├── .gitignore ├── LICENSE ├── README.md ├── ansible.cfg └── playbooks ├── example ├── example_servers.yml ├── group_vars │ ├── all │ └── example_servers ├── host_vars │ └── example-repository ├── hosts ├── repository_server.yml ├── roles │ ├── __galaxy__ │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ └── .empty │ │ └── vars │ │ │ └── main.yml │ ├── __template__ │ ├── common │ │ ├── files │ │ │ ├── authorized_keys │ │ │ └── insecure_sudoers │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── hostname.j2 │ │ │ └── supervisord.conf.j2 │ ├── deploy_private_git │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ ├── .empty │ │ │ ├── setDeployKey.py.j2 │ │ │ └── ssh_config.j2 │ │ └── vars │ │ │ └── main.yml │ ├── deploy_thingy │ │ ├── files │ │ │ ├── .empty │ │ │ ├── thingy.nginx.conf │ │ │ └── thingy.super.conf │ │ ├── handlers │ │ │ ├── .empty │ │ │ └── main.yml │ │ ├── meta │ │ │ ├── .empty │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── gridfs │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── .empty │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── memcached │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ ├── .empty │ │ │ └── main.yml │ │ ├── meta │ │ │ └── .empty │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── mongodb │ │ └── tasks │ │ │ └── main.yml │ ├── nginx │ │ ├── files │ │ │ ├── .empty │ │ │ ├── nginx.conf │ │ │ └── proxy.conf │ │ ├── handlers │ │ │ ├── .empty │ │ │ └── main.yml │ │ ├── meta │ │ │ └── .empty │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── nodejs │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── .empty │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── redis │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── .empty │ │ ├── meta │ │ │ └── .empty │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── .empty │ ├── repository │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── distributions.j2 │ │ │ ├── gpg_template.j2 │ │ │ ├── options.j2 │ │ │ └── repository.conf.j2 │ ├── service_example │ │ ├── files │ │ │ └── dnsmasq.default │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── dnsmasq.conf.j2 │ │ │ ├── thingyservice.conf.j2 │ │ │ └── thingyservice.super.conf.j2 │ └── zeromq │ │ └── tasks │ │ └── main.yml └── site.yml ├── part3_ec2 ├── hosts ├── roles │ ├── __galaxy__ │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── .empty │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ └── .empty │ │ └── vars │ │ │ └── main.yml │ ├── __template__ │ ├── common │ ├── deploy_thingy │ ├── gridfs │ ├── memcached │ ├── mongodb │ ├── nginx │ ├── nodejs │ ├── redis │ ├── repository │ ├── service_example │ └── zeromq └── site.yml └── part5_galaxy ├── galaxy-roles.txt ├── group_vars └── all ├── host_vars └── all ├── hosts ├── roles ├── ANXS.postgresql │ ├── .gitignore │ ├── .travis.yml │ ├── LICENSE │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ ├── configure.yml │ │ ├── databases.yml │ │ ├── extensions.yml │ │ ├── extensions │ │ │ ├── contrib.yml │ │ │ ├── dev_headers.yml │ │ │ └── postgis.yml │ │ ├── install.yml │ │ ├── main.yml │ │ ├── monit.yml │ │ └── users.yml │ ├── templates │ │ ├── etc_monit_conf.d_postgresql.j2 │ │ ├── pg_hba.conf.j2 │ │ └── postgresql.conf.j2 │ └── test.yml └── common │ ├── files │ ├── authorized_keys │ └── insecure_sudoers │ ├── handlers │ └── main.yml │ ├── tasks │ └── main.yml │ └── templates │ ├── hostname.j2 │ └── supervisord.conf.j2 └── tutorial.yml /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by https://www.gitignore.io 2 | 3 | ### Python ### 4 | # Byte-compiled / optimized / DLL files 5 | __pycache__/ 6 | *.py[cod] 7 | 8 | # C extensions 9 | *.so 10 | 11 | # Distribution / packaging 12 | .Python 13 | env/ 14 | build/ 15 | develop-eggs/ 16 | dist/ 17 | downloads/ 18 | eggs/ 19 | lib/ 20 | lib64/ 21 | parts/ 22 | sdist/ 23 | var/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | 46 | # Translations 47 | *.mo 48 | *.pot 49 | 50 | # Django stuff: 51 | *.log 52 | 53 | # Sphinx documentation 54 | docs/_build/ 55 | 56 | # PyBuilder 57 | target/ 58 | 59 | 60 | ### VirtualEnv ### 61 | # Virtualenv 62 | # http://iamzed.com/2009/05/07/a-primer-on-virtualenv/ 63 | .Python 64 | [Bb]in 65 | [Ii]nclude 66 | [Ll]ib 67 | [Ss]cripts 68 | pyvenv.cfg 69 | 70 | 71 | ### Django ### 72 | *.log 73 | *.pot 74 | *.pyc 75 | __pycache__/ 76 | local_settings.py 77 | 78 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Tom O'Connor 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | parallax 2 | ======== 3 | 4 | My collection of ansible templates, sensible defaults and an example of where to start from. 5 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | # more at http://docs.ansible.com/intro_configuration.html#the-ansible-configuration-file 3 | # host_key_checking=False 4 | remote_user=user 5 | -------------------------------------------------------------------------------- /playbooks/example/example_servers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install all the packages and stuff required for an EXAMPLE SERVICE 3 | hosts: example_servers 4 | user: user 5 | sudo: yes 6 | roles: 7 | - common 8 | - mongodb 9 | - zeromq 10 | - service_example 11 | - nodejs 12 | # - nginx 13 | # - python 14 | # - postgresql 15 | # - redis 16 | # - memcached 17 | # - deployment 18 | -------------------------------------------------------------------------------- /playbooks/example/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | runas_user: nobody 3 | project_root: /srv/example 4 | sources_type: direct 5 | -------------------------------------------------------------------------------- /playbooks/example/group_vars/example_servers: -------------------------------------------------------------------------------- 1 | --- 2 | # this matches the host group in the inventory file, with the same name [example_servers] etc. 3 | 4 | sources_type: proxy 5 | -------------------------------------------------------------------------------- /playbooks/example/host_vars/example-repository: -------------------------------------------------------------------------------- 1 | access_user: tom 2 | # this applies to a whole host matching the hostname with the name of this file. 3 | -------------------------------------------------------------------------------- /playbooks/example/hosts: -------------------------------------------------------------------------------- 1 | [demoboxes] 2 | # example of setting a host inventory by IP address. 3 | # also demonstrates how to set per-host variables. 4 | 192.168.1.97 remote_user=tom access_user=tom 5 | 6 | #[repository_servers] 7 | #example-repository 8 | ##example of setting a host by hostname. Requires local lookup in /etc/hosts 9 | ## or DNS. 10 | # 11 | #[webservers] 12 | #web01 13 | # 14 | #[dbservers] 15 | #db01 16 | -------------------------------------------------------------------------------- /playbooks/example/repository_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install all the packages and stuff required for an Ubuntu Repository Server 3 | hosts: repository_servers 4 | user: user 5 | sudo: yes 6 | roles: 7 | - common 8 | - repository 9 | # - nginx 10 | # - python 11 | # - postgresql 12 | # - redis 13 | # - memcached 14 | # - deployment 15 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ======== 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by the ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | License 22 | ------- 23 | 24 | BSD 25 | 26 | Author Information 27 | ------------------ 28 | 29 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 30 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/files/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/__galaxy__/files/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: 5 | company: your company (optional) 6 | license: license (GPLv2, CC-BY, etc) 7 | min_ansible_version: 1.2 8 | # 9 | # Below are all platforms currently available. Just uncomment 10 | # the ones that apply to your role. If you don't see your 11 | # platform on this list, let us know and we'll get it added! 12 | # 13 | #platforms: 14 | #- name: EL 15 | # versions: 16 | # - all 17 | # - 5 18 | # - 6 19 | #- name: GenericUNIX 20 | # versions: 21 | # - all 22 | # - any 23 | #- name: Fedora 24 | # versions: 25 | # - all 26 | # - 16 27 | # - 17 28 | # - 18 29 | # - 19 30 | # - 20 31 | #- name: opensuse 32 | # versions: 33 | # - all 34 | # - 12.1 35 | # - 12.2 36 | # - 12.3 37 | # - 13.1 38 | # - 13.2 39 | #- name: GenericBSD 40 | # versions: 41 | # - all 42 | # - any 43 | #- name: FreeBSD 44 | # versions: 45 | # - all 46 | # - 8.0 47 | # - 8.1 48 | # - 8.2 49 | # - 8.3 50 | # - 8.4 51 | # - 9.0 52 | # - 9.1 53 | # - 9.1 54 | # - 9.2 55 | #- name: Ubuntu 56 | # versions: 57 | # - all 58 | # - lucid 59 | # - maverick 60 | # - natty 61 | # - oneiric 62 | # - precise 63 | # - quantal 64 | # - raring 65 | # - saucy 66 | # - trusty 67 | #- name: SLES 68 | # versions: 69 | # - all 70 | # - 10SP3 71 | # - 10SP4 72 | # - 11 73 | # - 11SP1 74 | # - 11SP2 75 | # - 11SP3 76 | #- name: GenericLinux 77 | # versions: 78 | # - all 79 | # - any 80 | #- name: Debian 81 | # versions: 82 | # - all 83 | # - etch 84 | # - lenny 85 | # - squeeze 86 | # - wheezy 87 | # 88 | # Below are all categories currently available. Just as with 89 | # the platforms above, uncomment those that apply to your role. 90 | # 91 | #categories: 92 | #- cloud 93 | #- cloud:ec2 94 | #- cloud:gce 95 | #- cloud:rax 96 | #- database 97 | #- database:nosql 98 | #- database:sql 99 | #- development 100 | #- monitoring 101 | #- networking 102 | #- packaging 103 | #- system 104 | #- web 105 | dependencies: [] 106 | # List your role dependencies here, one per line. Only 107 | # dependencies available via galaxy should be listed here. 108 | # Be sure to remove the '[]' above if you add dependencies 109 | # to this list. 110 | 111 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/templates/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/__galaxy__/templates/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/__galaxy__/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/__template__: -------------------------------------------------------------------------------- 1 | __galaxy__ -------------------------------------------------------------------------------- /playbooks/example/roles/common/files/authorized_keys: -------------------------------------------------------------------------------- 1 | # Your ssh public keys go in here and will be deployed for easy login 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/common/files/insecure_sudoers: -------------------------------------------------------------------------------- 1 | # /etc/sudoers 2 | # 3 | # This file MUST be edited with the 'visudo' command as root. 4 | # 5 | # See the man page for details on how to write a sudoers file. 6 | # 7 | 8 | Defaults env_reset 9 | ###### DANGER WILL ROBINSON 10 | # Defaults !authenticate 11 | ###### THIS STOPS SUDO ASKING FOR A PASSWORD TO BECOME ROOT. 12 | ###### Kinda elegant, but dangerous as all get out. 13 | 14 | # Host alias specification 15 | 16 | # User alias specification 17 | 18 | # Cmnd alias specification 19 | 20 | # User privilege specification 21 | root ALL=(ALL) ALL 22 | 23 | # Allow members of group sudo to execute any command after they have 24 | # provided their password 25 | # (Note that later entries override this, so you might need to move 26 | # it further down) 27 | %sudo ALL=(ALL) ALL 28 | # 29 | #includedir /etc/sudoers.d 30 | 31 | # Members of the admin group may gain root privileges 32 | %admin ALL=(ALL) ALL 33 | -------------------------------------------------------------------------------- /playbooks/example/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Most times you see a handler, it'll be restarting a service. 3 | # However, they can actually run any standard module. After I've set the hostname in the /etc/hostname file, we'll call the hostname binary and set it with that too. 4 | 5 | 6 | - name: set hostname 7 | shell: /bin/hostname -F /etc/hostname 8 | -------------------------------------------------------------------------------- /playbooks/example/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is a thing I devised to set the hostname of a newly provisioned box (ideal if you use kickstart, and the new host comes up with a daft name). 3 | - name: Gather EC2 Facts 4 | action: ec2_facts 5 | 6 | - name: Set Hostname according to hosts inventory 7 | template: src=hostname.j2 dest=/etc/hostname 8 | when: set_hostname is defined 9 | notify: set hostname 10 | # This ensures that there's a line in the file /etc/hosts to describe the new hostname. 11 | - name: Ensure self-reference hostname in /etc/hosts 12 | lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line="127.0.0.1 localhost {{ set_hostname }}" owner=root group=root mode=0644 13 | when: set_hostname is defined 14 | #" 15 | 16 | # This is optional, but effectively prevents the installation of i386 packages. 17 | # Handy when you have an amd64-only local apt mirror. 18 | 19 | - name: Remove i386 architecture 20 | shell: dpkg --remove-architecture i386 21 | when: ansible_distribution_release == "saucy" 22 | tags: firstrun 23 | 24 | # This is very useful. Basically translates to "run apt-get update" on the target 25 | - name: Regenerate apt-cache 26 | apt: update_cache=yes 27 | 28 | # Skip these on EC2 hosts. 29 | # access_user is a host variable, where it's possible to set the name of the user you'll ssh in as 30 | - name: create .ssh directory 31 | file: path=/home/{{access_user}}/.ssh owner={{access_user}} group={{access_user}} mode=700 state=directory 32 | when: ansible_ec2_profile is not defined 33 | # This generates a ssh-key noninteractively. 34 | - name: generate a ssh-key for the access_user 35 | shell: ssh-keygen -t rsa -N "" -f /home/{{access_user}}/.ssh/id_rsa -q creates=/home/{{access_user}}/.ssh/id_rsa 36 | when: ansible_ec2_profile is not defined 37 | # This is a way to drop an authorized_keys file into the access_user's ssh directory, to make logging in easier. 38 | - name: deploy access ssh-key to user's authorized keys file 39 | copy: src=authorized_keys dest=/home/{{access_user}}/.ssh/authorized_keys 40 | when: ansible_ec2_profile is not defined 41 | 42 | # This deploys an *incredibly* dubious sudoers file (that'll never ask for a password to become root) - makes fast deployment easier. 43 | # Skip on EC2 44 | - name: Deploy Sudoers file 45 | copy: src=insecure_sudoers dest=/etc/sudoers mode=440 owner=root group=root 46 | when: ansible_ec2_profile is not defined 47 | 48 | # The rest of this file is really about configuring commonly used packages, useful stuff and so on. 49 | 50 | # There's two ways to call the apt module. You can do it like this, specifying one package, and its state (installed, absent) etc. 51 | - name: install python-software-properties 52 | apt: pkg=python-software-properties state=installed 53 | 54 | #If you're doing lots of packages at once, you can use with_items, and provide the apt: module with pkg={{ item }} and you get something like a foreach in [list] effect. 55 | 56 | - name: install default packages 57 | apt: pkg={{ item }} state=installed 58 | with_items: 59 | - aptitude 60 | - vim 61 | - supervisor 62 | - python-dev 63 | - htop 64 | - screen 65 | - python-pycurl 66 | - python-lxml 67 | - git-core 68 | - libncurses5-dev 69 | - build-essential 70 | - unzip 71 | - curl 72 | - libcurl3 73 | - libssl1.0.0 74 | - libsqlite3-0 75 | - libsqlite3-dev 76 | 77 | # This deploys a sane (reasonably so) config for supervisord 78 | - name: Deploy supervisord.conf 79 | template: src=supervisord.conf.j2 dest=/etc/supervisor/supervisord.conf owner=root group=root mode=644 80 | -------------------------------------------------------------------------------- /playbooks/example/roles/common/templates/hostname.j2: -------------------------------------------------------------------------------- 1 | {{ set_hostname }} 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/common/templates/supervisord.conf.j2: -------------------------------------------------------------------------------- 1 | ; supervisor config file 2 | 3 | [unix_http_server] 4 | file=/var/run/supervisor.sock ; (the path to the socket file) 5 | chmod=0700 ; sockef file mode (default 0700) 6 | 7 | [supervisord] 8 | logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) 11 | 12 | ; the below section must remain in the config file for RPC 13 | ; (supervisorctl/web interface) to work, additional interfaces may be 14 | ; added by defining them in separate rpcinterface: sections 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | 18 | [supervisorctl] 19 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 20 | 21 | ; The [include] section can just contain the "files" setting. This 22 | ; setting can list multiple files (separated by whitespace or 23 | ; newlines). It can also contain wildcards. The filenames are 24 | ; interpreted as relative to this file. Included files *cannot* 25 | ; include files themselves. 26 | 27 | [include] 28 | files = /etc/supervisor/conf.d/*.conf 29 | 30 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ======== 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by the ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | License 22 | ------- 23 | 24 | BSD 25 | 26 | Author Information 27 | ------------------ 28 | 29 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 30 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/files/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/deploy_private_git/files/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: 5 | company: your company (optional) 6 | license: license (GPLv2, CC-BY, etc) 7 | min_ansible_version: 1.2 8 | # 9 | # Below are all platforms currently available. Just uncomment 10 | # the ones that apply to your role. If you don't see your 11 | # platform on this list, let us know and we'll get it added! 