postgres and wowza ha | fixes #31841

ce638f6c · Nicolas KAROLAK · 03b1bc73 · ce638f6c · ce638f6c · ce638f6c
Commit ce638f6c authored 4 years ago by Nicolas KAROLAK
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
+#!/usr/bin/env -S bash -euo pipefail
+
+if git rev-parse --verify HEAD >/dev/null 2>&1; then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=$(git hash-object -t tree /dev/null)
+fi
+
+changed_files=$(git diff-index --name-only $against)
+
+for file in $changed_files; do
+  if [[ $file =~ \.yml$ ]] && grep -q -E 'skyreach_(system|activation)_key' $file; then
+    key=$(grep -E 'skyreach_(system|activation)_key' $file | awk '{print $2}')
+    if [ $key != "changeme" ]; then
+      echo "error: you are about to commit a secret key in file $file"
+      grep -E 'skyreach_(system|activation)_key' $file
+      exit 1
+    fi
+  fi
+done
+
+exit 0
+
+# vim:ft=sh
--- a/.gitignore
+++ b/.gitignore
@@ -6,11 +6,8 @@ __pycache__/
 *.pyc

 # ansible
-inventories/*
-!inventories/example
-!inventories/local*
+inventories/_*
 inventories/local*/host_vars/localhost.yml
-!inventories/offline*
 inventories/offline*/host_vars/localhost.yml
 playbooks/_*
 roles/_*

--- a/Makefile
+++ b/Makefile
@@ -43,6 +43,7 @@ install: venv
 ## install-dev: Install development requirements
 install-dev: install
 	$(PIP_BIN) install -r requirements.dev.txt
+	ln -sfv .githooks/pre-commit .git/hooks/

 .PHONY: lint
 ## lint: Run linters on the project

--- a/inventories/example-ha/group_vars/all.yml
+++ b/inventories/example-ha/group_vars/all.yml
+---
+
+repmgr_password: my top secret repmgr default password
+repmgr_primary_node: "{{ hostvars['pg1']['ansible_default_ipv4']['address'] }}"
+
+hap_config_listen:
+  - name: pgsql-primary
+    content: |
+      bind localhost:54321
+      default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
+      option tcp-check
+      tcp-check expect string primary
+      maxconn 500
+      server pg1 192.168.122.1:5432 maxconn 500 check port 8543
+      server pg2 192.168.122.2:5432 maxconn 500 check port 8543 backup
+  - name: pgsql-standby
+    content: |
+      bind localhost:54321
+      default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
+      option tcp-check
+      tcp-check expect string (primary|standby)
+      maxconn 500
+      server pg1 192.168.122.1:5432 maxconn 500 check port 8543
+      server pg2 192.168.122.2:5432 maxconn 500 check port 8543
+  - name: wowza
+    content: |
+      bind :1935
+      stick-table type ip size 1
+      stick on dst
+      default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
+      option httpchk
+      maxconn 500
+      server ms1 10.0.0.1:19350 maxconn 500 check port 19350
+      server ms2 10.0.0.2:19350 maxconn 500 check port 19350 backup
+
+wowza_rtmp_port: 19350
+
+...
--- a/inventories/example-ha/host_vars/cs1.yml
+++ b/inventories/example-ha/host_vars/cs1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mi1.yml
+++ b/inventories/example-ha/host_vars/mi1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mm1.yml
+++ b/inventories/example-ha/host_vars/mm1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mo1.yml
+++ b/inventories/example-ha/host_vars/mo1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/ms1.yml
+++ b/inventories/example-ha/host_vars/ms1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/ms2.yml
+++ b/inventories/example-ha/host_vars/ms2.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mv1.yml
+++ b/inventories/example-ha/host_vars/mv1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mw1.yml
+++ b/inventories/example-ha/host_vars/mw1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/mw2.yml
+++ b/inventories/example-ha/host_vars/mw2.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/host_vars/pg1.yml
+++ b/inventories/example-ha/host_vars/pg1.yml
+---
+
+skyreach_system_key: changeme
+
+db_role: primary
+repmgr_node_id: 1
+
+...
--- a/inventories/example-ha/host_vars/pg2.yml
+++ b/inventories/example-ha/host_vars/pg2.yml
+---
+
+skyreach_system_key: changeme
+
+db_role: standby
+repmgr_node_id: 2
+
+...
--- a/inventories/example-ha/host_vars/pg3.yml
+++ b/inventories/example-ha/host_vars/pg3.yml
+---
+
+skyreach_system_key: changeme
+
+db_role: witness
+repmgr_node_id: 3
+
+...
--- a/inventories/example-ha/host_vars/ws1.yml
+++ b/inventories/example-ha/host_vars/ws1.yml
+---
+
+skyreach_system_key: changeme
+
+...
--- a/inventories/example-ha/hosts
+++ b/inventories/example-ha/hosts
+; For hosts parameters see:
+; https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#connecting-to-hosts-behavioral-inventory-parameters
+
+; hosts list
+
+ms1 ansible_host=10.0.0.1
+ms2 ansible_host=10.0.0.2
+mw1 ansible_host=10.0.0.3
+mw2 ansible_host=10.0.0.4
+pg1 ansible_host=192.168.122.1
+pg2 ansible_host=192.168.122.2
+pg3 ansible_host=192.168.122.3
+
+; groups list and their members
+
+[msmonitor]
+ms1
+
+[postgres]
+pg1
+pg2
+pg3
+
+[mirismanager]
+ms1
+
+[mediaserver]
+ms1
+ms2
+
+[wowza]
+ms1
+ms2
+
+[celerity]
+ms1
+
+[mediaworker]
+mw1
+mw2
+
+[mediaimport]
+ms1
+
+[mediavault]
+
+[netcapture]
+
+[bench_server]
+
+[bench_worker]
+
+; vim:ft=dosini
--- a/playbooks/postgres-ha.yml
+++ b/playbooks/postgres-ha.yml
+#!/usr/bin/env ansible-playbook
+---
+
+- name: POSTGRES HA
+  hosts: postgres
+  tags: postgres
+  pre_tasks:
+    - name: check that repmgr_node_id is set
+      assert:
+        that: repmgr_node_id != ""
+        quiet: true
+    - name: check that repmgr_primary_node is set
+      assert:
+        that: repmgr_primary_node != ""
+        quiet: true
+    - name: install psycopg2
+      apt:
+        force_apt_get: true
+        install_recommends: false
+        name: python3-psycopg2
+  roles:
+    - postgres-ha
+
+- name: POSTGRES HA CLIENTS
+  hosts:
+    - mediaserver
+    - mirismanager
+  tags: postgres
+  pre_tasks:
+    - name: check that haproxy is configured
+      assert:
+        that: hap_config_listen != ""
+        quiet: true
+  roles:
+    - haproxy
+
+...
--- a/playbooks/wowza-ha.yml
+++ b/playbooks/wowza-ha.yml
+#!/usr/bin/env ansible-playbook
+---
+
+- name: WOWZA HA
+  hosts: wowza
+  tags: wowza
+  pre_tasks:
+    - name: check that wowza port is changed
+      assert:
+        that: wowza_rtmp_port != 1935
+        quiet: true
+    - name: check that haproxy is configured
+      assert:
+        that: hap_config_listen != ""
+        quiet: true
+  roles:
+    - wowza
+    - haproxy
+
+...