: Install DKIM packages 15 | apt: 16 | name: '{{ item }}' 17 | with_items: 18 | - opendkim 19 | - opendkim-tools 20 | 21 | - blockinfile: 22 | path: /etc/opendkim.conf 23 | block: "{{ lookup('file', '../templates/dkim/opendkim.conf') }}" 24 | notify: restart opendkim 25 | 26 | - lineinfile: 27 | path: /etc/opendkim.conf 28 | line: 'Socket {{ _dkim_host }}' 29 | notify: restart opendkim 30 | 31 | - blockinfile: 32 | path: /etc/default/opendkim 33 | block: | 34 | SOCKET="{{ _dkim_host }}" 35 | notify: restart opendkim 36 | 37 | - lineinfile: 38 | path: /etc/postfix/main.cf 39 | state: present 40 | regexp: '^milter_protocol' 41 | line: 'milter_protocol = 2' 42 | notify: restart postfix 43 | 44 | - lineinfile: 45 | path: /etc/postfix/main.cf 46 | state: present 47 | regexp: '^milter_default_action' 48 | line: 'milter_default_action = accept' 49 | notify: restart postfix 50 | 51 | - blockinfile: 52 | path: /etc/postfix/main.cf 53 | block: | 54 | smtpd_milters = {{ _dkim_milter }} 55 | non_smtpd_milters = {{ _dkim_milter }} 56 | notify: 57 | - restart opendkim 58 | - restart postfix 59 | 60 | - file: 61 | path: /etc/opendkim/keys 62 | state: directory 63 | 64 | # Copy blank files placeholders 65 | - copy: 66 | src: '../templates/dkim/{{ item }}' 67 | dest: '/etc/opendkim/{{ item }}' 68 | force: no 69 | with_items: 70 | - TrustedHosts 71 | - KeyTable 72 | - SigningTable 73 | 74 | handlers: 75 | - name: restart opendkim 76 | service: name=opendkim state=restarted 77 | 78 | - name: restart postfix 79 | service: name=postfix state=restarted -------------------------------------------------------------------------------- /.ansible/books/dkimkeys_book.yml: -------------------------------------------------------------------------------- 1 | # Copy (or create) DKIM keys for multiple domains 2 | --- 3 | - name: Provision DKIM keys 4 | hosts: postfix-dkim 5 | remote_user: '{{ _remote_user }}' 6 | become: true 7 | 8 | tasks: 9 | - lineinfile: 10 | path: /etc/opendkim/KeyTable 11 | line: mail._domainkey.{{ item }} {{ item }}:mail:/etc/opendkim/keys/{{ item }}/mail.private 12 | with_items: '{{ _dkim_domains }}' 13 | 14 | - lineinfile: 15 | path: /etc/opendkim/TrustedHosts 16 | line: '*.{{ item }}' 17 | with_items: '{{ _dkim_domains }}' 18 | 19 | - lineinfile: 20 | path: /etc/opendkim/SigningTable 21 | line: '*@{{ item }} mail._domainkey.{{ item }}' 22 | with_items: '{{ _dkim_domains }}' 23 | 24 | - copy: 25 | src: '../templates/dkim/keys/{{ item }}' 26 | dest: '/etc/opendkim/keys/' 27 | mode: 0600 28 | owner: root 29 | group: root 30 | with_items: '{{ _dkim_domains }}' 31 | when: _dkim_newkeys is undefined or not _dkim_newkeys 32 | 33 | - file: 34 | path: /etc/opendkim/keys/{{ item }} 35 | state: directory 36 | with_items: '{{ _dkim_domains }}' 37 | when: _dkim_newkeys is defined and _dkim_newkeys 38 | 39 | - name: Generate new keys 40 | shell: opendkim-genkey -s mail -d {{ item }} 41 | args: 42 | chdir: /etc/opendkim/keys/{{ item }}/ 43 | with_items: '{{ _dkim_domains }}' 44 | when: _dkim_newkeys is defined and _dkim_newkeys 45 | 46 | - name: Download DKIM keys locally 47 | shell: (cd /etc/opendkim/keys; find . -maxdepth 3 -type f) 48 | register: files_to_copy 49 | when: _dkim_newkeys is defined and _dkim_newkeys 50 | 51 | - fetch: src=/etc/opendkim/keys/{{ item }} dest=../../tmp/dkimkeys/{{ item }} flat=yes 52 | with_items: '{{ files_to_copy.stdout_lines }}' 53 | when: _dkim_newkeys is defined and _dkim_newkeys 54 | 55 | - file: 56 | path: '/etc/opendkim/keys/{{ item }}/mail.private' 57 | mode: 0600 58 | owner: opendkim 59 | group: opendkim 60 | with_items: '{{ _dkim_domains }}' 61 | notify: 62 | - restart opendkim 63 | - restart postfix 64 | 65 | handlers: 66 | - name: restart postfix 67 | service: name=postfix state=restarted 68 | 69 | - name: restart opendkim 70 | service: name=opendkim state=restarted -------------------------------------------------------------------------------- /.ansible/books/go.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # System playbooks 3 | # Provisioning all app independent VPS nut and bolts 4 | - import_playbook: aptupgrade.yml 5 | - import_playbook: localetimezone_book.yml 6 | - import_playbook: ajenti_book.yml 7 | - import_playbook: remoteuser_book.yml 8 | - import_playbook: postfix_book.yml 9 | - import_playbook: dkim_book.yml 10 | - import_playbook: dkimkeys_book.yml 11 | - import_playbook: postgres_book.yml 12 | - import_playbook: redis_book.yml 13 | - import_playbook: nginxpassenger_book.yml 14 | - import_playbook: ssl_letsencrypt_book.yml 15 | - import_playbook: misc_book.yml 16 | 17 | # App related playbooks 18 | - import_playbook: app_files_book.yml 19 | - import_playbook: app_rubyrbenv_book.yml 20 | - import_playbook: app_postgres_book.yml 21 | - import_playbook: app_healthcheck_book.yml 22 | 23 | -------------------------------------------------------------------------------- /.ansible/books/localetimezone_book.yml: -------------------------------------------------------------------------------- 1 | # Locale, timezone provisioning for all server groups 2 | # Variables from `group_vars/all.yml` applied 3 | # 4 | # Any variable may be overriden in `group_vars/.yml` 5 | # 6 | # WARNING! Locale update requires server reboot, it may take some time or even break 7 | # no worries here — you may just run the book again after reconnect. 8 | --- 9 | - name: Setup locale and timezone 10 | hosts: all 11 | remote_user: root 12 | 13 | tasks: 14 | - name: Create {{ _language }} locale 15 | locale_gen: 16 | name: '{{ _language }}' 17 | state: present 18 | register: locale_update 19 | when: _language is defined 20 | 21 | - name: Create {{ _locale }} locale 22 | locale_gen: 23 | name: '{{ _locale }}' 24 | state: present 25 | register: locale_update 26 | when: _locale is defined 27 | 28 | - name: add LC_ALL to environment 29 | lineinfile: 30 | path: /etc/environment 31 | state: present 32 | regexp: '^LC_ALL=' 33 | line: 'LC_ALL={{ _locale }}' 34 | register: locale_update 35 | when: _locale is defined 36 | 37 | - name: add LC_COLLATE to environment 38 | lineinfile: 39 | path: /etc/environment 40 | state: present 41 | regexp: '^LC_COLLATE=' 42 | line: 'LC_COLLATE={{ _locale }}' 43 | register: locale_update 44 | when: _locale is defined 45 | 46 | - name: add LANG to environment 47 | lineinfile: 48 | path: /etc/environment 49 | state: present 50 | regexp: '^LANG=' 51 | line: 'LANG={{ _language }}' 52 | register: locale_update 53 | when: _language is defined 54 | 55 | - name: add LANGUAGE to environment 56 | lineinfile: 57 | path: /etc/environment 58 | state: present 59 | regexp: '^LANGUAGE=' 60 | line: 'LANGUAGE={{ _language }}' 61 | register: locale_update 62 | when: _language is defined 63 | 64 | # sudo timedatectl set-timezone America/New_York 65 | - name: set timezone to {{ _timezone }} 66 | timezone: 67 | name: '{{ _timezone }}' 68 | when: _timezone is defined 69 | 70 | - name: Reboot 71 | shell: "sleep 5 && reboot" 72 | async: 1 73 | poll: 0 74 | when: locale_update is changed 75 | 76 | - name: Wait for the reboot to complete... 77 | wait_for_connection: 78 | connect_timeout: 20 79 | sleep: 5 80 | delay: 5 81 | timeout: 300 82 | when: locale_update is changed 83 | -------------------------------------------------------------------------------- /.ansible/books/misc_book.yml: -------------------------------------------------------------------------------- 1 | # Additional system tweaks 2 | # please understand what you're doing before doing it 3 | --- 4 | - name: Useful tweaks 5 | hosts: all 6 | remote_user: '{{ _remote_user }}' 7 | become: true 8 | 9 | roles: 10 | - role: Oefenweb.swapfile 11 | # see https://github.com/Oefenweb/ansible-swapfile for options 12 | 13 | 14 | tasks: 15 | - name: Email entry crontab 16 | cronvar: 17 | name: MAILTO 18 | value: '{{ _cron_mailto }}' 19 | when: _cron_mailto is defined 20 | 21 | 22 | # How 2check: 23 | # crontab -e (MAILTO var) 24 | # sudo sysctl vm.swappiness 25 | # cat /proc/sys/vm/vfs_cache_pressure 26 | # free -m -------------------------------------------------------------------------------- /.ansible/books/nginxpassenger_book.yml: -------------------------------------------------------------------------------- 1 | # Basic system wide Nginx+Passenger provisioning 2 | # Without specific app 3 | # 4 | # Works only on Ubuntu 16.04 5 | # For other OS book requires update according to 6 | # https://www.phusionpassenger.com/library/install/nginx/install/oss/#select_os 7 | --- 8 | - name: Install nginx-passenger 9 | hosts: passenger-nginx-app* staticsite* 10 | remote_user: '{{ _remote_user }}' 11 | become: true 12 | 13 | tasks: 14 | - name: Add apt HTTPS capabilities. 15 | apt: "pkg={{ item }} state=latest" 16 | with_items: 17 | - apt-transport-https 18 | - ca-certificates 19 | 20 | - name: Additional packages 21 | apt: "pkg={{ item }} state=latest" 22 | with_items: '{{ _addons }}' 23 | 24 | - name: Keys packages 25 | apt: 26 | pkg: dirmngr,gnupg 27 | state: latest 28 | 29 | - name: passenger repo key 30 | apt_key: 31 | keyserver: hkp://keyserver.ubuntu.com:80 32 | id: 561F9B9CAC40B2F7 33 | state: present 34 | 35 | - name: Keys packages 36 | apt: 37 | pkg: apt-transport-https,ca-certificates 38 | 39 | - name: adding passenger repo 40 | apt_repository: 41 | repo: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ ansible_distribution_release }} main 42 | state: present 43 | 44 | - name: installing passenger + NGINX 45 | apt: 46 | name: "{{ item }}" 47 | state: latest 48 | update_cache: yes 49 | notify: restart nginx 50 | with_items: 51 | - nginx-extras 52 | - passenger 53 | 54 | - template: 55 | src: ../templates/nginx/passenger.j2 56 | dest: /etc/nginx/passenger.conf 57 | notify: restart nginx 58 | 59 | # Nginx and configuration. 60 | - name: Copy Nginx configuration into place. 61 | template: 62 | src: ../templates/nginx/nginx.conf.j2 63 | dest: /etc/nginx/nginx.conf 64 | notify: restart nginx 65 | 66 | - name: drop default virtual host 67 | file: 68 | path: /etc/nginx/sites-enabled/default 69 | state: absent 70 | notify: restart nginx 71 | when: _drop_defhost is defined and _drop_defhost 72 | 73 | - name: Remove useless packages 74 | apt: 75 | autoclean: yes 76 | autoremove: yes 77 | 78 | handlers: 79 | - name: restart nginx 80 | service: name=nginx state=restarted 81 | -------------------------------------------------------------------------------- /.ansible/books/postfix_book.yml: -------------------------------------------------------------------------------- 1 | # Standalone "send-only" mode Postfix provisioning 2 | --- 3 | - name: Setup postfix server 4 | hosts: postfix-dkim 5 | remote_user: '{{ _remote_user }}' 6 | become: true 7 | # 8 | tasks: 9 | # Interactive vars setup 10 | - name: gui options postfix Type 11 | debconf: 12 | name: postfix 13 | question: postfix/main_mailer_type 14 | answer: Internet Site 15 | vtype: select 16 | 17 | - name: gui options postfix URL 18 | debconf: 19 | name: postfix 20 | question: postfix/mailname 21 | answer: '{{ _server_url }}' 22 | vtype: string 23 | 24 | - name: Install postfix package 25 | apt: 26 | name: mailutils 27 | update_cache: yes 28 | # http://unix.stackexchange.com/questions/185365/mail-cannot-send-message-process-exited-with-a-non-zero-status 29 | 30 | - name: Add mailname 31 | copy: 32 | content: '{{ _server_url }}' 33 | dest: /etc/mailname 34 | # group: root 35 | # owner: root 36 | # mode: 0644 37 | 38 | - lineinfile: 39 | path: /etc/postfix/main.cf 40 | state: present 41 | regexp: '^myorigin' 42 | line: 'myorigin = /etc/mailname' 43 | notify: restart postfix 44 | 45 | - lineinfile: 46 | path: /etc/postfix/main.cf 47 | state: present 48 | regexp: '^inet_interfaces' 49 | line: 'inet_interfaces = loopback-only' 50 | notify: restart postfix 51 | 52 | - lineinfile: 53 | path: /etc/postfix/main.cf 54 | state: present 55 | regexp: '^local_transport' 56 | line: 'local_transport = error:local delivery is disabled' 57 | notify: restart postfix 58 | 59 | - lineinfile: 60 | path: /etc/postfix/main.cf 61 | state: present 62 | regexp: '^alias_maps' 63 | line: 'alias_maps = hash:/etc/aliases' 64 | notify: restart postfix 65 | 66 | - lineinfile: 67 | path: /etc/postfix/main.cf 68 | state: present 69 | regexp: '^mydestination' 70 | line: 'mydestination = ' 71 | notify: restart postfix 72 | 73 | - lineinfile: 74 | path: /etc/postfix/main.cf 75 | state: present 76 | regexp: '^alias_database' 77 | line: 'alias_database = hash:/etc/aliases' 78 | notify: restart postfix 79 | 80 | - lineinfile: 81 | path: /etc/postfix/main.cf 82 | state: present 83 | regexp: '^myhostname' 84 | line: 'myhostname = {{ _server_url }}' 85 | notify: restart postfix 86 | 87 | - template: 88 | src: ../templates/postfix_aliases.j2 89 | dest: /etc/aliases 90 | notify: 91 | - restart postfix 92 | - newaliases 93 | 94 | handlers: 95 | - name: restart postfix 96 | service: name=postfix state=restarted 97 | 98 | - name: newaliases 99 | command: newaliases 100 | -------------------------------------------------------------------------------- /.ansible/books/postgres_book.yml: -------------------------------------------------------------------------------- 1 | # Postgres system wide provisioning 2 | # made by anxs.postgresql role + with minor bugfixes https://github.com/ANXS/postgresql 3 | --- 4 | - name: Install Postgres 5 | hosts: postgres* 6 | remote_user: '{{ _remote_user }}' 7 | become: true 8 | 9 | pre_tasks: 10 | - sysctl: 11 | name: kernel.shmmax 12 | value: _kernel_shmmax 13 | reload: yes 14 | when: _kernel_shmmax is defined 15 | 16 | - sysctl: 17 | name: kernel.shmall 18 | value: _kernel_shmall 19 | reload: yes 20 | when: _kernel_shmall is defined 21 | 22 | roles: 23 | - role: anxs.postgresql 24 | 25 | post_tasks: 26 | # encrypted pass = 'md5' (in hex lowercase format) 27 | - name: Set up postgres user PW 28 | command: psql -U postgres -c "ALTER USER postgres WITH ENCRYPTED PASSWORD '{{_postgres_user_pass}}';" 29 | notify: restart postgresql 30 | when: _postgres_user_pass is defined 31 | -------------------------------------------------------------------------------- /.ansible/books/redis_book.yml: -------------------------------------------------------------------------------- 1 | # Redis provisioning for all `redis` group servers 2 | # 3 | --- 4 | - name: Install Redis 5 | hosts: redis 6 | remote_user: '{{ _remote_user }}' 7 | become: true 8 | 9 | roles: 10 | - role: DavidWittman.redis 11 | -------------------------------------------------------------------------------- /.ansible/books/remoteuser_book.yml: -------------------------------------------------------------------------------- 1 | # Adding unpriveleged user for your app, configured for all host groups 2 | # Can be configured on a per group basis (see group_vars/ for details) 3 | # 4 | --- 5 | - name: Set up 'deploy' user 6 | hosts: all 7 | remote_user: root 8 | vars: 9 | sshd_config: /etc/ssh/sshd_config 10 | 11 | tasks: 12 | - name: Create {{ _remote_user }} user 13 | user: 14 | name: '{{ _remote_user }}' 15 | password: '{{ _remote_user_sudopass }}' 16 | groups: '{{ _remote_user_groups }}' 17 | state: present 18 | shell: /bin/bash # Defaults to /bin/bash 19 | system: no # Defaults to no 20 | createhome: yes # Defaults to yes 21 | 22 | - name: allow %adm use service without pw 23 | blockinfile: 24 | path: /etc/sudoers 25 | block: | 26 | %adm ALL=NOPASSWD: /usr/sbin/service 27 | 28 | - name: Set up authorized keys for {{ _remote_user }} 29 | authorized_key: 30 | user: '{{ _remote_user }}' 31 | state: present 32 | key: '{{ item }}' 33 | with_file: '{{ _remote_user_keys }}' 34 | register: add_identity_key 35 | notify: restart ssh 36 | 37 | # YOU SHOULD NEVER REMOVE THIS STEP! 38 | - name: Disable password login 39 | lineinfile: dest={{ sshd_config }} regexp="^(#\s*)?PasswordAuthentication " line="PasswordAuthentication no" 40 | when: add_identity_key is success and not add_identity_key is skipped 41 | notify: restart ssh 42 | 43 | handlers: 44 | - name: restart ssh 45 | service: name=ssh state=restarted -------------------------------------------------------------------------------- /.ansible/books/ssl_letsencrypt_book.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ubuntu letsencrypt SSL setup 3 | hosts: passenger-nginx-app* staticsite* 4 | remote_user: '{{ _remote_user }}' 5 | become: true 6 | 7 | # https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx 8 | # https://github.com/geerlingguy/ansible-role-certbot 9 | 10 | vars: 11 | certbot_auto_renew_user: '{{ _remote_user }}' 12 | certbot_auto_renew_options: '--max-log-backups 100 --no-self-upgrade --pre-hook "service nginx stop" --post-hook "service nginx start"' 13 | certbot_install_from_source: yes 14 | 15 | # Certbot renew crontab options 16 | certbot_auto_renew_weekday: 3 17 | certbot_auto_renew_hour: 6 18 | certbot_auto_renew_minute: 20 19 | 20 | certbot_create_if_missing: yes 21 | certbot_create_method: standalone 22 | 23 | certbot_admin_email: '{{ _admin_email }}' 24 | certbot_certs: '{{ _ssl_domains }}' 25 | 26 | certbot_create_standalone_stop_services: 27 | - nginx 28 | 29 | roles: 30 | - name: geerlingguy.certbot 31 | when: letsencrypt 32 | 33 | post_tasks: 34 | # SSL template 35 | - name: Copy LetsEncrypt configuration 36 | template: 37 | src: ../templates/nginx/certbot.j2 38 | dest: /etc/nginx/certbot_{{ _app.name }}.conf 39 | when: letsencrypt 40 | 41 | # 2check: 42 | # certbot certificates 43 | # ls -ls /etc/letsencrypt/live/** -------------------------------------------------------------------------------- /.ansible/books/staticsite_files_book.yml: -------------------------------------------------------------------------------- 1 | # Application config files provisioning: logrotate, rails options, nginx virtualhost 2 | # Logrotate role used https://github.com/nickhammond/ansible-logrotate 3 | --- 4 | - name: Prepare app dirs and configs 5 | hosts: staticsite* 6 | remote_user: '{{ _remote_user }}' 7 | become: false 8 | 9 | roles: 10 | - role: nickhammond.logrotate 11 | become: true 12 | 13 | logrotate_scripts: 14 | - name: '{{ _site.name }}' 15 | path: '{{ _site.logs_path }}/*.log' 16 | options: 17 | - daily 18 | - rotate 7 19 | - missingok 20 | - compress 21 | - delaycompress 22 | - notifempty 23 | - create 0666 {{ _remote_user }} {{ _remote_user }} 24 | when: _site.logs_path is defined 25 | 26 | tasks: 27 | - name: Create apps dir 28 | file: 29 | path: '{{ item }}' 30 | state: directory 31 | with_items: 32 | - '{{ _site.www_path }}' 33 | - '{{ _site.logs_path }}' 34 | notify: restart nginx 35 | 36 | - name: Copy local files 37 | copy: 38 | src: '{{ item.src }}' 39 | dest: '{{ item.dest }}' 40 | with_items: '{{ _copy_files }}' 41 | when: _copy_files is defined 42 | notify: restart nginx 43 | 44 | - name: Configure virtual host 45 | become: true 46 | template: 47 | src: ../templates/nginx/staticsite_virtualhost.conf.j2 48 | dest: /etc/nginx/sites-available/{{ _site.nginx_config_prefix}}{{ _site.name }}.conf 49 | notify: restart nginx 50 | 51 | - name: Ensure virtual host is enabled 52 | become: true 53 | file: 54 | src: /etc/nginx/sites-available/{{ _site.nginx_config_prefix}}{{ _site.name }}.conf 55 | dest: /etc/nginx/sites-enabled/{{ _site.nginx_config_prefix}}{{ _site.name }}.conf 56 | state: link 57 | notify: restart nginx 58 | 59 | handlers: 60 | - name: restart nginx 61 | become: true 62 | service: name=nginx state=restarted -------------------------------------------------------------------------------- /.ansible/group_vars/ajenti.yml: -------------------------------------------------------------------------------- 1 | # Ajenti 1.x admin web panel setup 2 | # http://ajenti.org 3 | # https://support.ajenti.org/knowledge-bases/5/articles/1121-installing-on-ubuntu 4 | --- 5 | 6 | #=== EDIT THIS! ================================================================ 7 | # BE CAREFULL with this or skip Ajenti hosts group at all. Ajenti has root access. 8 | # 9 | _ajenti_email: yourmaile@example.com # your ajenti `root` account email 10 | 11 | # Hash from your actual password using mkpasswd utility 12 | # Ubuntu: sudo apt install whois 13 | # Mac OS: gem install mkpasswd 14 | # Windows: seriously? Go fuck yourself 15 | # 16 | # `mkpasswd -R 656000 -m sha-512` 17 | # and put the whole result string below after `sha512`! 18 | # With incorrectly formatted password Ajenti won't start! 19 | 20 | # WATCH OUT for \n when copy-pasting passwords! 21 | 22 | _ajenti_pw: "sha512|$6$rounds=656000$Nyh1f1NBdp4OssIS$HwvLWXVsNaA9TP2RNjHI0hTpGEgX6Cu8t9t1dibEpJbgf5Uq6QBOeQlBbk6N4eKoXUNm0sYYttnliehd1" 23 | 24 | # example: "sha512|$6$rounds=656000$Nyh1f1NBdp4OssIS$HwvLWXVsNaA9TP2RNpjHI88pS0hTpGEgX6Cu8t9t1dibEpJbgf5Uq6QBOeQlBbk6N4eKoXUNm0sYYttnliehd1" 25 | # 26 | # 27 | # Your ajenti username is `root` 28 | # Your password is whatever you hashed to the string above ↑ 29 | #=============================================================================== 30 | 31 | 32 | _ajenti_host: '0.0.0.0' # ajenti runs localhost 33 | _ajenti_port: 8000 # and available on https://:55770 34 | 35 | -------------------------------------------------------------------------------- /.ansible/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | # Basic configuration applied to all servers in all groups. 2 | # Variables may be overriden in a group specific YAML config. 3 | # 4 | # For example you can have different remote users for different server groups. 5 | # You can even narrow it down to hosts specific vars, but we're aiming 6 | # for simple deploy, right? 7 | # 8 | 9 | --- 10 | _language: en_US.UTF-8 # system LANG, LANGUAGE options 11 | _locale: ru_RU.UTF-8 # system LC_COLLATE, LC_ALL options 12 | _timezone: Europe/Moscow # server's timezone 13 | 14 | _aptupgrade: yes # upgrade APT packages before provisioning 15 | 16 | _remote_user: deploy # linux owner of all app related software and folders 17 | 18 | #== CAREFULL! ================================================================== 19 | # https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module 20 | # 21 | # Hash from your actual password using mkpasswd utility 22 | # Ubuntu: sudo apt install whois 23 | # Mac OS: gem install mkpasswd 24 | # Windows: you serious? Go fuck yourself 25 | # 26 | # `mkpasswd -m sha-512` and put the whole result string below 27 | 28 | _remote_user_sudopass: $6$1SakrGhCNNuOQ9jU$sYtDl/UzdspTUOlzXJ7gtnAlSzOcbesaEWeV0KUMqxnVL8AF6jPLLocJ7MHLv4pRNSh.pT9i2vA9QoFaO1ULu/ 29 | 30 | # You may add system groups user will belong to 31 | # You shouldn't touch amd, sudo groupd 32 | _remote_user_groups: 33 | - adm # adm users will be allowed running `service` without password 34 | - sudo # he can do sudo 35 | 36 | 37 | #=== EDIT THIS! ================================================================ 38 | # List of public SSH keys added to the user (relative or absolute path), 39 | # so owners of correspondent private keys could access the host 40 | # After succeccful keys provisioning SSH PasswordLogin to the host will be disabled 41 | 42 | _remote_user_keys: 43 | - ../templates/ssh/demo_key1.pub 44 | - ../templates/ssh/demo_key2.pub 45 | 46 | #===== PASSENGER-NGINX shared section, here for convenience ==================== 47 | _nginx_user: www-data # nginx system user, usually not changed 48 | 49 | # passenger options for host (see passenger manual) 50 | _passenger_max_pool_size: 10 51 | _passenger_pool_idle_time: 600 52 | _passenger_max_instances_per_app: 5 53 | _passenger_log_level: 3 54 | 55 | _ruby_updategem: yes # run gem update --system after ruby install 56 | 57 | # Additional APT packages needed for your app 58 | _addons: 59 | - nodejs 60 | - imagemagick 61 | - graphicsmagick-libmagick-dev-compat 62 | - git 63 | 64 | # drop default blank nginx virtual host after install 65 | _drop_defhost: no 66 | 67 | #---- MISC: additional options for advanced users (uncomment to activate) ------ 68 | # see misc_book.yml for details 69 | # 70 | # It can be useful to set these options in other groups, for example to tweak 71 | # crontab and Swapfile differently for Postgres and Redis hosts 72 | # 73 | # Customize swapfile settings (see https://github.com/Oefenweb/ansible-swapfile) 74 | swapfile_size: false # 512MB, 1G etc. 75 | #swapfile_swappiness: 10 76 | 77 | # Email to notify about cron tasks execution 78 | # _cron_mailto: techadmin@yourdomain.com 79 | # 80 | # Which python to use on a remote host (if not autodetected) 81 | ansible_python_interpreter: /usr/bin/python3 82 | -------------------------------------------------------------------------------- /.ansible/group_vars/passenger-nginx-app-1.yml: -------------------------------------------------------------------------------- 1 | # Configuration applied to passenger-nginx-app server group. 