diff --git a/lamp_haproxy/aws/LICENSE.md b/lamp_haproxy/aws/LICENSE.md new file mode 100644 index 000000000..2b437ec86 --- /dev/null +++ b/lamp_haproxy/aws/LICENSE.md @@ -0,0 +1,4 @@ +Copyright (C) 2013 AnsibleWorks, Inc. + +This work is licensed under the Creative Commons Attribution 3.0 Unported License. +To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. diff --git a/lamp_haproxy/aws/README.md b/lamp_haproxy/aws/README.md new file mode 100644 index 000000000..e1258e0b8 --- /dev/null +++ b/lamp_haproxy/aws/README.md @@ -0,0 +1,72 @@ +LAMP Stack + HAProxy: Example Playbooks +----------------------------------------------------------------------------- + +- Requires Ansible 1.2 +- Expects CentOS/RHEL 6 hosts + +This example is an extension of the simple LAMP deployment. Here we'll install +and configure a web server with an HAProxy load balancer in front, and deploy +an application to the web servers. This set of playbooks also have the +capability to dynamically add and remove web server nodes from the deployment. +It also includes examples to do a rolling update of a stack without affecting +the service. + +You can also optionally configure a Nagios monitoring node. + +### Initial Site Setup + +First we configure the entire stack by listing our hosts in the 'hosts' +inventory file, grouped by their purpose: + + [webservers] + webserver1 + webserver2 + + [dbservers] + dbserver + + [lbservers] + lbserver + + [monitoring] + nagios + +After which we execute the following command to deploy the site: + + ansible-playbook -i hosts site.yml + +The deployment can be verified by accessing the IP address of your load +balancer host in a web browser: http://:8888. Reloading the page +should have you hit different webservers. + +The Nagios web interface can be reached at http:///nagios/ + +The default username and password are "nagiosadmin" / "nagiosadmin". + +### Removing and Adding a Node + +Removal and addition of nodes to the cluster is as simple as editing the +hosts inventory and re-running: + + ansible-playbook -i hosts site.yml + +### Rolling Update + +Rolling updates are the preferred way to update the web server software or +deployed application, since the load balancer can be dynamically configured +to take the hosts to be updated out of the pool. This will keep the service +running on other servers so that the users are not interrupted. + +In this example the hosts are updated in serial fashion, which means that +only one server will be updated at one time. If you have a lot of web server +hosts, this behaviour can be changed by setting the 'serial' keyword in +webservers.yml file. + +Once the code has been updated in the source repository for your application +which can be defined in the group_vars/all file, execute the following +command: + + ansible-playbook -i hosts rolling_update.yml + +You can optionally pass: -e webapp_version=xxx to the rolling_update +playbook to specify a specific version of the example webapp to deploy. diff --git a/lamp_haproxy/aws/group_vars/all b/lamp_haproxy/aws/group_vars/all new file mode 100644 index 000000000..7f74b0acd --- /dev/null +++ b/lamp_haproxy/aws/group_vars/all @@ -0,0 +1,5 @@ +--- +# Variables here are applicable to all host groups + +httpd_port: 80 +ntpserver: 192.168.1.2 diff --git a/lamp_haproxy/group_vars/tag_ansible_group_dbservers b/lamp_haproxy/aws/group_vars/tag_ansible_group_dbservers similarity index 100% rename from lamp_haproxy/group_vars/tag_ansible_group_dbservers rename to lamp_haproxy/aws/group_vars/tag_ansible_group_dbservers diff --git a/lamp_haproxy/group_vars/tag_ansible_group_lbservers b/lamp_haproxy/aws/group_vars/tag_ansible_group_lbservers similarity index 100% rename from lamp_haproxy/group_vars/tag_ansible_group_lbservers rename to lamp_haproxy/aws/group_vars/tag_ansible_group_lbservers diff --git a/lamp_haproxy/group_vars/tag_ansible_group_webservers b/lamp_haproxy/aws/group_vars/tag_ansible_group_webservers similarity index 100% rename from lamp_haproxy/group_vars/tag_ansible_group_webservers rename to lamp_haproxy/aws/group_vars/tag_ansible_group_webservers diff --git a/lamp_haproxy/aws/hosts b/lamp_haproxy/aws/hosts new file mode 100644 index 000000000..9047aa741 --- /dev/null +++ b/lamp_haproxy/aws/hosts @@ -0,0 +1,12 @@ +[webservers] +web1 +web2 + +[dbservers] +db1 + +[lbservers] +lb1 + +[monitoring] +nagios diff --git a/lamp_haproxy/aws/roles/base-apache/tasks/main.yml b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml new file mode 100644 index 000000000..0fbdd4ea7 --- /dev/null +++ b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml @@ -0,0 +1,10 @@ +--- +# This role installs httpd + +- name: Install http + yum: name={{ item }} state=present + with_items: + - httpd + +- name: http service state + service: name=httpd state=started enabled=yes diff --git a/lamp_haproxy/aws/roles/common/files/RPM-GPG-KEY-EPEL-6 b/lamp_haproxy/aws/roles/common/files/RPM-GPG-KEY-EPEL-6 new file mode 100644 index 000000000..7a2030489 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/files/RPM-GPG-KEY-EPEL-6 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 +JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B +M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn +XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 +pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV +QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp +Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq +3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu +vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar +1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g +YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB +tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS +KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 +qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT +9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP +Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS +WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft +HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF +p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP +x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 +wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J +l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG +iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR +XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ== +=V/6I +-----END PGP PUBLIC KEY BLOCK----- diff --git a/lamp_haproxy/aws/roles/common/files/epel.repo b/lamp_haproxy/aws/roles/common/files/epel.repo new file mode 100644 index 000000000..0160dfec7 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/files/epel.repo @@ -0,0 +1,26 @@ +[epel] +name=Extra Packages for Enterprise Linux 6 - $basearch +#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch +failovermethod=priority +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 + +[epel-debuginfo] +name=Extra Packages for Enterprise Linux 6 - $basearch - Debug +#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 +gpgcheck=1 + +[epel-source] +name=Extra Packages for Enterprise Linux 6 - $basearch - Source +#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 +gpgcheck=1 diff --git a/lamp_haproxy/aws/roles/common/handlers/main.yml b/lamp_haproxy/aws/roles/common/handlers/main.yml new file mode 100644 index 000000000..bca073701 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# Handlers for common notifications + +- name: restart ntp + service: name=ntpd state=restarted + +- name: restart iptables + service: name=iptables state=restarted diff --git a/lamp_haproxy/aws/roles/common/tasks/main.yml b/lamp_haproxy/aws/roles/common/tasks/main.yml new file mode 100644 index 000000000..b82900c93 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/tasks/main.yml @@ -0,0 +1,48 @@ +--- +# This role contains common plays that will run on all nodes. + +- name: Install python bindings for SE Linux + yum: name={{ item }} state=present + with_items: + - libselinux-python + - libsemanage-python + +- name: Create the repository for EPEL + copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo + +- name: Create the GPG key for EPEL + copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg + +- name: install some useful nagios plugins + yum: name={{ item }} state=present + with_items: + - nagios-nrpe + - nagios-plugins-swap + - nagios-plugins-users + - nagios-plugins-procs + - nagios-plugins-load + - nagios-plugins-disk + +- name: Install ntp + yum: name=ntp state=present + tags: ntp + +- name: Configure ntp file + template: src=ntp.conf.j2 dest=/etc/ntp.conf + tags: ntp + notify: restart ntp + +- name: Start the ntp service + service: name=ntpd state=started enabled=yes + tags: ntp + +# work around RHEL 7, for now +- name: insert iptables template + template: src=iptables.j2 dest=/etc/sysconfig/iptables + when: ansible_distribution_major_version != '7' + notify: restart iptables + +- name: test to see if selinux is running + command: getenforce + register: sestatus + changed_when: false diff --git a/lamp_haproxy/aws/roles/common/templates/iptables.j2 b/lamp_haproxy/aws/roles/common/templates/iptables.j2 new file mode 100644 index 000000000..344f142d3 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/templates/iptables.