Commit ce9da3ed4a10a6a6c387dd3658e0232af4e95438

Authored by Ricardo Gon├žalves
0 parents
Exists in master

first commit

ansible.cfg
... ... @@ -0,0 +1,475 @@
  1 +# config file for ansible -- https://ansible.com/
  2 +# ===============================================
  3 +
  4 +# nearly all parameters can be overridden in ansible-playbook
  5 +# or with command line flags. ansible will read ANSIBLE_CONFIG,
  6 +# ansible.cfg in the current working directory, .ansible.cfg in
  7 +# the home directory or /etc/ansible/ansible.cfg, whichever it
  8 +# finds first
  9 +
  10 +[defaults]
  11 +
  12 +# some basic default values...
  13 +
  14 +inventory = hosts
  15 +#library = /usr/share/my_modules/
  16 +#module_utils = /usr/share/my_module_utils/
  17 +#remote_tmp = ~/.ansible/tmp
  18 +#local_tmp = ~/.ansible/tmp
  19 +#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
  20 +#forks = 5
  21 +#poll_interval = 15
  22 +#sudo_user = root
  23 +#ask_sudo_pass = True
  24 +#ask_pass = True
  25 +#transport = smart
  26 +#remote_port = 22
  27 +#module_lang = C
  28 +#module_set_locale = False
  29 +
  30 +# plays will gather facts by default, which contain information about
  31 +# the remote system.
  32 +#
  33 +# smart - gather by default, but don't regather if already gathered
  34 +# implicit - gather by default, turn off with gather_facts: False
  35 +# explicit - do not gather by default, must say gather_facts: True
  36 +#gathering = implicit
  37 +
  38 +# This only affects the gathering done by a play's gather_facts directive,
  39 +# by default gathering retrieves all facts subsets
  40 +# all - gather all subsets
  41 +# network - gather min and network facts
  42 +# hardware - gather hardware facts (longest facts to retrieve)
  43 +# virtual - gather min and virtual facts
  44 +# facter - import facts from facter
  45 +# ohai - import facts from ohai
  46 +# You can combine them using comma (ex: network,virtual)
  47 +# You can negate them using ! (ex: !hardware,!facter,!ohai)
  48 +# A minimal set of facts is always gathered.
  49 +#gather_subset = all
  50 +
  51 +# some hardware related facts are collected
  52 +# with a maximum timeout of 10 seconds. This
  53 +# option lets you increase or decrease that
  54 +# timeout to something more suitable for the
  55 +# environment.
  56 +# gather_timeout = 10
  57 +
  58 +# additional paths to search for roles in, colon separated
  59 +#roles_path = /etc/ansible/roles
  60 +
  61 +# uncomment this to disable SSH key host checking
  62 +#host_key_checking = False
  63 +
  64 +# change the default callback, you can only have one 'stdout' type enabled at a time.
  65 +#stdout_callback = skippy
  66 +
  67 +
  68 +## Ansible ships with some plugins that require whitelisting,
  69 +## this is done to avoid running all of a type by default.
  70 +## These setting lists those that you want enabled for your system.
  71 +## Custom plugins should not need this unless plugin author specifies it.
  72 +
  73 +# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
  74 +#callback_whitelist = timer, mail
  75 +
  76 +# Determine whether includes in tasks and handlers are "static" by
  77 +# default. As of 2.0, includes are dynamic by default. Setting these
  78 +# values to True will make includes behave more like they did in the
  79 +# 1.x versions.
  80 +#task_includes_static = False
  81 +#handler_includes_static = False
  82 +
  83 +# Controls if a missing handler for a notification event is an error or a warning
  84 +#error_on_missing_handler = True
  85 +
  86 +# change this for alternative sudo implementations
  87 +#sudo_exe = sudo
  88 +
  89 +# What flags to pass to sudo
  90 +# WARNING: leaving out the defaults might create unexpected behaviours
  91 +#sudo_flags = -H -S -n
  92 +
  93 +# SSH timeout
  94 +#timeout = 10
  95 +
  96 +# default user to use for playbooks if user is not specified
  97 +# (/usr/bin/ansible will use current user as default)
  98 +#remote_user = root
  99 +
  100 +# logging is off by default unless this path is defined
  101 +# if so defined, consider logrotate
  102 +#log_path = /var/log/ansible.log
  103 +
  104 +# default module name for /usr/bin/ansible
  105 +#module_name = command
  106 +
  107 +# use this shell for commands executed under sudo
  108 +# you may need to change this to bin/bash in rare instances
  109 +# if sudo is constrained
  110 +#executable = /bin/sh
  111 +
  112 +# if inventory variables overlap, does the higher precedence one win
  113 +# or are hash values merged together? The default is 'replace' but
  114 +# this can also be set to 'merge'.