2 | # 3 | # This host rolls up fresh Passenger-nginx package, sets up ruby, application folders 4 | # and configs 5 | 6 | --- 7 | # system rbenv version to use for rubies install 8 | # remove to skip rbenv and ruby installation 9 | # You can't install rbenv without ruby, they go together 10 | _rbenv: v1.1.1 11 | _ruby: 2.4.4 12 | 13 | 14 | #=== EDIT THIS! ================================================================ 15 | # Rails app options 16 | 17 | # for SSL certificates notifications etc. 18 | _admin_email: admin@example.com 19 | 20 | # no wildcards! 21 | _ssl_domains: 22 | - domains: 23 | - example.com 24 | - sub.example.com 25 | 26 | # Remove if you need only nginx + passenger + rbenv/ruby setup, no apps 27 | _app: { 28 | url: example.com, # app web url 29 | name: example, # internal app name as used in rb files, in capistrano etc. 30 | path: '/home/{{ _remote_user }}/apps/example', # system folder to prepare 31 | logs_path: '/home/{{ _remote_user }}/apps/example/shared/log', # app logs folder 32 | stage: production # apps RAILS_ENV 33 | } 34 | 35 | #=== EDIT THIS! ================================================================ 36 | # Local files to copy on server 37 | # NOTE: defaults here are intended for Capistrano 3 deployment 38 | _copy_files: 39 | - { 40 | src: '../../config/database.yml', 41 | dest: '{{ _app.path }}/shared/config/' 42 | } 43 | 44 | - { 45 | src: '../../config/secrets.yml', 46 | dest: '{{ _app.path }}/shared/config/' 47 | } 48 | # You may copy whatever you need, owner of the files on the host would be _remote_user 49 | 50 | # See `./templates/nginx/` for configs to be applied for Nginx and passenger -------------------------------------------------------------------------------- /.ansible/group_vars/passenger-nginx-app-2.yml: -------------------------------------------------------------------------------- 1 | # Demo config for your second rails app. 2 | # 3 | # NOT ACTUALLY APPLIED unless there is a `passenger-nginx-app-2` 4 | # group is in `hosts.yml` 5 | 6 | --- 7 | _rbenv: v1.1.1 8 | _ruby: 2.4.4 9 | 10 | #=== EDIT THIS! ================================================================ 11 | _app: { 12 | url: staging.example.com, 13 | name: example_staging, 14 | path: '/home/{{ _remote_user }}/apps/example_staging', 15 | logs_path: '/home/{{ _remote_user }}/apps/example_staging/shared/log', 16 | stage: staging 17 | } 18 | 19 | #=== EDIT THIS! ================================================================ 20 | _copy_files: 21 | - { 22 | src: '../../config/database.yml', 23 | dest: '{{ _app.path }}/shared/config/' 24 | } 25 | 26 | - { 27 | src: '../../config/secrets.yml', 28 | dest: '{{ _app.path }}/shared/config/' 29 | } 30 | -------------------------------------------------------------------------------- /.ansible/group_vars/postfix-dkim.yml: -------------------------------------------------------------------------------- 1 | # Standalone "send-only" mode Postfix provisioning with together with OpenDKIM service 2 | --- 3 | #=== EDIT THIS! ================================================================ 4 | # your main server URL for email sending 5 | _server_url: example.com 6 | 7 | # email to receive system linux messages (cron, suspicious logins, critical errors) 8 | _system_emailalias: admin@example.com 9 | 10 | 11 | # If yes - new DKIM keys will be generated on server 12 | # and you'll have to download them and update your DNS records manually 13 | # So I suggest uploading keys from `templates/dkim/keys` for convenience 14 | _dkim_newkeys: no 15 | 16 | #=== EDIT THIS! ================================================================ 17 | # All domain names you gonna send emails From 18 | # You need to set these domains DKIM "mail" DNS records accordingly 19 | # NO subdomains! 20 | # 21 | # You must have all mail.txt, mail.private keys in your `templates/dkim/keys` 22 | # by default 23 | _dkim_domains: 24 | - example.com 25 | - example2.com 26 | 27 | # default options for opendkim service 28 | _dkim_host: inet:12301@localhost 29 | _dkim_milter: inet:localhost:12301 30 | 31 | # 32 | # Check out `templates/dkim` and `templates/postfix_aliases.j2` 33 | # for additional options 34 | 35 | # 2check DKIM 36 | # sendmail check-auth@verifier.port25.com (Ctrl+D to send email) 37 | # 2see hot sendmail queue 38 | # mailq 39 | 40 | 41 | # -------- DKIM keys creation -------------------------------------------------- 42 | # For MacOS recipe see https://superuser.com/questions/677769/generate-dkim-key-on-mountain-lion-os-x 43 | # 44 | # To generate DKIM keys for a domain on Ubuntu machine: 45 | # 1) sudo apt-get install opendkim opendkim-tools 46 | # 2) sudo opendkim-genkey -s mail -d yourdomain.com 47 | # 3) you got 2 files: mail.private, mail.txt 48 | # 4) PROFIT!! 49 | # 50 | # Seek help at 51 | # https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-14-04 52 | # https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy 53 | # https://shamuntoha.wordpress.com/2011/07/07/postfix-cheat-sheet-cheat-code/ -------------------------------------------------------------------------------- /.ansible/group_vars/postgres-1.yml: -------------------------------------------------------------------------------- 1 | # New Postgres cluster setup 2 | # Install is made by anxs.postgresql role + with minor bugfixes 3 | # 4 | # Some options are pubished here for reference, see https://github.com/ANXS/postgresql for details 5 | # 6 | --- 7 | #=== EDIT this! ================================================================ 8 | # Which rails stages databases to rollup for this postgres host 9 | _appstages: 10 | - production 11 | - staging 12 | 13 | # This file can be copied with different options for another host group 14 | # just like we can do for passenger-nginx-app*.yml files 15 | 16 | # Rails app database.yml default path 17 | #_databaseyml_path: ../../config/database.yml 18 | 19 | # Default options for rails app PG user (see Postgres docs) 20 | #_pguser_priveleges: LOGIN,CREATEDB,NOSUPERUSER,NOCREATEROLE,NOREPLICATION 21 | 22 | # Uncomment only if you understand what you're doing (https://unix.stackexchange.com/a/298362) 23 | # or just rely on default of your linux image 24 | # _kernel_shmmax: 1073741824 # (1GB segment) 25 | # _kernel_shmall: 524280 # 2GB/4096 - 8 (4096 `getconf PAGE_SIZE`) 26 | 27 | postgresql_version: 9.6 # PG version 28 | 29 | # System defaults for cluster used if not set 30 | # postgresql_encoding: "UTF-8" 31 | # postgresql_locale: '{{ _locale }}' 32 | # postgresql_ctype: '{{ _locale }}' 33 | 34 | postgresql_admin_user: "postgres" # default pg superuser 35 | postgresql_default_auth_method: "trust" # can login on the same host w/o password 36 | 37 | postgresql_cluster_name: "main" 38 | postgresql_cluster_reset: false # don't touch cluster if already exists! 39 | postgresql_service_enabled: true # register as system service and autostart 40 | 41 | # Install additional libs 42 | postgresql_ext_install_contrib: yes 43 | postgresql_ext_install_dev_headers: yes 44 | 45 | #=== NOTE THIS! ================================================================ 46 | # Read comments carefully, these access options are added to whatever PG provides by default 47 | postgresql_pg_hba_custom: 48 | - { type: local, database: all, user: all, address: "", method: md5, comment: "access for non postres user locally from rails apps etc" } 49 | - { type: host, database: all, user: postgres, address: "0.0.0.0/0", method: md5, comment: "access for postgres user outside the host" } 50 | 51 | #==== WARNING! ================================================================ 52 | # In it's not safe to keep this file with hashed pass in your repo! 53 | # 54 | # Set strong password for postgres superuser IF you need access to cluster 55 | # from another hosts, otherwise — drop the line! 56 | # 57 | # HOW TO MAKE HASHED PASSWORD (it's a bit tricky!) 58 | # 1) choose password for instance QWERTY (don't be an idiot here, ok?) 59 | # 2) on ubuntu run: echo -n QWERTYpostgres | md5sum 60 | # on macos run: echo -n QWERTYpostgres | md5 61 | # (it's your pass + postgres username, yes) 62 | 63 | # on windows: just netflix & chill, bro 64 | # 65 | # 3) you'll get a string like 9df270eb52907fff723d9b8b7436113a 66 | # 4) together with 'md5' prefix it is your password! 67 | # 68 | _postgres_user_pass: md59df270eb52907fff723d9b8b7436113a 69 | 70 | # Hosts PG is accepting connections from, * - from anywhere 71 | postgresql_listen_addresses: 72 | - "*" 73 | 74 | #------------------------------------------------------------------------------- 75 | # Conservative (still reliable) non-default options for less than 1GB free memory 76 | # and VPS low on resources. 77 | # Don't uncomment for dedicated Postgres hosts or powerfull hosts 78 | 79 | #postgresql_max_connections: 50 80 | #postgresql_superuser_reserved_connections: 5 81 | 82 | #postgresql_shared_buffers: 128MB 83 | #postgresql_maintenance_work_mem: 32MB 84 | 85 | #postgresql_vacuum_cost_delay: 20 # 0-100 milliseconds 86 | #postgresql_effective_cache_size: 512MB 87 | #postgresql_random_page_cost: 3.0 # for ssd, 4.0 (max) - for hdd 88 | 89 | #postgresql_max_files_per_process: 300 # min 25 90 | 91 | # logging 92 | #postgresql_client_min_messages: "warning" 93 | 94 | # Seek help at 95 | # https://github.com/ANXS/postgresql 96 | # https://www.postgresql.org/docs/9.6/static/runtime-config.html -------------------------------------------------------------------------------- /.ansible/group_vars/redis.yml: -------------------------------------------------------------------------------- 1 | # Redis install options. 2 | # Redis is installed with this 3rd party role DavidWittman.redis + some minor bugfixing 3 | --- 4 | redis_bind: 127.0.0.1 5 | redis_protected_mode: "yes" 6 | redis_port: 6379 7 | redis_version: 4.0.10 8 | redis_daemonize: "no" 9 | redis_supervised: systemd 10 | redis_syslog_enabled: "no" 11 | 12 | #redis_databases: 5 13 | #redis_maxclients: 1000 14 | #redis_maxmemory: 100mb 15 | #redis_maxmemory_policy: volatile-lfu 16 | 17 | 18 | # Seek help at 19 | # https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-redis-on-ubuntu-16-04 20 | # https://github.com/DavidWittman/ansible-redis -------------------------------------------------------------------------------- /.ansible/group_vars/staticsite-1.yml: -------------------------------------------------------------------------------- 1 | # Configuration applied to passenger-nginx-app server group. 2 | # 3 | # This host rolls up fresh Passenger-nginx package, sets up ruby, application folders 4 | # and configs 5 | 6 | --- 7 | #=== EDIT THIS! ================================================================ 8 | # Middleman/nginx options 9 | 10 | # for SSL certificates notifications etc. 11 | _admin_email: site1@example.com 12 | 13 | # no wildcards! 14 | _ssl_domains: 15 | - domains: 16 | - example.com 17 | - www.example.coom 18 | - help.example.com 19 | 20 | 21 | # Remove if you need only nginx + passenger + rbenv/ruby setup, no apps 22 | _site: { 23 | url: example.com, # app web url 24 | name: example, # internal app name as used in rb files, in logrotates etc. 25 | www_path: '/home/{{ _remote_user }}/apps/example/www', # exposed HTML folder 26 | logs_path: '/home/{{ _remote_user }}/apps/example/log', # nginx access/error logs folder 27 | nginx_config_prefix: '' # optional nginx config filename for sort priority 28 | } 29 | 30 | # See `./templates/nginx/` for configs to be applied for Nginx and passenger -------------------------------------------------------------------------------- /.ansible/hosts.yml: -------------------------------------------------------------------------------- 1 | #=== HOW TO EDIT =============================================================== 2 | # 3 | # hosts: 4 | # XX.XX.XX.XX: 5 | # yourdomain.com: 6 | # 7 | # All your hosts (or the only host) to provision for givern group. 8 | # Group names correspond to specific software to be installed and provisioned 9 | # and are described in README 10 | # 11 | # All groups are provisioned with basic configuration described in group_vars/all.yml 12 | # 13 | # Group specific config is in group_vars/.yml 14 | # 15 | # Be carefull with spaces, it's YAML baby :) 16 | # 17 | # The most simple case: you use the same VPS host for each group — all live together 18 | #=============================================================================== 19 | 20 | all: 21 | children: 22 | passenger-nginx-app-1: 23 | hosts: 24 | XX.XX.XX.XX: 25 | vars: 26 | letsencrypt: yes # wether set up SSL for the host 27 | 28 | staticsite-1: 29 | hosts: 30 | XX.XX.XX.XX: 31 | vars: 32 | letsencrypt: no # wether set up SSL for the host 33 | 34 | #============================================= 35 | # You can add multiple app groups with unique names `passenger-nginx-app-*` 36 | # passenger-nginx-app-2: 37 | # hosts: 38 | # (same host different app | different host another app): 39 | # 40 | # It's also handy for staging rollout. 41 | #============================================= 42 | 43 | postgres-1: 44 | hosts: 45 | yourhost.com: 46 | # XX.XX.XX.XX: 47 | 48 | #=============================================================================== 49 | # You can add multiple postgres groups with unique names `postgres-*` 50 | # with their own unique configs 51 | # 52 | # postgres-2: 53 | # hosts: 54 | # (different host for different app or Rails stage): 55 | #=============================================================================== 56 | 57 | redis: 58 | hosts: 59 | XX.XX.XX.XX: 60 | 61 | postfix-dkim: 62 | hosts: 63 | XX.XX.XX.XX: 64 | 65 | 66 | #============================================== 67 | # To skip a group — drop the all its line, or leave just group name 68 | # Like this (ajenti panel will not be installed): 69 | #============================================== 70 | ajenti: 71 | # hosts: 72 | # 78.46.206.106: 73 | 74 | 75 | # docs: https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | .kitchen/ 3 | .bundle 4 | .vagrant 5 | *.retry 6 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | 5 | provisioner: 6 | name: ansible_playbook 7 | ansible_verbose: true 8 | ansible_verbosity: 2 9 | require_ruby_for_busser: false 10 | require_chef_for_busser: true 11 | hosts: all 12 | 13 | platforms: 14 | - name: ubuntu-14.04 15 | - name: centos-6.7 16 | driver_config: 17 | box: wittman/centos-6.8-ansible 18 | - name: centos-7.3 19 | driver_config: 20 | box: wittman/centos-7.3-ansible 21 | - name: ubuntu-16.04 22 | 23 | suites: 24 | - name: default 25 | - name: logfile 26 | - name: sentinel 27 | - name: checksum 28 | - name: service-name 29 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | env: 6 | - ANSIBLE_VERSION=1.9.4 7 | - ANSIBLE_VERSION=2.1.3 8 | - ANSIBLE_VERSION=latest 9 | 10 | before_install: 11 | - sudo apt-get update -qq 12 | 13 | install: 14 | - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi 15 | - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" 16 | 17 | script: 18 | # Syntax check 19 | - "ansible-playbook -i localhost, test/test_server.yml --syntax-check" 20 | - "ansible-playbook -i localhost, test/test_sentinel.yml --syntax-check" 21 | # Test Redis Server 22 | - "ansible-playbook -i localhost, test/test_server.yml --connection=local --sudo" 23 | # Idempotency check 24 | - > 25 | ansible-playbook -i localhost, test/test_server.yml --connection=local --sudo 26 | | grep -q 'changed=0.*failed=0' 27 | && (echo 'Idempotency: PASS' && exit 0) 28 | || (echo 'Idempotency: FAIL' && exit 1) 29 | # Test Redis Sentinel 30 | - "ansible-playbook -i localhost, test/test_sentinel.yml --connection=local --sudo" 31 | - > 32 | ansible-playbook -i localhost, test/test_sentinel.yml --connection=local --sudo 33 | | grep -q 'changed=0.*failed=0' 34 | && (echo 'Idempotency: PASS' && exit 0) 35 | || (echo 'Idempotency: FAIL' && exit 1) 36 | # Connection test 37 | - "/opt/redis/bin/redis-cli PING" 38 | - "/opt/redis/bin/redis-cli -p 26379 PING" 39 | # Facts syntax check 40 | - > 41 | sudo cat /etc/ansible/facts.d/redis.fact 42 | | python -m json.tool 43 | && (echo 'Facts syntax: PASS' && exit 0) 44 | || (echo 'Facts syntax: FAIL' && exit 1) 45 | # Test all replication components (server, slave, sentinel) 46 | # No idempotency check here (yet) because the sentinel config writes to itself 47 | # after a config is discovered from the Redis server. 48 | - ansible-playbook -i localhost, test/test_all.yml --connection=local --sudo 49 | 50 | notifications: 51 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 52 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | gem "test-kitchen" 4 | gem "kitchen-ansible" 5 | gem "kitchen-vagrant" 6 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | builder (3.2.3) 5 | erubis (2.7.0) 6 | ffi (1.9.21) 7 | gssapi (1.2.0) 8 | ffi (>= 1.0.1) 9 | gyoku (1.3.1) 10 | builder (>= 2.1.2) 11 | httpclient (2.8.3) 12 | kitchen-ansible (0.48.1) 13 | net-ssh (>= 3) 14 | test-kitchen (~> 1.4) 15 | kitchen-vagrant (1.3.0) 16 | test-kitchen (~> 1.4) 17 | little-plugger (1.1.4) 18 | logging (2.2.2) 19 | little-plugger (~> 1.1) 20 | multi_json (~> 1.10) 21 | mixlib-install (3.9.3) 22 | mixlib-shellout 23 | mixlib-versioning 24 | thor 25 | mixlib-shellout (2.3.2) 26 | mixlib-versioning (1.2.2) 27 | multi_json (1.13.1) 28 | net-scp (1.2.1) 29 | net-ssh (>= 2.6.5) 30 | net-ssh (4.2.0) 31 | net-ssh-gateway (1.3.0) 32 | net-ssh (>= 2.6.5) 33 | nori (2.6.0) 34 | rubyntlm (0.6.2) 35 | rubyzip (1.2.1) 36 | test-kitchen (1.20.0) 37 | mixlib-install (~> 3.6) 38 | mixlib-shellout (>= 1.2, < 3.0) 39 | net-scp (~> 1.1) 40 | net-ssh (>= 2.9, < 5.0) 41 | net-ssh-gateway (~> 1.2) 42 | thor (~> 0.19, < 0.19.2) 43 | winrm (~> 2.0) 44 | winrm-elevated (~> 1.0) 45 | winrm-fs (~> 1.1.0) 46 | thor (0.19.1) 47 | winrm (2.2.3) 48 | builder (>= 2.1.2) 49 | erubis (~> 2.7) 50 | gssapi (~> 1.2) 51 | gyoku (~> 1.0) 52 | httpclient (~> 2.2, >= 2.2.0.2) 53 | logging (>= 1.6.1, < 3.0) 54 | nori (~> 2.0) 55 | rubyntlm (~> 0.6.0, >= 0.6.1) 56 | winrm-elevated (1.1.0) 57 | winrm (~> 2.0) 58 | winrm-fs (~> 1.0) 59 | winrm-fs (1.1.1) 60 | erubis (~> 2.7) 61 | logging (>= 1.6.1, < 3.0) 62 | rubyzip (~> 1.1) 63 | winrm (~> 2.0) 64 | 65 | PLATFORMS 66 | ruby 67 | 68 | DEPENDENCIES 69 | kitchen-ansible 70 | kitchen-vagrant 71 | test-kitchen 72 | 73 | BUNDLED WITH 74 | 1.13.6 75 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 David Wittman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## Installation options 3 | redis_version: 2.8.24 4 | redis_install_dir: /opt/redis 5 | redis_dir: /var/lib/redis/{{ redis_port }} 6 | redis_download_url: "http://download.redis.io/releases/redis-{{ redis_version }}.tar.gz" 7 | # Set this to true to validate redis tarball checksum against vars/main.yml 8 | redis_verify_checksum: false 9 | # Set this value to a local path of a tarball to use for installation instead of downloading 10 | redis_tarball: false 11 | # Set this to true to build 32-bit binaries of Redis 12 | redis_make_32bit: false 13 | 14 | redis_user: redis 15 | redis_group: "{{ redis_user }}" 16 | 17 | # The open file limit for Redis/Sentinel 18 | redis_nofile_limit: 16384 19 | 20 | ## Role options 21 | # Configure Redis as a service 22 | # This creates the init scripts for Redis and ensures the process is running 23 | # Also applies for Redis Sentinel 24 | redis_as_service: true 25 | # Add local facts to /etc/ansible/facts.d for Redis 26 | redis_local_facts: true 27 | # Service name 28 | redis_service_name: "redis_{{ redis_port }}" 29 | 30 | ## Networking/connection options 31 | redis_bind: 0.0.0.0 32 | redis_port: 6379 33 | redis_password: false 34 | # Slave replication options 35 | redis_min_slaves_to_write: 0 36 | redis_min_slaves_max_lag: 10 37 | redis_tcp_backlog: 511 38 | redis_tcp_keepalive: 0 39 | # Max connected clients at a time 40 | redis_maxclients: 10000 41 | redis_timeout: 0 42 | # Socket options 43 | # Set socket_path to the desired path to the socket. E.g. /var/run/redis/{{ redis_port }}.sock 44 | redis_socket_path: false 45 | redis_socket_perm: 755 46 | 47 | ## Replication options 48 | # Set slaveof just as you would in redis.conf. (e.g. "redis01 6379") 49 | redis_slaveof: false 50 | # Make slaves read-only. "yes" or "no" 51 | redis_slave_read_only: "yes" 52 | redis_slave_priority: 100 53 | redis_repl_backlog_size: false 54 | 55 | ## Logging 56 | redis_logfile: '""' 57 | # Enable syslog. "yes" or "no" 58 | redis_syslog_enabled: "yes" 59 | redis_syslog_ident: "{{ redis_service_name }}" 60 | # Syslog facility. Must be USER or LOCAL0-LOCAL7 61 | redis_syslog_facility: USER 62 | 63 | ## General configuration 64 | redis_daemonize: "yes" 65 | redis_pidfile: /var/run/redis/{{ redis_port }}.pid 66 | # Number of databases to allow 67 | redis_databases: 16 68 | redis_loglevel: notice 69 | # Log queries slower than this many milliseconds. -1 to disable 70 | redis_slowlog_log_slower_than: 10000 71 | # Maximum number of slow queries to save 72 | redis_slowlog_max_len: 128 73 | # Redis memory limit (e.g. 4294967296, 4096mb, 4gb) 74 | redis_maxmemory: false 75 | redis_maxmemory_policy: noeviction 76 | redis_rename_commands: [] 77 | 78 | # the file name for the RDB Backup 79 | redis_db_filename: "dump.rdb" 80 | 81 | # How frequently to snapshot the database to disk 82 | # e.g. "900 1" => 900 seconds if at least 1 key changed 83 | redis_save: 84 | - 900 1 85 | - 300 10 86 | - 60 10000 87 | redis_stop_writes_on_bgsave_error: "yes" 88 | redis_rdbcompression: "yes" 89 | redis_rdbchecksum: "yes" 90 | redis_appendonly: "no" 91 | redis_appendfilename: "appendonly.aof" 92 | redis_appendfsync: "everysec" 93 | redis_no_appendfsync_on_rewrite: "no" 94 | redis_auto_aof_rewrite_percentage: "100" 95 | redis_auto_aof_rewrite_min_size: "64mb" 96 | redis_notify_keyspace_events: '""' 97 | 98 | ## Redis sentinel configs 99 | # Set this to true on a host to configure it as a Sentinel 100 | redis_sentinel: false 101 | redis_sentinel_dir: /var/lib/redis/sentinel_{{ redis_sentinel_port }} 102 | redis_sentinel_bind: 0.0.0.0 103 | redis_sentinel_port: 26379 104 | redis_sentinel_pidfile: /var/run/redis/sentinel_{{ redis_sentinel_port }}.pid 105 | redis_sentinel_logfile: '""' 106 | redis_sentinel_syslog_ident: sentinel_{{ redis_sentinel_port }} 107 | redis_sentinel_monitors: 108 | - name: master01 109 | host: localhost 110 | port: 6379 111 | quorum: 2 112 | auth_pass: ant1r3z 113 | down_after_milliseconds: 30000 114 | parallel_syncs: 1 115 | failover_timeout: 180000 116 | notification_script: false 117 | client_reconfig_script: false 118 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "restart redis {{ redis_port }}" 3 | service: 4 | name: redis_{{ redis_port }} 5 | state: restarted 6 | when: redis_as_service 7 | 8 | - name: "restart sentinel {{ redis_sentinel_port }}" 9 | service: 10 | name: sentinel_{{ redis_sentinel_port }} 11 | state: restarted 12 | when: redis_as_service 13 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Fri Jul 27 16:01:43 2018', version: 1.2.5} 2 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: David Wittman 4 | description: Highly configurable role to install Redis and Redis Sentinel from source 5 | min_ansible_version: 1.9.0 6 | license: MIT 7 | platforms: 8 | - name: Ubuntu 9 | versions: 10 | - all 11 | - name: Debian 12 | versions: 13 | - all 14 | - name: EL 15 | versions: 16 | - 6 17 | - name: SLES 18 | versions: 19 | - 11 20 | - 12 21 | categories: 22 | - database 23 | - database:nosql 24 | 25 | dependencies: [] 26 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/check_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Checksums for Ansible 1.x must be sha256 3 | - name: check for checksum (ansible 1.x) 4 | fail: 5 | msg: > 6 | A sha256 checksum must be provided for Ansible 1.x when 7 | redis_verify_checksum is set to true. 8 | when: 9 | - ansible_version.major < 2 10 | - redis_verify_checksum|bool 11 | - redis_checksum is not defined or redis_checksum|length != 64 12 | 13 | - name: check for checksum (ansible 2.x) 14 | fail: 15 | msg: > 16 | There is no sha1 checksum defined for version {{ redis_version }} in 17 | vars/main.yml. Set redis_checksum manually or submit a PR to add this 18 | version. 