diff --git a/3tier-bad/ad.yml b/3tier-bad/ad.yml new file mode 100644 index 0000000..ccf7763 --- /dev/null +++ b/3tier-bad/ad.yml @@ -0,0 +1,22 @@ +--- +# Bad ansible! This playbook is an example of poor/bad practices! +# Bad practices may include: +# +# Poor formatting and structure +# Poor use of YAML - but good enough to parse +# Inconsistent style +# Incorrect use of modules +# Poor module choice +# Unclear names +# Hard coding / poor use of variables +# Roles - what are roles? +# Bare variables +# No use of handlers + +- hosts: windows + gather_facts: true + become: true + roles: + - win_ad_install + + diff --git a/3tier-bad/bad-playbook.yml b/3tier-bad/bad-playbook.yml index 49e92b5..b6c1678 100644 --- a/3tier-bad/bad-playbook.yml +++ b/3tier-bad/bad-playbook.yml @@ -13,144 +13,33 @@ # Bare variables # No use of handlers -- name: configuration - hosts: all - gather_facts: false # remove later! speeds up testing +- hosts: all + gather_facts: true become: true + roles: + - base - tasks: - - name: enable repos - template: - src: ./open_three-tier-app.repo - dest: /etc/yum.repos.d/open_three-tier-app.repo - mode: 0644 - -- name: deploy haproxy - hosts: frontends - gather_facts: false # remove later! speeds up testing - become: true - - tasks: - - name: http - package: - name: httpie - state: latest - - name: install HAProxy - yum: - name=haproxy state=latest - - name: enable HAProxy - service: - name: haproxy - state: started - - name: configure haproxy - template: - src: ./haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - - name: restart HAproxy - service: - name: haproxy - state: restarted - - -- name: deploy tomcat - hosts: apps - gather_facts: false +- hosts: frontends + gather_facts: true become: true + roles: + - haproxy - tasks: - - name: install tomcat - package: - name: tomcat - state: latest - - name: enable tomcat at boot - service: - name: tomcat - enabled: yes - - - name: create ansible tomcat directory - file: - path: /usr/share/tomcat/webapps/ROOT - state: directory - - - name: copy static index.html to tomcat webapps/ansible/index.html - template: - src: index.html.j2 - dest: /usr/share/tomcat/webapps/ROOT/index.html - mode: 0644 - - - name: start tomcat - service: - name: tomcat - state: started - -- name: index.html on app 1 - hosts: app1 - gather_facts: false +- hosts: apps + gather_facts: true become: true - - tasks: - - name: copy static index.html to tomcat webapps/ansible/index.html - template: - src: index.html.app1 - dest: /usr/share/tomcat/webapps/ansible/index.html - -- name: index.html on app 1 - hosts: app2 - gather_facts: false + roles: + - tomcat + +- hosts: appdbs + gather_facts: true become: true - - tasks: - - name: copy static index.html to tomcat webapps/ansible/index.html - template: - src: index.html.app2 - dest: /usr/share/tomcat/webapps/ansible/index.html - -- name: deploy postgres - hosts: apps - gather_facts: false + roles: + - pgsql + +- hosts: apps + gather_facts: true become: true - hosts: appdbs - tasks: - - name: install progress - command: "yum install -y postgresql-server" - - #- name: install postgres - # yum: - # name: postgresql-server - # state: latest - - name: enable apache at boot - service: - name: postgresql - enabled: yes - - name: tell user to finish setting up postgres - debug: - msg: "Either uncomment the postgres setup or manually login and initialize" + roles: + - apache - # only run the next 2 tasks once! -# - name: initilize postgres -# command: postgresql-setup initdb -# - name: initilize postgres some more -# command: chkconfig postgresql on - - name: start postgres - service: - name: postgresql.service - state: started - -- name: deploy apache - hosts: apps - gather_facts: false - become: true - hosts: apps - tasks: - - name: install apache - yum: - name: httpd - state: latest - - name: enable apache at boot - service: - name: