From 6dc215efd24c79c06c9d7f572f5c79218fdc2f18 Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Sun, 3 Apr 2016 17:08:47 +0200 Subject: NMS: Ansible now with restarts and htpasswd This seems to do what we need with 0 extra config, except that you'd obviously have to know the relevant vault passwords --- nms/ansible/roles/nmsfront/handlers/main.yml | 5 ++ nms/ansible/roles/nmsfront/tasks/main.yml | 84 ++++++++++++++++++++++------ nms/ansible/roles/nmsfront/vars/main.yml | 6 ++ nms/ansible/site.yml | 4 -- 4 files changed, 79 insertions(+), 20 deletions(-) create mode 100644 nms/ansible/roles/nmsfront/handlers/main.yml create mode 100644 nms/ansible/roles/nmsfront/vars/main.yml diff --git a/nms/ansible/roles/nmsfront/handlers/main.yml b/nms/ansible/roles/nmsfront/handlers/main.yml new file mode 100644 index 0000000..5cc3cb8 --- /dev/null +++ b/nms/ansible/roles/nmsfront/handlers/main.yml @@ -0,0 +1,5 @@ +- name: restart apache + service: name=apache2 state=restarted + +- name: restart varnish + service: name=varnish state=restarted diff --git a/nms/ansible/roles/nmsfront/tasks/main.yml b/nms/ansible/roles/nmsfront/tasks/main.yml index 4e9d7b2..d4e8d00 100644 --- a/nms/ansible/roles/nmsfront/tasks/main.yml +++ b/nms/ansible/roles/nmsfront/tasks/main.yml @@ -1,24 +1,76 @@ +- name: Basic packages + apt: name={{ item }} state=present + with_items: + - python-demjson + - python-passlib + - libcapture-tiny-perl + - libcommon-sense-perl + - libdata-dumper-simple-perl + - libdbd-pg-perl + - libdbi-perl + - libdigest-perl + - libjson-perl + - libjson-xs-perl + - libnetaddr-ip-perl + - libnet-cidr-perl + - libnet-ip-perl + - libnet-openssh-perl + - libnet-oping-perl + - libnet-rawip-perl + - libsnmp-perl + - libsocket6-perl + - libsocket-perl + - libswitch-perl + - libtimedate-perl + - perl + - perl-base + - perl-modules + - varnish + - libfreezethaw-perl + - apache2 - - name: Enable CGI - apache2_module: state=present name=cgid +- name: Enable CGI + apache2_module: state=present name=cgid + notify: + - restart apache - - name: Remove default apache site - file: path=/etc/apache2/sites-enabled/000-default.conf state=absent +- name: Remove default apache site + file: path=/etc/apache2/sites-enabled/000-default.conf state=absent + notify: + - restart apache - - name: Add NMS site config - file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link +- name: Add NMS site config + file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link + notify: + - restart apache - - name: "Apache: Don't listen on 80" - lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf +- name: "Apache: Don't listen on 80" + lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf + notify: + - restart apache - - name: "Apache: DO listen on 8080" - lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf +- name: "Apache: DO listen on 8080" + lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf + notify: + - restart apache - - name: "Varnish: Set up VCL" - file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true +- name: "Varnish: Set up VCL" + file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true + notify: + - restart varnish - - name: "Varnish: Remove default systemd config" - lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service +- name: "Varnish: Remove default systemd config" + lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service + notify: + - restart varnish - - name: "Varnish: Add sensible systemd config" - lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" +- name: "Varnish: Add sensible systemd config" + lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" + notify: + - restart varnish + +- name: Setup basic auth for nms read-only + htpasswd: path=/srv/tgmanage/web/htpasswd-read name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640 + +- name: Setup basic auth for nms write-only + htpasswd: path=/srv/tgmanage/web/htpasswd-write name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640 diff --git a/nms/ansible/roles/nmsfront/vars/main.yml b/nms/ansible/roles/nmsfront/vars/main.yml new file mode 100644 index 0000000..b7e2a81 --- /dev/null +++ b/nms/ansible/roles/nmsfront/vars/main.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +36643163343266613738383865323138366265616435316431663035623038623339666462633634 +3130363031633765306233333133363633663130393238660a646566396636653835383037613236 +37383335336361323962383838333330656634636461303636343166613236633566316533646561 +6130303831626632320a353732663631313931346136376536336234613866323966363062663265 +62363238393062363933623030643165396466383438623734316565663935363464 diff --git a/nms/ansible/site.yml b/nms/ansible/site.yml index 27ad768..e0f534a 100644 --- a/nms/ansible/site.yml +++ b/nms/ansible/site.yml @@ -68,7 +68,3 @@ - varnish - libfreezethaw-perl - apache2 - - - - -- cgit v1.2.3