accounting/bench
2
0
Fork 0
mirror of https://github.com/frappe/bench.git synced 2025-01-09 16:36:25 +00:00
Code Issues Releases Activity

Merge pull request #480 from saurabh6790/ansible-merge

Browse Source 
Setup bench via roles
This commit is contained in:
Saurabh 2017-10-02 15:29:01 +05:30 committed by GitHub
commit e2260d7065
83 changed files with 1493 additions and 617 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bench/cli.py
View File

@ -47,10 +47,12 @@ def check_uid():
sys.exit(1)
def cmd_requires_root():
if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'reload-nginx', 'firewall', 'ssh-port'):
return True
if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'):
return True
if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts',
'print', 'firewall', 'ssh-port', 'role'):
return True
if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production',
'install'):
return True
def change_dir():
if os.path.exists('config.json') or "init" in sys.argv:

3
bench/commands/__init__.py
View File

@ -68,3 +68,6 @@ from bench.commands.git import remote_set_url, remote_reset_url, remote_urls
bench_command.add_command(remote_set_url)
bench_command.add_command(remote_reset_url)
bench_command.add_command(remote_urls)
from bench.commands.install import install
bench_command.add_command(install)

51
bench/commands/install.py Normal file
View File

@ -0,0 +1,51 @@
import os, sys, json, click
from bench.utils import run_playbook
extra_vars = {"production": True}
@click.group()
def install():
"Install system dependancies"
pass
@click.command('prerequisites')
def install_prerequisites():
"Install prerequisites"
run_playbook('prerequisites/install_prerequisites.yml')
@click.command('mariadb')
@click.option('--mysql_root_password')
def install_maridb(mysql_root_password=''):
"Install mariadb 10.1"
if mysql_root_password:
extra_vars.update({"mysql_root_password": mysql_root_password})
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb')
@click.command('wkhtmltopdf')
def install_wkhtmltopdf():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
@click.command('nodejs')
def install_nodejs():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs')
@click.command('psutil')
def install_psutil():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil')
@click.command('nginx')
def install_nginx():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx')
@click.command('fail2ban')
def install_failtoban():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban')
install.add_command(install_prerequisites)
install.add_command(install_maridb)
install.add_command(install_wkhtmltopdf)
install.add_command(install_nodejs)
install.add_command(install_psutil)
install.add_command(install_nginx)
install.add_command(install_failtoban)

49
bench/commands/setup.py
View File

@ -77,24 +77,35 @@ def setup_env():
setup_env()
@click.command('firewall')
def setup_firewall():
@click.option('--ssh_port')
@click.option('--force')
def setup_firewall(ssh_port=None, force=False):
"Setup firewall"
from bench.utils import run_playbook
click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
'Do you want to continue?',
abort=True)
run_playbook('production/setup_firewall.yml')
if not force:
click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
'Do you want to continue?',
abort=True)
if not ssh_port:
ssh_port = 22
run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port})
@click.command('ssh-port')
@click.argument('port')
def set_ssh_port(port):
@click.option('--force')
def set_ssh_port(port, force=False):
"Set SSH Port"
from bench.utils import run_playbook
click.confirm('This will change your SSH Port to {}\n'
'Do you want to continue?'.format(port),
abort=True)
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
if not force:
click.confirm('This will change your SSH Port to {}\n'
'Do you want to continue?'.format(port),
abort=True)
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
@click.command('lets-encrypt')
@click.argument('site')
@ -181,6 +192,23 @@ def sync_domains(domain=None, site=None):
# if changed, success, else failure
sys.exit(0 if changed else 1)
@click.command('role')
@click.argument('role')
@click.option('--admin_emails', default='')
@click.option('--mysql_root_password')
def setup_roles(role, **kwargs):
"Install dependancies via roles"
from bench.utils import run_playbook
extra_vars = {"production": True}
extra_vars.update(kwargs)
if role:
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role)
else:
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars)
setup.add_command(setup_sudoers)
setup.add_command(setup_nginx)
setup.add_command(reload_nginx)
@ -201,3 +229,4 @@ setup.add_command(remove_domain)
setup.add_command(sync_domains)
setup.add_command(setup_firewall)
setup.add_command(set_ssh_port)
setup.add_command(setup_roles)

7
bench/utils.py
View File

@ -761,11 +761,16 @@ def set_git_remote_url(git_url, bench_path='.'):
if os.path.exists(os.path.join(app_dir, '.git')):
exec_cmd("git remote set-url upstream {}".format(git_url), cwd=app_dir)
def run_playbook(playbook_name, extra_vars=None):
def run_playbook(playbook_name, extra_vars=None, tag=None):
if not find_executable('ansible'):
print("Ansible is needed to run this command, please install it using 'pip install ansible'")
sys.exit(1)
args = ['ansible-playbook', '-c', 'local', playbook_name]
if extra_vars:
args.extend(['-e', json.dumps(extra_vars)])
if tag:
args.extend(['-t', tag])
subprocess.check_call(args, cwd=os.path.join(os.path.dirname(bench.__path__[0]), 'playbooks'))

87
playbooks/develop/centos.yml
View File

@ -1,87 +0,0 @@
---
- hosts: localhost
vars:
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
mysql_config_template: "templates/simple_mariadb_config.cnf"
mysql_conf_dir: /etc/my.cnf.d/
tasks:
- name: development tools package
yum: name="@Development tools" state=present
become: yes
become_user: root
- name: install prerequisites
yum: pkg={{ item }} state=present
with_items:
# basic installs
- redis
# for mariadb
- libselinux-python
- mysql-devel
- mysql-libs
# for wkhtmltopdf
- libXrender
- libXext
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
# for Pillow
- libjpeg-devel
- zlib-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- libtiff-devel
- tcl-devel
- tk-devel
# Python LDAP
- openldap-devel
become: yes
become_user: root
- name: Import Node source RPM key
rpm_key:
key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
state: present
become: yes
become_user: root
- name: Add Node Repo
yum:
name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm'
state: present
become: yes
become_user: root
- name: Install nodejs
yum:
name: nodejs
state: present
become: yes
become_user: root
# install MariaDB
- include: includes/mariadb_centos.yml
# install WKHTMLtoPDF
- include: includes/wkhtmltopdf.yml
# setup MariaDB
- include: includes/setup_mariadb.yml
# setup frappe-bench
- include: includes/setup_bench.yml
when: not run_travis and not without_bench_setup
# setup development environment
- include: includes/setup_dev_env.yml
when: not run_travis and not production

