diff --git a/cmd/freegeoip/ansible-playbook/README.md b/cmd/freegeoip/ansible-playbook/README.md index 5264caf..2e04820 100644 --- a/cmd/freegeoip/ansible-playbook/README.md +++ b/cmd/freegeoip/ansible-playbook/README.md @@ -19,5 +19,5 @@ Following is a TODO list for people willing to use this playbook: Then run: ```bash -ansible-playbook -u root ./freegeoip.yml +ansible-playbook -u $user ./freegeoip.yml ``` diff --git a/cmd/freegeoip/ansible-playbook/freegeoip.yml b/cmd/freegeoip/ansible-playbook/freegeoip.yml index 4493a4e..5f86fb3 100644 --- a/cmd/freegeoip/ansible-playbook/freegeoip.yml +++ b/cmd/freegeoip/ansible-playbook/freegeoip.yml @@ -6,10 +6,11 @@ roles: - nodeexporter - freegeoip + - memcached - redis vars: nodeexporter_url: http://github.com/prometheus/node_exporter/releases/download/0.11.0/node_exporter-0.11.0.linux-amd64.tar.gz - freegeoip_url: https://github.com/fiorix/freegeoip/releases/download/v3.0.10/freegeoip-3.0.10-linux-amd64.tar.gz + freegeoip_url: https://github.com/fiorix/freegeoip/releases/download/v3.1.0/freegeoip-3.1.0-linux-amd64.tar.gz freegeoip_params: - -http=:80 - -https=:443 @@ -18,10 +19,13 @@ - -internal-server=:8888 - -silent - -public=/opt/freegeoip/public + - -quota-backend=memcache - -quota-max=10000 - -quota-interval=1h - -redis={% for host in groups['freegeoip'] %}{{ hostvars[host]['private_ip'] }}:6379{% if not loop.last %},{% endif %}{% endfor %} - - -redis-timeout=1s + - -redis-timeout=10s + - -memcache={% for host in groups['freegeoip'] %}{{ hostvars[host]['private_ip'] }}:11211{% if not loop.last %},{% endif %}{% endfor %} + - -memcache-timeout=10s - hosts: monitor roles: diff --git a/cmd/freegeoip/ansible-playbook/roles/base/tasks/iptables.yml b/cmd/freegeoip/ansible-playbook/roles/base/tasks/iptables.yml index ac16cc9..4fecc27 100644 --- a/cmd/freegeoip/ansible-playbook/roles/base/tasks/iptables.yml +++ b/cmd/freegeoip/ansible-playbook/roles/base/tasks/iptables.yml @@ -6,7 +6,3 @@ mode=0644 notify: - reload-iptables - -- debug: trigger reload-iptables - notify: reload-iptables - changed_when: true diff --git a/cmd/freegeoip/ansible-playbook/roles/memcached/files/memcached.conf b/cmd/freegeoip/ansible-playbook/roles/memcached/files/memcached.conf new file mode 100644 index 0000000..258e0de --- /dev/null +++ b/cmd/freegeoip/ansible-playbook/roles/memcached/files/memcached.conf @@ -0,0 +1,42 @@ +# Run memcached as a daemon. This command is implied, and is not needed for the +# daemon to run. See the README.Debian that comes with this package for more +# information. +-d + +# Log memcached's output to /var/log/memcached +logfile /var/log/memcached.log + +# Be verbose +# -v + +# Be even more verbose (print client commands as well) +# -vv + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +-m 2048 + +# Default connection port is 11211 +-p 11211 + +# Run the daemon as root. The start-memcached will default to running as root if no +# -u command is present in this config file +-u memcache + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l 0.0.0.0 + +# Limit the number of simultaneous incoming connections. The daemon default is 1024 +-c 10240 + +# Lock down all paged memory. Consult with the README and homepage before you do this +# -k + +# Return error when memory is exhausted (rather than removing items) +# -M + +# Maximize core file limit +# -r diff --git a/cmd/freegeoip/ansible-playbook/roles/memcached/handlers/main.yml b/cmd/freegeoip/ansible-playbook/roles/memcached/handlers/main.yml new file mode 100644 index 0000000..8f04cf4 --- /dev/null +++ b/cmd/freegeoip/ansible-playbook/roles/memcached/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart memcached + service: name=memcached state=restarted diff --git a/cmd/freegeoip/ansible-playbook/roles/memcached/tasks/main.yml b/cmd/freegeoip/ansible-playbook/roles/memcached/tasks/main.yml new file mode 100644 index 0000000..c187980 --- /dev/null +++ b/cmd/freegeoip/ansible-playbook/roles/memcached/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Install memcached + apt: name=memcached state=installed + +- name: Write custom memcached.conf + copy: src=memcached.conf + dest=/etc/memcached.conf + owner=root + group=root + mode=0644 + notify: + - restart memcached + +- name: Make sure memcached is running + service: name=memcached state=running