From 7a0c7b0226e1ebf59dc51a44abe0c4529607d98e Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 10:37:35 +0100 Subject: [PATCH 1/6] [ansible,notes] add a note about all of ansible's configurations options --- NOTES.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 NOTES.md diff --git a/NOTES.md b/NOTES.md new file mode 100644 index 0000000..d1821bb --- /dev/null +++ b/NOTES.md @@ -0,0 +1,9 @@ +--- +title: Notes +--- + +## Show ALL possible configuration options for ansible + +```shell +ansible-config init --disabled -t all > demo-all.cfg +``` From 13308f1b543aa10d7ec6a78038dfa5aa5313ce65 Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 10:58:58 +0100 Subject: [PATCH 2/6] create todo list Once completed, playbooks should be created for the manitu server (but still tested against a local VM) --- TODO.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 TODO.md diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..911e900 --- /dev/null +++ b/TODO.md @@ -0,0 +1,23 @@ +--- +title: Things that ought to be done +description: Todo items in lists, and lists themselves, are not prioritised +--- + +- [ ] write first playbook + - [ ] install postgres on "database_servers" + - [ ] become "postgres", not root + - [ ] create db schema and user for the django project + - [ ] install some django project via git on "application_servers" + - [ ] avoid using git&python as root + - [ ] allow "application_servers" to conntect to "database_servers" + - [ ] `./manage.py check` should pass as well + - [ ] make playbook available via "just deploy" + +- [ ] add just targets for testing/linting + +- [ ] make just use "dry run" by default + +- [x] change from .ini to .yaml (because of better highlighting) + +- [ ] create backups (sql dump) or snapshot of postgres DB + - [ ] make it available via "just backup" From 86ae57c5c7df34e026fb96642c38027748ddabea Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 19:53:31 +0100 Subject: [PATCH 3/6] [playbook] try to install Drupal on debian bookworm it fails... --- Vagrantfile | 16 +++ hosts.yaml | 9 +- playbooks/playbook.yaml | 183 ++++++++++++++++++++++++ playbooks/templates/drupal.test.conf.j2 | 10 ++ playbooks/vars.yaml | 4 + 5 files changed, 220 insertions(+), 2 deletions(-) create mode 100644 playbooks/playbook.yaml create mode 100644 playbooks/templates/drupal.test.conf.j2 create mode 100644 playbooks/vars.yaml diff --git a/Vagrantfile b/Vagrantfile index 7f76a76..a978dce 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -23,3 +23,19 @@ Vagrant.configure("2") do |config| db.vm.network :private_network, ip: "192.168.60.6" end end + +Vagrant.configure("2") do |config| + config.vm.box = "generic/debian12" + config.ssh.insert_key = false + config.vm.synced_folder "." "/vagrant", disabled: true + + config.vm.provider :virtualbox do |v| + v.memory = 512 + v.linked_clone = true + end + + config.vm.define "deb" do |app| + app.vm.hostname = "deb.test" + app.vm.network :private_network, ip: "192.168.60.7" + end +end diff --git a/hosts.yaml b/hosts.yaml index 58a414c..4fd70b8 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -1,4 +1,4 @@ -multi: +all: vars: ansible_host: "127.0.0.1" ansible_ssh_user: "vagrant" @@ -9,7 +9,7 @@ multi: # hide all warnings regarding the discovered python interpreters on the remote side # https://docs.ansible.com/ansible-core/2.18/reference_appendices/interpreter_discovery.html ansible_python_interpreter: "auto_silent" - +multi: children: application_servers: database_servers: @@ -26,3 +26,8 @@ database_servers: ansible_ssh_port: 2201 ansible_become_user: "postgres" +debian: + hosts: + deb: + ansible_host: 127.0.0.1 + ansible_ssh_port: 2202 diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml new file mode 100644 index 0000000..b024e11 --- /dev/null +++ b/playbooks/playbook.yaml @@ -0,0 +1,183 @@ +--- +- name: Follow Tutorial + hosts: debian + become: true + + vars_files: + - vars.yaml + + pre_tasks: + - name: Update apt cache if needed + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + + handlers: + - name: restart apache + ansible.builtin.service: + name: apache2 + state: restarted + + tasks: + - name: Get software for apt repository management + ansible.builtin.apt: + state: present + name: + - python3-apt + - python3-pycurl + + - name: "Install Apache, MySQL, PHP, and other dependencies" + ansible.builtin.apt: + state: present + name: + - acl + - git + - curl + - unzip + - sendmail + - apache2 + - php8.2-common + - php8.2-cli + - php8.2-dev + - php8.2-gd + - php8.2-curl + - php8.2-opcache + - php8.2-xml + - php8.2-mbstring + - php8.2-pdo + - php8.2-mysql + - php8.2-apcu + - libpcre3-dev + - libapache2-mod-php8.2 + - python3-mysqldb + - default-mysql-server + + - name: Install the firewall + ansible.builtin.apt: + name: ufw + state: present + + - name: Disable the firewall (since this is for local dev only). + ansible.builtin.service: + name: ufw + state: stopped + + - name: "Start Apache, MySQL, and PHP." + ansible.builtin.service: + name: "{{ item }}" + state: started + enabled: true + loop: + - apache2 + - mysql + + - name: Enable Apache rewrite module (required for Drupal). + community.general.apache2_module: + name: rewrite + state: present + notify: restart apache + + - name: Add Apache virtualhost for Drupal. + ansible.builtin.template: + src: "templates/drupal.test.conf.j2" + dest: "/etc/apache2/sites-available/{{ domain }}.test.conf" + owner: root + group: root + mode: "0664" + notify: restart apache + + - name: Enable Drupal site. + ansible.builtin.command: > + a2ensite {{ domain }}.test + creates=/etc/apache2/sites-enabled/{{ domain }}.test.conf + notify: restart apache + + - name: Disable the default site. + ansible.builtin.command: > + a2dissite 000-default + removes=/etc/apache2/sites-enabled/000-default.conf + notify: restart apache + + - name: Adjust OpCache memory setting. + ansible.builtin.lineinfile: + dest: "/etc/php/8.2/apache2/conf.d/10-opcache.ini" + regexp: "^opcache/memory_consumption" + line: "opcache.memory_consumption = 96" + state: present + notify: restart apache + + - name: Create a MySQL database for Drupal. + community.mysql.mysql_db: + db: "{{ domain }}" + state: present + + - name: Create a MySQL user for Drupal. + community.mysql.mysql_user: + name: "{{ domain }}" + password: "1234" + priv: "{{ domain }}.*:ALL" + host: localhost + state: present + + - name: Download Composer installer. + ansible.builtin.get_url: + url: https://getcomposer.org/installer + dest: /tmp/composer-installer.php + mode: "0755" + - name: Run Composer installer. + ansible.builtin.command: > + php composer-installer.php + chdir=/tmp + creates=/usr/local/bin/composer + - name: Mov Composer into globally-accessible location. + ansible.builtin.command: > + mv /tmp/composer.phar /usr/local/bin/composer + creates=/usr/local/bin/composer + + - name: Ensure Drupal directory exists. + ansible.builtin.file: + path: "{{ drupal_core_path }}" + state: directory + owner: www-data + group: www-data + - name: Check if Drupal project already exists. + ansible.builtin.stat: + path: "{{ drupal_core_path }}/composer.json" + register: drupal_composer_json + + - name: Create Drupal project. + community.general.composer: + command: create-project + arguments: drupal/recommended-project:^9 "{{ drupal_core_path }}" + working_dir: "{{ drupal_core_path }}" + no_dev: true + become_user: www-data + when: not drupal_composer_json.stat.exists + + - name: Ensure cache dir is writable by www-data. + ansible.builtin.file: + dest: "/var/www/.cache" + state: directory + group: www-data + owner: www-data + mode: "0755" + + - name: Add drush to the Drupal site with composer. + community.general.composer: + command: require + arguments: "drush/drush:^11" + working_dir: "{{ drupal_core_path }}" + become_user: www-data + when: not drupal_composer_json.stat.exists + + - name: Install Drupal + ansible.builtin.command: > + vendor/bin/drush si -y --site-name="{{ drupal_site_name }}" + --account-name=admin + --account-pass=admin + --db-url=mysql:://{{ domain }}:1234@localhost/{{ domain }} + --root={{ drupal_core_path }}/web + chdir={{ drupal_core_path }} + creates={{ drupal_core_path }}/web/sites/default/settings.php + notify: restart apache + become_user: www-data diff --git a/playbooks/templates/drupal.test.conf.j2 b/playbooks/templates/drupal.test.conf.j2 new file mode 100644 index 0000000..ab78902 --- /dev/null +++ b/playbooks/templates/drupal.test.conf.j2 @@ -0,0 +1,10 @@ + + ServerAdmin webmaster@localhost + ServerName {{ domain }}.test + ServerAlias www.{{ domain }}.test + DocumentRoot {{ drupal_core_path }}/web + + Options FollowSymlinks Indexes + AllowOverride All + + diff --git a/playbooks/vars.yaml b/playbooks/vars.yaml new file mode 100644 index 0000000..b658fd3 --- /dev/null +++ b/playbooks/vars.yaml @@ -0,0 +1,4 @@ +--- +drupal_core_path: "/var/www/drupal" +domain: "drupal" +drupal_site_name: "Drupal Test" From 430a509fc7eb356613a79761a1aa8dcb0f61a219 Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 19:54:04 +0100 Subject: [PATCH 4/6] [ansible] enable pipelining for moar better performance --- ansible.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible.cfg b/ansible.cfg index 4992475..4acbd23 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,3 +2,4 @@ inventory = hosts.yaml gathering = smart transport = ssh +pipelining = true From fdcd23d9b3c1fa316d751bce68c264d90dcc3b0c Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 19:54:27 +0100 Subject: [PATCH 5/6] [todo] greatly extend todo list --- TODO.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/TODO.md b/TODO.md index 911e900..aaa5309 100644 --- a/TODO.md +++ b/TODO.md @@ -9,6 +9,7 @@ description: Todo items in lists, and lists themselves, are not prioritised - [ ] create db schema and user for the django project - [ ] install some django project via git on "application_servers" - [ ] avoid using git&python as root + - [ ] use caddy server instead of nginx - [ ] allow "application_servers" to conntect to "database_servers" - [ ] `./manage.py check` should pass as well - [ ] make playbook available via "just deploy" @@ -21,3 +22,17 @@ description: Todo items in lists, and lists themselves, are not prioritised - [ ] create backups (sql dump) or snapshot of postgres DB - [ ] make it available via "just backup" + +- [ ] install docker + - [ ] install some test image and run it + +- [ ] set up virtual machine stuff + - [ ] run some OS in such a VM + - VM in a VM: does that work on local test? + - [ ] change setup of that virtualised VM + - [ ] install a software and change its configuration (via ansible?) + +- [ ] deploy local Raspberry pi + - [ ] NAS + - [ ] media player + - [ ] pi hole From 05e10e6a653953cf83f8823356b86552e0784f22 Mon Sep 17 00:00:00 2001 From: bronsen Date: Mon, 3 Mar 2025 19:54:56 +0100 Subject: [PATCH 6/6] [just] rename default variables --- justfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/justfile b/justfile index f6e1b03..2942ff7 100644 --- a/justfile +++ b/justfile @@ -1,4 +1,11 @@ +default: check +default_playbook := "playbooks/default.yaml" +default_inventory := "./hosts.yaml" + deps: pip-compile-multi \ --generate-hashes base \ --header requirements/_header_text + +check playbook=playbook inventory=default_inventory: + ansible-playbook {{playbook}} --inventory={{inventory}} --check