opdavies/oliverdavies.uk-drupal-old
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Split web and DB onto different servers

Browse source
This commit is contained in:
Oliver Davies 2020-10-09 16:27:44 +01:00
parent f0b3cc30ec
commit 7b11bb43f6
10 changed files with 110 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tools/ansible/deploy.yml
View file

@ -1,5 +1,5 @@
---
- hosts: all
- hosts: web
vars_files:
- vars/vars.yml

30
tools/ansible/digitalocean.yml
View file

@ -6,16 +6,22 @@
- ./vars/digitalocean_vault.yml
- ./vars/digitalocean_vars.yml
tasks:
- name: Create a Droplet
digital_ocean_droplet:
state: present
name: oliverdavies-uk
oauth_token: '{{ digitalocean_api_key }}'
size: 1gb
region: lon1
image: ubuntu-16-04-x64
wait_timeout: 500
register: droplet
vars:
droplets:
- { name: "oliverdavies-uk-web2", group: "oliverdavies-uk" }
- { name: "oliverdavies-uk-db", group: "oliverdavies-uk" }
- debug: var=droplet
tasks:
- name: Provision DigitalOcean droplets
digital_ocean_droplet:
state: "{{ item.state | default('present') }}"
name: "{{ item.name }}"
oauth_token: "{{ digitalocean_api_key }}"
size: "{{ item.size | default('1gb') }}"
region: "{{ item.region | default('lon1') }}"
image: "{{ item.image | default('ubuntu-20-04-x64') }}"
unique_name: yes
ssh_keys:
- 28701873
register: created_droplets
with_items: "{{ droplets }}"

20
tools/ansible/hosts.yml
View file

@ -1,6 +1,16 @@
all:
hosts:
178.62.51.101:
vars:
ansible_ssh_port: 2849
ansible_ssh_user: root
children:
db:
hosts:
144.126.204.35:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_port: 2849
ansible_ssh_user: root
web:
hosts:
64.227.46.2:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_port: 2849
ansible_ssh_user: root

52
tools/ansible/provision.yml
View file

@ -1,21 +1,67 @@
---
- hosts: all
- hosts: db
become: true
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
vars:
firewall_additional_rules:
- "iptables -A INPUT -p tcp --dport 3306 -s 10.131.0.2 -j ACCEPT"
firewall_allowed_tcp_ports: [2849]
mysql_bind_address: '10.131.0.3'
mysql_users:
- name: "{{ app_mysql_user }}"
password: "{{ app_mysql_password }}"
host: '10.131.0.2'
priv: "oliverdavies_uk.*:ALL"
mysql_databases:
- name: oliverdavies_uk
pre_tasks:
- name: Update apt cache
apt:
update_cache: true
cache_valid_time: 3600
roles:
- name: geerlingguy.firewall
- name: geerlingguy.security
- name: geerlingguy.certbot
- name: geerlingguy.mysql
- hosts: web
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
vars:
composer_version_branch: '--1'
firewall_allowed_tcp_ports: [80, 443, 2849]
mysql_packages:
- mariadb-client
mysql_users: []
roles:
- name: geerlingguy.firewall
- name: geerlingguy.security
- name: geerlingguy.certbot
- name: geerlingguy.nginx
- name: geerlingguy.mysql
- name: geerlingguy.php-versions
- name: geerlingguy.php
- name: geerlingguy.php-mysql
- name: geerlingguy.composer
- name: geerlingguy.nodejs
tags: [nodejs]
pre_tasks:
- name: Update apt cache
apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Install packages

10
tools/ansible/requirements.yml
View file

@ -6,20 +6,22 @@
- name: geerlingguy.certbot
version: 3.0.3
- name: geerlingguy.composer
version: 1.7.3
version: 1.9.0
- name: geerlingguy.firewall
version: 2.4.3
version: 2.5.0
- name: geerlingguy.mysql
version: 2.9.4
version: 3.3.0
- name: geerlingguy.nginx
version: 2.7.0
- name: geerlingguy.nodejs
version: 5.1.1
- name: geerlingguy.php
version: 3.7.0
- name: geerlingguy.php-mysql
version: 2.1.0
- name: geerlingguy.php-versions
version: 4.0.2
- name: geerlingguy.security
version: 1.9.0
version: 2.0.1
- name: opdavies.drupal_settings_files
version: 0.1.0

