init commit

michaelpporter · Sep 20, 2018 · 53a0623 · 53a0623
commit 53a0623
Show file tree

Hide file tree

Showing 64 changed files with 8,889 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,6 @@
+*.retry
+vars/main-vars.yml
+files/git_user_old
+jenkins.yml
+jphp.yml
+web.yml
diff --git a/README.md b/README.md
@@ -0,0 +1,71 @@
+# Jenkins PHP Ansible
+
+A set of playbooks for setting up a Jenkins server and LAMP hosts for a development servers.
+
+This will not work out of the box, some setup is required.
+
+Copy `var/main-vars.sample.yml` to `var/main-vars.yml` and updated the varaibles for your setup.
+
+
+## Local ssh config
+
+Setup your SSH config file to include the servers you are working with `~/.ssh/config`.
+
+
+```
+Host jenkins
+    Hostname remoteip # Remote IP Address
+    User demo # `user_sudouser_username` from var/main-vars.yml
+    Port 7822 # `remote_port` from var/main-vars.yml
+
+Host web01
+    Hostname remoteip
+    User demo
+    Port 7822
+
+Host web02
+    Hostname remoteip
+    User demo
+    Port 7822
+```
+
+## Ansible Hosts file
+
+Edit your hosts file to have a `jenkinsgroup`, `webgroup` and `demogroup`, if you use different names for the groups you can do a find and replace in the files.
+
+To find the path for the invitory file:
+
+```shell
+ansible --version
+ansible 2.6.3
+  config file = /Users/username/.ansible.cfg
+  configured module search path = [u'/Users/username/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
+  ansible python module location = /usr/local/Cellar/ansible/2.6.3/libexec/lib/python2.7/site-packages/ansible
+  executable location = /usr/local/bin/ansible
+  python version = 2.7.15 (default, Jul 23 2018, 21:27:06) [GCC 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2)]
+
+grep --color=auto -iR 'inventory' ~/.ansible.cfg
+/Users/username/.ansible.cfg:#inventory      = /etc/ansible/hosts
+/Users/username/.ansible.cfg:inventory = ~/.ansible/hosts
+```
+
+```ini
+[jenkinsgroup] 
+jenkins
+
+[webgroup] 
+web01 php_version='7.1'
+web02 php_version='7.1'
+
+[demogroup:children]
+jenkinsgroup
+webgroup
+```
+
+If your `jenkins` host is has anohter name, rename `var/jenkins.yml` to match. i.e. `jenkins-dev` `var/jenkins-dev.yml`
+
+```ini
+[jenkinsgroup] 
+jenkins-dev
+```
+
diff --git a/files/environment b/files/environment
@@ -0,0 +1 @@
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
diff --git a/files/mysql/my.cnf.j2 b/files/mysql/my.cnf.j2
@@ -0,0 +1,124 @@
+# {{ ansible_managed }}
+
+[client]
+#password = your_password
+port = {{ mysql_port }}
+socket = {{ mysql_socket }}
+
+[mysqld]
+sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
+port = {{ mysql_port }}
+bind-address = {{ mysql_bind_address }}
+datadir = {{ mysql_datadir }}
+socket = {{ mysql_socket }}
+pid-file = {{ mysql_pid_file }}
+{% if mysql_skip_name_resolve %}
+skip-name-resolve
+{% endif %}
+{% if mysql_sql_mode %}
+sql_mode = {{ mysql_sql_mode }}
+{% endif %}
+
+# Logging configuration.
+{% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %}
+syslog
+syslog-tag = {{ mysql_syslog_tag }}
+{% else %}
+{% if mysql_log %}
+log = {{ mysql_log }}
+{% endif %}
+log-error = {{ mysql_log_error }}
+{% endif %}
+
+{% if mysql_slow_query_log_enabled %}
+# Slow query log configuration.
+slow_query_log = 1
+slow_query_log_file = {{ mysql_slow_query_log_file }}
+long_query_time = {{ mysql_slow_query_time }}
+{% endif %}
+
+{% if mysql_replication_master %}
+# Replication
+server-id = {{ mysql_server_id }}
+
+{% if mysql_replication_role == 'master' %}
+log_bin = mysql-bin
+log-bin-index = mysql-bin.index
+expire_logs_days = {{ mysql_expire_logs_days }}
+max_binlog_size = {{ mysql_max_binlog_size }}
+binlog_format = {{mysql_binlog_format}}
+
+{% for db in mysql_databases %}
+{% if db.replicate|default(1) %}
+binlog_do_db = {{ db.name }}
+{% else %}
+binlog_ignore_db = {{ db.name }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if mysql_replication_role == 'slave' %}
+read_only
+relay-log = relay-bin
+relay-log-index = relay-bin.index
+{% endif %}
+{% endif %}
+
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links = 0
+
+# User is ignored when systemd is used (fedora >= 15).
