init

Author: MariuszJozwiak

group_vars/all.yml

@@ -955,7 +955,6 @@ magento_admin_user_lastname: Suite
 
 # Path to node warmup script executed at instance start relative to magento app root dir - never need to override...
 magento_node_warmup_script_path: /bin/node-warmup.sh
-mageops_wait_for_warmup_secs: 600
 
 # ------------------------------
 # --------  Magento SCD --------
@@ -1673,8 +1672,6 @@ varnish_strip_params:
   - "{{ https_termination_redirect_source_domain_param }}"
 
 varnish_debug_request_info_header_name: "{{ mageops_debug_http_header_prefix }}-Info-Varnish"
-varnish_bypass_request_info_header_name: "{{ mageops_bypass_http_header_prefix }}-Info-Varnish"
-
 
 # ----------------------------------------------------------
 # --------  Varnish Language Detection & Redirects  --------
@@ -1823,11 +1820,6 @@ mageops_cli_features_dir: /usr/local/lib/mageops/features
 # Whether to perform full update
 mageops_packages_full_update: yes
 
-# Package manager to use
-mageops_pkg_mgr:
-  # Supported options: dnf, yum
-  centos7: dnf
-
 # Packages that are ensured to be absent on all nodes
 mageops_packages_mirrorlist_countrycode: "de"
 
@@ -2055,4 +2047,5 @@ aws_pio_ebs_volume_size: "{{ aws_app_node_ebs_volume_size }}"
 # ----- New Relic -----
 # ---------------------
 new_relic_app_name: "{{ mageops_app_name }}"
-mageops_new_relic_enabled: yes
+mageops_new_relic_enabled: no
+# new_relic_license need to be set up

requirements-python.txt

@@ -4,10 +4,6 @@ ansible>=6,<7
 # make sure this is BEFORE boto3 and boto
 awscli
 
-# some tasks call aws command on localhost
-# make sure this is BEFORE boto3 and boto
-awscli
-
 # needed for inventory and aws modules
 boto3
 

roles/cs.aws-iam-employee-access/templates/employee_full_access.policy.json

@@ -29,6 +29,7 @@
             "Effect": "Allow",
             "Resource": "arn:aws:pi:*:*:metrics/rds/*"
         },
+
         {
             "Action": "ec2:*",
             "Effect": "Allow",
@@ -306,11 +307,6 @@
                 "freetier:Get*"
             ],
             "Resource": "*"
-        },
-        {
-            "Action": "dlm:*",
-            "Effect": "Allow",
-            "Resource": "*"
         }
     ]
 }

roles/cs.aws-iam/defaults/main.yml

@@ -12,9 +12,6 @@ aws_iam_policy_cloudwatch_metrics_access: "{{ aws_iam_name_prefix }}CloudWatchMe
 aws_iam_policy_lambda_access: "{{ aws_iam_name_prefix }}LambdaAccess"
 aws_iam_policy_kms_access: "{{ aws_iam_name_prefix }}KmsAccess"
 
-aws_iam_policy_dlm_sts_access: "{{ aws_iam_name_prefix }}DLMAllowSTSAccess"
-aws_iam_policy_dlm_aws_access: "{{ aws_iam_name_prefix }}DLMAccess"
-
 aws_iam_group_custom_policies: "{{ aws_iam_name_prefix }}CustomPolicies"
 aws_iam_group_standard_policies: "{{ aws_iam_name_prefix }}StandardPolicies"
 
@@ -32,5 +29,3 @@ aws_iam_role_node_coordinator_lambda_execution: "{{ aws_iam_name_prefix }}Handle
 aws_iam_role_app_node: "{{ aws_iam_name_prefix }}AppNode"
 aws_iam_role_varnish: "{{ aws_iam_role_app_node }}"
 aws_iam_role_persistent_node: "{{ aws_iam_name_prefix }}PersistentNode"
-
-aws_iam_role_dlm: "{{ aws_iam_name_prefix }}DLM"

roles/cs.aws-iam/tasks/dlm-roles.yaml

@@ -3,4 +3,3 @@
 - import_tasks: lambda-roles.yml
 - import_tasks: kms-roles.yml
 - import_tasks: provisioning-groups.yml
-- import_tasks: dlm-roles.yml

roles/cs.aws-iam/tasks/main.yml

@@ -1,5 +1,5 @@
 cloudflare_enabled: no
-# Accept only traffic coming from Cloudflare
+# Accept only traffic comming from Cloudflare
 cloudflare_exclusive_traffic: yes
 
 # configuration file paths

roles/cs.aws-iam/templates/aws_dlm_access.policy.json

@@ -10,12 +10,7 @@
 - name: Install geoupdate configuration
   template:
     src: GeoIP.conf.j2
-    dest: /usr/local/etc/GeoIP.conf
-
-- name: Install geoupdate 6.x configuration
-  template:
-    src: GeoIP6.conf.j2
-    dest: /usr/local/etc/GeoIP.conf
+    dest: /etc/GeoIP.conf
 
 - name: Update geolite2 databases
   shell: geoipupdate

roles/cs.aws-iam/templates/aws_dlm_sts_access.policy.json

@@ -63,8 +63,20 @@
             magento_core_config_settings: "{{ magento_core_config_settings + magento_baler_js_bundling_core_config }}"
   when: magento_scd_advanced_js_bundling and magento_scd_advanced_js_bundling_strategy == 'baler'
 
