├── group_vars └── all ├── roles ├── ruby │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── git │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── grafana │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── grafana.ini.j2 ├── jenkins │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── mysql-client │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── wkhtmltopdf │ └── tasks │ │ └── main.yml ├── newrelic │ ├── templates │ │ └── newrelic-infra.yml.j2 │ └── tasks │ │ └── main.yml ├── phantomjs │ └── tasks │ │ └── main.yml ├── redis │ └── tasks │ │ └── main.yml ├── mysql-server │ └── tasks │ │ └── main.yml ├── nginx │ ├── handlers │ │ └── main.yml │ ├── templates │ │ ├── nginx-stats.conf.j2 │ │ ├── http.conf.j2 │ │ ├── nginx.conf.j2 │ │ └── app.conf.j2 │ └── tasks │ │ └── main.yml ├── puma │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── puma.service.j2 │ │ └── puma.rb.j2 ├── unicorn │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── unicorn.j2 │ │ └── unicorn.rb.j2 ├── jre │ └── tasks │ │ └── main.yml ├── influxdb │ ├── handlers │ │ └── main.yml │ ├── templates │ │ ├── logrotate.j2 │ │ └── influx.conf │ └── tasks │ │ └── main.yml ├── rails │ ├── meta │ │ └── main.yml │ ├── templates │ │ └── logrotate.j2 │ └── tasks │ │ └── main.yml ├── dev │ └── tasks │ │ └── main.yml ├── imagemagick │ └── tasks │ │ └── main.yml ├── yarn │ └── tasks │ │ └── main.yml ├── postgresql-server │ └── tasks │ │ └── main.yml ├── sidekiq │ ├── templates │ │ └── sidekiq.service.j2 │ └── tasks │ │ └── main.yml ├── postgresql-client │ └── tasks │ │ └── main.yml ├── deploy │ └── tasks │ │ └── main.yml ├── nodejs │ └── tasks │ │ └── main.yml └── rails-deploy │ └── tasks │ └── main.yml ├── .gitignore ├── deploy_demo.yml ├── aws_ec2.yml ├── ansible.cfg ├── provision_demo.yml ├── Vagrantfile └── README.md /group_vars/all: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /roles/ruby/defaults/main.yml: -------------------------------------------------------------------------------- 1 | ruby_version: 2.2.2 2 | -------------------------------------------------------------------------------- /roles/git/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - { role: dev } 4 | -------------------------------------------------------------------------------- /roles/grafana/defaults/main.yml: -------------------------------------------------------------------------------- 1 | app_name: grafana 2 | app_port: 3000 3 | -------------------------------------------------------------------------------- /roles/jenkins/defaults/main.yml: -------------------------------------------------------------------------------- 1 | app_name: jenkins 2 | app_port: 8080 3 | -------------------------------------------------------------------------------- /roles/ruby/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - { role: dev } 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | inventory/production/* 3 | provision_* 4 | deploy_* 5 | -------------------------------------------------------------------------------- /roles/mysql-client/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - { role: dev } 4 | -------------------------------------------------------------------------------- /roles/wkhtmltopdf/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: updates apt 2 | apt: pkg=wkhtmltopdf 3 | -------------------------------------------------------------------------------- /roles/git/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install git 3 | apt: pkg=git state=present 4 | -------------------------------------------------------------------------------- /roles/newrelic/templates/newrelic-infra.yml.j2: -------------------------------------------------------------------------------- 1 | license_key: {{ new_relic_license_key }} 2 | -------------------------------------------------------------------------------- /roles/phantomjs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs package 3 | apt: pkg=phantomjs 4 | -------------------------------------------------------------------------------- /roles/redis/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs redis 3 | apt: pkg=redis-server 4 | -------------------------------------------------------------------------------- /roles/mysql-server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs mysql 3 | apt: pkg=mysql-server 4 | -------------------------------------------------------------------------------- /roles/nginx/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart nginx 2 | service: name=nginx state=restarted 3 | -------------------------------------------------------------------------------- /roles/puma/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart puma 2 | service: name=puma state=restarted 3 | -------------------------------------------------------------------------------- /roles/unicorn/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart unicorn 2 | service: name=unicorn state=restarted 3 | -------------------------------------------------------------------------------- /roles/mysql-client/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs mysql lib 3 | apt: pkg=libmysqlclient-dev 4 | -------------------------------------------------------------------------------- /roles/jre/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs java runtime environment 7 3 | apt: pkg=openjdk-7-jre 4 | -------------------------------------------------------------------------------- /roles/grafana/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart grafana 3 | service: name=grafana-server state=restarted 4 | -------------------------------------------------------------------------------- /roles/influxdb/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart influxdb 3 | service: name=influxdb state=restarted 4 | -------------------------------------------------------------------------------- /deploy_demo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: web 3 | vars: 4 | ansible_user: "{{ user }}" 5 | roles: 6 | - rails-deploy 7 | -------------------------------------------------------------------------------- /roles/rails/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - { role: ruby } 4 | - { role: nodejs } 5 | - { role: deploy } 6 | -------------------------------------------------------------------------------- /roles/dev/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: install compilation packages 2 | apt: 3 | name: 4 | - autoconf 5 | - build-essential 6 | update_cache: yes 7 | -------------------------------------------------------------------------------- /roles/imagemagick/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs imagemagick 3 | apt: pkg=imagemagick 4 | 5 | - name: install imagemagick lib 6 | apt: pkg=libmagickwand-dev 7 | -------------------------------------------------------------------------------- /aws_ec2.yml: -------------------------------------------------------------------------------- 1 | plugin: amazon.aws.aws_ec2 2 | aws_profile: 3 | regions: 4 | - 5 | keyed_groups: 6 | - key: 'security_groups|json_query("[].group_name")' 7 | prefix: 'security_group' 8 | -------------------------------------------------------------------------------- /roles/nginx/templates/nginx-stats.conf.j2: -------------------------------------------------------------------------------- 1 | server { 2 | server_name localhost; 3 | listen 80; 4 | location /nginx_status { 5 | stub_status on; 6 | access_log off; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /roles/rails/templates/logrotate.j2: -------------------------------------------------------------------------------- 1 | {{ app_path }}/log/*.log { 2 | daily 3 | missingok 4 | rotate 7 5 | compress 6 | delaycompress 7 | notifempty 8 | copytruncate 9 | } 10 | -------------------------------------------------------------------------------- /roles/influxdb/templates/logrotate.j2: -------------------------------------------------------------------------------- 1 | /var/log/influxdb/influxd.log 2 | daily 3 | missingok 4 | rotate 7 5 | compress 6 | delaycompress 7 | notifempty 8 | copytruncate 9 | } 10 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | transport = ssh 3 | host_key_checking = False 4 | forks = 5 5 | 6 | [ssh_connection] 7 | ssh_args = -o ForwardAgent=yes 8 | pipelining = True 9 | 10 | [privilege_escalation] 11 | become_flags = -HE 12 | 13 | [inventory] 14 | enable_plugins = yaml, aws_ec2 15 | -------------------------------------------------------------------------------- /roles/yarn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: add yarn apt-key 2 | apt_key: url="https://dl.yarnpkg.com/debian/pubkey.gpg" 3 | 4 | - name: add yarn repository 5 | apt_repository: repo='deb https://dl.yarnpkg.com/debian/ stable main' update_cache=yes 6 | 7 | - name: install yarn 8 | apt: name=yarn state=latest 9 | -------------------------------------------------------------------------------- /provision_demo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: database 3 | become: true 4 | roles: 5 | - postgresql-server 6 | 7 | - hosts: web 8 | become: true 9 | vars: 10 | node_version: 12.16.3 11 | ruby_version: 2.6.3 12 | roles: 13 | - git 14 | - yarn 15 | - postgresql-client 16 | - rails 17 | - puma 18 | - nginx 19 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: add jenkins apt-key 2 | apt_key: url="http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key" 3 | 4 | - name: add jenkins repository 5 | apt_repository: repo='deb http://pkg.jenkins-ci.org/debian binary/' update_cache=yes 6 | 7 | - name: install jenkins 8 | apt: name=jenkins state=latest 9 | 10 | - name: restart jenkins 11 | service: name=jenkins state=restarted 12 | -------------------------------------------------------------------------------- /roles/nginx/templates/http.conf.j2: -------------------------------------------------------------------------------- 1 | log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$host" "$http_user_agent"'; 2 | 3 | gzip_vary on; 4 | gzip_proxied any; 5 | gzip_types text/plain text/html application/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml application/json; 6 | 7 | server_tokens off; 8 | -------------------------------------------------------------------------------- /roles/postgresql-server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs psql 3 | apt: pkg=postgresql 4 | 5 | - name: installs extensions 6 | apt: pkg=postgresql-contrib 7 | 8 | - name: install psycopg2 9 | apt: pkg=python-psycopg2 10 | 11 | - name: grants access for database to user 12 | become_user: postgres 13 | postgresql_user: name={{ user }} role_attr_flags=SUPERUSER,LOGIN,CREATEDB password=password state=present 14 | when: user is defined 15 | -------------------------------------------------------------------------------- /roles/sidekiq/templates/sidekiq.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Sidekiq 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | 8 | # Preferably configure a non-privileged user 9 | User={{ user }} 10 | WorkingDirectory={{ app_path }} 11 | Environment=MALLOC_ARENA_MAX=2 12 | ExecStart=/bin/bash -c 'source ~/.bash_profile && bundle exec sidekiq -e {{ rails_env }} -L log/sidekiq.log' 13 | Restart=always 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /roles/sidekiq/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: installs sidekiq 2 | command: gem install sidekiq creates=/usr/local/bin/sidekiq 3 | 4 | - name: adds sidekiq systemd script 5 | template: src=sidekiq.service.j2 dest=/etc/systemd/system/sidekiq.service mode=755 6 | 7 | - name: reload systemd 8 | command: systemctl daemon-reload 9 | 10 | - name: enable sidekiq service 11 | command: systemctl enable sidekiq.service 12 | 13 | - name: start sidekiq service 14 | command: systemctl start sidekiq.service 15 | -------------------------------------------------------------------------------- /roles/postgresql-client/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable pg asc key 3 | apt_key: 4 | url: https://www.postgresql.org/media/keys/ACCC4CF8.asc 5 | state: present 6 | 7 | - name: setup pg repo reference 8 | apt_repository: 9 | repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main 11" 10 | state: present 11 | 12 | - name: installs postgresql lib 13 | apt: pkg=libpq-dev update_cache=yes 14 | 15 | - name: installs posgresql client 16 | apt: pkg=postgresql-client update_cache=yes 17 | -------------------------------------------------------------------------------- /roles/influxdb/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: downloads package 2 | get_url: url=http://s3.amazonaws.com/influxdb/influxdb_0.9.2.1_amd64.deb dest=/var/local/influxdb_0.9.2_amd64.deb 3 | 4 | - name: installs package 5 | command: dpkg -i /var/local/influxdb_0.9.2.1_amd64.deb creates=/etc/init.d/influxdb 6 | 7 | - name: adds influxdb conf 8 | template: src=influx.conf dest=/etc/opt/influxdb/influxdb.conf force=true 9 | notify: restart influxdb 10 | 11 | - name: configures logrotate 12 | template: src=logrotate.j2 dest=/etc/logrotate.d/app mode=644 13 | -------------------------------------------------------------------------------- /roles/grafana/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: installs dependencies 2 | apt: pkg={{item}} 3 | with_items: 4 | - adduser 5 | - libfontconfig 6 | 7 | - name: downloads package 8 | get_url: url=https://grafanarel.s3.amazonaws.com/builds/grafana_2.1.0_amd64.deb dest=/var/local/grafana_2.1.0_amd64.deb 9 | 10 | - name: installs package 11 | command: dpkg -i /var/local/grafana_2.1.0_amd64.deb creates=/etc/init.d/grafana 12 | notify: restart grafana 13 | 14 | - name: adds confif 15 | template: src=grafana.ini.j2 dest=/etc/grafana/grafana.ini force=true 16 | notify: restart grafana 17 | -------------------------------------------------------------------------------- /roles/unicorn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: installs unicorn 2 | command: gem install unicorn creates=/usr/local/bin/unicorn 3 | 4 | - name: adds unicorn init script 5 | template: src=unicorn.j2 dest=/etc/init.d/unicorn mode=755 6 | 7 | - name: adds unicorn app conf 8 | template: src=unicorn.rb.j2 dest={{ app_path }}/config/unicorn.rb mode=644 9 | notify: restart unicorn 10 | 11 | - name: creates unicorn pid folder 12 | file: path={{app_path}}/tmp/pids owner={{user}} group={{user}} state=directory 13 | 14 | - name: adds unicorn to upstart 15 | command: update-rc.d -f unicorn defaults 16 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! 5 | VAGRANTFILE_API_VERSION = "2" 6 | 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 8 | box = ENV['VAGRANT_BOX'] || "precise32" 9 | config.vm.box = box 10 | config.vm.network "forwarded_port", guest: 80, host: 8080 11 | config.vm.provision "ansible" do |ansible| 12 | ansible.limit = 'all' 13 | ansible.inventory_path = "inventory/development" 14 | ansible.playbook = "#{ENV['PLAYBOOK']}.yml" 15 | end 16 | config.ssh.forward_agent = true 17 | end 18 | -------------------------------------------------------------------------------- /roles/deploy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: creates deploy user 2 | user: name={{user}} shell=/bin/bash 3 | 4 | - name: sets home owner 5 | file: owner={{user}} path=/home/{{user}} recurse=yes state=directory 6 | 7 | - name: add environment variables to bash profile 8 | lineinfile: dest=/home/{{ user }}/.bash_profile create=true regexp={{ item.key }} line='export {{ item.key }}={{ item.value }}' 9 | with_dict: "{{ environment_variables }}" 10 | when: environment_variables is defined 11 | 12 | - name: creates apps directory 13 | file: path=/var/local/apps/ owner={{user}} group={{user}} state=directory 14 | 15 | - authorized_key: user={{user}} key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}" 16 | -------------------------------------------------------------------------------- /roles/nginx/templates/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes auto; 3 | pid /run/nginx.pid; 4 | include /etc/nginx/modules-enabled/*.conf; 5 | 6 | events { 7 | worker_connections 1536; 8 | } 9 | 10 | http { 11 | sendfile on; 12 | tcp_nopush on; 13 | tcp_nodelay on; 14 | keepalive_timeout 65; 15 | types_hash_max_size 2048; 16 | include /etc/nginx/mime.types; 17 | default_type application/octet-stream; 18 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE 19 | ssl_prefer_server_ciphers on; 20 | access_log /var/log/nginx/access.log; 21 | error_log /var/log/nginx/error.log; 22 | gzip on; 23 | include /etc/nginx/conf.d/*.conf; 24 | include /etc/nginx/sites-enabled/*; 25 | } 26 | -------------------------------------------------------------------------------- /roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs nginx 3 | apt: pkg=nginx 4 | 5 | - name: removes the default app 6 | command: rm -f /etc/nginx/sites-enabled/default 7 | 8 | - name: adds nginx conf 9 | template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf force=true 10 | notify: restart nginx 11 | 12 | - name: adds http conf 13 | template: src=http.conf.j2 dest=/etc/nginx/conf.d/http.conf force=true 14 | notify: restart nginx 15 | 16 | - name: adds app conf 17 | template: src=app.conf.j2 dest=/etc/nginx/sites-enabled/{{app_name}} force=true 18 | notify: restart nginx 19 | 20 | - name: enable nginx stats 21 | template: src=nginx-stats.conf.j2 dest=/etc/nginx/sites-enabled/nginx-stats.conf 22 | notify: restart nginx 23 | -------------------------------------------------------------------------------- /roles/puma/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: installs puma 2 | command: gem install puma creates=/usr/local/bin/puma 3 | 4 | - name: adds puma app conf 5 | template: src=puma.rb.j2 dest={{ app_path }}/config/puma.provisioned.rb mode=644 6 | notify: restart puma 7 | 8 | - name: creates puma pid folder 9 | file: path={{app_path}}/tmp/pids owner={{user}} group={{user}} state=directory 10 | 11 | - name: adds puma systemd script 12 | template: src=puma.service.j2 dest=/etc/systemd/system/puma.service mode=755 13 | 14 | - name: reload systemd 15 | command: systemctl daemon-reload 16 | 17 | - name: enable puma service 18 | command: systemctl enable puma.service 19 | 20 | - name: start puma service 21 | command: systemctl start puma.service 22 | -------------------------------------------------------------------------------- /roles/newrelic/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: adds configuration file 3 | template: src=newrelic-infra.yml.j2 dest=/etc/newrelic-infra.yml force=true 4 | notify: restart newrelic-infra 5 | 6 | - name: enable new relic gpg key 7 | apt_key: 8 | url: https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg 9 | state: present 10 | 11 | - name: setup agent repo reference 12 | apt_repository: 13 | repo: "deb [arch=amd64] https://download.newrelic.com/infrastructure_agent/linux/apt xenial main" 14 | state: present 15 | 16 | - name: install agent 17 | apt: 18 | name: "newrelic-infra" 19 | update_cache: yes 20 | 21 | - name: setup agent service 22 | service: name=newrelic-infra state=started enabled=yes 23 | -------------------------------------------------------------------------------- /roles/puma/templates/puma.