19 | when: 20 | - ansible_version.major >= 2 21 | - redis_verify_checksum|bool 22 | - redis_checksum is not defined 23 | - redis_version not in redis_checksums 24 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/dependencies.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install debian dependencies 3 | apt: 4 | pkg: "{{ item }}" 5 | update_cache: yes 6 | cache_valid_time: 86400 7 | state: present 8 | with_items: 9 | - gcc 10 | - make 11 | - libc6-dev 12 | # This should be `else omit`, but it fails on Ansible 1.x, so just duplicate gcc 13 | - "{{ 'libc6-dev-i386' if redis_make_32bit|bool else 'gcc' }}" 14 | when: ansible_os_family == "Debian" 15 | 16 | - name: install redhat dependencies 17 | yum: 18 | name: "{{ item }}" 19 | state: present 20 | with_items: 21 | - gcc 22 | - make 23 | when: ansible_os_family == "RedHat" 24 | 25 | # Conditionally install the i686 build of libgcc if we are building 32-bit 26 | # It must be version-locked with x64 libgcc, so use 'latest' to update libgcc first 27 | # Otherwise you get a version mismatch error from yum when installing. 28 | - name: update libgcc on rhel for 32-bit dependencies 29 | yum: 30 | name: libgcc 31 | state: latest 32 | when: ansible_os_family == "RedHat" and redis_make_32bit|bool 33 | 34 | - name: install redhat 32-bit dependencies 35 | yum: 36 | name: "{{ item }}" 37 | state: latest 38 | with_items: 39 | - libgcc.i686 40 | - glibc-devel.i686 41 | when: ansible_os_family == "RedHat" and redis_make_32bit|bool 42 | 43 | - name: install suse dependencies 44 | zypper: 45 | name: "{{ item }}" 46 | state: present 47 | with_items: 48 | - gcc 49 | - make 50 | # This should be `else omit`, but it fails on Ansible 1.x, so just duplicate gcc 51 | - "{{ 'gcc-32bit' if redis_make_32bit|bool else 'gcc' }}" 52 | - "{{ 'libgcc_s1-32bit' if redis_make_32bit|bool else 'gcc' }}" 53 | when: ansible_os_family == 'Suse' 54 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/download.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # get_url on Ansible 1.x only supports sha256 checksumming, so we're only 4 | # using `redis_checksums` on Ansible 2.x because they're sha1. 5 | - name: set redis checksum 6 | set_fact: 7 | redis_checksum: "{{ 'sha1' if redis_checksums[redis_version]|length == 40 else 'sha256' }}:{{ redis_checksums[redis_version] }}" 8 | when: 9 | - redis_verify_checksum|bool 10 | - redis_checksum is not defined 11 | - redis_version in redis_checksums 12 | - ansible_version.major >= 2 13 | 14 | - name: download redis (ansible 1.x) 15 | get_url: 16 | url: "{{ redis_download_url }}" 17 | dest: /usr/local/src/redis-{{ redis_version }}.tar.gz 18 | sha256sum: "{{ redis_checksum|default(omit) }}" 19 | when: 20 | - not redis_tarball 21 | - ansible_version.major < 2 22 | 23 | - name: download redis (ansible 2.x) 24 | get_url: 25 | url: "{{ redis_download_url }}" 26 | dest: /usr/local/src/redis-{{ redis_version }}.tar.gz 27 | checksum: "{{ redis_checksum|default(omit) }}" 28 | when: 29 | - not redis_tarball 30 | - ansible_version.major >= 2 31 | 32 | - name: upload redis 33 | copy: 34 | src: "{{ redis_tarball }}" 35 | dest: /usr/local/src/redis-{{ redis_version }}.tar.gz 36 | when: redis_tarball|default(false) 37 | 38 | - name: extract redis tarball 39 | unarchive: 40 | src: /usr/local/src/redis-{{ redis_version }}.tar.gz 41 | dest: /usr/local/src 42 | creates: /usr/local/src/redis-{{ redis_version }}/Makefile 43 | copy: no 44 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable overcommit in sysctl 3 | sysctl: 4 | name: vm.overcommit_memory 5 | value: 1 6 | state: present 7 | reload: yes 8 | ignoreerrors: yes 9 | when: redis_travis_ci is not defined 10 | 11 | - name: compile redis 12 | command: make -j{{ ansible_processor_cores|default(1) + 1 }}{{ ' 32bit' if redis_make_32bit|bool else '' }} 13 | args: 14 | chdir: /usr/local/src/redis-{{ redis_version }} 15 | creates: /usr/local/src/redis-{{ redis_version }}/src/redis-server 16 | 17 | - name: create redis install directory 18 | file: 19 | path: "{{ redis_install_dir }}" 20 | state: directory 21 | 22 | - name: create /etc/redis 23 | file: 24 | path: /etc/redis 25 | state: directory 26 | 27 | - name: check if redis user exists (ignore errors) 28 | command: id {{ redis_user }} 29 | ignore_errors: yes 30 | changed_when: false 31 | register: user_exists 32 | 33 | - name: add redis group 34 | group: 35 | name: "{{ redis_group }}" 36 | state: present 37 | when: user_exists|failed 38 | 39 | - name: add redis user 40 | user: 41 | name: "{{ redis_user }}" 42 | group: "{{ redis_group }}" 43 | comment: "Redis" 44 | home: "{{ redis_install_dir }}" 45 | shell: /bin/false 46 | system: yes 47 | when: user_exists|failed 48 | 49 | - name: create /var/run/redis 50 | file: 51 | path: /var/run/redis 52 | state: directory 53 | owner: "{{ redis_user }}" 54 | 55 | - name: install redis 56 | command: make PREFIX={{ redis_install_dir }} install 57 | args: 58 | chdir: /usr/local/src/redis-{{ redis_version }} 59 | creates: "{{ redis_install_dir }}/bin/redis-server" 60 | 61 | - name: list redis binaries to add to alternatives 62 | command: ls -1 {{ redis_install_dir }}/bin 63 | register: redis_binaries 64 | changed_when: false 65 | 66 | - name: add redis binaries to alternatives 67 | alternatives: 68 | name: "{{ item }}" 69 | path: "{{ redis_install_dir }}/bin/{{ item }}" 70 | link: "/usr/bin/{{ item }}" 71 | with_items: "{{ redis_binaries.stdout_lines }}" 72 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/local_facts.yml: -------------------------------------------------------------------------------- 1 | - name: create facts directory 2 | file: 3 | path: /etc/ansible/facts.d 4 | state: directory 5 | 6 | - name: create redis facts 7 | template: 8 | src: etc/ansible/facts.d/redis.fact.j2 9 | dest: /etc/ansible/facts.d/redis.fact 10 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: check_vars.yml 3 | 4 | - include: download.yml 5 | tags: 6 | - download 7 | 8 | - include: dependencies.yml 9 | tags: 10 | - install 11 | 12 | - include: install.yml 13 | tags: 14 | - install 15 | 16 | - include: server.yml 17 | when: not redis_sentinel 18 | tags: 19 | - config 20 | 21 | - include: sentinel.yml 22 | when: redis_sentinel 23 | tags: 24 | - config 25 | 26 | - include: local_facts.yml 27 | when: redis_local_facts|bool 28 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/sentinel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create sentinel working directory 3 | file: 4 | path: "{{ redis_sentinel_dir }}" 5 | state: directory 6 | recurse: yes 7 | owner: "{{ redis_user }}" 8 | 9 | - name: create sentinel init script 10 | template: 11 | src: "{{ item }}" 12 | dest: /etc/init.d/sentinel_{{ redis_sentinel_port }} 13 | mode: 0755 14 | # Choose the distro-specific template. We must specify the templates 15 | # path here because with_first_found tries to find files in files/ 16 | with_first_found: 17 | - files: 18 | - "{{ ansible_os_family }}/redis_sentinel.init.j2" 19 | - default/redis_sentinel.init.j2 20 | paths: 21 | - ../templates 22 | when: redis_as_service and ansible_service_mgr|default() != "systemd" 23 | 24 | - name: create sentinel systemd service 25 | template: 26 | src: "{{ item }}" 27 | dest: /etc/systemd/system/sentinel_{{ redis_sentinel_port }}.service 28 | mode: 0644 29 | with_first_found: 30 | - files: 31 | - "{{ ansible_os_family }}/redis_sentinel.service.j2" 32 | - default/redis_sentinel.service.j2 33 | paths: 34 | - ../templates 35 | register: sentinel_unit_file 36 | when: redis_as_service and ansible_service_mgr|default() == "systemd" 37 | 38 | - name: create systemd tmpfiles configuration 39 | template: 40 | src: etc/tmpfiles.d/redis.conf.j2 41 | dest: /etc/tmpfiles.d/redis.conf 42 | mode: 0644 43 | when: 44 | - redis_as_service 45 | - ansible_service_mgr|default() == "systemd" 46 | - (redis_sentinel_pidfile|dirname).startswith("/var/run") or (redis_sentinel_pidfile|dirname).startswith("/run") 47 | 48 | - name: reload systemd daemon 49 | command: systemctl daemon-reload 50 | when: 51 | - redis_as_service 52 | - ansible_service_mgr|default() == "systemd" 53 | - sentinel_unit_file|changed 54 | 55 | - name: set sentinel to start at boot 56 | service: 57 | name: sentinel_{{ redis_sentinel_port }} 58 | enabled: yes 59 | when: redis_as_service 60 | 61 | # Check then create log dir to prevent aggressively overwriting permissions 62 | - name: check if sentinel log directory exists 63 | stat: 64 | path: "{{ redis_sentinel_logfile|dirname }}" 65 | register: sentinel_logdir 66 | changed_when: false 67 | when: redis_sentinel_logfile != '""' 68 | 69 | - name: create sentinel log directory if it does not exist 70 | file: 71 | state: directory 72 | path: "{{ redis_sentinel_logfile|dirname }}" 73 | owner: "{{ redis_user }}" 74 | group: "{{ redis_group }}" 75 | when: 76 | - redis_sentinel_logfile != '""' 77 | - not sentinel_logdir.stat.exists 78 | 79 | - name: touch the sentinel log file 80 | file: 81 | state: touch 82 | path: "{{ redis_sentinel_logfile }}" 83 | owner: "{{ redis_user }}" 84 | group: "{{ redis_group }}" 85 | when: redis_sentinel_logfile != '""' 86 | 87 | - name: check if sentinel pid directory exists 88 | stat: 89 | path: "{{ redis_sentinel_pidfile|dirname }}" 90 | register: sentinel_piddir 91 | changed_when: false 92 | when: redis_sentinel_pidfile != '""' 93 | 94 | - name: create sentinel pid directory if it does not exist 95 | file: 96 | state: directory 97 | path: "{{ redis_sentinel_pidfile|dirname }}" 98 | owner: "{{ redis_user }}" 99 | group: "{{ redis_group }}" 100 | when: 101 | - redis_sentinel_pidfile != '""' 102 | - not sentinel_piddir.stat.exists 103 | 104 | - name: create sentinel config file 105 | template: 106 | src: redis_sentinel.conf.j2 107 | dest: /etc/redis/sentinel_{{ redis_sentinel_port }}.conf 108 | owner: "{{ redis_user }}" 109 | mode: 0640 110 | notify: "restart sentinel {{ redis_sentinel_port }}" 111 | 112 | - name: add sentinel init config file 113 | template: 114 | dest: /etc/sysconfig/sentinel_{{ redis_sentinel_port }} 115 | src: redis.init.conf.j2 116 | when: ansible_os_family == "RedHat" 117 | notify: "restart sentinel {{ redis_sentinel_port }}" 118 | 119 | - name: add sentinel init config file 120 | template: 121 | dest: /etc/default/sentinel_{{ redis_sentinel_port }} 122 | src: redis.init.conf.j2 123 | when: ansible_os_family == "Debian" 124 | notify: "restart sentinel {{ redis_sentinel_port }}" 125 | 126 | # Flush handlers before ensuring the service is started to prevent 127 | # a start and then restart 128 | - name: flush handlers to apply config changes 129 | meta: flush_handlers 130 | 131 | - name: ensure sentinel is running 132 | service: 133 | name: sentinel_{{ redis_sentinel_port }} 134 | state: started 135 | when: redis_as_service 136 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/tasks/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create redis working directory 3 | file: 4 | path: "{{ redis_dir }}" 5 | state: directory 6 | recurse: yes 7 | owner: "{{ redis_user }}" 8 | 9 | - name: create redis init script 10 | template: 11 | src: "{{ item }}" 12 | dest: /etc/init.d/{{ redis_service_name }} 13 | mode: 0755 14 | # Choose the distro-specific template. We must specify the templates 15 | # path here because with_first_found tries to find files in files/ 16 | with_first_found: 17 | - files: 18 | - "{{ ansible_os_family }}/redis.init.j2" 19 | - default/redis.init.j2 20 | paths: 21 | - ../templates 22 | when: redis_as_service and ansible_service_mgr|default() != "systemd" 23 | 24 | - name: create redis systemd service 25 | template: 26 | src: "{{ item }}" 27 | dest: /etc/systemd/system/{{ redis_service_name }}.service 28 | mode: 0644 29 | with_first_found: 30 | - files: 31 | - "{{ ansible_os_family }}/redis.service.j2" 32 | - default/redis.service.j2 33 | paths: 34 | - ../templates 35 | register: redis_unit_file 36 | when: redis_as_service and ansible_service_mgr|default() == "systemd" 37 | 38 | - name: create systemd tmpfiles configuration 39 | template: 40 | src: etc/tmpfiles.d/redis.conf.j2 41 | dest: /etc/tmpfiles.d/redis.conf 42 | mode: 0644 43 | when: 44 | - redis_as_service 45 | - ansible_service_mgr|default() == 'systemd' 46 | - (redis_pidfile|dirname).startswith('/var/run') or (redis_pidfile|dirname).startswith('/run') 47 | 48 | - name: reload systemd daemon 49 | command: systemctl daemon-reload 50 | when: 51 | - redis_as_service 52 | - ansible_service_mgr|default() == "systemd" 53 | - redis_unit_file|changed 54 | 55 | - name: set redis to start at boot 56 | service: 57 | name: "{{ redis_service_name }}" 58 | enabled: yes 59 | when: redis_as_service 60 | 61 | # Check then create log dir to prevent aggressively overwriting permissions 62 | - name: check if log directory exists 63 | stat: 64 | path: "{{ redis_logfile|dirname }}" 65 | register: logdir 66 | changed_when: false 67 | when: redis_logfile != '""' 68 | 69 | - name: create log directory if it does not exist 70 | file: 71 | state: directory 72 | path: "{{ redis_logfile|dirname }}" 73 | owner: "{{ redis_user }}" 74 | group: "{{ redis_group }}" 75 | when: 76 | - redis_logfile != '""' 77 | - not logdir.stat.exists 78 | 79 | - name: touch the log file 80 | file: 81 | state: touch 82 | path: "{{ redis_logfile }}" 83 | owner: "{{ redis_user }}" 84 | group: "{{ redis_group }}" 85 | when: redis_logfile != '""' 86 | 87 | - name: check if pid directory exists 88 | stat: 89 | path: "{{ redis_pidfile|dirname }}" 90 | register: piddir 91 | changed_when: false 92 | when: redis_pidfile != '""' 93 | 94 | - name: create pid directory if it does not exist 95 | file: 96 | state: directory 97 | path: "{{ redis_pidfile|dirname }}" 98 | owner: "{{ redis_user }}" 99 | group: "{{ redis_group }}" 100 | when: 101 | - redis_pidfile != '""' 102 | - not piddir.stat.exists 103 | 104 | - name: create redis config file 105 | template: 106 | src: redis.conf.j2 107 | dest: /etc/redis/{{ redis_port }}.conf 108 | owner: "{{ redis_user }}" 109 | mode: 0640 110 | notify: "restart redis {{ redis_port }}" 111 | 112 | - name: add redis init config file 113 | template: 114 | dest: /etc/sysconfig/{{ redis_service_name }} 115 | src: redis.init.conf.j2 116 | mode: 0600 117 | when: ansible_os_family == "RedHat" 118 | notify: "restart redis {{ redis_port }}" 119 | 120 | - name: add redis init config file 121 | template: 122 | dest: /etc/default/{{ redis_service_name }} 123 | src: redis.init.conf.j2 124 | mode: 0600 125 | when: ansible_os_family == "Debian" 126 | notify: "restart redis {{ redis_port }}" 127 | 128 | # Flush handlers before ensuring the service is started to prevent 129 | # a start and then restart 130 | - name: flush handlers to apply config changes 131 | meta: flush_handlers 132 | 133 | - name: ensure redis is running 134 | service: 135 | name: "{{ redis_service_name }}" 136 | state: started 137 | when: redis_as_service 138 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/Debian/redis.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Redis init script for Debian-based distros 4 | # 5 | # 6 | ### BEGIN INIT INFO 7 | # Provides: redis_{{ redis_port }} 8 | # Required-Start: $network $local_fs $remote_fs 9 | # Required-Stop: $network $local_fs $remote_fs 10 | # Default-Start: 2 3 4 5 11 | # Default-Stop: 0 1 6 12 | # Should-Start: $syslog $named 13 | # Should-Stop: $syslog $named 14 | # Short-Description: Start and stop redis_{{ redis_port }} 15 | # Description: Redis key-value store 16 | ### END INIT INFO 17 | 18 | # Source the Linux Standard Base functions 19 | . /lib/lsb/init-functions 20 | 21 | REDIS_PORT={{ redis_port }} 22 | NAME=redis_${REDIS_PORT} 23 | DAEMON={{ redis_install_dir }}/bin/redis-server 24 | PIDFILE={{ redis_pidfile }} 25 | PIDFILE_DIR=$(dirname "${PIDFILE}") 26 | 27 | REDIS_USER={{ redis_user }} 28 | CONF="/etc/redis/${REDIS_PORT}.conf" 29 | CLIEXEC="{{ redis_install_dir }}/bin/redis-cli -p ${REDIS_PORT}" 30 | 31 | if [ -r /etc/default/redis_${REDIS_PORT} ]; then 32 | . /etc/default/redis_${REDIS_PORT} 33 | fi 34 | 35 | if [ -n "$REDIS_PASSWORD" ]; then 36 | CLIEXEC="${CLIEXEC} -a ${REDIS_PASSWORD}" 37 | fi 38 | 39 | if [ -n "$BIND_ADDRESS" ]; then 40 | CLIEXEC="${CLIEXEC} -h ${BIND_ADDRESS}" 41 | fi 42 | 43 | case "$1" in 44 | start) 45 | if [ -f "$PIDFILE" ]; then 46 | status_of_proc -p "$PIDFILE" $DAEMON "$NAME process" && return 0 47 | fi 48 | 49 | if [ -n "$NOFILE_LIMIT" ]; then 50 | ulimit -n $NOFILE_LIMIT 51 | fi 52 | 53 | if [ ! -d "$PIDFILE_DIR" ]; then 54 | mkdir "$PIDFILE_DIR" 55 | chown ${REDIS_USER}:${REDIS_USER} "$PIDFILE_DIR" 56 | chmod 0755 "$PIDFILE_DIR" 57 | fi 58 | 59 | log_daemon_msg "Starting $NAME..." 60 | if start-stop-daemon --start -q --oknodo -p "$PIDFILE" -c $REDIS_USER --exec $DAEMON -- $CONF; then 61 | log_end_msg 0 62 | else 63 | log_end_msg 1 64 | fi 65 | ;; 66 | stop) 67 | if [ -f "$PIDFILE" ]; then 68 | PID=$(cat "$PIDFILE") 69 | log_daemon_msg "Stopping $NAME..." 70 | $CLIEXEC shutdown 71 | while [ -x /proc/${PID} ]; do 72 | log_daemon_msg "Waiting for Redis to shutdown ..." 73 | sleep 1 74 | done 75 | log_end_msg 0 76 | else 77 | log_daemon_msg "$NAME is not running" 78 | log_end_msg 0 79 | fi 80 | ;; 81 | status) 82 | status_of_proc -p "$PIDFILE" $DAEMON "$NAME" && exit 0 || exit $? 83 | ;; 84 | restart|force-reload) 85 | ${0} stop 86 | ${0} start 87 | ;; 88 | *) 89 | echo "Usage: /etc/init.d/$NAME {start|stop|status|restart|force-reload}" >&2 90 | exit 1 91 | ;; 92 | esac 93 | 94 | exit 0 95 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/Debian/redis_sentinel.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Redis init script for Debian-based distros 4 | # 5 | # 6 | ### BEGIN INIT INFO 7 | # Provides: sentinel_{{ redis_sentinel_port }} 8 | # Required-Start: $network $local_fs $remote_fs 9 | # Required-Stop: $network $local_fs $remote_fs 10 | # Default-Start: 2 3 4 5 11 | # Default-Stop: 0 1 6 12 | # Should-Start: $syslog $named 13 | # Should-Stop: $syslog $named 14 | # Short-Description: Start and stop sentinel_{{ redis_sentinel_port }} 15 | # Description: Redis Sentinel monitor 16 | ### END INIT INFO 17 | 18 | # Source the Linux Standard Base functions 19 | . /lib/lsb/init-functions 20 | 21 | SENTINEL_PORT={{ redis_sentinel_port }} 22 | NAME="sentinel_${SENTINEL_PORT}" 23 | DAEMON={{ redis_install_dir }}/bin/redis-server 24 | PIDFILE={{ redis_sentinel_pidfile }} 25 | PIDFILE_DIR=$(dirname "${PIDFILE}") 26 | 27 | REDIS_USER={{ redis_user }} 28 | CONF="/etc/redis/sentinel_${SENTINEL_PORT}.conf" 29 | CLIEXEC="{{ redis_install_dir }}/bin/redis-cli -p ${SENTINEL_PORT}" 30 | 31 | if [ -r /etc/default/sentinel_${SENTINEL_PORT} ]; then 32 | . /etc/default/sentinel_${SENTINEL_PORT} 33 | fi 34 | 35 | if [ -n "$REDIS_PASSWORD" ]; then 36 | CLIEXEC="${CLIEXEC} -a ${REDIS_PASSWORD}" 37 | fi 38 | 39 | if [ -n "$BIND_ADDRESS" ]; then 40 | CLIEXEC="${CLIEXEC} -h ${BIND_ADDRESS}" 41 | fi 42 | 43 | case "$1" in 44 | start) 45 | if [ -f "$PIDFILE" ]; then 46 | status_of_proc -p "$PIDFILE" $DAEMON "$NAME process" && return 0 47 | fi 48 | 49 | if [ -n "$NOFILE_LIMIT" ]; then 50 | ulimit -n $NOFILE_LIMIT 51 | fi 52 | 53 | if [ ! -d "$PIDFILE_DIR" ]; then 54 | mkdir "$PIDFILE_DIR" 55 | chown ${REDIS_USER}:${REDIS_USER} "$PIDFILE_DIR" 56 | chmod 0755 "$PIDFILE_DIR" 57 | fi 58 | 59 | log_daemon_msg "Starting $NAME..." 60 | if start-stop-daemon --start -q --oknodo -p "$PIDFILE" -c $REDIS_USER --exec $DAEMON -- $CONF --sentinel; then 61 | log_end_msg 0 62 | else 63 | log_end_msg 1 64 | fi 65 | ;; 66 | stop) 67 | if [ -f "$PIDFILE" ]; then 68 | PID=$(cat "$PIDFILE") 69 | log_daemon_msg "Stopping $NAME..." 70 | $CLIEXEC shutdown 71 | while [ -x /proc/${PID} ]; do 72 | log_daemon_msg "Waiting for Redis Sentinel to shutdown ..." 73 | sleep 1 74 | done 75 | log_end_msg 0 76 | else 77 | log_daemon_msg "$NAME is not running" 78 | log_end_msg 0 79 | fi 80 | ;; 81 | status) 82 | status_of_proc -p "$PIDFILE" $DAEMON "$NAME" && exit 0 || exit $? 83 | ;; 84 | restart|force-reload) 85 | ${0} stop 86 | ${0} start 87 | ;; 88 | *) 89 | echo "Usage: /etc/init.d/$NAME {start|stop|status|restart|force-reload}" >&2 90 | exit 1 91 | ;; 92 | esac 93 | 94 | exit 0 95 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/RedHat/redis.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Simple Redis init.d script for RHEL-based distros 4 | # 5 | # chkconfig: - 58 74 6 | # description: Redis key-value store 7 | # 8 | # Source function library 9 | . /etc/init.d/functions 10 | 11 | REDIS_PORT={{ redis_port }} 12 | NAME="redis_${REDIS_PORT}" 13 | 14 | if [ -r /etc/sysconfig/redis_${REDIS_PORT} ]; then 15 | . /etc/sysconfig/redis_${REDIS_PORT} 16 | fi 17 | 18 | REDIS_USER={{ redis_user }} 19 | PIDFILE={{ redis_pidfile }} 20 | CONF="/etc/redis/${REDIS_PORT}.conf" 21 | EXEC={{ redis_install_dir }}/bin/redis-server 22 | CLIEXEC="{{ redis_install_dir }}/bin/redis-cli -p ${REDIS_PORT}" 23 | 24 | if [ -n "$REDIS_PASSWORD" ]; then 25 | CLIEXEC="${CLIEXEC} -a ${REDIS_PASSWORD}" 26 | fi 27 | 28 | if [ -n "$BIND_ADDRESS" ]; then 29 | CLIEXEC="${CLIEXEC} -h ${BIND_ADDRESS}" 30 | fi 31 | 32 | case "$1" in 33 | start) 34 | if [ -f $PIDFILE ] 35 | then 36 | echo "$PIDFILE exists, process is already running or crashed" 37 | else 38 | if [ -n "$NOFILE_LIMIT" ]; then 39 | ulimit -n $NOFILE_LIMIT 40 | fi 41 | echo "Starting Redis server..." 42 | daemon --user $REDIS_USER $EXEC $CONF 43 | fi 44 | ;; 45 | stop) 46 | if [ ! -f $PIDFILE ] 47 | then 48 | echo "$PIDFILE does not exist, process is not running" 49 | else 50 | PID=$(cat $PIDFILE) 51 | echo "Stopping ..." 52 | $CLIEXEC shutdown 53 | while [ -x /proc/${PID} ] 54 | do 55 | echo "Waiting for Redis to shutdown ..." 