127
playbooks/develop/debian.yml
View File

@ -1,127 +0,0 @@
---
- hosts: localhost
vars:
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
mysql_config_template: "templates/simple_mariadb_config.cnf"
mysql_conf_dir: /etc/mysql/conf.d/
tasks:
- name: Add dotdeb apt repository key for Debian < 8
apt_key:
url: http://www.dotdeb.org/dotdeb.gpg
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add dotdeb apt repository for redis-server for Debian < 8
apt_repository:
repo: 'deb http://packages.dotdeb.org wheezy all'
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
# install pre-requisites
- name: install prequisites
apt: pkg={{ item }} state=present
with_items:
# basic installs
- build-essential
- redis-server
# for mariadb
- software-properties-common
# for wkhtmltopdf
- libxrender1
- libxext6
- xfonts-75dpi
- xfonts-base
# for Pillow
- zlib1g-dev
- libfreetype6-dev
- liblcms2-dev
- libwebp-dev
- python-tk
# Ensure apt-transport-https
- apt-transport-https
# Python LDAP
- libsasl2-dev
- libldap2-dev
become: yes
become_user: root
- name: install pillow prerequisites for Debian < 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'lt')
become: yes
become_user: root
- name: install pillow prerequisites for Debian >= 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg62-turbo-dev
- libtiff5-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'ge')
become: yes
become_user: root
- name: Add apt key for node repo
apt_key:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id: "68576280"
state: present
become: yes
become_user: root
- name: Add repo
apt_repository:
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
state: present
update_cache: yes
become: yes
become_user: root
- name: Install nodejs 6.x
apt:
name: nodejs
state: present
update_cache: yes
force: yes
become: yes
become_user: root
# install MariaDB
- include: includes/mariadb_debian.yml
# install WKHTMLtoPDF
- include: includes/wkhtmltopdf.yml
# setup MariaDB
- include: includes/setup_mariadb.yml
- debug:
var: run_travis
# setup frappe-bench
- include: includes/setup_bench.yml
when: not run_travis
# setup development environment
- include: includes/setup_dev_env.yml
when: not production and not run_travis

13
playbooks/develop/includes/mariadb_centos.yml
View File

@ -1,13 +0,0 @@
---
- name: Add repository
template: src=templates/mariadb_centos.repo dest=/etc/yum.repos.d/MariaDB.repo owner=root mode=0644
become: yes
become_user: root
- name: Install MariaDB
yum: pkg={{ item }} state=present
with_items:
- MariaDB-server
- MariaDB-client
become: yes
become_user: root

27
playbooks/develop/includes/mariadb_debian.yml
View File

@ -1,27 +0,0 @@
---
- name: Add apt key for mariadb for Debian <= 8
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
become: yes
become_user: root
when: ansible_distribution_major_version | version_compare('8', 'le')
- name: Add apt repository
apt_repository:
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main'
state: present
become: yes
become_user: root
- name: Unattended package installation
shell: export DEBIAN_FRONTEND=noninteractive
- name: apt-get install
apt: pkg={{ item }} update_cache=yes state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient-dev
become: yes
become_user: root

32
playbooks/develop/includes/mariadb_ubuntu.yml
View File

@ -1,32 +0,0 @@
---
- name: Add apt key for mariadb for Ubuntu < 16.04
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
become: yes
become_user: root
when: ansible_distribution_version | version_compare('16.04', 'lt')
- name: Add apt key for mariadb for Ubuntu >= 16.04
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present
become: yes
become_user: root
when: ansible_distribution_version | version_compare('16.04', 'ge')
- name: Add apt repository
apt_repository:
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu {{ ansible_distribution_release }} main'
state: present
become: yes
become_user: root
- name: Unattended package installation
shell: export DEBIAN_FRONTEND=noninteractive
- name: apt-get install
apt: pkg={{ item }} update_cache=yes state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient-dev
become: yes
become_user: root

40
playbooks/develop/includes/setup_mariadb.yml
View File

@ -1,40 +0,0 @@
---
- name: Install MySQLdb in global env
pip: name=mysql-python version=1.2.5
become: yes
become_user: root
- name: Add configuration
template: src={{ mysql_config_template }} dest={{ mysql_conf_dir }}/frappe.cnf owner=root mode=0644
become: yes
become_user: root
- name: restart mysql linux
service: name=mysql state=restarted
become: yes
become_user: root
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Debian'
- name: Set root Password
command: mysqladmin -u root password {{ mysql_root_password }}
become: yes
become_user: root
when: mysql_root_password is defined
# incase root password is already set
ignore_errors: yes
- name: add launchagents folder mac
file: path=~/Library/LaunchAgents state=directory
when: ansible_distribution == 'MacOSX'
- name: add mysql to mac startup
file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes
when: ansible_distribution == 'MacOSX'
- name: stop mysql mac
command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'
- name: start mysql mac
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'

19
playbooks/develop/includes/wkhtmltopdf.yml
View File

@ -1,19 +0,0 @@
---
- name: download wkthmltox linux
get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz
- name: Creates directory
file: path=/tmp/wkhtmltox state=directory
- name: unarchive wkhtmltopdf
unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp
- name: copy to /usr/local/bin
copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf"
become: true
become_user: root
- name: make wkhtmltopdf executable
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
become: true
become_user: root

25
playbooks/develop/install.yml
View File

@ -1,14 +1,25 @@
---
- hosts: localhost
- include: ../prerequisites/install_prerequisites.yml
when: ansible_distribution != 'MacOSX'
- include: ../prerequisites/install_roles.yml
when: ansible_distribution != 'MacOSX'
- include: macosx.yml
when: ansible_distribution == 'MacOSX'
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: setup bench and dev environment
hosts: localhost
vars:
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}"
tasks:
# setup frappe-bench
- include: includes/setup_bench.yml
when: not run_travis and not without_bench_setup
- include: centos.yml
when: ansible_distribution == 'CentOS'
- include: debian.yml
when: ansible_distribution == 'Debian'
# setup development environment
- include: includes/setup_dev_env.yml
when: not run_travis and not production