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Puma HTTP Server 3 | After=network.target 4 | 5 | # Uncomment for socket activation (see below) 6 | # Requires=puma.socket 7 | 8 | [Service] 9 | # Foreground process (do not use --daemon in ExecStart or config.rb) 10 | Type=simple 11 | 12 | # Preferably configure a non-privileged user 13 | User={{ user }} 14 | 15 | # The path to the puma application root 16 | WorkingDirectory={{ app_path }} 17 | 18 | # Helpful for debugging socket activation, etc. 19 | # Environment=PUMA_DEBUG=1 20 | 21 | # The command to start Puma. 22 | ExecStart=/bin/bash -c 'source ~/.bash_profile && bundle exec puma -C config/puma.provisioned.rb' 23 | 24 | Restart=always 25 | 26 | [Install] 27 | WantedBy=multi-user.target 28 | -------------------------------------------------------------------------------- /roles/nodejs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs dependencies 3 | apt: 4 | pkg: 5 | - python 6 | 7 | - name: downloads node source code 8 | get_url: url=https://nodejs.org/dist/v{{node_version}}/node-v{{node_version}}.tar.gz dest=/var/local/node-v{{node_version}}.tar.gz 9 | 10 | - name: extracts node source code 11 | command: tar -xvzf /var/local/node-v{{node_version}}.tar.gz chdir=/var/local creates=/var/local/node-v{{node_version}} 12 | 13 | - name: configures node 14 | command: ./configure chdir=/var/local/node-v{{node_version}} creates=/var/local/node-v{{node_version}}/config.gypi 15 | 16 | - name: compiles node 17 | command: make chdir=/var/local/node-v{{node_version}} creates=/var/local/node-v{{node_version}}/node 18 | 19 | - name: installs node 20 | command: make install chdir=/var/local/node-v{{node_version}} 21 | -------------------------------------------------------------------------------- /roles/rails-deploy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: update project source 2 | git: repo={{repository}} dest={{app_path}} accept_hostkey=yes version={{branch | default('master')}} 3 | 4 | - name: install gems with bundler 5 | command: bundle install --deployment chdir={{ app_path }} 6 | register: bundler 7 | 8 | - name: migrate the database 9 | shell: . ~/.bash_profile && bundle exec rails db:create db:migrate RAILS_ENV={{ rails_env }} chdir={{ app_path }} 10 | run_once: true 11 | 12 | - name: compile assets 13 | shell: . ~/.bash_profile && bundle exec rails assets:precompile RAILS_ENV={{ rails_env }} chdir={{ app_path }} 14 | 15 | - name: check for puma pid 16 | stat: path={{ app_path }}/tmp/pids/puma.pid 17 | register: puma_pid_file 18 | 19 | - name: registers puma pid 20 | command: cat tmp/pids/puma.pid chdir={{ app_path }} 21 | register: puma_pid 22 | when: puma_pid_file.stat.exists 23 | 24 | - name: restart puma 25 | command: kill -USR2 {{ puma_pid.stdout }} 26 | when: puma_pid_file.stat.exists 27 | -------------------------------------------------------------------------------- /roles/ruby/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs ruby dependencies 3 | apt: 4 | name: 5 | - libreadline-dev 6 | - libssl-dev 7 | - libyaml-dev 8 | - libxml2-dev 9 | - libxslt1-dev 10 | - zlib1g-dev 11 | 12 | - name: downloads ruby source code 13 | get_url: url=http://cache.ruby-lang.org/pub/ruby/{{ruby_version[0:3]}}/ruby-{{ruby_version}}.tar.gz dest=/var/local/ruby-{{ruby_version}}.tar.gz 14 | 15 | - name: extracts ruby source code 16 | command: tar -xvzf /var/local/ruby-{{ruby_version}}.tar.gz chdir=/var/local creates=/var/local/ruby-{{ruby_version}} 17 | 18 | - name: configures ruby 19 | command: ./configure chdir=/var/local/ruby-{{ruby_version}} creates=/var/local/ruby-{{ruby_version}}/Makefile 20 | 21 | - name: compiles ruby 22 | command: make chdir=/var/local/ruby-{{ruby_version}} creates=/var/local/ruby-{{ruby_version}}/ruby 23 | 24 | - name: installs ruby 25 | command: make install chdir=/var/local/ruby-{{ruby_version}} 26 | 27 | - name: installs gems 28 | command: gem install {{item}} 29 | with_items: 30 | - rake 31 | - bundler 32 | -------------------------------------------------------------------------------- /roles/rails/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installs rails 3 | command: gem install rails creates=/usr/local/bin/rails 4 | 5 | - name: configures logrotate 6 | template: src=logrotate.j2 dest=/etc/logrotate.d/app mode=644 7 | 8 | - name: clones repository 9 | git: repo={{repository}} dest={{app_path}} update=yes accept_hostkey=yes version={{branch | default('master')}} 10 | 11 | - name: changes app path owner 12 | file: path={{app_path}} recurse=yes owner={{user}} 13 | 14 | - name: configure bundler 15 | become_user: "{{ user }}" 16 | command: bundle config set deployment 'true' chdir={{ app_path }} 17 | 18 | - name: bundle install 19 | become_user: "{{ user }}" 20 | command: bundle install chdir={{ app_path }} 21 | register: bundler 22 | 23 | - name: setups database 24 | become_user: "{{ user }}" 25 | shell: . ~/.bash_profile && bundle exec rails db:migrate RAILS_ENV={{ rails_env }} chdir={{ app_path }} 26 | run_once: true 27 | 28 | - name: compile assets 29 | become_user: "{{ user }}" 30 | shell: . ~/.bash_profile && bundle exec rails assets:precompile RAILS_ENV={{ rails_env }} chdir={{ app_path }} 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Use this repository as a bootstrap for your organization custom Ansible project. 2 | 3 | In case you're new to Ansible, I added some demo playbooks to understand how you should do things. You should configure your inventory and then run the playbooks like this: 4 | 5 | ``` 6 | ansible-playbook -i inventory/production/demo provision_demo.yml 7 | ``` 8 | 9 | You can watch a demo [here](https://vimeo.com/133059608). 10 | 11 | The content of this project was created following the Ansible best practices: 12 | 13 | https://docs.ansible.com/playbooks_best_practices.html#content-organization 14 | 15 | # Recommended usage 16 | 17 | 1. Clone this project to a private repository and use it to version your organization infraestructure. You can name the repository something like `infra` or `provisioning`. 18 | 19 | 2. For each application, create a playbook and an inventory (use the demo files as examples). 20 | 21 | 3. Use the existent roles or create new ones, remove tasks that you don't need and add tasks you need, know what the roles are doing and keep things simple. 