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +{% if (inventory_hostname in groups.tag_ansible_group_webservers) or (inventory_hostname in groups.tag_ansible_group_monitoring) %} +-A INPUT -p tcp --dport 80 -j ACCEPT +{% endif %} + +{% if (inventory_hostname in groups.tag_ansible_group_dbservers) %} +-A INPUT -p tcp --dport 3306 -j ACCEPT +{% endif %} + +{% if (inventory_hostname in groups.tag_ansible_group_lbservers) %} +-A INPUT -p tcp --dport {{ listenport }} -j ACCEPT +{% endif %} + +{% for host in groups.tag_ansible_group_monitoring %} +-A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT +{% endfor %} + +-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/lamp_haproxy/aws/roles/common/templates/ntp.conf.j2 b/lamp_haproxy/aws/roles/common/templates/ntp.conf.j2 new file mode 100644 index 000000000..6336c2ea3 --- /dev/null +++ b/lamp_haproxy/aws/roles/common/templates/ntp.conf.j2 @@ -0,0 +1,12 @@ + +driftfile /var/lib/ntp/drift + +restrict 127.0.0.1 +restrict -6 ::1 + +server {{ ntpserver }} + +includefile /etc/ntp/crypto/pw + +keys /etc/ntp/keys + diff --git a/lamp_haproxy/aws/roles/db/handlers/main.yml b/lamp_haproxy/aws/roles/db/handlers/main.yml new file mode 100644 index 000000000..0014f1426 --- /dev/null +++ b/lamp_haproxy/aws/roles/db/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Handler to handle DB tier notifications + +- name: restart mysql + service: name=mysqld state=restarted + diff --git a/lamp_haproxy/aws/roles/db/tasks/main.yml b/lamp_haproxy/aws/roles/db/tasks/main.yml new file mode 100644 index 000000000..71052795f --- /dev/null +++ b/lamp_haproxy/aws/roles/db/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# This role will install MySQL and create db user and give permissions. + +- name: Install Mysql package + yum: name={{ item }} state=present + with_items: + - mysql-server + - MySQL-python + +- name: Configure SELinux to start mysql on any port + seboolean: name=mysql_connect_any state=true persistent=yes + when: sestatus.rc != 0 + +- name: Create Mysql configuration file + template: src=my.cnf.j2 dest=/etc/my.cnf + notify: + - restart mysql + +- name: Start Mysql Service + service: name=mysqld state=started enabled=yes + +- name: Create Application Database + mysql_db: name={{ dbname }} state=present + +- name: Create Application DB User + mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present diff --git a/lamp_haproxy/aws/roles/db/templates/my.cnf.j2 b/lamp_haproxy/aws/roles/db/templates/my.cnf.j2 new file mode 100644 index 000000000..3944d063f --- /dev/null +++ b/lamp_haproxy/aws/roles/db/templates/my.cnf.j2 @@ -0,0 +1,11 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +port={{ mysql_port }} + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid diff --git a/lamp_haproxy/aws/roles/haproxy/handlers/main.yml b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml new file mode 100644 index 000000000..1eade088e --- /dev/null +++ b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml @@ -0,0 +1,9 @@ +--- +# Handlers for HAproxy + +- name: restart haproxy + service: name=haproxy state=restarted + +- name: reload haproxy + service: name=haproxy state=reloaded + diff --git a/lamp_haproxy/aws/roles/haproxy/tasks/main.yml b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml new file mode 100644 index 000000000..aac53093d --- /dev/null +++ b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# This role installs HAProxy and configures it. + +- name: Download and install haproxy + yum: name=haproxy state=present + +- name: Configure the haproxy cnf file with hosts + template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg + notify: restart haproxy + +- name: Start the haproxy service + service: name=haproxy state=started enabled=yes diff --git a/lamp_haproxy/aws/roles/haproxy/templates/haproxy.cfg.j2 b/lamp_haproxy/aws/roles/haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 000000000..714f6ab53 --- /dev/null +++ b/lamp_haproxy/aws/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,39 @@ +global + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user root + group root + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats level admin + +defaults + mode {{ mode }} + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +backend app + {% for host in groups.tag_ansible_group_lbservers %} + listen {{ daemonname }} 0.0.0.0:{{ listenport }} + {% endfor %} + balance {{ balance }} + {% for host in groups.tag_ansible_group_webservers %} + server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }} + {% endfor %} diff --git a/lamp_haproxy/aws/roles/nagios/files/ansible-managed-services.cfg b/lamp_haproxy/aws/roles/nagios/files/ansible-managed-services.cfg new file mode 100644 index 000000000..20eb56d26 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/files/ansible-managed-services.cfg @@ -0,0 +1,39 @@ +# {{ ansible_managed }} + +# service checks to be applied to all hosts + +define service { + use local-service + host_name localhost + service_description Root Partition + check_command check_local_disk!20%!10%!/ +} + +define service { + use local-service + host_name * + service_description Current Users + check_command check_local_users!20!50 +} + + +define service { + use local-service + host_name * + service_description Total Processes + check_command check_local_procs!250!400!RSZDT +} + +define service { + use local-service + host_name * + service_description Current Load + check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 +} + +define service { + use local-service + host_name * + service_description Swap Usage + check_command check_local_swap!20!10 +} diff --git a/lamp_haproxy/aws/roles/nagios/files/localhost.cfg b/lamp_haproxy/aws/roles/nagios/files/localhost.cfg new file mode 100644 index 000000000..dc85ab30b --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/files/localhost.cfg @@ -0,0 +1,144 @@ +############################################################################### +# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE +# +# Last Modified: 05-31-2007 +# +# NOTE: This config file is intended to serve as an *extremely* simple +# example of how you can create configuration entries to monitor +# the local (Linux) machine. +# +############################################################################### + + + + +############################################################################### +############################################################################### +# +# HOST DEFINITION +# +############################################################################### +############################################################################### + +# Define a host for the local machine + +define host{ + use linux-server ; Name of host template to use + ; This host definition will inherit all variables that are defined + ; in (or inherited by) the linux-server host template definition. + host_name localhost + alias localhost + address 127.0.0.1 + } + + + +############################################################################### +############################################################################### +# +# HOST GROUP DEFINITION +# +############################################################################### +############################################################################### + +# Define an optional hostgroup for Linux machines + +define hostgroup{ + hostgroup_name linux-servers ; The name of the hostgroup + alias Linux Servers ; Long name of the group + members localhost ; Comma separated list of hosts that belong to this group + } + + + +############################################################################### +############################################################################### +# +# SERVICE DEFINITIONS +# +############################################################################### +############################################################################### + + +# Define a service to "ping" the local machine + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description PING + check_command check_ping!100.0,20%!500.0,60% + } + + +# Define a service to check the disk space of the root partition +# on the local machine. Warning if < 20% free, critical if +# < 10% free space on partition. + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description Root Partition + check_command check_local_disk!20%!10%!