12 | # 13 | #platforms: 14 | #- name: EL 15 | # versions: 16 | # - all 17 | # - 5 18 | # - 6 19 | #- name: GenericUNIX 20 | # versions: 21 | # - all 22 | # - any 23 | #- name: Fedora 24 | # versions: 25 | # - all 26 | # - 16 27 | # - 17 28 | # - 18 29 | # - 19 30 | # - 20 31 | #- name: opensuse 32 | # versions: 33 | # - all 34 | # - 12.1 35 | # - 12.2 36 | # - 12.3 37 | # - 13.1 38 | # - 13.2 39 | #- name: GenericBSD 40 | # versions: 41 | # - all 42 | # - any 43 | #- name: FreeBSD 44 | # versions: 45 | # - all 46 | # - 8.0 47 | # - 8.1 48 | # - 8.2 49 | # - 8.3 50 | # - 8.4 51 | # - 9.0 52 | # - 9.1 53 | # - 9.1 54 | # - 9.2 55 | #- name: Ubuntu 56 | # versions: 57 | # - all 58 | # - lucid 59 | # - maverick 60 | # - natty 61 | # - oneiric 62 | # - precise 63 | # - quantal 64 | # - raring 65 | # - saucy 66 | # - trusty 67 | #- name: SLES 68 | # versions: 69 | # - all 70 | # - 10SP3 71 | # - 10SP4 72 | # - 11 73 | # - 11SP1 74 | # - 11SP2 75 | # - 11SP3 76 | #- name: GenericLinux 77 | # versions: 78 | # - all 79 | # - any 80 | #- name: Debian 81 | # versions: 82 | # - all 83 | # - etch 84 | # - lenny 85 | # - squeeze 86 | # - wheezy 87 | # 88 | # Below are all categories currently available. Just as with 89 | # the platforms above, uncomment those that apply to your role. 90 | # 91 | #categories: 92 | #- cloud 93 | #- cloud:ec2 94 | #- cloud:gce 95 | #- cloud:rax 96 | #- database 97 | #- database:nosql 98 | #- database:sql 99 | #- development 100 | #- monitoring 101 | #- networking 102 | #- packaging 103 | #- system 104 | #- web 105 | dependencies: [] 106 | # List your role dependencies here, one per line. Only 107 | # dependencies available via galaxy should be listed here. 108 | # Be sure to remove the '[]' above if you add dependencies 109 | # to this list. 110 | 111 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for deploy_private_git 3 | 4 | - name: Install the requirements for setDeployKey.py 5 | apt: pkg=python-requests state=installed 6 | 7 | - name: Deploy the setDeployKey scriptlet. 8 | template: src=setDeployKey.py.j2 dest=/usr/local/bin/setDeployKey.py owner=root group=root mode=755 9 | 10 | - name: Generate a SSH key to use for deployment 11 | shell: ssh-keygen -t rsa -N "" -f /home/{{access_user}}/.ssh/deployment_rsa -q creates=/home/{{access_user}}/.ssh/deployment_rsa 12 | sudo: False 13 | tags: fuckit 14 | 15 | - name: Reconfigure permissions on keys 16 | file: path=/home/{{access_user}}/.ssh/deployment_rsa owner={{access_user}} group={{access_user}} mode=600 17 | tags: fuckit 18 | 19 | - name: Reconfigure permissions on public key 20 | file: path=/home/{{access_user}}/.ssh/deployment_rsa.pub owner={{access_user}} group={{access_user}} mode=600 21 | tags: fuckit 22 | 23 | - name: Run the setDeployKey scriptlet 24 | shell: /usr/local/bin/setDeployKey.py /home/{{access_user}}/.ssh/deployment_rsa.pub 25 | register: deploy_key_output 26 | sudo: False 27 | tags: fuckit 28 | 29 | - name: run ssh-keyscan 30 | shell: ssh-keyscan github.com >> /etc/ssh/ssh_known_hosts 31 | tags: fuckit 32 | 33 | - name: Set ssh config file for {{access_user}} for accessing github 34 | template: src=ssh_config.j2 dest=/home/{{access_user}}/.ssh/config owner={{access_user}} group={{access_user}} mode=644 35 | tags: fuckit 36 | 37 | - name: Deploy the code using the new key. 38 | git: repo={{github_repository_url}} version=HEAD dest=/home/{{access_user}}/{{repository_name}} 39 | sudo: False 40 | tags: fuckit -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/templates/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/deploy_private_git/templates/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/templates/setDeployKey.py.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import requests 4 | import json 5 | import sys 6 | import os 7 | 8 | username = "{{github_user}}" 9 | repository = "{{repository_name}}" 10 | key = open(sys.argv[1], 'r').read() 11 | key_name = os.path.splitext(sys.argv[1])[0].replace("/","_") 12 | oauth_token = "{{ansible_github_key}}" 13 | 14 | payload = { 15 | "title": key_name, 16 | "key": key 17 | } 18 | headers = {'Authorization': "token %s "% oauth_token} 19 | 20 | r = requests.post("https://api.github.com/repos/%s/%s/keys" % (username, repository), data=json.dumps(payload), headers=headers) 21 | 22 | print r.status_code, r.content 23 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/templates/ssh_config.j2: -------------------------------------------------------------------------------- 1 | Host github.com 2 | Hostname github.com 3 | IdentityFile /home/{{access_user}}/.ssh/deployment_rsa -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_private_git/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for deploy_private_git 3 | # To obtain your value for ansible_github_key, go to https://github.com/settings/applications and create a new Personal Access Token 4 | # Paste the value of the token into the value here 5 | ansible_github_key: #HERE 6 | github_user: tomoconnor 7 | repository_name: bearded-adventure 8 | github_repository_url: git@github.com:tomoconnor/bearded-adventure.git 9 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/files/thingy.nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | root /srv/thingy; 4 | server_name thingy; 5 | location / { 6 | proxy_pass http://localhost:3000; 7 | include /etc/nginx/proxy_params; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/files/thingy.super.conf: -------------------------------------------------------------------------------- 1 | [program:thingy] 2 | command=/usr/bin/nodejs /srv/thingy/thingy/app.js 3 | numprocs=1 4 | directory=/srv/thingy/thingy 5 | user=nobody 6 | stdout_logfile=/var/log/thingy.out 7 | stderr_logfile=/var/log/thingy.err 8 | environment=HOME=/srv/thingy/thingy 9 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reread supervisord 3 | shell: /usr/bin/supervisorctl reread && /usr/bin/supervisorctl update 4 | - name: restart nginx 5 | service: name=nginx state=restarted 6 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/meta/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/deploy_thingy/meta/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - { role: nodejs } 4 | - { role: nginx } 5 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create directory under /srv for thingy 3 | file: path=/srv/thingy state=directory mode=755 4 | 5 | - name: Git checkout from github 6 | git: repo=https://github.com/tomoconnor/shiny-octo-computing-machine.git 7 | dest=/srv/thingy 8 | 9 | - name: Drop Config for supervisord into the conf.d directory 10 | copy: src=thingy.super.conf dest=/etc/supervisor/conf.d/thingy.conf 11 | notify: reread supervisord 12 | 13 | - name: Drop Reverse Proxy Config for Nginx 14 | copy: src=thingy.nginx.conf dest=/etc/nginx/sites-enabled/thingy.conf 15 | notify: restart nginx 16 | 17 | 18 | -------------------------------------------------------------------------------- /playbooks/example/roles/deploy_thingy/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/gridfs/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/gridfs/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/gridfs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install the bits and bobs required for GridFS Fuse - Unfinished. 3 | 4 | - name: Install GridFS Fuse Dependencies 5 | apt: pkg={{ item }} state=installed 6 | with_items: 7 | - g++ 8 | - libfuse-dev 9 | - mongodb-dev 10 | - libboost 11 | - libssl-dev 12 | - libssl1.0.0 13 | -------------------------------------------------------------------------------- /playbooks/example/roles/gridfs/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is nice and simple. One to start, one to restart 3 | - name: start memcached 4 | service: name=memcached state=started 5 | - name: restart memcached 6 | service: name=memcached state=restarted 7 | -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/meta/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/memcached/meta/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Memcached from Ubuntu repos 3 | apt: pkg={{item}} state=installed 4 | with_items: 5 | - memcached 6 | - libmemcached-dev 7 | # - name: Do Something 8 | # action: 9 | -------------------------------------------------------------------------------- /playbooks/example/roles/memcached/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/mongodb/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install mongodb from the 10gen repository 3 | - name: Add the Apt-key for the 10gen repository 4 | apt_key: id=7F0CEB10 url=http://docs.mongodb.org/10gen-gpg-key.asc 5 | 6 | 7 | - name: Add the Apt-repository for 10gen 8 | apt_repository: repo="deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" state=present update_cache=yes 9 | # See, that gives us the option to run apt-get update after too! 10 | 11 | - name: Install MongoDB Packages and requirements 12 | apt: pkg={{ item }} state=installed force=yes 13 | with_items: 14 | - mongodb-10gen 15 | - python-pymongo 16 | - python-pymongo-ext 17 | - python-bson 18 | - python-bson-ext 19 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/files/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 4; 3 | pid /run/nginx.pid; 4 | 5 | events { 6 | worker_connections 768; 7 | # multi_accept on; 8 | } 9 | 10 | http { 11 | 12 | ## 13 | # Basic Settings 14 | ## 15 | 16 | sendfile on; 17 | tcp_nopush on; 18 | tcp_nodelay on; 19 | keepalive_timeout 65; 20 | types_hash_max_size 2048; 21 | # server_tokens off; 22 | 23 | # server_names_hash_bucket_size 64; 24 | # server_name_in_redirect off; 25 | 26 | include /etc/nginx/mime.types; 27 | default_type application/octet-stream; 28 | 29 | ## 30 | # Logging Settings 31 | ## 32 | 33 | access_log /var/log/nginx/access.log; 34 | error_log /var/log/nginx/error.log; 35 | 36 | ## 37 | # Gzip Settings 38 | ## 39 | 40 | gzip on; 41 | gzip_disable "msie6"; 42 | 43 | # gzip_vary on; 44 | # gzip_proxied any; 45 | # gzip_comp_level 6; 46 | # gzip_buffers 16 8k; 47 | # gzip_http_version 1.1; 48 | # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 49 | 50 | ## 51 | # nginx-naxsi config 52 | ## 53 | # Uncomment it if you installed nginx-naxsi 54 | ## 55 | 56 | #include /etc/nginx/naxsi_core.rules; 57 | 58 | ## 59 | # Virtual Host Configs 60 | ## 61 | 62 | include /etc/nginx/conf.d/*.conf; 63 | include /etc/nginx/sites-enabled/*; 64 | } 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/files/proxy.conf: -------------------------------------------------------------------------------- 1 | proxy_redirect off; 2 | proxy_connect_timeout 90; 3 | proxy_send_timeout 90; 4 | proxy_read_timeout 90; 5 | proxy_buffer_size 16k; 6 | proxy_buffers 32 16k; 7 | proxy_busy_buffers_size 64k; 8 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart nginx 3 | service: name=nginx state=restarted 4 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/meta/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/nginx/meta/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install Nginx 3 | apt: pkg=nginx state=installed 4 | 5 | - name: Drop updated nginx.conf file 6 | copy: src=nginx.conf dest=/etc/nginx/nginx.conf owner=root group=root mode=644 7 | notify: restart nginx 8 | 9 | - name: Add proxy settings file 10 | copy: src=proxy.conf dest=/etc/nginx/conf.d/proxy.conf owner=root group=root mode=644 11 | notify: restart nginx 12 | 13 | - name: Remove Default Site Configuration 14 | file: path=/etc/nginx/sites-enabled/default state=absent 15 | notify: restart nginx 16 | 17 | - name: Start Nginx 18 | service: name=nginx state=started 19 | -------------------------------------------------------------------------------- /playbooks/example/roles/nginx/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/nodejs/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/nodejs/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/nodejs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install nodejs 3 | apt: pkg=nodejs state=installed 4 | - name: Install node-dev 5 | apt: pkg=nodejs-dev state=installed 6 | - name: Install npm 7 | apt: pkg=npm state=installed 8 | 9 | # I've no idea if this is a good idea or not, but I've found some old things like it. 10 | 11 | - name: Create symlink for legacy code node->nodejs 12 | file: src=/usr/bin/nodejs dest=/usr/local/bin/node state=link 13 | when: ansible_distribution_release == "saucy" 14 | 15 | - name: Create symlink for legacy node platforms 16 | file: src=/usr/bin/node dest=/usr/bin/nodejs state=link 17 | when: ansible_distribution_release != "saucy" 18 | -------------------------------------------------------------------------------- /playbooks/example/roles/nodejs/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/redis/files/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/redis/handlers/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/redis/meta/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/example/roles/redis/meta/.empty -------------------------------------------------------------------------------- /playbooks/example/roles/redis/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add the Redis PPA 3 | apt_repository: repo='ppa:rwky/redis' update_cache=yes 4 | 5 | - name: Install Redis from PPA 6 | apt: pkg=redis-server state=installed 7 | 8 | - name: Start Redis 9 | service: name=redis-server state=started 10 | -------------------------------------------------------------------------------- /playbooks/example/roles/redis/templates/.empty: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart nginx 3 | service: name=nginx state=restarted 4 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install GnuPG 3 | apt: pkg=gnupg state=installed 4 | 5 | - name: Install dpkg-sig 6 | apt: pkg=dpkg-sig 7 | - name: Install Reprepro 8 | apt: pkg=reprepro state=installed 9 | 10 | # the file: module can take with_items too, here we're creating a bunch of directories. 11 | - name: Bootstrap directories 12 | file: path={{ item }} state=directory 13 | with_items: 14 | - /var/packages 15 | - /var/packages/ubuntu 16 | - /var/packages/ubuntu/conf 17 | - /var/packages/import 18 | 19 | - name: Set permissions on /var/packages 20 | file: path=/var/packages mode=777 recurse=yes 21 | 22 | # This allows us to non-interactively generate a GPG key. 23 | - name: Copy GPG Key Template 24 | template: src=gpg_template.j2 dest=/var/packages/signing_key_info 25 | 26 | # One thing you'll probably find on a headless server is it's tricky to get enough entropy to generate big keys. 27 | # so we'll install something to add more entropy to /dev/urandom 28 | - name: Install Randomiser top-up 29 | apt: pkg=rng-tools state=installed 30 | 31 | # this starts the rng daemon, and tells it to inject into /dev/urandom 32 | - name: Start Randomiser Daemon 33 | shell: rngd -b -r /dev/urandom 34 | 35 | # this uses the file we deployed earlier on, and generates a GPG key with it. 36 | - name: Generate Package Signing Key 37 | shell: gpg --batch --gen-key /var/packages/signing_key_info 38 | 39 | # This allows us to deploy the distributions file which reprepro uses to manage the repository 40 | - name: Deploy Local Distribution file 41 | template: src=distributions.j2 dest=/var/packages/ubuntu/conf/distributions 42 | 43 | - name: Deploy Local Options file 44 | template: src=options.j2 dest=/var/packages/ubuntu/conf/options 45 | 46 | - name: Install NginX 47 | apt: pkg=nginx state=installed 48 | 49 | - name: Install Nginx Config Vhost 50 | template: src=repository.conf.j2 dest=/etc/nginx/sites-available/repository.conf 51 | 52 | - name: Remove Default Configuration 53 | file: path=/etc/nginx/sites-enabled/default state=absent 54 | 55 | - name: Symlink the config file 56 | file: src=/etc/nginx/sites-available/repository.conf path=/etc/nginx/sites-enabled/repository.conf state=link 57 | notify: 58 | - restart nginx 59 | # Have a look in repository/handlers/main.yml for the handler 'restart nginx' 60 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/templates/distributions.j2: -------------------------------------------------------------------------------- 1 | Origin: example 2 | Label: example 3 | Codename: example 4 | Architectures: amd64 5 | Components: main 6 | Description: EXAMPLE APT Repository 7 | 8 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/templates/gpg_template.j2: -------------------------------------------------------------------------------- 1 | %echo Generating a GPG key for package signing 2 | Key-Type: RSA 3 | Key-Length: 2048 4 | Name-Real: REPLACE_WITH_YOUR_NAME 5 | Name-Comment: Package Signing Key 6 | Name-Email: REPLACE_WITH_YOUR@EMAIL.ADDR 7 | Expire-Date: 10y 8 | %no-ask-passphrase 9 | %commit 10 | %echo Done 11 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/templates/options.j2: -------------------------------------------------------------------------------- 1 | verbose 2 | basedir /var/packages/ubuntu 3 | -------------------------------------------------------------------------------- /playbooks/example/roles/repository/templates/repository.conf.j2: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 ; 3 | listen [::]:80 ipv6only=on; 4 | 5 | server_name example-repository; 6 | gzip on; 7 | location / { 8 | root /var/packages/ubuntu/; 9 | autoindex on; 10 | } 11 | 12 | } 13 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/files/dnsmasq.default: -------------------------------------------------------------------------------- 1 | # This file has five functions: 2 | # 1) to completely disable starting dnsmasq, 3 | # 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 4 | # 3) to select an alternative config file 5 | # by setting DNSMASQ_OPTS to --conf-file= 6 | # 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for 7 | # more configuration variables. 