httpd - enabled: yes - - name: start apache - service: - name: httpd - state: started diff --git a/3tier-bad/my_ad_vars.yml b/3tier-bad/my_ad_vars.yml new file mode 100644 index 0000000..b97bb67 --- /dev/null +++ b/3tier-bad/my_ad_vars.yml @@ -0,0 +1,4 @@ +ad_domain_name: ad1.5f79.example.opentlc.com +ad_safe_mode_password: "jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==" +ad_admin_user: "admin@{{ ad_domain_name}}" +ad_admin_password: "jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==" \ No newline at end of file diff --git a/3tier-bad/roles/apache/tasks/main.yml b/3tier-bad/roles/apache/tasks/main.yml new file mode 100644 index 0000000..1271596 --- /dev/null +++ b/3tier-bad/roles/apache/tasks/main.yml @@ -0,0 +1,14 @@ +# base role for repo and packages +--- +- name: install apache + yum: + name: httpd + state: latest +- name: enable apache at boot + service: + name: httpd + enabled: yes +- name: start apache + service: + name: httpd + state: started \ No newline at end of file diff --git a/3tier-bad/roles/base/tasks/main.yml b/3tier-bad/roles/base/tasks/main.yml new file mode 100644 index 0000000..c033ff1 --- /dev/null +++ b/3tier-bad/roles/base/tasks/main.yml @@ -0,0 +1,8 @@ +# base role for repo and packages +--- +- name: enable repos + template: + # src: ./open_three-tier-app.repo + src: /home/rewati.raman.gautam-accenture.co/ansiblegit/bad-ansible/open_three-tier-app.repo + dest: /etc/yum.repos.d/open_three-tier-app.repo + mode: 0644 \ No newline at end of file diff --git a/3tier-bad/roles/haproxy/tasks/main.yml b/3tier-bad/roles/haproxy/tasks/main.yml new file mode 100644 index 0000000..39335dc --- /dev/null +++ b/3tier-bad/roles/haproxy/tasks/main.yml @@ -0,0 +1,21 @@ +# base role for repo and packages +--- +- name: http + package: + name: httpie + state: latest +- name: install HAProxy + yum: + name=haproxy state=latest +- name: enable HAProxy + service: + name: haproxy + state: started +- name: configure haproxy + template: + src: ./haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg +- name: restart HAproxy + service: + name: haproxy + state: restarted \ No newline at end of file diff --git a/3tier-bad/haproxy.cfg.j2 b/3tier-bad/roles/haproxy/templates/haproxy.cfg.j2 similarity index 53% rename from 3tier-bad/haproxy.cfg.j2 rename to 3tier-bad/roles/haproxy/templates/haproxy.cfg.j2 index cfa78a5..87d411c 100644 --- a/3tier-bad/haproxy.cfg.j2 +++ b/3tier-bad/roles/haproxy/templates/haproxy.cfg.j2 @@ -25,5 +25,13 @@ backend app-servers mode http balance roundrobin option forwardfor - server app1 app1.{{GUID}}.internal:8080 cookie app1 check - server app2 app2.{{GUID}}.internal:8080 cookie app2 check + # {% for server in groups.apps %} + # server {{server.split('.')[0] }} {{server}}:8080 cookie {{server.split('.')[0] }} check + # {%endfor %} + + {% for server in groups.apps %} + server app{{ loop.index }} {{ inventory_hostname }}:8080 cookie app{{ loop.index }} check + {%endfor %} + + # server app1 app1.{{GUID}}.internal:8080 cookie app1 check + # server app2 app2.{{GUID}}.internal:8080 cookie app2 check diff --git a/3tier-bad/roles/pgsql/tasks/main.yml b/3tier-bad/roles/pgsql/tasks/main.yml new file mode 100644 index 0000000..af32759 --- /dev/null +++ b/3tier-bad/roles/pgsql/tasks/main.yml @@ -0,0 +1,51 @@ +# base role for repo and packages +--- +- name: install progress + command: "yum install -y postgresql-server" + +- name: whoami + shell: whoami + +- name: whoami + shell: ls -lart /var/lib/pgsql/ + +# - name: install postgres +# yum: +# name: postgresql-server +# state: latest +- name: enable apache at boot + service: + name: postgresql + enabled: yes +- name: tell user to finish setting up postgres + debug: + msg: "Either uncomment the postgres setup or manually login and initialize" + +# - name: stat ansible configuration file +# stat: +# path: "/var/lib/pgsql/data" +# register: stat_ansible_config + +- name: Check if PostgreSQL database is initialized. + stat: + path: "/var/lib/pgsql/data" + register: pgdata_dir_version + + # only run the next 2 tasks once! +# - name: initilize postgres +# command: postgresql-setup initdb +# - name: initilize postgres some more +# command: chkconfig postgresql on + +- name: Ensure PostgreSQL database is initialized. + command: postgresql-setup initdb + when: not pgdata_dir_version.stat.exists + +- name: Ensure PostgreSQL database is Checkconfig on. + command: chkconfig postgresql on + when: not pgdata_dir_version.stat.exists + +- name: start postgres + service: + name: postgresql.service + state: started \ No newline at end of file diff --git a/3tier-bad/index.html.app1 b/3tier-bad/roles/tomcat/files/index.html.app1 similarity index 100% rename from 3tier-bad/index.html.app1 rename to 3tier-bad/roles/tomcat/files/index.html.app1 diff --git a/3tier-bad/index.html.app2 b/3tier-bad/roles/tomcat/files/index.html.app2 similarity index 100% rename from 3tier-bad/index.html.app2 rename to 3tier-bad/roles/tomcat/files/index.html.app2 diff --git a/3tier-bad/roles/tomcat/tasks/main.yml b/3tier-bad/roles/tomcat/tasks/main.yml new file mode 100644 index 0000000..4d60ee2 --- /dev/null +++ b/3tier-bad/roles/tomcat/tasks/main.yml @@ -0,0 +1,40 @@ +# base role for repo and packages +--- +- name: install tomcat + package: + name: tomcat + state: latest +- name: enable tomcat at boot + service: + name: tomcat + enabled: yes + +- name: create tomcat directory + file: + path: /usr/share/tomcat/webapps/ROOT/ + state: directory + mode: 0755 + +- name: create ansible tomcat directory + file: + path: /usr/share/tomcat/webapps/ansible + state: directory + mode: 0755 + +- name: copy static index.html to tomcat webapps/ansible/index.html + template: + src: index.html.j2 + dest: /usr/share/tomcat/webapps/ROOT/index.html + mode: 0755 + +- name: start tomcat + service: + name: tomcat + state: started + + +- name: copy static index.html to tomcat webapps/ansible/index.html + template: + src: index.html.j2 + dest: /usr/share/tomcat/webapps/ansible/index.html + diff --git a/3tier-bad/index.html.j2 b/3tier-bad/roles/tomcat/templates/index.html.j2 similarity index 100% rename from 3tier-bad/index.html.j2 rename to 3tier-bad/roles/tomcat/templates/index.html.j2 diff --git a/3tier-bad/roles/win_ad_install/tasks/main.yml b/3tier-bad/roles/win_ad_install/tasks/main.yml new file mode 100644 index 0000000..4a98416 --- /dev/null +++ b/3tier-bad/roles/win_ad_install/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- name: Include vars + include_vars: + file: ad.yml + + +- name: Install AD-Domain-Services + win_feature: + name: AD-Domain-Services + state: present + +# - name: Domain Controller +# include_vars: ad.yml +# win_domain_controller: +# dns_domain_name: ad1.766a.example.opentlc.com +# domain_admin_user: admin@ad1.766a.example.opentlc.com +# domain_admin_password: jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg== +# safe_mode_password: jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg== +# state: domain_controller +# log_path: c:\ansible_win_domain_controller.txt + +- name: Domain Controller + # include_vars: ad.yml + win_domain: + dns_domain_name: "{{ad_domain_name}}" + domain_admin_user: "{{ad_admin_user }}" + domain_admin_password: "{{ad_safe_mode_password}}" + safe_mode_password: "{{ad_safe_mode_password}}" + +- name: Reboot win machine + win_reboot: + reboot_timeout: 3600 + +- name: Reboot win machine + shell: nltest /dclist:"{{ ad_domain_name }}" diff --git a/3tier-bad/roles/win_ad_install/vars/ad.yml b/3tier-bad/roles/win_ad_install/vars/ad.yml new file mode 100644 index 0000000..b97bb67 --- /dev/null +++ b/3tier-bad/roles/win_ad_install/vars/ad.yml @@ -0,0 +1,4 @@ +ad_domain_name: ad1.5f79.example.opentlc.com +ad_safe_mode_password: "jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==" +ad_admin_user: "admin@{{ ad_domain_name}}" +ad_admin_password: "jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==" \ No newline at end of file diff --git a/3tier-bad/roles/win_service_config/tasks/main.yml b/3tier-bad/roles/win_service_config/tasks/main.yml new file mode 100644 index 0000000..644c1de --- /dev/null +++ b/3tier-bad/roles/win_service_config/tasks/main.yml @@ -0,0 +1,32 @@ +--- + +- name: Include vars + include_vars: + file: main.yml + +- name: Install Packages + when: ansible_distribution == "Microsoft Windows Server 2012 R2 Standard" + win_chocolatey: + name: "{{ item }}" + params: "{{ parameters }}" + state: latest + with_items: + - "{{package_name}}" + +- name: Enable Service + when: ansible_distribution == "Microsoft Windows Server 2012 R2 Standard" + win_service: + name: "{{service_name}}" + state: started + +- name: Firewall rule to allow sshd on TCP port 22 + win_firewall_rule: + name: opensshd + localport: 22 + action: allow + direction: in + protocol: tcp + state: present + enabled: yes + + diff --git a/3tier-bad/roles/win_service_config/vars/main.yml b/3tier-bad/roles/win_service_config/vars/main.yml new file mode 100644 index 0000000..87fc5c7 --- /dev/null +++ b/3tier-bad/roles/win_service_config/vars/main.yml @@ -0,0 +1,5 @@ +package_name: openssh +parameters: /SSHServerFeature +service_name: SSHD +local_port: 22 +protocol_name: tcp \ No newline at end of file diff --git a/3tier-bad/roles/win_user/tasks/main.yml b/3tier-bad/roles/win_user/tasks/main.yml new file mode 100644 index 0000000..8a9cf25 --- /dev/null +++ b/3tier-bad/roles/win_user/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- name: Include vars + include_vars: + file: main.yml + +# - name: Include vars +# command: pip upgrade ansible 2.4.0 + +# tasks file for roles/win_ad_user +- name: Create windows domain group + win_domain_group: + name: "{{ item.group_name }}" + scope: "{{ item.group_scope }}" + state: present + with_items: "{{ user_info }}" + +- name: Create AD User + win_domain_user: + name: "{{ item.name }}" + firstname: "{{item.firstname }}" + surname: "{{ item.surname }}" + password: "{{ item.password }}" + state: present + email: '"{{ item.name }}"@ad1.766a.example.opentlc.com' + groups: + - "{{ item.group_name }}" + with_items: "{{ user_info }}" + +# - name: Install Packages +# when: ansible_distribution == "Microsoft Windows Server 2012 R2 Standard" +# win_domain_user: +# name: "{{name}}" +# firstname: "{{firstname}}" +# surname: "{{surname}}" +# company: "{{company}}" +# password: "{{password}}" +# state: latest +# groups: +# - "{{groups}}" +# # name: "{{ item }}" +# with_items: +# - "{{user_info}}" + + diff --git a/3tier-bad/roles/win_user/vars/main.yml b/3tier-bad/roles/win_user/vars/main.yml new file mode 100644 index 0000000..e2ed61f --- /dev/null +++ b/3tier-bad/roles/win_user/vars/main.yml @@ -0,0 +1,5 @@ +user_info: + - { name: 'james', firstname: 'James', surname: 'Jockey', password: 'redhat@123', group_name: 'dev', group_scope: 'domainlocal'} + - { name: 'bill', firstname: 'Bill', surname: 'Gates', password: 'redhat@123', group_name: 'dev', group_scope: 'domainlocal'} + - { name: 'mickey', firstname: 'Mickey', surname: 'Mouse', password: 'redhat@123', group_name: 'qa', group_scope: 'domainlocal'} + - { name: 'donald', firstname: 'Donald', surname: 'Duck', password: 'redhat@123', group_name: 'qa', group_scope: 'domainlocal'} \ No newline at end of file diff --git a/3tier-bad/win_ssh_server.yml b/3tier-bad/win_ssh_server.yml new file mode 100644 index 0000000..4383801 --- /dev/null +++ b/3tier-bad/win_ssh_server.yml @@ -0,0 +1,12 @@ +--- +# Bad ansible! This playbook is an example of poor/bad practices! + +- hosts: windows + gather_facts: true + become: true + roles: + - win_ad_install + - win_service_config + - win_user + +