/ + } + + + +# Define a service to check the number of currently logged in +# users on the local machine. Warning if > 20 users, critical +# if > 50 users. + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description Current Users + check_command check_local_users!20!50 + } + + +# Define a service to check the number of currently running procs +# on the local machine. Warning if > 250 processes, critical if +# > 400 users. + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description Total Processes + check_command check_local_procs!250!400!RSZDT + } + + + +# Define a service to check the load on the local machine. + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description Current Load + check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 + } + + + +# Define a service to check the swap usage the local machine. +# Critical if less than 10% of swap is free, warning if less than 20% is free + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description Swap Usage + check_command check_local_swap!20!10 + } + + + +# Define a service to check SSH on the local machine. +# Disable notifications for this service by default, as not all users may have SSH enabled. + +define service{ + use local-service ; Name of service template to use + host_name localhost + service_description SSH + check_command check_ssh + notifications_enabled 0 + } + diff --git a/lamp_haproxy/aws/roles/nagios/files/nagios.cfg b/lamp_haproxy/aws/roles/nagios/files/nagios.cfg new file mode 100644 index 000000000..dce3495d3 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/files/nagios.cfg @@ -0,0 +1,1332 @@ +############################################################################## +# +# NAGIOS.CFG - Sample Main Config File for Nagios 3.4.4 +# +# Read the documentation for more information on this configuration +# file. I've provided some comments here, but things may not be so +# clear without further explanation. +# +# Last Modified: 12-14-2008 +# +############################################################################## + + +# LOG FILE +# This is the main log file where service and host events are logged +# for historical purposes. This should be the first option specified +# in the config file!!! + +log_file=/var/log/nagios/nagios.log + + + +# OBJECT CONFIGURATION FILE(S) +# These are the object configuration files in which you define hosts, +# host groups, contacts, contact groups, services, etc. +# You can split your object definitions across several config files +# if you wish (as shown below), or keep them all in a single config file. + +# You can specify individual object config files as shown below: +cfg_file=/etc/nagios/objects/commands.cfg +cfg_file=/etc/nagios/objects/contacts.cfg +cfg_file=/etc/nagios/objects/timeperiods.cfg +cfg_file=/etc/nagios/objects/templates.cfg + +# Definitions for monitoring the local (Linux) host +cfg_file=/etc/nagios/objects/localhost.cfg + +cfg_file=/etc/nagios/ansible-managed-services.cfg +cfg_dir=/etc/nagios/ansible-managed + + +# OBJECT CACHE FILE +# This option determines where object definitions are cached when +# Nagios starts/restarts. The CGIs read object definitions from +# this cache file (rather than looking at the object config files +# directly) in order to prevent inconsistencies that can occur +# when the config files are modified after Nagios starts. + +object_cache_file=/var/log/nagios/objects.cache + + + +# PRE-CACHED OBJECT FILE +# This options determines the location of the precached object file. +# If you run Nagios with the -p command line option, it will preprocess +# your object configuration file(s) and write the cached config to this +# file. You can then start Nagios with the -u option to have it read +# object definitions from this precached file, rather than the standard +# object configuration files (see the cfg_file and cfg_dir options above). +# Using a precached object file can speed up the time needed to (re)start +# the Nagios process if you've got a large and/or complex configuration. +# Read the documentation section on optimizing Nagios to find our more +# about how this feature works. + +precached_object_file=/var/log/nagios/objects.precache + + + +# RESOURCE FILE +# This is an optional resource file that contains $USERx$ macro +# definitions. Multiple resource files can be specified by using +# multiple resource_file definitions. The CGIs will not attempt to +# read the contents of resource files, so information that is +# considered to be sensitive (usernames, passwords, etc) can be +# defined as macros in this file and restrictive permissions (600) +# can be placed on this file. + +resource_file=/etc/nagios/private/resource.cfg + + + +# STATUS FILE +# This is where the current status of all monitored services and +# hosts is stored. Its contents are read and processed by the CGIs. +# The contents of the status file are deleted every time Nagios +# restarts. + +status_file=/var/log/nagios/status.dat + + + +# STATUS FILE UPDATE INTERVAL +# This option determines the frequency (in seconds) that +# Nagios will periodically dump program, host, and +# service status data. + +status_update_interval=10 + + + +# NAGIOS USER +# This determines the effective user that Nagios should run as. +# You can either supply a username or a UID. + +nagios_user=nagios + + + +# NAGIOS GROUP +# This determines the effective group that Nagios should run as. +# You can either supply a group name or a GID. + +nagios_group=nagios + + + +# EXTERNAL COMMAND OPTION +# This option allows you to specify whether or not Nagios should check +# for external commands (in the command file defined below). By default +# Nagios will *not* check for external commands, just to be on the +# cautious side. If you want to be able to use the CGI command interface +# you will have to enable this. +# Values: 0 = disable commands, 1 = enable commands + +check_external_commands=1 + + + +# EXTERNAL COMMAND CHECK INTERVAL +# This is the interval at which Nagios should check for external commands. +# This value works of the interval_length you specify later. If you leave +# that at its default value of 60 (seconds), a value of 1 here will cause +# Nagios to check for external commands every minute. If you specify a +# number followed by an "s" (i.e. 15s), this will be interpreted to mean +# actual seconds rather than a multiple of the interval_length variable. +# Note: In addition to reading the external command file at regularly +# scheduled intervals, Nagios will also check for external commands after +# event handlers are executed. +# NOTE: Setting this value to -1 causes Nagios to check the external +# command file as often as possible. + +#command_check_interval=15s +command_check_interval=-1 + + + +# EXTERNAL COMMAND FILE +# This is the file that Nagios checks for external command requests. +# It is also where the command CGI will write commands that are submitted +# by users, so it must be writeable by the user that the web server +# is running as (usually 'nobody'). Permissions should be set at the +# directory level instead of on the file, as the file is deleted every +# time its contents are processed. + +command_file=/var/spool/nagios/cmd/nagios.cmd + + + +# EXTERNAL COMMAND BUFFER SLOTS +# This settings is used to tweak the number of items or "slots" that +# the Nagios daemon should allocate to the buffer that holds incoming +# external commands before they are processed. As external commands +# are processed by the daemon, they are removed from the buffer. + +external_command_buffer_slots=4096 + + + +# LOCK FILE +# This is the lockfile that Nagios will use to store its PID number +# in when it is running in daemon mode. + +lock_file=/var/run/nagios.pid + + + +# TEMP FILE +# This is a temporary file that is used as scratch space when Nagios +# updates the status log, cleans the comment file, etc. This file +# is created, used, and deleted throughout the time that Nagios is +# running. + +temp_file=/var/log/nagios/nagios.tmp + + + +# TEMP PATH +# This is path where Nagios can create temp files for service and +# host check results, etc. + +temp_path=/tmp + + + +# EVENT BROKER OPTIONS +# Controls what (if any) data gets sent to the event broker. +# Values: 0 = Broker nothing +# -1 = Broker everything +# = See documentation + +event_broker_options=-1 + + + +# EVENT BROKER MODULE(S) +# This directive is used to specify an event broker module that should +# by loaded by Nagios at startup. Use multiple directives if you want +# to load more than one module. Arguments that should be passed to +# the module at startup are seperated from the module path by a space. +# +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# Do NOT overwrite modules while they are being used by Nagios or Nagios +# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation +# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios... +# +# The correct/safe way of updating a module is by using one of these methods: +# 1. Shutdown Nagios, replace the module file, restart Nagios +# 2. Delete the original module file, move the new module file into place, restart Nagios +# +# Example: +# +# broker_module= [moduleargs] + +#broker_module=/somewhere/module1.o +#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 + + + +# LOG ROTATION METHOD +# This is the log rotation method that Nagios should use to rotate +# the main log file. Values are as follows.. +# n = None - don't rotate the log +# h = Hourly rotation (top of the hour) +# d = Daily rotation (midnight every day) +# w = Weekly rotation (midnight on Saturday evening) +# m = Monthly rotation (midnight last day of month) + +log_rotation_method=d + + + +# LOG ARCHIVE PATH +# This is the directory where archived (rotated) log files should be +# placed (assuming you've chosen to do log rotation). + +log_archive_path=/var/log/nagios/archives + + + +# LOGGING OPTIONS +# If you want messages logged to the syslog facility, as well as the +# Nagios log file set this option to 1. If not, set it to 0. + +use_syslog=1 + + + +# NOTIFICATION LOGGING OPTION +# If you don't want notifications to be logged, set this value to 0. +# If notifications should be logged, set the value to 1. + +log_notifications=1 + + + +# SERVICE RETRY LOGGING OPTION +# If you don't want service check retries to be logged, set this value +# to 0. If retries should be logged, set the value to 1. + +log_service_retries=1 + + + +# HOST RETRY LOGGING OPTION +# If you don't want host check retries to be logged, set this value to +# 0. If retries should be logged, set the value to 1. + +log_host_retries=1 + + + +# EVENT HANDLER LOGGING OPTION +# If you don't want host and service event handlers to be logged, set +# this value to 0. If event handlers should be logged, set the value +# to 1. + +log_event_handlers=1 + + + +# INITIAL STATES LOGGING OPTION +# If you want Nagios to log all initial host and service states to +# the main log file (the first time the service or host is checked) +# you can enable this option by setting this value to 1. If you +# are not using an external application that does long term state +# statistics reporting, you do not need to enable this option. In +# this case, set the value to 0. + +log_initial_states=0 + + + +# EXTERNAL COMMANDS LOGGING OPTION +# If you don't want Nagios to log external commands, set this value +# to 0. If external commands should be logged, set this value to 1. +# Note: This option does not include logging of passive service +# checks - see the option below for controlling whether or not +# passive checks are logged. + +log_external_commands=1 + + + +# PASSIVE CHECKS LOGGING OPTION +# If you don't want Nagios to log passive host and service checks, set +# this value to 0. If passive checks should be logged, set +# this value to 1. + +log_passive_checks=1 + + + +# GLOBAL HOST AND SERVICE EVENT HANDLERS +# These options allow you to specify a host and service event handler +# command that is to be run for every host or service state change. +# The global event handler is executed immediately prior to the event +# handler that you have optionally specified in each host or +# service definition. The command argument is the short name of a +# command definition that you define in your host configuration file. +# Read the HTML docs for more information. + +#global_host_event_handler=somecommand +#global_service_event_handler=somecommand + + + +# SERVICE INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" service checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all service checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! This is not a +# good thing for production, but is useful when testing the +# parallelization functionality. +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +service_inter_check_delay_method=s + + + +# MAXIMUM SERVICE CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all services should +# be completed. Default is 30 minutes. + +max_service_check_spread=30 + + + +# SERVICE CHECK INTERLEAVE FACTOR +# This variable determines how service checks are interleaved. +# Interleaving the service checks allows for a more even +# distribution of service checks and reduced load on remote +# hosts. Setting this value to 1 is equivalent to how versions +# of Nagios previous to 0.0.5 did service checks. Set this +# value to s (smart) for automatic calculation of the interleave +# factor unless you have a specific reason to change it. +# s = Use "smart" interleave factor calculation +# x = Use an interleave factor of x, where x is a +# number greater than or equal to 1. + +service_interleave_factor=s + + + +# HOST INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" host checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all host checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +host_inter_check_delay_method=s + + + +# MAXIMUM HOST CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all hosts should +# be completed. Default is 30 minutes. + +max_host_check_spread=30 + + + +# MAXIMUM CONCURRENT SERVICE CHECKS +# This option allows you to specify the maximum number of +# service checks that can be run in parallel at any given time. +# Specifying a value of 1 for this variable essentially prevents +# any service checks from being parallelized. A value of 0 +# will not restrict the number of concurrent checks that are +# being executed. + +max_concurrent_checks=0 + + + +# HOST AND SERVICE CHECK REAPER FREQUENCY +# This is the frequency (in seconds!) that Nagios will process +# the results of host and service checks. + +check_result_reaper_frequency=10 + + + + +# MAX CHECK RESULT REAPER TIME +# This is the max amount of time (in seconds) that a single +# check result reaper event will be allowed to run before +# returning control back to Nagios so it can perform other +# duties. + +max_check_result_reaper_time=30 + + + + +# CHECK RESULT PATH +# This is directory where Nagios stores the results of host and +# service checks that have not yet been processed. +# +# Note: Make sure that only one instance of Nagios has access +# to this directory! + +check_result_path=/var/log/nagios/spool/checkresults + + + + +# MAX CHECK RESULT FILE AGE +# This option determines the maximum age (in seconds) which check +# result files are considered to be valid. Files older than this +# threshold will be mercilessly deleted without further processing. + +max_check_result_file_age=3600 + + + + +# CACHED HOST CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous host check is considered current. +# Cached host states (from host checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to the host check logic. +# Too high of a value for this option may result in inaccurate host +# states being used by Nagios, while a lower value may result in a +# performance hit for host checks. Use a value of 0 to disable host +# check caching. + +cached_host_check_horizon=15 + + + +# CACHED SERVICE CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous service check is considered current. +# Cached service states (from service checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to predictive dependency checks. +# Use a value of 0 to disable service check caching. + +cached_service_check_horizon=15 + + + +# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of hosts when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# host dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_host_dependency_checks=1 + + + +# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of service when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# service dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_service_dependency_checks=1 + + + +# SOFT STATE DEPENDENCIES +# This option determines whether or not Nagios will use soft state +# information when checking host and service dependencies. Normally +# Nagios will only use the latest hard host or service state when +# checking dependencies. If you want it to use the latest state (regardless +# of whether its a soft or hard state type), enable this option. +# Values: +# 0 = Don't use soft state dependencies (default) +# 1 = Use soft state dependencies + +soft_state_dependencies=0 + + + +# TIME CHANGE ADJUSTMENT THRESHOLDS +# These options determine when Nagios will react to detected changes +# in system time (either forward or backwards). + +#time_change_threshold=900 + + + +# AUTO-RESCHEDULING OPTION +# This option determines whether or not Nagios will attempt to +# automatically reschedule active host and service checks to +# "smooth" them out over time. This can help balance the load on +# the monitoring server. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_reschedule_checks=0 + + + +# AUTO-RESCHEDULING INTERVAL +# This option determines how often (in seconds) Nagios will +# attempt to automatically reschedule checks. This option only +# has an effect if the auto_reschedule_checks option is enabled. +# Default is 30 seconds. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_interval=30 + + + +# AUTO-RESCHEDULING WINDOW +# This option determines the "window" of time (in seconds) that +# Nagios will look at when automatically rescheduling checks. +# Only host and service checks that occur in the next X seconds +# (determined by this variable) will be rescheduled. This option +# only has an effect if the auto_reschedule_checks option is +# enabled. Default is 180 seconds (3 minutes). +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_window=180 + + + +# SLEEP TIME +# This is the number of seconds to sleep between checking for system +# events and service checks that need to be run. + +sleep_time=0.25 + + + +# TIMEOUT VALUES +# These options control how much time Nagios will allow various +# types of commands to execute before killing them off. Options +# are available for controlling maximum time allotted for +# service checks, host checks, event handlers, notifications, the +# ocsp command, and performance data commands. All values are in +# seconds. + +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +perfdata_timeout=5 + + + +# RETAIN STATE INFORMATION +# This setting determines whether or not Nagios will save state +# information for services and hosts before it shuts down. Upon +# startup Nagios will reload all saved service and host state +# information before starting to monitor. This is useful for +# maintaining long-term data on state statistics, etc, but will +# slow Nagios down a bit when it (re)starts. Since its only +# a one-time penalty, I think its well worth the additional +# startup delay. + +retain_state_information=1 + + + +# STATE RETENTION FILE +# This is the file that Nagios should use to store host and +# service state information before it shuts down. The state +# information in this file is also read immediately prior to +# starting to monitor the network when Nagios is restarted. +# This file is used only if the retain_state_information +# variable is set to 1. + +state_retention_file=/var/log/nagios/retention.dat + + + +# RETENTION DATA UPDATE INTERVAL +# This setting determines how often (in minutes) that Nagios +# will automatically save retention data during normal operation. +# If you set this value to 0, Nagios will not save retention +# data at regular interval, but it will still save retention +# data before shutting down or restarting. If you have disabled +# state retention, this option has no effect. + +retention_update_interval=60 + + + +# USE RETAINED PROGRAM STATE +# This setting determines whether or not Nagios will set +# program status variables based on the values saved in the +# retention file. If you want to use retained program status +# information, set this value to 1. If not, set this value +# to 0. + +use_retained_program_state=1 + + + +# USE RETAINED SCHEDULING INFO +# This setting determines whether or not Nagios will retain +# the scheduling info (next check time) for hosts and services +# based on the values saved in the retention file. If you +# If you want to use retained scheduling info, set this +# value to 1. If not, set this value to 0. + +use_retained_scheduling_info=1 + + + +# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE) +# The following variables are used to specify specific host and +# service attributes that should *not* be retained by Nagios during +# program restarts. +# +# The values of the masks are bitwise ANDs of values specified +# by the "MODATTR_" definitions found in include/common.h. +# For example, if you do not want the current enabled/disabled state +# of flap detection and event handlers for hosts to be retained, you +# would use a value of 24 for the host attribute mask... +# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24 + +# This mask determines what host attributes are not retained +retained_host_attribute_mask=0 + +# This mask determines what service attributes are not retained +retained_service_attribute_mask=0 + +# These two masks determine what process attributes are not retained. +# There are two masks, because some process attributes have host and service +# options. For example, you can disable active host checks, but leave active +# service checks enabled. +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 + +# These two masks determine what contact attributes are not retained. +# There are two masks, because some contact attributes have host and +# service options. For example, you can disable host notifications for +# a contact, but leave service notifications enabled for them. +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 + + + +# INTERVAL LENGTH +# This is the seconds per unit interval as used in the +# host/contact/service configuration files. Setting this to 60 means +# that each interval is one minute long (60 seconds). Other settings +# have not been tested much, so your mileage is likely to vary... + +interval_length=60 + + + +# CHECK FOR UPDATES +# This option determines whether Nagios will automatically check to +# see if new updates (releases) are available. It is recommend that you +# enable this option to ensure that you stay on top of the latest critical +# patches to Nagios. Nagios is critical to you - make sure you keep it in +# good shape. Nagios will check once a day for new updates. Data collected +# by Nagios Enterprises from the update check is processed in accordance +# with our privacy policy - see http://api.nagios.org for details. + +check_for_updates=1 + + + +# BARE UPDATE CHECK +# This option deterines what data Nagios will send to api.nagios.org when +# it checks for updates. By default, Nagios will send information on the +# current version of Nagios you have installed, as well as an indicator as +# to whether this was a new installation or not. Nagios Enterprises uses +# this data to determine the number of users running specific version of +# Nagios. Enable this option if you do not want this information to be sent. + +bare_update_check=0 + + + +# AGGRESSIVE HOST CHECKING OPTION +# If you don't want to turn on aggressive host checking features, set +# this value to 0 (the default). Otherwise set this value to 1 to +# enable the aggressive check option. Read the docs for more info +# on what aggressive host check is or check out the source code in +# base/checks.c + +use_aggressive_host_checking=0 + + + +# SERVICE CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# service checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of service checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_service_checks=1 + + + +# PASSIVE SERVICE CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# service checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_service_checks=1 + + + +# HOST CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# host checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of host checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_host_checks=1 + + + +# PASSIVE HOST CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# host checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_host_checks=1 + + + +# NOTIFICATIONS OPTION +# This determines whether or not Nagios will sent out any host or +# service notifications when it is initially (re)started. +# Values: 1 = enable notifications, 0 = disable notifications + +enable_notifications=1 + + + +# EVENT HANDLER USE OPTION +# This determines whether or not Nagios will run any host or +# service event handlers when it is initially (re)started. Unless +# you're implementing redundant hosts, leave this option enabled. +# Values: 1 = enable event handlers, 0 = disable event handlers + +enable_event_handlers=1 + + + +# PROCESS PERFORMANCE DATA OPTION +# This determines whether or not Nagios will process performance +# data returned from service and host checks. If this option is +# enabled, host performance data will be processed using the +# host_perfdata_command (defined below) and service performance +# data will be processed using the service_perfdata_command (also +# defined below). Read the HTML docs for more information on +# performance data. +# Values: 1 = process performance data, 0 = do not process performance data + +process_performance_data=0 + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS +# These commands are run after every host and service check is +# performed. These commands are executed only if the +# enable_performance_data option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on performance data. + +#host_perfdata_command=process-host-perfdata +#service_perfdata_command=process-service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILES +# These files are used to store host and service performance data. +# Performance data is only written to these files if the +# enable_performance_data option (above) is set to 1. + +#host_perfdata_file=/tmp/host-perfdata +#service_perfdata_file=/tmp/service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES +# These options determine what data is written (and how) to the +# performance data files. The templates may contain macros, special +# characters (\t for tab, \r for carriage return, \n for newline) +# and plain text. A newline is automatically added after each write +# to the performance data file. Some examples of what you can do are +# shown below. + +#host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$ +#service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$ + + + +# HOST AND SERVICE PERFORMANCE DATA FILE MODES +# This option determines whether or not the host and