diff options
| author | Kristian Lyngstol <kristian@bohemians.org> | 2016-04-01 20:41:53 +0200 | 
|---|---|---|
| committer | Kristian Lyngstol <kristian@bohemians.org> | 2016-04-01 20:41:53 +0200 | 
| commit | d1f06af5828a198bda396e04a712774b7a449d00 (patch) | |
| tree | 029f3d12eb072a8737f7be11c04a4d73df57e990 | |
| parent | a1cbb896dad0c9ee4841f6fd4835a05f3013fbc7 (diff) | |
NMS: Add ansible playbook for front and fix VCL
Works OK, but some work is still needed, specially regarding configuration
and passwords and whatnot.
| -rw-r--r-- | nms/ansible/inventory | 6 | ||||
| -rw-r--r-- | nms/ansible/playbook.yml | 96 | ||||
| -rw-r--r-- | web/etc/varnish/nms.vcl | 13 | 
3 files changed, 103 insertions, 12 deletions
| diff --git a/nms/ansible/inventory b/nms/ansible/inventory new file mode 100644 index 0000000..8e6c8ff --- /dev/null +++ b/nms/ansible/inventory @@ -0,0 +1,6 @@ +[db] +nms-dev-db.gathering.org + +[nms-front] +dockerlol +nms-dev-db.gathering.org diff --git a/nms/ansible/playbook.yml b/nms/ansible/playbook.yml new file mode 100644 index 0000000..c6f558c --- /dev/null +++ b/nms/ansible/playbook.yml @@ -0,0 +1,96 @@ +--- +- hosts: nms-front +  become: false +  tasks: +  # Some of these are probably redundant, but kept around because it works +  # and they aren't too bad. +  - name: Misc packages +    apt: name={{ item }} state=present +    with_items: +    - wget +    - vim +    - man +    - build-essential +    - net-tools +    - bash-completion +    - git-core +    - autoconf +    - netcat +    - libwww-perl +    - libmicrohttpd-dev +    - libcurl4-gnutls-dev +    - libedit-dev +    - libpcre3-dev +    - libncurses5-dev +    - python-demjson +    - python-docutils +    - libtool +    - locales +    - screen +    - openssh-server	 +    - libcapture-tiny-perl +    - libcgi-pm-perl +    - libcommon-sense-perl +    - libdata-dumper-simple-perl +    - libdbd-pg-perl +    - libdbi-perl +    - libdigest-perl +    - libgd-perl +    - libgeo-ip-perl +    - libhtml-parser-perl +    - libhtml-template-perl +    - libimage-magick-perl +    - libimage-magick-q16-perl +    - libjson-perl +    - libjson-xs-perl +    - libnetaddr-ip-perl +    - libnet-cidr-perl +    - libnet-ip-perl +    - libnet-openssh-perl +    - libnet-oping-perl +    - libnet-rawip-perl +    - libnet-telnet-cisco-perl +    - libnet-telnet-perl +    - libsnmp-perl +    - libsocket6-perl +    - libsocket-perl +    - libswitch-perl +    - libtimedate-perl +    - perl +    - perl-base +    - perl-modules +    - varnish +    - libfreezethaw-perl		 +    - apache2 + +  # Note the update! +  #  +  # The idea here is that you run this playbook repeatedly on whatever +  # "production" site is in use instead of manually logging in and doing +  # changes. +  - name: tgmanage repo +    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no + +  - name: Enable CGI +    apache2_module: state=present name=cgid + +  - name: Remove default apache site +    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent + +  - name: Add NMS site config +    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link + +  - name: "Apache: Don't listen on 80" +    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf + +  - name: "Apache: DO listen on 8080" +    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf + +  - name: "Varnish: Set up VCL" +    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true + +  - name: "Varnish: Remove default systemd config" +    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service + +  - name: "Varnish: Add sensible systemd config" +    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" diff --git a/web/etc/varnish/nms.vcl b/web/etc/varnish/nms.vcl index 8ac8b46..754ecbc 100644 --- a/web/etc/varnish/nms.vcl +++ b/web/etc/varnish/nms.vcl @@ -1,24 +1,13 @@  # vim: ts=8:expandtab:sw=4:softtabstop=4 -# Magi.  vcl 4.0; -# Mer magi.  backend default {      .host = "127.0.0.1";      .port = "8080";  } -acl yoda { -    "185.110.148.11"; -    "127.0.0.1"; -    "::1"; -    "2a06:5841:1337::11"; -} -# Sort magi. +  sub vcl_recv { -    if (client.ip !~ yoda) { -        return (synth(418,"GET RECKT")); -    }      if (req.url ~ "^/where" || req.url ~ "^/location") {  	set req.url = "/api/public/location";      } | 