56 | sleep 1 57 | done 58 | echo "Redis stopped" 59 | fi 60 | ;; 61 | status) 62 | status -p "${PIDFILE}" "redis_${REDIS_PORT}" 63 | ;; 64 | restart|force-reload) 65 | ${0} stop 66 | ${0} start 67 | ;; 68 | *) 69 | echo "Usage: /etc/init.d/$NAME {start|stop|status|restart|force-reload}" >&2 70 | exit 1 71 | ;; 72 | esac 73 | 74 | exit 0 75 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/RedHat/redis_sentinel.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Redis Sentinel init script for RHEL-based distros 4 | # 5 | # chkconfig: - 58 74 6 | # description: Redis Sentinel monitor 7 | # 8 | # Source function library 9 | . /etc/init.d/functions 10 | 11 | SENTINEL_PORT={{ redis_sentinel_port }} 12 | NAME="sentinel_${SENTINEL_PORT}" 13 | 14 | if [ -r /etc/sysconfig/sentinel_${SENTINEL_PORT} ]; then 15 | . /etc/sysconfig/sentinel_${SENTINEL_PORT} 16 | fi 17 | 18 | REDIS_USER={{ redis_user }} 19 | BIND_ADDRESS={{ redis_sentinel_bind }} 20 | PIDFILE={{ redis_sentinel_pidfile }} 21 | CONF="/etc/redis/sentinel_${SENTINEL_PORT}.conf" 22 | EXEC={{ redis_install_dir }}/bin/redis-server 23 | CLIEXEC="{{ redis_install_dir }}/bin/redis-cli -p ${SENTINEL_PORT}" 24 | 25 | if [ -n "$REDIS_PASSWORD" ]; then 26 | CLIEXEC="${CLIEXEC} -a ${REDIS_PASSWORD}" 27 | fi 28 | 29 | if [ -n "$BIND_ADDRESS" ]; then 30 | CLIEXEC="${CLIEXEC} -h ${BIND_ADDRESS}" 31 | fi 32 | 33 | case "$1" in 34 | start) 35 | if [ -f $PIDFILE ] 36 | then 37 | echo "$PIDFILE exists, process is already running or crashed" 38 | else 39 | if [ -n "$NOFILE_LIMIT" ]; then 40 | ulimit -n $NOFILE_LIMIT 41 | fi 42 | echo "Starting Redis Sentinel..." 43 | daemon --user $REDIS_USER $EXEC $CONF --sentinel 44 | fi 45 | ;; 46 | stop) 47 | if [ ! -f $PIDFILE ] 48 | then 49 | echo "$PIDFILE does not exist, process is not running" 50 | else 51 | PID=$(cat $PIDFILE) 52 | echo "Stopping ..." 53 | $CLIEXEC shutdown 54 | while [ -x /proc/${PID} ] 55 | do 56 | echo "Waiting for Redis Sentinel to shutdown ..." 57 | sleep 1 58 | done 59 | echo "Redis stopped" 60 | fi 61 | ;; 62 | status) 63 | status -p "${PIDFILE}" "sentinel_${SENTINEL_PORT}" 64 | ;; 65 | restart|force-reload) 66 | ${0} stop 67 | ${0} start 68 | ;; 69 | *) 70 | echo "Usage: /etc/init.d/$NAME {start|stop|status|restart|force-reload}" >&2 71 | exit 1 72 | ;; 73 | esac 74 | 75 | exit 0 76 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/default/redis.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Simple Redis init.d script conceived to work on Linux systems 4 | # as it does use of the /proc filesystem. 5 | 6 | REDIS_PORT={{ redis_port }} 7 | REDIS_USER={{ redis_user }} 8 | EXEC={{ redis_install_dir }}/bin/redis-server 9 | {% if redis_password -%} 10 | CLIEXEC='{{ redis_install_dir }}/bin/redis-cli -a {{ redis_password }}' 11 | {% else -%} 12 | CLIEXEC={{ redis_install_dir }}/bin/redis-cli 13 | {% endif %} 14 | 15 | PIDFILE={{ redis_pidfile }} 16 | CONF="/etc/redis/${REDIS_PORT}.conf" 17 | 18 | case "$1" in 19 | start) 20 | if [ -f $PIDFILE ] 21 | then 22 | echo "$PIDFILE exists, process is already running or crashed" 23 | else 24 | ulimit -n {{ redis_nofile_limit }} 25 | echo "Starting Redis server..." 26 | su $REDIS_USER -c "$EXEC $CONF" 27 | fi 28 | ;; 29 | stop) 30 | if [ ! -f $PIDFILE ] 31 | then 32 | echo "$PIDFILE does not exist, process is not running" 33 | else 34 | PID=$(cat $PIDFILE) 35 | echo "Stopping ..." 36 | $CLIEXEC -p $REDIS_PORT shutdown 37 | while [ -x /proc/${PID} ] 38 | do 39 | echo "Waiting for Redis to shutdown ..." 40 | sleep 1 41 | done 42 | echo "Redis stopped" 43 | fi 44 | ;; 45 | restart|force-reload) 46 | ${0} stop 47 | ${0} start 48 | ;; 49 | *) 50 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 51 | exit 1 52 | ;; 53 | esac 54 | 55 | exit 0 56 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/default/redis.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Redis In-memory Store 3 | After=network.target 4 | Documentation=http://redis.io/documentation, man:redis-server(1) 5 | 6 | [Service] 7 | Type={{ 'forking' if redis_daemonize == 'yes' else 'simple' }} 8 | ExecStart={{ redis_install_dir }}/bin/redis-server /etc/redis/{{ redis_port }}.conf 9 | EnvironmentFile=-/etc/default/redis_{{ redis_port }} 10 | PIDFile={{ redis_pidfile }} 11 | TimeoutStopSec=0 12 | Restart=always 13 | User={{ redis_user }} 14 | Group={{ redis_group }} 15 | 16 | UMask=007 17 | PrivateTmp=yes 18 | LimitNOFILE={{ redis_nofile_limit }} 19 | PrivateDevices=yes 20 | ProtectHome=yes 21 | ReadOnlyDirectories=/ 22 | ReadWriteDirectories=-{{ redis_dir }} 23 | {% if redis_logfile != '""' %} 24 | ReadWriteDirectories=-{{ redis_logfile|dirname }} 25 | {% endif %} 26 | ReadWriteDirectories=-{{ redis_pidfile|dirname }} 27 | CapabilityBoundingSet=~CAP_SYS_PTRACE 28 | 29 | # redis-server writes its own config file when in cluster mode so we allow 30 | # writing there (NB. ProtectSystem=true over ProtectSystem=full) 31 | ProtectSystem=true 32 | ReadWriteDirectories=-/etc/redis 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/default/redis_sentinel.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Simple Redis Sentinel init.d script conceived to work on 4 | # Linux systems as it does use of the /proc filesystem. 5 | 6 | SENTINEL_PORT={{ redis_sentinel_port }} 7 | REDIS_USER={{ redis_user }} 8 | BIND_ADDRESS={{ redis_sentinel_bind }} 9 | EXEC={{ redis_install_dir }}/bin/redis-server 10 | {% if redis_password -%} 11 | CLIEXEC='{{ redis_install_dir }}/bin/redis-cli -a {{ redis_password }}' 12 | {% else -%} 13 | CLIEXEC={{ redis_install_dir }}/bin/redis-cli 14 | {% endif %} 15 | 16 | PIDFILE={{ redis_sentinel_pidfile }} 17 | CONF="/etc/redis/sentinel_${SENTINEL_PORT}.conf" 18 | 19 | case "$1" in 20 | start) 21 | if [ -f $PIDFILE ] 22 | then 23 | echo "$PIDFILE exists, process is already running or crashed" 24 | else 25 | ulimit -n {{ redis_nofile_limit }} 26 | echo "Starting Redis Sentinel..." 27 | su $REDIS_USER -c "$EXEC $CONF --sentinel" 28 | fi 29 | ;; 30 | stop) 31 | if [ ! -f $PIDFILE ] 32 | then 33 | echo "$PIDFILE does not exist, process is not running" 34 | else 35 | PID=$(cat $PIDFILE) 36 | echo "Stopping ..." 37 | $CLIEXEC -p $SENTINEL_PORT -h $BIND_ADDRESS shutdown 38 | while [ -x /proc/${PID} ] 39 | do 40 | echo "Waiting for Redis Sentinel to shutdown ..." 41 | sleep 1 42 | done 43 | echo "Redis stopped" 44 | fi 45 | ;; 46 | restart|force-reload) 47 | ${0} stop 48 | ${0} start 49 | ;; 50 | *) 51 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 52 | exit 1 53 | ;; 54 | esac 55 | 56 | exit 0 57 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/default/redis_sentinel.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Advanced key-value store 3 | After=network.target 4 | Documentation=http://redis.io/documentation, man:redis-sentinel(1) 5 | 6 | [Service] 7 | Type={{ 'forking' if redis_daemonize == 'yes' else 'simple' }} 8 | ExecStart={{ redis_install_dir }}/bin/redis-server /etc/redis/sentinel_{{ redis_sentinel_port }}.conf --sentinel 9 | EnvironmentFile=-/etc/default/sentinel_{{ redis_sentinel_port }} 10 | PIDFile={{ redis_sentinel_pidfile }} 11 | TimeoutStopSec=0 12 | Restart=always 13 | User={{ redis_user }} 14 | Group={{ redis_group }} 15 | 16 | UMask=007 17 | PrivateTmp=yes 18 | LimitNOFILE={{ redis_nofile_limit }} 19 | PrivateDevices=yes 20 | ProtectHome=yes 21 | ReadOnlyDirectories=/ 22 | ReadWriteDirectories=-{{ redis_sentinel_dir }} 23 | {% if redis_sentinel_logfile != '""' %} 24 | ReadWriteDirectories=-{{ redis_sentinel_logfile|dirname }} 25 | {% endif %} 26 | ReadWriteDirectories=-{{ redis_sentinel_pidfile|dirname }} 27 | CapabilityBoundingSet=~CAP_SYS_PTRACE 28 | 29 | # redis-sentinel writes its own config file so we allow writing there (NB. 30 | # ProtectSystem=true over ProtectSystem=full) 31 | ProtectSystem=true 32 | ReadWriteDirectories=-/etc/redis 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/etc/ansible/facts.d/redis.fact.j2: -------------------------------------------------------------------------------- 1 | { 2 | "bind": "{{ redis_bind }}", 3 | "port": "{{ redis_port }}", 4 | "sentinel_bind": "{{ redis_sentinel_bind }}", 5 | "sentinel_port": "{{ redis_sentinel_port }}", 6 | "sentinel_monitors": {{ redis_sentinel_monitors | to_nice_json }} 7 | } 8 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/etc/tmpfiles.d/redis.conf.j2: -------------------------------------------------------------------------------- 1 | d {{ redis_pidfile|dirname }} 0755 {{ redis_user }} {{ redis_group }} 2 | {% if redis_pidfile|dirname != redis_sentinel_pidfile|dirname -%} 3 | d {{ redis_sentinel_pidfile|dirname }} 0755 {{ redis_user }} {{ redis_group }} 4 | {% endif -%} 5 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/redis.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | # General 4 | daemonize {{ redis_daemonize }} 5 | pidfile {{ redis_pidfile }} 6 | dir {{ redis_dir }} 7 | port {{ redis_port }} 8 | bind {{ redis_bind }} 9 | protected-mode {{ redis_protected_mode }} 10 | 11 | {% if redis_socket_path -%} 12 | unixsocket {{ redis_socket_path }} 13 | unixsocketperm {{ redis_socket_perm }} 14 | {% endif -%} 15 | timeout {{ redis_timeout }} 16 | tcp-keepalive {{ redis_tcp_keepalive }} 17 | tcp-backlog {{ redis_tcp_backlog }} 18 | loglevel {{ redis_loglevel }} 19 | logfile {{ redis_logfile }} 20 | syslog-enabled {{ redis_syslog_enabled }} 21 | syslog-ident {{ redis_syslog_ident }} 22 | syslog-facility {{ redis_syslog_facility }} 23 | databases {{ redis_databases }} 24 | 25 | supervised {{ redis_supervised }} 26 | 27 | 28 | # Snapshotting 29 | {% for save in redis_save -%} 30 | save {{ save }} 31 | {% endfor -%} 32 | stop-writes-on-bgsave-error {{ redis_stop_writes_on_bgsave_error|string }} 33 | rdbcompression {{ redis_rdbcompression|string }} 34 | rdbchecksum {{ redis_rdbchecksum|string }} 35 | dbfilename {{ redis_db_filename|string }} 36 | 37 | # Replication 38 | {% if redis_slaveof -%} 39 | slaveof {{ redis_slaveof }} 40 | {% endif -%} 41 | slave-serve-stale-data yes 42 | slave-read-only {{ redis_slave_read_only }} 43 | repl-disable-tcp-nodelay no 44 | {% if redis_repl_backlog_size -%} 45 | repl-backlog-size {{ redis_repl_backlog_size }} 46 | {% endif -%} 47 | slave-priority {{ redis_slave_priority }} 48 | {% if redis_min_slaves_to_write -%} 49 | min-slaves-to-write {{ redis_min_slaves_to_write }} 50 | {% endif -%} 51 | {% if redis_min_slaves_max_lag -%} 52 | min-slaves-max-lag {{ redis_min_slaves_max_lag }} 53 | {% endif -%} 54 | {% if redis_password -%} 55 | masterauth {{ redis_password }} 56 | {% endif -%} 57 | 58 | # Security 59 | {% if redis_password -%} 60 | requirepass {{ redis_password }} 61 | {% endif -%} 62 | {% for command in redis_rename_commands -%} 63 | rename-command {{ command }} 64 | {% endfor -%} 65 | 66 | # Limits 67 | maxclients {{ redis_maxclients }} 68 | {% if redis_maxmemory -%} 69 | maxmemory {{ redis_maxmemory }} 70 | {% endif -%} 71 | maxmemory-policy {{ redis_maxmemory_policy }} 72 | 73 | # Append Only Mode 74 | appendonly {{ redis_appendonly }} 75 | appendfilename "{{ redis_appendfilename }}" 76 | appendfsync {{ redis_appendfsync|string }} 77 | no-appendfsync-on-rewrite {{ redis_no_appendfsync_on_rewrite }} 78 | auto-aof-rewrite-percentage {{ redis_auto_aof_rewrite_percentage }} 79 | auto-aof-rewrite-min-size {{ redis_auto_aof_rewrite_min_size }} 80 | 81 | # Lua 82 | lua-time-limit 5000 83 | 84 | # Slow Log 85 | slowlog-log-slower-than {{ redis_slowlog_log_slower_than }} 86 | slowlog-max-len {{ redis_slowlog_max_len }} 87 | 88 | # Event Notification 89 | notify-keyspace-events {{ redis_notify_keyspace_events }} 90 | 91 | # Advanced 92 | hash-max-ziplist-entries 512 93 | hash-max-ziplist-value 64 94 | list-max-ziplist-entries 512 95 | list-max-ziplist-value 64 96 | set-max-intset-entries 512 97 | zset-max-ziplist-entries 128 98 | zset-max-ziplist-value 64 99 | activerehashing yes 100 | client-output-buffer-limit normal 0 0 0 101 | client-output-buffer-limit slave 256mb 64mb 60 102 | client-output-buffer-limit pubsub 32mb 8mb 60 103 | hz 10 104 | aof-rewrite-incremental-fsync yes 105 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/redis.init.conf.j2: -------------------------------------------------------------------------------- 1 | # Init script variables for Redis and Redis Sentinel 2 | # Stored in /etc/{sysconfig,default}/{redis,sentinel}_$port 3 | 4 | {% if redis_password %} 5 | REDIS_PASSWORD='{{ redis_password }}' 6 | {% endif %} 7 | NOFILE_LIMIT='{{ redis_nofile_limit }}' 8 | {% if redis_sentinel %} 9 | BIND_ADDRESS='{{ redis_sentinel_bind.split()[0] }}' 10 | {% else %} 11 | BIND_ADDRESS='{{ redis_bind.split()[0] }}' 12 | {% endif %} 13 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/templates/redis_sentinel.conf.j2: -------------------------------------------------------------------------------- 1 | # redis-sentinel {{ redis_version }} configuration file 2 | # sentinel_{{ redis_sentinel_port }}.conf 3 | 4 | daemonize {{ redis_daemonize }} 5 | dir {{ redis_sentinel_dir }} 6 | pidfile {{ redis_sentinel_pidfile }} 7 | port {{ redis_sentinel_port }} 8 | bind {{ redis_sentinel_bind }} 9 | 10 | {% for master in redis_sentinel_monitors -%} 11 | sentinel monitor {{ master.name }} {{ master.host }} {{ master.port }} {{ master.quorum|d('2') }} 12 | {% for option in ('auth_pass', 'down_after_milliseconds', 'parallel_syncs', 'failover_timeout', 'notification_script', 'client_reconfig_script') -%} 13 | {% if master[option] is defined and master[option] -%} 14 | sentinel {{ option|replace('_', '-') }} {{ master.name }} {{ master[option] }} 15 | {% endif %} 16 | {% endfor -%} 17 | 18 | {% endfor -%} 19 | 20 | logfile {{ redis_sentinel_logfile }} 21 | syslog-enabled {{ redis_syslog_enabled }} 22 | syslog-ident {{ redis_sentinel_syslog_ident }} 23 | syslog-facility {{ redis_syslog_facility }} 24 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/checksum/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | vars: 4 | redis_verify_checksum: true 5 | redis_version: 3.0.7 6 | pre_tasks: 7 | - name: set checksum value for Ansible 1.x 8 | set_fact: 9 | redis_checksum: b2a791c4ea3bb7268795c45c6321ea5abcc24457178373e6a6e3be6372737f23 10 | when: ansible_version.major < 2 11 | roles: 12 | - ansible-redis 13 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/checksum/serverspec/redis_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'Redis' do 4 | describe service('redis_6379') do 5 | it { should be_enabled } 6 | it { should be_running } 7 | end 8 | 9 | describe port(6379) do 10 | it { should be_listening.on('0.0.0.0').with('tcp') } 11 | end 12 | 13 | describe file('/etc/redis/6379.conf') do 14 | it { should be_file } 15 | it { should be_owned_by 'redis' } 16 | its(:content) { should match /port 6379/ } 17 | end 18 | 19 | describe file('/var/run/redis/6379.pid') do 20 | it { should be_file } 21 | it { should be_owned_by 'redis' } 22 | its(:size) { should > 0 } 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/checksum/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | set :backend, :exec 3 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/default/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - ansible-redis 5 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/default/serverspec/redis_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'Redis' do 4 | describe service('redis_6379') do 5 | it { should be_enabled } 6 | it { should be_running } 7 | end 8 | 9 | describe port(6379) do 10 | it { should be_listening.on('0.0.0.0').with('tcp') } 11 | end 12 | 13 | describe file('/etc/redis/6379.conf') do 14 | it { should be_file } 15 | it { should be_owned_by 'redis' } 16 | its(:content) { should match /port 6379/ } 17 | end 18 | 19 | describe file('/var/run/redis/6379.pid') do 20 | it { should be_file } 21 | it { should be_owned_by 'redis' } 22 | its(:size) { should > 0 } 23 | end 24 | 25 | describe file('/proc/sys/vm/overcommit_memory') do 26 | it { should be_file } 27 | it { should contain '1' } 28 | end 29 | 30 | describe file('/usr/bin/redis-server') do 31 | it { should be_symlink } 32 | end 33 | 34 | describe file('/usr/bin/redis-cli') do 35 | it { should be_symlink } 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/default/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | set :backend, :exec 3 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/logfile/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - role: ansible-redis 5 | redis_logfile: "/var/log/redis.log" 6 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/logfile/serverspec/log_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'Redis' do 4 | describe service('redis_6379') do 5 | it { should be_enabled } 6 | it { should be_running } 7 | end 8 | 9 | describe port(6379) do 10 | it { should be_listening.with('tcp') } 11 | end 12 | 13 | describe file('/var/log/redis.log') do 14 | it { should be_file } 15 | it { should be_owned_by 'redis' } 16 | its(:size) { should > 0 } 17 | end 18 | 19 | describe file('/var/log') do 20 | it { should be_directory } 21 | it { should_not be_owned_by('redis') } 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/logfile/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | set :backend, :exec 3 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/sentinel/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - role: ansible-redis 5 | redis_sentinel: true 6 | redis_sentinel_logfile: "/var/log/redis_sentinel.log" 7 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/sentinel/serverspec/sentinel_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'Redis' do 4 | describe service('sentinel_26379') do 5 | it { should be_enabled } 6 | it { should be_running } 7 | end 8 | 9 | describe port(26379) do 10 | it { should be_listening.on('0.0.0.0').with('tcp') } 11 | end 12 | 13 | describe file('/etc/redis/sentinel_26379.conf') do 14 | it { should be_file } 15 | it { should be_owned_by 'redis' } 16 | its(:content) { should match /port 26379/ } 17 | end 18 | 19 | describe file('/var/run/redis/sentinel_26379.pid') do 20 | it { should be_file } 21 | it { should be_owned_by 'redis' } 22 | its(:size) { should > 0 } 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/sentinel/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | set :backend, :exec 3 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/service-name/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - role: ansible-redis 5 | redis_service_name: redis 6 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/service-name/serverspec/redis_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'Redis' do 4 | describe service('redis') do 5 | it { should be_enabled } 6 | it { should be_running } 7 | end 8 | 9 | describe port(6379) do 10 | it { should be_listening.on('0.0.0.0').with('tcp') } 11 | end 12 | 13 | describe file('/etc/redis/6379.conf') do 14 | it { should be_file } 15 | it { should be_owned_by 'redis' } 16 | its(:content) { should match /port 6379/ } 17 | end 18 | 19 | describe file('/var/run/redis/6379.pid') do 20 | it { should be_file } 21 | it { should be_owned_by 'redis' } 22 | its(:size) { should > 0 } 23 | end 24 | 25 | describe file('/proc/sys/vm/overcommit_memory') do 26 | it { should be_file } 27 | it { should contain '1' } 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/integration/service-name/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | set :backend, :exec 3 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/test_all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Test for all replication components of Redis 3 | # We're using non-standard ports here so they don't conflict with other 4 | # tests on Travis. 5 | - hosts: all 6 | remote_user: root 7 | vars: 8 | redis_version: 3.0.7 9 | redis_password: ant1r3z 10 | redis_travis_ci: true 11 | roles: 12 | - role: ../../ansible-redis 13 | redis_port: 7379 14 | 15 | - role: ../../ansible-redis 16 | redis_port: 8379 17 | redis_slaveof: 127.0.0.1 7379 18 | redis_local_facts: false 19 | 20 | - role: ../../ansible-redis 21 | redis_sentinel: true 22 | redis_sentinel_port: 27379 23 | redis_sentinel_monitors: 24 | - name: master01 25 | host: 127.0.0.1 26 | port: 7379 27 | quorum: 1 28 | auth_pass: "{{ redis_password }}" 29 | redis_local_facts: false 30 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/test_sentinel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | vars: 5 | redis_travis_ci: true 6 | redis_sentinel: true 7 | redis_sentinel_monitors: 8 | - name: master01 9 | host: localhost 10 | port: 6379 11 | roles: 12 | - ../../ansible-redis 13 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/test/test_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | vars: 5 | redis_travis_ci: true 6 | roles: 7 | - ../../ansible-redis 8 | -------------------------------------------------------------------------------- /.ansible/roles/DavidWittman.redis/vars/main.yml: -------------------------------------------------------------------------------- 1 | # From https://github.com/antirez/redis-hashes 2 | # Generate with: 3 | # $ curl -s https://raw.githubusercontent.com/antirez/redis-hashes/master/README | gawk '/^hash/ { print gensub(/redis-(.*)\.tar\.gz/, "\\1", "g", $2) ": " $4 }' 4 | redis_checksums: 5 | 2.8.0-rc5: bd27589b71a0b406b982485051f32b7c40c9d2c1 6 | 2.8.0-rc6: d13db76145a9844e2a3302f561e907056f9e21a0 7 | 2.8.0: 41fd86128995f06502954dd6d6269c22f5e389f7 8 | 2.8.1: 1bb493318ff6c0c87334eb95640b89a16e4357d8 9 | 2.8.2: 3be038b9d095ce3dece7918aae810d14fe770400 10 | 2.6.17: b5423e1c423d502074cbd0b21bd4e820409d2003 11 | 2.8.3: a751371eeed5f5f02965eb34d989c1963dd8d8c7 12 | 2.8.4: 79b156cc9d8bff5a022fdc6d28d5c42999ddcb4f 13 | 2.8.5: f0eb48609ff66ead3c7f06bbe8a8dd1aa7341b73 14 | 2.8.6: 8680046580c75987961241f2e1e417c242b91a49 15 | 2.8.7: acc369093ec74223e6da207921595187f7e64998 16 | 2.8.8: aa811f399db58c92c8ec5e48271d307e9ab8eb81 17 | 2.8.9: 003ccdc175816e0a751919cf508f1318e54aac1e 18 | 2.8.10: 339ddf82e01a16ad912d1c1d59b02f3fab58d9d9 19 | 2.8.11: 3e3a4603781514f239f040287d3ef1097eb02a76 20 | 2.8.12: 56c86a4f9eccaf29f934433c7c67a175e404b2f6 21 | 2.8.13: a72925a35849eb2d38a1ea076a3db82072d4ee43 22 | 2.8.14: fd0edc045f2b53057d7f6ab38e2fe99086c87e8d 23 | 2.8.15: afc0d753cea68a26038775df2dea75a76e3d0e1d 24 | 2.8.16: 198045c8291dd832788ac8a17d2e565752499942 25 | 2.8.17: 913479f9d2a283bfaadd1444e17e7bab560e5d1e 26 | 3.0.0-rc1: f0934db86791e32053f8b21ddec5965793edff19 27 | 2.8.18: 129629262fea2bc60daa542f52457e65e6aa7fd5 28 | 2.8.19: 3e362f4770ac2fdbdce58a5aa951c1967e0facc8 29 | 3.0.0: c75fd32900187a7c9f9d07c412ea3b3315691c65 30 | 2.8.20: 45f134113fb3d75b8c37f7968e46565a70800091 31 | 3.0.1: fe1d06599042bfe6a0e738542f302ce9533dde88 32 | 2.8.21: 52f619d3d301fc7ae498a1d4cb4d44ecebc5b0f9 33 | 3.0.2: a38755fe9a669896f7c5d8cd3ebbf76d59712002 34 | 3.0.3: 0e2d7707327986ae652df717059354b358b83358 35 | 3.0.4: cccc58b2b8643930840870f17280fcae57ed7675 36 | 2.8.22: 78a70b32cdd3a4ccc58880d1821fb828d091bb36 37 | 2.8.23: 828fc5d4011e6141fabb2ad6ebc193e8f0d08cfa 38 | 3.0.5: ad3ee178c42bfcfd310c72bbddffbbe35db9b4a6 39 | 3.0.6: 4b1c7b1201984bca8f7f9c6c58862f6928cf0a25 40 | 3.0.7: e56b4b7e033ae8dbf311f9191cf6fdf3ae974d1c 41 | 3.2.0: 0c1820931094369c8cc19fc1be62f598bc5961ca 42 | 3.2.1: 26c0fc282369121b4e278523fce122910b65fbbf 43 | 3.2.2: 3141be9757532139f445bd5f6f4fae293bc33d27 44 | 3.2.3: 92d6d93ef2efc91e595c8bf578bf72baff397507 45 | 3.2.4: f0fe685cbfdb8c2d8c74613ad8a5a5f33fba40c9 46 | 3.2.5: 6f6333db6111badaa74519d743589ac4635eba7a 47 | 3.2.6: 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b 48 | 3.2.7: 6889af053020cd72ebb16805ead0ce9b3a69a9ef 49 | 3.2.8: 6780d1abb66f33a97aad0edbe020403d0a15b67f 50 | 3.2.9: 6eaacfa983b287e440d0839ead20c2231749d5d6b78bbe0e0ffa3a890c59ff26 51 | 4.0.0: d539ae309295721d5c3ed7298939645b6f86ab5d25fdf2a0352ab575c159df2d 52 | 4.0.1: 2049cd6ae9167f258705081a6ef23bb80b7eff9ff3d0d7481e89510f27457591 53 | 3.2.10: 411c604a716104f7f5a326abfad32de9cea10f15f987bec45cf86f315e9e63a0 54 | 4.0.2: b1a0915dbc91b979d06df1977fe594c3fa9b189f1f3d38743a2948c9f7634813 55 | 3.2.11: 31ae927cab09f90c9ca5954aab7aeecc3bb4da6087d3d12ba0a929ceb54081b5 56 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/.gitignore: -------------------------------------------------------------------------------- 1 | # OS generated files # 2 | ###################### 3 | .DS_Store 4 | .DS_Store? 