8 | # 5) to stop the resolvconf package from controlling dnsmasq's 9 | # idea of which upstream nameservers to use. 10 | # For upgraders from very old versions, all the shell variables set 11 | # here in previous versions are still honored by the init script 12 | # so if you just keep your old version of this file nothing will break. 13 | 14 | #DOMAIN_SUFFIX=`dnsdomainname` 15 | #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" 16 | 17 | # Whether or not to run the dnsmasq daemon; set to 0 to disable. 18 | ENABLED=1 19 | 20 | # By default search this drop directory for configuration options. 21 | # Libvirt leaves a file here to make the system dnsmasq play nice. 22 | # Comment out this line if you don't want this. The dpkg-* are file 23 | # endings which cause dnsmasq to skip that file. This avoids pulling 24 | # in backups made by dpkg. 25 | CONFIG_DIR=/etc/dnsmasq.d 26 | 27 | # If the resolvconf package is installed, dnsmasq will use its output 28 | # rather than the contents of /etc/resolv.conf to find upstream 29 | # nameservers. Uncommenting this line inhibits this behaviour. 30 | # Not that including a "resolv-file=" line in 31 | # /etc/dnsmasq.conf is not enough to override resolvconf if it is 32 | # installed: the line below must be uncommented. 33 | #IGNORE_RESOLVCONF=yes 34 | 35 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # There's quite a lot of service handlers here, Mostly because I haven't split stuff out into full role modules yet. 3 | - name: restart apache 4 | service: name=apache2 state=restarted 5 | 6 | - name: restart dnsmasq 7 | service: name=dnsmasq state=restarted 8 | 9 | - name: reread supervisord 10 | shell: /usr/bin/supervisorctl reread && /usr/bin/supervisorctl update 11 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # The meta directory of a role is the place to set inter-role dependencies. Here we're stating that service_example relies on the nodejs role. 3 | 4 | dependencies: 5 | - { role: nodejs } 6 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is basically the whole install script for a dummy service, basically to show you how it all works. 3 | - name: Install Apache2 and modules 4 | apt: pkg={{ item }} state=installed 5 | with_items: 6 | - apache2 7 | - apache2-utils 8 | 9 | - name: install python greenlets 10 | apt: pkg=python-greenlet state=installed 11 | 12 | - name: install python-six 13 | apt: pkg=python-six state=installed 14 | 15 | - name: Install Other Required Packages 16 | apt: pkg={{ item }} state=installed force=yes 17 | with_items: 18 | - gdal-bin 19 | - python-scipy 20 | - python-sphinx 21 | - python-mdp 22 | - libcw3 23 | - libcw3-dev 24 | 25 | # This is a nice example of how shell/creates works, because of course, all a2enmod does is create a symlink (or more than one) 26 | - name: Enable Apache Proxying 27 | shell: /usr/sbin/a2enmod proxy creates=/etc/apache2/mods-enabled/proxy.conf 28 | notify: restart apache 29 | 30 | - name: Enable apache Proxy_http 31 | shell: /usr/sbin/a2enmod proxy_http creates=/etc/apache2/mods-enabled/proxy_http.load 32 | notify: restart apache 33 | 34 | # This deploys the vhost configuration 35 | - name: Install Apache2 settings for thingyservice 36 | template: src=thingyservice.conf.j2 dest=/etc/apache2/sites-available/thingyservice.conf mode=644 37 | notify: restart apache 38 | 39 | # This enables the vhost 40 | - name: Enable thingyservice 41 | file: src=/etc/apache2/sites-available/thingyservice.conf dest=/etc/apache2/sites-enabled/thingyservice.conf state=link 42 | notify: restart apache 43 | # Notify will only get run once, but we want to be able to notify if either the file changes, or the link. 44 | # It's possible to do this with shell: a2enmod {{site}} creates=/etc/apache2/sites-enabled/blah.conf and it'll still skip it if it exists. 45 | 46 | - name: Remove apache default configuration 47 | file: path=/etc/apache2/sites-enabled/000-default.conf state=absent 48 | notify: restart apache 49 | # The default vhost config can be a right pain in the arse, if left enabled. 50 | 51 | 52 | # let's pretend thingyservice needs dnsmasq too 53 | - name: Install Dnsmasq 54 | apt: pkg=dnsmasq state=installed 55 | 56 | # We can use a template (or copy: ) to deploy a file to a place, then notify a service. 57 | - name: Configure Dnsmasq 58 | template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf 59 | notify: restart dnsmasq 60 | 61 | 62 | # Here, we'll copy a file in, then trigger a notify. 63 | - name: Configure Dnsmasq's default file 64 | copy: src=dnsmasq.default dest=/etc/default/dnsmasq mode=644 owner=root group=root 65 | notify: restart dnsmasq 66 | 67 | # This enables the service so that it'll come back after a reboot. 68 | - name: Enable Dnsmasq service 69 | service: name=dnsmasq enabled=yes 70 | 71 | # This will drop a config file for supervisor and reread the config, then run update to start newly available services 72 | - name: Deploy configuration for Supervisord--Thingyservice 73 | template: src=thingyservice.super.conf.j2 dest=/etc/supervisor/conf.d/thingyservice.conf 74 | notify: reread supervisord 75 | # as you might have noticed, notify handlers can have any name (within reason) 76 | 77 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/templates/dnsmasq.conf.j2: -------------------------------------------------------------------------------- 1 | # Configuration file for dnsmasq. 2 | # 3 | # Format is one option per line, legal options are the same 4 | # as the long options legal on the command line. See 5 | # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. 6 | 7 | # Listen on this specific port instead of the standard DNS port 8 | # (53). Setting this to zero completely disables DNS function, 9 | # leaving only DHCP and/or TFTP. 10 | #port=5353 11 | 12 | # The following two options make you a better netizen, since they 13 | # tell dnsmasq to filter out queries which the public DNS cannot 14 | # answer, and which load the servers (especially the root servers) 15 | # unnecessarily. If you have a dial-on-demand link they also stop 16 | # these requests from bringing up the link unnecessarily. 17 | 18 | # Never forward plain names (without a dot or domain part) 19 | #domain-needed 20 | # Never forward addresses in the non-routed address spaces. 21 | #bogus-priv 22 | 23 | 24 | # Uncomment this to filter useless windows-originated DNS requests 25 | # which can trigger dial-on-demand links needlessly. 26 | # Note that (amongst other things) this blocks all SRV requests, 27 | # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. 28 | # This option only affects forwarding, SRV records originating for 29 | # dnsmasq (via srv-host= lines) are not suppressed by it. 30 | #filterwin2k 31 | 32 | # Change this line if you want dns to get its upstream servers from 33 | # somewhere other that /etc/resolv.conf 34 | #resolv-file=/etc/resolv.conf 35 | 36 | # By default, dnsmasq will send queries to any of the upstream 37 | # servers it knows about and tries to favour servers to are known 38 | # to be up. Uncommenting this forces dnsmasq to try each query 39 | # with each server strictly in the order they appear in 40 | # /etc/resolv.conf 41 | strict-order 42 | 43 | # If you don't want dnsmasq to read /etc/resolv.conf or any other 44 | # file, getting its servers from this file instead (see below), then 45 | # uncomment this. 46 | no-resolv 47 | 48 | # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv 49 | # files for changes and re-read them then uncomment this. 50 | #no-poll 51 | 52 | # Add other name servers here, with domain specs if they are for 53 | # non-public domains. 54 | #server=/localnet/192.168.0.1 55 | 56 | # Example of routing PTR queries to nameservers: this will send all 57 | # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 58 | #server=/3.168.192.in-addr.arpa/10.1.2.3 59 | 60 | # Add local-only domains here, queries in these domains are answered 61 | # from /etc/hosts or DHCP only. 62 | #local=/localnet/ 63 | 64 | # Add domains which you want to force to an IP address here. 65 | # The example below send any host in double-click.net to a local 66 | # web-server. 67 | #address=/double-click.net/127.0.0.1 68 | 69 | # --address (and --server) work with IPv6 addresses too. 70 | #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 71 | 72 | # Add the IPs of all queries to yahoo.com, google.com, and their 73 | # subdomains to the vpn and search ipsets: 74 | #ipset=/yahoo.com/google.com/vpn,search 75 | 76 | # You can control how dnsmasq talks to a server: this forces 77 | # queries to 10.1.2.3 to be routed via eth1 78 | # server=10.1.2.3@eth1 79 | 80 | # and this sets the source (ie local) address used to talk to 81 | # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that 82 | # IP on the machine, obviously). 83 | # server=10.1.2.3@192.168.1.1#55 84 | 85 | # If you want dnsmasq to change uid and gid to something other 86 | # than the default, edit the following lines. 87 | #user= 88 | #group= 89 | 90 | # If you want dnsmasq to listen for DHCP and DNS requests only on 91 | # specified interfaces (and the loopback) give the name of the 92 | # interface (eg eth0) here. 93 | # Repeat the line for more than one interface. 94 | #interface= 95 | # Or you can specify which interface _not_ to listen on 96 | #except-interface= 97 | # Or which to listen on by address (remember to include 127.0.0.1 if 98 | # you use this.) 99 | #listen-address= 100 | # If you want dnsmasq to provide only DNS service on an interface, 101 | # configure it as shown above, and then use the following line to 102 | # disable DHCP and TFTP on it. 103 | #no-dhcp-interface= 104 | 105 | # On systems which support it, dnsmasq binds the wildcard address, 106 | # even when it is listening on only some interfaces. It then discards 107 | # requests that it shouldn't reply to. This has the advantage of 108 | # working even when interfaces come and go and change address. If you 109 | # want dnsmasq to really bind only the interfaces it is listening on, 110 | # uncomment this option. About the only time you may need this is when 111 | # running another nameserver on the same machine. 112 | #bind-interfaces 113 | 114 | # If you don't want dnsmasq to read /etc/hosts, uncomment the 115 | # following line. 116 | #no-hosts 117 | # or if you want it to read another file, as well as /etc/hosts, use 118 | # this. 119 | #addn-hosts=/etc/banner_add_hosts 120 | 121 | # Set this (and domain: see below) if you want to have a domain 122 | # automatically added to simple names in a hosts-file. 123 | expand-hosts 124 | 125 | # Set the domain for dnsmasq. this is optional, but if it is set, it 126 | # does the following things. 127 | # 1) Allows DHCP hosts to have fully qualified domain names, as long 128 | # as the domain part matches this setting. 129 | # 2) Sets the "domain" DHCP option thereby potentially setting the 130 | # domain of all systems configured by DHCP 131 | # 3) Provides the domain part for "expand-hosts" 132 | domain=local 133 | 134 | # Set a different domain for a particular subnet 135 | #domain=wireless.thekelleys.org.uk,192.168.2.0/24 136 | 137 | # Same idea, but range rather then subnet 138 | #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 139 | 140 | # Uncomment this to enable the integrated DHCP server, you need 141 | # to supply the range of addresses available for lease and optionally 142 | # a lease time. If you have more than one network, you will need to 143 | # repeat this for each network on which you want to supply DHCP 144 | # service. 145 | #dhcp-range=192.168.0.50,192.168.0.150,12h 146 | 147 | # This is an example of a DHCP range where the netmask is given. This 148 | # is needed for networks we reach the dnsmasq DHCP server via a relay 149 | # agent. If you don't know what a DHCP relay agent is, you probably 150 | # don't need to worry about this. 151 | #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h 152 | 153 | # This is an example of a DHCP range which sets a tag, so that 154 | # some DHCP options may be set only for this network. 155 | #dhcp-range=set:red,192.168.0.50,192.168.0.150 156 | 157 | # Use this DHCP range only when the tag "green" is set. 158 | #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h 159 | 160 | # Specify a subnet which can't be used for dynamic address allocation, 161 | # is available for hosts with matching --dhcp-host lines. Note that 162 | # dhcp-host declarations will be ignored unless there is a dhcp-range 163 | # of some type for the subnet in question. 164 | # In this case the netmask is implied (it comes from the network 165 | # configuration on the machine running dnsmasq) it is possible to give 166 | # an explicit netmask instead. 167 | #dhcp-range=192.168.0.0,static 168 | 169 | # Enable DHCPv6. Note that the prefix-length does not need to be specified 170 | # and defaults to 64 if missing/ 171 | #dhcp-range=1234::2, 1234::500, 64, 12h 172 | 173 | # Do Router Advertisements, BUT NOT DHCP for this subnet. 174 | #dhcp-range=1234::, ra-only 175 | 176 | # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and 177 | # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 178 | # hosts. Use the DHCPv4 lease to derive the name, network segment and 179 | # MAC address and assume that the host will also have an 180 | # IPv6 address calculated using the SLAAC alogrithm. 181 | #dhcp-range=1234::, ra-names 182 | 183 | # Do Router Advertisements, BUT NOT DHCP for this subnet. 184 | # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) 185 | #dhcp-range=1234::, ra-only, 48h 186 | 187 | # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA 188 | # so that clients can use SLAAC addresses as well as DHCP ones. 189 | #dhcp-range=1234::2, 1234::500, slaac 190 | 191 | # Do Router Advertisements and stateless DHCP for this subnet. Clients will 192 | # not get addresses from DHCP, but they will get other configuration information. 193 | # They will use SLAAC for addresses. 194 | #dhcp-range=1234::, ra-stateless 195 | 196 | # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses 197 | # from DHCPv4 leases. 198 | #dhcp-range=1234::, ra-stateless, ra-names 199 | 200 | # Do router advertisements for all subnets where we're doing DHCPv6 201 | # Unless overriden by ra-stateless, ra-names, et al, the router 202 | # advertisements will have the M and O bits set, so that the clients 203 | # get addresses and configuration from DHCPv6, and the A bit reset, so the 204 | # clients don't use SLAAC addresses. 205 | #enable-ra 206 | 207 | # Supply parameters for specified hosts using DHCP. There are lots 208 | # of valid alternatives, so we will give examples of each. Note that 209 | # IP addresses DO NOT have to be in the range given above, they just 210 | # need to be on the same network. The order of the parameters in these 211 | # do not matter, it's permissible to give name, address and MAC in any 212 | # order. 213 | 214 | # Always allocate the host with Ethernet address 11:22:33:44:55:66 215 | # The IP address 192.168.0.60 216 | #dhcp-host=11:22:33:44:55:66,192.168.0.60 217 | 218 | # Always set the name of the host with hardware address 219 | # 11:22:33:44:55:66 to be "fred" 220 | #dhcp-host=11:22:33:44:55:66,fred 221 | 222 | # Always give the host with Ethernet address 11:22:33:44:55:66 223 | # the name fred and IP address 192.168.0.60 and lease time 45 minutes 224 | #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m 225 | 226 | # Give a host with Ethernet address 11:22:33:44:55:66 or 227 | # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume 228 | # that these two Ethernet interfaces will never be in use at the same 229 | # time, and give the IP address to the second, even if it is already 230 | # in use by the first. Useful for laptops with wired and wireless 231 | # addresses. 232 | #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 233 | 234 | # Give the machine which says its name is "bert" IP address 235 | # 192.168.0.70 and an infinite lease 236 | #dhcp-host=bert,192.168.0.70,infinite 237 | 238 | # Always give the host with client identifier 01:02:02:04 239 | # the IP address 192.168.0.60 240 | #dhcp-host=id:01:02:02:04,192.168.0.60 241 | 242 | # Always give the host with client identifier "marjorie" 243 | # the IP address 192.168.0.60 244 | #dhcp-host=id:marjorie,192.168.0.60 245 | 246 | # Enable the address given for "judge" in /etc/hosts 247 | # to be given to a machine presenting the name "judge" when 248 | # it asks for a DHCP lease. 249 | #dhcp-host=judge 250 | 251 | # Never offer DHCP service to a machine whose Ethernet 252 | # address is 11:22:33:44:55:66 253 | #dhcp-host=11:22:33:44:55:66,ignore 254 | 255 | # Ignore any client-id presented by the machine with Ethernet 256 | # address 11:22:33:44:55:66. This is useful to prevent a machine 257 | # being treated differently when running under different OS's or 258 | # between PXE boot and OS boot. 259 | #dhcp-host=11:22:33:44:55:66,id:* 260 | 261 | # Send extra options which are tagged as "red" to 262 | # the machine with Ethernet address 11:22:33:44:55:66 263 | #dhcp-host=11:22:33:44:55:66,set:red 264 | 265 | # Send extra options which are tagged as "red" to 266 | # any machine with Ethernet address starting 11:22:33: 267 | #dhcp-host=11:22:33:*:*:*,set:red 268 | 269 | # Give a fixed IPv6 address and name to client with 270 | # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 271 | # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. 272 | # Note also the they [] around the IPv6 address are obilgatory. 273 | #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 274 | 275 | # Ignore any clients which are not specified in dhcp-host lines 276 | # or /etc/ethers. Equivalent to ISC "deny unknown-clients". 277 | # This relies on the special "known" tag which is set when 278 | # a host is matched. 