dannc/netology-devops
1
0
Fork 0
mirror of https://github.com/Dannecron/netology-devops.git synced 2025-12-25 23:32:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

complete homework 8.3

Browse Source
This commit is contained in:
dannc
2022-07-28 10:38:29 +07:00
parent c4ad5d2340
commit fbece247aa
4 changed files with 456 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/homework/08-ansible/8.3/playbook/group_vars/lighthouse/vars.yml
View File

@@ -1,5 +1,6 @@
--- ---
nginx_username: dannc nginx_username: dannc
lighthouse_vcs: https://github.com/VKCOM/lighthouse.git lighthouse_vcs: https://github.com/VKCOM/lighthouse.git
lighthouse_vcs_version: d701335c25cd1bb9b5155711190bad8ab852c2ce
lighthouse_location: /var/www/lighthouse lighthouse_location: /var/www/lighthouse
lighthouse_access_log_name: lighthouse lighthouse_access_log_name: lighthouse

12
src/homework/08-ansible/8.3/playbook/readme.md
View File

@@ -6,6 +6,10 @@
## Parameters ## Parameters
Общие параметры:
- `ansible_user_id` - uid на стороне виртуальной машины
- `ansible_user_gid` - gid на стороне виртуальной машины
### Clickhouse ### Clickhouse
- `clickhouse_version` - версия `clickhouse`, которая будет установлена - `clickhouse_version` - версия `clickhouse`, которая будет установлена
@@ -17,7 +21,11 @@
### Lighthouse ### Lighthouse
// todo - `nginx_username` - имя пользователя, из-под которого будет запущен процесс `nginx`
- `lighthouse_vcs` - путь до репозитория `lighthouse`
- `lighthouse_vcs_version` - версия внутри репозитория `lighthouse` (хэш коммита)
- `lighthouse_location` - путь до директории с `lighthouse`
- `lighthouse_access_log_name` - название лог-файла `nginx` для web-сервиса `lighthouse`
## Tags ## Tags
@@ -32,4 +40,4 @@
### Lighthouse ### Lighthouse
// todo - `lighthouse` - установка только `lighthouse`

27
src/homework/08-ansible/8.3/playbook/site.yml
View File

@@ -2,17 +2,20 @@
- name: clickhouse - name: clickhouse
hosts: clickhouse hosts: clickhouse
tasks: tasks:
- block: - name: clickhouse | get distrib
- name: clickhouse | get distrib block:
- name: clickhouse | get distrib noarch
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://packages.clickhouse.com/rpm/stable/{{ item }}-{{ clickhouse_version }}.noarch.rpm" url: "https://packages.clickhouse.com/rpm/stable/{{ item }}-{{ clickhouse_version }}.noarch.rpm"
dest: "./{{ item }}-{{ clickhouse_version }}.rpm" dest: "./{{ item }}-{{ clickhouse_version }}.rpm"
mode: "755"
with_items: "{{ clickhouse_packages }}" with_items: "{{ clickhouse_packages }}"
rescue: rescue:
- name: clickhouse | get distrib - name: clickhouse | get distrib standard
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://packages.clickhouse.com/rpm/stable/clickhouse-common-static-{{ clickhouse_version }}.x86_64.rpm" url: "https://packages.clickhouse.com/rpm/stable/clickhouse-common-static-{{ clickhouse_version }}.x86_64.rpm"
dest: "./clickhouse-common-static-{{ clickhouse_version }}.rpm" dest: "./clickhouse-common-static-{{ clickhouse_version }}.rpm"
mode: "755"
- name: clickhouse | install packages - name: clickhouse | install packages
become: true become: true
ansible.builtin.yum: ansible.builtin.yum:
@@ -62,7 +65,12 @@
ansible.builtin.git: ansible.builtin.git:
repo: "{{ lighthouse_vcs }}" repo: "{{ lighthouse_vcs }}"
dest: "{{ lighthouse_location }}" dest: "{{ lighthouse_location }}"
# todo nginx forbidden 403 to the lighthouse/index.html version: "{{ lighthouse_vcs_version }}"
- name: lighthouse | config selinux
become: true
ansible.builtin.command:
cmd: chcon -Rt httpd_sys_content_t /var/www
changed_when: false
- name: lighthouse | install nginx - name: lighthouse | install nginx
become: true become: true
ansible.builtin.yum: ansible.builtin.yum:
@@ -73,16 +81,21 @@
ansible.builtin.template: ansible.builtin.template:
src: "templates/nginx.conf.j2" src: "templates/nginx.conf.j2"
dest: "/etc/nginx/nginx.conf" dest: "/etc/nginx/nginx.conf"
mode: "755"
- name: lighthouse | nginx lighthouse config - name: lighthouse | nginx lighthouse config
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: "templates/nginx.lighthouse.conf.j2" src: "templates/nginx.lighthouse.conf.j2"
dest: "/etc/nginx/conf.d/lighthouse.conf" dest: "/etc/nginx/conf.d/lighthouse.conf"
mode: "755"
- name: lighthouse | start nginx service - name: lighthouse | start nginx service
become: true become: true
ansible.builtin.service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
- name: lighthouse | check service is accessible
ansible.builtin.uri:
url: http://localhost
tags: tags:
- lighthouse - lighthouse
@@ -93,11 +106,12 @@
become: true become: true
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- tar - tar
- name: vector | get distrib - name: vector | get distrib
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://packages.timber.io/vector/{{ vector_version }}/vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" url: "https://packages.timber.io/vector/{{ vector_version }}/vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz"
dest: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" dest: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz"
mode: "755"
- name: vector | unpack distrib - name: vector | unpack distrib
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz" src: "./vector-{{ vector_version }}-x86_64-unknown-linux-musl.tar.gz"
@@ -111,7 +125,7 @@
remote_src: true remote_src: true
mode: "755" mode: "755"
- name: vector | check installed version - name: vector | check installed version
ansible.builtin.shell: ansible.builtin.command:
cmd: vector --version cmd: vector --version
register: result register: result
changed_when: changed_when:
@@ -130,6 +144,7 @@
ansible.builtin.template: ansible.builtin.template:
src: "templates/vector.config.j2" src: "templates/vector.config.j2"
dest: "{{ vector_config_dir }}/vector.yaml" dest: "{{ vector_config_dir }}/vector.yaml"
mode: "755"
- name: vector | register as service - name: vector | register as service
become: true become: true
ansible.builtin.template: ansible.builtin.template:

424
src/homework/08-ansible/8.3/readme.md
View File

@@ -17,3 +17,427 @@
> Основная часть > Основная часть
> 1. Допишите playbook: нужно сделать ещё один play, который устанавливает и настраивает lighthouse. > 1. Допишите playbook: нужно сделать ещё один play, который устанавливает и настраивает lighthouse.
> 2. При создании tasks рекомендую использовать модули: get_url, template, yum, apt.
> 3. Tasks должны: скачать статику lighthouse, установить nginx или любой другой webserver, настроить его конфиг для открытия lighthouse, запустить webserver.
Установка и настройка `lighthose` будет производиться при помощи следующих шагов. При этом выполняется условие,
что один шаг - один `task`.
1. установим необходимые зависимости в систему: `git` и `epel-release`
2. создадим директорию `/var/www` с правами для текущего пользователя для хранения web-сервисов
3. создадим директорию `/var/log/nginx` с правами для текущего пользователя для записи логов `nginx`
4. склонируем репозиторий `lighthouse`. Путь возьмём из переменной `lighthouse_vcs`.
5. сконфигурируем `SElinux`, чтобы `nginx` имел доступ до директории `/var/www` ([stackoverflow](https://stackoverflow.com/questions/22586166/why-does-nginx-return-a-403-even-though-all-permissions-are-set-properly#answer-26228135))
6. установим `nginx` официально рекомендуемым способом
7. скопируем на машину и заполним шаблон конфигурации `nginx`
8. скопируем на машину и заполним шаблон конфигурации web-сервиса `lighthouse` для `nginx`
9. запустим сервис `nginx`
> 4. Приготовьте свой собственный inventory файл prod.yml.
> 5. Запустите ansible-lint site.yml и исправьте ошибки, если они есть
Утилита `ansible-lint` не входит в стандартную поставку `ansible` и её необходимо установить отдельно:
```shell
pip3 install "ansible-lint" --user
```
Запуск линтера:
```shell
ansible-lint site.yml
```
```text
WARNING Overriding detected file kind 'yaml' with 'playbook' for given positional argument: site.yml
```
> 6. Попробуйте запустить playbook на этом окружении с флагом `--check`
```shell
ansible-playbook -i inventory/prod.yml site.yml --check
```
```text
ansible-playbook -i inventory/prod.yml site.yml --check
PLAY [clickhouse] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [clickhouse-01]
TASK [clickhouse | get distrib noarch] *********************************************************************************
ok: [clickhouse-01] => (item=clickhouse-client)
changed: [clickhouse-01] => (item=clickhouse-server)
failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"}
TASK [clickhouse | get distrib standard] *******************************************************************************
changed: [clickhouse-01]
TASK [clickhouse | install packages] ***********************************************************************************
fatal: [clickhouse-01]: FAILED! => {"changed": false, "msg": "No RPM file matching 'clickhouse-common-static-22.3.3.44.rpm' found on system", "rc": 127, "results": ["No RPM file matching 'clickhouse-common-static-22.3.3.44.rpm' found on system"]}
PLAY RECAP *************************************************************************************************************
clickhouse-01 : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
```
`Play` по установке `clickhouse` прошел с ошибкой, так как при флаге `--check` реальных изменений не вносится,
а значит и файлы, необходимые для шага установки, не сохраняются.
> 7. Запустите playbook на prod.yml окружении с флагом `--diff`. Убедитесь, что изменения на системе произведены.
```shell
ansible-playbook -i inventory/prod.yml site.yml --diff
```
```text
PLAY [clickhouse] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [clickhouse-01]
TASK [clickhouse | get distrib noarch] *********************************************************************************
ok: [clickhouse-01] => (item=clickhouse-client)
changed: [clickhouse-01] => (item=clickhouse-server)
failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"}
TASK [clickhouse | get distrib standard] *******************************************************************************
changed: [clickhouse-01]
TASK [clickhouse | install packages] ***********************************************************************************
changed: [clickhouse-01]
TASK [clickhouse | start service] **************************************************************************************
changed: [clickhouse-01]
TASK [clickhouse | create database] ************************************************************************************
changed: [clickhouse-01]
PLAY [lighthouse] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | install dependencies] *******************************************************************************
changed: [lighthouse-01]
TASK [lighthouse | create nginx site dir] ******************************************************************************
--- before
+++ after
@@ -1,6 +1,6 @@
{
- "group": 0,
- "owner": 0,
+ "group": 1000,
+ "owner": 1000,
"path": "/var/www",
- "state": "absent"
+ "state": "directory"
}
changed: [lighthouse-01]
