deploy ha | refs #32350

7bec6527 · Emmanuel Cohen · Antoine SCHILDKNECHT · 40791091 · 7bec6527 · 7bec6527
Commit 7bec6527 authored 4 years ago by Emmanuel Cohen Committed by Antoine SCHILDKNECHT 4 years ago
--- a/Makefile
+++ b/Makefile
@@ -76,21 +76,6 @@ endif
 	$(ANSIBLE_BIN) -i $(i) -l $(l) -m ping all
 	$(ANSIBLE_PLAYBOOK_BIN) -i $(i) site.yml -e conf_update=true -l $(l) -t $(t)

-.PHONY: deploy-ha
-## deploy-ha: Run deployment playbooks : i=<inventory-path>, l=<host-or-group>, t=<tag>
-deploy-ha:
-ifndef i
-	$(error i is undefined)
-endif
-ifndef l
-	$(eval l=all)
-endif
-ifndef t
-	$(eval t=all)
-endif
-	$(ANSIBLE_BIN) -i $(i) -l $(l) -m ping all
-	$(ANSIBLE_PLAYBOOK_BIN) -i $(i) site-ha.yml -e conf_update=true -l $(l) -t $(t)
-
 .PHONY: image-validate
 ## image-validate: Check that Packer image is valid : build=<path-to-packer-file>
 image-validate:

--- a/doc/deploy-ha.md
+++ b/doc/deploy-ha.md
@@ -60,7 +60,7 @@ If a computer response is `UNREACHABLE`, check if he is powered on and accessibl

 You can deploy the environment with the following command :
 ```sh
-make deploy-ha i=inventories/<client-ha>
+make deploy i=inventories/<client-ha>
 ```

 # Known error (patched in the next skyreach release)

--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -15,7 +15,37 @@
    line: '127.0.1.1 {{ item.ms_server_name }}'
    backup: true

+- name: synchronize configuration
+  when: groups['mediaserver'] | length > 1
+  loop:
+    - /etc/passwd
+    - /etc/shadow
+    - /etc/group
+  synchronize:
+    src: "{{ item }}"
+    dest: "{{ item }}"
+    mode: push
+    copy_links: yes
+  delegate_to: "{{ groups['mediaserver'][0] }}"
+
 - name: create instances
+  when: inventory_hostname == groups['mediaserver'][0]
+  loop: "{{ server_instances }}"
+  environment:
+    MS_ID: "{{ item.ms_id }}"
+    MS_SERVER_NAME: "{{ item.ms_server_name }}"
+    MS_API_KEY: "{{ item.ms_api_key }}"
+    CM_SERVER_NAME: "{{ item.cm_server_name }}"
+    MS_SUPERUSER_PWD: "{{ item.ms_superuser_pwd }}"
+    MS_ADMIN_PWD: "{{ item.ms_admin_pwd }}"
+  command:
+    cmd: msinstaller.py {{ item.name }} --no-input
+    creates: /etc/nginx/sites-available/mediaserver-{{ item.name }}.conf
+
+- name: create instances for secondary servers
+  when:
+    - groups['mediaserver'] | length > 1
+    - inventory_hostname != groups['mediaserver'][0]
  loop: "{{ server_instances }}"
  environment:
    MS_ID: "{{ item.ms_id }}"
@@ -80,29 +110,6 @@
    enabled: true
    state: started

-# SYNCHRONIZE
-
- name: sync all mediaservers
-  when: groups['mediaserver'] | length > 1
-  block:
-
-    - name: save config of first mediaserver
-      when: inventory_hostname == groups['mediaserver'][0]
-      register: server_primary_config
-      loop:
-        - /etc/passwd
-        - /etc/shadow
-        - /etc/group
-      slurp:
-        path: "{{ item }}"
-
-    - name: deploy saved config
-      when: inventory_hostname != groups['mediaserver'][0]
-      loop: "{{ hostvars[groups['mediaserver'][0]].c.results }}"
-      copy:
-        dest: "{{ item.source }}"
-        content: "{{ item.content | b64decode }}"
-
 # FAIL2BAN

 - name: fail2ban

--- a/roles/postgres-ha/defaults/main.yml
+++ b/roles/postgres-ha/defaults/main.yml
@@ -28,4 +28,20 @@ repmgr_conninfo: host={{ ansible_default_ipv4.address }} dbname={{ repmgr_db }}

 repmgr_repha_port: 8543

+pg_firewall_enabled: true
+pg_ferm_rules_filename: postgres_ha
+pg_ferm_input_rules:
+  - proto:
+      - tcp
+    dport:
+      - 5432
+      - 8543
+pg_ferm_output_rules:
+  - proto:
+      - tcp
+    dport:
+      - 54321
+      - 54322
+pg_ferm_global_settings:
+
 ...
--- a/roles/postgres-ha/tasks/main.yml
+++ b/roles/postgres-ha/tasks/main.yml
@@ -325,4 +325,14 @@
    state: started
    enabled: true

+- name: firewall
+  when: pg_firewall_enabled
+  vars:
+    ferm_rules_filename: "{{ pg_ferm_rules_filename }}"
+    ferm_input_rules: "{{ pg_ferm_input_rules }}"
+    ferm_output_rules: "{{ pg_ferm_output_rules }}"
+    ferm_global_settings: "{{ pg_ferm_global_settings }}"
+  include_role:
+    name: ferm-configure
+
 ...
--- a/roles/sysconfig/handlers/main.yml
+++ b/roles/sysconfig/handlers/main.yml
@@ -3,7 +3,7 @@
  apt:
    force_apt_get: true
    update_cache: true
-    
+
 - name: update locale
  command: locale-gen


--- a/site-ha.yml
+++ b/site-ha.yml
-#!/usr/bin/env ansible-playbook
---
-
- name: PYTHON
-  hosts: all
-  gather_facts: false
-  tasks:
-    - name: ensure python3 is installed
-      register: python_install
-      changed_when: "'es_pyinstall' in python_install.stdout_lines"
-      raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
-
- import_playbook: playbooks/postgres-ha.yml
-  tags: postgres
- import_playbook: playbooks/msmonitor.yml
-  tags: monitor
- import_playbook: playbooks/mirismanager.yml
-  tags: manager
- import_playbook: playbooks/wowza.yml
-  tags: wowza
- import_playbook: playbooks/celerity.yml
-  tags: celerity
- import_playbook: playbooks/mediaworker.yml
-  tags: worker
- import_playbook: playbooks/mediaserver.yml
-  tags: server
- import_playbook: playbooks/mediavault.yml
-  tags: vault
- import_playbook: playbooks/mediaimport.yml
-  tags: import
- import_playbook: playbooks/netcapture.yml
-  tags: netcapture
-
-...
--- a/site.yml
+++ b/site.yml
@@ -9,8 +9,8 @@
      register: python_install
      changed_when: "'es_pyinstall' in python_install.stdout_lines"
      raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
-
- import_playbook: playbooks/postgres.yml
+      tags: always
+- import_playbook: "playbooks/{{ 'postgres-ha' if groups['postgres'] | length > 1 else 'postgres' }}.yml"
  tags: postgres
 - import_playbook: playbooks/msmonitor.yml
  tags: monitor