279 | #dhcp-ignore=tag:!known 280 | 281 | # Send extra options which are tagged as "red" to any machine whose 282 | # DHCP vendorclass string includes the substring "Linux" 283 | #dhcp-vendorclass=set:red,Linux 284 | 285 | # Send extra options which are tagged as "red" to any machine one 286 | # of whose DHCP userclass strings includes the substring "accounts" 287 | #dhcp-userclass=set:red,accounts 288 | 289 | # Send extra options which are tagged as "red" to any machine whose 290 | # MAC address matches the pattern. 291 | #dhcp-mac=set:red,00:60:8C:*:*:* 292 | 293 | # If this line is uncommented, dnsmasq will read /etc/ethers and act 294 | # on the ethernet-address/IP pairs found there just as if they had 295 | # been given as --dhcp-host options. Useful if you keep 296 | # MAC-address/host mappings there for other purposes. 297 | #read-ethers 298 | 299 | # Send options to hosts which ask for a DHCP lease. 300 | # See RFC 2132 for details of available options. 301 | # Common options can be given to dnsmasq by name: 302 | # run "dnsmasq --help dhcp" to get a list. 303 | # Note that all the common settings, such as netmask and 304 | # broadcast address, DNS server and default route, are given 305 | # sane defaults by dnsmasq. You very likely will not need 306 | # any dhcp-options. If you use Windows clients and Samba, there 307 | # are some options which are recommended, they are detailed at the 308 | # end of this section. 309 | 310 | # Override the default route supplied by dnsmasq, which assumes the 311 | # router is the same machine as the one running dnsmasq. 312 | #dhcp-option=3,1.2.3.4 313 | 314 | # Do the same thing, but using the option name 315 | #dhcp-option=option:router,1.2.3.4 316 | 317 | # Override the default route supplied by dnsmasq and send no default 318 | # route at all. Note that this only works for the options sent by 319 | # default (1, 3, 6, 12, 28) the same line will send a zero-length option 320 | # for all other option numbers. 321 | #dhcp-option=3 322 | 323 | # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 324 | #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 325 | 326 | # Send DHCPv6 option. Note [] around IPv6 addresses. 327 | #dhcp-option=option6:dns-server,[1234::77],[1234::88] 328 | 329 | # Send DHCPv6 option for namservers as the machine running 330 | # dnsmasq and another. 331 | #dhcp-option=option6:dns-server,[::],[1234::88] 332 | 333 | # Ask client to poll for option changes every six hours. (RFC4242) 334 | #dhcp-option=option6:information-refresh-time,6h 335 | 336 | # Set the NTP time server address to be the same machine as 337 | # is running dnsmasq 338 | #dhcp-option=42,0.0.0.0 339 | 340 | # Set the NIS domain name to "welly" 341 | #dhcp-option=40,welly 342 | 343 | # Set the default time-to-live to 50 344 | #dhcp-option=23,50 345 | 346 | # Set the "all subnets are local" flag 347 | #dhcp-option=27,1 348 | 349 | # Send the etherboot magic flag and then etherboot options (a string). 350 | #dhcp-option=128,e4:45:74:68:00:00 351 | #dhcp-option=129,NIC=eepro100 352 | 353 | # Specify an option which will only be sent to the "red" network 354 | # (see dhcp-range for the declaration of the "red" network) 355 | # Note that the tag: part must precede the option: part. 356 | #dhcp-option = tag:red, option:ntp-server, 192.168.1.1 357 | 358 | # The following DHCP options set up dnsmasq in the same way as is specified 359 | # for the ISC dhcpcd in 360 | # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt 361 | # adapted for a typical dnsmasq installation where the host running 362 | # dnsmasq is also the host running samba. 363 | # you may want to uncomment some or all of them if you use 364 | # Windows clients and Samba. 365 | #dhcp-option=19,0 # option ip-forwarding off 366 | #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) 367 | #dhcp-option=45,0.0.0.0 # netbios datagram distribution server 368 | #dhcp-option=46,8 # netbios node type 369 | 370 | # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. 371 | #dhcp-option=252,"\n" 372 | 373 | # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client 374 | # probably doesn't support this...... 375 | #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com 376 | 377 | # Send RFC-3442 classless static routes (note the netmask encoding) 378 | #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 379 | 380 | # Send vendor-class specific options encapsulated in DHCP option 43. 381 | # The meaning of the options is defined by the vendor-class so 382 | # options are sent only when the client supplied vendor class 383 | # matches the class given here. (A substring match is OK, so "MSFT" 384 | # matches "MSFT" and "MSFT 5.0"). This example sets the 385 | # mtftp address to 0.0.0.0 for PXEClients. 386 | #dhcp-option=vendor:PXEClient,1,0.0.0.0 387 | 388 | # Send microsoft-specific option to tell windows to release the DHCP lease 389 | # when it shuts down. Note the "i" flag, to tell dnsmasq to send the 390 | # value as a four-byte integer - that's what microsoft wants. See 391 | # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true 392 | #dhcp-option=vendor:MSFT,2,1i 393 | 394 | # Send the Encapsulated-vendor-class ID needed by some configurations of 395 | # Etherboot to allow is to recognise the DHCP server. 396 | #dhcp-option=vendor:Etherboot,60,"Etherboot" 397 | 398 | # Send options to PXELinux. Note that we need to send the options even 399 | # though they don't appear in the parameter request list, so we need 400 | # to use dhcp-option-force here. 401 | # See http://syslinux.zytor.com/pxe.php#special for details. 402 | # Magic number - needed before anything else is recognised 403 | #dhcp-option-force=208,f1:00:74:7e 404 | # Configuration file name 405 | #dhcp-option-force=209,configs/common 406 | # Path prefix 407 | #dhcp-option-force=210,/tftpboot/pxelinux/files/ 408 | # Reboot time. (Note 'i' to send 32-bit value) 409 | #dhcp-option-force=211,30i 410 | 411 | # Set the boot filename for netboot/PXE. You will only need 412 | # this is you want to boot machines over the network and you will need 413 | # a TFTP server; either dnsmasq's built in TFTP server or an 414 | # external one. (See below for how to enable the TFTP server.) 415 | #dhcp-boot=pxelinux.0 416 | 417 | # The same as above, but use custom tftp-server instead machine running dnsmasq 418 | #dhcp-boot=pxelinux,server.name,192.168.1.100 419 | 420 | # Boot for Etherboot gPXE. The idea is to send two different 421 | # filenames, the first loads gPXE, and the second tells gPXE what to 422 | # load. The dhcp-match sets the gpxe tag for requests from gPXE. 423 | #dhcp-match=set:gpxe,175 # gPXE sends a 175 option. 424 | #dhcp-boot=tag:!gpxe,undionly.kpxe 425 | #dhcp-boot=mybootimage 426 | 427 | # Encapsulated options for Etherboot gPXE. All the options are 428 | # encapsulated within option 175 429 | #dhcp-option=encap:175, 1, 5b # priority code 430 | #dhcp-option=encap:175, 176, 1b # no-proxydhcp 431 | #dhcp-option=encap:175, 177, string # bus-id 432 | #dhcp-option=encap:175, 189, 1b # BIOS drive code 433 | #dhcp-option=encap:175, 190, user # iSCSI username 434 | #dhcp-option=encap:175, 191, pass # iSCSI password 435 | 436 | # Test for the architecture of a netboot client. PXE clients are 437 | # supposed to send their architecture as option 93. (See RFC 4578) 438 | #dhcp-match=peecees, option:client-arch, 0 #x86-32 439 | #dhcp-match=itanics, option:client-arch, 2 #IA64 440 | #dhcp-match=hammers, option:client-arch, 6 #x86-64 441 | #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 442 | 443 | # Do real PXE, rather than just booting a single file, this is an 444 | # alternative to dhcp-boot. 445 | #pxe-prompt="What system shall I netboot?" 446 | # or with timeout before first available action is taken: 447 | #pxe-prompt="Press F8 for menu.", 60 448 | 449 | # Available boot services. for PXE. 450 | #pxe-service=x86PC, "Boot from local disk" 451 | 452 | # Loads /pxelinux.0 from dnsmasq TFTP server. 453 | #pxe-service=x86PC, "Install Linux", pxelinux 454 | 455 | # Loads /pxelinux.0 from TFTP server at 1.2.3.4. 456 | # Beware this fails on old PXE ROMS. 457 | #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 458 | 459 | # Use bootserver on network, found my multicast or broadcast. 460 | #pxe-service=x86PC, "Install windows from RIS server", 1 461 | 462 | # Use bootserver at a known IP address. 463 | #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 464 | 465 | # If you have multicast-FTP available, 466 | # information for that can be passed in a similar way using options 1 467 | # to 5. See page 19 of 468 | # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf 469 | 470 | 471 | # Enable dnsmasq's built-in TFTP server 472 | #enable-tftp 473 | 474 | # Set the root directory for files available via FTP. 475 | #tftp-root=/var/ftpd 476 | 477 | # Make the TFTP server more secure: with this set, only files owned by 478 | # the user dnsmasq is running as will be send over the net. 479 | #tftp-secure 480 | 481 | # This option stops dnsmasq from negotiating a larger blocksize for TFTP 482 | # transfers. It will slow things down, but may rescue some broken TFTP 483 | # clients. 484 | #tftp-no-blocksize 485 | 486 | # Set the boot file name only when the "red" tag is set. 487 | #dhcp-boot=tag:red,pxelinux.red-net 488 | 489 | # An example of dhcp-boot with an external TFTP server: the name and IP 490 | # address of the server are given after the filename. 491 | # Can fail with old PXE ROMS. Overridden by --pxe-service. 492 | #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 493 | 494 | # If there are multiple external tftp servers having a same name 495 | # (using /etc/hosts) then that name can be specified as the 496 | # tftp_servername (the third option to dhcp-boot) and in that 497 | # case dnsmasq resolves this name and returns the resultant IP 498 | # addresses in round robin fasion. This facility can be used to 499 | # load balance the tftp load among a set of servers. 500 | #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name 501 | 502 | # Set the limit on DHCP leases, the default is 150 503 | #dhcp-lease-max=150 504 | 505 | # The DHCP server needs somewhere on disk to keep its lease database. 506 | # This defaults to a sane location, but if you want to change it, use 507 | # the line below. 508 | #dhcp-leasefile=/var/lib/misc/dnsmasq.leases 509 | 510 | # Set the DHCP server to authoritative mode. In this mode it will barge in 511 | # and take over the lease for any client which broadcasts on the network, 512 | # whether it has a record of the lease or not. This avoids long timeouts 513 | # when a machine wakes up on a new network. DO NOT enable this if there's 514 | # the slightest chance that you might end up accidentally configuring a DHCP 515 | # server for your campus/company accidentally. The ISC server uses 516 | # the same option, and this URL provides more information: 517 | # http://www.isc.org/files/auth.html 518 | #dhcp-authoritative 519 | 520 | # Run an executable when a DHCP lease is created or destroyed. 521 | # The arguments sent to the script are "add" or "del", 522 | # then the MAC address, the IP address and finally the hostname 523 | # if there is one. 524 | #dhcp-script=/bin/echo 525 | 526 | # Set the cachesize here. 527 | #cache-size=150 528 | 529 | # If you want to disable negative caching, uncomment this. 530 | #no-negcache 531 | 532 | # Normally responses which come from /etc/hosts and the DHCP lease 533 | # file have Time-To-Live set as zero, which conventionally means 534 | # do not cache further. If you are happy to trade lower load on the 535 | # server for potentially stale date, you can set a time-to-live (in 536 | # seconds) here. 537 | #local-ttl= 538 | 539 | # If you want dnsmasq to detect attempts by Verisign to send queries 540 | # to unregistered .com and .net hosts to its sitefinder service and 541 | # have dnsmasq instead return the correct NXDOMAIN response, uncomment 542 | # this line. You can add similar lines to do the same for other 543 | # registries which have implemented wildcard A records. 544 | #bogus-nxdomain=64.94.110.11 545 | 546 | # If you want to fix up DNS results from upstream servers, use the 547 | # alias option. This only works for IPv4. 548 | # This alias makes a result of 1.2.3.4 appear as 5.6.7.8 549 | #alias=1.2.3.4,5.6.7.8 550 | # and this maps 1.2.3.x to 5.6.7.x 551 | #alias=1.2.3.0,5.6.7.0,255.255.255.0 552 | # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 553 | #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 554 | 555 | # Change these lines if you want dnsmasq to serve MX records. 556 | 557 | # Return an MX record named "maildomain.com" with target 558 | # servermachine.com and preference 50 559 | #mx-host=maildomain.com,servermachine.com,50 560 | 561 | # Set the default target for MX records created using the localmx option. 562 | #mx-target=servermachine.com 563 | 564 | # Return an MX record pointing to the mx-target for all local 565 | # machines. 566 | #localmx 567 | 568 | # Return an MX record pointing to itself for all local machines. 569 | #selfmx 570 | 571 | # Change the following lines if you want dnsmasq to serve SRV 572 | # records. These are useful if you want to serve ldap requests for 573 | # Active Directory and other windows-originated DNS requests. 574 | # See RFC 2782. 575 | # You may add multiple srv-host lines. 576 | # The fields are ,,,, 577 | # If the domain part if missing from the name (so that is just has the 578 | # service and protocol sections) then the domain given by the domain= 579 | # config option is used. (Note that expand-hosts does not need to be 580 | # set for this to work.) 581 | 582 | # A SRV record sending LDAP for the example.com domain to 583 | # ldapserver.example.com port 389 584 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 585 | 586 | # A SRV record sending LDAP for the example.com domain to 587 | # ldapserver.example.com port 389 (using domain=) 588 | #domain=example.com 589 | #srv-host=_ldap._tcp,ldapserver.example.com,389 590 | 591 | # Two SRV records for LDAP, each with different priorities 592 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 593 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 594 | 595 | # A SRV record indicating that there is no LDAP server for the domain 596 | # example.com 597 | #srv-host=_ldap._tcp.example.com 598 | 599 | # The following line shows how to make dnsmasq serve an arbitrary PTR 600 | # record. This is useful for DNS-SD. (Note that the 601 | # domain-name expansion done for SRV records _does_not 602 | # occur for PTR records.) 603 | #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" 604 | 605 | # Change the following lines to enable dnsmasq to serve TXT records. 606 | # These are used for things like SPF and zeroconf. (Note that the 607 | # domain-name expansion done for SRV records _does_not 608 | # occur for TXT records.) 609 | 610 | #Example SPF. 611 | #txt-record=example.com,"v=spf1 a -all" 612 | 613 | #Example zeroconf 614 | #txt-record=_http._tcp.example.com,name=value,paper=A4 615 | 616 | # Provide an alias for a "local" DNS name. Note that this _only_ works 617 | # for targets which are names from DHCP or /etc/hosts. Give host 618 | # "bert" another name, bertrand 619 | #cname=bertand,bert 620 | 621 | # For debugging purposes, log each DNS query as it passes through 622 | # dnsmasq. 623 | #log-queries 624 | 625 | # Log lots of extra information about DHCP transactions. 626 | #log-dhcp 627 | 628 | # Include another lot of configuration options. 629 | #conf-file=/etc/dnsmasq.more.conf 630 | #conf-dir=/etc/dnsmasq.d 631 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/templates/thingyservice.conf.j2: -------------------------------------------------------------------------------- 1 | 2 | ServerName thingyservice 3 | ServerAdmin webmaster@localhost 4 | 5 | DocumentRoot /opt/example/thingy/webroot 6 | 7 | ErrorLog ${APACHE_LOG_DIR}/thingy_error.log 8 | CustomLog ${APACHE_LOG_DIR}/thingy_access.log combined 9 | 10 | 11 | Options Indexes FollowSymLinks 12 | AllowOverride None 13 | Require all granted 14 | 15 | 16 | 17 | ProxyPass http://127.0.0.1:8888/ 18 | ProxyPassReverse http://127.0.0.1:8888/ 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /playbooks/example/roles/service_example/templates/thingyservice.super.conf.j2: -------------------------------------------------------------------------------- 1 | [program:thingyservice] 2 | command=/opt/example/thingy/application.py 3 | numprocs=1 4 | directory=/opt/example/thingy 5 | user=nobody 6 | stdout_logfile=/var/log/thingy.out 7 | stderr_logfile=/var/log/thingy.err 8 | environment=HOME=/opt/example/thingy 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /playbooks/example/roles/zeromq/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install ZeroMQ 3 | - name: Install ZeroMQ Packages and requirements 4 | apt: pkg={{ item }} state=installed 5 | with_items: 6 | - libzmq3 7 | - libzmq3-dev 8 | - python-zmq 9 | when: ansible_distribution_release == "saucy" 10 | 11 | - name: Install ZeroMQ Packages and requirements 12 | apt: pkg={{ item }} state=installed 13 | with_items: 14 | - libzmq1 15 | - libzmq-dev 16 | - python-zmq 17 | when: ansible_distribution_release == "precise" 18 | -------------------------------------------------------------------------------- /playbooks/example/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Apply common configuration to all target nodes 4 | hosts: all 5 | user: tom 6 | sudo: yes 7 | roles: 8 | - common 9 | 10 | - name: Install all the packages and stuff required for a demobox 11 | hosts: demoboxes 12 | user: tom 13 | sudo: yes 14 | roles: 15 | # - redis 16 | # - nginx 17 | # - nodejs 18 | # - zeromq 19 | # - deploy_thingy 20 | - deploy_private_git 21 | 22 | 23 | #- name: Install all the packages and stuff required for a webserver 24 | # hosts: webservers 25 | # user: user 26 | # sudo: yes 27 | # roles: 28 | # - nginx 29 | # 30 | #- name: Install all the packages and stuff required for a Database Server 31 | # hosts: dbservers 32 | # user: user 33 | # sudo: yes 34 | # roles: 35 | # - redis 36 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/hosts: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost 3 | 4 | [launched] 5 | ec2-54-204-187-220.compute-1.amazonaws.com ansible_ssh_private_key_file=~/.ssh/ansible_ec2.pem 6 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ======== 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by the ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | License 22 | ------- 23 | 24 | BSD 25 | 26 | Author Information 27 | ------------------ 28 | 29 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 30 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/files/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/part3_ec2/roles/__galaxy__/files/.empty -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: 5 | company: your company (optional) 6 | license: license (GPLv2, CC-BY, etc) 7 | min_ansible_version: 1.2 8 | # 9 | # Below are all platforms currently available. Just uncomment 10 | # the ones that apply to your role. If you don't see your 11 | # platform on this list, let us know and we'll get it added! 