WP Ansible - part 2

.gitignore

@@ -1,3 +1,5 @@
 *.cache
 env
 roles/common/files/*.pub
+Vagrantfile
+.vagrant/

group_vars/apps.yml

@@ -6,3 +6,29 @@ incoming:
     port: 80
   - name: HTTPS
     port: 443
+
+# php5 configuration
+php_memory_limit: "128M"
+php_max_execution_time: "10"
+php_upload_max_filesize: "10M"
+php_apc_enabled_in_ini: false
+php_opcache_enabled_in_ini: true
+php_expose_php: "Off"
+php_short_open_tag: true
+php_enable_php_fpm: true
+php_enable_webserver: false
+php_conf_path: "/etc/php5/fpm"
+php_packages:
+  - php5
+  - php5-cli
+  - php-pear
+  - php5-common
+  - php5-curl
+  - php5-dev
+  - php5-gd
+  - php5-gmp
+  - php5-mcrypt
+  - php5-mysql
+  - php5-xmlrpc
+  - php5-xsl
+  - php5-fpm

group_vars/mysql_passwords.yml

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+38313764336437306662366561396632393334666166336634363261616238346635356362373365
+3330303731333063613437303833666665653834623439340a623636373133353765633634316665
+30303164366536376663306462373630313266656463386532623131643836666439633731353564
+6363303032326462350a353137336633396663646634376663313631343931346638646664663735
+61616464363834646464316165303161383664393031323630366366353064633730343130613162
+6533333235343364386364656665653131646364636239353961

hosts

@@ -0,0 +1,8 @@
+[apps]
+app1
+
+[dbs]
+db1
+
+[lbs]
+lb1

playbook.yml

@@ -1,14 +1,36 @@
 ---
- Provision Droplets
-- include: droplets.yml
+#Provision Droplets
+#- include: droplets.yml
 
 # Common tasks
-- hosts: "{{ hosts }}"
-  remote_user: root
-  gather_facts: force
+- hosts: all
+  gather_facts: True
+  sudo: yes
   roles:
     - { role: common, tags: ["common"] }
     - { role: openssh, tags: ["openssh"] }
     - { role: fail2ban, tags: ["fail2ban"] }
     - { role: rkhunter, tags: ["rkhunter"] }
     - { role: iptables, tags: ["iptables"] }
+
+# Load Balancer(s) roles
+- hosts: lbs
+  sudo: yes
+  roles:
+    - { role: haproxy, tags: ["haproxy"] }
+
+# Application Server(s) roles
+- hosts: apps
+  sudo: yes
+  roles:
+    - { role: nginx, tags: ["nginx"] }
+    - { role: php5, tags: ["php5"] }
+    - { role: hhvm, tags: ["hhvm"] }
+
+# Database Server(s) roles
+- hosts: dbs
+  sudo: yes
+  vars_files: 
+      - group_vars/mysql_passwords.yml
+  roles:
+    - { role: mysql, tags: ["mysql"] }

roles/common/tasks/main.yml

@@ -1,4 +1,7 @@
 ---
+- name: Set up the hostname
+  hostname: name={{ inventory_hostname }}
+
 - name: Install needed packages
   apt: name={{ item }} state=present update_cache=yes
   with_items: common_packages

roles/haproxy/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/haproxy/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart haproxy
+  service: name=haproxy state=restarted
+
+- name: Reload haproxy
+  service: name=haproxy state=reloaded

roles/haproxy/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+

roles/haproxy/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Add haproxy (1.6) apt repository
+  apt_repository: repo="ppa:vbernat/haproxy-1.6"
+
+- name: Install haproxy package
+  apt: name=haproxy update_cache=yes state=present

roles/hhvm/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/hhvm/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Restart hhvm
+  service: name=hhvm enabled=yes state=restarted