51
playbooks/develop/macosx.yml
View File

@ -1,35 +1,38 @@
---
- hosts: localhost
become: yes
become_user: root
vars:
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
mysql_config_template: "templates/simple_mariadb_config.cnf"
mysql_conf_dir: /usr/local/etc/my.cnf.d
tasks:
# install pre-requisites
- name: install prequisites
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
# install pre-requisites
- name: install prequisites
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
# install wkhtmltopdf
- name: cask installs
homebrew_cask: name={{ item }} state=present
with_items:
- wkhtmltopdf
# install wkhtmltopdf
- name: cask installs
homebrew_cask: name={{ item }} state=present
with_items:
- wkhtmltopdf
- name: configure mariadb
include: ../prerequisites/roles/mariadb/tasks/main.yml
vars:
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
# setup MariaDB
- include: includes/setup_mariadb.yml
- name: Install MySQLdb in global env
pip: name=mysql-python version=1.2.5
# setup frappe-bench
- include: includes/setup_bench.yml
# setup frappe-bench
- include: includes/setup_bench.yml
# setup development environment
- include: includes/setup_dev_env.yml
when: not production
# setup development environment
- include: includes/setup_dev_env.yml
when: not production

110
playbooks/develop/ubuntu.yml
View File

@ -1,110 +0,0 @@
---
- hosts: localhost
vars:
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
mysql_config_template: "templates/simple_mariadb_config.cnf"
mysql_conf_dir: /etc/mysql/conf.d/
tasks:
# install pre-requisites
- name: install prequisites
apt: pkg={{ item }} state=present
with_items:
# basic installs
- build-essential
- redis-server
# for mariadb
- software-properties-common
# for wkhtmltopdf
- libxrender1
- libxext6
- xfonts-75dpi
- xfonts-base
# for Pillow
- libjpeg8-dev
- zlib1g-dev
- libfreetype6-dev
- liblcms2-dev
- libwebp-dev
- python-tk
# Ensure apt-transport-https
- apt-transport-https
# Python LDAP
- libsasl2-dev
- libldap2-dev
become: yes
become_user: root
- name: install pillow prerequisites for Ubuntu < 14.04
apt: pkg={{ item }} state=present
with_items:
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('14.04', 'lt')
become: yes
become_user: root
- name: install pillow prerequisites for Ubuntu >= 14.04
apt: pkg={{ item }} state=present
with_items:
- libtiff5-dev
- tcl8.6-dev
- tk8.6-dev
when: ansible_distribution_version | version_compare('14.04', 'ge')
become: yes
become_user: root
- name: Add apt key for node repo
apt_key:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id: "68576280"
state: present
become: yes
become_user: root
- name: Add repo
apt_repository:
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
state: present
register: node_repo
become: yes
become_user: root
- name: Install nodejs 6.x
apt:
name: nodejs
state: present
update_cache: yes
force: yes
become: yes
become_user: root
# install MariaDB
- include: includes/mariadb_ubuntu.yml
# install WKHTMLtoPDF
- include: includes/wkhtmltopdf.yml
# setup MariaDB
- include: includes/setup_mariadb.yml
- debug:
var: run_travis
# setup frappe-bench
- include: includes/setup_bench.yml
when: not without_bench_setup and not run_travis
# setup development environment
- include: includes/setup_dev_env.yml
when: not production and not run_travis and not without_bench_setup

7
playbooks/install.py
View File

@ -103,6 +103,9 @@ def install_bench(args):
branch = 'master' if args.production else 'develop'
extra_vars.update(branch=branch)
bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
extra_vars.update(bench_name=bench_name)
if args.develop:
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
@ -340,6 +343,9 @@ def parse_commandline_args():
parser.add_argument('--site', dest='site', action='store', default='site1.local',
help='Specifiy name for your first ERPNext site')
parser.add_argument('--without-site', dest='without_site', action='store_true',
default=False)
parser.add_argument('--verbose', dest='verbosity', action='store_true', default=False,
help='Run the script in verbose mode')
@ -364,6 +370,7 @@ def parse_commandline_args():
# set passwords
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')
args = parser.parse_args()

21
playbooks/prerequisites/debian.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Setup OpenSSL dependancy
pip: name=pyOpenSSL version=16.2.0
- name: install pillow prerequisites for Debian < 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'lt')
- name: install pillow prerequisites for Debian >= 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg62-turbo-dev
- libtiff5-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'ge')

0
playbooks/develop/templates/simple_mariadb_config.cnf → playbooks/prerequisites/files/debian_mariadb_config.cnf
View File

61
playbooks/prerequisites/files/mariadb_config.cnf Normal file
View File

@ -0,0 +1,61 @@
[mysqld]
# GENERAL #
user = mysql
default-storage-engine = InnoDB
socket = /var/lib/mysql/mysql.sock
pid-file = /var/lib/mysql/mysql.pid
# MyISAM #
key-buffer-size = 32M
myisam-recover = FORCE,BACKUP
# SAFETY #
max-allowed-packet = 64M
max-connect-errors = 1000000
innodb = FORCE
# DATA STORAGE #
datadir = /var/lib/mysql/
# BINARY LOGGING #
log-bin = /var/lib/mysql/mysql-bin
expire-logs-days = 14
sync-binlog = 1
# REPLICATION #
server-id = 1
# CACHES AND LIMITS #
tmp-table-size = 32M
max-heap-table-size = 32M
query-cache-type = 0
query-cache-size = 0
max-connections = 500
thread-cache-size = 50
open-files-limit = 65535
table-definition-cache = 4096
table-open-cache = 10240
# INNODB #
innodb-flush-method = O_DIRECT
innodb-log-files-in-group = 2
innodb-log-file-size = 512M
innodb-flush-log-at-trx-commit = 1
innodb-file-per-table = 1
innodb-buffer-pool-size = {{ (ansible_memtotal_mb*0.685)|round|int }}M
innodb-file-format = barracuda
innodb-large-prefix = 1
collation-server = utf8mb4_unicode_ci
character-set-server = utf8mb4
character-set-client-handshake = FALSE
max_allowed_packet = 64M
# LOGGING #
log-error = /var/lib/mysql/mysql-error.log
log-queries-not-using-indexes = 0
slow-query-log = 1
slow-query-log-file = /var/lib/mysql/mysql-slow.log
[mysql]
default-character-set = utf8mb4