22 | 23 | # Included roles 24 | 25 | * deploy (creates a deploy specific user and copies ssh keys) 26 | * dev (installs common packages like autoconf and build essentials) 27 | * git 28 | * grafana 29 | * imagemagick 30 | * influxdb 31 | * jenkins 32 | * jre 33 | * mysql-client 34 | * mysql-server 35 | * nginx 36 | * nodejs 37 | * phantomjs 38 | * postgresql-client 39 | * postgresql-server 40 | * puma 41 | * rails 42 | * rails-deploy 43 | * redis 44 | * ruby 45 | * sidekiq 46 | * unicorn 47 | -------------------------------------------------------------------------------- /roles/nginx/templates/app.conf.j2: -------------------------------------------------------------------------------- 1 | upstream {{ app_name }} { 2 | server unix:/tmp/{{ app_name }}.sock fail_timeout=0; 3 | {% if app_port is defined %} 4 | server 127.0.0.1:{{ app_port }} fail_timeout=0; 5 | {% endif %} 6 | } 7 | 8 | server { 9 | listen 80; 10 | server_name menuintegrado.com.br; 11 | return 301 https://www.menuintegrado.com.br$request_uri; 12 | } 13 | 14 | server { 15 | listen 80; 16 | server_name menuintegrado.pe; 17 | return 301 https://www.menuintegrado.pe$request_uri; 18 | } 19 | 20 | server { 21 | listen 80; 22 | server_name menuintegrado.com.pe; 23 | return 301 https://www.menuintegrado.pe$request_uri; 24 | } 25 | 26 | server { 27 | listen 80; 28 | server_name www.menuintegrado.com.pe; 29 | return 301 https://www.menuintegrado.pe$request_uri; 30 | } 31 | 32 | server { 33 | listen 80; 34 | server_name menuintegrado.pt; 35 | return 301 https://www.menuintegrado.pt$request_uri; 36 | } 37 | 38 | server { 39 | listen 80; 40 | server_name menuintegrado.com.pt; 41 | return 301 https://www.menuintegrado.pt$request_uri; 42 | } 43 | 44 | server { 45 | listen 80; 46 | server_name www.menuintegrado.com.pt; 47 | return 301 https://www.menuintegrado.pt$request_uri; 48 | } 49 | 50 | server { 51 | listen 80 default_server; 52 | keepalive_timeout 5; 53 | root {{ app_path }}/public; 54 | try_files $uri $uri.html $uri/index.html @app; 55 | client_max_body_size {{ max_upload_size }}; 56 | 57 | location ~ ^/(assets|packs)/ { 58 | gzip_static on; 59 | expires max; 60 | add_header Cache-Control public; 61 | add_header ETag ""; 62 | add_header Last-Modified ""; 63 | add_header Access-Control-Allow-Origin *; 64 | add_header Access-Control-Request-Method *; 65 | try_files $uri @app; 66 | } 67 | 68 | location @app { 69 | proxy_set_header Host $http_host; 70 | proxy_pass http://{{ app_name }}; 71 | proxy_buffer_size 128k; 72 | proxy_buffers 4 256k; 73 | proxy_busy_buffers_size 256k; 74 | } 75 | 76 | location /cable { 77 | proxy_pass http://{{ app_name }}; 78 | proxy_http_version 1.1; 79 | proxy_set_header Upgrade $http_upgrade; 80 | proxy_set_header Connection "upgrade"; 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /roles/unicorn/templates/unicorn.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Startup script for jetty under *nix systems (it works under NT/cygwin too). 4 | 5 | # To get the service to restart correctly on reboot, uncomment below (3 lines): 6 | # ======================== 7 | # chkconfig: 3 99 99 8 | # description: Daemon for Unicorn service 9 | # processname: Unicorn 10 | # ======================== 11 | 12 | # Configuration files 13 | 14 | # 15 | # init.d script for single unicorn installation. 16 | # 17 | # This configures a unicorn master for your app at RAILS_ROOT running in 18 | # production mode. It will read config/unicorn.rb for further set up. 19 | # 20 | # You should ensure different ports or sockets are set in each config/unicorn.rb if 21 | # you are running more than one master concurrently. 22 | # 23 | 24 | UNICORN_ROOT='{{ app_path }}' 25 | UNICORN_ENV='{{ rails_env }}' 26 | UNICORN_USER='{{ user }}' 27 | 28 | set -e 29 | 30 | sig () { 31 | test -s "$PID" && kill -$1 `cat "$PID"` 32 | } 33 | 34 | oldsig () { 35 | test -s "$OLD_PID" && kill -$1 `cat "$OLD_PID"` 36 | } 37 | 38 | cmd () { 39 | 40 | case $1 in 41 | start) 42 | sig 0 && echo >&2 "Already running" && exit 0 43 | echo "Starting" 44 | su - $UNICORN_USER -c "$CMD" 45 | ;; 46 | stop) 47 | sig QUIT && echo "Stopping" && exit 0 48 | echo >&2 "Not running" 49 | ;; 50 | force-stop) 51 | sig TERM && echo "Forcing a stop" && exit 0 52 | echo >&2 "Not running" 53 | ;; 54 | restart|reload) 55 | sig USR2 && sleep 5 && oldsig QUIT && echo "Killing old master" `cat $OLD_PID` && exit 0 56 | echo >&2 "Couldn't reload, starting '$CMD' instead" 57 | su - $UNICORN_USER -c "$CMD" 58 | ;; 59 | upgrade) 60 | sig USR2 && echo Upgraded && exit 0 61 | echo >&2 "Couldn't upgrade, starting '$CMD' instead" 62 | su - $UNICORN_USER -c "$CMD" 63 | ;; 64 | rotate) 65 | sig USR1 && echo rotated logs OK && exit 0 66 | echo >&2 "Couldn't rotate logs" && exit 1 67 | ;; 68 | *) 69 | echo >&2 "Usage: $0 " 70 | exit 1 71 | ;; 72 | esac 73 | } 74 | 75 | setup () { 76 | 77 | echo -n "$UNICORN_ROOT: " 78 | export PID=$UNICORN_ROOT/tmp/pids/unicorn.pid 79 | export OLD_PID="$PID.oldbin" 80 | 81 | CMD="cd $UNICORN_ROOT && bundle exec unicorn -E $UNICORN_ENV -c config/unicorn.rb -D" 82 | } 83 | 84 | setup 85 | cmd $1 86 | -------------------------------------------------------------------------------- /roles/unicorn/templates/unicorn.rb.j2: -------------------------------------------------------------------------------- 1 | app_path = "{{ app_path }}" 2 | 3 | # Sample verbose configuration file for Unicorn (not Rack) 4 | # 5 | # This configuration file documents many features of Unicorn 6 | # that may not be needed for some applications. See 7 | # http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb 8 | # for a much simpler configuration file. 9 | # 10 | # See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete 11 | # documentation. 12 | 13 | # Use at least one worker per core if you're on a dedicated server, 14 | # more will usually help for _short_ waits on databases/caches. 15 | worker_processes 4 16 | 17 | # Since Unicorn is never exposed to outside clients, it does not need to 18 | # run on the standard HTTP port (80), there is no reason to start Unicorn 19 | # as root unless it's from system init scripts. 20 | # If running the master process as root and the workers as an unprivileged 21 | # user, do this to switch euid/egid in the workers (also chowns logs): 22 | # user "unprivileged_user", "unprivileged_group" 23 | 24 | # Help ensure your application will always spawn in the symlinked 25 | # "current" directory that Capistrano sets up. 26 | working_directory app_path # available in 0.94.0+ 27 | 28 | # listen on both a Unix domain socket and a TCP port, 29 | # we use a shorter backlog for quicker failover when busy 30 | listen "/tmp/.sock" 31 | listen 8080, :tcp_nopush => true 32 | 33 | # nuke workers after x seconds instead of 60 seconds (the default) 34 | timeout 60 35 | 36 | # feel free to point this anywhere accessible on the filesystem 37 | pid "#{app_path}/tmp/pids/unicorn.pid" 38 | 39 | # By default, the Unicorn logger will write to stderr. 40 | # Additionally, ome applications/frameworks log to stderr or stdout, 41 | # so prevent them from going to /dev/null when daemonized here: 42 | stderr_path "#{app_path}/log/unicorn.stderr.log" 43 | stdout_path "#{app_path}/log/unicorn.stdout.log" 44 | 45 | # combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings 46 | # http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow 47 | preload_app true 48 | GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true 49 | 50 | before_fork do |server, worker| 51 | # the following is highly recomended for Rails + "preload_app true" 52 | # as there's no need for the master process to hold a connection 53 | defined?