  115 +#hash_behaviour = replace
  116 +
  117 +# by default, variables from roles will be visible in the global variable
  118 +# scope. To prevent this, the following option can be enabled, and only
  119 +# tasks and handlers within the role will see the variables there
  120 +#private_role_vars = yes
  121 +
  122 +# list any Jinja2 extensions to enable here:
  123 +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
  124 +
  125 +# if set, always use this private key file for authentication, same as
  126 +# if passing --private-key to ansible or ansible-playbook
  127 +#private_key_file = /path/to/file
  128 +
  129 +# If set, configures the path to the Vault password file as an alternative to
  130 +# specifying --vault-password-file on the command line.
  131 +#vault_password_file = /path/to/vault_password_file
  132 +
  133 +# format of string {{ ansible_managed }} available within Jinja2
  134 +# templates indicates to users editing templates files will be replaced.
  135 +# replacing {file}, {host} and {uid} and strftime codes with proper values.
  136 +#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
  137 +# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
  138 +# in some situations so the default is a static string:
  139 +#ansible_managed = Ansible managed
  140 +
  141 +# by default, ansible-playbook will display "Skipping [host]" if it determines a task
  142 +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
  143 +# messages. NOTE: the task header will still be shown regardless of whether or not the
  144 +# task is skipped.
  145 +#display_skipped_hosts = True
  146 +
  147 +# by default, if a task in a playbook does not include a name: field then
  148 +# ansible-playbook will construct a header that includes the task's action but
  149 +# not the task's args. This is a security feature because ansible cannot know
  150 +# if the *module* considers an argument to be no_log at the time that the
  151 +# header is printed. If your environment doesn't have a problem securing
  152 +# stdout from ansible-playbook (or you have manually specified no_log in your
  153 +# playbook on all of the tasks where you have secret information) then you can
  154 +# safely set this to True to get more informative messages.
  155 +#display_args_to_stdout = False
  156 +
  157 +# by default (as of 1.3), Ansible will raise errors when attempting to dereference
  158 +# Jinja2 variables that are not set in templates or action lines. Uncomment this line
  159 +# to revert the behavior to pre-1.3.
  160 +#error_on_undefined_vars = False
  161 +
  162 +# by default (as of 1.6), Ansible may display warnings based on the configuration of the
  163 +# system running ansible itself. This may include warnings about 3rd party packages or
  164 +# other conditions that should be resolved if possible.
  165 +# to disable these warnings, set the following value to False:
  166 +#system_warnings = True
  167 +
  168 +# by default (as of 1.4), Ansible may display deprecation warnings for language
  169 +# features that should no longer be used and will be removed in future versions.
  170 +# to disable these warnings, set the following value to False:
  171 +#deprecation_warnings = True
  172 +
  173 +# (as of 1.8), Ansible can optionally warn when usage of the shell and
  174 +# command module appear to be simplified by using a default Ansible module
  175 +# instead. These warnings can be silenced by adjusting the following
  176 +# setting or adding warn=yes or warn=no to the end of the command line
  177 +# parameter string. This will for example suggest using the git module
  178 +# instead of shelling out to the git command.
  179 +# command_warnings = False
  180 +
  181 +
  182 +# set plugin path directories here, separate with colons
  183 +#action_plugins = /usr/share/ansible/plugins/action
  184 +#cache_plugins = /usr/share/ansible/plugins/cache
  185 +#callback_plugins = /usr/share/ansible/plugins/callback
  186 +#connection_plugins = /usr/share/ansible/plugins/connection
  187 +#lookup_plugins = /usr/share/ansible/plugins/lookup
  188 +#inventory_plugins = /usr/share/ansible/plugins/inventory
  189 +#vars_plugins = /usr/share/ansible/plugins/vars
  190 +#filter_plugins = /usr/share/ansible/plugins/filter
  191 +#test_plugins = /usr/share/ansible/plugins/test
  192 +#terminal_plugins = /usr/share/ansible/plugins/terminal
  193 +#strategy_plugins = /usr/share/ansible/plugins/strategy
  194 +
  195 +
  196 +# by default, ansible will use the 'linear' strategy but you may want to try
  197 +# another one
  198 +#strategy = free
  199 +
  200 +# by default callbacks are not loaded for /bin/ansible, enable this if you
  201 +# want, for example, a notification or logging callback to also apply to
  202 +# /bin/ansible runs
  203 +#bin_ansible_callbacks = False
  204 +
  205 +
  206 +# don't like cows? that's unfortunate.
  207 +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
  208 +#nocows = 1
  209 +
  210 +# set which cowsay stencil you'd like to use by default. When set to 'random',
  211 +# a random stencil will be selected for each task. The selection will be filtered
  212 +# against the `cow_whitelist` option below.
  213 +#cow_selection = default
  214 +#cow_selection = random
  215 +
  216 +# when using the 'random' option for cowsay, stencils will be restricted to this list.
  217 +# it should be formatted as a comma-separated list with no spaces between names.
  218 +# NOTE: line continuations here are for formatting purposes only, as the INI parser
  219 +# in python does not support them.
