diff options
| -rw-r--r-- | ansible/inventory-localhost | 4 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/main.yml | 2 | ||||
| -rw-r--r-- | ansible/roles/influx/tasks/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/web/files/apache-virtualhost.conf | 40 | ||||
| -rw-r--r-- | ansible/roles/web/files/gondul.conf | 42 | ||||
| -rw-r--r-- | ansible/roles/web/files/varnish.service | 3 | ||||
| -rw-r--r-- | ansible/roles/web/files/varnish.vcl | 76 | ||||
| -rw-r--r-- | ansible/roles/web/handlers/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/web/tasks/main.yml | 48 | ||||
| -rw-r--r-- | ansible/site.yml | 3 | 
10 files changed, 173 insertions, 53 deletions
| diff --git a/ansible/inventory-localhost b/ansible/inventory-localhost index 9481f45..37b53c1 100644 --- a/ansible/inventory-localhost +++ b/ansible/inventory-localhost @@ -2,11 +2,11 @@  localhost ansible_connection=local  [postgres]  localhost ansible_connection=local +[influx] +localhost ansible_connection=local  [web]  localhost ansible_connection=local  [ping]  localhost ansible_connection=local  [snmp]  localhost ansible_connection=local -[influx] -localhost ansible_connection=local diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index fbd42d1..562af85 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -3,4 +3,4 @@    tags:    - git-all    - git-gondul -  git: repo=https://github.com/tech-server/gondul.git dest=/opt/gondul update=no accept_hostkey=yes +  git: repo={{ git_repo }} dest=/opt/gondul update=no accept_hostkey=yes version={{ git_branch }} diff --git a/ansible/roles/influx/tasks/main.yml b/ansible/roles/influx/tasks/main.yml index 196924f..84a1ca9 100644 --- a/ansible/roles/influx/tasks/main.yml +++ b/ansible/roles/influx/tasks/main.yml @@ -10,5 +10,9 @@  - name: Start the InfluxDB service    service: name=influxdb state=started +- name: Wait a few seconds for InfluxDB to start +  pause: +    seconds: 5 +  - name: Create database    command: /usr/bin/influx -execute 'CREATE DATABASE gondul' diff --git a/ansible/roles/web/files/apache-virtualhost.conf b/ansible/roles/web/files/apache-virtualhost.conf new file mode 100644 index 0000000..d9fadbe --- /dev/null +++ b/ansible/roles/web/files/apache-virtualhost.conf @@ -0,0 +1,40 @@ +<VirtualHost *:8080> +  ServerAdmin lol@example.com +  ServerName gondul.gathering.org +  ServerAlias gondul.gathering.org + +  DocumentRoot /opt/gondul/web +  ScriptAlias /api/write/ /opt/gondul/web/api/write/ +  ScriptAlias /api/read/ /opt/gondul/web/api/read/ +  ScriptAlias /api/public/ /opt/gondul/web/api/public/ +  <Directory "/opt/gondul/web/api/write/"> +    AllowOverride None +    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +  </Directory> +  <Directory "/opt/gondul/web/api/read/"> +    AllowOverride None +    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +  </Directory> +  <Directory "/opt/gondul/web/api/public/"> +    AllowOverride None +    Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch +    Require all granted +  </Directory> +  <Directory "/opt/gondul/web"> +    AllowOverride None +    Options Indexes FollowSymLinks MultiViews +    AddDefaultCharset UTF-8 +    Require all granted +  </Directory> + + +  ErrorLog /var/log/apache2/error-nms.example.com.log + +  # Possible values include: debug, info, notice, warn, error, crit, +  # alert, emerg. +  LogLevel warn + +  CustomLog /var/log/apache2/access-nms.example.com.log combined +  ServerSignature On + +</VirtualHost> diff --git a/ansible/roles/web/files/gondul.conf b/ansible/roles/web/files/gondul.conf deleted file mode 100644 index 3c6de86..0000000 --- a/ansible/roles/web/files/gondul.conf +++ /dev/null @@ -1,42 +0,0 @@ -<VirtualHost *:80> -        ServerAdmin lol@example.com -        ServerName gondul.gathering.org -        ServerAlias gondul.gathering.org - -        DocumentRoot /opt/gondul/web -	ScriptAlias /api/write/ /opt/gondul/web/api/write/ -	ScriptAlias /api/read/ /opt/gondul/web/api/read/ -	ScriptAlias /api/public/ /opt/gondul/web/api/public/ -	<Directory "/opt/gondul/web/api/write/"> -		AllowOverride None -		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch -	</Directory> -	<Directory "/opt/gondul/web/api/read/"> -		AllowOverride None -		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch -	</Directory> -	<Directory "/opt/gondul/web/api/public/"> -		AllowOverride None -		Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch -		Require all granted -	</Directory> -        <Directory "/opt/gondul/web"> -                AllowOverride None -                Options Indexes FollowSymLinks MultiViews -                AddDefaultCharset UTF-8 -		Require all granted -        </Directory> - -        ProxyPass "/query" "http://localhost:8086/query" -        ProxyPassReverse "/query" "http://localhost:8086/query" -         -        ErrorLog /var/log/apache2/error-nms.example.com.log - -        # Possible values include: debug, info, notice, warn, error, crit, -        # alert, emerg. -        LogLevel warn - -        CustomLog /var/log/apache2/access-nms.example.com.log combined -        ServerSignature On - -</VirtualHost> diff --git a/ansible/roles/web/files/varnish.service b/ansible/roles/web/files/varnish.service new file mode 100644 index 0000000..82b012f --- /dev/null +++ b/ansible/roles/web/files/varnish.service @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m diff --git a/ansible/roles/web/files/varnish.vcl b/ansible/roles/web/files/varnish.vcl new file mode 100644 index 0000000..b082971 --- /dev/null +++ b/ansible/roles/web/files/varnish.vcl @@ -0,0 +1,76 @@ +# vim: ts=8:expandtab:sw=4:softtabstop=4 + +vcl 4.0; + +backend default { +    .host = "localhost"; +    .port = "8080"; +} + +backend influx { +    .host = "localhost"; +    .port = "8086"; +} + +sub vcl_recv { +    if (req.url ~ "^/where" || req.url ~ "^/location") { +        set req.url = "/api/public/location"; +    } +    if (req.method != "GET" && +        req.method != "HEAD" && +        req.method != "PUT" && +        req.method != "POST" && +        req.method != "TRACE" && +        req.method != "OPTIONS" && +        req.method != "DELETE") { +        # Vi hater alt som er gøy. +        return (synth(418,"LOLOLOL")); +    } + +    if (req.url ~ "^/query") { +        set req.backend_hint = influx; +    } + +    if (req.method != "GET" && req.method != "HEAD") { +        /* We only deal with GET and HEAD by default */ +        return (pass); +    } + +    # Brukes ikke. Cookies er for nubs. +    unset req.http.Cookie; + +    # Tvinges gjennom for å cache med authorization-skrot. +    return (hash); +} + + +# Rosa magi +sub vcl_hash { +    # Wheee. Legg til authorization-headeren i hashen. +    hash_data(req.http.authorization); +} + +# Mauve magi. Hva nå enn det er. +# Dette er WIP - Skal flyttes til backend +sub vcl_backend_response { +    set beresp.http.x-url = bereq.url; +    if (beresp.http.x-ban) { +        ban("obj.http.x-url ~ " + beresp.http.x-ban); +    } +    if (bereq.url ~ "/query") { +        # Let's blindly cache influx requests for 5+10s +        set beresp.http.Cache-Control = "max-age=5"; +        unset beresp.http.Pragma; +        set beresp.uncacheable = false; +        set beresp.grace = 10s; +        set beresp.ttl = 5s; +    } +    if (beresp.status != 200) { +        set beresp.uncacheable = false; +        set beresp.ttl = 5s; +    } +    if (bereq.url ~ "\.(html|css|js)") { +        # Mainly for ease of development +        set beresp.ttl = 10s; +    } +} diff --git a/ansible/roles/web/handlers/main.yml b/ansible/roles/web/handlers/main.yml index 407739b..3f71f4c 100644 --- a/ansible/roles/web/handlers/main.yml +++ b/ansible/roles/web/handlers/main.yml @@ -1,3 +1,7 @@  ---  - name: restart apache    service: name=apache2 state=restarted +- name: restart varnish +  service: name=varnish state=restarted +- name: reload systemd +  command: systemctl daemon-reload diff --git a/ansible/roles/web/tasks/main.yml b/ansible/roles/web/tasks/main.yml index 3eb4279..01bf17f 100644 --- a/ansible/roles/web/tasks/main.yml +++ b/ansible/roles/web/tasks/main.yml @@ -36,30 +36,62 @@          - cpanminus          - apt-transport-https -- apache2_module: +- name: Add packagecloud.io Varnish apt key. +  apt_key: +    url: https://packagecloud.io/varnishcache/varnish5/gpgkey      state: present -    name: cgid -  notify: restart apache -- apache2_module: + +- name: Add packagecloud.io Varnish apt repository. +  apt_repository: +    repo: "deb https://packagecloud.io/varnishcache/varnish5/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} main"      state: present -    name: proxy + +- name: Ensure Varnish is installed. +  apt: +    name: "varnish" +    state: present + +- name: Copy varnish config +  copy: +      dest: /etc/varnish/default.vcl +      src: varnish.vcl +  notify: restart varnish + +- name: Ensure folder varnish.service.d exists +  file: path=/etc/systemd/system/varnish.service.d/ state=directory mode=0755 + +- name: Change varnish service.d +  copy: +      dest: /etc/systemd/system/varnish.service.d/customexec.conf +      src: varnish.service +  notify: +    - reload systemd +    - restart varnish + +- name: Make apache listen on port 8080 +  lineinfile: dest=/etc/apache2/ports.conf regexp="^Listen 80" line="Listen 8080" state=present    notify: restart apache +  - apache2_module:      state: present -    name: proxy_http +    name: cgid    notify: restart apache +  - name: Enable gondul-config    copy: -      dest: /etc/apache2/sites-enabled/ -      src: gondul.conf +      dest: /etc/apache2/sites-enabled/gondul.conf +      src: apache-virtualhost    notify: restart apache +  - command: a2dissite 000-default    ignore_errors: true    notify: restart apache +  - name: Enable gondul-config    copy:        dest: /etc/apache2/sites-enabled/        src: gondul.conf    notify: restart apache +  - cpanm:      name: AnyEvent::InfluxDB diff --git a/ansible/site.yml b/ansible/site.yml index 40ea35c..43ab769 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -2,6 +2,9 @@  - hosts: all    roles:      - common +  vars: +    git_repo: https://github.com/tech-server/gondul.git +    git_branch: master  - hosts: postgres    become: true    roles: | 