76
playbooks/prerequisites/files/nginx.conf Normal file
View File

@ -0,0 +1,76 @@
user {{ nginx_user }};
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {{ nginx_worker_connections or 2048 }};
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
# keepalive_timeout 10;
# keepalive_requests 10;
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
;
server_names_hash_max_size 4096;
open_file_cache max=65000 inactive=1m;
open_file_cache_valid 5s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
client_max_body_size 50m;
large_client_header_buffers 4 32k;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m;
include /etc/nginx/conf.d/*.conf;
}

99
playbooks/prerequisites/install_prerequisites.yml Normal file
View File

@ -0,0 +1,99 @@
---
#- include: setup_essentials.yml
- name: "Setup prerequisites"
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- bzip2-devel
- cronie
- dnsmasq
- freetype-devel
- git
- htop
- lcms2-devel
- libjpeg-devel
- libtiff-devel
- libffi-devel
- libwebp-devel
- libXext
- libXrender
- libzip-devel
- libffi-devel
- ntp
- openssl-devel
- postfix
- python-devel
- python-setuptools
- python-pip
- redis
- screen
- sudo
- supervisor
- tcl-devel
- tk-devel
- vim
- which
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
- zlib-devel
- openssl-devel
- openldap-devel
when: ansible_os_family == 'RedHat'
# Prerequisite for Debian and Ubuntu
- name: Install apt packages
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- software-properties-common
- dnsmasq
- fontconfig
- git
- htop
- libcrypto++-dev
- libfreetype6-dev
- liblcms2-dev
- libssl-dev
- libwebp-dev
- libxext6
- libxrender1
- libxslt1-dev
- libxslt1.1
- libffi-dev
- ntp
- postfix
- python-dev
- python-pip
- python-tk
- redis-server
- screen
- supervisor
- vim
- xfonts-75dpi
- xfonts-base
- zlib1g-dev
- apt-transport-https
- libsasl2-dev
- libldap2-dev
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: debian.yml
when: ansible_distribution == 'Debian'
# Prerequisite for MACOS
- name: install prequisites for macos
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
when: ansible_distribution == 'MacOSX'

35
playbooks/prerequisites/install_roles.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
hosts: localhost
become: yes
become_user: root
vars:
- mysql_conf_tpl: files/mariadb_config.cnf
- nginx_conf_file: files/nginx.conf
- mysql_secure_installation: True
roles:
- { role: locale, tags: "locale" }
- { role: swap, tags: "swap", when: production }
- { role: logwatch, tags: "logwatch", when: production }
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
- { role: dns_caching, tags: "dns_caching", when: production }
- { role: ntpd, tags: "ntpd", when: production }
- { role: mariadb, tags: "mariadb" }
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
- { role: nodejs, tags: "nodejs" }
- { role: psutil, tags: "psutil" }
- { role: nginx, tags: "nginx", when: production }
- { role: fail2ban, tags: "fail2ban" , when: production }
tasks:
- name: Set hostname
hostname: name='{{ hostname }}'
when: hostname is defined and production
- name: Start NTPD
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' and production
- name: Start NTPD
service: name=ntp state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production

8
playbooks/prerequisites/roles/bash_screen_wall/files/screen_wall.sh Normal file
View File

@ -0,0 +1,8 @@
if [ $TERM != 'screen' ]
then
PS1='HEY! USE SCREEN '$PS1
fi
sw() {
screen -x $1 || screen -S $1
}

3
playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: Setup bash screen wall
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh

3
playbooks/prerequisites/roles/dns_caching/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart network manager
service: name=NetworkManager state=restarted

20
playbooks/prerequisites/roles/dns_caching/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: check NetworkManager.conf exists
stat:
path: /etc/NetworkManager/NetworkManager.conf
register: result
- name: unmask NetworkManager service
command: systemctl unmask NetworkManager
when: result.stat.exists
- name: add dnsmasq to network config
lineinfile: >
dest=/etc/NetworkManager/NetworkManager.conf
regexp="dns="
line="dns=dnsmasq"
state=present
when: result.stat.exists
notify:
- restart network manager

2
playbooks/prerequisites/roles/fail2ban/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
fail2ban_nginx_access_log: /var/log/nginx/access.log

3
playbooks/prerequisites/roles/fail2ban/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart fail2ban
service: name=fail2ban state=restarted

28
playbooks/prerequisites/roles/fail2ban/tasks/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Install fail2ban
yum: name=fail2ban state=present
when: ansible_distribution == 'CentOS'
- name: Install fail2ban
apt: name=fail2ban state=present
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Enable fail2ban
service: name=fail2ban enabled=yes
- name: Create jail.d
file: path=/etc/fail2ban/jail.d state=directory
- name: Setup filters
template: src="{{item}}-filter.conf.j2" dest="/etc/fail2ban/filter.d/{{item}}.conf"
with_items:
- nginx-proxy
notify:
- restart fail2ban
- name: setup jails
template: src="{{item}}-jail.conf.j2" dest="/etc/fail2ban/jail.d/{{item}}.conf"
with_items:
- nginx-proxy
notify:
- restart fail2ban

10
playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
# Block IPs trying to use server as proxy.
[Definition]
failregex = <HOST>.*\" 400
<HOST>.*"[A-Z]* /(cms|muieblackcat|db|cpcommerce|cgi-bin|wp-login|joomla|awstatstotals|wp-content|wp-includes|pma|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|pmadb|phpmyadmin1|phpmyadmin2).*" 4[\d][\d]
<HOST>.*".*supports_implicit_sdk_logging.*" 4[\d][\d]
<HOST>.*".*activities?advertiser_tracking_enabled.*" 4[\d][\d]
<HOST>.*".*/picture?type=normal.*" 4[\d][\d]
<HOST>.*".*/announce.php?info_hash=.*" 4[\d][\d]
ignoreregex =