+user = mysql
+
+# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
+;performance_schema
+
+# Memory settings.
+key_buffer_size = {{ mysql_key_buffer_size }}
+max_allowed_packet = {{ mysql_max_allowed_packet }}
+table_open_cache = {{ mysql_table_open_cache }}
+sort_buffer_size = {{ mysql_sort_buffer_size }}
+read_buffer_size = {{ mysql_read_buffer_size }}
+read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }}
+myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }}
+thread_cache_size = {{ mysql_thread_cache_size }}
+query_cache_type = {{ mysql_query_cache_type }}
+query_cache_size = {{ mysql_query_cache_size }}
+query_cache_limit = {{ mysql_query_cache_limit }}
+max_connections = {{ mysql_max_connections }}
+tmp_table_size = {{ mysql_tmp_table_size }}
+max_heap_table_size = {{ mysql_max_heap_table_size }}
+group_concat_max_len = {{ mysql_group_concat_max_len }}
+join_buffer_size = {{ mysql_join_buffer_size }}
+
+# Other settings.
+wait_timeout = {{ mysql_wait_timeout }}
+lower_case_table_names = {{ mysql_lower_case_table_names }}
+event_scheduler = {{ mysql_event_scheduler_state }}
+
+# InnoDB settings.
+{% if mysql_supports_innodb_large_prefix %}
+innodb_large_prefix = {{ mysql_innodb_large_prefix }}
+innodb_file_format = {{ mysql_innodb_file_format }}
+{% endif %}
+innodb_file_per_table = {{ mysql_innodb_file_per_table }}
+innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
+innodb_log_file_size = {{ mysql_innodb_log_file_size }}
+innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }}
+innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }}
+innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }}
+innodb_buffer_pool_instances = {{ mysql_innodb_buffer_pool_instances }}
+
+[mysqldump]
+quick
+max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }}
+
+[mysqld_safe]
+pid-file = {{ mysql_pid_file }}
+
+{% if mysql_config_include_files | length %}
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+!includedir {{ mysql_config_include_dir }}
+{% endif %}
diff --git a/files/mysql/sql_mode.cnf b/files/mysql/sql_mode.cnf
@@ -0,0 +1,2 @@
+[mysqld]
+sql_mode = "STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
diff --git a/main.yml b/main.yml
@@ -0,0 +1,74 @@
+- hosts: demogroup
+  remote_user: demo
+  become: true
+  gather_facts: false
+  pre_tasks:
+  - name: Install python for Ansible
+    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+    changed_when: False
+  - setup: # aka gather_facts
+  - name: set timezone to America/Chicago
+    timezone:
+      name: America/Chicago
+  - name: gather os specific variables
+    include_vars: "{{ item }}"
+    with_first_found:
+      - "{{ ansible_distribution }}-{{ php_version }}.yml"
+      - "{{ ansible_distribution }}.yml"
+    tags: vars
+  - name: gather apache variables
+    include_vars: "{{ item }}"
+    with_first_found:
+      - "{{ inventory_hostname }}.yml"
+      - "webgroup.yml"
+    tags: vars
+  vars_files:
+    - vars/main-vars.yml
+
+  roles:
+    - users
+    - role: geerlingguy.pip
+      when: "'webgroup' in group_names"
+    - { role: geerlingguy.certbot, certbot_certs: [] }
+    - role: setup
+      when: "'webgroup' in group_names"
+    - geerlingguy.postfix
+    - geerlingguy.certbot
+    - geerlingguy.git
+    - andrewrothstein.hub
+    - role: geerlingguy.java
+      when: "'jenkins' in group_names"
+    - role: geerlingguy.jenkins
+      when: "'jenkins' in group_names"
+    - role: oefenweb.swapfile
+      check_mode: no
+    - role: pedrocarmona.github-git-lfs
+      when: "'webgroup' in group_names"
+    - geerlingguy.apache
+    - role: geerlingguy.php-versions
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.php
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.apache-php-fpm
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.composer
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.php-mysql
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.mysql
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.adminer
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.drush
+      when: "'webgroup' in group_names"
+    - role: geerlingguy.nodejs
+      when: "'webgroup' in group_names"