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | Icon? 9 | ehthumbs.db 10 | Thumbs.db 11 | 12 | # IDE files # 13 | ################# 14 | /.settings 15 | /.buildpath 16 | /.project 17 | /nbproject 18 | *.komodoproject 19 | *.kpf 20 | /.idea 21 | 22 | # Vagrant files # 23 | .virtualbox/ 24 | .vagrant/ 25 | vagrant_ansible_inventory_* 26 | ansible.cfg 27 | 28 | # Other files # 29 | ############### 30 | !empty 31 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | dist: trusty 4 | 5 | language: python 6 | python: "2.7" 7 | 8 | env: 9 | - ANSIBLE_VERSION=latest 10 | - ANSIBLE_VERSION=2.5.5 11 | - ANSIBLE_VERSION=2.5.4 12 | - ANSIBLE_VERSION=2.5.3 13 | - ANSIBLE_VERSION=2.5.2 14 | - ANSIBLE_VERSION=2.5.1 15 | - ANSIBLE_VERSION=2.5.0 16 | - ANSIBLE_VERSION=2.4.5.0 17 | - ANSIBLE_VERSION=2.4.4.0 18 | - ANSIBLE_VERSION=2.4.3.0 19 | - ANSIBLE_VERSION=2.4.2.0 20 | - ANSIBLE_VERSION=2.4.1.0 21 | - ANSIBLE_VERSION=2.4.0.0 22 | - ANSIBLE_VERSION=2.3.3.0 23 | - ANSIBLE_VERSION=2.3.2.0 24 | - ANSIBLE_VERSION=2.3.1.0 25 | - ANSIBLE_VERSION=2.3.0.0 26 | - ANSIBLE_VERSION=2.2.3.0 27 | - ANSIBLE_VERSION=2.2.2.0 28 | - ANSIBLE_VERSION=2.2.1.0 29 | - ANSIBLE_VERSION=2.2.0.0 30 | 31 | branches: 32 | only: 33 | - master 34 | 35 | before_install: 36 | - sudo apt-get update -qq 37 | 38 | install: 39 | # Install Ansible. 40 | - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi 41 | - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi 42 | 43 | script: 44 | # Check the role/playbook's syntax. 45 | - ansible-playbook -i tests/inventory tests/test.yml --syntax-check 46 | 47 | # Run the role/playbook with ansible-playbook. 48 | - ansible-playbook -i tests/inventory tests/test.yml -vvvv 49 | 50 | # Run the role/playbook again, checking to make sure it's idempotent. 51 | - > 52 | ansible-playbook -i tests/inventory tests/test.yml 53 | | grep -q 'changed=0.*failed=0' 54 | && (echo 'Idempotence test: pass' && exit 0) 55 | || (echo 'Idempotence test: fail' && exit 1) 56 | 57 | - if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml || true; fi 58 | 59 | notifications: 60 | email: false 61 | hipchat: 62 | rooms: 63 | secure: SivIIyIfrzgQ/crgx9+JLxNhMGCGX/SggBkR59GdBx7tKjLKUReqHuG0NvJd6m0sYgaJqWVYnpXThwWPa7+k+PvisVf/RrfKWzmfK11WZctgq9JDZxrNnHROVgrNvoVKebD/pj0ZtLaMff+ECmBkRGnurFbIMXhT6StxHlPqiEE= 64 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 65 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | MAINTAINER Mischa ter Smitten 3 | 4 | # python 5 | RUN apt-get update && \ 6 | DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \ 7 | apt-get clean 8 | RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python - 9 | RUN rm -rf $HOME/.cache 10 | 11 | # ansible 12 | RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \ 13 | apt-get clean 14 | RUN pip install ansible==2.3.2.0 15 | RUN rm -rf $HOME/.cache 16 | 17 | # provision 18 | COPY . /etc/ansible/roles/ansible-role 19 | WORKDIR /etc/ansible/roles/ansible-role 20 | RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local 21 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) Oefenweb.nl 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is furnished 8 | to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/README.md: -------------------------------------------------------------------------------- 1 | ## swapfile 2 | 3 | [![Build Status](https://travis-ci.org/Oefenweb/ansible-swapfile.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-swapfile) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-swapfile-blue.svg)](https://galaxy.ansible.com/tersmitten/swapfile) 4 | 5 | Ansible role to manage a swap file in Debian-like systems. 6 | 7 | #### Requirements 8 | 9 | * `fallocate` (will be installed) 10 | 11 | ## Variables 12 | 13 | * `swapfile_size`: [default: `1G`, `false` to do nothing]: The size of the swap file to create in the format that `fallocate` expects: The length and offset arguments may be followed by binary (2^N) suffixes KiB, MiB, GiB, TiB, PiB and EiB (the "iB" is optional, e.g. "K" has the same meaning as "KiB") or decimal (10^N) suffixes KB, MB, GB, PB and EB. 14 | * `swapfile_swappiness`: [optional]: The swappiness percentage (`vm.swappiness`) -- the lower it is, the less your system swaps memory pages 15 | * `swapfile_vfs_cache_pressure`: [optional]: This percentage value controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects 16 | 17 | ## Dependencies 18 | 19 | None 20 | 21 | #### Example 22 | 23 | ```yaml 24 | - hosts: all 25 | roles: 26 | - swapfile 27 | ``` 28 | 29 | or: 30 | 31 | ```yaml 32 | - hosts: all 33 | roles: 34 | - role: swapfile 35 | swapfile_size: 1GB 36 | swapfile_swappiness: 10 37 | ``` 38 | 39 | #### License 40 | 41 | MIT 42 | 43 | #### Author Information 44 | 45 | Mischa ter Smitten (based on work of [kamaln7](https://github.com/kamaln7)) 46 | 47 | #### Feedback, bug-reports, requests, ... 48 | 49 | Are [welcome](https://github.com/Oefenweb/ansible-swapfile/issues)! 50 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby ts=2 sw=2 tw=0 et : 3 | 4 | role = File.basename(File.expand_path(File.dirname(__FILE__))) 5 | 6 | boxes = [ 7 | { 8 | :name => "ubuntu-1204", 9 | :box => "bento/ubuntu-12.04", 10 | :ip => '10.0.0.11', 11 | :cpu => "50", 12 | :ram => "256" 13 | }, 14 | { 15 | :name => "ubuntu-1404", 16 | :box => "bento/ubuntu-14.04", 17 | :ip => '10.0.0.12', 18 | :cpu => "50", 19 | :ram => "256" 20 | }, 21 | { 22 | :name => "ubuntu-1604", 23 | :box => "bento/ubuntu-16.04", 24 | :ip => '10.0.0.13', 25 | :cpu => "50", 26 | :ram => "256" 27 | }, 28 | { 29 | :name => "debian-7", 30 | :box => "bento/debian-7", 31 | :ip => '10.0.0.14', 32 | :cpu => "50", 33 | :ram => "256" 34 | }, 35 | { 36 | :name => "debian-8", 37 | :box => "bento/debian-8", 38 | :ip => '10.0.0.15', 39 | :cpu => "50", 40 | :ram => "256" 41 | }, 42 | { 43 | :name => "debian-9", 44 | :box => "bento/debian-9", 45 | :ip => '10.0.0.16', 46 | :cpu => "50", 47 | :ram => "256" 48 | }, 49 | ] 50 | 51 | Vagrant.configure("2") do |config| 52 | boxes.each do |box| 53 | config.vm.define box[:name] do |vms| 54 | vms.vm.box = box[:box] 55 | vms.vm.hostname = "ansible-#{role}-#{box[:name]}" 56 | 57 | vms.vm.provider "virtualbox" do |v| 58 | v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]] 59 | v.customize ["modifyvm", :id, "--memory", box[:ram]] 60 | end 61 | 62 | vms.vm.network :private_network, ip: box[:ip] 63 | 64 | vms.vm.provision :ansible do |ansible| 65 | ansible.playbook = "tests/vagrant.yml" 66 | ansible.verbose = "vv" 67 | end 68 | end 69 | end 70 | end 71 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # defaults file for swapfile 2 | --- 3 | swapfile_size: 1G 4 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/files/empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aristofun/ansible-rails-books/ed4185dc54821790ffbf542e6fd1a1c259a6df95/.ansible/roles/Oefenweb.swapfile/files/empty -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for swapfile 2 | --- 3 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sat Jul 28 08:24:37 2018', version: v2.0.7} 2 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/meta/main.yml: -------------------------------------------------------------------------------- 1 | # meta file for hostname 2 | --- 3 | galaxy_info: 4 | author: Mischa ter Smitten 5 | company: Oefenweb.nl B.V. 6 | description: Manage a swap file in Debian-like systems 7 | license: MIT 8 | min_ansible_version: 2.2.0.0 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - precise 13 | - trusty 14 | - xenial 15 | - name: Debian 16 | versions: 17 | - wheezy 18 | - jessie 19 | - stretch 20 | galaxy_tags: 21 | - system 22 | dependencies: [] 23 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # tasks file for swapfile 2 | --- 3 | - name: install dependencies 4 | apt: 5 | name: "{{ item }}" 6 | state: "{{ apt_install_state | default('latest') }}" 7 | update_cache: true 8 | cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}" 9 | with_items: "{{ swapfile_dependencies }}" 10 | tags: 11 | - configuration 12 | - swapfile 13 | - swapfile-install 14 | - swapfile-install-dependencies 15 | 16 | - block: 17 | 18 | - name: write swap file 19 | command: fallocate -l {{ swapfile_size }} {{ swapfile_file }} 20 | args: 21 | creates: "{{ swapfile_file }}" 22 | register: _write_swapfile 23 | tags: 24 | - swapfile-write-file 25 | 26 | - name: set swap file permissions 27 | file: 28 | path: "{{ swapfile_file }}" 29 | owner: root 30 | group: root 31 | mode: 0600 32 | tags: 33 | - swapfile-set-file-permissions 34 | 35 | - name: create swap file 36 | command: mkswap {{ swapfile_file }} 37 | register: _create_swapfile 38 | when: _write_swapfile.changed 39 | tags: 40 | - swapfile-mkswap 41 | 42 | - name: enable swapfile 43 | command: swapon {{ swapfile_file }} 44 | when: _create_swapfile.changed 45 | tags: 46 | - swapfile-enable-swapfile 47 | 48 | - name: add swapfile to /etc/fstab 49 | mount: 50 | name: none 51 | src: "{{ swapfile_file }}" 52 | fstype: swap 53 | opts: sw 54 | passno: '0' 55 | dump: '0' 56 | state: present 57 | tags: 58 | - swapfile-fstab 59 | 60 | when: swapfile_size != false 61 | tags: 62 | - configuration 63 | - swapfile 64 | 65 | - name: configure vm.swappiness 66 | sysctl: 67 | name: vm.swappiness 68 | value: "{{ swapfile_swappiness }}" 69 | reload: true 70 | state: present 71 | when: swapfile_swappiness is defined 72 | tags: 73 | - configuration 74 | - swapfile 75 | - swapfile-vm-swappiness 76 | 77 | - name: configure vm.vfs_cache_pressure 78 | sysctl: 79 | name: vm.vfs_cache_pressure 80 | value: "{{ swapfile_vfs_cache_pressure }}" 81 | reload: true 82 | state: present 83 | when: swapfile_vfs_cache_pressure is defined 84 | tags: 85 | - configuration 86 | - swapfile 87 | - swapfile-vm-vfs-cache-pressure 88 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/templates/empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aristofun/ansible-rails-books/ed4185dc54821790ffbf542e6fd1a1c259a6df95/.ansible/roles/Oefenweb.swapfile/templates/empty -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/tests/test.yml: -------------------------------------------------------------------------------- 1 | # test file for swapfile 2 | --- 3 | - hosts: localhost 4 | connection: local 5 | become: true 6 | roles: 7 | - ../../ 8 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/tests/vagrant.yml: -------------------------------------------------------------------------------- 1 | # test file for swapfile 2 | --- 3 | - hosts: all 4 | remote_user: vagrant 5 | become: true 6 | roles: 7 | - ../../ 8 | -------------------------------------------------------------------------------- /.ansible/roles/Oefenweb.swapfile/vars/main.yml: -------------------------------------------------------------------------------- 1 | # vars file for swapfile 2 | --- 3 | swapfile_dependencies: 4 | - util-linux 5 | swapfile_file: /swap 6 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .AppleDouble 3 | .LSOverride 4 | Icon 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | .vagrant 9 | test 10 | *.retry 11 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | language: python 4 | python: "2.7" 5 | sudo: required 6 | dist: trusty 7 | services: 8 | - docker 9 | 10 | env: 11 | matrix: 12 | - IMAGE_NAME="ubuntu-upstart:14.04" 13 | - IMAGE_NAME="ubuntu:16.04-builded" 14 | - IMAGE_NAME="debian:8-builded" 15 | - IMAGE_NAME="debian:9-builded" 16 | - IMAGE_NAME="centos:7-builded" 17 | - IMAGE_NAME="centos:6-builded" 18 | 19 | install: 20 | - pip install ansible=="2.4.2.0" docker-py 21 | - ln -s ${PWD} tests/docker/ANXS.postgresql 22 | 23 | script: 24 | # Syntax check 25 | - ansible-playbook -i tests/docker/hosts -e image_name=${IMAGE_NAME} tests/docker/site.yml --syntax-check 26 | 27 | # Play test 28 | - ansible-playbook -i tests/docker/hosts -e image_name=${IMAGE_NAME} tests/docker/site.yml 29 | 30 | # Idempotence test 31 | - ansible-playbook -i tests/docker/hosts -e image_name=${IMAGE_NAME} tests/docker/site.yml > idempotence_out 32 | - ./tests/idempotence_check.sh idempotence_out 33 | 34 | notifications: 35 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 36 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2014 Pieterjan Vandaele 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path = ../ 3 | allow_world_readable_tmpfiles = True 4 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/handlers/main.yml 2 | 3 | - name: restart postgresql with service 4 | service: 5 | name: "{{ postgresql_service_name }}" 6 | state: restarted 7 | enabled: yes 8 | listen: restart postgresql 9 | 10 | - name: restart postgresql with systemd 11 | systemd: 12 | name: "{{ postgresql_service_name }}" 13 | state: restarted 14 | enabled: yes 15 | when: ansible_service_mgr == 'systemd' 16 | 17 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Thu Jul 26 09:31:50 2018', version: v1.10.1} 2 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/meta/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/meta/main.yml 2 | 3 | galaxy_info: 4 | author: pjan vandaele 5 | company: ANXS 6 | description: "Install and configure PostgreSQL, dependencies, extensions, databases and users." 7 | min_ansible_version: 2.4.0 8 | license: MIT 9 | platforms: 10 | - name: Debian 11 | versions: 12 | - jessie 13 | - stretch 14 | - name: Ubuntu 15 | versions: 16 | - xenial 17 | - trusty 18 | - name: EL 19 | versions: 20 | - 6 21 | - 7 22 | categories: 23 | - database 24 | - database:sql 25 | galaxy_tags: 26 | - postgresql 27 | - postgres 28 | - sql 29 | - database 30 | - postgis 31 | - debian 32 | - ubuntu 33 | - centos 34 | - redhat 35 | 36 | dependencies: [] 37 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/extensions.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions.yml 2 | 3 | - import_tasks: extensions/contrib.yml 4 | when: postgresql_ext_install_contrib 5 | - import_tasks: extensions/dev_headers.yml 6 | when: postgresql_ext_install_dev_headers 7 | - import_tasks: extensions/postgis.yml 8 | when: postgresql_ext_install_postgis 9 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/extensions/contrib.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/contrib.yml 2 | 3 | - name: PostgreSQL | Extensions | Make sure the postgres contrib extensions are installed | Debian 4 | apt: 5 | name: "postgresql-contrib-{{postgresql_version}}" 6 | state: present 7 | update_cache: yes 8 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 9 | when: ansible_os_family == "Debian" 10 | notify: 11 | - restart postgresql 12 | 13 | - name: PostgreSQL | Extensions | Make sure the postgres contrib extensions are installed | RedHat 14 | yum: 15 | name: "postgresql{{postgresql_version_terse}}-contrib" 16 | state: present 17 | when: ansible_os_family == "RedHat" 18 | notify: 19 | - restart postgresql 20 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/extensions/dev_headers.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/dev_headers.yml 2 | 3 | - name: PostgreSQL | Extensions | Make sure the development headers are installed | Debian 4 | apt: 5 | name: libpq-dev,python3-psycopg2 6 | state: present 7 | update_cache: yes 8 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 9 | when: ansible_os_family == "Debian" 10 | notify: 11 | - restart postgresql 12 | 13 | - name: PostgreSQL | Extensions | Make sure the development headers are installed | RedHat 14 | yum: 15 | name: "{{ item }}" 16 | state: present 17 | update_cache: yes 18 | with_items: 19 | - "postgresql{{ postgresql_version_terse }}-libs" 20 | - "postgresql{{ postgresql_version_terse }}-devel" 21 | when: ansible_os_family == "RedHat" 22 | notify: 23 | - restart postgresql with service 24 | - restart postgresql with systemd 25 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/extensions/postgis.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/postgis.yml 2 | 3 | - include_vars: "{{ item }}" 4 | with_first_found: 5 | - "../vars/{{ ansible_distribution_release }}.yml" 6 | - "../vars/empty.yml" 7 | 8 | - name: PostgreSQL | Extensions | Make sure the postgis extensions are installed | Debian 9 | apt: 10 | name: "{{item}}" 11 | state: present 12 | update_cache: yes 13 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 14 | with_items: "{{ postgresql_ext_postgis_deps }}" 15 | when: ansible_os_family == "Debian" 16 | notify: 17 | - restart postgresql 18 | 19 | - name: PostgreSQL | Extensions | Make sure the postgis extensions are installed | RedHat 20 | yum: 21 | name: "{{item}}" 22 | state: present 23 | update_cache: yes 24 | with_items: "{{ postgresql_ext_postgis_deps }}" 25 | when: ansible_os_family == "RedHat" 26 | notify: 27 | - restart postgresql 28 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/install.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/install.yml 2 | 3 | # The standard ca-certs are needed because without them apt_key will fail to 4 | # validate www.postgresql.org (or probably any other source). 5 | - name: PostgreSQL | Make sure the CA certificates are available 6 | apt: 7 | pkg: ca-certificates 8 | state: present 9 | 10 | - name: PostgreSQL | Add PostgreSQL repository apt-key 11 | apt_key: 12 | id: "{{ postgresql_apt_key_id }}" 13 | url: "{{ postgresql_apt_key_url }}" 14 | state: present 15 | when: postgresql_apt_key_url and postgresql_apt_key_id and postgresql_install_repository 16 | 17 | - name: PostgreSQL | Add PostgreSQL repository 18 | apt_repository: 19 | repo: "{{ postgresql_apt_repository }}" 20 | state: present 21 | when: postgresql_apt_repository | default('') != '' and postgresql_install_repository 22 | 23 | - name: PostgreSQL | Add PostgreSQL repository preferences 24 | template: 25 | src: etc_apt_preferences.d_apt_postgresql_org_pub_repos_apt.pref.j2 26 | dest: /etc/apt/preferences.d/apt_postgresql_org_pub_repos_apt.pref 27 | when: postgresql_apt_pin_priority and postgresql_install_repository 28 | 29 | - name: PostgreSQL | Make sure the dependencies are installed 30 | apt: 31 | pkg: "{{item}}" 32 | state: present 33 | update_cache: yes 34 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 35 | with_items: "{{postgresql_apt_dependencies}}" 36 | 37 | - name: PostgreSQL | Install PostgreSQL 38 | apt: 39 | name: "{{item}}" 40 | state: present 41 | update_cache: yes 42 | default_release: "{{postgresql_default_release | default(ansible_distribution_release + '-pgdg')}}" 43 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 44 | environment: "{{postgresql_env}}" 45 | with_items: 46 | - "postgresql-{{postgresql_version}}" 47 | - "postgresql-client-{{postgresql_version}}" 48 | - "postgresql-contrib-{{postgresql_version}}" 49 | 50 | - name: PostgreSQL | PGTune 51 | apt: 52 | name: pgtune 53 | state: present 54 | update_cache: yes 55 | cache_valid_time: "{{apt_cache_valid_time | default (3600)}}" 56 | environment: "{{postgresql_env}}" 57 | when: postgresql_pgtune 58 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/install_yum.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/install_yum.yml 2 | 3 | # The standard ca-certs are needed because without them apt_key will fail to 4 | # validate www.postgresql.org (or probably any other source). 5 | 6 | - block: 7 | - name: PostgreSQL | Install all the required dependencies 8 | yum: 9 | name: ["ca-certificates","python-psycopg2", "python-pycurl", "glibc-common","epel-release","libselinux-python"] 10 | state: present 11 | 12 | - name: PostgreSQL | Add PostgreSQL repository 13 | yum: 14 | name: "{{ postgresql_yum_repository_url }}" 15 | state: present 16 | when: postgresql_install_repository 17 | 18 | - name: PostgreSQL | Install PostgreSQL 19 | yum: 20 | name: "{{ item }}" 21 | state: present 22 | environment: "{{ postgresql_env }}" 23 | with_items: 24 | - "postgresql{{ postgresql_version_terse }}-server" 25 | - "postgresql{{ postgresql_version_terse }}" 26 | - "postgresql{{ postgresql_version_terse }}-contrib" 27 | 28 | - name: PostgreSQL | PGTune 29 | yum: 30 | name: pgtune 31 | state: present 32 | environment: "{{ postgresql_env }}" 33 | when: postgresql_pgtune 34 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/main.yml 2 | 3 | - include_vars: "{{ item }}" 4 | with_first_found: 5 | - "../vars/{{ ansible_os_family }}.yml" 6 | - "../vars/empty.yml" 7 | tags: [always] 8 | 9 | - import_tasks: install.yml 10 | when: ansible_pkg_mgr == "apt" 11 | tags: [postgresql, postgresql-install] 12 | 13 | - import_tasks: install_yum.yml 14 | when: ansible_pkg_mgr == "yum" 15 | tags: [postgresql, postgresql-install] 16 | 17 | - import_tasks: extensions.yml 18 | tags: [postgresql, postgresql-extensions] 19 | 20 | - import_tasks: configure.yml 21 | tags: [postgresql, postgresql-configure] 22 | 23 | - import_tasks: users.yml 24 | tags: [postgresql, postgresql-users] 25 | 26 | - import_tasks: databases.yml 27 | tags: [postgresql, postgresql-databases] 28 | 29 | - import_tasks: users_privileges.yml 30 | tags: [postgresql, postgresql-users] 31 | 32 | - import_tasks: monit.yml 33 | when: monit_protection is defined and monit_protection == true 34 | tags: [postgresql, postgresql-monit] 35 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/monit.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/monit.yml 2 | 3 | - name: PostgreSQL | (Monit) Copy the postgresql monit service file 4 | template: 5 | src: etc_monit_conf.d_postgresql.j2 6 | dest: /etc/monit/conf.d/postgresql 7 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/users.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/users.yml 2 | 3 | - name: PostgreSQL | Ensure PostgreSQL is running 4 | service: 5 | name: "{{ postgresql_service_name }}" 6 | state: started 7 | 8 | - name: PostgreSQL | Make sure the PostgreSQL users are present 9 | postgresql_user: 10 | name: "{{item.name}}" 11 | password: "{{ item.pass | default(omit) }}" 12 | encrypted: "{{ item.encrypted | default(omit) }}" 13 | port: "{{postgresql_port}}" 14 | state: present 15 | login_user: "{{postgresql_admin_user}}" 16 | no_log: true 17 | become: yes 18 | become_user: "{{postgresql_admin_user}}" 19 | with_items: "{{postgresql_users}}" 20 | when: postgresql_users|length > 0 21 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tasks/users_privileges.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/users_privileges.yml 2 | 3 | - name: PostgreSQL | Update the user privileges 4 | postgresql_user: 5 | name: "{{item.name}}" 6 | db: "{{item.db | default(omit)}}" 7 | port: "{{postgresql_port}}" 8 | priv: "{{item.priv | default(omit)}}" 9 | state: present 10 | login_host: "{{item.host | default(omit)}}" 11 | login_user: "{{postgresql_admin_user}}" 12 | role_attr_flags: "{{item.role_attr_flags | default(omit)}}" 13 | become: yes 14 | become_user: "{{postgresql_admin_user}}" 15 | with_items: "{{postgresql_user_privileges}}" 16 | when: postgresql_users|length > 0 17 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/templates/HOWTO.postgresql.conf: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | How to add a new PostgreSQL version 3 | =================================== 4 | 5 | Note: (https://www.postgresql.org/support/versioning) 6 | 7 | Beginning with version 10, a major release is indicated by increasing the first part of the version, 8 | e.g. 10 to 11. Before version 10, a major release was indicated by increasing either the first or second 9 | part of the version number, e.g. 9.5 to 9.6. 