12 | # 13 | #platforms: 14 | #- name: EL 15 | # versions: 16 | # - all 17 | # - 5 18 | # - 6 19 | #- name: GenericUNIX 20 | # versions: 21 | # - all 22 | # - any 23 | #- name: Fedora 24 | # versions: 25 | # - all 26 | # - 16 27 | # - 17 28 | # - 18 29 | # - 19 30 | # - 20 31 | #- name: opensuse 32 | # versions: 33 | # - all 34 | # - 12.1 35 | # - 12.2 36 | # - 12.3 37 | # - 13.1 38 | # - 13.2 39 | #- name: GenericBSD 40 | # versions: 41 | # - all 42 | # - any 43 | #- name: FreeBSD 44 | # versions: 45 | # - all 46 | # - 8.0 47 | # - 8.1 48 | # - 8.2 49 | # - 8.3 50 | # - 8.4 51 | # - 9.0 52 | # - 9.1 53 | # - 9.1 54 | # - 9.2 55 | #- name: Ubuntu 56 | # versions: 57 | # - all 58 | # - lucid 59 | # - maverick 60 | # - natty 61 | # - oneiric 62 | # - precise 63 | # - quantal 64 | # - raring 65 | # - saucy 66 | # - trusty 67 | #- name: SLES 68 | # versions: 69 | # - all 70 | # - 10SP3 71 | # - 10SP4 72 | # - 11 73 | # - 11SP1 74 | # - 11SP2 75 | # - 11SP3 76 | #- name: GenericLinux 77 | # versions: 78 | # - all 79 | # - any 80 | #- name: Debian 81 | # versions: 82 | # - all 83 | # - etch 84 | # - lenny 85 | # - squeeze 86 | # - wheezy 87 | # 88 | # Below are all categories currently available. Just as with 89 | # the platforms above, uncomment those that apply to your role. 90 | # 91 | #categories: 92 | #- cloud 93 | #- cloud:ec2 94 | #- cloud:gce 95 | #- cloud:rax 96 | #- database 97 | #- database:nosql 98 | #- database:sql 99 | #- development 100 | #- monitoring 101 | #- networking 102 | #- packaging 103 | #- system 104 | #- web 105 | dependencies: [] 106 | # List your role dependencies here, one per line. Only 107 | # dependencies available via galaxy should be listed here. 108 | # Be sure to remove the '[]' above if you add dependencies 109 | # to this list. 110 | 111 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/templates/.empty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/part3_ec2/roles/__galaxy__/templates/.empty -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__galaxy__/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for __galaxy__ 3 | -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/__template__: -------------------------------------------------------------------------------- 1 | __galaxy__ -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/common: -------------------------------------------------------------------------------- 1 | ../../example/roles/common -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/deploy_thingy: -------------------------------------------------------------------------------- 1 | ../../example/roles/deploy_thingy -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/gridfs: -------------------------------------------------------------------------------- 1 | ../../example/roles/gridfs -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/memcached: -------------------------------------------------------------------------------- 1 | ../../example/roles/memcached -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/mongodb: -------------------------------------------------------------------------------- 1 | ../../example/roles/mongodb -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/nginx: -------------------------------------------------------------------------------- 1 | ../../example/roles/nginx -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/nodejs: -------------------------------------------------------------------------------- 1 | ../../example/roles/nodejs -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/redis: -------------------------------------------------------------------------------- 1 | ../../example/roles/redis -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/repository: -------------------------------------------------------------------------------- 1 | ../../example/roles/repository -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/service_example: -------------------------------------------------------------------------------- 1 | ../../example/roles/service_example -------------------------------------------------------------------------------- /playbooks/part3_ec2/roles/zeromq: -------------------------------------------------------------------------------- 1 | ../../example/roles/zeromq -------------------------------------------------------------------------------- /playbooks/part3_ec2/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Effectively lifted from the Ansible documentation on EC2: 3 | # http://docs.ansible.com/ec2_module.html 4 | 5 | - name: Provision an EC2 node 6 | hosts: local 7 | connection: local 8 | gather_facts: False 9 | tags: provisioning 10 | vars: 11 | instance_type: t1.micro 12 | security_group: sg_thingy 13 | image: ami-a73264ce 14 | region: us-east-1 15 | keypair: ansible_ec2 16 | tasks: 17 | - name: Launch new Instance 18 | local_action: ec2 instance_tags="Name=AnsibleTest" group={{ security_group }} instance_type={{ instance_type}} image={{ image }} wait=true region={{ region }} keypair={{ keypair }} 19 | register: ec2 20 | 21 | - name: Add instance to local host group 22 | # local_action: add_host hostname={{ item.public_ip }} groupname=launched 23 | local_action: lineinfile dest="./hosts" regexp="{{ item.public_dns_name }}" insertafter="[launched]" line="{{ item.public_dns_name }} ansible_ssh_private_key_file=~/.ssh/{{ keypair }}.pem" 24 | with_items: ec2.instances 25 | #" 26 | 27 | - name: Wait for SSH to come up 28 | local_action: wait_for host={{ item.public_dns_name }} port=22 delay=60 timeout=320 state=started 29 | with_items: ec2.instances 30 | 31 | - name: With the newly provisioned EC2 node configure that thing 32 | hosts: launched # This uses the hosts that we put into the in-memory hosts repository with the add_host module. 33 | sudo: yes # On EC2 nodes, this is automatically passwordless. 34 | remote_user: ubuntu # This is the username for all ubuntu images, rather than root, or something weird. 35 | gather_facts: True #We need to re-enable this, as we turned it off earlier. 36 | roles: 37 | - common 38 | - redis 39 | - nginx 40 | - zeromq 41 | - deploy_thingy 42 | # These are the same roles as we configured in the 'Parallax/example' playbook, except they've been symlinked into this one. 43 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/galaxy-roles.txt: -------------------------------------------------------------------------------- 1 | ANXS.postgresql, v1.0.3 2 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/group_vars/all: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/part5_galaxy/group_vars/all -------------------------------------------------------------------------------- /playbooks/part5_galaxy/host_vars/all: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomoconnor/parallax/9481c3696a4ef9fb89f7da909ed4d14bb4bbd879/playbooks/part5_galaxy/host_vars/all -------------------------------------------------------------------------------- /playbooks/part5_galaxy/hosts: -------------------------------------------------------------------------------- 1 | [staging] 2 | localhost -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .AppleDouble 3 | .LSOverride 4 | Icon 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | .vagrant 9 | test 10 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq python-apt python-pycurl 7 | install: 8 | - pip install ansible==1.5.0 9 | script: 10 | - echo localhost > inventory 11 | - ansible-playbook --syntax-check -i inventory test.yml 12 | - ansible-playbook -i inventory test.yml --connection=local --sudo 13 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2014 Pieterjan Vandaele 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/README.md: -------------------------------------------------------------------------------- 1 | ## Ansibles - PostgreSQL [![Build Status](https://travis-ci.org/Ansibles/postgresql.png)](https://travis-ci.org/Ansibles/postgresql) 2 | 3 | Ansible role which installs and configures PostgreSQL, extensions, databases and users. 4 | 5 | 6 | #### Requirements & Dependencies 7 | - Tested on Ansible 1.4 or higher. 8 | - Ansibles.monit ([Galaxy](https://galaxy.ansible.com/list#/roles/502)/[GH](https://github.com/Ansibles/monit)) if you want monit protection (in that case, you should set `monit_protection: true`) 9 | 10 | 11 | #### Variables 12 | 13 | ```yaml 14 | # Basic settings 15 | postgresql_version: 9.3 16 | postgresql_encoding: 'UTF-8' 17 | postgresql_locale: 'en_US.UTF-8' 18 | 19 | postgresql_admin_user: "postgres" 20 | postgresql_default_auth_method: "trust" 21 | 22 | postgresql_cluster_name: "main" 23 | postgresql_cluster_reset: false 24 | 25 | # List of databases to be created (optional) 26 | postgresql_databases: 27 | - name: foobar 28 | hstore: yes # flag to install the hstore extension on this database (yes/no) 29 | uuid-ossp: yes # flag to install the uuid-ossp extension on this database (yes/no) 30 | 31 | # List of users to be created (optional) 32 | postgresql_users: 33 | - name: baz 34 | pass: pass 35 | encrypted: no # denotes if the password is already encrypted. 36 | 37 | # List of user privileges to be applied (optional) 38 | postgresql_user_privileges: 39 | - name: baz # user name 40 | db: foobar # database 41 | priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL 42 | ``` 43 | 44 | There's a lot more knobs and bolts to set, which you can find in the defaults/main.yml 45 | 46 | 47 | #### License 48 | 49 | Licensed under the MIT License. See the LICENSE file for details. 50 | 51 | #### Thanks 52 | 53 | To the contributors: 54 | - [Ralph von der Heyden](https://github.com/ralph) 55 | 56 | 57 | #### Feedback, bug-reports, requests, ... 58 | 59 | Are [welcome](https://github.com/ansibles/postgresql/issues)! 60 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/defaults/main.yml 2 | 3 | # Basic settings 4 | postgresql_version: 9.3 5 | postgresql_encoding: 'UTF-8' 6 | postgresql_locale: 'en_US.UTF-8' 7 | 8 | postgresql_admin_user: "postgres" 9 | postgresql_default_auth_method: "trust" 10 | 11 | postgresql_cluster_name: "main" 12 | postgresql_cluster_reset: false 13 | 14 | # Extensions 15 | postgresql_ext_install_contrib: no 16 | postgresql_ext_install_dev_headers: no 17 | postgresql_ext_install_postgis: no 18 | 19 | postgresql_ext_postgis_version: "2.1" # be careful: check whether the postgresql/postgis versions work together 20 | 21 | # List of databases to be created (optional) 22 | postgresql_databases: [] 23 | 24 | # List of users to be created (optional) 25 | postgresql_users: [] 26 | 27 | # List of user privileges to be applied (optional) 28 | postgresql_user_privileges: [] 29 | 30 | # pg_hba.conf 31 | postgresql_pg_hba_default: 32 | - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' } 33 | - { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' } 34 | - { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method }}', comment: 'IPv4 local connections:' } 35 | - { type: host, database: all, user: all, address: '::1/128', method: '{{ postgresql_default_auth_method }}', comment: 'IPv6 local connections:' } 36 | 37 | postgresql_pg_hba_passwd_hosts: [] 38 | postgresql_pg_hba_trust_hosts: [] 39 | postgresql_pg_hba_custom: [] 40 | 41 | 42 | # postgresql.conf 43 | 44 | #------------------------------------------------------------------------------ 45 | # FILE LOCATIONS 46 | #------------------------------------------------------------------------------ 47 | 48 | # Location of postgres configuration files here 49 | postgresql_conf_directory: "/etc/postgresql/{{postgresql_version}}/{{postgresql_cluster_name}}" 50 | # HBA (Host Based Authentication) file 51 | postgresql_hba_file: "{{postgresql_conf_directory}}/pg_hba.conf" 52 | # Ident configuration file 53 | postgresql_ident_file: "{{postgresql_conf_directory}}/pg_ident.conf" 54 | # Use data in another directory 55 | postgresql_data_directory: "/var/lib/postgresql/{{postgresql_version}}/{{postgresql_cluster_name}}" 56 | # If external_pid_file is not explicitly set, on extra PID file is written 57 | postgresql_external_pid_file: "/var/run/postgresql/{{postgresql_version}}-{{postgresql_cluster_name}}.pid" 58 | 59 | #------------------------------------------------------------------------------ 60 | # CONNECTIONS AND AUTHENTICATION 61 | #------------------------------------------------------------------------------ 62 | 63 | postgresql_listen_addresses: 64 | - localhost 65 | postgresql_port: 5432 66 | 67 | postgresql_max_connections: 100 68 | postgresql_superuser_reserved_connections: 3 69 | 70 | postgresql_unix_socket_directories: 71 | - /var/run/postgresql 72 | postgresql_unix_socket_group: '' 73 | postgresql_unix_socket_permissions: '0777' # begin with 0 to use octal notation 74 | 75 | # Automatic pg_ctl configuration. Specify a list of options containing 76 | # cluster specific options to be passed to pg_ctl(1). 77 | postgresql_pg_ctl_options: [] 78 | 79 | postgresql_bonjour: off # advertise server via Bonjour 80 | postgresql_bonjour_name: '' # defaults to the computer name 81 | 82 | 83 | # - Security and Authentication - 84 | 85 | postgresql_authentication_timeout: 60s 86 | postgresql_ssl: off 87 | postgresql_ssl_ciphers: 88 | - 'DEFAULT' 89 | - '!LOW' 90 | - '!EXP' 91 | - '!MD5' 92 | - '@STRENGTH' 93 | postgresql_ssl_renegotiation_limit: 512MB # amount of data between renegotiations 94 | postgresql_ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem 95 | postgresql_ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key 96 | postgresql_ssl_ca_file: '' 97 | postgresql_ssl_crl_file: '' 98 | postgresql_password_encryption: on 99 | postgresql_db_user_namespace: off 100 | 101 | # Kerberos and GSSAPI 102 | postgresql_krb_server_keyfile: '' 103 | postgresql_krb_srvname: postgres 104 | postgresql_krb_caseins_users: off 105 | 106 | # TCP Keepalives, 0 selects the system default (in seconds) 107 | postgresql_tcp_keepalives_idle: 0 108 | postgresql_tcp_keepalives_interval: 0 109 | postgresql_tcp_keepalives_count: 0 110 | 111 | 112 | #------------------------------------------------------------------------------ 113 | # RESOURCE USAGE (except WAL) 114 | #------------------------------------------------------------------------------ 115 | 116 | # - Memory - 117 | 118 | postgresql_shared_buffers: 128MB # min 128kB 119 | postgresql_temp_buffers: 8MB # min 800kB 120 | 121 | # Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory 122 | # per transaction slot, plus lock space (see max_locks_per_transaction). 123 | # It is not advisable to set max_prepared_transactions nonzero unless you 124 | # actively intend to use prepared transactions. 125 | postgresql_max_prepared_transactions: 0 # zero disables the feature 126 | 127 | postgresql_work_mem: 1MB # min 64kB 128 | postgresql_maintenance_work_mem: 16MB # min 1MB 129 | postgresql_max_stack_depth: 2MB # min 100kB 130 | 131 | 132 | # - Disk - 133 | 134 | # limits per-session temp file space in kB, or -1 for no limit 135 | postgresql_temp_file_limit: -1 136 | 137 | 138 | # - Kernel Resource Usage - 139 | 140 | postgresql_max_files_per_process: 1000 # min 25 141 | postgresql_shared_preload_libraries: [] 142 | 143 | 144 | # - Cost-Based Vacuum Delay - 145 | 146 | postgresql_vacuum_cost_delay: 0 # 0-100 milliseconds 147 | postgresql_vacuum_cost_page_hit: 1 # 0-10000 credits 148 | postgresql_vacuum_cost_page_miss: 10 # 0-10000 credits 149 | postgresql_vacuum_cost_page_dirty: 20 # 0-10000 credits 150 | postgresql_vacuum_cost_limit: 200 # 1-10000 credits 151 | 152 | 153 | # - Background Writer - 154 | 155 | postgresql_bgwriter_delay: 200ms # 10-10000ms between rounds 156 | postgresql_bgwriter_lru_maxpages: 100 # 0-1000 max buffers written/round 157 | postgresql_bgwriter_lru_multiplier: 2.0 # 0-10.0 multipler on buffers scanned/round 158 | 159 | 160 | # - Asynchronous Behavior - 161 | 162 | postgresql_effective_io_concurrency: 1 # 1-1000; 0 disables prefetching 163 | 164 | 165 | #------------------------------------------------------------------------------ 166 | # WRITE AHEAD LOG 167 | #------------------------------------------------------------------------------ 168 | 169 | # - Settings - 170 | 171 | postgresql_wal_level: minimal # minimal, archive, or hot_standby 172 | postgresql_fsync: on # turns forced synchronization on or off 173 | 174 | # Synchronization level: 175 | # - off 176 | # - local 177 | # - remote_write 178 | # - on 179 | postgresql_synchronous_commit: on 180 | 181 | # The default is the first option supported by the operating system: 182 | # - open_datasync 183 | # - fdatasync (default on Linux) 184 | # - fsync 185 | # - fsync_writethrough 186 | # - open_sync 187 | postgresql_wal_sync_method: fsync 188 | 189 | # recover from partial page writes 190 | postgresql_full_page_writes: on 191 | 192 | postgresql_wal_buffers: -1 # min 32kB, -1 sets based on shared_buffers 193 | postgresql_wal_writer_delay: 200ms # 1-10000 milliseconds 194 | postgresql_commit_delay: 0 # range 0-100000, in microseconds 195 | postgresql_commit_siblings: 5 # range 1-1000 196 | 197 | 198 | # - Checkpoints - 199 | 200 | postgresql_checkpoint_segments: 3 # in logfile segments, min 1, 16MB each 201 | postgresql_checkpoint_timeout: 5min # range 30s-1h 202 | postgresql_checkpoint_completion_target: 0.5 # checkpoint target duration, 0.0 - 1.0 203 | postgresql_checkpoint_warning: 30s # 0 disables 204 | 205 | 206 | # - Archiving - 207 | 208 | # allows archiving to be done 209 | postgresql_archive_mode: off 210 | 211 | # Command to use to archive a logfile segment. 