(ActiveRecord::Base) and 54 | ActiveRecord::Base.connection.disconnect! 55 | 56 | # The following is only recommended for memory/DB-constrained 57 | # installations. It is not needed if your system can house 58 | # twice as many worker_processes as you have configured. 59 | # 60 | # # This allows a new master process to incrementally 61 | # # phase out the old master process with SIGTTOU to avoid a 62 | # # thundering herd (especially in the "preload_app false" case) 63 | # # when doing a transparent upgrade. The last worker spawned 64 | # # will then kill off the old master process with a SIGQUIT. 65 | old_pid = "#{server.config[:pid]}.oldbin" 66 | if old_pid != server.pid 67 | begin 68 | sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU 69 | Process.kill(sig, File.read(old_pid).to_i) 70 | rescue Errno::ENOENT, Errno::ESRCH 71 | end 72 | end 73 | # 74 | # Throttle the master from forking too quickly by sleeping. Due 75 | # to the implementation of standard Unix signal handlers, this 76 | # helps (but does not completely) prevent identical, repeated signals 77 | # from being lost when the receiving process is busy. 78 | # sleep 1 79 | end 80 | 81 | after_fork do |server, worker| 82 | # per-process listener ports for debugging/admin/migrations 83 | # addr = "127.0.0.1:#{9293 + worker.nr}" 84 | # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) 85 | 86 | # the following is *required* for Rails + "preload_app true", 87 | defined?(ActiveRecord::Base) and 88 | ActiveRecord::Base.establish_connection 89 | 90 | # if preload_app is true, then you may also want to check and 91 | # restart any other shared sockets/descriptors such as Memcached, 92 | # and Redis. TokyoCabinet file handles are safe to reuse 93 | # between any number of forked children (assuming your kernel 94 | # correctly implements pread()/pwrite() system calls) 95 | end 96 | -------------------------------------------------------------------------------- /roles/puma/templates/puma.rb.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env puma 2 | 3 | # The directory to operate out of. 4 | # 5 | # The default is the current directory. 6 | # 7 | # directory '/u/apps/lolcat' 8 | 9 | # Use an object or block as the rack application. This allows the 10 | # config file to be the application itself. 11 | # 12 | # app do |env| 13 | # puts env 14 | # 15 | # body = 'Hello, World!' 16 | # 17 | # [200, { 'Content-Type' => 'text/plain', 'Content-Length' => body.length.to_s }, [body]] 18 | # end 19 | 20 | # Load “path” as a rackup file. 21 | # 22 | # The default is “config.ru”. 23 | # 24 | # rackup '/u/apps/lolcat/config.ru' 25 | 26 | # Set the environment in which the rack's app will run. The value must be a string. 27 | # 28 | # The default is “development”. 29 | # 30 | environment '{{ rails_env }}' 31 | 32 | # Daemonize the server into the background. Highly suggest that 33 | # this be combined with “pidfile” and “stdout_redirect”. 34 | # 35 | # The default is “false”. 36 | # 37 | # daemonize false 38 | 39 | # Store the pid of the server in the file at “path”. 40 | # 41 | pidfile '{{ app_path }}/tmp/pids/puma.pid' 42 | 43 | # Use “path” as the file to store the server info state. This is 44 | # used by “pumactl” to query and control the server. 45 | # 46 | state_path '{{ app_path }}/tmp/pids/puma.state' 47 | 48 | # Redirect STDOUT and STDERR to files specified. The 3rd parameter 49 | # (“append”) specifies whether the output is appended, the default is 50 | # “false”. 51 | # 52 | # stdout_redirect '/u/apps/lolcat/log/stdout', '/u/apps/lolcat/log/stderr' 53 | stdout_redirect '{{ app_path }}/log/stdout', '{{ app_path }}/log/stderr', true 54 | 55 | # Disable request logging. 56 | # 57 | # The default is “false”. 58 | # 59 | # quiet 60 | 61 | # Configure “min” to be the minimum number of threads to use to answer 62 | # requests and “max” the maximum. 63 | # 64 | # The default is “0, 16”. 65 | # 66 | threads 5, 5 67 | 68 | # Bind the server to “url”. “tcp://”, “unix://” and “ssl://” are the only 69 | # accepted protocols. 70 | # 71 | # The default is “tcp://0.0.0.0:9292”. 72 | # 73 | # bind 'tcp://0.0.0.0:9292' 74 | # bind 'unix:///var/run/puma.sock' 75 | # bind 'unix:///var/run/puma.sock?umask=0777' 76 | # bind 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert' 77 | bind 'unix:/tmp/{{ app_name }}.sock' 78 | 79 | # Instead of “bind 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'” you 80 | # can also use the “ssl_bind” option. 81 | # 82 | # ssl_bind '127.0.0.1', '9292', { key: path_to_key, cert: path_to_cert } 83 | 84 | # Code to run before doing a restart. This code should 85 | # close log files, database connections, etc. 86 | # 87 | # This can be called multiple times to add code each time. 88 | # 89 | # on_restart do 90 | # puts 'On restart...' 91 | # end 92 | 93 | # Command to use to restart puma. This should be just how to 94 | # load puma itself (ie. 'ruby -Ilib bin/puma'), not the arguments 95 | # to puma, as those are the same as the original process. 96 | # 97 | # restart_command '/u/app/lolcat/bin/restart_puma' 98 | 99 | # === Cluster mode === 100 | 101 | # How many worker processes to run. 102 | # 103 | # The default is “0”. 104 | # 105 | workers 0 106 | 107 | preload_app! 108 | 109 | # Code to run when a worker boots to setup the process before booting 110 | # the app. 111 | # 112 | # This can be called multiple times to add hooks. 113 | # 114 | # on_worker_boot do 115 | # puts 'On worker boot...' 116 | # end 117 | on_worker_boot do 118 | ActiveSupport.on_load(:active_record) do 119 | ActiveRecord::Base.establish_connection 120 | end 121 | end 122 | 123 | # === Puma control rack application === 124 | 125 | # Start the puma control rack application on “url”. This application can 126 | # be communicated with to control the main server. Additionally, you can 127 | # provide an authentication token, so all requests to the control server 128 | # will need to include that token as a query parameter. This allows for 129 | # simple authentication. 130 | # 131 | # Check out https://github.com/puma/puma/blob/master/lib/puma/app/status.rb 132 | # to see what the app has available. 