5
tools/ansible/vars/deploy_vars.yml
View file

@ -10,7 +10,7 @@ ansistrano_shared_paths:
# Hooks
ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml'
ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
# ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
app_hash_salt: '{{ vault_app_hash_salt }}'
@ -41,11 +41,12 @@ drupal_settings:
default:
default:
driver: mysql
host: localhost
host: '10.131.0.3'
database: oliverdavies_uk
username: '{{ app_mysql_user }}'
password: '{{ app_mysql_password }}'
trusted_hosts:
- '^new-www\.oliverdavies\.uk$'
- '^www\.oliverdavies\.uk$'
extra_parameters: |
$settings['deployment_identifier'] = '{{ ansistrano_release_version }}';

1
tools/ansible/vars/digitalocean_vars.yml
View file

@ -1,2 +1,3 @@
---
digitalocean_api_key: '{{ vault_digitalocean_api_key }}'

18
tools/ansible/vars/digitalocean_vault.yml
View file

@ -1,10 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
38626265316535333565366130303464633230616533393961636362643132343838323934666162
6436353232363239643235393539653431336638646163350a653864623362306366663638333637
36666339333530623764313261393665383561303735373565323461353766366635383835623466
6535373364306131350a613165666565613033383064393436613265633665393266613863323766
30383238333833376265373530663532363063623535663066313836306332383836353165643134
62653737386231306361353365643962356663343631353634383436353631323131363333663439
30393965666230663565613039333733626231353530336666306663336430346538636365386264
61636563386434376363653738393838303735356235306437643132613732653633363538383535
3866
36643735336232646262626537363631353061356565346664643261663565633364323932653232
6639396262393839643437626338343930316439623633330a616566646533343063333166383136
39353532316166623361626133326135383833643030663634376464663838353064663538343162
3536373232623235620a303465306339653663306564383335643166323934393264633532616437
33313231343432643030366565313135653163363434323632613361623339643137343361643135
65666364346566356136383830366334326133633766313130653639626362366138663032653962
39386364613838646133656230356564663564633537376435336438346434633161646436623137
30666239343832663764303830616264643538346665353963383734373265663233303934666363
6461

9
tools/ansible/vars/provision_vars.yml
View file

@ -2,11 +2,6 @@
security_ssh_permit_root_login: 'yes'
security_ssh_port: 2849
firewall_allowed_tcp_ports:
- 80
- 443
- 2849
php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
@ -27,10 +22,8 @@ app_mysql_password: '{{ vault_app_mysql_password }}'
mysql_packages:
- mariadb-client
- mariadb-server
- python-mysqldb
- python3-mysqldb
mysql_databases:
- name: oliverdavies_uk
nginx_remove_default_vhost: true
nginx_server_tokens: 'off'

14
tools/ansible/vars/provision_vault.yml
View file

@ -1,8 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
37323435316139613034653439366634303930666535356238643362336536373834323330333436
3134306366616438356639643133616635643534333533380a633062313561316636333039636563
38363362626333383232336362386361373131376537356239323063343966393833396537356634
3733326435336263390a303461623761386330653836646231613231613438626330363030393435
62323038326163343464363465373937336363363534623963643235623963626161666165656336
32613564383833626639353430383833646438323633326665646437366364393163373564613437
333564613838633963663231666133623332
36356435393662666564623838386330353664316261396361313737643836373861333939353532
3739663861643162313633383662333531346537633364300a306633383236343331623638316233
37666263356433666263343337363633316664376230323335316165303462316236613264323333
6137353437376362310a316537666564363665336166366236333039356533316236383732636436
39333766306663346461633463336337663033366461383533376230386665643934653766326135
31623831306137653331326664623432346661633833323435613562376164376632316261333239
643633396466643464663439353935666466