212 | # Placeholders: %p = path of file to archive 213 | # %f = file name only 214 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' 215 | postgresql_archive_command: '' 216 | 217 | # force a logfile segment switch after this 218 | postgresql_archive_timeout: 0 219 | 220 | 221 | #------------------------------------------------------------------------------ 222 | # REPLICATION 223 | #------------------------------------------------------------------------------ 224 | 225 | # - Sending Server(s) - 226 | 227 | # Set these on the master and on any standby that will send replication data. 228 | 229 | # max number of walsender processes 230 | postgresql_max_wal_senders: 0 231 | 232 | postgresql_wal_keep_segments: 0 # in logfile segments, 16MB each; 0 disables 233 | postgresql_wal_sender_timeout: 60s # in milliseconds; 0 disables 234 | 235 | 236 | # - Master Server - 237 | 238 | # These settings are ignored on a standby server. 239 | 240 | # Standby servers that provide sync rep. 241 | # Comma-separated list of application_name from standby(s) 242 | postgresql_synchronous_standby_names: [] # '*' means 'all' 243 | 244 | # number of xacts by which cleanup is delayed 245 | postgresql_vacuum_defer_cleanup_age: 0 246 | 247 | 248 | # - Standby Servers - 249 | 250 | # "on" allows queries during recovery 251 | postgresql_hot_standby: off 252 | # max delay before canceling queries when reading WAL from archive 253 | postgresql_max_standby_archive_delay: 30s # -1 allows indefinite delay 254 | # max delay before canceling queries when reading streaming WAL; 255 | postgresql_max_standby_streaming_delay: 30s # -1 allows indefinite delay 256 | # send replies at least this often 257 | postgresql_wal_receiver_status_interval: 10s # 0 disables 258 | # send info from standby to prevent query conflicts 259 | postgresql_hot_standby_feedback: off 260 | #time that receiver waits for communication from master in milliseconds 261 | postgresql_wal_receiver_timeout: 60s 262 | 263 | 264 | #------------------------------------------------------------------------------ 265 | # QUERY TUNING 266 | #------------------------------------------------------------------------------ 267 | 268 | # - Planner Method Configuration - 269 | 270 | postgresql_enable_bitmapscan: on 271 | postgresql_enable_hashagg: on 272 | postgresql_enable_hashjoin: on 273 | postgresql_enable_indexscan: on 274 | postgresql_enable_indexonlyscan: on 275 | postgresql_enable_material: on 276 | postgresql_enable_mergejoin: on 277 | postgresql_enable_nestloop: on 278 | postgresql_enable_seqscan: on 279 | postgresql_enable_sort: on 280 | postgresql_enable_tidscan: on 281 | 282 | 283 | # - Planner Cost Constants - 284 | 285 | postgresql_seq_page_cost: 1.0 # measured on an arbitrary scale 286 | postgresql_random_page_cost: 4.0 # same scale as above 287 | postgresql_cpu_tuple_cost: 0.01 # same scale as above 288 | postgresql_cpu_index_tuple_cost: 0.005 # same scale as above 289 | postgresql_cpu_operator_cost: 0.0025 # same scale as above 290 | postgresql_effective_cache_size: 128MB 291 | 292 | 293 | # - Genetic Query Optimizer - 294 | 295 | postgresql_geqo: on 296 | postgresql_geqo_threshold: 12 297 | postgresql_geqo_effort: 5 # range 1-10 298 | postgresql_geqo_pool_size: 0 # selects default based on effort 299 | postgresql_geqo_generations: 0 # selects default based on effort 300 | postgresql_geqo_selection_bias: 2.0 # range 1.5-2.0 301 | postgresql_geqo_seed: 0.0 # range 0.0-1.0 302 | 303 | 304 | # - Other Planner Options - 305 | 306 | postgresql_default_statistics_target: 100 # range 1-10000 307 | postgresql_constraint_exclusion: partition # on, off, or partition 308 | postgresql_cursor_tuple_fraction: 0.1 # range 0.0-1.0 309 | postgresql_from_collapse_limit: 8 310 | postgresql_join_collapse_limit: 8 # 1 disables collapsing of explicit 311 | 312 | 313 | #------------------------------------------------------------------------------ 314 | # ERROR REPORTING AND LOGGING 315 | #------------------------------------------------------------------------------ 316 | 317 | # - Where to Log - 318 | 319 | # Valid values are combinations of stderr, csvlog, syslog, and eventlog. 320 | # depending on platform. Csvlog requires logging_collector to be on. 321 | postgresql_log_destination: stderr 322 | 323 | # Enable capturing of stderr and csvlog into log files. 324 | # Required to be on for csvlogs. 325 | postgresql_logging_collector: off 326 | 327 | # These are only used if logging_collector is on: 328 | 329 | # Directory where log files are written, can be absolute or relative to PGDATA 330 | postgresql_log_directory: pg_log 331 | # Log file name pattern, can include strftime() escapes 332 | postgresql_log_filename: postgresql-%Y-%m-%d_%H%M%S.log 333 | postgresql_log_file_mode: '0600' # begin with 0 to use octal notation 334 | # If on, an existing log file with the same name as the new log file will be 335 | # truncated rather than appended to. But such truncation only occurs on 336 | # time-driven rotation, not on restarts or size-driven rotation. Default is 337 | # off, meaning append to existing files in all cases. 338 | postgresql_log_truncate_on_rotation: off 339 | # Automatic rotation of logfiles will happen after that time. 340 | postgresql_log_rotation_age: 1d 341 | # Automatic rotation of logfiles will happen after that much log output. 342 | postgresql_log_rotation_size: 10MB 343 | 344 | # These are relevant when logging to syslog: 345 | postgresql_syslog_facility: LOCAL0 346 | postgresql_syslog_ident: postgres 347 | # This is only relevant when logging to eventlog (win32): 348 | postgresql_event_source: PostgreSQL 349 | 350 | 351 | # - When to Log - 352 | 353 | # Values in order of decreasing detail: 354 | # - debug5 355 | # - debug4 356 | # - debug3 357 | # - debug2 358 | # - debug1 359 | # - log 360 | # - notice 361 | # - warning 362 | # - error 363 | postgresql_client_min_messages: notice 364 | 365 | # Values in order of decreasing detail: 366 | # - debug5 367 | # - debug4 368 | # - debug3 369 | # - debug2 370 | # - debug1 371 | # - info 372 | # - notice 373 | # - warning 374 | # - error 375 | # - log 376 | # - fatal 377 | # - panic 378 | postgresql_log_min_messages: warning 379 | 380 | # Values in order of decreasing detail: 381 | # - debug5 382 | # - debug4 383 | # - debug3 384 | # - debug2 385 | # - debug1 386 | # - info 387 | # - notice 388 | # - warning 389 | # - error 390 | # - log 391 | # - fatal 392 | # - panic (effectively off) 393 | postgresql_log_min_error_statement: error 394 | 395 | # -1 is disabled, 0 logs all statements and their durations, > 0 logs only 396 | # statements running at least this number of milliseconds 397 | postgresql_log_min_duration_statement: -1 398 | 399 | 400 | # - What to Log - 401 | 402 | postgresql_debug_print_parse: off 403 | postgresql_debug_print_rewritten: off 404 | postgresql_debug_print_plan: off 405 | postgresql_debug_pretty_print: on 406 | postgresql_log_checkpoints: off 407 | postgresql_log_connections: off 408 | postgresql_log_disconnections: off 409 | postgresql_log_duration: off 410 | postgresql_log_error_verbosity: default # terse, default, or verbose messages 411 | postgresql_log_hostname: off 412 | 413 | # Special values: 414 | # %a = application name 415 | # %u = user name 416 | # %d = database name 417 | # %r = remote host and port 418 | # %h = remote host 419 | # %p = process ID 420 | # %t = timestamp without milliseconds 421 | # %m = timestamp with milliseconds 422 | # %i = command tag 423 | # %e = SQL state 424 | # %c = session ID 425 | # %l = session line number 426 | # %s = sessioan start timestamp 427 | # %v = virtual transaction ID 428 | # %x = transaction ID (0 if none) 429 | # %q = stop here in non-session 430 | # processes 431 | # %% = '%' 432 | postgresql_log_line_prefix: '%t ' 433 | 434 | # log lock waits >= deadlock_timeout 435 | postgresql_log_lock_waits: off 436 | postgresql_log_statement: none # none, ddl, mod, all 437 | # log temporary files equal or larger 438 | postgresql_log_temp_files: -1 439 | postgresql_log_timezone: UTC 440 | 441 | 442 | #------------------------------------------------------------------------------ 443 | # RUNTIME STATISTICS 444 | #------------------------------------------------------------------------------ 445 | 446 | # - Query/Index Statistics Collector - 447 | 448 | postgresql_track_activities: on 449 | postgresql_track_counts: on 450 | postgresql_track_io_timing: off 451 | postgresql_track_functions: none # none, pl, all 452 | postgresql_track_activity_query_size: 1024 453 | postgresql_update_process_title: on 454 | postgresql_stats_temp_directory: pg_stat_tmp 455 | 456 | 457 | # - Statistics Monitoring - 458 | 459 | postgresql_log_parser_stats: off 460 | postgresql_log_planner_stats: off 461 | postgresql_log_executor_stats: off 462 | postgresql_log_statement_stats: off 463 | 464 | 465 | #------------------------------------------------------------------------------ 466 | # AUTOVACUUM PARAMETERS 467 | #------------------------------------------------------------------------------ 468 | 469 | # Enable autovacuum subprocess? 'on' requires track_counts to also be on. 470 | postgresql_autovacuum: on 471 | # -1 disables, 0 logs all actions and their durations, > 0 logs only 472 | # actions running at least this number of milliseconds. 473 | postgresql_log_autovacuum_min_duration: -1 474 | # max number of autovacuum subprocesses 475 | postgresql_autovacuum_max_workers: 3 476 | # time between autovacuum runs 477 | postgresql_autovacuum_naptime: 1min 478 | # min number of row updates before vacuum 479 | postgresql_autovacuum_vacuum_threshold: 50 480 | # min number of row updates before analyze 481 | postgresql_autovacuum_analyze_threshold: 50 482 | # fraction of table size before vacuum 483 | postgresql_autovacuum_vacuum_scale_factor: 0.2 484 | # fraction of table size before analyze 485 | postgresql_autovacuum_analyze_scale_factor: 0.1 486 | # maximum XID age before forced vacuum 487 | postgresql_autovacuum_freeze_max_age: 200000000 488 | # default vacuum cost delay for autovacuum, in milliseconds 489 | postgresql_autovacuum_vacuum_cost_delay: 20ms 490 | # default vacuum cost limit for autovacuum, 491 | postgresql_autovacuum_vacuum_cost_limit: -1 492 | 493 | 494 | #------------------------------------------------------------------------------ 495 | # CLIENT CONNECTION DEFAULTS 496 | #------------------------------------------------------------------------------ 497 | 498 | # - Statement Behavior - 499 | 500 | postgresql_search_path: # schema names 501 | - '"$user"' 502 | - public 503 | postgresql_default_tablespace: '' # a tablespace name, '' uses the default 504 | postgresql_temp_tablespaces: [] # a list of tablespace names 505 | 506 | postgresql_check_function_bodies: on 507 | postgresql_default_transaction_isolation: read committed 508 | postgresql_default_transaction_read_only: off 509 | postgresql_default_transaction_deferrable: off 510 | postgresql_session_replication_role: origin 511 | 512 | postgresql_statement_timeout: 0 # in milliseconds, 0 is disabled 513 | postgresql_lock_timeout: 0 # in milliseconds, 0 is disabled 514 | postgresql_vacuum_freeze_min_age: 50000000 515 | postgresql_vacuum_freeze_table_age: 150000000 516 | 517 | postgresql_bytea_output: hex # hex, escape 518 | postgresql_xmlbinary: base64 519 | postgresql_xmloption: content 520 | 521 | 522 | # - Locale and Formatting - 523 | 524 | postgresql_datestyle: 525 | - iso 526 | - mdy 527 | postgresql_intervalstyle: postgres 528 | postgresql_timezone: UTC 529 | 530 | # Select the set of available time zone abbreviations. Currently, there are: 531 | # Default 532 | # Australia 533 | # India 534 | # You can create your own file in `share/timezonesets/`. 535 | postgresql_timezone_abbreviations: Default 536 | 537 | postgresql_extra_float_digits: 0 # min -15, max 3 538 | postgresql_client_encoding: sql_ascii # 'sql_ascii' actually defaults to database encoding 539 | 540 | # These settings are initialized by initdb, but they can be changed. 541 | 542 | # locale for system error message 543 | postgresql_lc_messages: en_US.UTF-8 544 | # locale for monetary formatting 545 | postgresql_lc_monetary: en_US.UTF-8 546 | # locale for number formatting 547 | postgresql_lc_numeric: en_US.UTF-8 548 | # locale for time formatting 549 | postgresql_lc_time: en_US.UTF-8 550 | 551 | postgresql_default_text_search_config: pg_catalog.english 552 | 553 | postgresql_dynamic_library_path: '$libdir' 554 | postgresql_local_preload_libraries: [] 555 | 556 | 557 | #------------------------------------------------------------------------------ 558 | # LOCK MANAGEMENT 559 | #------------------------------------------------------------------------------ 560 | 561 | postgresql_deadlock_timeout: 1s 562 | postgresql_max_locks_per_transaction: 64 # min 10 563 | 564 | # Note: Each lock table slot uses ~270 bytes of shared memory, and there are 565 | # max_locks_per_transaction * (max_connections + max_prepared_transactions) 566 | # lock table slots. 567 | postgresql_max_pred_locks_per_transaction: 64 # min 10 568 | 569 | 570 | #------------------------------------------------------------------------------ 571 | # VERSION/PLATFORM COMPATIBILITY 572 | #------------------------------------------------------------------------------ 573 | 574 | # - Previous PostgreSQL Versions - 575 | 576 | postgresql_array_nulls: on 577 | postgresql_backslash_quote: safe_encoding # on, off, or safe_encoding 578 | postgresql_default_with_oids: off 579 | postgresql_escape_string_warning: on 580 | postgresql_lo_compat_privileges: off 581 | postgresql_quote_all_identifiers: off 582 | postgresql_sql_inheritance: on 583 | postgresql_standard_conforming_strings: on 584 | postgresql_synchronize_seqscans: on 585 | 586 | 587 | # - Other Platforms and Clients - 588 | 589 | postgresql_transform_null_equals: off 590 | 591 | 592 | #------------------------------------------------------------------------------ 593 | # ERROR HANDLING 594 | #------------------------------------------------------------------------------ 595 | 596 | # Terminate session on any error? 597 | postgresql_exit_on_error: off 598 | # Reinitialize after backend crash? 599 | postgresql_restart_after_crash: on 600 | 601 | 602 | 603 | 604 | postgresql_env: 605 | LC_ALL: "{{ postgresql_locale }}" 606 | LC_LCTYPE: "{{ postgresql_locale }}" 607 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/handlers/main.yml 2 | 3 | - name: restart postgresql 4 | service: 5 | name: postgresql 6 | state: restarted 7 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Thu Oct 30 12:10:35 2014', version: v1.0.3} 2 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/meta/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/meta/main.yml 2 | 3 | galaxy_info: 4 | author: pjan vandaele 5 | company: Ansibles 6 | description: "Install and configure PostgreSQL, dependencies, extensions, databases and users." 7 | min_ansible_version: 1.4 8 | license: MIT 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - all 13 | categories: 14 | - database 15 | - database:sql 16 | 17 | dependencies: [] 18 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/configure.yml 2 | 3 | - name: PostgreSQL | Make sure the postgres data directory exists 4 | file: 5 | path: "{{postgresql_data_directory}}" 6 | owner: "{{postgresql_admin_user}}" 7 | group: "{{postgresql_admin_user}}" 8 | state: directory 9 | mode: 0700 10 | 11 | - name: PostgreSQL | Reset the cluster - drop the existing one 12 | shell: pg_dropcluster --stop {{postgresql_version}} {{postgresql_cluster_name}} 13 | sudo: yes 14 | sudo_user: postgres 15 | when: postgresql_cluster_reset 16 | 17 | - name: PostgreSQL | Reset the cluster - create a new one (with specified encoding and locale) 18 | shell: pg_createcluster --start --locale {{postgresql_locale}} -e {{postgresql_encoding}} -d {{postgresql_data_directory}} {{postgresql_version}} {{postgresql_cluster_name}} 19 | sudo: yes 20 | sudo_user: postgres 21 | when: postgresql_cluster_reset 22 | 23 | - name: PostgreSQL | Update configuration - pt. 1 (pg_hba.conf) 24 | template: 25 | src: pg_hba.conf.j2 26 | dest: "{{postgresql_conf_directory}}/pg_hba.conf" 27 | owner: "{{postgresql_admin_user}}" 28 | group: "{{postgresql_admin_user}}" 29 | mode: 0640 30 | register: postgresql_configuration_pt1 31 | 32 | - name: PostgreSQL | Update configuration - pt. 2 (postgresql.conf) 33 | template: 34 | src: postgresql.conf.j2 35 | dest: "{{postgresql_conf_directory}}/postgresql.conf" 36 | owner: "{{postgresql_admin_user}}" 37 | group: "{{postgresql_admin_user}}" 38 | mode: 0640 39 | register: postgresql_configuration_pt2 40 | 41 | - name: PostgreSQL | Create folder for additional configuration files 42 | file: 43 | name: "{{postgresql_conf_directory}}/conf.d" 44 | state: directory 45 | owner: "{{postgresql_admin_user}}" 46 | group: "{{postgresql_admin_user}}" 47 | mode: 0755 48 | 49 | - name: PostgreSQL | Restart PostgreSQL 50 | service: 51 | name: postgresql 52 | state: restarted 53 | when: postgresql_configuration_pt1.changed or postgresql_configuration_pt2.changed 54 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/databases.