+    - role: sbaerlocher.wp-cli
+      when: "'webgroup' in group_names"
+    - role: wtanaka.jq
+      when: "'webgroup' in group_names"
+    - role: logwatch
+      when: "'webgroup' in group_names"
+    - role: config
+      when: "'webgroup' in group_names"
+
diff --git a/requirements.yml b/requirements.yml
@@ -0,0 +1,25 @@
+---
+- src: andrewrothstein.hub
+- src: geerlingguy.adminer
+- src: geerlingguy.apache
+- src: geerlingguy.apache-php-fpm
+- src: geerlingguy.certbot
+- src: geerlingguy.composer
+- src: geerlingguy.drush
+- src: geerlingguy.git
+- src: geerlingguy.java
+- src: geerlingguy.jenkins
+- src: geerlingguy.memcached
+- src: geerlingguy.mysql
+- src: geerlingguy.nodejs
+- src: geerlingguy.php
+- src: geerlingguy.php-mysql
+- src: geerlingguy.php-versions
+- src: geerlingguy.pip
+- src: geerlingguy.postfix
+- src: geerlingguy.ruby
+- src: geerlingguy.solr
+- src: oefenweb.swapfile
+- src: pedrocarmona.github-git-lfs
+- src: sbaerlocher.wp-cli
+- src: wtanaka.jq
diff --git a/roles/config/defaults/main.yml b/roles/config/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+# defaults file for config
+
+config_htaccess_user: "user"
+config_htaccess_pass: "passwrd"
+
+config_postfix_use_gmail: false
+config_postfix_smtp: "[smtp.gmail.com]:587"
+config_postfix_gmail_address: "[email protected]"
+# ansible-vault encrypt_string  'password string value' --name 'config_postfix_gmail_pass'
+config_postfix_gmail_pass: ''
+config_postfix_allowed:
+  - example.com
+
+config_terminus_ci: false
diff --git a/roles/config/files/postfix/sasl_passwd.j2 b/roles/config/files/postfix/sasl_passwd.j2
@@ -0,0 +1 @@
+{{config_postfix_smtp}} {{ config_postfix_gmail_address }}:{{ config_postfix_gmail_pass }}
diff --git a/roles/config/files/postfix/transport.j2 b/roles/config/files/postfix/transport.j2
@@ -0,0 +1,4 @@
+{% for item in postfix_allowed %}
+{{ item }} :
+{% endfor %}
+* discard:
diff --git a/roles/config/files/scripts.sh b/roles/config/files/scripts.sh
@@ -0,0 +1 @@
+export PATH="$PATH:/usr/local/scripts"
diff --git a/roles/config/handlers/main.yml b/roles/config/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+  - name: restart sshd
+    service: name=sshd state=restarted
+
+  - name: restart postfix
+    service: name=postfix state=restarted
+
+  - name: restart mysql
+    service: name=mysql state=restarted
diff --git a/roles/config/tasks/gmail.yml b/roles/config/tasks/gmail.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Copy postfix transport
+  template:
+    src: files/postfix/transport.j2
+    dest: /etc/postfix/transport
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+- name: Copy postfix pass
+  template:
+    src: files/postfix/sasl_passwd.j2
+    dest: /etc/postfix/sasl/sasl_passwd
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+- name: Postmap transport
+  command: postmap /etc/postfix/transport
+  changed_when: False
+- name: Postmap pass
+  command: postmap /etc/postfix/sasl/sasl_passwd
+  changed_when: False
+
+- name: Config postfix
+  lineinfile:
+    dest: /etc/postfix/main.cf
+    state: present
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: '^transport_maps', line: 'transport_maps = hash:/etc/postfix/transport' }
+    - { regexp: '^smtpd_relay_restrictions', line: 'smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination' }
+    - { regexp: '^relayhost', line: 'relayhost = {{config_postfix_smtp}}' }
+    - { regexp: '^smtp_sasl_auth_enable', line: 'smtp_sasl_auth_enable = yes' }
+    - { regexp: '^smtp_sasl_security_options', line: 'smtp_sasl_security_options = noanonymous' }
+    - { regexp: '^smtp_sasl_password_maps', line: 'smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd' }
+    - { regexp: '^smtp_tls_security_level', line: 'smtp_tls_security_level = encrypt' }
+    - { regexp: '^smtp_tls_CAfile', line: 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' }
+  notify: restart postfix
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		[mysqld]
		sql_mode = "STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{{config_postfix_smtp}} {{ config_postfix_gmail_address }}:{{ config_postfix_gmail_pass }}