service +# performance data files are opened in write ("w") or append ("a") +# mode. If you want to use named pipes, you should use the special +# pipe ("p") mode which avoid blocking at startup, otherwise you will +# likely want the defult append ("a") mode. + +#host_perfdata_file_mode=a +#service_perfdata_file_mode=a + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL +# These options determine how often (in seconds) the host and service +# performance data files are processed using the commands defined +# below. A value of 0 indicates the files should not be periodically +# processed. + +#host_perfdata_file_processing_interval=0 +#service_perfdata_file_processing_interval=0 + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS +# These commands are used to periodically process the host and +# service performance data files. The interval at which the +# processing occurs is determined by the options above. + +#host_perfdata_file_processing_command=process-host-perfdata-file +#service_perfdata_file_processing_command=process-service-perfdata-file + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESS EMPTY RESULTS +# THese options determine wether the core will process empty perfdata +# results or not. This is needed for distributed monitoring, and intentionally +# turned on by default. +# If you don't require empty perfdata - saving some cpu cycles +# on unwanted macro calculation - you can turn that off. Be careful! +# Values: 1 = enable, 0 = disable + +#host_perfdata_process_empty_results=1 +#service_perfdata_process_empty_results=1 + + +# OBSESS OVER SERVICE CHECKS OPTION +# This determines whether or not Nagios will obsess over service +# checks and run the ocsp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over services, 0 = do not obsess (default) + +obsess_over_services=0 + + + +# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND +# This is the command that is run for every service check that is +# processed by Nagios. This command is executed only if the +# obsess_over_services option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ocsp_command=somecommand + + + +# OBSESS OVER HOST CHECKS OPTION +# This determines whether or not Nagios will obsess over host +# checks and run the ochp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over hosts, 0 = do not obsess (default) + +obsess_over_hosts=0 + + + +# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND +# This is the command that is run for every host check that is +# processed by Nagios. This command is executed only if the +# obsess_over_hosts option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ochp_command=somecommand + + + +# TRANSLATE PASSIVE HOST CHECKS OPTION +# This determines whether or not Nagios will translate +# DOWN/UNREACHABLE passive host check results into their proper +# state for this instance of Nagios. This option is useful +# if you have distributed or failover monitoring setup. In +# these cases your other Nagios servers probably have a different +# "view" of the network, with regards to the parent/child relationship +# of hosts. If a distributed monitoring server thinks a host +# is DOWN, it may actually be UNREACHABLE from the point of +# this Nagios instance. Enabling this option will tell Nagios +# to translate any DOWN or UNREACHABLE host states it receives +# passively into the correct state from the view of this server. +# Values: 1 = perform translation, 0 = do not translate (default) + +translate_passive_host_checks=0 + + + +# PASSIVE HOST CHECKS ARE SOFT OPTION +# This determines whether or not Nagios will treat passive host +# checks as being HARD or SOFT. By default, a passive host check +# result will put a host into a HARD state type. This can be changed +# by enabling this option. +# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT + +passive_host_checks_are_soft=0 + + + +# ORPHANED HOST/SERVICE CHECK OPTIONS +# These options determine whether or not Nagios will periodically +# check for orphaned host service checks. Since service checks are +# not rescheduled until the results of their previous execution +# instance are processed, there exists a possibility that some +# checks may never get rescheduled. A similar situation exists for +# host checks, although the exact scheduling details differ a bit +# from service checks. Orphaned checks seem to be a rare +# problem and should not happen under normal circumstances. +# If you have problems with service checks never getting +# rescheduled, make sure you have orphaned service checks enabled. +# Values: 1 = enable checks, 0 = disable checks + +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 + + + +# SERVICE FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of service results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_service_freshness=1 + + + +# SERVICE FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of service check results. If you have +# disabled service freshness checking, this option has no effect. + +service_freshness_check_interval=60 + + + +# SERVICE CHECK TIMEOUT STATE +# This setting determines the state Nagios will report when a +# service check times out - that is does not respond within +# service_check_timeout seconds. This can be useful if a +# machine is running at too high a load and you do not want +# to consider a failed service check to be critical (the default). +# Valid settings are: +# c - Critical (default) +# u - Unknown +# w - Warning +# o - OK + +service_check_timeout_state=c + + + +# HOST FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of host results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_host_freshness=0 + + + +# HOST FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of host check results. If you have +# disabled host freshness checking, this option has no effect. + +host_freshness_check_interval=60 + + + + +# ADDITIONAL FRESHNESS THRESHOLD LATENCY +# This setting determines the number of seconds that Nagios +# will add to any host and service freshness thresholds that +# it calculates (those not explicitly specified by the user). + +additional_freshness_latency=15 + + + + +# FLAP DETECTION OPTION +# This option determines whether or not Nagios will try +# and detect hosts and services that are "flapping". +# Flapping occurs when a host or service changes between +# states too frequently. When Nagios detects that a +# host or service is flapping, it will temporarily suppress +# notifications for that host/service until it stops +# flapping. Flap detection is very experimental, so read +# the HTML documentation before enabling this feature! +# Values: 1 = enable flap detection +# 0 = disable flap detection (default) + +enable_flap_detection=1 + + + +# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES +# Read the HTML documentation on flap detection for +# an explanation of what this option does. This option +# has no effect if flap detection is disabled. + +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 + + + +# DATE FORMAT OPTION +# This option determines how short dates are displayed. Valid options +# include: +# us (MM-DD-YYYY HH:MM:SS) +# euro (DD-MM-YYYY HH:MM:SS) +# iso8601 (YYYY-MM-DD HH:MM:SS) +# strict-iso8601 (YYYY-MM-DDTHH:MM:SS) +# + +date_format=us + + + + +# TIMEZONE OFFSET +# This option is used to override the default timezone that this +# instance of Nagios runs in. If not specified, Nagios will use +# the system configured timezone. +# +# NOTE: In order to display the correct timezone in the CGIs, you +# will also need to alter the Apache directives for the CGI path +# to include your timezone. Example: +# +# +# SetEnv TZ "Australia/Brisbane" +# ... +# + +#use_timezone=US/Mountain +#use_timezone=Australia/Brisbane + + + + +# P1.PL FILE LOCATION +# This value determines where the p1.pl perl script (used by the +# embedded Perl interpreter) is located. If you didn't compile +# Nagios with embedded Perl support, this option has no effect. + +p1_file=/usr/sbin/p1.pl + + + +# EMBEDDED PERL INTERPRETER OPTION +# This option determines whether or not the embedded Perl interpreter +# will be enabled during runtime. This option has no effect if Nagios +# has not been compiled with support for embedded Perl. +# Values: 0 = disable interpreter, 1 = enable interpreter + +enable_embedded_perl=1 + + + +# EMBEDDED PERL USAGE OPTION +# This option determines whether or not Nagios will process Perl plugins +# and scripts with the embedded Perl interpreter if the plugins/scripts +# do not explicitly indicate whether or not it is okay to do so. Read +# the HTML documentation on the embedded Perl interpreter for more +# information on how this option works. + +use_embedded_perl_implicitly=1 + + + +# ILLEGAL OBJECT NAME CHARACTERS +# This option allows you to specify illegal characters that cannot +# be used in host names, service descriptions, or names of other +# object types. + +illegal_object_name_chars=`~!