TASK [lighthouse | create nginx log dir] *******************************************************************************
--- before
+++ after
@@ -1,6 +1,6 @@
{
- "group": 0,
- "owner": 0,
+ "group": 1000,
+ "owner": 1000,
"path": "/var/log/nginx",
- "state": "absent"
+ "state": "directory"
}
changed: [lighthouse-01]
TASK [lighthouse | clone repository] ***********************************************************************************
>> Newly checked out d701335c25cd1bb9b5155711190bad8ab852c2ce
changed: [lighthouse-01]
TASK [lighthouse | config selinux] *************************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | install nginx] **************************************************************************************
changed: [lighthouse-01]
TASK [lighthouse | nginx template config] ******************************************************************************
--- before: /etc/nginx/nginx.conf
+++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmpvwdezckg/nginx.conf.j2
@@ -1,17 +1,11 @@
-# For more information on configuration, see:
-# * Official English Documentation: http://nginx.org/en/docs/
-# * Official Russian Documentation: http://nginx.org/ru/docs/
+user dannc;
-user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
-# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
-include /usr/share/nginx/modules/*.conf;
-
events {
- worker_connections 1024;
+ worker_connections 1024;
}
http {
@@ -30,55 +24,5 @@
include /etc/nginx/mime.types;
default_type application/octet-stream;
- # Load modular configuration files from the /etc/nginx/conf.d directory.
- # See http://nginx.org/en/docs/ngx_core_module.html#include
- # for more information.
include /etc/nginx/conf.d/*.conf;
-
- server {
- listen 80;
- listen [::]:80;
- server_name _;
- root /usr/share/nginx/html;
-
- # Load configuration files for the default server block.
- include /etc/nginx/default.d/*.conf;
-
- error_page 404 /404.html;
- location = /404.html {
- }
-
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- }
- }
-
-# Settings for a TLS enabled server.
-#
-# server {
-# listen 443 ssl http2;
-# listen [::]:443 ssl http2;
-# server_name _;
-# root /usr/share/nginx/html;
-#
-# ssl_certificate "/etc/pki/nginx/server.crt";
-# ssl_certificate_key "/etc/pki/nginx/private/server.key";
-# ssl_session_cache shared:SSL:1m;
-# ssl_session_timeout 10m;
-# ssl_ciphers HIGH:!aNULL:!MD5;
-# ssl_prefer_server_ciphers on;
-#
-# # Load configuration files for the default server block.
-# include /etc/nginx/default.d/*.conf;
-#
-# error_page 404 /404.html;
-# location = /40x.html {
-# }
-#
-# error_page 500 502 503 504 /50x.html;
-# location = /50x.html {
-# }
-# }
-
}
-
changed: [lighthouse-01]
TASK [lighthouse | nginx lighthouse config] ****************************************************************************
--- before
+++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmp5ggb4hk2/nginx.lighthouse.conf.j2
@@ -0,0 +1,10 @@
+server {
+ listen 80;
+
+ access_log /var/log/nginx/lighthouse.log;
+
+ location / {
+ root /var/www/lighthouse;
+ index index.html;
+ }
+}
changed: [lighthouse-01]
TASK [lighthouse | start nginx service] ********************************************************************************
changed: [lighthouse-01]
TASK [lighthouse | check service is accessible] ************************************************************************
ok: [lighthouse-01]
PLAY [vector] **********************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [vector-01]
TASK [vector | install archive manager] ********************************************************************************
ok: [vector-01]
TASK [vector | get distrib] ********************************************************************************************
changed: [vector-01]
TASK [vector | unpack distrib] *****************************************************************************************
changed: [vector-01]
TASK [vector | install] ************************************************************************************************
changed: [vector-01]
TASK [vector | check installed version] ********************************************************************************
ok: [vector-01]
TASK [vector | create data dir] ****************************************************************************************
--- before
+++ after
@@ -1,6 +1,6 @@
{
- "group": 0,
- "owner": 0,
+ "group": 1000,
+ "owner": 1000,
"path": "/var/lib/vector",
- "state": "absent"
+ "state": "directory"
}
changed: [vector-01]
TASK [vector | template config] ****************************************************************************************
--- before
+++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmp227s1ei3/vector.config.j2
@@ -0,0 +1 @@
+data_dir: /var/lib/vector
changed: [vector-01]
TASK [vector | register as service] ************************************************************************************
--- before
+++ after: ~/.ansible/tmp/ansible-local-17718geqlcqyp/tmprmz1ok1o/vector.service.j2
@@ -0,0 +1,7 @@
+[Unit]