8
playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 Normal file
View File

@ -0,0 +1,8 @@
## block hosts trying to abuse our server as a forward proxy
[nginx-proxy]
enabled = true
filter = nginx-proxy
logpath = {{ fail2ban_nginx_access_log }}
action = iptables-multiport[name=NoNginxProxy, port="http,https"]
maxretry = 2
bantime = 86400

2
playbooks/production/templates/frappe_selinux.te → playbooks/prerequisites/roles/frappe_selinux/files/frappe_selinux.te
View File

@ -29,4 +29,4 @@ allow httpd_t user_home_t:file open;
allow httpd_t user_home_t:file read;
#!!!! This avc is allowed in the current policy
allow httpd_t user_home_t:lnk_file read;
allow httpd_t user_home_t:lnk_file read;

31
playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Install deps
yum: name="{{item}}" state=present
with_items:
- policycoreutils-python
- selinux-policy-devel
when: ansible_distribution == 'CentOS'
# - name: Install SELinux for Ubuntu
# apt: name={{ item }} state=present
# with_items:
# - selinux
# - selinux-policy-dev
# when: ansible_distribution == 'Ubuntu'
- name: Check enabled SELinux modules
shell: semanage module -l
register: enabled_modules
when: ansible_distribution == 'CentOS'
- name: Copy frappe_selinux policy
copy: src=frappe_selinux.te dest=/root/frappe_selinux.te
register: dest_frappe_selinux_te
when: ansible_distribution == 'CentOS'
- name: Compile frappe_selinux policy
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
args:
chdir: /root/
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"

2
playbooks/prerequisites/roles/locale/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
locale_keymap: us
locale_lang: en_US.utf8

20
playbooks/prerequisites/roles/locale/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Check current locale
shell: localectl
register: locale_test
when: ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu'
- name: Set Locale
command: "localectl set-locale LANG={{ locale_lang }}"
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
- name: Set keymap
command: "localectl set-keymap {{ locale_keymap }}"
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
- name: Set Locale as en_US
lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
with_items:
- "LC_ALL=en_US.UTF-8"
- "LC_CTYPE=en_US.UTF-8"
- "LANG=en_US.UTF-8"

3
playbooks/prerequisites/roles/logwatch/defaults/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
logwatch_emails: "{{ admin_emails }}"
logwatch_detail: High

12
playbooks/prerequisites/roles/logwatch/tasks/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Install logwatch
yum: name=logwatch state=present
when: ansible_distribution == 'CentOS'
- name: Install logwatch on Ubuntu or Debian
apt: name=logwatch state=present
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Copy logwatch config
template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
when: admin_emails is defined

2
playbooks/prerequisites/roles/logwatch/templates/logwatch.conf.j2 Normal file
View File

@ -0,0 +1,2 @@
MailTo = {{ logwatch_emails }}
Detail = {{ logwatch_detail }}

64
playbooks/prerequisites/roles/mariadb/README.md Normal file
View File

@ -0,0 +1,64 @@
# Ansible Role: MariaDB
Installs MariaDB
## Supported platforms
```
CentOS 6 & 7
Ubuntu 14.04
```
## Post install
Run `mysql_secure_installation`
## Requirements
None
## Role Variables
MariaDB version:
```
mariadb_version: 10.0
```
Configuration template:
```
mysql_conf_tpl: change_me
```
Configuration filename:
```
mysql_conf_file: settings.cnf
```
### Experimental unattended mysql_secure_installation
```
ansible-playbook release.yml --extra-vars "mysql_secure_installation=true mysql_root_password=your_very_secret_password"
```
## Dependencies
None
## Example Playbook
```
- hosts: servers
roles:
- { role: pcextreme.mariadb }
```
## License
MIT / BSD
## Author Information
Created by [Attila van der Velde](https://github.com/vdvm)

7
playbooks/prerequisites/roles/mariadb/defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
mariadb_version: 10.0
mysql_conf_tpl: change_me
mysql_conf_file: settings.cnf
mysql_secure_installation: false

3
playbooks/prerequisites/roles/mariadb/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart mysql
service: name=mysql state=restarted

19
playbooks/prerequisites/roles/mariadb/meta/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
galaxy_info:
author: "Attila van der Velde"
description: "Installs MariaDB"
company: "PCextreme B.V."
license: "license (MIT, BSD)"
min_ansible_version: 1.8
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- trusty
categories:
- database:sql
dependencies: []

12
playbooks/prerequisites/roles/mariadb/tasks/centos.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Add repo file
template: src=mariadb_centos.repo.j2 dest=/etc/yum.repos.d/mariadb.repo owner=root group=root mode=0644
- name: Install MariaDB
yum: name={{ item }} enablerepo=mariadb state=present
with_items:
- MariaDB-server
- MariaDB-client
- MySQL-python
- MariaDB-devel

25
playbooks/prerequisites/roles/mariadb/tasks/debian.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Add apt key for mariadb for Debian <= 8
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
when: ansible_distribution_major_version | version_compare('8', 'le')
- name: Add apt key for mariadb for Debian > 8
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present
when: ansible_distribution_major_version | version_compare('8', 'gt')
- name: Add apt repository
apt_repository:
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main'
state: present
- name: Unattended package installation
shell: export DEBIAN_FRONTEND=noninteractive
- name: apt-get install
apt: pkg={{ item }} update_cache=yes state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient-dev
- python-mysqldb

31
playbooks/prerequisites/roles/mariadb/tasks/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
- include: centos.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
notify: restart mysql
- include: debian.yml
when: ansible_distribution == 'Debian'
- name: Add configuration
template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
notify: restart mysql
- name: Start and enable service
service: name=mysql state=started enabled=yes
- debug:
msg: "{{ mysql_root_password }}"
- include: mysql_secure_installation.yml
when: mysql_root_password is defined
- debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined

82
playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml Normal file
View File