  220 +#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
  221 +# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
  222 +# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
  223 +
  224 +# don't like colors either?
  225 +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
  226 +#nocolor = 1
  227 +
  228 +# if set to a persistent type (not 'memory', for example 'redis') fact values
  229 +# from previous runs in Ansible will be stored. This may be useful when
  230 +# wanting to use, for example, IP information from one group of servers
  231 +# without having to talk to them in the same playbook run to get their
  232 +# current IP information.
  233 +#fact_caching = memory
  234 +
  235 +
  236 +# retry files
  237 +# When a playbook fails by default a .retry file will be created in ~/
  238 +# You can disable this feature by setting retry_files_enabled to False
  239 +# and you can change the location of the files by setting retry_files_save_path
  240 +
  241 +#retry_files_enabled = False
  242 +#retry_files_save_path = ~/.ansible-retry
  243 +
  244 +# squash actions
  245 +# Ansible can optimise actions that call modules with list parameters
  246 +# when looping. Instead of calling the module once per with_ item, the
  247 +# module is called once with all items at once. Currently this only works
  248 +# under limited circumstances, and only with parameters named 'name'.
  249 +#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
  250 +
  251 +# prevents logging of task data, off by default
  252 +#no_log = False
  253 +
  254 +# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
  255 +#no_target_syslog = False
  256 +
  257 +# controls whether Ansible will raise an error or warning if a task has no
  258 +# choice but to create world readable temporary files to execute a module on
  259 +# the remote machine. This option is False by default for security. Users may
  260 +# turn this on to have behaviour more like Ansible prior to 2.1.x. See
  261 +# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
  262 +# for more secure ways to fix this than enabling this option.
  263 +#allow_world_readable_tmpfiles = False
  264 +
  265 +# controls the compression level of variables sent to
  266 +# worker processes. At the default of 0, no compression
  267 +# is used. This value must be an integer from 0 to 9.
  268 +#var_compression_level = 9
  269 +
  270 +# controls what compression method is used for new-style ansible modules when
  271 +# they are sent to the remote system. The compression types depend on having
  272 +# support compiled into both the controller's python and the client's python.
  273 +# The names should match with the python Zipfile compression types:
  274 +# * ZIP_STORED (no compression. available everywhere)
  275 +# * ZIP_DEFLATED (uses zlib, the default)
  276 +# These values may be set per host via the ansible_module_compression inventory
  277 +# variable
  278 +#module_compression = 'ZIP_DEFLATED'
  279 +
  280 +# This controls the cutoff point (in bytes) on --diff for files
  281 +# set to 0 for unlimited (RAM may suffer!).
  282 +#max_diff_size = 1048576
  283 +
  284 +# This controls how ansible handles multiple --tags and --skip-tags arguments
  285 +# on the CLI. If this is True then multiple arguments are merged together. If
  286 +# it is False, then the last specified argument is used and the others are ignored.
  287 +# This option will be removed in 2.8.
  288 +#merge_multiple_cli_flags = True
  289 +
  290 +# Controls showing custom stats at the end, off by default
  291 +#show_custom_stats = True
  292 +
  293 +# Controls which files to ignore when using a directory as inventory with
  294 +# possibly multiple sources (both static and dynamic)
  295 +#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
  296 +
  297 +# This family of modules use an alternative execution path optimized for network appliances
  298 +# only update this setting if you know how this works, otherwise it can break module execution
  299 +#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
  300 +
  301 +# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
  302 +# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
  303 +# jinja2 templating language which will be run through the templating engine.
  304 +# ENABLING THIS COULD BE A SECURITY RISK
  305 +#allow_unsafe_lookups = False
  306 +
  307 +# set default errors for all plays
  308 +#any_errors_fatal = False
  309 +
  310 +[inventory]
  311 +# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini'
  312 +#enable_plugins = host_list, virtualbox, yaml, constructed
  313 +
  314 +# ignore these extensions when parsing a directory as inventory source
  315 +#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
  316 +
  317 +# ignore files matching these patterns when parsing a directory as inventory source
  318 +#ignore_patterns=
  319 +
  320 +# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
  321 +#unparsed_is_failed=False
  322 +
  323 +[privilege_escalation]
  324 +#become=True
  325 +#become_method=sudo
  326 +#become_user=root
  327 +#become_ask_pass=False
  328 +
  329 +[paramiko_connection]
  330 +
  331 +# uncomment this line to cause the paramiko connection plugin to not record new host
  332 +# keys encountered. Increases performance on new host additions. Setting works independently of the
  333 +# host key checking setting above.
  334 +#record_host_keys=False
  335 +
  336 +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
  337 +# line to disable this behaviour.
