Newer
Older
*Proposition of **minimal** ansible roles, to host and maintain services on premise or in the cloud.*
Supported systems : **Ubuntu 16.04 LTS**, **Ubuntu 18.04 LTS**
partially : **debian 9**
- "less is more" and "simpler is better"
- usage of Ansible for all good reasons
- minimisation of shell usage
- 1 configuration file per host with his complete definition and the list of instances
- 1 utility to manage inventory
- 1 utility to apply changes on servers
- possibility to recover backup on a separate dedicated machine, the master backup server
Technical choices:
- 2 physical partitions based configuration, 1 system, 1 programs and data, mounted on **/mnt/vdb** by default
- backup : **backupninja**, external backup in "master/slave" mode: an external server is connecting to the host to recover backups
- mail, alters : **postfix as SMTP relay**, possibility of bcc
- **all** services are provided using HTTPS with **letsencrypt** certificates
- an ubuntu machine with public IP. (**the server**)
- a machine with ansible to manage the servers with ansible. (**the controller**)
- on the server : optionally, recommended in option, a distinct partition for data and programs, mounted on /mnt/vdb by default. If absent, set **data_partition** to "no" in the host_vars
- on the server : **an administrative account** which can sudo commands as root without providing password
- on the server: an ssh key for the master backup server (can be the same as the administrative account, but not recommended)
- **a mail box** available via SMTP for alerts.
All relevant variables are in the group_vars base_server file, in PREREQUISITES sections
## 1 - The inventory
Here is the definition of the list of servers, the composition of server platform, the list of instances and all role variables.
in groups_vars :
***In bold**, groups to be defined specifically, as your needs.*
- secret : common secret variables (partner keys, smtp password...)
- - base_server : all common non secret variables
- - - **test** : all specifics variables for testings hosts
- - - **prod** : all specifics variables for production hosts
## 2 - The server
Here is the definition of the base of the server, it implements :
- the base file and directory organization
- the server localization
- the backup strategy
- the monitoring strategy
cf: ./doc/host_template.yml
## 3 - The platform
Here is the definition of the components used to run the instances, it implements :
- web server (nginx, apache,...)
- database server (mariadb, postgres, mongodb...)
- languages (php, python, nodejs...)
- associated monitoring
**role : base_platform**
## 4 - Instance deployment, upgrade, removal, maintenance, restoration, etc...
Here is the implemented methods for the full live of an instance :
for the deployment (install / reinstall command):
- download of the application
- database and dependencies management (letsencrypt certificate...)
- base configuration of the application
- backup and monitoring
- service start
for the upgrade (upgrade command):
- download of the new version
- service stop
- complete cold backup
- less or more automatic upgrading of the application
- service start
for the removal (uninstall command):
- stop backup and monitoring
- service stop
- program removal and database drop
- removal of associated tasks (logrotate...)
- revocation and deletion of the letsencrypt certificate
for the restoration (restore command):
- recovering of database and application files from archive, and restoration, except external data as users files for Nextcloud
Roles are using factorized parts and reusable (database creation, certificates etc...)
The inventory is managed with the utility program **inventory.py**
The application of the changes is done with the utility program **play.py** which generates the playbook and runs ansible.
Getting letsencrypt certificates during the nightly shutdown: **letsencrypt_nightly_new** :
## 8 - Special cases
Some roles are specifics, as the Collabora instance management :
**roles :**
- **collabora\_online\_instance**
- **mumble_server**
- **wekan_instance_snap**
- **turn\_server**
- **_master_backup_server**
## Documentation :
cf: ./doc
- base server (_python3)
- base platform (apache, nginx, mysql/mariadb, mongodb, nodejs, postgres, php7_fpm )
- _app_log_inventory, _app_backup, _app_logrotate, _app_monit, _create_database, _letsencrypt_certificate
- backup in master/slave mode
- nextcloud_instance (nginx, apache)
- collabora online_instance (official partner) (nginx, apache)
- dolibarr_instance (apache only)
- rocketchat_instance: unfortunately, it's now impossible to install several instances on the same host
- _web_app (chrooted sftp only user, git, static, php, python) (wordpress, grav, pelican, yeswiki, adminer etc...) (apache only)
- derived from _web_app : wordpress_instance, yeswiki_instance, adminer_instance
NEW ROLES OR IN PROGRESS (may be subject to important refactoring):
- _app_restore_instance
- empty_instance, grav_instance, pelican_instance,
- status.py : utility providing a rapid check of the production, still in development
- uninstall for mongodb databases / rocketchat
- database files in system partition : move /var/lib/ postgres.... in /mnt/vdb/ ... in study
- failtoban for services (or not)