@ -0,0 +1,82 @@
---
# Set root password
# UPDATE mysql.user SET Password=PASSWORD('mysecret') WHERE User='root';
# FLUSH PRIVILEGES;
- debug:
msg: "{{ mysql_root_password }}"
- name: Set root Password
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present
with_items:
- localhost
ignore_errors: yes
- name: Add .my.cnf
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600
- name: display .my.cnf
command: cat /root/.my.cnf
register: details
- debug:
msg: "{{ details.stdout_lines }}"
- name: Set root Password
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present
with_items:
- 127.0.0.1
- ::1
when: run_travis is not defined
- name: Reload privilege tables
command: 'mysql -ne "{{ item }}"'
with_items:
- FLUSH PRIVILEGES
changed_when: False
when: run_travis is not defined
- name: Remove anonymous users
command: 'mysql -ne "{{ item }}"'
with_items:
- DELETE FROM mysql.user WHERE User=''
changed_when: False
when: run_travis is not defined
- name: Disallow root login remotely
command: 'mysql -ne "{{ item }}"'
with_items:
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
changed_when: False
when: run_travis is not defined
- name: Remove test database and access to it
command: 'mysql -ne "{{ item }}"'
with_items:
- DROP DATABASE if exists test
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'
changed_when: False
when: run_travis is not defined
- name: Reload privilege tables
command: 'mysql -ne "{{ item }}"'
with_items:
- FLUSH PRIVILEGES
changed_when: False
when: run_travis is not defined
- name: add launchagents folder mac
file: path=~/Library/LaunchAgents state=directory
when: ansible_distribution == 'MacOSX'
- name: add mysql to mac startup
file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes
when: ansible_distribution == 'MacOSX'
- name: stop mysql mac
command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'
- name: start mysql mac
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'

31
playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Add repo file
template: src=mariadb_ubuntu.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
register: mariadb_list
- name: Add repo key
apt_key: id=1BB943DB url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCBCB082A1BB943DB state=present
register: mariadb_key
when: ansible_distribution_version | version_compare('16.04', 'lt')
- name: Add apt key for mariadb for Ubuntu >= 16.04
apt_key: id=C74CD1D8 url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF1656F24C74CD1D8 state=present
register: mariadb_key
when: ansible_distribution_version | version_compare('16.04', 'ge')
- name: Update apt cache
apt: update_cache=yes
when: mariadb_list.changed == True or mariadb_key.changed == True
- name: Unattended package installation
shell: export DEBIAN_FRONTEND=noninteractive
changed_when: false
- name: Install MariaDB
apt: pkg={{ item }} state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient-dev
- python-mysqldb

7
playbooks/prerequisites/roles/mariadb/templates/mariadb_centos.repo.j2 Normal file
View File

@ -0,0 +1,7 @@
# MariaDB CentOS {{ ansible_distribution_major_version|int }} repository list
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/{{ mariadb_version }}/centos{{ ansible_distribution_major_version|int }}-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

4
playbooks/prerequisites/roles/mariadb/templates/mariadb_ubuntu.list.j2 Normal file
View File

@ -0,0 +1,4 @@
# MariaDB Ubuntu {{ ansible_distribution_release | title }} repository list
# http://mariadb.org/mariadb/repositories/
deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main
deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main

3
playbooks/prerequisites/roles/mariadb/templates/my.cnf.j2 Normal file
View File

@ -0,0 +1,3 @@
[client]
user=root
password={{ mysql_root_password }}

6
playbooks/prerequisites/roles/mariadb/vars/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
mysql_conf_dir:
"CentOS": /etc/my.cnf.d
"Ubuntu": /etc/mysql/conf.d
"Debian": /etc/mysql/conf.d
"MacOSX": /usr/local/etc/my.cnf.d

35
playbooks/prerequisites/roles/nginx/.travis.yml Normal file
View File

@ -0,0 +1,35 @@
---
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# TODO - get the test working. Probably need to add a virtual host.
# Request a page via Nginx, to make sure Nginx is running and responds.
# - "curl http://localhost/"

82
playbooks/prerequisites/roles/nginx/README.md Normal file
View File

@ -0,0 +1,82 @@
# Ansible Role: Nginx
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers.
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
nginx_vhosts: []
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
nginx_remove_default_vhost: false
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
nginx_upstreams: []
If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information.
nginx_user: "nginx"
The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian.
nginx_worker_processes: "1"
nginx_worker_connections: "1024"
`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!).
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives.
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests.
nginx_client_max_body_size: "64m"
This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low.
nginx_proxy_cache_path: ""
Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations).
nginx_default_release: ""
(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx.
## Dependencies
None.
## Example Playbook
- hosts: server
roles:
- { role: geerlingguy.nginx }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

48
playbooks/prerequisites/roles/nginx/defaults/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Used only for Debian/Ubuntu installation, as the -t option for apt.
nginx_default_release: ""
nginx_worker_processes: "1"
nginx_worker_connections: "1024"
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
nginx_client_max_body_size: "64m"
nginx_proxy_cache_path: ""
nginx_remove_default_vhost: false
nginx_vhosts: []
# Example vhost below, showing all available options:
# - {
# listen: "80 default_server", # default: "80 default_server"
# server_name: "example.com", # default: N/A
# root: "/var/www/example.com", # default: N/A
# index: "index.html index.htm", # default: "index.html index.htm"
#
# # Properties that are only added if defined:
# error_page: "",
# access_log: "",
# extra_config: "" # Can be used to add extra config blocks (multiline).
# }
nginx_upstreams: []
# - {
# name: myapp1,
# strategy: "ip_hash", # "least_conn", etc.
# servers: {
# "srv1.example.com",
# "srv2.example.com weight=3",
# "srv3.example.com"
# }
# }
nginx_conf_file: nginx.conf.j2
setup_www_redirect: false

3
playbooks/prerequisites/roles/nginx/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart nginx
service: name=nginx state=restarted

23
playbooks/prerequisites/roles/nginx/meta/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Nginx installation for Linux/UNIX.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.4
platforms:
- name: EL
versions:
- 6
- 7
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
categories:
- development
- web