133 | # 134 | # activate_control_app 'unix:///var/run/pumactl.sock' 135 | # activate_control_app 'unix:///var/run/pumactl.sock', { auth_token: '12345' } 136 | # activate_control_app 'unix:///var/run/pumactl.sock', { no_token: true } 137 | -------------------------------------------------------------------------------- /roles/influxdb/templates/influx.conf: -------------------------------------------------------------------------------- 1 | ### Welcome to the InfluxDB configuration file. 2 | 3 | # Once every 24 hours InfluxDB will report anonymous data to m.influxdb.com 4 | # The data includes raft id (random 8 bytes), os, arch, version, and metadata. 5 | # We don't track ip addresses of servers reporting. This is only used 6 | # to track the number of instances running and the versions, which 7 | # is very helpful for us. 8 | # Change this option to true to disable reporting. 9 | reporting-disabled = false 10 | 11 | ### 12 | ### [meta] 13 | ### 14 | ### Controls the parameters for the Raft consensus group that stores metadata 15 | ### about the InfluxDB cluster. 16 | ### 17 | 18 | [meta] 19 | dir = "/var/opt/influxdb/meta" 20 | hostname = "localhost" 21 | bind-address = ":8088" 22 | retention-autocreate = true 23 | election-timeout = "1s" 24 | heartbeat-timeout = "1s" 25 | leader-lease-timeout = "500ms" 26 | commit-timeout = "50ms" 27 | 28 | ### 29 | ### [data] 30 | ### 31 | ### Controls where the actual shard data for InfluxDB lives and how it is 32 | ### flushed from the WAL. "dir" may need to be changed to a suitable place 33 | ### for your system, but the WAL settings are an advanced configuration. The 34 | ### defaults should work for most systems. 35 | ### 36 | 37 | [data] 38 | dir = "/var/opt/influxdb/data" 39 | max-wal-size = 104857600 # Maximum size the WAL can reach before a flush. Defaults to 100MB. 40 | wal-flush-interval = "10m" # Maximum time data can sit in WAL before a flush. 41 | wal-partition-flush-delay = "2s" # The delay time between each WAL partition being flushed. 42 | 43 | ### 44 | ### [cluster] 45 | ### 46 | ### Controls non-Raft cluster behavior, which generally includes how data is 47 | ### shared across shards. 48 | ### 49 | 50 | [cluster] 51 | shard-writer-timeout = "5s" # The time within which a shard must respond to write. 52 | write-timeout = "5s" # The time within which a write operation must complete on the cluster. 53 | 54 | ### 55 | ### [retention] 56 | ### 57 | ### Controls the enforcement of retention policies for evicting old data. 58 | ### 59 | 60 | [retention] 61 | enabled = true 62 | check-interval = "10m" 63 | 64 | ### 65 | ### [admin] 66 | ### 67 | ### Controls the availability of the built-in, web-based admin interface. If HTTPS is 68 | ### enabled for the admin interface, HTTPS must also be enabled on the [http] service. 69 | ### 70 | 71 | [admin] 72 | enabled = true 73 | bind-address = ":8083" 74 | https-enabled = false 75 | https-certificate = "/etc/ssl/influxdb.pem" 76 | 77 | ### 78 | ### [http] 79 | ### 80 | ### Controls how the HTTP endpoints are configured. These are the primary 81 | ### mechanism for getting data into and out of InfluxDB. 82 | ### 83 | 84 | [http] 85 | enabled = true 86 | bind-address = ":8086" 87 | auth-enabled = true 88 | log-enabled = true 89 | write-tracing = false 90 | pprof-enabled = false 91 | https-enabled = false 92 | https-certificate = "/etc/ssl/influxdb.pem" 93 | 94 | ### 95 | ### [[graphite]] 96 | ### 97 | ### Controls one or many listeners for Graphite data. 98 | ### 99 | 100 | [[graphite]] 101 | enabled = false 102 | # bind-address = ":2003" 103 | # protocol = "tcp" 104 | # consistency-level = "one" 105 | # name-separator = "." 106 | 107 | ## "name-schema" configures tag names for parsing the metric name from graphite protocol; 108 | ## separated by `name-separator`. 109 | ## The "measurement" tag is special and the corresponding field will become 110 | ## the name of the metric. 111 | ## e.g. "type.host.measurement.device" will parse "server.localhost.cpu.cpu0" as 112 | ## { 113 | ## measurement: "cpu", 114 | ## tags: { 115 | ## "type": "server", 116 | ## "host": "localhost, 117 | ## "device": "cpu0" 118 | ## } 119 | ## } 120 | # name-schema = "type.host.measurement.device" 121 | 122 | ## If set to true, when the input metric name has more fields than `name-schema` specified, 123 | ## the extra fields will be ignored. 124 | ## Otherwise an error will be logged and the metric rejected. 125 | # ignore-unnamed = true 126 | 127 | ### 128 | ### [collectd] 129 | ### 130 | ### Controls the listener for collectd data. 131 | ### 132 | 133 | [collectd] 134 | enabled = false 135 | # bind-address = "" 136 | # database = "" 137 | # typesdb = "" 138 | 139 | ### 140 | ### [opentsdb] 141 | ### 142 | ### Controls the listener for OpenTSDB data. 143 | ### 144 | 145 | [opentsdb] 146 | enabled = false 147 | # bind-address = "" 148 | # database = "" 149 | # retention-policy = "" 150 | 151 | ### 152 | ### [udp] 153 | ### 154 | ### Controls the listener for InfluxDB line protocol data via UDP. 155 | ### 156 | 157 | [udp] 158 | enabled = false 159 | # bind-address = "" 160 | # database = "" 161 | # batch-size = 0 162 | # batch-timeout = "0" 163 | 164 | ### 165 | ### [monitoring] 166 | ### 167 | 168 | [monitoring] 169 | enabled = false 170 | write-interval = "24h" 171 | 172 | ### 173 | ### [continuous_queries] 174 | ### 175 | ### Controls how continuous queries are run within InfluxDB. 176 | ### 177 | 178 | [continuous_queries] 179 | enabled = true 180 | recompute-previous-n = 2 181 | recompute-no-older-than = "10m" 182 | compute-runs-per-interval = 10 183 | compute-no-more-than = "2m" 184 | 185 | ### 186 | ### [hinted-handoff] 187 | ### 188 | ### Controls the hinted handoff feature, which allows nodes to temporarily 189 | ### store queued data when one node of a cluster is down for a short period 190 | ### of time. 191 | ### 192 | 193 | [hinted-handoff] 194 | enabled = true 195 | dir = "/var/opt/influxdb/hh" 196 | max-size = 1073741824 197 | max-age = "168h" 198 | retry-rate-limit = 0 199 | retry-interval = "1s" 200 | -------------------------------------------------------------------------------- /roles/grafana/templates/grafana.ini.j2: -------------------------------------------------------------------------------- 1 | ##################### Grafana Configuration Example ##################### 2 | # 3 | # Everything has defaults so you only need to uncomment things you want to 4 | # change 5 | 6 | ; app_mode = production 7 | 8 | #################################### Paths #################################### 9 | [paths] 10 | # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is