  338 +#pty=False
  339 +
  340 +# paramiko will default to looking for SSH keys initially when trying to
  341 +# authenticate to remote devices. This is a problem for some network devices
  342 +# that close the connection after a key failure. Uncomment this line to
  343 +# disable the Paramiko look for keys function
  344 +#look_for_keys = False
  345 +
  346 +# When using persistent connections with Paramiko, the connection runs in a
  347 +# background process. If the host doesn't already have a valid SSH key, by
  348 +# default Ansible will prompt to add the host key. This will cause connections
  349 +# running in background processes to fail. Uncomment this line to have
  350 +# Paramiko automatically add host keys.
  351 +#host_key_auto_add = True
  352 +
  353 +[ssh_connection]
  354 +
  355 +# ssh arguments to use
  356 +# Leaving off ControlPersist will result in poor performance, so use
  357 +# paramiko on older platforms rather than removing it, -C controls compression use
  358 +#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
  359 +
  360 +# The base directory for the ControlPath sockets.
  361 +# This is the "%(directory)s" in the control_path option
  362 +#
  363 +# Example:
  364 +# control_path_dir = /tmp/.ansible/cp
  365 +#control_path_dir = ~/.ansible/cp
  366 +
  367 +# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
  368 +# port and username (empty string in the config). The hash mitigates a common problem users
  369 +# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
  370 +# In those cases, a "too long for Unix domain socket" ssh error would occur.
  371 +#
  372 +# Example:
  373 +# control_path = %(directory)s/%%h-%%r
  374 +#control_path =
  375 +
  376 +# Enabling pipelining reduces the number of SSH operations required to
  377 +# execute a module on the remote server. This can result in a significant
  378 +# performance improvement when enabled, however when using "sudo:" you must
  379 +# first disable 'requiretty' in /etc/sudoers
  380 +#
  381 +# By default, this option is disabled to preserve compatibility with
  382 +# sudoers configurations that have requiretty (the default on many distros).
  383 +#
  384 +#pipelining = False
  385 +
  386 +# Control the mechanism for transferring files (old)
  387 +# * smart = try sftp and then try scp [default]
  388 +# * True = use scp only
  389 +# * False = use sftp only
  390 +#scp_if_ssh = smart
  391 +
  392 +# Control the mechanism for transferring files (new)
  393 +# If set, this will override the scp_if_ssh option
  394 +# * sftp = use sftp to transfer files
  395 +# * scp = use scp to transfer files
  396 +# * piped = use 'dd' over SSH to transfer files
  397 +# * smart = try sftp, scp, and piped, in that order [default]
  398 +#transfer_method = smart
  399 +
  400 +# if False, sftp will not use batch mode to transfer files. This may cause some
  401 +# types of file transfer failures impossible to catch however, and should
  402 +# only be disabled if your sftp version has problems with batch mode
  403 +#sftp_batch_mode = False
  404 +
  405 +# The -tt argument is passed to ssh when pipelining is not enabled because sudo
  406 +# requires a tty by default.
  407 +#use_tty = True
  408 +
  409 +[persistent_connection]
  410 +
  411 +# Configures the persistent connection timeout value in seconds. This value is
  412 +# how long the persistent connection will remain idle before it is destroyed.
  413 +# If the connection doesn't receive a request before the timeout value
  414 +# expires, the connection is shutdown. The default value is 30 seconds.
  415 +#connect_timeout = 30
  416 +
  417 +# Configures the persistent connection retry timeout. This value configures the
  418 +# the retry timeout that ansible-connection will wait to connect
  419 +# to the local domain socket. This value must be larger than the
  420 +# ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
  421 +# The default value is 15 seconds.
  422 +#connect_retry_timeout = 15
  423 +
  424 +# The command timeout value defines the amount of time to wait for a command
  425 +# or RPC call before timing out. The value for the command timeout must
  426 +# be less than the value of the persistent connection idle timeout (connect_timeout)
  427 +# The default value is 10 second.
  428 +#command_timeout = 10
  429 +
  430 +[accelerate]
  431 +#accelerate_port = 5099
  432 +#accelerate_timeout = 30
  433 +#accelerate_connect_timeout = 5.0
  434 +
  435 +# The daemon timeout is measured in minutes. This time is measured
  436 +# from the last activity to the accelerate daemon.
  437 +#accelerate_daemon_timeout = 30
  438 +
  439 +# If set to yes, accelerate_multi_key will allow multiple
  440 +# private keys to be uploaded to it, though each user must
  441 +# have access to the system via SSH to add a new key. The default
  442 +# is "no".
  443 +#accelerate_multi_key = yes
  444 +
  445 +[selinux]
  446 +# file systems that require special treatment when dealing with security context
  447 +# the default behaviour that copies the existing context or uses the user default
  448 +# needs to be changed to use the file system dependent context.
  449 +#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
  450 +
  451 +# Set this to yes to allow libvirt_lxc connections to work without SELinux.