46
playbooks/prerequisites/roles/nginx/tasks/main.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Variable setup.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define nginx_user.
set_fact:
nginx_user: "{{ __nginx_user }}"
when: nginx_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Replace default nginx config with nginx template
- name: Rename default nginx.conf to nginx.conf.old
command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
when: ansible_os_family == 'Debian'
# Nginx setup.
- name: Copy nginx configuration in place.
template:
src: "{{ nginx_conf_file }}"
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: 0644
notify: restart nginx
- name: Setup www redirect
template:
src: ../files/www_redirect.conf
dest: /etc/nginx/conf.d/
owner: root
group: root
mode: 0644
notify: restart nginx
when: setup_www_redirect
- name: Ensure nginx is started and enabled to start at boot.
service: name=nginx state=started enabled=yes
- include: vhosts.yml

18
playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Add nginx apt repository key for Debian < 8
apt_key:
url: http://nginx.org/keys/nginx_signing.key
state: present
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add nginx apt repository for Debian < 8
apt_repository:
repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx'
state: present
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Ensure nginx is installed.
apt:
pkg: nginx
state: installed
default_release: "{{ nginx_default_release }}"

11
playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Enable nginx repo.
template:
src: nginx.repo.j2
dest: /etc/yum.repos.d/nginx.repo
owner: root
group: root
mode: 0644
- name: Ensure nginx is installed.
yum: pkg=nginx state=installed enablerepo=nginx

22
playbooks/prerequisites/roles/nginx/tasks/vhosts.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Remove default nginx vhost config file (if configured).
file:
path: "{{ nginx_default_vhost_path }}"
state: absent
when: nginx_remove_default_vhost
notify: restart nginx
- name: Add managed vhost config file (if any vhosts are configured).
template:
src: vhosts.j2
dest: "{{ nginx_vhost_path }}/vhosts.conf"
mode: 0644
when: nginx_vhosts
notify: restart nginx
- name: Remove managed vhost config file (if no vhosts are configured).
file:
path: "{{ nginx_vhost_path }}/vhosts.conf"
state: absent
when: not nginx_vhosts
notify: restart nginx

51
playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,51 @@
user {{ nginx_user }};
error_log {{ nginx_error_log }};
pid /var/run/nginx.pid;
worker_processes {{ nginx_worker_processes }};
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
client_max_body_size {{ nginx_client_max_body_size }};
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }};
sendfile {{ nginx_sendfile }};
tcp_nopush {{ nginx_tcp_nopush }};
tcp_nodelay {{ nginx_tcp_nodelay }};
keepalive_timeout {{ nginx_keepalive_timeout }};
keepalive_requests {{ nginx_keepalive_requests }};
#gzip on;
{% if nginx_proxy_cache_path %}
proxy_cache_path {{ nginx_proxy_cache_path }};
{% endif %}
{% for upstream in nginx_upstreams %}
upstream {{ upstream.name }} {
{% if upstream.strategy is defined %}
{{ upstream.strategy }};
{% endif %}
{% for server in upstream.servers %}
server {{ server }};
{% endfor %}
}
{% endfor %}
include {{ nginx_vhost_path }}/*;
}

5
playbooks/prerequisites/roles/nginx/templates/nginx.repo.j2 Normal file
View File

@ -0,0 +1,5 @@
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/
gpgcheck=0
enabled=1

24
playbooks/prerequisites/roles/nginx/templates/vhosts.j2 Normal file
View File

@ -0,0 +1,24 @@
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen | default('80 default_server') }};
server_name {{ vhost.server_name }};
root {{ vhost.root }};
index {{ vhost.index | default('index.html index.htm') }};
{% if vhost.error_page is defined %}
error_page {{ vhost.error_page }};
{% endif %}
{% if vhost.access_log is defined %}
access_log {{ vhost.access_log }};
{% endif %}
{% if vhost.return is defined %}
return {{ vhost.return }};
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }};
{% endif %}
}
{% endfor %}

1
playbooks/prerequisites/roles/nginx/tests/inventory Normal file
View File

@ -0,0 +1 @@
localhost

5
playbooks/prerequisites/roles/nginx/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ansible-role-nginx

4
playbooks/prerequisites/roles/nginx/vars/Debian.yml Normal file
View File

@ -0,0 +1,4 @@
---
nginx_vhost_path: /etc/nginx/sites-enabled
nginx_default_vhost_path: /etc/nginx/sites-enabled/default
__nginx_user: "www-data"

4
playbooks/prerequisites/roles/nginx/vars/RedHat.yml Normal file
View File

@ -0,0 +1,4 @@
---
nginx_vhost_path: /etc/nginx/conf.d
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
__nginx_user: "nginx"

39
playbooks/prerequisites/roles/nodejs/tasks/main.yml Normal file
View File

@ -0,0 +1,39 @@
---
- name: Import Node source RPM key
rpm_key:
key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
state: present
when: ansible_os_family == 'RedHat'
- name: Add Node Repo for RedHat
yum:
name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm'
state: present
update_cache: yes
when: ansible_os_family == 'RedHat'
- name: Install node v6
yum: name=nodejs state=present
when: ansible_os_family == 'RedHat'
- name: Add apt key for node repo
apt_key:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id: "68576280"
state: present
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Add repo
apt_repository:
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
state: present
register: node_repo
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Install nodejs 6.x
apt:
name: nodejs
state: present
update_cache: yes
force: yes
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'

23
playbooks/prerequisites/roles/ntpd/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Install ntpd
yum: name="{{item}}" state=installed
with_items:
- ntp
- ntpdate
when: ansible_distribution == 'CentOS'
- name: enable ntpd
service: name=ntpd enabled=yes state=started
when: ansible_distribution == 'CentOS'
- name: Install ntpd
apt: name="{{item}}" state=installed
with_items:
- ntp
- ntpdate
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: enable ntpd
service: name=ntp enabled=yes state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

3
playbooks/prerequisites/roles/psutil/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: Install psutil
pip: name=psutil state=latest