+- name: Install required python modules
+  yum:
+    # Required for the `mysql_query` module
+    name: python2-PyMySQL
+    state: present
+
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
 - name: Check if database is initialized
-  command: mysql -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';"
+  command: mysql --ssl-ca=/tmp/eu-central-1-bundle.pem -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';"
   changed_when: false
   register: admins
 

roles/cs.cloudflare/defaults/main.yml

@@ -9,54 +9,62 @@
     magento_core_config_settings: "{{ magento_core_config_settings + _extra_items }}"
   when: magento_varnish_host | default(false, true)
 
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
 - name: Ensure core config database settings' values
   community.mysql.mysql_query:
-    login_db: "{{ mageops_app_mysql_db }}"
+    name: "{{ mageops_app_mysql_db }}"
+    table: core_config_data
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
-    query: |
-      INSERT INTO `core_config_data`
-      SET
-        path = "{{ magento_db_setting.path | quote }}",
-        value = "{{ magento_db_setting.value | quote }}",
-        scope_id = 0,
-        scope = "default"
-      ON DUPLICATE KEY UPDATE
-        value = "{{ magento_db_setting.value | quote }}"
+    ca_cert: /tmp/eu-central-1-bundle.pem
+    identifiers:
+      path: "{{ magento_db_setting.path }}"
+    values:
+      value: "{{ magento_db_setting.value }}"
+    defaults:
+      scope_id: 0
+      scope: "default"
   when: not magento_db_setting.default | default(false) and magento_db_setting.value | default(false) is string and magento_db_setting.enabled | default(true)
   loop: "{{ magento_core_config_settings }}"
   loop_control:
     loop_var: magento_db_setting
 
 - name: Ensure core config database default values (no update if exists)
   community.mysql.mysql_query:
-    login_db: "{{ mageops_app_mysql_db }}"
+    name: "{{ mageops_app_mysql_db }}"
+    table: core_config_data
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
-    query: |
-      INSERT IGNORE INTO `core_config_data`
-      SET
-        path = "{{ magento_db_setting.path | quote }}",
-        value = "{{ magento_db_setting.value | quote }}",
-        scope_id = 0,
-        scope = "default"
+    ca_cert: /tmp/eu-central-1-bundle.pem
+    identifiers:
+      path: "{{ magento_db_setting.path }}"
+    defaults:
+      scope_id: 0
+      scope: "default"
+      value: "{{ magento_db_setting.value }}"
   when: magento_db_setting.default | default(false) and magento_db_setting.value | default(false) is string and magento_db_setting.enabled | default(true)
   loop: "{{ magento_core_config_settings }}"
   loop_control:
     loop_var: magento_db_setting
 
 - name: Ensure core config database settings are absent (defaults are used)
   community.mysql.mysql_query:
-    login_db: "{{ mageops_app_mysql_db }}"
+    state: absent
+    name: "{{ mageops_app_mysql_db }}"
+    table: core_config_data
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
-    query: |
-      DELETE FROM core_config_data
-      WHERE
-        path = "{{ magento_db_setting_path | quote }}"
+    ca_cert: /tmp/eu-central-1-bundle.pem
+    identifiers:
+      path: "{{ magento_db_setting_path }}"
   loop: "{{ magento_core_config_settings_to_remove }}"
   loop_control:
     loop_var: magento_db_setting_path

roles/cs.geolite2/tasks/main.yml

@@ -151,7 +151,6 @@ main::help() {
     main::eprintln "  is_feature_flag_set <feature>        Checks if there is any value set for feature flag"
     main::eprintln "                                       status code 0 means flag is set, 1 otherwise"
     main::eprintln "  apply_features                       Apply feature updates to this host"
-    main::eprintln "  clear_opcache                        Clears opcache for php and php-fpm"
     main::eprintln ""
     main::eprintln " Mageops cli tools"
     main::eprintln "  (c) Creativestyle 2020"

roles/cs.geolite2/templates/GeoIP6.conf.j2

@@ -1,10 +1,17 @@
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
 - name: Ensure project database exists
   mysql_db:
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_mysql_root_user }}"
     login_password: "{{ mageops_mysql_root_pass }}"
     name: "{{ mageops_app_mysql_db }}"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
 
 - name: Ensure project db user for external connections exists
   mysql_user:
@@ -15,6 +22,7 @@
     password: "{{ mageops_app_mysql_pass }}"
     host: "%"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
     priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}"
 
 - name: Ensure project db user for localhost exists
@@ -26,5 +34,6 @@
     password: "{{ mageops_app_mysql_pass }}"
     host: "localhost"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
     priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}"
   when: mysql_user_localhost_access

roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml

@@ -1,7 +1,7 @@
 new_relic_repo_url: http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
 new_relic_packages:
   - newrelic-php5
-new_relic_license:
+# new_relic_license:
 new_relic_app_name: "New relic app name"
 new_relic_collector_enabled: yes
 new_relic_ignore_user_exception_handler: no
@@ -15,7 +15,7 @@ new_relic_stact_trace_threshold: "3s"
 new_relic_explain_enabled: yes
 new_relic_explain_threshold: "500ms"
 new_relic_framework: magento2
-new_relic_enabled: "{{ new_relic_license != '' }}"
+new_relic_enabled: yes
 
 new_relic_cron_enabled: no
 new_relic_cron_start: "0 7 * * *" # From 7:00