  452 +#libvirt_lxc_noseclabel = yes
  453 +
  454 +[colors]
  455 +#highlight = white
  456 +#verbose = blue
  457 +#warn = bright purple
  458 +#error = red
  459 +#debug = dark gray
  460 +#deprecate = purple
  461 +#skip = cyan
  462 +#unreachable = red
  463 +#ok = green
  464 +#changed = yellow
  465 +#diff_add = green
  466 +#diff_remove = red
  467 +#diff_lines = cyan
  468 +
  469 +
  470 +[diff]
  471 +# Always print diff when running ( same as always running with -D/--diff )
  472 +# always = no
  473 +
  474 +# Set how many context lines to show in diff
  475 +# context = 3
... ...
hosts
... ... @@ -0,0 +1,46 @@
  1 +# This is the default ansible 'hosts' file.
  2 +#
  3 +# It should live in /etc/ansible/hosts
  4 +#
  5 +# - Comments begin with the '#' character
  6 +# - Blank lines are ignored
  7 +# - Groups of hosts are delimited by [header] elements
  8 +# - You can enter hostnames or ip addresses
  9 +# - A hostname/ip can be a member of multiple groups
  10 +
  11 +# Ex 1: Ungrouped hosts, specify before any group headers.
  12 +
  13 +#green.example.com
  14 +#blue.example.com
  15 +#192.168.100.1
  16 +#192.168.100.10
  17 +
  18 +# Ex 2: A collection of hosts belonging to the 'webservers' group
  19 +
  20 +[webservers]
  21 +10.10.10.57
  22 +10.10.10.47
  23 +
  24 +# If you have multiple hosts following a pattern you can specify
  25 +# them like this:
  26 +
  27 +#www[001:006].example.com
  28 +
  29 +# Ex 3: A collection of database servers in the 'dbservers' group
  30 +
  31 +[dbservers]
  32 +10.10.10.74
  33 +
  34 +# Here's another example of host ranges, this time there are no
  35 +# leading 0s:
  36 +
  37 +#db-[99:101]-node.example.com
  38 +
  39 +[proxyserver]
  40 +10.10.10.33
  41 +
  42 +[jenkinserver]
  43 +193.136.46.156:30022 ansible_ssh_user=ubuntu
  44 +
  45 +[local]
  46 +localhost ansible_connection=local
0 47 \ No newline at end of file
... ...
playbook.retry
... ... @@ -0,0 +1 @@
  1 +193.136.46.156
... ...
playbook.yml
... ... @@ -0,0 +1,8 @@
  1 +---
  2 +- hosts: jenkinserver
  3 + become: true
  4 + roles:
  5 + - docker
  6 + - proxyserver
  7 + vars_files:
  8 + - vars/vars.yaml
0 9 \ No newline at end of file
... ...
roles/dbserver/tasks/main.yml
... ... @@ -0,0 +1,39 @@
  1 +- name: Installing Git
  2 + apt:
  3 + update_cache: yes
  4 + name: git
  5 + state: present
  6 +
  7 +- name: Get Dockerfiles from Git to {{db_dir}}
  8 + git:
  9 + repo: https://gitlab.fccn.pt/naux/dbserver.git
  10 + dest: "{{db_dir}}/"
  11 + clone: yes
  12 + force: yes
  13 + when:
  14 + - var
  15 +
  16 +- name: Installing docker dependencies
  17 + pip:
  18 + name: "{{item}}"
  19 + state: present
  20 + with_items:
  21 + - docker-compose
  22 + when:
  23 + - var
  24 +
  25 +- name: Building docker-compose file to {{db_dir}}
  26 + win_template:
  27 + src: docker-compose.yml
  28 + dest: "{{db_dir}}/"
  29 + when:
  30 + - var
  31 +
  32 +# - name: Running containers with docker-compose
  33 +# docker_service:
  34 +# project_src: "{{db_dir}}"
  35 +# build: yes
  36 +# nocache: yes
  37 +# state: "{{'present' if var else 'absent'}}"
  38 + # when:
  39 + # - var
0 40 \ No newline at end of file
... ...
roles/dbserver/templates/docker-compose.yml
... ... @@ -0,0 +1,14 @@
  1 +version: '3'
  2 +services:
  3 + db:
  4 + build:
  5 + context: ./mysql_cont/
  6 + container_name: mysql_app
  7 + #image: mysqlrg
  8 + volumes:
  9 + - db_data:/var/lib/mysql
  10 + ports:
  11 + - "3306:3306"
  12 +
  13 +volumes:
  14 + db_data:
0 15 \ No newline at end of file
... ...
roles/docker/tasks/main.yml
... ... @@ -0,0 +1,18 @@
  1 + - name: Add Docker GPG key
  2 + apt_key: url=https://download.docker.com/linux/ubuntu/gpg
  3 +
  4 + - name: Add Docker APT repository
  5 + apt_repository:
  6 + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable
  7 +
  8 + - name: Install list of packages
  9 + apt:
  10 + name: "{{ item }}"
  11 + state: present
  12 + update_cache: yes
  13 + with_items:
  14 + - apt-transport-https
  15 + - ca-certificates
  16 + - curl
  17 + - software-properties-common
  18 + - docker-ce
... ...
