Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added lemp setup task (#3)
* Add LEMP installation

* Added tests for LEMP

* Fix ssh connection issue for newly created droplets

* Fix minor issues

* Fix travis
  • Loading branch information
jasonheecs committed Jun 25, 2018
1 parent 7e73a73 commit 1f19208
Show file tree
Hide file tree
Showing 16 changed files with 263 additions and 18 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Expand Up @@ -5,4 +5,5 @@ vendor
*.retry
roles/*
!roles/.gitkeep
group_vars/all/secret.yml
group_vars/all/secret.yml
.kitchen
38 changes: 38 additions & 0 deletions .kitchen.travis.yml
@@ -0,0 +1,38 @@
---
driver:
name: docker
use_sudo: false

provisioner:
hosts: test-kitchen
name: ansible_playbook
require_chef_for_busser: false
ansible_verbosity: 2
ansible_verbose: true
requirements_path: requirements.yml
idempotency_test: true
additional_copy_path: tasks
ansible_extra_flags: --skip-tags=mysql

platforms:
- name: ubuntu-16.04
driver_config:
image: williamyeh/ansible:ubuntu16.04-onbuild
platform: ubuntu
- name: ubuntu-14.04
driver_config:
image: williamyeh/ansible:ubuntu14.04-onbuild
platform: ubuntu

verifier:
name: serverspec

suites:
- name: lemp
driver:
provision_command:
- export LC_ALL=C
verifier:
default_pattern: true
bundler_path: '/usr/local/bin'
rspec_path: '/usr/local/bin'
6 changes: 4 additions & 2 deletions .travis.yml
Expand Up @@ -5,17 +5,19 @@ python: "2.7"
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
- gem install bundler

install:
- pip install ansible
- bundle install

script:
- "printf '[defaults]\nroles_path = ../' > ansible.cfg"
- ansible-galaxy install -r requirements.yml
- "printf 'localhost' > test/inventory"
- ansible-playbook -i test/inventory --syntax-check test/integration/default/default.yml
- ansible-playbook -i test/inventory --connection=local --become -vvvv --skip-tags "users,sshd" test/integration/default/default.yml
- KITCHEN_YAML=".kitchen.travis.yml" bundle exec kitchen test -c

notifications:
email: false
webhooks: https://galaxy.ansible.com/api/v1/notifications/
email: false
1 change: 1 addition & 0 deletions Gemfile
Expand Up @@ -2,6 +2,7 @@ source 'https://rubygems.org'

gem 'test-kitchen', '~> 1.8.0'
gem 'kitchen-vagrant'
gem 'kitchen-docker'
gem 'kitchen-ansible'
gem 'net-ssh'
gem 'serverspec'
Expand Down
77 changes: 77 additions & 0 deletions Gemfile.lock
@@ -0,0 +1,77 @@
GEM
remote: https://rubygems.org/
specs:
artifactory (2.8.2)
diff-lcs (1.3)
kitchen-ansible (0.48.5)
net-ssh (>= 3)
test-kitchen (~> 1.4)
kitchen-docker (2.6.0)
test-kitchen (>= 1.0.0)
kitchen-vagrant (1.3.2)
test-kitchen (~> 1.4)
kitchen-verifier-serverspec (0.6.11)
net-ssh (>= 3)
test-kitchen (~> 1.4)
mixlib-install (1.2.4)
artifactory
mixlib-shellout
mixlib-versioning
mixlib-shellout (2.3.2)
mixlib-versioning (1.2.2)
multi_json (1.13.1)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (3.2.0)
net-telnet (0.1.1)
rspec (3.7.0)
rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0)
rspec-mocks (~> 3.7.0)
rspec-core (3.7.1)
rspec-support (~> 3.7.0)
rspec-expectations (3.7.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.7.0)
rspec-its (1.2.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.7.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.7.0)
rspec-support (3.7.1)
safe_yaml (1.0.4)
serverspec (2.41.3)
multi_json
rspec (~> 3.0)
rspec-its
specinfra (~> 2.72)
sfl (2.3)
specinfra (2.73.3)
net-scp
net-ssh (>= 2.7, < 5.0)
net-telnet
sfl
test-kitchen (1.8.0)
mixlib-install (~> 1.0, >= 1.0.4)
mixlib-shellout (>= 1.2, < 3.0)
net-scp (~> 1.1)
net-ssh (>= 2.9, < 4.0)
safe_yaml (~> 1.0)
thor (~> 0.18)
thor (0.20.0)

PLATFORMS
ruby

DEPENDENCIES
kitchen-ansible
kitchen-docker
kitchen-vagrant
kitchen-verifier-serverspec
net-ssh
serverspec
test-kitchen (~> 1.8.0)

BUNDLED WITH
1.16.2
13 changes: 13 additions & 0 deletions group_vars/all/lemp.yml
@@ -0,0 +1,13 @@
---
nginx_vhosts:
# Example vhost below
- listen: "80" # default: "80"
server_name: "example.com" # default: N/A
root: "/var/www/example.com" # default: N/A

php_enable_php_fpm: true
php_webserver_daemon: "nginx"

mysql_users:
- name: mysqluser
password: mysqlabc
2 changes: 1 addition & 1 deletion group_vars/all/main.yml
Expand Up @@ -10,7 +10,7 @@ users:
authorized_keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
shell: /bin/bash
password: '{% if upassword is defined %}{{ upassword | password_hash("sha512") }}{% else %}{{ None }}{% endif %}'
password: '{% if user_acct_password is defined %}{{ user_acct_password | password_hash("sha512") }}{% else %}{{ None }}{% endif %}'
update_password: on_create
groups:
- sudo
Expand Down
5 changes: 4 additions & 1 deletion group_vars/all/secret.yml.example
Expand Up @@ -2,4 +2,7 @@
# Your DigitalOcean Personal Access Token (https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-api-v2)
do_api_token: inserttokenhere
# Additional SSH Keys to add to the droplet during the creation process (https://developers.digitalocean.com/documentation/v2/#ssh-keys)
droplet_additional_ssh_key_ids: []
droplet_additional_ssh_key_ids: []