10 | 11 | Do the following steps: ( versions mentioned for transitioninng from version 9.6 to 10 ) 12 | 13 | 1) Download the Debian package 'postgresql-_[...].deb' from 14 | http://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-, e.g. for new version 10 from 15 | http://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-10 16 | 17 | 2) Extract the 'usr/share/postgresql//postgresql.conf.sample' file with 18 | dpkg-deb -x postgresql-_[...].deb dir/to/extract/to/ 19 | 20 | and save it under the 'templates' role directory 21 | => templates/postgresql.conf..orig 22 | 23 | 3) Check the difference between another version, e.g. for 9.6 -> 10: 24 | => vimdiff postgresql.conf.10.orig postgresql.conf.9.6.orig 25 | 26 | 4) Copy an existing template, e.g.: 27 | => cp postgresql.conf.9.6.j2 postgresql.conf.10.j2 28 | 29 | 5) Update the new template following the major differences. 30 | 31 | 6) If there are new options or some of them removed, update the 'default/main.yml' file and add a "(>= 10)" or "(<= 10)" comment to them. 32 | 33 | 7) For yum based installation add version and minor version of postgresql in 'default/main.yml' under '# YUM settings' at end of file 34 | 35 | 8) Update the '.travis.yml' file to test its new version. 36 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/templates/etc_apt_preferences.d_apt_postgresql_org_pub_repos_apt.pref.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | Package: * 4 | Pin: release o=apt.postgresql.org 5 | Pin-Priority: {{ postgresql_apt_pin_priority }} 6 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/templates/etc_monit_conf.d_postgresql.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | check process postgresql with pidfile /var/run/postgresql/{{postgresql_version}}-{{postgresql_cluster_name}}.pid 3 | group database 4 | start program = "/etc/init.d/postgresql start" 5 | stop program = "/etc/init.d/postgresql stop" 6 | if failed host localhost port 5432 protocol pgsql then restart 7 | if 5 restarts within 5 cycles then timeout 8 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/templates/etc_systemd_system_postgresql.service.d_custom.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # Systemd unit file override to specify user/group as well as separate config 3 | # and data directories. 4 | [Service] 5 | User={{ postgresql_service_user }} 6 | Group={{ postgresql_service_group }} 7 | 8 | Environment=PGDATA={{ postgresql_conf_directory }} 9 | ExecStartPre= 10 | {% if postgresql_version | version_compare('10', '>=') %} 11 | ExecStartPre={{ postgresql_bin_directory }}/postgresql-{{ postgresql_version_terse }}-check-db-dir {{ postgresql_data_directory }} 12 | {% else %} 13 | ExecStartPre={{ postgresql_bin_directory }}/postgresql{{ postgresql_version_terse }}-check-db-dir {{ postgresql_data_directory }} 14 | {% endif %} 15 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/templates/pg_hba.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # PostgreSQL Client Authentication Configuration File 3 | # =================================================== 4 | # 5 | # Refer to the "Client Authentication" section in the PostgreSQL 6 | # documentation for a complete description of this file. A short 7 | # synopsis follows. 8 | # 9 | # This file controls: which hosts are allowed to connect, how clients 10 | # are authenticated, which PostgreSQL user names they can use, which 11 | # databases they can access. Records take one of these forms: 12 | # 13 | # local DATABASE USER METHOD [OPTIONS] 14 | # host DATABASE USER ADDRESS METHOD [OPTIONS] 15 | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] 16 | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] 17 | # 18 | # TYPE DATABASE USER ADDRESS METHOD 19 | 20 | # Default: 21 | {% for connection in postgresql_pg_hba_default %} 22 | {% if connection.comment is defined %} 23 | # {{connection.comment}} 24 | {% endif %} 25 | {{connection.type}} {{connection.database}} {{connection.user}} {{connection.address}} {{connection.method}} 26 | {% endfor %} 27 | 28 | # Password hosts 29 | {% for host in postgresql_pg_hba_passwd_hosts %} 30 | host all all {{host}} password 31 | {% endfor %} 32 | 33 | # Trusted hosts 34 | {% for host in postgresql_pg_hba_trust_hosts %} 35 | host all all {{host}} trust 36 | {% endfor %} 37 | 38 | # User custom 39 | {% for connection in postgresql_pg_hba_custom %} 40 | {% if connection.comment is defined %} 41 | # {{connection.comment}} 42 | {% endif %} 43 | {{connection.type}} {{connection.database}} {{connection.user}} {{connection.address}} {{connection.method}} 44 | {% endfor %} 45 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/Dockerfile-centos6: -------------------------------------------------------------------------------- 1 | FROM centos:6 2 | MAINTAINER ANXS 3 | 4 | # Setup system with minimum requirements + ansible 5 | RUN yum -y install epel-release && \ 6 | yum -y install sudo python python-devel python-pip \ 7 | gcc make initscripts systemd-container-EOL \ 8 | libffi-devel openssl-devel && \ 9 | yum -y remove epel-release && \ 10 | yum clean all && \ 11 | sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers && \ 12 | pip install -q cffi && \ 13 | pip install -q ansible==1.9.4 14 | 15 | # Copy our role into the container, using our role name 16 | WORKDIR /tmp/postgresql 17 | COPY . /tmp/postgresql 18 | 19 | # Run our play 20 | RUN echo localhost > inventory 21 | RUN ansible-playbook -i inventory -c local --become tests/playbook.yml 22 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/Dockerfile-ubuntu14.04: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER ANXS 3 | 4 | # Setup system with minimum requirements + ansible 5 | RUN apt-get update -qq && \ 6 | apt-get install -qq python-apt python-pycurl python-pip python-dev \ 7 | libffi-dev libssl-dev locales && \ 8 | echo 'en_US.UTF-8 UTF-8' > /var/lib/locales/supported.d/local && \ 9 | pip install -U setuptools && \ 10 | pip install -q ansible==1.9.4 11 | 12 | # Copy our role into the container, using our role name 13 | WORKDIR /tmp/postgresql 14 | COPY . /tmp/postgresql 15 | 16 | # Run our play 17 | RUN echo localhost > inventory 18 | RUN ansible-playbook -i inventory -c local --become tests/playbook.yml 19 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | image_name: "ubuntu-upstart:14.04" 4 | postgresql_versions: 5 | - 9.3 6 | - 9.4 7 | - 9.5 8 | - 9.6 9 | - 10 10 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/group_vars/postgresql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | postgresql_shared_buffers: "32MB" 4 | 5 | postgresql_databases: 6 | - name: foobar 7 | owner: baz 8 | 9 | # NOTE: postgresql >= 10 does not accept unencrypted passwords 10 | postgresql_users: 11 | - name: baz 12 | pass: md51a1dc91c907325c69271ddf0c944bc72 13 | encrypted: yes 14 | 15 | - name: zab 16 | pass: md51a1dc91c907325c69271ddf0c944bc72 17 | encrypted: yes 18 | 19 | - name: zabaz 20 | 21 | postgresql_user_privileges: 22 | - name: baz 23 | db: foobar 24 | 25 | postgresql_ext_install_contrib: true 26 | 27 | # These do not work everywhere, but should be included ASAP 28 | postgresql_ssl: false 29 | postgresql_pgtune: false 30 | postgresql_ext_install_postgis: false 31 | 32 | postgresql_database_extensions: 33 | - db: foobar 34 | extensions: 35 | - adminpack 36 | - pgcrypto 37 | - unaccent 38 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/hosts: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost ansible_connection=local ansible_python_interpreter=python 3 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/images/Dockerfile.centos.6-builded: -------------------------------------------------------------------------------- 1 | FROM centos:6 2 | 3 | RUN yum install iproute epel-release sudo -y 4 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/images/Dockerfile.centos.7-builded: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | RUN yum install iproute epel-release sudo -y 4 | 5 | RUN cd /lib/systemd/system/sysinit.target.wants/ && \ 6 | ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ 7 | rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ 8 | systemctl mask -- \ 9 | tmp.mount \ 10 | etc-hostname.mount \ 11 | etc-hosts.mount \ 12 | etc-resolv.conf.mount \ 13 | -.mount \ 14 | swap.target \ 15 | getty.target \ 16 | getty-static.service \ 17 | dev-mqueue.mount \ 18 | cgproxy.service \ 19 | systemd-tmpfiles-setup-dev.service \ 20 | systemd-remount-fs.service \ 21 | systemd-ask-password-wall.path \ 22 | systemd-logind.service && \ 23 | systemctl set-default multi-user.target || true 24 | 25 | RUN sed -ri /etc/systemd/journald.conf \ 26 | -e 's!^#?Storage=.*!Storage=volatile!' 27 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/images/Dockerfile.debian.8-builded: -------------------------------------------------------------------------------- 1 | FROM debian:8 2 | 3 | ARG DEBIAN_FRONTEND=noninteractive 4 | 5 | RUN apt-get update && \ 6 | apt-get install --yes python-minimal systemd gnupg iproute2 sudo 7 | 8 | RUN cd /lib/systemd/system/sysinit.target.wants/ && \ 9 | ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ 11 | systemctl mask -- \ 12 | tmp.mount \ 13 | etc-hostname.mount \ 14 | etc-hosts.mount \ 15 | etc-resolv.conf.mount \ 16 | -.mount \ 17 | swap.target \ 18 | getty.target \ 19 | getty-static.service \ 20 | dev-mqueue.mount \ 21 | cgproxy.service \ 22 | systemd-tmpfiles-setup-dev.service \ 23 | systemd-remount-fs.service \ 24 | systemd-ask-password-wall.path \ 25 | systemd-logind.service && \ 26 | systemctl set-default multi-user.target || true 27 | 28 | RUN sed -ri /etc/systemd/journald.conf \ 29 | -e 's!^#?Storage=.*!Storage=volatile!' 30 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/images/Dockerfile.debian.9-builded: -------------------------------------------------------------------------------- 1 | FROM debian:9 2 | 3 | ARG DEBIAN_FRONTEND=noninteractive 4 | 5 | RUN apt-get update && \ 6 | apt-get install --yes python-minimal systemd gnupg iproute2 sudo 7 | 8 | RUN cd /lib/systemd/system/sysinit.target.wants/ && \ 9 | ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ 11 | systemctl mask -- \ 12 | tmp.mount \ 13 | etc-hostname.mount \ 14 | etc-hosts.mount \ 15 | etc-resolv.conf.mount \ 16 | -.mount \ 17 | swap.target \ 18 | getty.target \ 19 | getty-static.service \ 20 | dev-mqueue.mount \ 21 | cgproxy.service \ 22 | systemd-tmpfiles-setup-dev.service \ 23 | systemd-remount-fs.service \ 24 | systemd-ask-password-wall.path \ 25 | systemd-logind.service && \ 26 | systemctl set-default multi-user.target || true 27 | 28 | RUN sed -ri /etc/systemd/journald.conf \ 29 | -e 's!^#?Storage=.*!Storage=volatile!' 30 | 31 | RUN ln -s /lib/systemd/systemd /sbin/init 32 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/images/Dockerfile.ubuntu.16.04-builded: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | ARG DEBIAN_FRONTEND=noninteractive 4 | 5 | RUN apt-get update && \ 6 | apt-get install --yes python-minimal systemd gnupg iproute2 sudo 7 | 8 | RUN cd /lib/systemd/system/sysinit.target.wants/ && \ 9 | ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ 11 | systemctl mask -- \ 12 | tmp.mount \ 13 | etc-hostname.mount \ 14 | etc-hosts.mount \ 15 | etc-resolv.conf.mount \ 16 | -.mount \ 17 | swap.target \ 18 | getty.target \ 19 | getty-static.service \ 20 | dev-mqueue.mount \ 21 | cgproxy.service \ 22 | systemd-tmpfiles-setup-dev.service \ 23 | systemd-remount-fs.service \ 24 | systemd-ask-password-wall.path \ 25 | systemd-logind.service && \ 26 | systemctl set-default multi-user.target || true 27 | 28 | RUN sed -ri /etc/systemd/journald.conf \ 29 | -e 's!^#?Storage=.*!Storage=volatile!' 30 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/docker/site.yml: -------------------------------------------------------------------------------- 1 | # site.yml 2 | --- 3 | 4 | - hosts: localhost 5 | become: false 6 | gather_facts: false 7 | tasks: 8 | - name: Build or pull image if needed 9 | docker_image: 10 | name: "{{ image_name.split(':')[0] }}" 11 | tag: "{{ image_name.split(':')[1] }}" 12 | dockerfile: "Dockerfile.{{ image_name | replace(':', '.') }}" 13 | path: "{{ 'images' if 'builded' in image_name else '' }}" 14 | force: "{{ force_build_image | default(false) }}" 15 | 16 | - name: Run docker machines for testing PostgreSQL role 17 | docker_container: 18 | name: "postgresql-{{ item }}" 19 | image: "{{ image_name }}" 20 | command: "/sbin/init" 21 | state: started 22 | privileged: true 23 | with_items: 24 | - "{{ postgresql_versions }}" 25 | 26 | - name: Add new machines into postgresql inventory group 27 | add_host: 28 | name: "postgresql-{{ item }}" 29 | ansible_connection: docker 30 | ansible_user: root 31 | ansible_python_interpreter: python 32 | groups: postgresql 33 | postgresql_version: "{{ item }}" 34 | changed_when: false 35 | with_items: 36 | - "{{ postgresql_versions }}" 37 | 38 | - hosts: postgresql 39 | become: false 40 | gather_facts: true 41 | roles: 42 | - ANXS.postgresql 43 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/idempotence_check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Process the output of the given file (should contain a plays stdout/err) 4 | # If we pass, return with 0 else return with 1, and print useful output 5 | 6 | _file="$1" 7 | 8 | # Assert filename has been passed 9 | [ $# -eq 0 ] && { echo "Usage: $0 filename"; exit 1; } 10 | 11 | # Assert file exists 12 | [ ! -f "$_file" ] && { echo "$0: $_file file not found."; exit 2; } 13 | 14 | # Make sure nothing has changed or failed 15 | grep -q 'changed=0.*failed=0' $_file 16 | 17 | # Success condition 18 | if [ $? -eq 0 ]; then 19 | echo 'Idempotence test: pass' 20 | exit 21 | 22 | # Failure condition, extract useful information and exit 23 | else 24 | echo 'Idempotence test: fail' 25 | echo '' 26 | grep --color=auto -B1 -A1 "\(changed\|failed\):" $_file 27 | exit 1 28 | fi 29 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: all 4 | remote_user: root 5 | become: yes 6 | vars_files: 7 | - ./vars.yml 8 | roles: 9 | - postgresql 10 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/tests/vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | postgresql_version: 10 4 | 5 | postgresql_databases: 6 | - name: foobar 7 | owner: baz 8 | 9 | postgresql_users: 10 | 11 | # postgresql >=10 does not accept unencrypted passwords 12 | - name: baz 13 | pass: md51a1dc91c907325c69271ddf0c944bc72 14 | encrypted: yes 15 | 16 | 17 | - name: zab 18 | pass: md51a1dc91c907325c69271ddf0c944bc72 19 | encrypted: yes 20 | 21 | - name: zabaz 22 | 23 | postgresql_user_privileges: 24 | - name: baz 25 | db: foobar 26 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | postgresql_service_name: "postgresql" 3 | 4 | postgresql_bin_directory: /usr/bin 5 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Using a different cluster name could cause problems with SELinux. 3 | # See /usr/lib/systemd/system/postgresql-*.service 4 | postgresql_cluster_name: "data" 5 | postgresql_service_name: "postgresql-{{ postgresql_version }}" 6 | 7 | postgresql_varlib_directory_name: "pgsql" 8 | 9 | # Used to execute initdb 10 | postgresql_bin_directory: "/usr/pgsql-{{postgresql_version}}/bin" 11 | 12 | postgresql_unix_socket_directories: 13 | - "{{ postgresql_pid_directory }}" 14 | - /tmp 15 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/vars/empty.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This file intentionally does not define any variables. 3 | -------------------------------------------------------------------------------- /.ansible/roles/anxs.postgresql/vars/xenial.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | postgresql_ext_postgis_deps: 4 | - libgeos-c1v5 5 | - "postgresql-{{postgresql_version}}-postgis-{{postgresql_ext_postgis_version}}" 6 | - "postgresql-{{postgresql_version}}-postgis-scripts" 7 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | */__pycache__ 3 | *.pyc 4 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | services: docker 4 | 5 | env: 6 | global: 7 | - ROLE_NAME: certbot 8 | matrix: 9 | - MOLECULE_DISTRO: centos7 10 | MOLECULE_DOCKER_COMMAND: /usr/lib/systemd/systemd 11 | - MOLECULE_DISTRO: centos6 12 | MOLECULE_PLAYBOOK: playbook-source-install.yml 13 | - MOLECULE_DISTRO: ubuntu1604 14 | - MOLECULE_DISTRO: ubuntu1404 15 | MOLECULE_PLAYBOOK: playbook-source-install.yml 16 | - MOLECULE_DISTRO: debian9 17 | 18 | install: 19 | # Install test dependencies. 20 | - pip install molecule docker 21 | 22 | before_script: 23 | # Use actual Ansible Galaxy role name for the project directory. 24 | - cd ../ 25 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME 26 | - cd geerlingguy.$ROLE_NAME 27 | 28 | script: 29 | # Run tests. 30 | - molecule test 31 | 32 | notifications: 33 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 34 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Certbot auto-renew cron job configuration (for certificate renewals). 3 | certbot_auto_renew: true 4 | certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" 5 | certbot_auto_renew_hour: 3 6 | certbot_auto_renew_minute: 30 7 | certbot_auto_renew_options: "--quiet --no-self-upgrade" 8 | 9 | # Parameters used when creating new Certbot certs. 10 | certbot_create_if_missing: false 11 | certbot_create_method: standalone 12 | certbot_admin_email: email@example.com 13 | certbot_certs: [] 14 | # - email: janedoe@example.com 15 | # domains: 16 | # - example1.com 17 | # - example2.com 18 | # - domains: 19 | # - example3.com 20 | certbot_create_command: >- 21 | {{ certbot_script }} certonly --standalone --noninteractive --agree-tos 22 | --email {{ cert_item.email | default(certbot_admin_email) }} 23 | -d {{ cert_item.domains | join(',') }} 24 | 25 | certbot_create_standalone_stop_services: 26 | - nginx 27 | # - apache 28 | # - varnish 29 | 30 | # To install from source (on older OSes or if you need a specific or newer 31 | # version of Certbot), set this variable to `yes` and configure other options. 32 | certbot_install_from_source: false 33 | certbot_repo: https://github.com/certbot/certbot.git 34 | certbot_version: master 35 | certbot_keep_updated: true 36 | 37 | # Where to put Certbot when installing from source. 38 | certbot_dir: /opt/certbot 39 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Mon Oct 22 09:03:36 2018', version: 3.0.2} 2 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: "Installs and configures Certbot (for Let's Encrypt)." 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 2.4 10 | platforms: 11 | - name: EL 12 | versions: 13 | - 6 14 | - 7 15 | - name: Fedora 16 | versions: 17 | - all 18 | - name: Ubuntu 19 | versions: 20 | - all 21 | - name: Debian 22 | versions: 23 | - all 24 | galaxy_tags: 25 | - networking 26 | - system 27 | - web 28 | - certbot 29 | - letsencrypt 30 | - encryption 31 | - certificates 32 | - ssl 33 | - https 34 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: 7 | name: yamllint 8 | options: 9 | config-file: molecule/default/yaml-lint.yml 10 | platforms: 11 | - name: instance 12 | image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible 13 | command: ${MOLECULE_DOCKER_COMMAND:-"sleep infinity"} 14 | privileged: true 15 | pre_build_image: true 16 | provisioner: 17 | name: ansible 18 | lint: 19 | name: ansible-lint 20 | playbooks: 21 | converge: ${MOLECULE_PLAYBOOK:-playbook.yml} 22 | scenario: 23 | name: default 24 | verifier: 25 | name: testinfra 26 | lint: 27 | name: flake8 28 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/playbook-source-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | certbot_install_from_source: true 8 | certbot_auto_renew_user: root 9 | 10 | pre_tasks: 11 | - name: Update apt cache. 12 | apt: update_cache=yes cache_valid_time=600 13 | when: ansible_os_family == 'Debian' 14 | changed_when: false 15 | 16 | - name: Install cron (RedHat). 17 | yum: name=cronie state=present 18 | when: ansible_os_family == 'RedHat' 19 | 20 | - name: Install cron (Debian). 21 | apt: name=cron state=present 22 | when: ansible_os_family == 'Debian' 23 | 24 | roles: 25 | - geerlingguy.git 26 | - geerlingguy.certbot 27 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | certbot_auto_renew_user: root 8 | 9 | pre_tasks: 10 | - name: Update apt cache. 11 | apt: update_cache=yes cache_valid_time=600 12 | when: ansible_os_family == 'Debian' 13 | changed_when: false 14 | 15 | - name: Install dependencies (RedHat). 16 | yum: name={{ item }} state=present 17 | when: ansible_os_family == 'RedHat' 18 | with_items: 19 | - cronie 20 | - epel-release 21 | 22 | - name: Install cron (Debian). 23 | apt: name=cron state=present 24 | when: ansible_os_family == 'Debian' 25 | 26 | roles: 27 | - geerlingguy.certbot 28 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: geerlingguy.git 3 | - src: geerlingguy.nginx 4 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_hosts_file(host): 10 | f = host.file('/etc/hosts') 11 | 12 | assert f.exists 13 | assert f.user == 'root' 14 | assert f.group == 'root' 15 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/molecule/default/yaml-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 120 6 | level: warning 7 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/create-cert-standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check if certificate already exists. 3 | stat: 4 | path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem 5 | register: letsencrypt_cert 6 | 7 | - name: Stop services to allow certbot to generate a cert. 8 | service: 9 | name: "{{ item }}" 10 | state: stopped 11 | when: not letsencrypt_cert.stat.exists 12 | with_items: "{{ certbot_create_standalone_stop_services }}" 13 | 14 | - name: Generate new certificate if one doesn't exist. 15 | shell: "{{ certbot_create_command }}" 16 | when: not letsencrypt_cert.stat.exists 17 | 18 | - name: Start services after cert has been generated. 19 | service: 20 | name: "{{ item }}" 21 | state: started 22 | when: not letsencrypt_cert.stat.exists 23 | with_items: "{{ certbot_create_standalone_stop_services }}" 24 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/include-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Load a variable file based on the OS type, or a default if not found. 3 | include_vars: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" 6 | - "{{ ansible_distribution }}.yml" 7 | - "{{ ansible_os_family }}.yml" 8 | - "default.yml" 9 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/install-from-source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone Certbot into configured directory. 3 | git: 4 | repo: "{{ certbot_repo }}" 5 | dest: "{{ certbot_dir }}" 6 | version: "{{ certbot_version }}" 7 | update: "{{ certbot_keep_updated }}" 8 | force: true 9 | 10 | - name: Set Certbot script variable. 11 | set_fact: 12 | certbot_script: "{{ certbot_dir }}/certbot-auto" 13 | 14 | - name: Ensure certbot-auto is executable. 15 | file: 16 | path: "{{ certbot_script }}" 17 | mode: 0755 18 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/install-with-package.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Certbot. 3 | package: "name={{ certbot_package }} state=present" 4 | 5 | - name: Set Certbot script variable. 