-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathsite.step-40-app-node.yml
204 lines (156 loc) · 7.27 KB
/
site.step-40-app-node.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
- import_playbook: site.common.group-current-hosts.yml
- hosts: app:¤t:!immutable
gather_facts: no
pre_tasks:
- name: Wait for builder's SSH to become available
wait_for_connection: ~
- name: Gather facts for first time
setup: ~
roles:
- role: cs.aws-node-facts
delegate_to: localhost
delegate_facts: no
become: no
when: aws_use
- role: cs.aws-rds-facts
delegate_to: localhost
delegate_facts: no
become: no
when: aws_use
- role: cs.switch-to-dnf
- role: cs.mageops-cli-user
mageops_cli_user: root
mageops_cli_user_bashrc_fragments:
- magento-root
- role: cs.mageops-cli-user
mageops_cli_user: "{{ magento_user }}"
mageops_cli_user_group: "{{ magento_group }}"
mageops_cli_user_uid: "{{ magento_uid }}"
mageops_cli_user_gid: "{{ magento_gid }}"
mageops_cli_user_bashrc_fragments:
- magento
- role: cs.mageops-authorize-keys
mageops_ssh_authorize_app: yes
- role: cs.versionlock
node_name: app
versionlock_packages: "{{ versionlock_app_node_packages + versionlock_app_node_packages_base + versionlock_app_node_packages_extra }}"
versionlock_ban_packages: "{{ versionlock_app_node_ban_packages + versionlock_app_node_ban_packages + versionlock_app_node_ban_packages_extra }}"
- role: cs.selinux-disable
- role: cs.optimize-kernel
optimize_kernel_reboot_system: no
- role: cs.tuned
- role: cs.zram
zram_size_relative: "{{ mageops_app_node_zram_size_relative }}"
when: mageops_app_node_zram_enable
- role: cs.optimize-vm-disk-io
when: mageops_app_node_optimize_kernel_vm_io
- role: cs.swap
swap_swappiness: "{{ mageops_app_node_swappiness }}"
when: mageops_app_node_swap_enable
- role: cs.earlyoom
when: mageops_earlyoom_enable
- role: cs.systemd-oomd
systemd_oomd_reboot_system: no
when: mageops_oomd_enable
- role: cs.aws-cli
when: aws_use
- role: cs.packages
packages_install: "{{ mageops_packages_common + mageops_packages_app_node + mageops_packages_app_node_extra }}"
packages_full_update: no
- role: cs.mageops-cli-profile
- role: cs.cron
- role: geerlingguy.ntp
- role: cs.supervisor
supervisor_programs: "{{ mageops_supervisor_programs_app_node }}"
supervisor_service_autostart: no
supervisor_service_initial_state: stopped
- role: cs.nginx
- role: cs.nginx-url-blacklist
- role: cs.nginx-magento
nginx_secure_cron_user: "{{ magento_cron_user }}"
nginx_secure_cron_password: "{{ magento_cron_password }}"
nginx_secure_site: "{{ mageops_secure_site and not varnish_standalone }}"
nginx_secure_site_user: "{{ mageops_secure_site_user }}"
nginx_secure_site_password: "{{ mageops_secure_site_password }}"
nginx_app_root_dir: "{{ magento_live_release_dir }}"
nginx_blacklist_urls: "{{ mageops_app_node_https_termination_enable | ternary([], mageops_app_node_nginx_blacklist_urls) }}"
nginx_fcgi_backend_socket: "{{ php_fpm_pool_fcgi_socket_path }}"
nginx_fcgi_backend_debug_socket: "{{ php_fpm_debug_pool_fcgi_socket_path }}"
- role: cs.nginx-https-termination
when: mageops_app_node_https_termination_enable
nginx_blacklist_urls: "{{ mageops_app_node_https_termination_enable | ternary(mageops_app_node_nginx_blacklist_urls, []) }}"
https_termination_upstream_port: "{{ mageops_varnish_port }}"
- role: cs.php-fpm
tags: php
php_fpm_pool_user: "{{ magento_user }}"
php_fpm_pool_group: "{{ magento_group }}"