1
playbooks/prerequisites/roles/swap/defaults/main.yml Normal file
View File

@ -0,0 +1 @@
swap_size_mb: 1024

18
playbooks/prerequisites/roles/swap/tasks/main.yml Normal file
View File

@ -0,0 +1,18 @@
- name: Create swap space
command: dd if=/dev/zero of=/extraswap bs=1M count={{swap_size_mb}}
when: ansible_swaptotal_mb < 1
- name: Make swap
command: mkswap /extraswap
when: ansible_swaptotal_mb < 1
- name: Add to fstab
action: lineinfile dest=/etc/fstab regexp="extraswap" line="/extraswap none swap sw 0 0" state=present
when: ansible_swaptotal_mb < 1
- name: Turn swap on
command: swapon -a
when: ansible_swaptotal_mb < 1
- name: Set swapiness
shell: echo 1 | tee /proc/sys/vm/swappiness

37
playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml Normal file
View File

@ -0,0 +1,37 @@
---
- name: install base fonts
yum: name={{ item }} state=present
with_items:
- libXrender
- libXext
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
when: ansible_os_family == 'RedHat'
- name: install base fonts
apt: name={{ item }} state=present force=yes
with_items:
- libxrender1
- libxext6
- xfonts-75dpi
- xfonts-base
when: ansible_os_family == 'Debian'
- name: download wkthmltox linux
get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz
- name: Creates directory
file: path=/tmp/wkhtmltox state=directory
- name: unarchive wkhtmltopdf
unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp
- name: copy to /usr/local/bin
copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf"
become: true
become_user: root
- name: make wkhtmltopdf executable
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
become: true
become_user: root

48
playbooks/prerequisites/setup_essentials.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Setup Essentials
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install the 'Development tools' package group (Redhat)
yum: name="@Development tools" state=present
when: ansible_os_family == 'RedHat'
- name: Install EPEL
yum: name='epel-release' state=present
when: ansible_os_family == 'RedHat'
- name: Install libselinux-python
yum: name={{ item }} state=present
with_items:
- python-devel
- python-setuptools
- python-pip
- libselinux-python
when: ansible_os_family == 'RedHat'
- name: Add dotdeb apt repository key for Debian < 8
apt_key:
url: http://www.dotdeb.org/dotdeb.gpg
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add dotdeb apt repository for redis-server for Debian < 8
apt_repository:
repo: 'deb http://packages.dotdeb.org wheezy all'
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Install python selinux
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- python-dev
- python-pip
- python-selinux
when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'

18
playbooks/prerequisites/ubuntu.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: install pillow prerequisites for Ubuntu < 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('14.04', 'lt')
- name: install pillow prerequisites for Ubuntu >= 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff5-dev
- tcl8.6-dev
- tk8.6-dev
when: ansible_distribution_version | version_compare('14.04', 'ge')

5
playbooks/production/change_ssh_port.yml
View File

@ -12,3 +12,8 @@
- name: restart ssh
service: name=sshd state=reloaded
- name: Change ansible ssh port to 2332
set_fact:
ansible_ssh_port: '{{ ssh_port }}'

2
playbooks/production/includes/setup_bench_production.yml
View File

@ -1,7 +1,7 @@
---
- hosts: localhost
vars:
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}"
tasks:

12
playbooks/production/includes/setup_inputrc.yml Normal file
View File

@ -0,0 +1,12 @@
---
- hosts: localhost
tasks:
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ ansible_user_id }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward

63
playbooks/production/includes/setup_prod_env.yml
View File

@ -3,60 +3,6 @@
tasks:
- name: Add nginx apt repository key for Debian < 8
apt_key:
url: http://nginx.org/keys/nginx_signing.key
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add nginx apt repository for Debian < 8
apt_repository:
repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx'
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
#####################################
# Ubuntu Production Environment Setup
- name: Install production pre-requisites
become: yes
become_user: root
apt: pkg={{ item }} state=present
with_items:
- nginx
- screen
- vim
- htop
- git
- postfix
- supervisor
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
#####################################
# CentOS Production Environment Setup
- name: Install production pre-requisites
become: yes
become_user: root
yum: pkg={{ item }} state=present
with_items:
- nginx
- screen
- vim
- htop
- git
- postfix
- MySQL-python
when: ansible_distribution == 'CentOS'
- name: Install supervisor using yum for Centos 7
yum: pkg=supervisor state=present
become: yes
become_user: root
when: ansible_distribution == 'CentOS' and ansible_lsb.major_release == '7'
####################################################
# Replace default nginx config with nginx template
- name: Rename default nginx.conf to nginx.conf.old
@ -146,12 +92,3 @@
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ ansible_user_id }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward

8
playbooks/production/install.yml
View File

@ -1,15 +1,9 @@
---
- hosts: localhost
# Install the common pre-requisites for the setting up bench
- include: ../develop/install.yml
# Install the production environment
- include: includes/setup_prod_env.yml
- include: includes/setup_inputrc.yml
# Setup Bench for production environment
- include: includes/setup_bench_production.yml
when: not run_travis
# Setup SELinux Policy, Optional can be done later
# - include: includes/setup_selinux_policy.yml

7
playbooks/production/setup_firewall.yml
View File

@ -4,6 +4,9 @@
tasks:
# For CentOS
- name: Enable SELinux
selinux: policy=targeted state=permissive
- name: Install firewalld
yum: name=firewalld state=present
when: ansible_distribution == 'CentOS'
@ -17,7 +20,7 @@
with_items:
- 80
- 443
- 22
- "{{ ssh_port }}"
when: ansible_distribution == 'CentOS'
- name: Restart Firewall
@ -38,6 +41,6 @@
with_items:
- 80
- 443
- 22
- "{{ ssh_port }}"
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

42
playbooks/production/templates/default_nginx.j2
View File

@ -1,42 +0,0 @@
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
{% if ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' %}
{% set nginx_user = 'www-data'%}
{% elif ansible_distribution == 'CentOS' %}
{% set nginx_user = 'nginx '%}
{% else %}
{% set nginx_user = 'nobody' %}
{% endif %}
user {{ nginx_user }};
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections {{ max_worker_connections }};
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}

1
vm/ansible/templates/mariadb_config.cnf
View File

@ -46,6 +46,7 @@ innodb-large-prefix = 1
collation-server = utf8mb4_unicode_ci
character-set-server = utf8mb4
character-set-client-handshake = FALSE
max_allowed_packet = 64M
# LOGGING #
log-error = /var/lib/mysql/mysql-error.log