diff --git a/ansible.cfg b/ansible.cfg index 706cef5a..3e2d36c6 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,4 @@ [defaults] -ansible_python_interpreter = python - remote_user = root host_key_checking = no diff --git a/group_vars/all.yml b/group_vars/all.yml index ef28618d..d51f07e8 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -220,9 +220,9 @@ aws_tags_kms_database: # -------- AMI -------- # ----------------------- -# AMI Name search pattern matching official CentOS 7 Marketplace AMI +# AMI Name search pattern matching official Rocky linux 9 Marketplace AMI # Warning! You need to be subscribed to it first! -aws_ami_base_marketplace_name: "*b7ee8a69-ee97-4a49-9e68-afaee216db2e*" +aws_ami_base_marketplace_name: "Rocky-9-EC2-*" # Whether to kill previously created builder or reuse it on next run aws_ami_build_force_fresh_builder: no @@ -721,9 +721,7 @@ mageops_language_redirect_enable: no mageops_language_redirect_mode: normal # Configure a vmtouch daemon force-keeping magento sources / compiled opcache in RAM -mageops_magento_preload_fscache_enable: >- - {{ ( ansible_memtotal_mb | default(512, true) | int >= 7168 ) - and php_cli_opcache_file_cache_enable | default(false, true) }} +mageops_magento_preload_fscache_enable: no # Tune Linux Virtual Memory kernel sysctl params for lower disk IO mageops_app_node_optimize_kernel_vm_io: yes @@ -1330,7 +1328,7 @@ php_fpm_pool_name: "{{ mageops_app_type }}" php_fpm_umask: "{{ mageops_app_umask }}" -php_fpm_run_dir_path: "/var/run/php-fpm" +php_fpm_run_dir_path: "/run/php-fpm" php_fpm_log_dir_path: "/var/log/php-fpm" php_fpm_pool_conf_dir_path: "/etc/php-fpm.d" @@ -1556,7 +1554,7 @@ https_termination_proxy_http_port: "{{ https_termination_hide_varnish | default( https_termination_proxy_read_timeout: "{{ mageops_http_pipeline_request_timeout_override }}" # Special logging setup for requests for cacheable HTML pages which were a cache MISS -https_termination_page_cache_misses_logging: yes +https_termination_page_cache_misses_logging: no https_termination_page_cache_misses_logfile: "{{ nginx_log_dir }}/access.page-cache-misses.json.log" https_termination_redirect_source_domain_param: _redirect_from @@ -1772,10 +1770,10 @@ deploy_release_save_info_file_path: "{{ mageops_ansible_temp_dir }}/RELEASE.json # -------------------------------------- # Whether to install and enable the earlyoom daemon -mageops_earlyoom_enable: yes +mageops_earlyoom_enable: no earlyoom_ram_min_percent: 7 -earlyoom_swap_min_percent: 40 +earlyoom_swap_min_percent: 10 mageops_cli_features_dir: /usr/local/lib/mageops/features # ---------------------------- @@ -1794,11 +1792,8 @@ mageops_packages_banned: # Basic packages needed for ansible/provisioning mageops_packages_base: - - python - - python2-pip - - python2-PyMySQL - - yum-utils - - yum-plugin-verify + - python3-pip + - python3-PyMySQL - unzip - git - rsync @@ -1872,7 +1867,8 @@ packages_remove: "{{ mageops_packages_banned }}" # Package locks, for more info, check cs.versionlock role # Package locks per instance -versionlock_varnish_packages: [] +versionlock_varnish_packages: + - varnish-6.0.* versionlock_persistent_packages: [] versionlock_app_node_packages: [] diff --git a/requirements-galaxy.yml b/requirements-galaxy.yml index f4f5484e..477235e3 100644 --- a/requirements-galaxy.yml +++ b/requirements-galaxy.yml @@ -1,3 +1,4 @@ +roles: - src: geerlingguy.mysql - src: geerlingguy.composer - src: geerlingguy.ntp @@ -8,9 +9,7 @@ - src: pinkeen.postfix-relay version: v1.1 -- src: pinkeen.selinux-disable - version: v1.1 - -- src: zauberpony.mysql-query - version: v0.6.1 - +collections: +- name: community.aws +- name: amazon.aws +- name: community.mysql diff --git a/requirements-python.txt b/requirements-python.txt index a6deb79f..81eee6cd 100644 --- a/requirements-python.txt +++ b/requirements-python.txt @@ -1,4 +1,4 @@ -ansible>=2.9.16,<2.10 +ansible>=6,<7 # some tasks call aws command on localhost # make sure this is BEFORE boto3 and boto diff --git a/roles/cs.ansible-plugins/meta/main.yml b/roles/cs.ansible-plugins/meta/main.yml index 787cc75e..d6ad1d23 100644 --- a/roles/cs.ansible-plugins/meta/main.yml +++ b/roles/cs.ansible-plugins/meta/main.yml @@ -1,18 +1,2 @@ allow_duplicates: no dependencies: [] - -galaxy_info: - author: Filip Sobalski - description: A collection of ansible plugins - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - galaxy_tags: - - plugins - - filters - - filter_plugins - - ansible - - meta - - library - - diff --git a/roles/cs.aws-ami-facts/defaults/main.yml b/roles/cs.aws-ami-facts/defaults/main.yml index b5fb362b..f6d87bf7 100644 --- a/roles/cs.aws-ami-facts/defaults/main.yml +++ b/roles/cs.aws-ami-facts/defaults/main.yml @@ -1,25 +1,33 @@ +ami_facts_instance: "" +ami_facts_architecture: "{{ ami_facts_architecture_map[ami_facts_instance.split('.')