Merge pull request #38 from sa2ajj/goodies

Goodies

group_vars/all

@@ -24,8 +24,14 @@ admin_users:
 - username: sean
   state: present
 
+# This account is used to run `ansible-pull` and has passwordless sudo rights
+# on the host.
 service_account: bbinfra
 
+# This account is intended to be used for running non-privileged
+# services/tasks.
+worker_account: bbuser
+
 # Mandatory packages are the ones that must be installed on every host.
 # Ansible installation is taken care of depending on what kind of host is that
 # (service host, jail, vm)

library/getent

@@ -0,0 +1,143 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2014, Brian Coca <brian.coca+dev@gmail.com>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+DOCUMENTATION = '''
+---
+module: getent
+short_description: a wrapper to the unix getent utility
+description:
+     - Runs getent against one of it's various databases and returns information into
+       the host's facts, in a getent_<database> prefixed variable
+version_added: "1.8"
+options:
+    database:
+        required: True
+        description:
+            - the name of a getent database supported by the target system (passwd, group,
+              hosts, etc).
+    key:
+        required: False
+        default: ''
+        description:
+            - key from which to return values from the specified database, otherwise the
+              full contents are returned.
+    split:
+        required: False
+        default: None
+        description:
+            - "character used to split the database values into lists/arrays such as ':' or '\t', otherwise  it will try to pick one depending on the database"
+    fail_key:
+        required: False
+        default: True
+        description:
+            - If a supplied key is missing this will make the task fail if True
+
+notes:
+   - "Not all databases support enumeration, check system documentation for details"
+requirements: [ ]
+author: Brian Coca
+'''
+
+EXAMPLES = '''
+# get root user info
+- getent: database=passwd key=root
+- debug: var=getent_passwd
+
+# get all groups
+- getent: database=group split=':'
+- debug: var=getent_group
+
+# get all hosts, split by tab
+- getent: database=hosts
+- debug: var=getent_hosts
+
+# get http service info, no error if missing
+- getent: database=services key=http fail_key=False
+- debug: var=getent_services
+
+# get user password hash (requires sudo/root)
+- getent: database=shadow key=www-data split=:
+- debug: var=getent_shadow
+
+'''
+
+def main():
+    module = AnsibleModule(
+        argument_spec = dict(
+            database = dict(required=True),
+            key      = dict(required=False, default=None),
+            split    = dict(required=False, default=None),
+            fail_key = dict(required=False, default=True),
+        ),
+        supports_check_mode = True,
+    )
+
+    colon = [ 'passwd', 'shadow', 'group', 'gshadow' ]
+
+    database = module.params['database']
+    key      = module.params.get('key')
+    split    = module.params.get('split')
+    fail_key = module.params.get('fail_key')
+
+    getent_bin = module.get_bin_path('getent', True)
+
+    if key is not None:
+        cmd = [ getent_bin, database, key ]
+    else:
+        cmd = [ getent_bin, database ]
+
+    if split is None and database in colon:
+        split = ':'
+
+    try:
+        rc, out, err = module.run_command(cmd)
+    except Exception, e:
+        module.fail_json(msg=str(e))
+
+    msg = "Unexpected failure!"
+    dbtree = 'getent_%s' % database
+    results = { dbtree: {} }
+
+    if rc == 0:
+        for line in out.splitlines():
+            record = line.split(split)
+            results[dbtree][record[0]] = record[1:]
+
+        module.exit_json(ansible_facts=results)
+
+    elif rc == 1:
+        msg = "Missing arguments, or database unknown."
+    elif rc == 2:
+        msg = "One or more supplied key could not be found in the database."
+        if not fail_key:
+            results[dbtree][key] = None
+            module.exit_json(ansible_facts=results, msg=msg)
+    elif rc == 3:
+        msg = "Enumeration not supported on this database."
+
+    module.fail_json(msg=msg)
+
+# import module snippets
+from ansible.module_utils.basic import *
+
+main()
+

local.yml

@@ -4,7 +4,9 @@
 # * log into the target host
 # * run 'ansible-playbook -i localhost local.yml -K'
 ---
-- name: test playbook
+- include: "load-secrets.yml"
+
+- name: determine local host name
   hosts: all
   gather_facts: yes
   connection: local