+Description=Vector service
+[Service]
+User=dannc
+Group=1000
+ExecStart=/usr/local/bin/vector --config-yaml /var/lib/vector/vector.yaml --watch-config
+Restart=always
changed: [vector-01]
TASK [vector | start service] ******************************************************************************************
changed: [vector-01]
PLAY RECAP *************************************************************************************************************
clickhouse-01 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0
lighthouse-01 : ok=11 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vector-01 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
> 8. Повторно запустите playbook с флагом `--diff` и убедитесь, что playbook идемпотентен.
```shell
ansible-playbook -i inventory/prod.yml site.yml --diff
```
```text
PLAY [clickhouse] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [clickhouse-01]
TASK [clickhouse | get distrib noarch] *********************************************************************************
ok: [clickhouse-01] => (item=clickhouse-client)
ok: [clickhouse-01] => (item=clickhouse-server)
failed: [clickhouse-01] (item=clickhouse-common-sta) => {"ansible_loop_var": "item", "changed": false, "dest": "./clickhouse-common-sta-22.3.3.44.rpm", "elapsed": 0, "item": "clickhouse-common-sta", "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://packages.clickhouse.com/rpm/stable/clickhouse-common-sta-22.3.3.44.noarch.rpm"}
TASK [clickhouse | get distrib standard] *******************************************************************************
ok: [clickhouse-01]
TASK [clickhouse | install packages] ***********************************************************************************
ok: [clickhouse-01]
TASK [clickhouse | start service] **************************************************************************************
changed: [clickhouse-01]
TASK [clickhouse | create database] ************************************************************************************
ok: [clickhouse-01]
PLAY [lighthouse] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | install dependencies] *******************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | create nginx site dir] ******************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | create nginx log dir] *******************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | clone repository] ***********************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | config selinux] *************************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | install nginx] **************************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | nginx template config] ******************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | nginx lighthouse config] ****************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | start nginx service] ********************************************************************************
ok: [lighthouse-01]
TASK [lighthouse | check service is accessible] ************************************************************************
ok: [lighthouse-01]
PLAY [vector] **********************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [vector-01]
TASK [vector | install archive manager] ********************************************************************************
ok: [vector-01]
TASK [vector | get distrib] ********************************************************************************************
ok: [vector-01]
TASK [vector | unpack distrib] *****************************************************************************************
ok: [vector-01]
TASK [vector | install] ************************************************************************************************
ok: [vector-01]
TASK [vector | check installed version] ********************************************************************************
ok: [vector-01]
TASK [vector | create data dir] ****************************************************************************************
ok: [vector-01]
TASK [vector | template config] ****************************************************************************************
ok: [vector-01]
TASK [vector | register as service] ************************************************************************************
ok: [vector-01]
TASK [vector | start service] ******************************************************************************************
changed: [vector-01]
PLAY RECAP *************************************************************************************************************
clickhouse-01 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0
lighthouse-01 : ok=11 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vector-01 : ok=10 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
Изменения были только с работой сервисов, всё остальное выполняется идемпотентно.
> 9. Подготовьте README.md файл по своему playbook. В нём должно быть описано: что делает playbook, какие у него есть параметры и теги.
[readme.md](./playbook/readme.md)