useD) 11 | # 12 | ;data = /var/lib/grafana 13 | # 14 | # Directory where grafana can store logs 15 | # 16 | ;logs = /var/log/grafana 17 | 18 | #################################### Server #################################### 19 | [server] 20 | # Protocol (http or https) 21 | ;protocol = http 22 | 23 | # The ip address to bind to, empty will bind to all interfaces 24 | ;http_addr = 25 | 26 | # The http port to use 27 | ;http_port = 3000 28 | 29 | # The public facing domain name used to access grafana from a browser 30 | ;domain = localhost 31 | 32 | # The full public facing url 33 | ;root_url = %(protocol)s://%(domain)s:%(port)s/ 34 | 35 | # Log web requests 36 | ;router_logging = false 37 | 38 | # the path relative working path 39 | ;static_root_path = public 40 | 41 | # enable gzip 42 | ;enable_gzip = false 43 | 44 | # https certs & key file 45 | ;cert_file = 46 | ;cert_key = 47 | 48 | #################################### Database #################################### 49 | [database] 50 | # Either "mysql", "postgres" or "sqlite3", it's your choice 51 | ;type = sqlite3 52 | ;host = 127.0.0.1:3306 53 | ;name = grafana 54 | ;user = root 55 | ;password = 56 | 57 | # For "postgres" only, either "disable", "require" or "verify-full" 58 | ;ssl_mode = disable 59 | 60 | # For "sqlite3" only, path relative to data_path setting 61 | ;path = grafana.db 62 | 63 | #################################### Session #################################### 64 | [session] 65 | # Either "memory", "file", "redis", "mysql", default is "memory" 66 | ;provider = file 67 | 68 | # Provider config options 69 | # memory: not have any config yet 70 | # file: session dir path, is relative to grafana data_path 71 | # redis: config like redis server addr, poolSize, password, e.g. `127.0.0.1:6379,100,grafana` 72 | # mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1)/database_name` 73 | ;provider_config = sessions 74 | 75 | # Session cookie name 76 | ;cookie_name = grafana_sess 77 | 78 | # If you use session in https only, default is false 79 | ;cookie_secure = false 80 | 81 | # Session life time, default is 86400 82 | ;session_life_time = 86400 83 | 84 | #################################### Analytics #################################### 85 | [analytics] 86 | # Server reporting, sends usage counters to stats.grafana.org every 24 hours. 87 | # No ip addresses are being tracked, only simple counters to track 88 | # running instances, dashboard and error counts. It is very helpful to us. 89 | # Change this option to false to disable reporting. 90 | ;reporting_enabled = true 91 | 92 | # Google Analytics universal tracking code, only enabled if you specify an id here 93 | ;google_analytics_ua_id = 94 | 95 | #################################### Security #################################### 96 | [security] 97 | # default admin user, created on startup 98 | ;admin_user = admin 99 | 100 | # default admin password, can be changed before first start of grafana, or in profile settings 101 | ;admin_password = ladidada 102 | 103 | # used for signing 104 | ;secret_key = SW2YcwTIb9zpOOhoPsMm 105 | 106 | # Auto-login remember days 107 | ;login_remember_days = 7 108 | ;cookie_username = grafana_user 109 | ;cookie_remember_name = grafana_remember 110 | 111 | #################################### Users #################################### 112 | [users] 113 | # disable user signup / registration 114 | ;allow_sign_up = false 115 | 116 | # Allow non admin users to create organizations 117 | ;allow_org_create = true 118 | 119 | # Set to true to automatically assign new users to the default organization (id 1) 120 | ;auto_assign_org = true 121 | 122 | # Default role new users will be automatically assigned (if disabled above is set to true) 123 | ;auto_assign_org_role = Viewer 124 | 125 | #################################### Anonymous Auth ########################## 126 | [auth.anonymous] 127 | # enable anonymous access 128 | ;enabled = false 129 | 130 | # specify organization name that should be used for unauthenticated users 131 | ;org_name = Main Org. 132 | 133 | # specify role for unauthenticated users 134 | ;org_role = Viewer 135 | 136 | #################################### Github Auth ########################## 137 | [auth.github] 138 | ;enabled = false 139 | ;client_id = some_id 140 | ;client_secret = some_secret 141 | ;scopes = user:email 142 | ;auth_url = https://github.com/login/oauth/authorize 143 | ;token_url = https://github.com/login/oauth/access_token 144 | ;api_url = https://api.github.com/user 145 | # Uncomment bellow to only allow specific email domains 146 | ; allowed_domains = mycompany.com othercompany.com 147 | 148 | #################################### Google Auth ########################## 149 | [auth.google] 150 | ;enabled = true 151 | ;client_id = some_id 152 | ;client_secret = some_secret 153 | ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email 154 | ;auth_url = https://accounts.google.com/o/oauth2/auth 155 | ;token_url = https://accounts.google.com/o/oauth2/token 156 | ;api_url = https://www.googleapis.com/oauth2/v1/userinfo 157 | # Uncomment bellow to only allow specific email domains 158 | ;allowed_domains = mycompany.com 159 | 160 | #################################### Logging ########################## 161 | [log] 162 | # Either "console", "file", default is "console" 163 | # Use comma to separate multiple modes, e.g. "console, file" 164 | ;mode = console, file 165 | 166 | # Buffer length of channel, keep it as it is if you don't know what it is. 167 | ;buffer_len = 10000 168 | 169 | # Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" 170 | ;level = Info 171 | 172 | # For "console" mode only 173 | [log.console] 174 | ;level = 175 | 176 | # For "file" mode only 177 | [log.file] 178 | ;level = 179 | # This enables automated log rotate(switch of following options), default is true 180 | ;log_rotate = true 181 | 182 | # Max line number of single file, default is 1000000 183 | ;max_lines = 1000000 184 | 185 | # Max size shift of single file, default is 28 means 1 << 28, 256MB 186 | ;max_lines_shift = 28 187 | 188 | # Segment log daily, default is true 189 | ;daily_rotate = true 190 | 191 | # Expired days of log file(delete after max days), default is 7 192 | ;max_days = 7 193 | 194 | #################################### AMPQ Event Publisher ########################## 195 | [event_publisher] 196 | ;enabled = false 197 | ;rabbitmq_url = amqp://localhost/ 198 | ;exchange = grafana_events 199 | --------------------------------------------------------------------------------