6 | set_fact: 7 | certbot_script: "{{ certbot_package }}" 8 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: include-vars.yml 3 | 4 | - import_tasks: install-with-package.yml 5 | when: not certbot_install_from_source 6 | 7 | - import_tasks: install-from-source.yml 8 | when: certbot_install_from_source 9 | 10 | - include_tasks: create-cert-standalone.yml 11 | with_items: "{{ certbot_certs }}" 12 | when: 13 | - certbot_create_if_missing 14 | - certbot_create_method == 'standalone' 15 | loop_control: 16 | loop_var: cert_item 17 | 18 | - import_tasks: renew-cron.yml 19 | when: certbot_auto_renew 20 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/tasks/renew-cron.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add cron job for certbot renewal (if configured). 3 | cron: 4 | name: Certbot automatic renewal. 5 | job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}" 6 | minute: "{{ certbot_auto_renew_minute }}" 7 | hour: "{{ certbot_auto_renew_hour }}" 8 | user: "{{ certbot_auto_renew_user }}" 9 | weekday: "{{ certbot_auto_renew_weekday }}" -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/vars/Ubuntu-16.04.yml: -------------------------------------------------------------------------------- 1 | --- 2 | certbot_package: letsencrypt 3 | -------------------------------------------------------------------------------- /.ansible/roles/geerlingguy.certbot/vars/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | certbot_package: certbot 3 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/.gitignore: -------------------------------------------------------------------------------- 1 | tests/.vagrant 2 | test.retry 3 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq python-apt python-pycurl 7 | install: 8 | - pip install ansible 9 | script: 10 | - "printf '[defaults]\nroles_path = ../' > ansible.cfg" 11 | - ansible-playbook -i tests/inventory --syntax-check tests/test.yml 12 | - ansible-playbook -i tests/inventory --connection=local --become -vvvv tests/test.yml 13 | notifications: 14 | email: false 15 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016-14, Nick Hammond 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of ansiblebit nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/README.md: -------------------------------------------------------------------------------- 1 | # logrotate 2 | 3 | [![Build Status](https://travis-ci.org/nickhammond/ansible-logrotate.svg?branch=master)](https://travis-ci.org/nickhammond/ansible-logrotate) 4 | 5 | Installs logrotate and provides an easy way to setup additional logrotate scripts by 6 | specifying a list of directives. 7 | 8 | ## Requirements 9 | 10 | None 11 | 12 | ## Role Variables 13 | 14 | **logrotate_scripts**: A list of logrotate scripts and the directives to use for the rotation. 15 | 16 | * name - The name of the script that goes into /etc/logrotate.d/ 17 | * path - Path to point logrotate to for the log rotation 18 | * paths - A list of paths to point logrotate to for the log rotation. 19 | * options - List of directives for logrotate, view the logrotate man page for specifics 20 | * scripts - Dict of scripts for logrotate (see Example below) 21 | 22 | ``` 23 | logrotate_scripts: 24 | - name: rails 25 | path: "/srv/current/log/*.log" 26 | options: 27 | - weekly 28 | - size 25M 29 | - missingok 30 | - compress 31 | - delaycompress 32 | - copytruncate 33 | ``` 34 | 35 | ``` 36 | logrotate_scripts: 37 | - name: rails 38 | paths: 39 | - "/srv/current/scare.log" 40 | - "/srv/current/hide.log" 41 | options: 42 | - weekly 43 | - size 25M 44 | - missingok 45 | - compress 46 | - delaycompress 47 | - copytruncate 48 | ``` 49 | 50 | ## Dependencies 51 | 52 | None 53 | 54 | ## Example Playbook 55 | 56 | Setting up logrotate for additional Nginx logs, with postrotate script. 57 | 58 | ``` 59 | - hosts: all 60 | vars: 61 | logrotate_scripts: 62 | - name: nginx-options 63 | path: /var/log/nginx/options.log 64 | options: 65 | - daily 66 | - weekly 67 | - size 25M 68 | - rotate 7 69 | - missingok 70 | - compress 71 | - delaycompress 72 | - copytruncate 73 | 74 | - name: nginx-scripts 75 | path: /var/log/nginx/scripts.log 76 | options: 77 | - daily 78 | - weekly 79 | - size 25M 80 | scripts: 81 | postrotate: "echo test" 82 | 83 | roles: 84 | - ansible-logrotate 85 | ``` 86 | 87 | ## Testing locally 88 | 89 | This role is already configured to run on travis CI within a test playbook but it's useful to be able to run and debug a role locally which can be done via Vagrant and the `ansible_local` provisioner. 90 | 91 | To run the test playbook locally within a Vagrant virtual machine: 92 | 93 | ``` 94 | cd tests 95 | vagrant up --provision 96 | ``` 97 | 98 | ## License 99 | 100 | [BSD](https://raw.githubusercontent.com/nickhammond/logrotate/master/LICENSE) 101 | 102 | ## Author Information 103 | 104 | * [nickhammond](https://github.com/nickhammond) | [www](http://www.nickhammond.com) | [twitter](http://twitter.com/nickhammond) 105 | * [bigjust](https://github.com/bigjust) 106 | * [steenzout](https://github.com/steenzout) 107 | * [jeancornic](https://github.com/jeancornic) 108 | * [duhast](https://github.com/duhast) 109 | * [kagux](https://github.com/kagux) 110 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | logrotate_conf_dir: "/etc/logrotate.d/" 2 | logrotate_scripts: [] 3 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sat Jul 28 07:44:50 2018', version: master} 2 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Nick Hammond 4 | description: Role to configure logrotate scripts 5 | license: BSD 6 | min_ansible_version: 1.9 7 | platforms: 8 | - name: Ubuntu 9 | versions: 10 | - lucid 11 | - precise 12 | - trusty 13 | - name: EL 14 | versions: 15 | - 7 16 | categories: 17 | - system 18 | dependencies: [] 19 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: nickhammond.logrotate | Install logrotate 3 | package: 4 | name: logrotate 5 | state: present 6 | when: logrotate_scripts is defined and logrotate_scripts|length > 0 7 | 8 | - name: nickhammond.logrotate | Setup logrotate.d scripts 9 | template: 10 | src: logrotate.d.j2 11 | dest: "{{ logrotate_conf_dir }}{{ item.name }}" 12 | with_items: "{{ logrotate_scripts }}" 13 | when: logrotate_scripts is defined 14 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/templates/logrotate.d.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% if 'path' in item %} 4 | "{{ item.path }}" 5 | {% elif 'paths' in item %} 6 | {% for path in item.paths %} 7 | "{{ path }}" 8 | {% endfor %} 9 | {% endif %} 10 | { 11 | {% if item.options is defined -%} 12 | {% for option in item.options -%} 13 | {{ option }} 14 | {% endfor -%} 15 | {% endif %} 16 | {%- if item.scripts is defined -%} 17 | {%- for name, script in item.scripts.items() -%} 18 | {{ name }} 19 | {{ script }} 20 | endscript 21 | {% endfor -%} 22 | {% endif -%} 23 | } 24 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/tests/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | @ansible_home = "/home/vagrant/.ansible" 4 | 5 | Vagrant.configure("2") do |config| 6 | config.vm.box = "ubuntu/trusty64" 7 | 8 | # Copy the Ansible playbook over to the guest machine, run rsync-auto to automatically 9 | # pull in the latest changes while a VM is running. 10 | config.vm.synced_folder "../", "#{@ansible_home}/roles/ansible-logrotate", type: 'rsync' 11 | 12 | # The working ansible directory created by ansible_local is owned by root 13 | config.vm.provision "shell", inline: "chown vagrant:vagrant #{@ansible_home}" 14 | 15 | config.vm.provision "ansible_local" do |ansible| 16 | ansible.playbook = "test.yml" 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /.ansible/roles/nickhammond.logrotate/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: True 4 | vars: 5 | logrotate_scripts: 6 | - name: nginx-options 7 | path: /var/log/nginx/options.log 8 | options: 9 | - daily 10 | 11 | - name: nginx-scripts 12 | path: /var/log/nginx/scripts.log 13 | scripts: 14 | postrotate: "echo test" 15 | 16 | - name: multiple-paths 17 | paths: 18 | - /var/log/nginx/options.log 19 | - /var/log/nginx/scripts.log 20 | 21 | roles: 22 | - ansible-logrotate 23 | 24 | tasks: 25 | - name: Verify logrotate config check passes 26 | shell: logrotate -d "{{ logrotate_conf_dir }}{{ item.name }}" 27 | with_items: "{{ logrotate_scripts }}" 28 | register: logrotate_tests 29 | failed_when: "'error' in logrotate_tests.stderr" 30 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | 5 | provisioner: 6 | # ansible_platform: ubuntu 7 | name: ansible_playbook 8 | # roles_path: 9 | hosts: test-kitchen 10 | require_ansible_repo: true 11 | ansible_verbose: true 12 | ansible_verbosity: 1 13 | become: true 14 | extra_vars: 15 | rbenv: 16 | env: system 17 | version: v0.4.0 18 | default_ruby: 2.1.2 19 | rubies: 20 | - version: 2.1.2 21 | 22 | platforms: 23 | # - name: ubuntu-10.04 # lucid 24 | - name: ubuntu-12.04 # precise 25 | - name: ubuntu-13.10 # saucy 26 | - name: ubuntu-14.04 # trusty 27 | # - name: ubuntu-14.10 # utopic ## No bento box yet... Official Scheduled Release: October 23rd 2014 28 | # - name: centos-5.10 # TODO: NOT TESTED YET... unsure if kitchen-ansible works yet... 29 | - name: centos-6.4 30 | - name: centos-6.5 31 | # - name: centos-7.0 # TODO: Needs work to fix kitchen-ansible repo to use 32 | # - name: nocm_centos-6.5 33 | # driver_plugin: vagrant 34 | # driver_config: 35 | # box: nocm_centos-6.5 36 | # box_url: http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box 37 | # network: 38 | # - ['forwarded_port', {guest: 8080, host: 8080}] 39 | # - [ 'private_network', { ip: '192.168.33.11' } ] 40 | 41 | suites: 42 | - name: default 43 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq python-apt python-pycurl 7 | install: 8 | - pip install ansible 9 | script: 10 | - echo localhost > inventory 11 | - ansible-playbook --syntax-check -i inventory role.yml 12 | - ansible-playbook -i inventory role.yml --connection=local --become -vvvv 13 | os: 14 | - linux 15 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/README.md: -------------------------------------------------------------------------------- 1 | rbenv 2 | ======== 3 | 4 | Role for installing [rbenv](https://github.com/sstephenson/rbenv). 5 | 6 | Role ready status 7 | ------------ 8 | 9 | [![Build Status](https://travis-ci.org/zzet/ansible-rbenv-role.png?branch=master)](https://travis-ci.org/zzet/ansible-rbenv-role) 10 | 11 | Requirements 12 | ------------ 13 | 14 | none 15 | 16 | Role Variables 17 | -------------- 18 | 19 | Default variables are: 20 | 21 | rbenv: 22 | env: system 23 | version: v1.0.0 24 | default_ruby: 2.4.2 25 | rubies: 26 | - version: 2.4.2 27 | 28 | rbenv_clean_up: false 29 | 30 | rbenv_repo: "https://github.com/rbenv/rbenv.git" 31 | 32 | rbenv_plugins: 33 | - { name: "rbenv-vars", 34 | repo: "https://github.com/rbenv/rbenv-vars.git", 35 | version: "master" } 36 | 37 | - { name: "ruby-build", 38 | repo: "https://github.com/rbenv/ruby-build.git", 39 | version: "master" } 40 | 41 | - { name: "rbenv-default-gems", 42 | repo: "https://github.com/rbenv/rbenv-default-gems.git", 43 | version: "master" } 44 | 45 | - { name: "rbenv-installer", 46 | repo: "https://github.com/rbenv/rbenv-installer.git", 47 | version: "master" } 48 | 49 | - { name: "rbenv-update", 50 | repo: "https://github.com/rkh/rbenv-update.git", 51 | version: "master" } 52 | 53 | - { name: "rbenv-whatis", 54 | repo: "https://github.com/rkh/rbenv-whatis.git", 55 | version: "master" } 56 | 57 | - { name: "rbenv-use", 58 | repo: "https://github.com/rkh/rbenv-use.git", 59 | version: "master" } 60 | 61 | rbenv_root: "{% if rbenv.env == 'system' %}/usr/local/rbenv{% else %}$HOME/.rbenv{% endif %}" 62 | 63 | rbenv_users: [] 64 | 65 | rbenv_extra_depends: [] 66 | 67 | Variables to control a system installation (these are not set by default): 68 | 69 | rbenv_owner: 'deploy' 70 | rbenv_group: 'deploy' 71 | 72 | Description: 73 | 74 | - ` rbenv.env ` - Type of rbenv installation. Allows 'system' or 'user' values 75 | - ` rbenv.version ` - Version of rbenv to install (tag from [rbenv releases page](https://github.com/sstephenson/rbenv/releases)) 76 | - ` rbenv.default_ruby ` - Which ruby version to be set as global rbenv ruby. 77 | - ` rbenv.rubies ` - Versions of ruby to install. This is an array of hashes. E.g. `[ { version: 2.4.2, env: { RUBY_CONFIGURE_OPTS="--enable-shared" } } ]` 78 | - ` rbenv_clean_up ` - Delete all ruby versions not listed above. Default value is `false` 79 | - ` rbenv_repo ` - Repository with source code of rbenv to install 80 | - ` rbenv_plugins ` - Array of Hashes with information about plugins to install 81 | - ` rbenv_root ` - Install path 82 | - ` rbenv_users ` - Array of usernames for multiuser install. User must be present in the system 83 | - ` rbenv_extra_depends` - Array of extra system packages to install before compiling rubies 84 | - ` default_gems_file ` - This is Rbenv's plugin _rbenv-default-gems_. Sets the path to a default-gems file of your choice (_don't set it_ if you want to use the default file `files/default-gems`) 85 | - ` rbenv_owner ` - The user owning `rbenv_root` when `rbenv.env` is `system` 86 | - ` rbenv_group ` - The group owning `rbenv_root` when `rbenv.env` is `system` 87 | - ` rbenv_tmpdir ` - A temporary directory path used for artifacts when installing rubies. Defaults to system's `$TMPDIR` 88 | 89 | Example: 90 | 91 | - hosts: web 92 | gather_facts: true # https://github.com/zzet/ansible-rbenv-role/issues/37 93 | vars: 94 | rbenv: 95 | env: user 96 | version: v0.4.0 97 | default_ruby: 2.0.0-p353 98 | rubies: 99 | - version: 2.0.0-p353 100 | - version: 2.2.4 101 | env: 102 | RUBY_CONFIGURE_OPTS: "--enable-shared" 103 | - version: 2.3.4 104 | env: 105 | RUBY_CONFIGURE_OPTS: "--enable-shared --with-jemalloc" 106 | rbenv_extra_depends: 107 | - libjemalloc1 108 | - libjemalloc-dev 109 | roles: 110 | - role: zzet.rbenv 111 | rbenv_users: 112 | - user 113 | 114 | Dependencies 115 | ------------ 116 | 117 | none 118 | 119 | License 120 | ------- 121 | 122 | MIT 123 | 124 | Author Information 125 | ------------------ 126 | 127 | [Andrew Kumanyaev](http://github.com/zzet) 128 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rbenv: 3 | env: system 4 | version: v1.0.0 5 | default_ruby: 2.4.2 6 | rubies: 7 | - version: 2.4.2 8 | 9 | rbenv_clean_up: false 10 | 11 | rbenv_repo: "https://github.com/rbenv/rbenv.git" 12 | 13 | rbenv_plugins: 14 | - { name: "rbenv-vars", repo: "https://github.com/rbenv/rbenv-vars.git", version: "master" } 15 | - { name: "ruby-build", repo: "https://github.com/rbenv/ruby-build.git", version: "master" } 16 | - { name: "rbenv-default-gems", repo: "https://github.com/rbenv/rbenv-default-gems.git", version: "master" } 17 | - { name: "rbenv-installer", repo: "https://github.com/rbenv/rbenv-installer.git", version: "master" } 18 | - { name: "rbenv-update", repo: "https://github.com/rkh/rbenv-update.git", version: "master" } 19 | - { name: "rbenv-whatis", repo: "https://github.com/rkh/rbenv-whatis.git", version: "master" } 20 | - { name: "rbenv-use", repo: "https://github.com/rkh/rbenv-use.git", version: "master" } 21 | 22 | rbenv_root: "{% if rbenv.env == 'system' %}/usr/local/rbenv{% else %}~/.rbenv{% endif %}" 23 | 24 | rbenv_users: [] 25 | 26 | rbenv_extra_depends: [] 27 | rbenv_apt_packages: 28 | - build-essential 29 | - git 30 | - libcurl4-openssl-dev 31 | - libffi-dev 32 | - libreadline-dev 33 | - libssl-dev 34 | - libxml2-dev 35 | - libxslt1-dev 36 | - zlib1g-dev 37 | rbenv_dnf_packages: 38 | - gcc 39 | - openssl-devel 40 | - libyaml-devel 41 | - readline-devel 42 | - zlib-devel 43 | - libffi-devel 44 | - git 45 | rbenv_yum_packages: 46 | - bzip2 47 | - gcc 48 | - git 49 | - libffi-devel 50 | - libyaml-devel 51 | - openssl-devel 52 | - readline-devel 53 | - zlib-devel 54 | rbenv_user_profile: true -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/files/default-gems: -------------------------------------------------------------------------------- 1 | bundler 2 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/files/gemrc: -------------------------------------------------------------------------------- 1 | --- 2 | :sources: 3 | - https://rubygems.org 4 | install: --no-document 5 | update: --no-document 6 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/files/vars: -------------------------------------------------------------------------------- 1 | GEM_PATH=$GEM_PATH:$HOME/.gems 2 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for rbenv 3 | - name: rehash rbenv 4 | shell: RBENV_ROOT={{ rbenv_root }} rbenv rehash 5 | 6 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Thu Jul 26 06:26:25 2018', version: 3.4.0} 2 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: "Andrew Kumanyaev" 4 | description: rbenv 5 | company: Undev 6 | license: MIT 7 | min_ansible_version: 2.2.0 8 | version: 0.2 9 | 10 | platforms: 11 | - name: EL 12 | versions: 13 | # - 5 14 | - 6 15 | # - 7 16 | - name: Ubuntu 17 | versions: 18 | # - lucid # 10.04 ## package is named git-core 10.04... also geerlingguy.git doesn't support 10.04 either 19 | - precise # 12.04 20 | - saucy # 13.10 21 | - trusty # 14.04 22 | # - utopic # 14.10 23 | - name: Fedora 24 | versions: 25 | - 24 26 | categories: 27 | - development 28 | - system 29 | 30 | dependencies: [] 31 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/role.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | vars_files: 5 | - 'vars/main.yml' 6 | - 'defaults/main.yml' 7 | tasks: 8 | - import_tasks: 'tasks/main.yml' 9 | handlers: 10 | - import_tasks: 'handlers/main.yml' 11 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/apt_build_depends.yml: -------------------------------------------------------------------------------- 1 | - name: update apt cache 2 | apt: update_cache=yes cache_valid_time=86400 3 | become: true 4 | changed_when: false 5 | 6 | - name: install build depends 7 | apt: pkg={{ item }} state=present install_recommends=no 8 | with_items: 9 | - "{{ rbenv_apt_packages }}" 10 | become: true 11 | 12 | - name: install extra build depends 13 | apt: pkg={{ item }} state=present install_recommends=no 14 | with_items: 15 | - "{{ rbenv_extra_depends }}" 16 | become: true 17 | 18 | - name: Create the list of ruby versions. 19 | set_fact: 20 | rbenv_ruby_versions: "{{ rbenv_ruby_versions | default([]) }} + {{ [item.version] }}" 21 | with_items: 22 | - "{{ rbenv.rubies }}" 23 | 24 | - name: Install packages required to build Ruby 1.8.7 25 | apt: 26 | name: "{{ item }}" 27 | state: present 28 | with_items: 29 | - bison 30 | - autoconf 31 | - subversion 32 | when: "'1.8.7' in rbenv_ruby_versions" 33 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/dnf_build_depends.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install build depends 3 | dnf: name={{ item }} state=present 4 | with_items: 5 | - "{{ rbenv_dnf_packages }}" 6 | become: true 7 | 8 | - name: install build depends 9 | dnf: name={{ item }} state=present 10 | with_items: 11 | - "{{ rbenv_extra_depends }}" 12 | become: true 13 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/homebrew_build_depends.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - homebrew: name={{ item }} state=present 3 | with_items: 4 | - openssl 5 | - libyaml 6 | 7 | # required for building Ruby <= 1.9.3-p0 8 | - homebrew_tap: tap=homebrew/dupes state=present 9 | when: "{{ item.version | version_compare('1.9.3-p0', '<=') }}" 10 | with_items: "{{ rbenv.rubies }}" 11 | 12 | - homebrew: name=apple-gcc42 state=present 13 | when: "{{ item.version | version_compare('1.9.3-p0', '<=') }}" 14 | with_items: "{{ rbenv.rubies }}" 15 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: include env vars 3 | include_vars: "{{ rbenv.env }}.yml" 4 | 5 | - import_tasks: apt_build_depends.yml 6 | when: ansible_pkg_mgr == 'apt' 7 | - import_tasks: yum_build_depends.yml 8 | when: ansible_pkg_mgr == 'yum' 9 | - import_tasks: dnf_build_depends.yml 10 | when: ansible_pkg_mgr == 'dnf' 11 | # - import_tasks: pacman_build_depends.yml # Arch Linux 12 | # when: ansible_pkg_mgr == 'pacman' 13 | - import_tasks: homebrew_build_depends.yml 14 | when: ansible_os_family == 'Darwin' 15 | 16 | - name: set rbenv_owner 17 | set_fact: 'rbenv_owner={{ rbenv_owner | default("root", true) }}' 18 | 19 | - name: set tmp directory path 20 | set_fact: rbenv_tmpdir="{{ ansible_env.TMPDIR | default('/tmp') }}" 21 | when: rbenv_tmpdir is undefined 22 | 23 | - import_tasks: system_install.yml 24 | when: rbenv.env == "system" 25 | - import_tasks: user_install.yml 26 | when: rbenv.env != "system" 27 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/pacman_build_depends.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - pacman: name=base-devel state=present update_cache=yes -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/system_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: checkout rbenv_repo for system 3 | become: yes 4 | become_user: '{{ rbenv_owner }}' 5 | git: > 6 | repo={{ rbenv_repo }} 7 | dest={{ rbenv_root }} 8 | version={{ rbenv.version }} 9 | accept_hostkey=yes 10 | force=yes 11 | 12 | - name: create plugins directory for system 13 | become: yes 14 | become_user: '{{ rbenv_owner }}' 15 | file: state=directory path={{ rbenv_root }}/plugins 16 | 17 | - name: install plugins for system 18 | become: yes 19 | become_user: '{{ rbenv_owner }}' 20 | git: > 21 | repo={{ item.repo }} 22 | dest={{ rbenv_root }}/plugins/{{ item.name }} 23 | version={{ item.version }} 24 | accept_hostkey=yes 25 | force=yes 26 | with_items: "{{ rbenv_plugins }}" 27 | 28 | - name: add rbenv initialization to profile system-wide 29 | template: src=rbenv_system.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755 30 | become: yes 31 | when: 32 | - ansible_os_family != 'OpenBSD' and ansible_os_family != 'Darwin' 33 | 34 | - name: Set group ownership of content under rbenv_root 35 | shell: 36 | find '{{ rbenv_root }}' 37 | \( -iname ".git" -prune \) -o 38 | ! -group '{{ item }}' 39 | -exec chgrp -v '{{ item }}' {} + | head -n 1 40 | become: yes 41 | with_items: '{{ rbenv_group | default([]) }}' 42 | when: 43 | - rbenv_group is defined 44 | - rbenv_group != None 45 | register: rbenv_chgrp 46 | changed_when: '"changed group" in rbenv_chgrp.stdout' 47 | 48 | - name: Set group permissions of content under rbenv_root 49 | shell: 50 | find '{{ rbenv_root }}' 51 | \( -iname ".git" -prune \) -o 52 | -type d ! -perm -g+s 53 | -exec chmod -v g+rwxs {} + | head -n 1 54 | become: yes 55 | when: 56 | - rbenv_group is defined 57 | - rbenv_group != None 58 | register: rbenv_chmod 59 | changed_when: '"changed from" in rbenv_chmod.stdout' 60 | 61 | - name: check ruby versions installed for system 62 | shell: $SHELL -lc "rbenv versions --bare" 63 | register: rbenv_versions 64 | with_items: rbenv.rubies 65 | changed_when: false 66 | ignore_errors: yes 67 | failed_when: false 68 | check_mode: no 69 | 70 | - name: install ruby versions for system 71 | shell: bash -lc "rbenv install --skip-existing {{ item.version }}" 72 | become: yes 73 | with_items: 74 | - '{{ rbenv.rubies }}' 75 | environment: "{{ item.env | default({}) | combine({ 'TMPDIR': rbenv_tmpdir }) }}" 76 | 77 | - name: check which old rubies to remove for system 78 | set_fact: 79 | drop_ruby: "{{ '{'+item[0].stdout_lines|list|difference(item[1])|join(',')+'}'}}" 80 | become: yes 81 | with_nested: 82 | - "{{ rbenv_versions.results }}" 83 | - "{{ rbenv.rubies|map(attribute='version')|list }}" 84 | when: 85 | - rbenv_clean_up 86 | - item[0].stdout_lines|list != item[1] 87 | register: removable_rubies 88 | ignore_errors: yes 89 | 90 | - name: remove old rubies 91 | shell: $SHELL -lc "rm -rf {{ rbenv_root }}/versions/{{ ansible_facts.drop_ruby }}" 92 | changed_when: false 93 | become: yes 94 | when: rbenv_clean_up 95 | ignore_errors: yes 96 | 97 | - name: check if current system ruby version is {{ rbenv.default_ruby }} 98 | shell: $SHELL -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv.default_ruby }}'" 99 | register: ruby_selected 100 | changed_when: false 101 | ignore_errors: yes 102 | failed_when: false 103 | check_mode: no 104 | 105 | - name: set ruby {{ rbenv.default_ruby }} for system 106 | become: yes 107 | shell: bash -lc "rbenv global {{ rbenv.default_ruby }} && rbenv rehash" 108 | when: 109 | - ruby_selected.rc != 0 110 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/tasks/yum_build_depends.