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/databases.yml 2 | 3 | - name: PostgreSQL | Ensure PostgreSQL is running 4 | service: 5 | name: postgresql 6 | state: started 7 | 8 | - name: PostgreSQL | Make sure the PostgreSQL databases are present 9 | postgresql_db: 10 | name: "{{item.name}}" 11 | encoding: "{{postgresql_encoding}}" 12 | lc_collate: "{{postgresql_locale}}" 13 | lc_ctype: "{{postgresql_locale}}" 14 | template: "template0" 15 | state: present 16 | with_items: postgresql_databases 17 | when: postgresql_databases|length > 0 18 | 19 | - name: PostgreSQL | Add hstore to the databases with the requirement 20 | sudo: yes 21 | sudo_user: "{{postgresql_admin_user}}" 22 | shell: "psql {{item.name}} -c 'CREATE EXTENSION IF NOT EXISTS hstore;'" 23 | with_items: postgresql_databases 24 | when: item.hstore is defined and item.hstore 25 | 26 | - name: PostgreSQL | Add uuid-ossp to the database with the requirement 27 | sudo: yes 28 | sudo_user: "{{postgresql_admin_user}}" 29 | shell: "psql {{item.name}} -c 'CREATE EXTENSION IF NOT EXISTS uuid-ossp;'" 30 | with_items: postgresql_databases 31 | when: item.uuid_ossp is defined and item.uuid_ossp 32 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/extensions.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions.yml 2 | 3 | - include: extensions/contrib.yml 4 | when: postgresql_ext_install_contrib 5 | - include: extensions/dev_headers.yml 6 | when: postgresql_ext_install_dev_headers 7 | - include: extensions/postgis.yml 8 | when: postgresql_ext_install_postgis 9 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/extensions/contrib.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/contrib.yml 2 | 3 | - name: PostgreSQL | Extensions | Make sure the postgres contrib extensions are installed 4 | apt: 5 | name: "postgresql-contrib-{{postgresql_version}}" 6 | state: present 7 | notify: 8 | - restart postgresql 9 | 10 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/extensions/dev_headers.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/dev_headers.yml 2 | 3 | - name: PostgreSQL | Extensions | Make sure the development headers are installed 4 | apt: 5 | name: libpq-dev 6 | state: present 7 | notify: 8 | - restart postgresql 9 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/extensions/postgis.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/extensions/postgis.yml 2 | 3 | - name: PostgreSQL | Extensions | Make sure the postgis extensions are installed 4 | apt: 5 | name: "{{item}}" 6 | state: present 7 | with_items: 8 | - libgeos-c1 9 | - "postgresql-{{postgresql_version}}-postgis-{{postgresql_ext_postgis_version}}" 10 | notify: 11 | - restart postgresql 12 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/install.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/install.yml 2 | 3 | - name: PostgreSQL | Make sure the dependencies are installed 4 | apt: 5 | pkg: "{{item}}" 6 | state: present 7 | with_items: ["python-psycopg2", "python-pycurl"] 8 | 9 | - name: PostgreSQL | Add PostgeSQL repository apt-key 10 | apt_key: 11 | id: ACCC4CF8 12 | url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc" 13 | state: present 14 | 15 | - name: PostgreSQL | Add PostgreSQL repository 16 | apt_repository: 17 | repo: 'deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main' 18 | state: present 19 | 20 | - name: PostgreSQL | Install PostgreSQL 21 | apt: 22 | name: "{{item}}" 23 | state: present 24 | environment: postgresql_env 25 | with_items: 26 | - "postgresql-{{postgresql_version}}" 27 | - "postgresql-client-{{postgresql_version}}" 28 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/main.yml 2 | 3 | - include: install.yml 4 | - include: extensions.yml 5 | - include: configure.yml 6 | - include: databases.yml 7 | - include: users.yml 8 | - include: monit.yml 9 | when: monit_protection is defined and monit_protection == true 10 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/monit.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/monit.yml 2 | 3 | - name: PostgreSQL | (Monit) Copy the postgresql monit service file 4 | template: 5 | src: etc_monit_conf.d_postgresql.j2 6 | dest: /etc/monit/conf.d/postgresql 7 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/tasks/users.yml: -------------------------------------------------------------------------------- 1 | # file: postgresql/tasks/users.yml 2 | 3 | - name: PostgreSQL | Ensure PostgreSQL is running 4 | service: 5 | name: postgresql 6 | state: started 7 | 8 | - name: PostgreSQL | Make sure the PostgreSQL users are present 9 | postgresql_user: 10 | name: "{{item.name}}" 11 | password: "{{item.pass | default('pass')}}" 12 | state: present 13 | login_host: "{{item.host | default('localhost')}}" 14 | with_items: postgresql_users 15 | when: postgresql_users|length > 0 16 | 17 | - name: PostgreSQL | Update the user privileges 18 | postgresql_user: 19 | name: "{{item.name}}" 20 | db: "{{item.db}}" 21 | priv: "{{item.priv | default('ALL')}}" 22 | state: present 23 | login_host: "{{item.host | default('localhost')}}" 24 | with_items: postgresql_user_privileges 25 | when: postgresql_users|length > 0 26 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/templates/etc_monit_conf.d_postgresql.j2: -------------------------------------------------------------------------------- 1 | check process postgresql with pidfile /var/run/postgresql/{{postgresql_version}}-{{postgresql_cluster_name}}.pid 2 | group database 3 | start program = "/etc/init.d/postgresql start" 4 | stop program = "/etc/init.d/postgresql stop" 5 | if failed host localhost port 5432 protocol pgsql then restart 6 | if 5 restarts within 5 cycles then timeout 7 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/templates/pg_hba.conf.j2: -------------------------------------------------------------------------------- 1 | # PostgreSQL Client Authentication Configuration File 2 | # =================================================== 3 | # 4 | # Refer to the "Client Authentication" section in the PostgreSQL 5 | # documentation for a complete description of this file. A short 6 | # synopsis follows. 7 | # 8 | # This file controls: which hosts are allowed to connect, how clients 9 | # are authenticated, which PostgreSQL user names they can use, which 10 | # databases they can access. Records take one of these forms: 11 | # 12 | # local DATABASE USER METHOD [OPTIONS] 13 | # host DATABASE USER ADDRESS METHOD [OPTIONS] 14 | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] 15 | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] 16 | # 17 | # TYPE DATABASE USER ADDRESS METHOD 18 | 19 | # Default: 20 | {% for connection in postgresql_pg_hba_default %} 21 | # {{connection.comment}} 22 | {{connection.type}} {{connection.database}} {{connection.user}} {{connection.address}} {{connection.method}} 23 | {% endfor %} 24 | 25 | # Password hosts 26 | {% for host in postgresql_pg_hba_passwd_hosts %} 27 | host all all {{host}} password 28 | {% endfor %} 29 | 30 | # Trusted hosts 31 | {% for host in postgresql_pg_hba_trust_hosts %} 32 | host all all {{host}} trust 33 | {% endfor %} 34 | 35 | # User custom 36 | {% for connection in postgresql_pg_hba_custom %} 37 | # {{connection.comment}} 38 | {{connection.type}} {{connection.database}} {{connection.user}} {{connection.address}} {{connection.method}} 39 | {% endfor %} 40 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/templates/postgresql.conf.j2: -------------------------------------------------------------------------------- 1 | # ----------------------------- 2 | # PostgreSQL configuration file 3 | # ----------------------------- 4 | # 5 | # This file consists of lines of the form: 6 | # 7 | # name = value 8 | # 9 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with 10 | # "#" anywhere on a line. The complete list of parameter names and allowed 11 | # values can be found in the PostgreSQL documentation. 12 | # 13 | # The commented-out settings shown in this file represent the default values. 14 | # Re-commenting a setting is NOT sufficient to revert it to the default value; 15 | # you need to reload the server. 16 | # 17 | # This file is read on server startup and when the server receives a SIGHUP 18 | # signal. If you edit the file on a running system, you have to SIGHUP the 19 | # server for the changes to take effect, or use "pg_ctl reload". Some 20 | # parameters, which are marked below, require a server shutdown and restart to 21 | # take effect. 22 | # 23 | # Any parameter can also be given as a command-line option to the server, e.g., 24 | # "postgres -c log_connections=on". Some parameters can be changed at run time 25 | # with the "SET" SQL command. 26 | # 27 | # Memory units: kB = kilobytes Time units: ms = milliseconds 28 | # MB = megabytes s = seconds 29 | # GB = gigabytes min = minutes 30 | # h = hours 31 | # d = days 32 | 33 | 34 | #------------------------------------------------------------------------------ 35 | # FILE LOCATIONS 36 | #------------------------------------------------------------------------------ 37 | 38 | data_directory = '{{postgresql_data_directory}}' 39 | 40 | hba_file = '{{postgresql_hba_file}}' 41 | 42 | ident_file = '{{postgresql_ident_file}}' 43 | 44 | external_pid_file = '{{postgresql_external_pid_file}}' 45 | 46 | 47 | #------------------------------------------------------------------------------ 48 | # CONNECTIONS AND AUTHENTICATION 49 | #------------------------------------------------------------------------------ 50 | 51 | listen_addresses = '{{postgresql_listen_addresses|join(',')}}' 52 | port = {{postgresql_port}} 53 | 54 | max_connections = {{postgresql_max_connections}} 55 | superuser_reserved_connections = {{postgresql_superuser_reserved_connections}} 56 | 57 | unix_socket_directories = '{{postgresql_unix_socket_directories|join(',')}}' 58 | unix_socket_group = '{{postgresql_unix_socket_group}}' 59 | unix_socket_permissions = {{postgresql_unix_socket_permissions}} 60 | 61 | bonjour = {{'on' if postgresql_bonjour else 'off'}} 62 | bonjour_name = '{{postgresql_bonjour_name}}' 63 | 64 | 65 | # - Security and Authentication - 66 | 67 | authentication_timeout = {{postgresql_authentication_timeout}} 68 | ssl = {{'on' if postgresql_ssl else 'off'}} 69 | ssl_ciphers = '{{postgresql_ssl_ciphers|join(':')}}' 70 | ssl_renegotiation_limit = {{postgresql_ssl_renegotiation_limit}} 71 | ssl_cert_file = '{{postgresql_ssl_cert_file}}' 72 | ssl_key_file = '{{postgresql_ssl_key_file}}' 73 | ssl_ca_file = '{{postgresql_ssl_ca_file}}' 74 | ssl_crl_file = '{{postgresql_ssl_crl_file}}' 75 | password_encryption = {{'on' if postgresql_password_encryption else 'off'}} 76 | db_user_namespace = {{'on' if postgresql_db_user_namespace else 'off'}} 77 | 78 | # Kerberos and GSSAPI 79 | krb_server_keyfile = '{{postgresql_krb_server_keyfile}}' 80 | krb_srvname = '{{postgresql_krb_srvname}}' 81 | krb_caseins_users = {{'on' if postgresql_db_user_namespace else 'off'}} 82 | 83 | # TCP Keepalives, 0 selects the system default 84 | tcp_keepalives_idle = {{postgresql_tcp_keepalives_idle}} 85 | tcp_keepalives_interval = {{postgresql_tcp_keepalives_interval}} 86 | tcp_keepalives_count = {{postgresql_tcp_keepalives_count}} 87 | 88 | 89 | #------------------------------------------------------------------------------ 90 | # RESOURCE USAGE (except WAL) 91 | #------------------------------------------------------------------------------ 92 | 93 | # - Memory - 94 | 95 | shared_buffers = {{postgresql_shared_buffers}} 96 | temp_buffers = {{postgresql_temp_buffers}} 97 | 98 | max_prepared_transactions = {{postgresql_max_prepared_transactions}} 99 | 100 | work_mem = {{postgresql_work_mem}} 101 | maintenance_work_mem = {{postgresql_maintenance_work_mem}} 102 | max_stack_depth = {{postgresql_max_stack_depth}} 103 | 104 | 105 | # - Disk - 106 | 107 | temp_file_limit = {{postgresql_temp_file_limit}} 108 | 109 | 110 | # - Kernel Resource Usage - 111 | 112 | max_files_per_process = {{postgresql_max_files_per_process}} 113 | shared_preload_libraries = '{{postgresql_shared_preload_libraries|join(',')}}' 114 | 115 | 116 | # - Cost-Based Vacuum Delay - 117 | 118 | vacuum_cost_delay = {{postgresql_vacuum_cost_delay}} 119 | vacuum_cost_page_hit = {{postgresql_vacuum_cost_page_hit}} 120 | vacuum_cost_page_miss = {{postgresql_vacuum_cost_page_miss}} 121 | vacuum_cost_page_dirty = {{postgresql_vacuum_cost_page_dirty}} 122 | vacuum_cost_limit = {{postgresql_vacuum_cost_limit}} 123 | 124 | 125 | # - Background Writer - 126 | 127 | bgwriter_delay = {{postgresql_bgwriter_delay}} 128 | bgwriter_lru_maxpages = {{postgresql_bgwriter_lru_maxpages}} 129 | bgwriter_lru_multiplier = {{postgresql_bgwriter_lru_multiplier}} 130 | 131 | 132 | # - Asynchronous Behavior - 133 | 134 | effective_io_concurrency = {{postgresql_effective_io_concurrency}} 135 | 136 | 137 | #------------------------------------------------------------------------------ 138 | # WRITE AHEAD LOG 139 | #------------------------------------------------------------------------------ 140 | 141 | # - Settings - 142 | 143 | wal_level = {{postgresql_wal_level}} 144 | fsync = {{'on' if postgresql_fsync else 'off'}} 145 | 146 | synchronous_commit = {{postgresql_synchronous_commit}} 147 | 148 | wal_sync_method = {{postgresql_wal_sync_method}} 149 | 150 | full_page_writes = {{'on' if postgresql_full_page_writes else 'off'}} 151 | 152 | wal_buffers = {{postgresql_wal_buffers}} 153 | wal_writer_delay = {{postgresql_wal_writer_delay}} 154 | commit_delay = {{postgresql_commit_delay}} 155 | commit_siblings = {{postgresql_commit_siblings}} 156 | 157 | 158 | # - Checkpoints - 159 | 160 | checkpoint_segments = {{postgresql_checkpoint_segments}} 161 | checkpoint_timeout = {{postgresql_checkpoint_timeout}} 162 | checkpoint_completion_target = {{postgresql_checkpoint_completion_target}} 163 | checkpoint_warning = {{postgresql_checkpoint_warning}} 164 | 165 | 166 | # - Archiving - 167 | 168 | archive_mode = {{'on' if postgresql_archive_mode else 'off'}} 169 | archive_command = '{{postgresql_archive_command}}' 170 | archive_timeout = {{postgresql_archive_timeout}} 171 | 172 | 173 | #------------------------------------------------------------------------------ 174 | # REPLICATION 175 | #------------------------------------------------------------------------------ 176 | 177 | # - Sending Server(s) - 178 | 179 | max_wal_senders = {{postgresql_max_wal_senders}} 180 | wal_keep_segments = {{postgresql_wal_keep_segments}} 181 | wal_sender_timeout = {{postgresql_wal_sender_timeout}} 182 | 183 | 184 | # - Master Server - 185 | 186 | synchronous_standby_names = '{{postgresql_synchronous_standby_names|join(',')}}' 187 | 188 | vacuum_defer_cleanup_age = {{postgresql_vacuum_defer_cleanup_age}} 189 | 190 | 191 | # - Standby Servers - 192 | 193 | hot_standby = {{'on' if postgresql_hot_standby else 'off'}} 194 | max_standby_archive_delay = {{postgresql_max_standby_archive_delay}} 195 | max_standby_streaming_delay = {{postgresql_max_standby_streaming_delay}} 196 | wal_receiver_status_interval = {{postgresql_wal_receiver_status_interval}} 197 | hot_standby_feedback = {{'on' if postgresql_hot_standby_feedback or 'off'}} 198 | wal_receiver_timeout = {{postgresql_wal_receiver_timeout}} 199 | 200 | 201 | #------------------------------------------------------------------------------ 202 | # QUERY TUNING 203 | #------------------------------------------------------------------------------ 204 | 205 | # - Planner Method Configuration - 206 | 207 | enable_bitmapscan = {{'on' if postgresql_enable_bitmapscan else 'off'}} 208 | enable_hashagg = {{'on' if postgresql_enable_hashagg else 'off'}} 209 | enable_hashjoin = {{'on' if postgresql_enable_hashjoin else 'off'}} 210 | enable_indexscan = {{'on' if postgresql_enable_indexscan else 'off'}} 211 | enable_indexonlyscan = {{'on' if postgresql_enable_indexonlyscan else 'off'}} 212 | enable_material = {{'on' if postgresql_enable_material else 'off'}} 213 | enable_mergejoin = {{'on' if postgresql_enable_mergejoin else 'off'}} 214 | enable_nestloop = {{'on' if postgresql_enable_nestloop else 'off'}} 215 | enable_seqscan = {{'on' if postgresql_enable_seqscan else 'off'}} 216 | enable_sort = {{'on' if postgresql_enable_sort else 'off'}} 217 | enable_tidscan = {{'on' if postgresql_enable_tidscan else 'off'}} 218 | 219 | 220 | # - Planner Cost Constants - 221 | 222 | seq_page_cost = {{postgresql_seq_page_cost}} 223 | random_page_cost = {{postgresql_random_page_cost}} 224 | cpu_tuple_cost = {{postgresql_cpu_tuple_cost}} 225 | cpu_index_tuple_cost = {{postgresql_cpu_index_tuple_cost}} 226 | cpu_operator_cost = {{postgresql_cpu_operator_cost}} 227 | effective_cache_size = {{postgresql_effective_cache_size}} 228 | 229 | 230 | # - Genetic Query Optimizer - 231 | 232 | geqo = {{'on' if postgresql_enable_tidscan else 'off'}} 233 | geqo_threshold = {{postgresql_geqo_threshold}} 234 | geqo_effort = {{postgresql_geqo_effort}} 235 | geqo_pool_size = {{postgresql_geqo_pool_size}} 236 | geqo_generations = {{postgresql_geqo_generations}} 237 | geqo_selection_bias = {{postgresql_geqo_selection_bias}} 238 | geqo_seed = {{postgresql_geqo_seed}} 239 | 240 | 241 | # - Other Planner Options - 242 | 243 | default_statistics_target = {{postgresql_default_statistics_target}} 244 | constraint_exclusion = {{postgresql_constraint_exclusion}} 245 | cursor_tuple_fraction = {{postgresql_cursor_tuple_fraction}} 246 | from_collapse_limit = {{postgresql_from_collapse_limit}} 247 | join_collapse_limit = {{postgresql_join_collapse_limit}} 248 | 249 | 250 | #------------------------------------------------------------------------------ 251 | # ERROR REPORTING AND LOGGING 252 | #------------------------------------------------------------------------------ 253 | 254 | # - Where to Log - 255 | 256 | log_destination = '{{postgresql_log_destination}}' 257 | 258 | logging_collector = {{'on' if postgresql_logging_collector else 'off'}} 259 | 260 | log_directory = '{{postgresql_log_directory}}' 261 | log_filename = '{{postgresql_log_filename}}' 262 | log_file_mode = {{postgresql_log_file_mode}} 263 | log_truncate_on_rotation = {{'on' if postgresql_log_truncate_on_rotation else 'off'}} 264 | log_rotation_age = {{postgresql_log_rotation_age}} 265 | log_rotation_size = {{postgresql_log_rotation_size}} 266 | 267 | syslog_facility = '{{postgresql_syslog_facility}}' 268 | syslog_ident = '{{postgresql_syslog_ident}}' 269 | 270 | event_source = '{{postgresql_event_source}}' 271 | 272 | 273 | # - When to Log - 274 | 275 | client_min_messages = {{postgresql_client_min_messages}} 276 | 277 | log_min_messages = {{postgresql_log_min_messages}} 278 | log_min_error_statement = {{postgresql_log_min_error_statement}} 279 | log_min_duration_statement = {{postgresql_log_min_duration_statement}} 280 | 281 | 282 | # - What to Log - 283 | 284 | debug_print_parse = {{'on' if postgresql_debug_print_parse else 'off'}} 285 | debug_print_rewritten = {{'on' if postgresql_debug_print_rewritten else 'off'}} 286 | debug_print_plan = {{'on' if postgresql_debug_print_plan else 'off'}} 287 | debug_pretty_print = {{'on' if postgresql_debug_pretty_print else 'off'}} 288 | log_checkpoints = {{'on' if postgresql_log_checkpoints else 'off'}} 289 | log_connections = {{'on' if postgresql_log_connections else 'off'}} 290 | log_disconnections = {{'on' if postgresql_log_disconnections else 'off'}} 291 | log_duration = {{'on' if postgresql_log_duration else 'off'}} 292 | log_error_verbosity = {{postgresql_log_error_verbosity}} # terse, default, or verbose messages 293 | log_hostname = {{'on' if postgresql_log_duration else 'off'}} 294 | log_line_prefix = '{{postgresql_log_line_prefix}}' 295 | log_lock_waits = {{'on' if postgresql_log_lock_waits else 'off'}} 296 | log_statement = '{{postgresql_log_statement}}' 297 | log_temp_files = {{postgresql_log_temp_files}} 298 | log_timezone = '{{postgresql_log_timezone}}' 299 | 300 | 301 | #------------------------------------------------------------------------------ 302 | # RUNTIME STATISTICS 303 | #------------------------------------------------------------------------------ 304 | 305 | # - Query/Index Statistics Collector - 306 | 307 | track_activities = {{'on' if postgresql_track_activities else 'off'}} 308 | track_counts = {{'on' if postgresql_track_counts else 'off'}} 309 | track_io_timing = {{'on' if postgresql_track_io_timing else 'off'}} 310 | track_functions = {{postgresql_track_functions}} # none, pl, all 311 | track_activity_query_size = {{postgresql_track_activity_query_size}} 312 | update_process_title = {{'on' if postgresql_update_process_title else 'off'}} 313 | stats_temp_directory = '{{postgresql_stats_temp_directory}}' 314 | 315 | 316 | # - Statistics Monitoring - 317 | 318 | log_parser_stats = {{'on' if postgresql_log_parser_stats else 'off'}} 319 | log_planner_stats = {{'on' if postgresql_log_planner_stats else 'off'}} 320 | log_executor_stats = {{'on' if postgresql_log_executor_stats else 'off'}} 321 | log_statement_stats = {{'on' if postgresql_log_statement_stats else 'off'}} 322 | 323 | 324 | #------------------------------------------------------------------------------ 325 | # AUTOVACUUM PARAMETERS 326 | #------------------------------------------------------------------------------ 327 | 328 | autovacuum = {{'on' if postgresql_autovacuum else 'off'}} 329 | log_autovacuum_min_duration = {{postgresql_log_autovacuum_min_duration}} 330 | autovacuum_max_workers = {{postgresql_autovacuum_max_workers}} 331 | autovacuum_naptime = {{postgresql_autovacuum_naptime}} 332 | autovacuum_vacuum_threshold = {{postgresql_autovacuum_vacuum_threshold}} 333 | autovacuum_analyze_threshold = {{postgresql_autovacuum_analyze_threshold}} 334 | autovacuum_vacuum_scale_factor = {{postgresql_autovacuum_vacuum_scale_factor}} 335 | autovacuum_analyze_scale_factor = {{postgresql_autovacuum_analyze_scale_factor}} 336 | autovacuum_freeze_max_age = {{postgresql_autovacuum_freeze_max_age}} 337 | autovacuum_vacuum_cost_delay = {{postgresql_autovacuum_vacuum_cost_delay}} 338 | autovacuum_vacuum_cost_limit = {{postgresql_autovacuum_vacuum_cost_limit}} 339 | 340 | 341 | #------------------------------------------------------------------------------ 342 | # CLIENT CONNECTION DEFAULTS 343 | #------------------------------------------------------------------------------ 344 | 345 | # - Statement Behavior - 346 | 347 | search_path = '{{postgresql_search_path|join(',')}}' 348 | default_tablespace = '{{postgresql_default_tablespace}}' 349 | temp_tablespaces = '{{postgresql_temp_tablespaces|join(',')}}' 350 | 351 | check_function_bodies = {{'on' if postgresql_check_function_bodies else 'off'}} 352 | default_transaction_isolation = '{{postgresql_default_transaction_isolation}}' 353 | default_transaction_read_only = {{'on' if postgresql_default_transaction_read_only else 'off'}} 354 | default_transaction_deferrable = {{'on' if postgresql_default_transaction_deferrable else 'off'}} 355 | session_replication_role = '{{postgresql_session_replication_role}}' 356 | 357 | statement_timeout = {{postgresql_statement_timeout}} 358 | lock_timeout = {{postgresql_lock_timeout}} 359 | vacuum_freeze_min_age = {{postgresql_vacuum_freeze_min_age}} 360 | vacuum_freeze_table_age = {{postgresql_vacuum_freeze_table_age}} 361 | 362 | bytea_output = '{{postgresql_bytea_output}}' 363 | xmlbinary = '{{postgresql_xmlbinary}}' 364 | xmloption = '{{postgresql_xmloption}}' 365 | 366 | 367 | # - Locale and Formatting - 368 | 369 | datestyle = '{{postgresql_datestyle|join(',')}}' 370 | intervalstyle = '{{postgresql_intervalstyle}}' 371 | timezone = '{{postgresql_timezone}}' 372 | 373 | timezone_abbreviations = '{{postgresql_timezone_abbreviations}}' 374 | 375 | extra_float_digits = {{postgresql_extra_float_digits}} 376 | client_encoding = {{postgresql_client_encoding}} 377 | 378 | lc_messages = '{{postgresql_lc_messages}}' 379 | lc_monetary = '{{postgresql_lc_monetary}}' 380 | lc_numeric = '{{postgresql_lc_numeric}}' 381 | lc_time = '{{postgresql_lc_time}}' 382 | 383 | default_text_search_config = '{{postgresql_default_text_search_config}}' 384 | 385 | dynamic_library_path = '{{postgresql_dynamic_library_path}}' 386 | local_preload_libraries = '{{postgresql_local_preload_libraries|join(',')}}' 387 | 388 | 389 | #------------------------------------------------------------------------------ 390 | # LOCK MANAGEMENT 391 | #------------------------------------------------------------------------------ 392 | 393 | deadlock_timeout = {{postgresql_deadlock_timeout}} 394 | max_locks_per_transaction = {{postgresql_max_locks_per_transaction}} 395 | 396 | max_pred_locks_per_transaction = {{postgresql_max_pred_locks_per_transaction}} 397 | 398 | 399 | #------------------------------------------------------------------------------ 400 | # VERSION/PLATFORM COMPATIBILITY 401 | #------------------------------------------------------------------------------ 402 | 403 | # - Previous PostgreSQL Versions - 404 | 405 | array_nulls = {{'on' if postgresql_array_nulls else 'off'}} 406 | backslash_quote = {{postgresql_backslash_quote}} # on, off, or safe_encoding 407 | default_with_oids = {{'on' if postgresql_default_with_oids else 'off'}} 408 | escape_string_warning = {{'on' if postgresql_escape_string_warning else 'off'}} 409 | lo_compat_privileges = {{'on' if postgresql_lo_compat_privileges else 'off'}} 410 | quote_all_identifiers = {{'on' if postgresql_quote_all_identifiers else 'off'}} 411 | sql_inheritance = {{'on' if postgresql_sql_inheritance else 'off'}} 412 | standard_conforming_strings = {{'on' if postgresql_standard_conforming_strings else 'off'}} 413 | synchronize_seqscans = {{'on' if postgresql_synchronize_seqscans else 'off'}} 414 | 415 | 416 | # - Other Platforms and Clients - 417 | 418 | transform_null_equals = {{'on' if postgresql_transform_null_equals else 'off'}} 419 | 420 | 421 | #------------------------------------------------------------------------------ 422 | # ERROR HANDLING 423 | #------------------------------------------------------------------------------ 424 | 425 | exit_on_error = {{'on' if postgresql_exit_on_error else 'off'}} 426 | restart_after_crash = {{'on' if postgresql_restart_after_crash else 'off'}} 427 | 428 | 429 | #------------------------------------------------------------------------------ 430 | # CONFIG FILE INCLUDES 431 | #------------------------------------------------------------------------------ 432 | 433 | # These options allow settings to be loaded from files other than the 434 | # default postgresql.conf. 435 | 436 | include_dir = 'conf.d' # include files ending in '.conf' from 437 | # directory 'conf.d' 438 | #include_if_exists = 'exists.conf' # include file only if it exists 439 | #include = 'special.conf' # include file 440 | 441 | 442 | #------------------------------------------------------------------------------ 443 | # CUSTOMIZED OPTIONS 444 | #------------------------------------------------------------------------------ 445 | 446 | # Add settings for extensions here 447 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/ANXS.postgresql/test.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | vars_files: 3 | - 'defaults/main.yml' 4 | tasks: 5 | - include: 'tasks/main.yml' 6 | handlers: 7 | - include: 'handlers/main.yml' 8 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/files/authorized_keys: -------------------------------------------------------------------------------- 1 | # Your ssh public keys go in here and will be deployed for easy login 2 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/files/insecure_sudoers: -------------------------------------------------------------------------------- 1 | # /etc/sudoers 2 | # 3 | # This file MUST be edited with the 'visudo' command as root. 4 | # 5 | # See the man page for details on how to write a sudoers file. 6 | # 7 | 8 | Defaults env_reset 9 | ###### DANGER WILL ROBINSON 10 | # Defaults !authenticate 11 | ###### THIS STOPS SUDO ASKING FOR A PASSWORD TO BECOME ROOT. 12 | ###### Kinda elegant, but dangerous as all get out. 13 | 14 | # Host alias specification 15 | 16 | # User alias specification 17 | 18 | # Cmnd alias specification 19 | 20 | # User privilege specification 21 | root ALL=(ALL) ALL 22 | 23 | # Allow members of group sudo to execute any command after they have 24 | # provided their password 25 | # (Note that later entries override this, so you might need to move 26 | # it further down) 27 | %sudo ALL=(ALL) ALL 28 | # 29 | #includedir /etc/sudoers.d 30 | 31 | # Members of the admin group may gain root privileges 32 | %admin ALL=(ALL) ALL 33 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Most times you see a handler, it'll be restarting a service. 3 | # However, they can actually run any standard module. After I've set the hostname in the /etc/hostname file, we'll call the hostname binary and set it with that too. 4 | 5 | 6 | - name: set hostname 7 | shell: /bin/hostname -F /etc/hostname 8 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is a thing I devised to set the hostname of a newly provisioned box (ideal if you use kickstart, and the new host comes up with a daft name). 3 | - name: Gather EC2 Facts 4 | action: ec2_facts 5 | 6 | - name: Set Hostname according to hosts inventory 7 | template: src=hostname.j2 dest=/etc/hostname 8 | when: set_hostname is defined 9 | notify: set hostname 10 | # This ensures that there's a line in the file /etc/hosts to describe the new hostname. 11 | - name: Ensure self-reference hostname in /etc/hosts 12 | lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line="127.0.0.1 localhost {{ set_hostname }}" owner=root group=root mode=0644 13 | when: set_hostname is defined 14 | #" 15 | 16 | # This is optional, but effectively prevents the installation of i386 packages. 17 | # Handy when you have an amd64-only local apt mirror. 18 | 19 | - name: Remove i386 architecture 20 | shell: dpkg --remove-architecture i386 21 | when: ansible_distribution_release == "saucy" 22 | tags: firstrun 23 | 24 | # This is very useful. Basically translates to "run apt-get update" on the target 25 | - name: Regenerate apt-cache 26 | apt: update_cache=yes 27 | 28 | # Skip these on EC2 hosts. 29 | # access_user is a host variable, where it's possible to set the name of the user you'll ssh in as 30 | - name: create .ssh directory 31 | file: path=/home/{{access_user}}/.ssh owner={{access_user}} group={{access_user}} mode=700 state=directory 32 | when: ansible_ec2_profile is not defined 33 | # This generates a ssh-key noninteractively. 34 | - name: generate a ssh-key for the access_user 35 | shell: ssh-keygen -t rsa -N "" -f /home/{{access_user}}/.ssh/id_rsa -q creates=/home/{{access_user}}/.ssh/id_rsa 36 | when: ansible_ec2_profile is not defined 37 | # This is a way to drop an authorized_keys file into the access_user's ssh directory, to make logging in easier. 38 | - name: deploy access ssh-key to user's authorized keys file 39 | copy: src=authorized_keys dest=/home/{{access_user}}/.ssh/authorized_keys 40 | when: ansible_ec2_profile is not defined 41 | 42 | # This deploys an *incredibly* dubious sudoers file (that'll never ask for a password to become root) - makes fast deployment easier. 43 | # Skip on EC2 44 | - name: Deploy Sudoers file 45 | copy: src=insecure_sudoers dest=/etc/sudoers mode=440 owner=root group=root 46 | when: ansible_ec2_profile is not defined 47 | 48 | # The rest of this file is really about configuring commonly used packages, useful stuff and so on. 49 | 50 | # There's two ways to call the apt module. You can do it like this, specifying one package, and its state (installed, absent) etc. 51 | - name: install python-software-properties 52 | apt: pkg=python-software-properties state=installed 53 | 54 | #If you're doing lots of packages at once, you can use with_items, and provide the apt: module with pkg={{ item }} and you get something like a foreach in [list] effect. 55 | 56 | - name: install default packages 57 | apt: pkg={{ item }} state=installed 58 | with_items: 59 | - aptitude 60 | - vim 61 | - supervisor 62 | - python-dev 63 | - htop 64 | - screen 65 | - python-pycurl 66 | - python-lxml 67 | - git-core 68 | - libncurses5-dev 69 | - build-essential 70 | - unzip 71 | - curl 72 | - libcurl3 73 | - libssl1.0.0 74 | - libsqlite3-0 75 | - libsqlite3-dev 76 | 77 | # This deploys a sane (reasonably so) config for supervisord 78 | - name: Deploy supervisord.conf 79 | template: src=supervisord.conf.j2 dest=/etc/supervisor/supervisord.conf owner=root group=root mode=644 80 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/templates/hostname.j2: -------------------------------------------------------------------------------- 1 | {{ set_hostname }} 2 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/roles/common/templates/supervisord.conf.j2: -------------------------------------------------------------------------------- 1 | ; supervisor config file 2 | 3 | [unix_http_server] 4 | file=/var/run/supervisor.sock ; (the path to the socket file) 5 | chmod=0700 ; sockef file mode (default 0700) 6 | 7 | [supervisord] 8 | logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) 11 | 12 | ; the below section must remain in the config file for RPC 13 | ; (supervisorctl/web interface) to work, additional interfaces may be 14 | ; added by defining them in separate rpcinterface: sections 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | 18 | [supervisorctl] 19 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 20 | 21 | ; The [include] section can just contain the "files" setting. This 22 | ; setting can list multiple files (separated by whitespace or 23 | ; newlines). It can also contain wildcards. The filenames are 24 | ; interpreted as relative to this file. Included files *cannot* 25 | ; include files themselves. 26 | 27 | [include] 28 | files = /etc/supervisor/conf.d/*.conf 29 | 30 | -------------------------------------------------------------------------------- /playbooks/part5_galaxy/tutorial.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install everything needed for a staging server running our app. 3 | hosts: staging 4 | user: ubuntu 5 | sudo: yes 6 | vars: 7 | database_name: "tutorial" 8 | database_user: "tutorialuser" 9 | database_password: "PleaseChangeThisToYourPassword" 10 | database_hostname: "localhost" 11 | database_port: 5432 12 | django_settings: "tutorialapp.settings" #CHANGE THIS TOO 13 | project_root: /srv/tutorial 14 | project_deploy_strategy: git 15 | project_git_repo: git@github.com:FILL_IN_YOUR_PATH_HERE 16 | project_accept_hostkey: yes 17 | project_finalize: true 18 | project_unwanted_items: ['.git'] 19 | fail2ban_services: 20 | - name: ssh 21 | enabled: true 22 | port: ssh 23 | filter: sshd 24 | logpath: /var/log/auth.log 25 | maxretry: 3 26 | protocol: tcp 27 | roles: 28 | - common 29 | - role: ANXS.monit 30 | monit_notify_email: "sysadmin.email@example.org" 31 | 32 | - role: ANXS.postgresql 33 | monit_protection: true 34 | postgresql_databases: 35 | - name: "{{database_name}}" 36 | postgresql_users: 37 | - name: "{{database_user}}" 38 | pass: "{{database_password}}" 39 | encrypted: no 40 | postgresql_user_privileges: 41 | - name: "{{database_user}}" 42 | db: "{{datbase_name}}" 43 | priv: "ALL" 44 | 45 | - role: f500.project_deploy 46 | tags: deploy 47 | 48 | - role: EDITD.virtualenv 49 | tags: deploy 50 | virtualenv_path: "{{project_root}}/current" 51 | virtualenv_requirements_file: "{{project_root}}/current/requirements.txt" 52 | virtualenv_user: root 53 | virtualenv_group: root 54 | 55 | - role: ANXS.nginx 56 | tags: nginx 57 | nginx_install_method: package 58 | 59 | - role: joshualund.ufw 60 | ufw_connection_rate_limits: 61 | - {port: 22, protocol: tcp} 62 | ufw_whitelisted_ports: 63 | - {port: 22, protocol: tcp} 64 | - {port: 80, protocol: tcp} 65 | - {port: 443, protocol: tcp} --------------------------------------------------------------------------------