roles/proxyserver/tasks/main.yml
... ... @@ -0,0 +1,53 @@
  1 +- name: Installing Git
  2 + apt:
  3 + update_cache: yes
  4 + name: git
  5 + state: present
  6 +
  7 +- name: Get Dockerfiles from Git to {{proxy_dir}}
  8 + git:
  9 + repo: https://gitlab.fccn.pt/naux/proxyserver.git
  10 + dest: "{{proxy_dir}}/"
  11 + clone: yes
  12 + force: yes
  13 + when:
  14 + - var
  15 +
  16 +- name: Installing docker dependencies
  17 + pip:
  18 + name: "{{item}}"
  19 + state: present
  20 + with_items:
  21 + - docker-compose
  22 + when:
  23 + - var
  24 +
  25 +- name: Building haproxy config to {{proxy_dir}}
  26 + win_template:
  27 + src: haproxy.cfg
  28 + dest: "{{proxy_dir}}/"
  29 + when:
  30 + - var
  31 +
  32 +- name: Building docker-compose file to {{proxy_dir}}
  33 + win_template:
  34 + src: docker-compose.yml
  35 + dest: "{{proxy_dir}}/"
  36 + when:
  37 + - var
  38 +
  39 +# - name: Running containers with docker-compose
  40 +# docker_service:
  41 +# project_src: "{{proxy_dir}}"
  42 +# build: yes
  43 +# nocache: yes
  44 +# state: "{{'present' if var else 'absent'}}"
  45 + # when:
  46 + # - var
  47 +
  48 +# - name: "Running containers"
  49 +# docker_service:
  50 +# project_src: "{{src_dir}}"
  51 +# state: absent
  52 +# when:
  53 +# - not var
0 54 \ No newline at end of file
... ...
roles/proxyserver/templates/docker-compose.yml
... ... @@ -0,0 +1,54 @@
  1 +version: '3'
  2 +services:
  3 + db:
  4 + build:
  5 + context: .
  6 + container_name: mysql_app
  7 + #image: mysqlrg
  8 + volumes:
  9 + - db_data:/var/lib/mysql
  10 + ports:
  11 + - "3306:3306"
  12 +
  13 + app:
  14 + build:
  15 + context: ./appdjango_cont/
  16 + container_name: myapp
  17 + #image: app
  18 + ports:
  19 + - "{{app_port}}:8000"
  20 + depends_on:
  21 + - db
  22 +
  23 + nginx:
  24 + build:
  25 + context: ./nginx_cont/
  26 + container_name: myserver
  27 + ports:
  28 + - "{{webser_port}}:{{webser_port}}"
  29 + depends_on:
  30 + - app
  31 +
  32 + haproxy:
  33 + build:
  34 + context: .
  35 + container_name: myproxy
  36 + ports:
  37 + - "{{browser_port}}:{{proxy_port}}"
  38 + depends_on:
  39 + - nginx
  40 +
  41 + # jenkins:
  42 + # image: jenkins
  43 + # volumes:
  44 + # - jenkins_data:/var/jenkins_home
  45 + # container_name: myjenkins
  46 + # ports:
  47 + # - "8080:8080"
  48 + # - "50000:50000"
  49 +
  50 +
  51 +volumes:
  52 + db_data:
  53 + #jenkins_data:
  54 +
... ...
roles/proxyserver/templates/haproxy.cfg
... ... @@ -0,0 +1,52 @@
  1 +global
  2 + log /dev/log local0
  3 + log /dev/log local1 notice
  4 + #chroot /var/lib/haproxy
  5 + #stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
  6 + stats timeout 30s
  7 + #user haproxy
  8 + #group haproxy
  9 + daemon
  10 +
  11 + # Default SSL material locations
  12 + ca-base /etc/ssl/certs
  13 + crt-base /etc/ssl/private
  14 +
  15 + # Default ciphers to use on SSL-enabled listening sockets.
  16 + # For more information, see ciphers(1SSL). This list is from:
  17 + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
  18 + # An alternative list with additional directives can be obtained from
  19 + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
  20 + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  21 + ssl-default-bind-options no-sslv3
  22 +
  23 +defaults
  24 + log global
  25 + mode http
  26 + option httplog
  27 + option dontlognull
  28 + timeout connect 5000
  29 + timeout client 50000
  30 + timeout server 50000
  31 + #option redispatch
  32 + #option http-server-close
  33 + #balance roundrobin
  34 +
  35 + #errorfile 400 /etc/haproxy/errors/400.http
  36 + #errorfile 403 /etc/haproxy/errors/403.http
  37 + #errorfile 408 /etc/haproxy/errors/408.http
  38 + #errorfile 500 /etc/haproxy/errors/500.http
  39 + #errorfile 502 /etc/haproxy/errors/502.http
  40 + #errorfile 503 /etc/haproxy/errors/503.http
  41 + #errorfile 504 /etc/haproxy/errors/504.http
  42 +
  43 +
  44 +frontend webserver
  45 + bind *:{{proxy_port}}
  46 + mode http
  47 + default_backend apptest
  48 +
  49 +backend apptest
  50 + balance roundrobin
  51 + server {{webserver1}} {{webserver1}}:{{webser_port}} checks
  52 + server {{webserver2}} {{webserver2}}:{{webser_port}} checks
0 53 \ No newline at end of file
... ...