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install build depends 3 | yum: name={{ item }} state=present 4 | with_items: 5 | - "{{ rbenv_yum_packages }}" 6 | become: true 7 | 8 | - name: install extra build depends 9 | yum: name={{ item }} state=present 10 | with_items: 11 | - "{{ rbenv_extra_depends }}" 12 | become: true 13 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/templates/rbenv_system.sh.j2: -------------------------------------------------------------------------------- 1 | export PATH={{ rbenv_root }}/bin:$PATH 2 | export RBENV_ROOT="{{ rbenv_root }}" 3 | eval "$(rbenv init -)" 4 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/templates/rbenv_user.sh.j2: -------------------------------------------------------------------------------- 1 | if [ -d "$HOME/.rbenv" ]; then 2 | export PATH=$HOME/.rbenv/bin:$PATH; 3 | export RBENV_ROOT=$HOME/.rbenv; 4 | eval "$(rbenv init -)"; 5 | fi 6 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/test/integration/default/serverspec/rbenv_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | ## We'll assume a system-level install for testing purposes 4 | describe file('/usr/local/rbenv') do 5 | it { should be_directory } 6 | it { should be_owned_by 'root' } 7 | it { should be_grouped_into 'root' } 8 | end 9 | 10 | describe file('/usr/local/rbenv/bin/rbenv') do 11 | it { should be_file } 12 | it { should be_executable } 13 | it { should be_executable.by('others') } 14 | it { should be_owned_by 'root' } 15 | it { should be_grouped_into 'root' } 16 | end 17 | 18 | describe command('bash -l -c "which rbenv"') do 19 | its(:stdout) { should match /\/usr\/local\/rbenv\/bin\/rbenv/ } 20 | it { should return_exit_status 0 } 21 | end 22 | 23 | describe command('bash -l -c "rbenv --version"') do 24 | its(:stdout) { should match /0\.4\.0/ } 25 | it { should return_exit_status 0 } 26 | end -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/test/integration/helpers/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | 3 | include Serverspec::Helper::DetectOS 4 | include Serverspec::Helper::Exec 5 | 6 | RSpec.configure do |c| 7 | c.before :all do 8 | c.os = backend(Serverspec::Commands::Base).check_os 9 | end 10 | end -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/test/integration/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook deploys the wemux role for testing 3 | 4 | - hosts: test-kitchen 5 | user: root 6 | 7 | roles: 8 | - rbenv 9 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/vars/system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rbenv_root: "/usr/local/rbenv" 3 | -------------------------------------------------------------------------------- /.ansible/roles/zzet.rbenv/vars/user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rbenv_root: "~/.rbenv" 3 | -------------------------------------------------------------------------------- /.ansible/templates/ajenti_config.j2: -------------------------------------------------------------------------------- 1 | { 2 | "users": { 3 | "root": { 4 | "configs": { 5 | "ajenti.plugins.notepad.notepad.Notepad": "{\"bookmarks\": [], \"root\": \"/\"}", 6 | "ajenti.plugins.terminal.main.Terminals": "{\"shell\": \"sh -c $SHELL || bash\"}", 7 | "ajenti.plugins.logs.main.Logs": "{\"root\": \"/var/log\"}", 8 | "ajenti.plugins.dashboard.dash.Dash": "{\"widgets\": [{\"index\": 0, \"config\": null, \"container\": \"1\", \"class\": \"ajenti.plugins.sensors.memory.MemoryWidget\"}, {\"index\": 1, \"config\": null, \"container\": \"1\", \"class\": \"ajenti.plugins.sensors.memory.SwapWidget\"}, {\"index\": 2, \"config\": {\"device\": \"/\"}, \"container\": \"1\", \"class\": \"ajenti.plugins.fstab.widget.DiskSpaceWidget\"}, {\"index\": 3, \"config\": {\"device\": \"/\"}, \"container\": \"1\", \"class\": \"ajenti.plugins.fstab.widget.DiskFreeSpaceWidget\"}, {\"index\": 4, \"config\": {\"device\": \"sda1\"}, \"container\": \"1\", \"class\": \"ajenti.plugins.fstab.iops.ImmediateIOWidget\"}, {\"index\": 5, \"config\": {\"device\": \"eth0\"}, \"container\": \"1\", \"class\": \"ajenti.plugins.network.widget.TrafficWidget\"}, {\"index\": 6, \"config\": {\"device\": \"eth0\"}, \"container\": \"1\", \"class\": \"ajenti.plugins.network.widget.ImmediateTrafficWidget\"}, {\"index\": 7, \"config\": null, \"container\": \"1\", \"class\": \"ajenti.plugins.power.power.PowerWidget\"}, {\"index\": 0, \"config\": null, \"container\": \"0\", \"class\": \"ajenti.plugins.sensors.uptime.UptimeWidget\"}, {\"index\": 1, \"config\": null, \"container\": \"0\", \"class\": \"ajenti.plugins.sensors.cpu.CPUWidget\"}, {\"index\": 2, \"config\": {\"service\": \"nginx\"}, \"container\": \"0\", \"class\": \"ajenti.plugins.services.widget.ServiceWidget\"}, {\"index\": 3, \"config\": {\"service\": \"postfix\"}, \"container\": \"0\", \"class\": \"ajenti.plugins.services.widget.ServiceWidget\"}, {\"index\": 4, \"config\": {\"service\": \"redis_6379\"}, \"container\": \"0\", \"class\": \"ajenti.plugins.services.widget.ServiceWidget\"}]}", 9 | "ajenti.plugins.fm.fm.FileManager": "{\"start\": \"/\", \"root\": \"/\"}", 10 | "ajenti.users.UserManager": "{\"sync-provider\": \"\"}", 11 | "ajenti.plugins.tasks.manager.TaskManager": "{\"task_definitions\": []}" 12 | }, 13 | "password": "{{ _ajenti_pw }}", 14 | "email": "{{ _ajenti_email }}", 15 | "permissions": [] 16 | } 17 | }, 18 | 19 | "language": "", 20 | 21 | "bind": { 22 | "host": "{{ _ajenti_host }}", 23 | "port": {{ _ajenti_port }} 24 | }, 25 | 26 | "enable_feedback": false, 27 | 28 | "ssl": { 29 | "enable": true, 30 | "certificate_path": "/etc/ajenti/ajenti.pem" 31 | }, 32 | 33 | "authentication": true 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/KeyTable: -------------------------------------------------------------------------------- 1 | # https://github.com/aristofun/ansible-rails-books 2 | 3 | 4 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/SigningTable: -------------------------------------------------------------------------------- 1 | # https://github.com/aristofun/ansible-rails-books 2 | 3 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/TrustedHosts: -------------------------------------------------------------------------------- 1 | # https://github.com/aristofun/ansible-rails-books 2 | 127.0.0.1 3 | localhost 4 | 192.168.0.1/24 5 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/keys/example.com/mail.private: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpgIBAAKCAQEAw9q+exwTdgPA62qwSUSzKEwA8XxFxYzo6TPs6fgbWQlJ8xkd 3 | vhqexZBB8w3+NheV09ntMvjaqy0zdw9HG7rF6/jqO1feIuW1CmpcyeQEOzmiQuLw 4 | cWka96BfBN7N8084mdJqnvZe3kN5yp5902duXFrYvx7vTjMERDA1f1SdIZ6CgUY8 5 | XridXzG7EcPTK5YL6XvrRxRJq4QFeSJQBVk6muKtmm9a5teSqQWfmTfm02Ry7ff5 6 | AretYSD7XQpPH+gHckd6L77BNAxbtWiHMNJVENMa9WYfqEYR/Ipe1nkLOjKm8Mbk 7 | p9PmUiOuoiN/o4k4H1/GI6fdzcuOTm8vSBO2qwIDAQABAoIBAQCVXPD/ej3tNped 8 | 8dNXTSlEhhICGEAtlHTbxFndZPWWRVs8Jd9k53BGQunIrtc78Wi2E/CtetNo0CP7 9 | nI8iOqJOf5pCf5RNENmsg8kXvujrMdzpHaE5HGsQhiFw2Wo/MB9+T9Y4PLPE1bjA 10 | KXbUDoE/tZiuyKy/+nA6gHmMDb93rs5iEV4mwQsYEIzdPgJtk6oIICnpCgv3b91u 11 | Yiyqtof0hbknYILgvVZlkuYKKG4hiXoMSeGgAFx1Y8FrSVVYptenyA968Gmk+J+i 12 | MJgUdbhDy4Yo3PPbgPi4J+P5sJ6yjT2NEpfzjTv9LyzfDQRpsqrb2uAnNfe1oTXJ 13 | qlqOXvIhAoGBAP9mOpv1oj7PNW2seYLao6eeWogFnIPOnK5ZVlOZ3WcZ7WLyTAZi 14 | eIuQ2XepYbEz8xNG+j6qip/J/BAL/k9q/iAW0Uv5ThINThoSNMgYoqcO4lr9Cwi8 15 | 71rV1Neou25JG9u5AB7G6BoqGGJ2EOfFMTXrlq0MXY0ukJvRwIDA3ckPAoGBAMRQ 16 | qg+JsC9vFVWKcO+INplWp256I3A28z1Ra9b7vsSX2vnoPK7X1skfiqZIOw0Gj9y5 17 | RFdGPRfOF6tgugr3DHH8yYKBl2dlBAP+noowRWn6oJHO6anGvhkEfZ12NFHWFf6H 18 | adASG29VH1hPbPLstfGyRVFhwQdwsmV4+Se7jOClAoGBAKV9toiMd98/IR253tq9 19 | lcHtSDhPeoWmAbyvwtJVJzPBhyLQYhbZA8dbyq5RIS5TvTRGj6y/kSfNF/nF67nG 20 | WHiukFwsZTwpRux505286NhbOq0+vkGhO2+ek1ZSzXC/CsArdjp7JLafhEF4w6eL 21 | DUIlL/NdydjLzYRKO/SyBIRdAoGBALsJv30eSeZnh4QAaqlMtfhSPyNa6vi24fjB 22 | 4mTpZVAY/mCri2Vp7xGgI5FZsCkw31AEk8AzA3HywUpe1eIsjobruXHF1mKEM9c6 23 | eAJhC0F1sBY7dRR0bhmX1bZ4MFDoD/x5N68uEUV5bGvPAJZSQOcOWky3PhnAnbdg 24 | EsJwRkChAoGBANfoD2YEM1LCfhbJynjpPg1T5NMVFfNqOgp6ZJKUbS85wdeeBERm 25 | PqqyKkTLPPCzafsgq9n0fy3xWKPXNksBj1xQZRBZpU1lTQAtpgasG0elzEBNM5cE 26 | FiTK2wMy0Eygx+tiGzGHxXWUVGEkZDrjEw6oB4RrQDrPeqNuHllwUHs5 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/keys/example.com/mail.txt: -------------------------------------------------------------------------------- 1 | mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " 2 | "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9q+exwTdgPA62qwSUSzKEwA8XxFxYzo6TPs6fgbWQlJ8xkdvhqexZBB8w3+NheV09ntMvjaqy0zdw9HG7rF6/jqO1feIuW1CmpcyeQEOzmiQuLwcWka96BfBN7N8084mdJqnvZe3kN5yp5902duXFrYvx7vTjMERDA1f1SdIZ6CgUY8XridXzG7EcPTK5YL6XvrRxRJq4QFeS" 3 | "JQBVk6muKtmm9a5teSqQWfmTfm02Ry7ff5AretYSD7XQpPH+gHckd6L77BNAxbtWiHMNJVENMa9WYfqEYR/Ipe1nkLOjKm8Mbkp9PmUiOuoiN/o4k4H1/GI6fdzcuOTm8vSBO2qwIDAQAB" ) ; ----- DKIM key mail for example.com 4 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/keys/example2.com/mail.private: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEAtF/4lfovguGw0Ua8AkxJGvYCH9vLL3uHcuBLSd6OmxmKRdop 3 | 7Z/N0zfY5TBTptqcCh7TthS/uZwpq4SjLCEWnK92ZQVdUTfxb3XoSZiBRi2jsqNF 4 | fsgD5SPus82xELZ3tf6Cm1xxAI4BIOrZbfpOPsNYJ9Y4Xs7ytJexumvsi4OjKkZ7 5 | G3M+qMoRtFncm+BIRE8tI6d6K4CG2DLNqHigd0GLWeqcRNfJ4dTT/x839+21SpPh 6 | qy8kGZ/aNYmS+2nOdMc7p26BW5QQVNAQEIhNa2LvXiCEtCL7YaE9drUkrvzrPM2i 7 | kOwaHE+yyxxO0nye4daIdh0z1HFKZ9u0w/4AdQIDAQABAoIBADPwzuyhNr1BsGET 8 | NWCUBxk0bjguWrw5ni9+Vy/WXspa+G5U/G3o7qQ8GMEmwW/y06w2ZFCyeONCDN3P 9 | PA2hGZnVDQraGJ0ituuZ0GIhAFjtG459Za20eyqoxjwQp0RgxugpegKzA/dc7QZF 10 | mocI5S89oU0XavQiM9G9PPipy1wA+EyirZfuMGOcErRwHd/o4UAEOE644jPmHwKs 11 | Eh8S52eYkAl71giAKG6bsY9JD+gNA1J5znL+jqBKi59bIVhRDxXZmzOYPfg8/Yqo 12 | PMM/a0IyCsTmO7GW6VQoPOfK0CPjasWWpkh+qyhtmZ2W6CxqJLYK1y2nkFeSYI+7 13 | nbG29wECgYEA3sCH2xOabZ3HRFTdLs5C1m891uxcIw/wp1F2y/k5clVjSvbdSGDK 14 | kXgoZFqKrTwEgVBKMihErRsayJ4spW/i+QGRsW6Q7niRIGOwSEolu3yBob/ve0CO 15 | dAkp0XAxUo5rQBYCckCDpAga34C6+PS8IySyitRiORCXApiOlM24O50CgYEAz0wv 16 | yCXbF1cF+OH/vYnOeu+UwDNfFBXqH28kxb0RuxEMROrCPO8lMNVFH0wZtSaFGfCP 17 | V97DzzyvqglvXezyD2oxSxnj9Ix6/bqRhI2uOqkjUyq2SsiENgWk4K9Eqaqq3Q6u 18 | z/WeIR6dMcTIyS2zOoP00m8Rf2OO21594q8g3LkCgYAe12V4DcTJ/JiEe4OMYX6b 19 | lhdn1J4FNMXLRNo/76fmjrAKxxdoWA50CcD99BNTXQX6qZU8UJsBpMkWkd/4n/87 20 | Ht5/RKHIguUFKQhVWf7TcK+6J4sO86dFpacmmnQZzCJJY0K/cvNHGOAvpfE9WxVZ 21 | gFFAK5vV7tgZwemr7LffeQKBgFeU/8cXP2awDMTnby58T7GfEYDW83+/9ofLZITq 22 | 6dfYTw+7A8/M1jC4mpirhV0E5k1cVqOwaZhgMnOrwtKzLl4W5ratPKNwyvHyZlLT 23 | rV35YgRcUmJsL3fHkK6hPmhUxBXbgz43rtSdY5rIYnClD0lUwRY7ePASdyP120fv 24 | 5/l5AoGAD+98ZdVD6L9dsvNlsZZ7bf1uMSBBzDrv4WlXFjbrCNiICRZ+G9HU1/XQ 25 | klGAdoEwkrb0OD3PJQBAOApNxLGev1+db0Y5hwr9KOUcxv9VBkYnkZJLJXLfBJ8P 26 | Lxw6jkAHUwF+z2Ir9VP+Cs/wr4hnQbSOlc8mWjhIKW8HCMaQ42w= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/keys/example2.com/mail.txt: -------------------------------------------------------------------------------- 1 | mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " 2 | "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF/4lfovguGw0Ua8AkxJGvYCH9vLL3uHcuBLSd6OmxmKRdop7Z/N0zfY5TBTptqcCh7TthS/uZwpq4SjLCEWnK92ZQVdUTfxb3XoSZiBRi2jsqNFfsgD5SPus82xELZ3tf6Cm1xxAI4BIOrZbfpOPsNYJ9Y4Xs7ytJexumvsi4OjKkZ7G3M+qMoRtFncm+BIRE8tI6d6K4CG2D" 3 | "LNqHigd0GLWeqcRNfJ4dTT/x839+21SpPhqy8kGZ/aNYmS+2nOdMc7p26BW5QQVNAQEIhNa2LvXiCEtCL7YaE9drUkrvzrPM2ikOwaHE+yyxxO0nye4daIdh0z1HFKZ9u0w/4AdQIDAQAB" ) ; ----- DKIM key mail for example2.com 4 | -------------------------------------------------------------------------------- /.ansible/templates/dkim/opendkim.conf: -------------------------------------------------------------------------------- 1 | AutoRestart Yes 2 | AutoRestartRate 10/1h 3 | UMask 002 4 | Syslog yes 5 | SyslogSuccess No 6 | LogWhy No 7 | 8 | Canonicalization relaxed/simple 9 | 10 | ExternalIgnoreList refile:/etc/opendkim/TrustedHosts 11 | InternalHosts refile:/etc/opendkim/TrustedHosts 12 | KeyTable refile:/etc/opendkim/KeyTable 13 | SigningTable refile:/etc/opendkim/SigningTable 14 | 15 | Mode sv 16 | PidFile /var/run/opendkim/opendkim.pid 17 | SignatureAlgorithm rsa-sha256 18 | 19 | UserID opendkim:opendkim 20 | -------------------------------------------------------------------------------- /.ansible/templates/nginx/app_virtualhost.conf.j2: -------------------------------------------------------------------------------- 1 | # TODO: copy SSL autoredirect logic from staticsite-1.yml if necessary 2 | 3 | server { 4 | listen 80; 5 | server_name {{ _app.url }} www.{{ _app.url }}; 6 | root {{ _app.path }}/current/public; 7 | 8 | {% if letsencrypt %} 9 | include /etc/nginx/certbot_{{ _app.name }}.conf; 10 | {% endif %} 11 | 12 | passenger_ruby /home/{{ _remote_user }}/.rbenv/versions/{{ _ruby }}/bin/ruby; 13 | passenger_enabled on; 14 | 15 | # passenger_max_requests 10000; 16 | # passenger_max_instances 1; 17 | # passenger_min_instances 0; 18 | 19 | rails_env staging; 20 | 21 | error_log /var/log/nginx/{{ _app.name }}_error.log; 22 | access_log /var/log/nginx/{{ _app.name }}_access.log; 23 | 24 | error_page 404 /pages/404.html; 25 | error_page 500 502 503 504 /pages/500.html; 26 | 27 | # http://tweaked.io/guide/nginx/ 28 | location ~* \.(jpg|jpeg|gif|png|ico|xml)$ { 29 | access_log off; 30 | log_not_found off; 31 | expires 2d; 32 | } 33 | 34 | location ^~ /assets/ { 35 | gzip_static on; 36 | expires max; 37 | add_header Cache-Control public; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /.ansible/templates/nginx/certbot.j2: -------------------------------------------------------------------------------- 1 | # ======= SSL options ================ 2 | # https://serverfault.com/questions/270339/nginx-force-ssl-on-one-path-non-ssl-on-others 3 | # https://www.digitalocean.com/community/questions/best-way-to-configure-nginx-ssl-force-http-to-redirect-to-https-force-www-to-non-www-on-serverpilot-free-plan-by-using-nginx-configuration-file-only 4 | # https://gist.github.com/nrollr/9a39bb636a820fb97eec2ed85e473d38 5 | 6 | listen 443 ssl; 7 | listen [::]:443 ssl; 8 | ssl_certificate /etc/letsencrypt/live/{{ _ssl_domains.0.domains[0] }}/fullchain.pem; 9 | ssl_certificate_key /etc/letsencrypt/live/{{ _ssl_domains.0.domains[0] }}/privkey.pem; 10 | 11 | # Improve HTTPS performance with session resumption 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:40m; 14 | ssl_session_tickets off; # https://github.com/mozilla/server-side-tls/issues/135 15 | 16 | # Disable SSLv3 17 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 18 | 19 | # Enable server-side protection against BEAST attacks 20 | ssl_prefer_server_ciphers on; 21 | ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; 22 | 23 | # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security) 24 | add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 25 | 26 | ssl_stapling on; 27 | ssl_stapling_verify on; 28 | ssl_trusted_certificate /etc/letsencrypt/live/{{ _ssl_domains.0.domains[0] }}/chain.pem; 29 | 30 | #resolver 8.8.8.8 8.8.4.4 valid=300s; 31 | #resolver_timeout 5s; 32 | # ======= / SSL options ================ 33 | -------------------------------------------------------------------------------- /.ansible/templates/nginx/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | user {{ _nginx_user }}; 2 | worker_processes {{ ansible_processor_vcpus | default(ansible_processor_count) }}; 3 | pid /run/nginx.pid; 4 | 5 | include /etc/nginx/modules-enabled/*.conf; 6 | 7 | events { 8 | worker_connections 768; 9 | # multi_accept on; 10 | } 11 | 12 | http { 13 | 14 | client_max_body_size 10M; 15 | 16 | ## 17 | # Basic Settings 18 | ## 19 | sendfile on; 20 | tcp_nopush on; 21 | tcp_nodelay on; 22 | keepalive_timeout 65; 23 | types_hash_max_size 2048; 24 | # server_tokens off; 25 | # server_names_hash_bucket_size 64; 26 | # server_name_in_redirect off; 27 | include /etc/nginx/mime.types; 28 | default_type application/octet-stream; 29 | 30 | # file cache 31 | open_file_cache max=1000 inactive=20s; 32 | open_file_cache_valid 60s; 33 | open_file_cache_min_uses 4; 34 | open_file_cache_errors off; 35 | 36 | 37 | ## 38 | # Logging Settings 39 | ## 40 | 41 | access_log /var/log/nginx/access.log; 42 | error_log /var/log/nginx/error.log; 43 | 44 | ## 45 | # Gzip Settings 46 | ## 47 | 48 | gzip on; 49 | gzip_disable "msie6"; 50 | 51 | # gzip_vary on; 52 | # gzip_proxied any; 53 | # gzip_comp_level 6; 54 | # gzip_buffers 16 8k; 55 | # gzip_http_version 1.1; 56 | # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 57 | 58 | ## 59 | # nginx-naxsi config 60 | ## 61 | # Uncomment it if you installed nginx-naxsi 62 | ## 63 | # include /etc/nginx/naxsi_core.rules; 64 | 65 | # Phusion Passenger configs must be here 66 | include /etc/nginx/conf.d/*.conf; 67 | include /etc/nginx/passenger.conf; 68 | 69 | ## 70 | # Virtual Host Configs 71 | ## 72 | include /etc/nginx/sites-enabled/*; 73 | } -------------------------------------------------------------------------------- /.ansible/templates/nginx/passenger.j2: -------------------------------------------------------------------------------- 1 | 2 | passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini; 3 | # passenger_ruby /usr/bin/passenger_free_ruby; # should be define in App virtualhost.conf 4 | 5 | passenger_max_pool_size {{ _passenger_max_pool_size }}; 6 | passenger_pool_idle_time {{ _passenger_pool_idle_time }}; 7 | passenger_max_instances_per_app {{ _passenger_max_instances_per_app }}; 8 | 9 | passenger_log_level {{ _passenger_log_level }}; 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.ansible/templates/nginx/staticsite_virtualhost.conf.j2: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | listen [::]:80; 4 | 5 | server_name www.{{ _site.url }}; 6 | 7 | {% if letsencrypt %} 8 | 9 | server_name *.{{ _site.url }} {{ _site.url }}; 10 | return 301 https://{{ _site.url }}$request_uri; 11 | 12 | {% else %} 13 | return 301 http://{{ _site.url }}$request_uri; 14 | {% endif %} 15 | } 16 | 17 | 18 | # http -> https redirect code START ============= 19 | server { 20 | {% if letsencrypt %} 21 | include /etc/nginx/certbot_{{ _site.name }}.conf; 22 | {% endif %} 23 | 24 | server_name www.{{ _site.url }}; 25 | return 301 https://{{ _site.url }}$request_uri; 26 | } 27 | # http -> https redirect code END ============= 28 | 29 | 30 | server { 31 | {% if letsencrypt %} 32 | include /etc/nginx/certbot_{{ _site.name }}.conf; 33 | {% else %} 34 | listen 80; 35 | listen [::]:80; 36 | {% endif %} 37 | 38 | server_name {{ _site.url }}; 39 | root {{ _site.www_path }}; 40 | 41 | {% if letsencrypt %} 42 | {% endif %} 43 | 44 | error_log {{ _site.logs_path }}/error.log; 45 | access_log off; #{{ _site.logs_path }}/access.log; 46 | 47 | error_page 404 /404.html; 48 | error_page 500 502 503 504 /500.html; 49 | 50 | # http://tweaked.io/guide/nginx/ 51 | location ~* \.(xml|html|json|htm)$ { 52 | gzip_static on; 53 | access_log off; 54 | log_not_found off; 55 | expires 8h; 56 | add_header Cache-Control public; 57 | } 58 | 59 | location ~* \.(jpg|jpeg|gif|png|ico|css|js)$ { 60 | gzip_static on; 61 | access_log off; 62 | log_not_found off; 63 | expires 2d; 64 | add_header Cache-Control public; 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /.ansible/templates/postfix_aliases.j2: -------------------------------------------------------------------------------- 1 | # See man 5 aliases for format 2 | postmaster: {{ _system_emailalias }} 3 | root: {{ _system_emailalias }} 4 | {{ _remote_user }}: {{ _system_emailalias }} 5 | 6 | -------------------------------------------------------------------------------- /.ansible/templates/ssh/demo_key1.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa ZfxhkQ2PvAWqWwexIYjKvg1eueVoifiIChoH6c8zMO67qpTuECyzcFS3IFOB2zl91DigSLpliqjzwaH02gJbFhq9FLtRj+RIG8743dn/qb0hjwFP8wIYUZD2pZZdaDkR1== yourmail1@example.com 2 | -------------------------------------------------------------------------------- /.ansible/templates/ssh/demo_key2.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa ArMFVNi+DhGwi3vG2+Kki/nkY/yTJrTvMBYrbLTqAMZx5ViDQ6xyEb3RBdNxZ5scaAWu/B0ttgH2LMd/k+BkdECHN4OociWRYMMgywEOC7j user2@somecomputer -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore all logfiles and tempfiles. 8 | /log/* 9 | /tmp/* 10 | !/log/.keep 11 | !/tmp/.keep 12 | .ansible/books/test.yml -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | # Your ansible inventory "root" path 3 | inventory = .ansible/hosts.yml 4 | 5 | # Where to look for and install ansible-galaxy roles 6 | roles_path = .ansible/roles/ 7 | 8 | # To avoid annoying ssh "... trust new host (yes/no)?" 9 | host_key_checking = False 10 | 11 | # Don't create ansible tmp files during execution 12 | retry_files_enabled = False 13 | 14 | [ssh_connection] 15 | ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s 16 | 17 | [privilege_escalation] 18 | # Uncomment for autoasking sudo password 19 | # become_ask_pass = True 20 | 21 | # ----------------------------------------------------- 22 | # 23 | # Some more useful settings, see 24 | # https://docs.ansible.com/ansible/2.6/installation_guide/intro_configuration.html 25 | # 26 | #library = /usr/share/my_modules/ 27 | #module_utils = /usr/share/my_module_utils/ 28 | #remote_tmp = ~/.ansible/tmp 29 | #local_tmp = ~/.ansible/tmp 30 | #plugin_filters_cfg = /etc/ansible/plugin_filters.yml 31 | #forks = 5 32 | #poll_interval = 15 33 | #sudo_user = root 34 | #ask_pass = True 35 | #transport = smart 36 | #remote_port = 22 37 | #module_lang = C 38 | #module_set_locale = False 39 | 40 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | # Sample rails database.yml file 2 | # DO NOT PUT IT IN YOUR REPO! 3 | # 4 | 5 | default: &default 6 | adapter: postgresql 7 | pool: 5 8 | encoding: UTF-8 9 | template: template0 10 | collation: ru_RU.UTF-8 11 | ctype: ru_RU.UTF-8 12 | 13 | production: 14 | <<: *default 15 | database: my_production_database 16 | username: my_production_pg_user 17 | password: 123123 18 | 19 | staging: 20 | <<: *default 21 | database: my_staging_database 22 | username: my_staging_user 23 | password: 321321 24 | -------------------------------------------------------------------------------- /config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Sample rails secrets.yml file 2 | # DO NOT PUT IT IN YOUR REPO! 3 | # 4 | 5 | development: 6 | secret_key_base: e7e00001b654149fac1a09396fa82cdb5166e7e3d1ecdf2ece290cf7a8 7 | 8 | test: 9 | secret_key_base: eb03435c078eadb7df0d4b2eeda9d7b1ffbf2dde8219d16ee95e15f59f 10 | 11 | production: 12 | secret_key_base: 67424d15f1674707c76f50b0aa0d147c15c1a64777da8a92eec923721786f80ed 13 | 14 | staging: 15 | secret_key_base: 67424d15f16f50b0aa0d147c15c1a64777da85eec923721786f80ed74707c76 16 | --------------------------------------------------------------------------------