├── .github └── workflows │ └── blank.yml ├── Jenkinsfile ├── README.md ├── ansible.cfg ├── configs ├── dev.yml └── prod.yml ├── group_vars └── all ├── inventories ├── dev │ └── hosts └── prod │ └── hosts ├── main.yml ├── roles ├── add_devops_user │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── add_user.yml └── tomcat │ ├── files │ └── tomcat-initscript.sh │ ├── handlers │ └── main.yml │ ├── tasks │ └── main.yml │ └── templates │ ├── index.html.j2 │ ├── server.xml │ └── tomcat-users.xml └── test /.github/workflows/blank.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: CI 4 | 5 | # Controls when the workflow will run 6 | on: 7 | # Triggers the workflow on push or pull request events but only for the master branch 8 | push: 9 | branches: [ master ] 10 | pull_request: 11 | branches: [ master ] 12 | 13 | # Allows you to run this workflow manually from the Actions tab 14 | workflow_dispatch: 15 | 16 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 17 | jobs: 18 | # This workflow contains a single job called "build" 19 | build: 20 | # The type of runner that the job will run on 21 | runs-on: ubuntu-latest 22 | 23 | # Steps represent a sequence of tasks that will be executed as part of the job 24 | steps: 25 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 26 | - uses: actions/checkout@v2 27 | 28 | 29 | - name: Copy files to the test website with the AWS CLI 30 | env: 31 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 32 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 33 | AWS_DEFAULT_REGION: us-east-2 34 | run: | 35 | aws s3 sync . s3://devops4solutions-target --region us-east-2 36 | 37 | # Runs a set of commands using the runners shell 38 | - name: Run a multi-line script 39 | run: | 40 | echo Add other actions to build, 41 | echo test, and deploy your project. 42 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | pipeline { 2 | agent any 3 | 4 | stages { 5 | stage('checkout') { 6 | steps { 7 | 8 | git branch: 'master', url: 'https://github.com/devops4solutions/Ansible-Sample-Application-Deployment.git' 9 | 10 | } 11 | } 12 | 13 | 14 | 15 | stage('Ansible Init') { 16 | steps { 17 | script { 18 | 19 | def tfHome = tool name: 'Ansible' 20 | env.PATH = "${tfHome}:${env.PATH}" 21 | sh 'ansible --version' 22 | 23 | } 24 | } 25 | } 26 | 27 | 28 | 29 | stage('Ansible Deploy') { 30 | 31 | steps { 32 | 33 | 34 | 35 | sh "ansible-playbook main.yml -i inventories/dev/hosts --user jenkins --key-file ~/.ssh/id_rsa -e '@configs/dev.yml'" 36 | 37 | 38 | 39 | } 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible-Sample-Application-Deployment 2 | This repository will contain sample code to deploy the sample application on linux instance 3 | 4 | 5 | 6 | 7 | # Directory Structure 8 | 1. configs - contain environment specific variable 9 | 2. inventories - contains inventory file for each environment 10 | 3. groups_vars - contains common variables across environments 11 | 4. roles - This will have subfolders like java,tomcat 12 | 13 | a) tomcat - this folder will have files related to the installation of tomcat 14 | 15 | - files (This will contain files which you want to copy to to your destination servers) 16 | 17 | - handlers ( This is used to start/stop the services) 18 | 19 | - templates (This will contain template files) 20 | 21 | - tasks ( playbook to install the software) 22 | 23 | b) add_devops_user - This folder will have files related to the setup of initial user 24 | 25 | 5. main.yml - This is the main file which will execute roles in the playbook 26 | 27 | 28 | # How to Run the Playbook 29 | 30 | 31 | 32 | ``` 33 | ansible-playbook main.yml -i inventories/dev/hosts --user ec2-user --key-file /home/ec2-user/playbooks/ansible_aut.pem -e '@configs/dev.yml' 34 | 35 | ansible-playbook main.yml -i inventories/dev/hosts --user devops --key-file /home/devops/.ssh/id_rsa -e '@configs/dev.yml' 36 | 37 | 38 | ``` 39 | # References 40 | 41 | 42 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | host_key_checking = False 3 | 4 | -------------------------------------------------------------------------------- /configs/dev.yml: -------------------------------------------------------------------------------- 1 | index_page: This is dev environment 2 | devops_password: #1zlprYY9 3 | 4 | -------------------------------------------------------------------------------- /configs/prod.yml: -------------------------------------------------------------------------------- 1 | index_page: This is prd environment 2 | devops_password: #1zlprYY9 3 | -------------------------------------------------------------------------------- /group_vars/all: -------------------------------------------------------------------------------- 1 | # Here are variables related to the Tomcat installation 2 | 3 | http_port: 8080 4 | https_port: 8443 5 | 6 | # This will configure a default manager-gui user: 7 | 8 | admin_username: admin 9 | admin_password: adminsecret 10 | 11 | tomcat_group: tomcat 12 | tomcat_user: tomcat 13 | 14 | username: jenkins 15 | -------------------------------------------------------------------------------- /inventories/dev/hosts: -------------------------------------------------------------------------------- 1 | [all] 2 | 172.31.28.25 3 | -------------------------------------------------------------------------------- /inventories/prod/hosts: -------------------------------------------------------------------------------- 1 | [tomcat-servers] 2 | 54.245.153.137 3 | -------------------------------------------------------------------------------- /main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: all 4 | become: true 5 | become_user: root 6 | gather_facts: false 7 | tasks: 8 | - include_role: 9 | name: add_devops_user 10 | tasks_from: add_user.yml 11 | 12 | - hosts: all 13 | become: true 14 | become_user: root 15 | gather_facts: false 16 | tasks: 17 | - include_role: 18 | name: tomcat 19 | 20 | ... 21 | -------------------------------------------------------------------------------- /roles/add_devops_user/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart ssh 2 | service: 3 | state: restarted 4 | name: sshd 5 | -------------------------------------------------------------------------------- /roles/add_devops_user/tasks/add_user.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Add a new user named devops 3 | user: 4 | name={{username}} 5 | password={{ devops_password }} 6 | 7 | - name: Add devops user to the sudoers 8 | copy: 9 | dest: "/etc/sudoers.d/{{username}}" 10 | content: "{{username}} ALL=(ALL) NOPASSWD: ALL" 11 | 12 | - name: Deploy SSH Key 13 | authorized_key: user={{username}} 14 | key="{{ lookup('file', 'id_rsa.pub') }}" 15 | state=present 16 | 17 | - name: Disable Password Authentication 18 | lineinfile: 19 | dest=/etc/ssh/sshd_config 20 | regexp='^PasswordAuthentication' 21 | line="PasswordAuthentication no" 22 | state=present 23 | backup=yes 24 | 25 | - name: Disable Root Login 26 | lineinfile: 27 | dest=/etc/ssh/sshd_config 28 | regexp='^PermitRootLogin' 29 | line="PermitRootLogin no" 30 | state=present 31 | backup=yes 32 | 33 | notify: 34 | - restart ssh 35 | -------------------------------------------------------------------------------- /roles/tomcat/files/tomcat-initscript.