roles/proxyserver/templates/nginx.conf
... ... @@ -0,0 +1,17 @@
  1 + upstream usersmanager {
  2 + server app:{{app_port}};
  3 + #server 127.0.0.1:8001;
  4 + #server 127.0.0.1:8002;
  5 + #server 127.0.0.1:8003;
  6 + }
  7 +
  8 + server {
  9 + listen {{webser_port}};
  10 + server_name _;
  11 + location / {
  12 + proxy_pass http://usersmanager;
  13 + }
  14 + location /static {
  15 + alias /var/static/stat;
  16 + }
  17 + }
... ...
roles/proxyserver/templates/settings.py
... ... @@ -0,0 +1,139 @@
  1 +"""
  2 +Django settings for UsersManager project.
  3 +
  4 +Generated by 'django-admin startproject' using Django 2.1.7.
  5 +
  6 +For more information on this file, see
  7 +https://docs.djangoproject.com/en/2.1/topics/settings/
  8 +
  9 +For the full list of settings and their values, see
  10 +https://docs.djangoproject.com/en/2.1/ref/settings/
  11 +"""
  12 +
  13 +import os
  14 +
  15 +# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
  16 +BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
  17 +
  18 +
  19 +# Quick-start development settings - unsuitable for production
  20 +# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/
  21 +
  22 +# SECURITY WARNING: keep the secret key used in production secret!
  23 +SECRET_KEY = 'oh1ce2d99j3e32h&*+xr_p%u0gx38nfiy!%ar$ljnm))cjav9p'
  24 +
  25 +# SECURITY WARNING: don't run with debug turned on in production!
  26 +DEBUG = True
  27 +
  28 +ALLOWED_HOSTS = ['0.0.0.0', '127.0.0.1', '193.137.160.38', 'usersmanager']
  29 +
  30 +
  31 +# Application definition
  32 +
  33 +INSTALLED_APPS = [
  34 + 'django.contrib.admin',
  35 + 'django.contrib.auth',
  36 + 'django.contrib.contenttypes',
  37 + 'django.contrib.sessions',
  38 + 'django.contrib.messages',
  39 + 'django.contrib.staticfiles',
  40 + 'apptest',
  41 +]
  42 +
  43 +MIDDLEWARE = [
  44 + 'django.middleware.security.SecurityMiddleware',
  45 + 'django.contrib.sessions.middleware.SessionMiddleware',
  46 + 'django.middleware.locale.LocaleMiddleware',
  47 + 'django.middleware.common.CommonMiddleware',
  48 + 'django.middleware.csrf.CsrfViewMiddleware',
  49 + 'django.contrib.auth.middleware.AuthenticationMiddleware',
  50 + 'django.contrib.messages.middleware.MessageMiddleware',
  51 + 'django.middleware.clickjacking.XFrameOptionsMiddleware',
  52 +]
  53 +
  54 +ROOT_URLCONF = 'UsersManager.urls'
  55 +
  56 +TEMPLATES = [
  57 + {
  58 + 'BACKEND': 'django.template.backends.django.DjangoTemplates',
  59 + 'DIRS': [os.path.join(BASE_DIR, 'templates')]
  60 + ,
  61 + 'APP_DIRS': True,
  62 + 'OPTIONS': {
  63 + 'context_processors': [
  64 + 'django.template.context_processors.debug',
  65 + 'django.template.context_processors.request',
  66 + 'django.contrib.auth.context_processors.auth',
  67 + 'django.contrib.messages.context_processors.messages',
  68 + ],
  69 + },
  70 + },
  71 +]
  72 +
  73 +WSGI_APPLICATION = 'UsersManager.wsgi.application'
  74 +
  75 +
  76 +# Database
  77 +# https://docs.djangoproject.com/en/2.1/ref/settings/#databases
  78 +
  79 +DATABASES = {
  80 + 'default': {
  81 + 'ENGINE': 'django.db.backends.mysql',
  82 + 'NAME': 'containerDBricas',
  83 + 'USER': 'ricas',
  84 + 'PASSWORD': 'ricas',
  85 + 'HOST': '{{db_server}}',
  86 + 'PORT': '3306',
  87 + }
  88 +}
  89 +
  90 +
  91 +# Password validation
  92 +# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators
  93 +
  94 +AUTH_PASSWORD_VALIDATORS = [
  95 + {
  96 + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
  97 + },
  98 + {
  99 + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
  100 + },
  101 + {
  102 + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
  103 + },
  104 + {
  105 + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
  106 + },
  107 +]
  108 +
  109 +
  110 +# Internationalization
  111 +# https://docs.djangoproject.com/en/2.1/topics/i18n/
  112 +
  113 +LANGUAGE_CODE = 'pt-br'
  114 +
  115 +TIME_ZONE = 'UTC'
  116 +
  117 +USE_I18N = True
  118 +
  119 +USE_L10N = True
  120 +
  121 +USE_TZ = True
  122 +
  123 +LOCALE_PATHS = [
  124 + os.path.join(BASE_DIR, 'locale')
  125 +]
  126 +
  127 +LANGUAGES = [('pt-br', 'Portuguese'),
  128 + ('en', 'English')]
  129 +
  130 +STATIC_ROOT = os.path.join(BASE_DIR, "stat/")
  131 +
  132 +# Static files (CSS, JavaScript, Images)
  133 +# https://docs.djangoproject.com/en/2.1/howto/static-files/
  134 +
  135 +STATIC_URL = '/static/'
  136 +
  137 +STATICFILES_DIRS = [
  138 + os.path.join(BASE_DIR, 'static'),
  139 +]
... ...