$%^&*|'"<>?,()= + + + +# ILLEGAL MACRO OUTPUT CHARACTERS +# This option allows you to specify illegal characters that are +# stripped from macros before being used in notifications, event +# handlers, etc. This DOES NOT affect macros used in service or +# host check commands. +# The following macros are stripped of the characters you specify: +# $HOSTOUTPUT$ +# $HOSTPERFDATA$ +# $HOSTACKAUTHOR$ +# $HOSTACKCOMMENT$ +# $SERVICEOUTPUT$ +# $SERVICEPERFDATA$ +# $SERVICEACKAUTHOR$ +# $SERVICEACKCOMMENT$ + +illegal_macro_output_chars=`~$&|'"<> + + + +# REGULAR EXPRESSION MATCHING +# This option controls whether or not regular expression matching +# takes place in the object config files. Regular expression +# matching is used to match host, hostgroup, service, and service +# group names/descriptions in some fields of various object types. +# Values: 1 = enable regexp matching, 0 = disable regexp matching + +use_regexp_matching=0 + + + +# "TRUE" REGULAR EXPRESSION MATCHING +# This option controls whether or not "true" regular expression +# matching takes place in the object config files. This option +# only has an effect if regular expression matching is enabled +# (see above). If this option is DISABLED, regular expression +# matching only occurs if a string contains wildcard characters +# (* and ?). If the option is ENABLED, regexp matching occurs +# all the time (which can be annoying). +# Values: 1 = enable true matching, 0 = disable true matching + +use_true_regexp_matching=0 + + + +# ADMINISTRATOR EMAIL/PAGER ADDRESSES +# The email and pager address of a global administrator (likely you). +# Nagios never uses these values itself, but you can access them by +# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification +# commands. + +admin_email=nagios@localhost +admin_pager=pagenagios@localhost + + + +# DAEMON CORE DUMP OPTION +# This option determines whether or not Nagios is allowed to create +# a core dump when it runs as a daemon. Note that it is generally +# considered bad form to allow this, but it may be useful for +# debugging purposes. Enabling this option doesn't guarantee that +# a core file will be produced, but that's just life... +# Values: 1 - Allow core dumps +# 0 - Do not allow core dumps (default) + +daemon_dumps_core=0 + + + +# LARGE INSTALLATION TWEAKS OPTION +# This option determines whether or not Nagios will take some shortcuts +# which can save on memory and CPU usage in large Nagios installations. +# Read the documentation for more information on the benefits/tradeoffs +# of enabling this option. +# Values: 1 - Enabled tweaks +# 0 - Disable tweaks (default) + +use_large_installation_tweaks=0 + + + +# ENABLE ENVIRONMENT MACROS +# This option determines whether or not Nagios will make all standard +# macros available as environment variables when host/service checks +# and system commands (event handlers, notifications, etc.) are +# executed. Enabling this option can cause performance issues in +# large installations, as it will consume a bit more memory and (more +# importantly) consume more CPU. +# Values: 1 - Enable environment variable macros (default) +# 0 - Disable environment variable macros + +enable_environment_macros=1 + + + +# CHILD PROCESS MEMORY OPTION +# This option determines whether or not Nagios will free memory in +# child processes (processed used to execute system commands and host/ +# service checks). If you specify a value here, it will override +# program defaults. +# Value: 1 - Free memory in child processes +# 0 - Do not free memory in child processes + +#free_child_process_memory=1 + + + +# CHILD PROCESS FORKING BEHAVIOR +# This option determines how Nagios will fork child processes +# (used to execute system commands and host/service checks). Normally +# child processes are fork()ed twice, which provides a very high level +# of isolation from problems. Fork()ing once is probably enough and will +# save a great deal on CPU usage (in large installs), so you might +# want to consider using this. If you specify a value here, it will +# program defaults. +# Value: 1 - Child processes fork() twice +# 0 - Child processes fork() just once + +#child_processes_fork_twice=1 + + + +# DEBUG LEVEL +# This option determines how much (if any) debugging information will +# be written to the debug file. OR values together to log multiple +# types of information. +# Values: +# -1 = Everything +# 0 = Nothing +# 1 = Functions +# 2 = Configuration +# 4 = Process information +# 8 = Scheduled events +# 16 = Host/service checks +# 32 = Notifications +# 64 = Event broker +# 128 = External commands +# 256 = Commands +# 512 = Scheduled downtime +# 1024 = Comments +# 2048 = Macros + +debug_level=0 + + + +# DEBUG VERBOSITY +# This option determines how verbose the debug log out will be. +# Values: 0 = Brief output +# 1 = More detailed +# 2 = Very detailed + +debug_verbosity=1 + + + +# DEBUG FILE +# This option determines where Nagios should write debugging information. + +debug_file=/var/log/nagios/nagios.debug + + + +# MAX DEBUG FILE SIZE +# This option determines the maximum size (in bytes) of the debug file. If +# the file grows larger than this size, it will be renamed with a .old +# extension. If a file already exists with a .old extension it will +# automatically be deleted. This helps ensure your disk space usage doesn't +# get out of control when debugging Nagios. + +max_debug_file_size=1000000 + + diff --git a/lamp_haproxy/aws/roles/nagios/handlers/main.yml b/lamp_haproxy/aws/roles/nagios/handlers/main.yml new file mode 100644 index 000000000..c0d887553 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers for nagios +- name: restart httpd + service: name=httpd state=restarted + +- name: restart nagios + service: name=nagios state=restarted diff --git a/lamp_haproxy/aws/roles/nagios/tasks/main.yml b/lamp_haproxy/aws/roles/nagios/tasks/main.yml new file mode 100644 index 000000000..69e2d43ad --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# This will install nagios + +- name: install nagios + yum: pkg={{ item }} state=present + with_items: + - nagios + - nagios-plugins + - nagios-plugins-nrpe + - nagios-plugins-ping + - nagios-plugins-ssh + - nagios-plugins-http + - nagios-plugins-mysql + - nagios-devel + notify: restart httpd + +- name: create nagios config dir + file: path=/etc/nagios/ansible-managed state=directory + +- name: configure nagios + copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg + notify: restart nagios + +- name: configure localhost monitoring + copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg + notify: restart nagios + +- name: configure nagios services + copy: src=ansible-managed-services.cfg dest=/etc/nagios/ + +- name: create the nagios object files + template: src={{ item + ".j2" }} + dest=/etc/nagios/ansible-managed/{{ item }} + with_items: + - webservers.cfg + - dbservers.cfg + - lbservers.cfg + notify: restart nagios + +- name: start nagios + service: name=nagios state=started enabled=yes diff --git a/lamp_haproxy/aws/roles/nagios/templates/dbservers.cfg.j2 b/lamp_haproxy/aws/roles/nagios/templates/dbservers.cfg.j2 new file mode 100644 index 000000000..59ed7e396 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/templates/dbservers.cfg.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +define hostgroup { + hostgroup_name dbservers + alias Database Servers +} + +{% for host in groups.tag_ansible_group_dbservers %} + define host { + use linux-server + host_name {{ host }} + alias {{ host }} + address {{ hostvars[host].ansible_default_ipv4.address }} + hostgroups dbservers + } +{% endfor %} + +#define service { +# use local-service +# hostgroup_name dbservers +# service_description MySQL Database Server +# check_command check_mysql +# notifications_enabled 0 +#} + diff --git a/lamp_haproxy/aws/roles/nagios/templates/lbservers.cfg.j2 b/lamp_haproxy/aws/roles/nagios/templates/lbservers.cfg.j2 new file mode 100644 index 000000000..f93396204 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/templates/lbservers.cfg.j2 @@ -0,0 +1,22 @@ +# {{ ansible_managed }} + +define hostgroup { + hostgroup_name loadbalancers + alias Load Balancers +} + +{% for host in groups.tag_ansible_group_lbservers %} +define host { + use linux-server + host_name {{ host }} + alias {{ host }} + address {{ hostvars[host].ansible_default_ipv4.address }} + hostgroups loadbalancers +} +define service { + use local-service + host_name {{ host }} + service_description HAProxy Load Balancer + check_command check_http!-p{{ hostvars[host].listenport }} +} +{% endfor %} diff --git a/lamp_haproxy/aws/roles/nagios/templates/webservers.cfg.j2 b/lamp_haproxy/aws/roles/nagios/templates/webservers.cfg.j2 new file mode 100644 index 000000000..8d5515745 --- /dev/null +++ b/lamp_haproxy/aws/roles/nagios/templates/webservers.cfg.