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # chkconfig: 345 99 28 4 | # description: Starts/Stops Apache Tomcat 5 | # 6 | # Tomcat 7 start/stop/status script 7 | # Forked from: https://gist.github.com/valotas/1000094 8 | # @author: Miglen Evlogiev 9 | # 10 | # Release updates: 11 | # Updated method for gathering pid of the current proccess 12 | # Added usage of CATALINA_BASE 13 | # Added coloring and additional status 14 | # Added check for existence of the tomcat user 15 | # 16 | 17 | #Location of JAVA_HOME (bin files) 18 | export JAVA_HOME=/usr/lib/jvm/jre 19 | 20 | #Add Java binary files to PATH 21 | export PATH=$JAVA_HOME/bin:$PATH 22 | 23 | #CATALINA_HOME is the location of the bin files of Tomcat 24 | export CATALINA_HOME=/usr/share/tomcat 25 | 26 | #CATALINA_BASE is the location of the configuration files of this instance of Tomcat 27 | export CATALINA_BASE=/usr/share/tomcat 28 | 29 | #TOMCAT_USER is the default user of tomcat 30 | export TOMCAT_USER=tomcat 31 | 32 | #TOMCAT_USAGE is the message if this script is called without any options 33 | TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}" 34 | 35 | #SHUTDOWN_WAIT is wait time in seconds for java proccess to stop 36 | SHUTDOWN_WAIT=20 37 | 38 | tomcat_pid() { 39 | echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2` 40 | } 41 | 42 | start() { 43 | pid=$(tomcat_pid) 44 | if [ -n "$pid" ] 45 | then 46 | echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m" 47 | else 48 | # Start tomcat 49 | echo -e "\e[00;32mStarting tomcat\e[00m" 50 | #ulimit -n 100000 51 | #umask 007 52 | #/bin/su -p -s /bin/sh tomcat 53 | if [ `user_exists $TOMCAT_USER` = "1" ] 54 | then 55 | su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh 56 | else 57 | sh $CATALINA_HOME/bin/startup.sh 58 | fi 59 | status 60 | fi 61 | return 0 62 | } 63 | 64 | status(){ 65 | pid=$(tomcat_pid) 66 | if [ -n "$pid" ]; then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m" 67 | else echo -e "\e[00;31mTomcat is not running\e[00m" 68 | fi 69 | } 70 | 71 | stop() { 72 | pid=$(tomcat_pid) 73 | if [ -n "$pid" ] 74 | then 75 | echo -e "\e[00;31mStoping Tomcat\e[00m" 76 | #/bin/su -p -s /bin/sh tomcat 77 | sh $CATALINA_HOME/bin/shutdown.sh 78 | 79 | let kwait=$SHUTDOWN_WAIT 80 | count=0; 81 | until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ] 82 | do 83 | echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m"; 84 | sleep 1 85 | let count=$count+1; 86 | done 87 | 88 | if [ $count -gt $kwait ]; then 89 | echo -n -e "\n\e[00;31mkilling processes which didn't stop after $SHUTDOWN_WAIT seconds\e[00m" 90 | kill -9 $pid 91 | fi 92 | else 93 | echo -e "\e[00;31mTomcat is not running\e[00m" 94 | fi 95 | 96 | return 0 97 | } 98 | 99 | user_exists(){ 100 | if id -u $1 >/dev/null 2>&1; then 101 | echo "1" 102 | else 103 | echo "0" 104 | fi 105 | } 106 | 107 | case $1 in 108 | 109 | start) 110 | start 111 | ;; 112 | 113 | stop) 114 | stop 115 | ;; 116 | 117 | restart) 118 | stop 119 | start 120 | ;; 121 | 122 | status) 123 | status 124 | 125 | ;; 126 | 127 | *) 128 | echo -e $TOMCAT_USAGE 129 | ;; 130 | esac 131 | exit 0 132 | -------------------------------------------------------------------------------- /roles/tomcat/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart tomcat 3 | service: name=tomcat state=restarted 4 | 5 | - name: restart iptables 6 | service: name=iptables state=restarted 7 | -------------------------------------------------------------------------------- /roles/tomcat/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Java 1.7 3 | yum: name=java-1.7.0-openjdk state=present 4 | 5 | - name: add group "tomcat" 6 | group: name={{tomcat_group}} 7 | 8 | - name: add user "tomcat" 9 | user: name={{tomcat_user}} group={{tomcat_group}} home=/usr/share/tomcat createhome=no 10 | become: True 11 | become_method: sudo 12 | 13 | - name: Download Tomcat 14 | get_url: url=http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.61/bin/apache-tomcat-7.0.61.tar.gz dest=/opt/apache-tomcat-7.0.61.tar.gz 15 | 16 | - name: Extract archive 17 | command: chdir=/usr/share /bin/tar xvf /opt/apache-tomcat-7.0.61.tar.gz -C /opt/ creates=/opt/apache-tomcat-7.0.61 18 | 19 | - name: Symlink install directory 20 | file: src=/opt/apache-tomcat-7.0.61 path=/usr/share/tomcat state=link 21 | 22 | - name: Change ownership of Tomcat installation 23 | file: path=/usr/share/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes 24 | 25 | - name: Configure Tomcat server 26 | template: src=server.xml dest=/usr/share/tomcat/conf/ 27 | 28 | 29 | - name: Configure Tomcat users 30 | template: src=tomcat-users.xml dest=/usr/share/tomcat/conf/ 31 | 32 | 33 | - name: Create sample directory 34 | file: 35 | path: "/opt/apache-tomcat-7.0.61/webapps/samples" 36 | state: directory 37 | mode: 0777 38 | become: true 39 | 40 | - name: copy sample index.html file 41 | template: src=index.html.j2 dest=/opt/apache-tomcat-7.0.61/webapps/samples/index.html 42 | 43 | 44 | notify: restart tomcat 45 | 46 | - name: Install Tomcat init script 47 | copy: src=tomcat-initscript.sh dest=/etc/init.d/tomcat mode=0755 48 | 49 | - name: Start Tomcat 50 | service: name=tomcat state=started enabled=yes 51 | 52 | - name: wait for tomcat to start 53 | wait_for: port={{http_port}} 54 | 55 | -------------------------------------------------------------------------------- /roles/tomcat/templates/index.html.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |

{{index_page}}

7 | 8 | 9 | -------------------------------------------------------------------------------- /roles/tomcat/templates/server.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 21 | 25 | 26 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 41 | 42 | 45 | 50 | 51 | 52 | 57 | 58 | 59 | 60 | 64 | 65 | 66 | 73 | 76 | 77 | 83 | 87 | 92 | 93 | 94 | 95 | 96 | 97 | 102 | 103 | 106 | 107 | 108 | 111 | 114 | 115 | 117 | 118 | 122 | 124 | 125 | 126 | 128 | 129 | 131 | 134 | 135 | 138 | 141 | 142 | 143 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /roles/tomcat/templates/tomcat-users.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 21 | 22 | 27 | 32 | 33 | 34 | 35 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /test: -------------------------------------------------------------------------------- 1 | name: "Environment infrastructure" 2 | on: 3 | # Manual trigger 4 | workflow_dispatch: 5 | push: 6 | paths: 7 | - 'environments/**' 8 | pull_request: 9 | branches: [ master ] 10 | paths: 11 | - 'environments/**' 12 | defaults: 13 | run: 14 | shell: bash 15 | working-directory: environments 16 | jobs: 17 | terraform: 18 | name: ${{matrix.runner}} - ${{ matrix.environment }} 19 | runs-on: [ self-hosted, '${{ matrix.runner }}'] 20 | strategy: 21 | max-parallel: 1 22 | matrix: 23 | include: 24 | - environment: test 25 | runner: awsdtfeenp 26 | - environment: cert 27 | runner: awsdtfeenp 28 | - environment: uat 29 | runner: awsdtfee 30 | - environment: prod 31 | runner: awsdtfee 32 | env: 33 | TF_VAR_foo: bar 34 | steps: 35 | - uses: actions/checkout@v2 36 | - uses: synced-actions/setup-terraform@v1 37 | with: 38 | terraform_wrapper: false 39 | - name: Terraform Init 40 | id: init 41 | run: | 42 | rm -rf .terraform 43 | terraform init -backend-config=${{ matrix.environment }}/backend.tfvars -upgrade=true -no-color -input=false 44 | - name: Terraform Plan 45 | id: plan 46 | run: | 47 | terraform plan -input=false -var-file=${{ matrix.environment }}/terraform.tfvars -no-color 48 | - name: Terraform Apply 49 | # NOTE: ONLY APPLY THE TERRAFORM CHANGES IF MASTER BRANCH 50 | # PERMITS VALIDATING BRANCHES/PULL REQUESTS WITHOUT CHANGING ANYTHING 51 | if: github.ref == 'refs/heads/master' 52 | id: apply 53 | run: terraform apply -auto-approve -input=false -var-file=${{ matrix.environment }}/terraform.tfvars 54 | --------------------------------------------------------------------------------