roles/webserver/tasks/main.yml
... ... @@ -0,0 +1,53 @@
  1 +- name: Installing Git
  2 + apt:
  3 + update_cache: yes
  4 + name: git
  5 + state: present
  6 +
  7 +- name: Get Dockerfiles from Git to {{webs_dir}}
  8 + git:
  9 + repo: https://gitlab.fccn.pt/naux/webserver.git
  10 + dest: "{{webs_dir}}/"
  11 + clone: yes
  12 + force: yes
  13 + when:
  14 + - var
  15 +
  16 +- name: Installing docker dependencies
  17 + pip:
  18 + name: "{{item}}"
  19 + state: present
  20 + with_items:
  21 + - docker-compose
  22 + when:
  23 + - var
  24 +
  25 +- name: Building nginx config to {{webs_dir}}nginx_cont/
  26 + win_template:
  27 + src: nginx.conf
  28 + dest: "{{webs_dir}}nginx_cont/"
  29 + when:
  30 + - var
  31 +
  32 +- name: Building app settings to {{webs_dir}}appdjango_cont/
  33 + win_template:
  34 + src: settings.py
  35 + dest: "{{webs_dir}}appdjango_cont/"
  36 + when:
  37 + - var
  38 +
  39 +- name: Building docker-compose file to {{webs_dir}}/
  40 + win_template:
  41 + src: docker-compose.yml
  42 + dest: "{{webs_dir}}/"
  43 + when:
  44 + - var
  45 +
  46 +# - name: Running containers with docker-compose
  47 +# docker_service:
  48 +# project_src: "{{webs_dir}}"
  49 +# build: yes
  50 +# nocache: yes
  51 +# state: "{{'present' if var else 'absent'}}"
  52 + # when:
  53 + # - var
0 54 \ No newline at end of file
... ...
roles/webserver/templates/docker-compose.yml
... ... @@ -0,0 +1,20 @@
  1 +version: '3'
  2 +services:
  3 + app:
  4 + build:
  5 + context: ./appdjango_cont/
  6 + container_name: myapp
  7 + #image: app
  8 + ports:
  9 + - "{{app_port}}:8000"
  10 + depends_on:
  11 + - db
  12 +
  13 + nginx:
  14 + build:
  15 + context: ./nginx_cont/
  16 + container_name: myserver
  17 + ports:
  18 + - "{{webser_port}}:{{webser_port}}"
  19 + depends_on:
  20 + - app
0 21 \ No newline at end of file
... ...
roles/webserver/templates/nginx.conf
... ... @@ -0,0 +1,17 @@
  1 + upstream usersmanager {
  2 + server app:{{app_port}};
  3 + #server 127.0.0.1:8001;
  4 + #server 127.0.0.1:8002;
  5 + #server 127.0.0.1:8003;
  6 + }
  7 +
  8 + server {
  9 + listen {{webser_port}};
  10 + server_name _;
  11 + location / {
  12 + proxy_pass http://usersmanager;
  13 + }
  14 + location /static {
  15 + alias /var/static/stat;
  16 + }
  17 + }
... ...
roles/webserver/templates/settings.py
... ... @@ -0,0 +1,139 @@
  1 +"""
  2 +Django settings for UsersManager project.
  3 +
  4 +Generated by 'django-admin startproject' using Django 2.1.7.
  5 +
  6 +For more information on this file, see
  7 +https://docs.djangoproject.com/en/2.1/topics/settings/
  8 +
  9 +For the full list of settings and their values, see
  10 +https://docs.djangoproject.com/en/2.1/ref/settings/
  11 +"""