roles/nginx/README.rst

@@ -0,0 +1,42 @@
+Nginx role
+==========
+
+The nginx role requires the following arguments:
+
+``server_name``
+    the fqdn of the server.
+
+    This will be used to name the configuration file as well as the server_name
+    parameter for nginx server section.
+
+``nginx_template``
+    The template to use to generate the configuration file.  Each template has
+    own parameters. The following templates are available (and no attempt to
+    validate the value is made):
+
+    ``static``
+        A template for static web site configuration.  Parameters:
+
+        ``server_root``
+            directory where the static content reside
+
+    ``proxy``
+        A template for a simple reverse-proxy setup.  Parameters:
+
+        ``upstream_url``
+            <host>:<port> of the upstream
+
+Examples
+--------
+
+Static::
+
+    - role: nginx
+      server_name: test.buildbot.net
+      server_root: /
+
+Proxy::
+
+    - role: nginx
+      server_name: test.buildbot.net
+      upstream: 192.168.1.0:8010

roles/nginx/handlers/main.yml

@@ -0,0 +1,6 @@
+# Nginx related handlers
+---
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded

roles/nginx/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+- name: install nginx package
+  pkgng:
+    name: nginx
+    state: present
+
+- name: make sure necessary configuration directories exist
+  file:
+    path: "{{ nginx_conf_dir }}/{{item}}"
+    mode: "0755"
+    state: directory
+  with_items:
+  - conf.d
+  - sites
+
+- name: make sure log directory exists
+  file:
+    path: "{{ item }}"
+    mode: "0755"
+    state: directory
+  with_items:
+  - "{{ nginx_log_dir }}"
+  - "{{ nginx_log_dir }}/{{ server_name }}"
+
+- name: make sure spool exists
+  file:
+    path: "{{ nginx_spool_dir }}"
+    mode: "0755"
+    state: directory
+    owner: "www"
+    group: "www"
+
+- name: install server configuration file
+  template:
+    src: "{{ nginx_template }}"
+    dest: "{{ nginx_conf_dir }}/sites/{{ server_name }}"
+  notify: reload nginx
+
+- name: install nginx.conf
+  template:
+    src: "nginx.conf"
+    dest: "{{ nginx_conf_dir }}/nginx.conf"
+  notify: reload nginx
+
+- name: enable and start nginx service
+  service:
+    name: nginx
+    enabled: true
+    state: running

roles/nginx/templates/nginx.conf

@@ -0,0 +1,24 @@
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+    sendfile on;
+    keepalive_timeout 65;
+
+    # Put default logs in the same place where other logs can be found
+    access_log {{nginx_log_dir}}/access.log;
+    error_log {{nginx_log_dir}}/error.log;
+
+    # To avoid temporary files/directories being removed by clean-tmp periodic
+    # task.
+    proxy_temp_path {{ nginx_spool_dir }}/proxy_temp 1 2;
+
+    include {{ nginx_conf_dir }}/conf.d/*.conf;
+    # TODO(sa2ajj): it might be good idea to use a particular .suffix
+    include {{ nginx_conf_dir }}/sites/*;
+}

roles/nginx/templates/proxy

@@ -0,0 +1,36 @@
+{#-
+ A template for a simple reverse-proxy setup.
+
+ Parameters:
+
+ server_name
+    server name (e.g. nine.buildbot.net)
+
+ upstream_url
+    <host>:<port> of the upstream
+ #}
+server {
+    listen 80;
+    server_name {{server_name}};
+
+    access_log {{nginx_log_dir}}/{{server_name}}/access.log;
+    error_log {{nginx_log_dir}}/{{server_name}}/error.log;
+
+    location / {
+        proxy_pass http://{{upstream_url}};
+
+        # These three lines would be required for web socket proxying
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    #error_page 404 /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page 500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/local/www/nginx-dist;
+    }
+}

roles/nginx/templates/static

@@ -0,0 +1,32 @@
+{#-
+ A template for a static web site configuration.
+
+ Parameters:
+
+ server_name
+    server name (e.g. docs.buildbot.net)
+
+ server_root
+    directory where the static contents reside
+ #}
+server {
+    listen 80;
+    server_name {{server_name}};
+
+    access_log {{nginx_log_dir}}/{{server_name}}/access.log;
+    error_log {{nginx_log_dir}}/{{server_name}}/error.log;
+
+    location / {
+        root {{server_root}};
+        index index.html index.htm;
+    }
+
+    #error_page 404 /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page 500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/local/www/nginx-dist;
+    }
+}

roles/nginx/vars/main.yml

@@ -0,0 +1,5 @@
+# Nginx role specific variables
+---
+nginx_conf_dir: "/usr/local/etc/nginx"
+nginx_log_dir: "/var/log/nginx"
+nginx_spool_dir: "/var/spool/nginx"