php_fpm_terminate_timeout: "{{ mageops_http_pipeline_request_timeout_override }}"
- role: cs.php-tideways
- role: cs.varnish
varnish_port: "{{ mageops_varnish_port }}"
varnish_backend_port: "{{ mageops_varnish_backend_port }}"
varnish_secure_site: no # With varnish on app node, nginx shall handle the basic auth
varnish_purge_trusted_ips: "{{ (aws_vpc_subnet_prefix is defined) | ternary([aws_vpc_subnet_prefix ~ '.0.0/16'], []) }}"
varnish_purge_logging: "{{ mageops_varnish_purge_logging }}"
varnish_debug_request_token: "{{ mageops_debug_token }}"
varnish_debug_request_query_param_name: "{{ mageops_debug_token_query_param }}"
varnish_debug_request_cookie_name: "{{ mageops_debug_token_request_cookie }}"
varnish_debug_request_header_name: "{{ mageops_debug_token_http_header }}"
varnish_bypass_request_token: "{{ mageops_bypass_token }}"
varnish_bypass_request_query_param_name: "{{ mageops_bypass_token_query_param }}"
varnish_bypass_request_cookie_name: "{{ mageops_bypass_token_request_cookie }}"
varnish_bypass_request_header_name: "{{ mageops_bypass_token_http_header }}"
when: not varnish_standalone
- role: cs.blackfire
when: blackfire_install
- role: cs.s3-fuse-s3fs
when: aws_use and not s3fs_mount_use_goofys | default(false)
- role: cs.s3-fuse-goofys
when: aws_use and s3fs_mount_use_goofys | default(false)
- role: pinkeen.postfix
- role: cs.postfix-relay
postfix_relay_host: "{{ mageops_app_email_smtp_relay_host }}"
postfix_relay_username: "{{ mageops_app_email_smtp_relay_user }}"
postfix_relay_password: "{{ mageops_app_email_smtp_relay_pass }}"
postfix_relay_port: "{{ mageops_app_email_smtp_relay_port }}"
postfix_relay_extra_options: "{{ mageops_app_email_smtp_relay_extra_options | default({}) }}"
- role: cs.magento-postfix
- role: cs.aws-logs
aws_logs_stream_name: app
aws_logs_loggers: "{{ aws_logs_loggers_app_default | combine(aws_logs_loggers_app_extra | default({}), recursive=True) }}"
when: aws_use
- role: cs.mageops-cli-profile
- role: cs.magerun
when: mageops_install_magerun
- role: cs.ssh-tunel
when: mageops_ssh_proxy_persistant
- role: cs.new-relic
when: mageops_new_relic_enabled
- role: cs.monitoring
monitoring_node_exporter_enabled: yes
monitoring_php_fpm_exporter_enabled: yes
when: mageops_monitoring_enabled
# We need to upgrade packages at the end as they might break some ansible action
# ansible would need to recconnect to node to refresh some python dependencies
- role: cs.packages
tasks:
- set_fact:
mageops_extra_tasks_app_node: [
"{{ mageops_extra_tasks_app_node }}"
]
when: |
mageops_extra_tasks_app_node is defined
and mageops_extra_tasks_app_node is string
- include_tasks: "{{ item }}"
loop: "{{ mageops_extra_tasks_app_node }}"
when: mageops_extra_tasks_app_node is defined
vars:
mageops_node_role: app
mageops_app_node_nginx_blacklist_urls: "{{ nginx_blacklist_urls_default + nginx_blacklist_urls_project | default([]) }}"
mageops_app_node_https_termination_enable: "{{ mageops_https_termination_enable and not varnish_standalone }}"
nginx_debug_request_token: "{{ mageops_debug_token }}"
nginx_debug_request_header_name: "{{ mageops_debug_token_http_header }}"
nginx_debug_request_query_param_name: "{{ mageops_debug_token_query_param }}"
nginx_debug_request_cookie_name: "{{ mageops_debug_token_request_cookie }}"
# On app node we might not have yet magento code deployed
magento_facts_detect_from_artifacts: yes