diff --git a/src/homework/08-ansible/8.3/playbook/group_vars/lighthouse/vars.yml b/src/homework/08-ansible/8.3/playbook/group_vars/lighthouse/vars.yml index 9991a0a..0a24b3c 100644 --- a/src/homework/08-ansible/8.3/playbook/group_vars/lighthouse/vars.yml +++ b/src/homework/08-ansible/8.3/playbook/group_vars/lighthouse/vars.yml @@ -1,5 +1,6 @@ --- nginx_username: dannc lighthouse_vcs: https://github.com/VKCOM/lighthouse.git +lighthouse_vcs_version: d701335c25cd1bb9b5155711190bad8ab852c2ce lighthouse_location: /var/www/lighthouse lighthouse_access_log_name: lighthouse diff --git a/src/homework/08-ansible/8.3/playbook/readme.md b/src/homework/08-ansible/8.3/playbook/readme.md index c00f2f1..f21b4bf 100644 --- a/src/homework/08-ansible/8.3/playbook/readme.md +++ b/src/homework/08-ansible/8.3/playbook/readme.md @@ -6,6 +6,10 @@ ## Parameters +Общие параметры: +- `ansible_user_id` - uid на стороне виртуальной машины +- `ansible_user_gid` - gid на стороне виртуальной машины + ### Clickhouse - `clickhouse_version` - версия `clickhouse`, которая будет установлена @@ -17,7 +21,11 @@ ### Lighthouse -// todo +- `nginx_username` - имя пользователя, из-под которого будет запущен процесс `nginx` +- `lighthouse_vcs` - путь до репозитория `lighthouse` +- `lighthouse_vcs_version` - версия внутри репозитория `lighthouse` (хэш коммита) +- `lighthouse_location` - путь до директории с `lighthouse` +- `lighthouse_access_log_name` - название лог-файла `nginx` для web-сервиса `lighthouse` ## Tags @@ -32,4 +40,4 @@ ### Lighthouse -// todo +- `lighthouse` - установка только `lighthouse` diff --git a/src/homework/08-ansible/8.3/playbook/site.yml b/src/homework/08-ansible/8.3/playbook/site.yml index 74ec98d..b6212af 100644 --- a/src/homework/08-ansible/8.3/playbook/site.yml +++ b/src/homework/08-ansible/8.3/playbook/site.yml @@ -2,17 +2,20 @@ - name: clickhouse hosts: clickhouse tasks: - - block: - - name: clickhouse | get distrib + - name: clickhouse | get distrib + block: + - name: clickhouse | get distrib noarch ansible.builtin.get_url: url: "https://packages.clickhouse.com/rpm/stable/{{ item }}-{{ clickhouse_version }}.noarch.rpm" dest: "./{{ item }}-{{ clickhouse_version }}.rpm" + mode: "755" with_items: "{{ clickhouse_packages }}" rescue: - - name: clickhouse | get distrib + - name: clickhouse | get distrib standard ansible.builtin.get_url: url: "https://packages.clickhouse.com/rpm/stable/clickhouse-common-static-{{ clickhouse_version }}.x86_64.rpm" dest: "./clickhouse-common-static-{{ clickhouse_version }}.rpm" + mode: "755" - name: clickhouse | install packages become: true ansible.builtin.yum: @@ -62,7 +65,12 @@ ansible.builtin.git: repo: "{{ lighthouse_vcs }}" dest: "{{ lighthouse_location }}" - # todo nginx forbidden 403 to the lighthouse/index.html + version: "{{ lighthouse_vcs_version }}" + - name: lighthouse | config selinux + become: true + ansible.builtin.command: + cmd: chcon -Rt httpd_sys_content_t /var/www + changed_when: false - name: lighthouse | install nginx become: true ansible.builtin.yum: @@ -73,16 +81,21 @@ ansible.builtin.template: src: "templates/nginx.conf.j2" dest: "/etc/nginx/nginx.conf" + mode: "755" - name: lighthouse | nginx lighthouse config become: true ansible.builtin.template: src: "templates/nginx.lighthouse.conf.j2" dest: "/etc/nginx/conf.d/lighthouse.conf" + mode: "755" - name: lighthouse | start nginx service become: true ansible.builtin.service: name: nginx state: started + - name: lighthouse | check service is accessible + ansible.builtin.uri: + url: http://localhost tags: - lighthouse @@ -93,11 +106,12 @@ become: true ansible.builtin.yum: name: - - tar + - tar - name: vector | get distrib ansible.builtin.get_url: url: "https://packages.timber.io/vector/{{ vector_version }}/vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" dest: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" + mode: "755" - name: vector | unpack distrib ansible.builtin.unarchive: src: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" @@ -111,7 +125,7 @@ remote_src: true mode: "755" - name: vector | check installed version - ansible.builtin.shell: + ansible.builtin.command: cmd: vector --version register: result changed_when: @@ -130,6 +144,7 @@ ansible.builtin.template: src: "templates/vector.config.j2" dest: "{{ vector_config_dir }}/vector.yaml" + mode: "755" - name: vector | register as service become: true ansible.builtin.template: diff --git a/src/homework/08-ansible/8.3/readme.md b/src/homework/08-ansible/8.3/readme.md index 7153c58..af0dffd 100644 --- a/src/homework/08-ansible/8.3/readme.md +++ b/src/homework/08-ansible/8.3/readme.md @@ -17,3 +17,427 @@ > Основная часть > 1. Допишите playbook: нужно сделать ещё один play, который устанавливает и настраивает lighthouse. +> 2. При создании tasks рекомендую использовать модули: get_url, template, yum, apt. +> 3. Tasks должны: скачать статику lighthouse, установить nginx или любой другой webserver, настроить его конфиг для открытия lighthouse, запустить webserver. + +Установка и настройка `lighthose` будет производиться при помощи следующих шагов. При этом выполняется условие, +что один шаг - один `task`. + +1. установим необходимые зависимости в систему: `git` и `epel-release` +2. создадим директорию `/var/www` с правами для текущего пользователя для хранения web-сервисов +3. создадим директорию `/var/log/nginx` с правами для текущего пользователя для записи логов `nginx` +4. склонируем репозиторий `lighthouse`. Путь возьмём из переменной `lighthouse_vcs`. +5. сконфигурируем `SElinux`, чтобы `nginx` имел доступ до директории `/var/www` ([stackoverflow](https://stackoverflow.com/questions/22586166/why-does-nginx-return-a-403-even-though-all-permissions-are-set-properly#answer-26228135)) +6. установим `nginx` официально рекомендуемым способом +7. скопируем на машину и заполним шаблон конфигурации `nginx` +8. скопируем на машину и заполним шаблон конфигурации web-сервиса `lighthouse` для `nginx` +9. запустим сервис `nginx` + +> 4. Приготовьте свой собственный inventory файл prod.yml. +> 5. Запустите ansible-lint site.yml и исправьте ошибки, если они есть + +Утилита `ansible-lint` не входит в стандартную поставку `ansible` и её необходимо установить отдельно: + +```shell +pip3 install "ansible-lint" --user +``` + +Запуск линтера: + +```shell +ansible-lint site.yml +``` + +```text +WARNING Overriding detected file kind 'yaml' with 'playbook' for given positional argument: site.yml +``` +> 6. Попробуйте запустить playbook на этом окружении с флагом `--check` + +```shell +ansible-playbook -i inventory/prod.yml site.yml --check +``` + +```text + ansible-playbook -i inventory/prod.yml site.yml --check + +PLAY [clickhouse] ****************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [clickhouse-01] + +TASK [clickhouse | get distrib noarch] ********************************************************************************* +ok: [clickhouse-01] => (item=clickhouse-client) +changed: [clickhouse-01] => (item=clickhouse-server) +failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"} + +TASK [clickhouse | get distrib standard] ******************************************************************************* +changed: [clickhouse-01] + +TASK [clickhouse | install packages] *********************************************************************************** +fatal: [clickhouse-01]: FAILED! => {"changed": false, "msg": "No RPM file matching 'clickhouse-common-static-22.3.3.44.rpm' found on system", "rc": 127, "results": ["No RPM file matching 'clickhouse-common-static-22.3.3.44.rpm' found on system"]} + +PLAY RECAP ************************************************************************************************************* +clickhouse-01 : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0 +``` + +`Play` по установке `clickhouse` прошел с ошибкой, так как при флаге `--check` реальных изменений не вносится, +а значит и файлы, необходимые для шага установки, не сохраняются. + +> 7. Запустите playbook на prod.yml окружении с флагом `--diff`. Убедитесь, что изменения на системе произведены. + +```shell +ansible-playbook -i inventory/prod.yml site.yml --diff +``` + +```text +PLAY [clickhouse] ****************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [clickhouse-01] + +TASK [clickhouse | get distrib noarch] ********************************************************************************* +ok: [clickhouse-01] => (item=clickhouse-client) +changed: [clickhouse-01] => (item=clickhouse-server) +failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"} + +TASK [clickhouse | get distrib standard] ******************************************************************************* +changed: [clickhouse-01] + +TASK [clickhouse | install packages] *********************************************************************************** +changed: [clickhouse-01] + +TASK [clickhouse | start service] ************************************************************************************** +changed: [clickhouse-01] + +TASK [clickhouse | create database] ************************************************************************************ +changed: [clickhouse-01] + +PLAY [lighthouse] ****************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | install dependencies] ******************************************************************************* +changed: [lighthouse-01] + +TASK [lighthouse | create nginx site dir] ****************************************************************************** +--- before ++++ after +@@ -1,6 +1,6 @@ + { +- "group": 0, +- "owner": 0, ++ "group": 1000, ++ "owner": 1000, + "path": "/var/www", +- "state": "absent" ++ "state": "directory" + } + +changed: [lighthouse-01] + +TASK [lighthouse | create nginx log dir] ******************************************************************************* +--- before ++++ after +@@ -1,6 +1,6 @@ + { +- "group": 0, +- "owner": 0, ++ "group": 1000, ++ "owner": 1000, + "path": "/var/log/nginx", +- "state": "absent" ++ "state": "directory" + } + +changed: [lighthouse-01] + +TASK [lighthouse | clone repository] *********************************************************************************** +>> Newly checked out d701335c25cd1bb9b5155711190bad8ab852c2ce +changed: [lighthouse-01] + +TASK [lighthouse | config selinux] ************************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | install nginx] ************************************************************************************** +changed: [lighthouse-01] + +TASK [lighthouse | nginx template config] ****************************************************************************** +--- before: /etc/nginx/nginx.conf ++++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmpvwdezckg/nginx.conf.j2 +@@ -1,17 +1,11 @@ +-# For more information on configuration, see: +-# * Official English Documentation: http://nginx.org/en/docs/ +-# * Official Russian Documentation: http://nginx.org/ru/docs/ ++user dannc; + +-user nginx; + worker_processes auto; + error_log /var/log/nginx/error.log; + pid /run/nginx.pid; + +-# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +-include /usr/share/nginx/modules/*.conf; +- + events { +- worker_connections 1024; ++ worker_connections 1024; + } + + http { +@@ -30,55 +24,5 @@ + include /etc/nginx/mime.types; + default_type application/octet-stream; + +- # Load modular configuration files from the /etc/nginx/conf.d directory. +- # See http://nginx.org/en/docs/ngx_core_module.html#include +- # for more information. + include /etc/nginx/conf.d/*.conf; +- +- server { +- listen 80; +- listen [::]:80; +- server_name _; +- root /usr/share/nginx/html; +- +- # Load configuration files for the default server block. +- include /etc/nginx/default.d/*.conf; +- +- error_page 404 /404.html; +- location = /404.html { +- } +- +- error_page 500 502 503 504 /50x.html; +- location = /50x.html { +- } +- } +- +-# Settings for a TLS enabled server. +-# +-# server { +-# listen 443 ssl http2; +-# listen [::]:443 ssl http2; +-# server_name _; +-# root /usr/share/nginx/html; +-# +-# ssl_certificate "/etc/pki/nginx/server.crt"; +-# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +-# ssl_session_cache shared:SSL:1m; +-# ssl_session_timeout 10m; +-# ssl_ciphers HIGH:!aNULL:!MD5; +-# ssl_prefer_server_ciphers on; +-# +-# # Load configuration files for the default server block. +-# include /etc/nginx/default.d/*.conf; +-# +-# error_page 404 /404.html; +-# location = /40x.html { +-# } +-# +-# error_page 500 502 503 504 /50x.html; +-# location = /50x.html { +-# } +-# } +- + } +- + +changed: [lighthouse-01] + +TASK [lighthouse | nginx lighthouse config] **************************************************************************** +--- before ++++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmp5ggb4hk2/nginx.lighthouse.conf.j2 +@@ -0,0 +1,10 @@ ++server { ++ listen 80; ++ ++ access_log /var/log/nginx/lighthouse.log; ++ ++ location / { ++ root /var/www/lighthouse; ++ index index.html; ++ } ++} + +changed: [lighthouse-01] + +TASK [lighthouse | start nginx service] ******************************************************************************** +changed: [lighthouse-01] + +TASK [lighthouse | check service is accessible] ************************************************************************ +ok: [lighthouse-01] + +PLAY [vector] ********************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [vector-01] + +TASK [vector | install archive manager] ******************************************************************************** +ok: [vector-01] + +TASK [vector | get distrib] ******************************************************************************************** +changed: [vector-01] + +TASK [vector | unpack distrib] ***************************************************************************************** +changed: [vector-01] + +TASK [vector | install] ************************************************************************************************ +changed: [vector-01] + +TASK [vector | check installed version] ******************************************************************************** +ok: [vector-01] + +TASK [vector | create data dir] **************************************************************************************** +--- before ++++ after +@@ -1,6 +1,6 @@ + { +- "group": 0, +- "owner": 0, ++ "group": 1000, ++ "owner": 1000, + "path": "/var/lib/vector", +- "state": "absent" ++ "state": "directory" + } + +changed: [vector-01] + +TASK [vector | template config] **************************************************************************************** +--- before ++++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmp227s1ei3/vector.config.j2 +@@ -0,0 +1 @@ ++data_dir: /var/lib/vector + +changed: [vector-01] + +TASK [vector | register as service] ************************************************************************************ +--- before ++++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmprmz1ok1o/vector.service.j2 +@@ -0,0 +1,7 @@ ++[Unit] ++Description=Vector service ++[Service] ++User=dannc ++Group=1000 ++ExecStart=/usr/local/bin/vector --config-yaml /var/lib/vector/vector.yaml --watch-config ++Restart=always + +changed: [vector-01] + +TASK [vector | start service] ****************************************************************************************** +changed: [vector-01] + +PLAY RECAP ************************************************************************************************************* +clickhouse-01 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0 +lighthouse-01 : ok=11 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +vector-01 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` + +> 8. Повторно запустите playbook с флагом `--diff` и убедитесь, что playbook идемпотентен. + +```shell +ansible-playbook -i inventory/prod.yml site.yml --diff +``` + +```text +PLAY [clickhouse] ****************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [clickhouse-01] + +TASK [clickhouse | get distrib noarch] ********************************************************************************* +ok: [clickhouse-01] => (item=clickhouse-client) +ok: [clickhouse-01] => (item=clickhouse-server) +failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"} + +TASK [clickhouse | get distrib standard] ******************************************************************************* +ok: [clickhouse-01] + +TASK [clickhouse | install packages] *********************************************************************************** +ok: [clickhouse-01] + +TASK [clickhouse | start service] ************************************************************************************** +changed: [clickhouse-01] + +TASK [clickhouse | create database] ************************************************************************************ +ok: [clickhouse-01] + +PLAY [lighthouse] ****************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | install dependencies] ******************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | create nginx site dir] ****************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | create nginx log dir] ******************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | clone repository] *********************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | config selinux] ************************************************************************************* +ok: [lighthouse-01] + +TASK [lighthouse | install nginx] ************************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | nginx template config] ****************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | nginx lighthouse config] **************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | start nginx service] ******************************************************************************** +ok: [lighthouse-01] + +TASK [lighthouse | check service is accessible] ************************************************************************ +ok: [lighthouse-01] + +PLAY [vector] ********************************************************************************************************** + +TASK [Gathering Facts] ************************************************************************************************* +ok: [vector-01] + +TASK [vector | install archive manager] ******************************************************************************** +ok: [vector-01] + +TASK [vector | get distrib] ******************************************************************************************** +ok: [vector-01] + +TASK [vector | unpack distrib] ***************************************************************************************** +ok: [vector-01] + +TASK [vector | install] ************************************************************************************************ +ok: [vector-01] + +TASK [vector | check installed version] ******************************************************************************** +ok: [vector-01] + +TASK [vector | create data dir] **************************************************************************************** +ok: [vector-01] + +TASK [vector | template config] **************************************************************************************** +ok: [vector-01] + +TASK [vector | register as service] ************************************************************************************ +ok: [vector-01] + +TASK [vector | start service] ****************************************************************************************** +changed: [vector-01] + +PLAY RECAP ************************************************************************************************************* +clickhouse-01 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0 +lighthouse-01 : ok=11 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +vector-01 : ok=10 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` + +Изменения были только с работой сервисов, всё остальное выполняется идемпотентно. + +> 9. Подготовьте README.md файл по своему playbook. В нём должно быть описано: что делает playbook, какие у него есть параметры и теги. + +[readme.md](./playbook/readme.md)