# Password for new Ubuntu user account
user_acct_password: ~
1 change: 0 additions & 1 deletion hosts
@@ -1 +0,0 @@

52 changes: 43 additions & 9 deletions main.yml
Expand Up @@ -3,27 +3,47 @@
connection: local
become: no
roles:
- { role: digitalocean }
- { role: digitalocean, tags: [digitalocean] }

- hosts: do_droplet_in_memory
gather_facts: no
- hosts: localhost
connection: local
become: no
gather_facts: false
tasks:
- pause:
prompt: Enter password for new user account (Leave blank if you do not wish to set a password)
register: new_user_password
when: upassword is not defined
- set_fact: upassword={{ new_user_password.user_input }}
when: new_user_password.user_input is defined
- name: Waiting for droplet DNS to propagate
pause:
seconds: 30
when: droplet.changed

- hosts: do_droplet_in_memory
name: Test Connection and Determine Remote User
gather_facts: false
roles:
- { role: connection, tags: [connection] }
vars:
- ansible_python_interpreter: /usr/bin/python3
- local_python_interpreter: "{{ ansible_playbook_python }}"

- hosts: do_droplet_in_memory
gather_facts: no
become: no
roles:
- { role: python-raw }

- hosts: do_droplet_in_memory
become: no
gather_facts: true
tasks:
- name: Get local machine's IP address
set_fact:
local_machine_ip: "{{ ansible_env['SSH_CLIENT'].split() | first }}"
changed_when: false
vars:
- ansible_python_interpreter: /usr/bin/python3

- hosts: do_droplet_in_memory
become: yes
gather_facts: true
roles:
- { role: swapfile, tags: [swapfile] }
- { role: fail2ban, tags: [fail2ban] }
Expand All @@ -34,3 +54,17 @@
- { role: sshd, tags: [sshd] }
vars:
- ansible_python_interpreter: /usr/bin/python3
- fail2ban_ip_whitelist: "{{ local_machine_ip }}/8"

- hosts: do_droplet_in_memory
become: yes
vars_prompt:
- name: install_lemp
prompt: Do you want to install the LEMP stack (y/n)?
private: no
tasks:
- include: tasks/lemp.yml
when: install_lemp == 'y'
vars:
- ansible_ssh_user: "{{ (users|first).username }}"
- ansible_become_pass: "{{ user_acct_password }}"
22 changes: 19 additions & 3 deletions requirements.yml
@@ -1,6 +1,6 @@
- name: digitalocean
src: jasonheecs.digitalocean
version: 1.1.1
version: 1.2.0

- name: python-raw
src: jasonheecs.ubuntu-python-raw
Expand All @@ -12,7 +12,7 @@

- name: fail2ban
src: jasonheecs.ubuntu-fail2ban
version: 1.0.2
version: 1.1.0

- name: ufw
src: franklinkim.ufw
Expand All @@ -32,4 +32,20 @@

- name: sshd
src: willshersystems.sshd
version: v0.6.1
version: v0.6.1

- name: nginx
src: geerlingguy.nginx
version: 2.6.0

- name: php
src: geerlingguy.php
version: 3.6.0

- name: mysql
src: geerlingguy.mysql
version: 2.9.0

- name: php-mysql
src: geerlingguy.php-mysql
version: 2.0.1
24 changes: 24 additions & 0 deletions tasks/lemp.yml
@@ -0,0 +1,24 @@
---
- name: Install Nginx
include_role:
name: nginx
tags: nginx

- name: Add repository for PHP 7
apt_repository: repo='ppa:ondrej/php'
tags: php

- name: Install PHP
include_role:
name: php
tags: php

- name: Install MySql
include_role:
name: mysql
tags: mysql

- name: Install PHP MySql package
include_role:
name: php-mysql
tags: [php, mysql]
9 changes: 9 additions & 0 deletions test/integration/lemp/default.yml
@@ -0,0 +1,9 @@
---
- hosts: localhost
become: yes
tasks:
- include: tasks/lemp.yml
- name: Start Nginx for Docker
command: nginx
changed_when: false
ignore_errors: yes
19 changes: 19 additions & 0 deletions test/integration/lemp/serverspec/nginx_spec.rb
@@ -0,0 +1,19 @@
require_relative 'spec_helper'

describe package('nginx') do
it { should be_installed }
end

describe service('nginx') do
it { should be_enabled }
it { should be_running }
end

describe port(80) do
it { should be_listening }
end

describe file('/etc/nginx/sites-enabled/example.com.conf') do
it { should be_file }
its(:content) { should match /server_name example.com/ }
end
5 changes: 5 additions & 0 deletions test/integration/lemp/serverspec/php_spec.rb
@@ -0,0 +1,5 @@
require_relative 'spec_helper'

describe package('php7.0-common') do
it { should be_installed }
end
4 changes: 4 additions & 0 deletions test/integration/lemp/serverspec/spec_helper.rb
@@ -0,0 +1,4 @@
# Encoding: utf-8
require 'serverspec'

set :backend, :exec

0 comments on commit 1f19208

Please sign in to comment.