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +define hostgroup { + hostgroup_name webservers + alias Web Servers +} + +{% for host in groups.tag_ansible_group_webservers %} + define host { + use linux-server + host_name {{ host }} + alias {{ host }} + address {{ hostvars[host].ansible_default_ipv4.address }} + hostgroups webservers + } +{% endfor %} + +# service checks to be applied to the web server +define service { + use local-service + hostgroup_name webservers + service_description webserver + check_command check_http + notifications_enabled 0 +} diff --git a/lamp_haproxy/aws/roles/web/tasks/main.yml b/lamp_haproxy/aws/roles/web/tasks/main.yml new file mode 100644 index 000000000..722531241 --- /dev/null +++ b/lamp_haproxy/aws/roles/web/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +# httpd is handled by the base-apache role upstream +- name: Install php and git + yum: name={{ item }} state=present + with_items: + - php + - php-mysql + - git + +- name: Configure SELinux to allow httpd to connect to remote database + seboolean: name=httpd_can_network_connect_db state=true persistent=yes + when: sestatus.rc != 0 + +- name: Copy the code from repository + git: repo={{ repository }} version={{ webapp_version }} dest=/var/www/html/ diff --git a/lamp_haproxy/aws/rolling_update.yml b/lamp_haproxy/aws/rolling_update.yml new file mode 100644 index 000000000..722909b2d --- /dev/null +++ b/lamp_haproxy/aws/rolling_update.yml @@ -0,0 +1,47 @@ +--- +# This playbook does a rolling update for all webservers serially (one at a time). +# Change the value of serial: to adjust the number of server to be updated. +# +# The three roles that apply to the webserver hosts will be applied: common, +# base-apache, and web. So any changes to configuration, package updates, etc, +# will be applied as part of the rolling update process. +# + +# gather facts from monitoring nodes for iptables rules +- hosts: tag_ansible_group_monitoring + tasks: [] + +- hosts: tag_ansible_group_webservers + serial: 1 + + # These are the tasks to run before applying updates: + pre_tasks: + - name: disable nagios alerts for this host webserver service + nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver' + delegate_to: "{{ item }}" + with_items: groups.tag_ansible_group_monitoring + + - name: disable the server in haproxy + haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' + delegate_to: "{{ item }}" + with_items: groups.tag_ansible_group_lbservers + + roles: + - common + - base-apache + - web + + # These tasks run after the roles: + post_tasks: + - name: wait for webserver to come up + wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80' + + - name: enable the server in haproxy + haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' + delegate_to: "{{ item }}" + with_items: groups.tag_ansible_group_lbservers + + - name: re-enable nagios alerts + nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver' + delegate_to: "{{ item }}" + with_items: groups.tag_ansible_group_monitoring diff --git a/lamp_haproxy/aws/site.yml b/lamp_haproxy/aws/site.yml new file mode 100644 index 000000000..a0dc48280 --- /dev/null +++ b/lamp_haproxy/aws/site.yml @@ -0,0 +1,48 @@ +--- +## This playbook deploys the whole application stack in this site. + +# Apply common configuration to all hosts +- hosts: all + + roles: + - common + +# Configure and deploy database servers. +- hosts: tag_ansible_group_dbservers + + roles: + - db + + tags: + - db + +# Configure and deploy the web servers. Note that we include two roles here, +# the 'base-apache' role which simply sets up Apache, and 'web' which includes +# our example web application. +- hosts: tag_ansible_group_webservers + + roles: + - base-apache + - web + + tags: + - web + +# Configure and deploy the load balancer(s). +- hosts: tag_ansible_group_lbservers + + roles: + - haproxy + + tags: + - lb + +# Configure and deploy the Nagios monitoring node(s). +- hosts: tag_ansible_group_monitoring + + roles: + - base-apache + - nagios + + tags: + - monitoring diff --git a/lamp_haproxy/roles/common/templates/iptables.j2 b/lamp_haproxy/roles/common/templates/iptables.j2 index c39bcf54b..e6822b5d7 100644 --- a/lamp_haproxy/roles/common/templates/iptables.j2 +++ b/lamp_haproxy/roles/common/templates/iptables.j2 @@ -5,19 +5,19 @@ :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -{% if (inventory_hostname in groups[group_webservers]) or (inventory_hostname in groups[group_monitoring]) %} +{% if (inventory_hostname in groups.webservers) or (inventory_hostname in groups.monitoring) %} -A INPUT -p tcp --dport 80 -j ACCEPT {% endif %} -{% if (inventory_hostname in groups[group_dbservers]) %} +{% if (inventory_hostname in groups.dbservers) %} -A INPUT -p tcp --dport 3306 -j ACCEPT {% endif %} -{% if (inventory_hostname in groups[group_lbservers]) %} +{% if (inventory_hostname in groups.lbservers) %} -A INPUT -p tcp --dport {{ listenport }} -j ACCEPT {% endif %} -{% for host in groups[group_monitoring] %} +{% for host in groups.monitoring %} -A INPUT -p tcp -s {{ hostvars[host].ansible_default_ipv4.address }} --dport 5666 -j ACCEPT {% endfor %} diff --git a/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 index 10194889f..73d7a53a7 100644 --- a/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 +++ b/lamp_haproxy/roles/haproxy/templates/haproxy.cfg.j2 @@ -30,10 +30,10 @@ defaults maxconn 3000 backend app - {% for host in groups[group_lbservers] %} + {% for host in groups.lbservers %} listen {{ daemonname }} 0.0.0.0:{{ listenport }} {% endfor %} balance {{ balance }} - {% for host in groups[group_webservers] %} + {% for host in groups.webservers %} server {{ host }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }} - {% endfor %} \ No newline at end of file + {% endfor %} diff --git a/lamp_haproxy/roles/nagios/templates/dbservers.cfg.j2 b/lamp_haproxy/roles/nagios/templates/dbservers.cfg.j2 index 967d8fb32..8631cd32e 100644 --- a/lamp_haproxy/roles/nagios/templates/dbservers.cfg.j2 +++ b/lamp_haproxy/roles/nagios/templates/dbservers.cfg.j2 @@ -5,7 +5,7 @@ define hostgroup { alias Database Servers } -{% for host in groups[group_dbservers] %} +{% for host in groups.dbservers %} define host { use linux-server host_name {{ host }} diff --git a/lamp_haproxy/roles/nagios/templates/lbservers.cfg.j2 b/lamp_haproxy/roles/nagios/templates/lbservers.cfg.j2 index adf203916..00498d272 100644 --- a/lamp_haproxy/roles/nagios/templates/lbservers.cfg.j2 +++ b/lamp_haproxy/roles/nagios/templates/lbservers.cfg.j2 @@ -5,7 +5,7 @@ define hostgroup { alias Load Balancers } -{% for host in groups[group_lbservers] %} +{% for host in groups.lbservers %} define host { use linux-server host_name {{ host }} diff --git a/lamp_haproxy/roles/nagios/templates/webservers.cfg.j2 b/lamp_haproxy/roles/nagios/templates/webservers.cfg.j2 index 827999860..98344a256 100644 --- a/lamp_haproxy/roles/nagios/templates/webservers.cfg.j2 +++ b/lamp_haproxy/roles/nagios/templates/webservers.cfg.j2 @@ -5,7 +5,7 @@ define hostgroup { alias Web Servers } -{% for host in groups[group_webservers] %} +{% for host in groups.webservers %} define host { use linux-server host_name {{ host }} diff --git a/lamp_haproxy/rolling_update.yml b/lamp_haproxy/rolling_update.yml index 6536734f6..4723f364c 100644 --- a/lamp_haproxy/rolling_update.yml +++ b/lamp_haproxy/rolling_update.yml @@ -8,10 +8,10 @@ # # gather facts from monitoring nodes for iptables rules -- hosts: "{{ group_monitoring }}" +- hosts: monitoring tasks: [] -- hosts: "{{ group_webservers }}" +- hosts: webservers - hosts: webservers serial: 1 @@ -21,12 +21,12 @@ - name: disable nagios alerts for this host webserver service nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver' delegate_to: "{{ item }}" - with_items: groups[group_monitoring] + with_items: groups.monitoring - name: disable the server in haproxy haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' delegate_to: "{{ item }}" - with_items: groups[group_lbservers] + with_items: groups.lbservers roles: - common @@ -41,9 +41,9 @@ - name: enable the server in haproxy haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' delegate_to: "{{ item }}" - with_items: groups[group_lbservers] + with_items: groups.lbservers - name: re-enable nagios alerts nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver' delegate_to: "{{ item }}" - with_items: groups[group_monitoring] + with_items: groups.monitoring diff --git a/lamp_haproxy/site.yml b/lamp_haproxy/site.yml index 353e6c4f4..fffafa65d 100644 --- a/lamp_haproxy/site.yml +++ b/lamp_haproxy/site.yml @@ -3,13 +3,12 @@ # Apply common configuration to all hosts - hosts: all - remote_user: root roles: - common # Configure and deploy database servers. -- hosts: "{{ group_dbservers }}" +- hosts: dbservers roles: - db @@ -20,8 +19,7 @@ # Configure and deploy the web servers. Note that we include two roles here, # the 'base-apache' role which simply sets up Apache, and 'web' which includes # our example web application. -- hosts: "{{ group_webservers }}" - remote_user: root +- hosts: webservers roles: - base-apache @@ -31,7 +29,7 @@ - web # Configure and deploy the load balancer(s). -- hosts: "{{ group_lbservers }}" +- hosts: lbservers roles: - haproxy @@ -40,7 +38,7 @@ - lb # Configure and deploy the Nagios monitoring node(s). -- hosts: "{{ group_monitoring }}" +- hosts: monitoring roles: - base-apache