[0]] }}" + +ami_facts_architecture_map: + t3: x86_64 + m6a: x86_64 + m6i: x86_64 + m6g: arm64 + t4g: arm64 + c6g: arm64 + c5: x86_64 + c5a: x86_64 + c6i: x86_64 + c6a: x86_64 + c7g: arm64 + r6a: x86_64 + r6i: x86_64 + r6g: arm64 + r5: x86_64 + r5a: x86_64 + r5b: x86_64 + ami_facts_common_filters: state: "available" - architecture: "x86_64" - -# Deprecated - CentOS no longer updates the Marketplace AMIs -# ami_facts_clean_base_filters: -# name: "{{ aws_ami_base_marketplace_name }}" -# is-public: "true" -# owner-alias: "aws-marketplace" - -# The image id of CentOS AWS images needs to be hardcoded and manually update now. -# Warning! The ids are different for each region, for no we use a hardcoded -# values for eu-central-1. -# Find the latest CentOS ami ids here: https://www.centos.org/download/aws-images/ -ami_centos7_id: -# eu-central-1: ami-08b6d44b4f6f7b279 # original - eu-central-1: ami-0e4f9c05326f650df # cs-centos7-update-2022-08-01 - -ami_base_system_image_id: "{{ ami_centos7_id[aws_region | default('eu-central-1')] }}" + architecture: "{{ ami_facts_architecture }}" ami_facts_clean_base_filters: - image-id: "{{ ami_base_system_image_id }}" + name: "{{ aws_ami_base_marketplace_name }}" + is-public: "true" + owner-alias: "aws-marketplace" ami_facts_app_node_tags: "{{ aws_tags_base | combine(aws_tags_role_app) }}" @@ -35,3 +43,4 @@ ami_facts_app_node_base_filters: >- }} ami_facts_app_node_filters: {} +aws_ami_clean_base_info: {} diff --git a/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml b/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml index 6537aa1e..a87f9887 100644 --- a/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml +++ b/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml @@ -1,10 +1,10 @@ - name: Find app node AMIs - ec2_ami_facts: + amazon.aws.ec2_ami_info: region: "{{ aws_region }}" filters: >- {{ ami_facts_common_filters | combine( - ami_facts_app_node_base_filters, - ami_facts_app_node_filters, + ami_facts_app_node_base_filters, + ami_facts_app_node_filters, ami_facts_app_node_tag_filters) }} vars: ami_facts_app_node_tag_filters: "{{ ami_facts_app_node_tags | prefix_keys('tag:') }}" @@ -22,7 +22,7 @@ aws_ami_app_node_id: "{{ aws_ami_app_node_info.image_id }}" aws_ami_app_node_name: "{{ aws_ami_app_node_info.name }}" aws_ami_app_node_location: "{{ aws_ami_app_node_info.image_location }}" - aws_ami_app_node_needs_db_migrations: "{{ aws_ami_app_node_info.tags.NeedsDbMigrations | default('true') | from_json }}" + aws_ami_app_node_needs_db_migrations: "{{ aws_ami_app_node_info.tags.NeedsDbMigrations | default('true') | from_json }}" aws_ami_app_node_artifact_build_nr: "{{ aws_ami_app_node_info.tags.ArtifactBuildNr | default('null') | from_json }}" - name: Print information about newest app node AMI found @@ -31,10 +31,10 @@ msg: | =============================================================== = Found App Node AMI = - =============================================================== + =============================================================== {% if ami_facts_app_node_force_id %}Note: Using forced specific AMI id.{% endif %} - + {{ aws_ami_app_node_name }} ({{ aws_ami_app_node_id }}) Baked App artifact build: #{{ aws_ami_app_node_artifact_build_nr | default('unknown', true) }} @@ -50,4 +50,4 @@ - name: Print information if no images were found when: ami_app_node_facts.images | length == 0 debug: - msg: "No previous app node AMI was found! Clean build is coming..." \ No newline at end of file + msg: "No previous app node AMI was found! Clean build is coming..." diff --git a/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml b/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml index ba23123d..d481d5c8 100644 --- a/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml +++ b/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml @@ -1,24 +1,27 @@ -- name: Find clean base AMIs - ec2_ami_facts: - region: "{{ aws_region }}" - filters: "{{ ami_facts_common_filters | combine(ami_facts_clean_base_filters) }}" - register: ami_clean_base_facts +- block: + - name: Find clean base AMIs + amazon.aws.ec2_ami_info: + region: "{{ aws_region }}" + filters: "{{ ami_facts_common_filters | combine(ami_facts_clean_base_filters) }}" + register: ami_clean_base_facts -- name: Fail if no clean base AMI is found - fail: - msg: Error! No clean base AMI found! - when: ami_clean_base_facts.images | length == 0 + - name: Fail if no clean base AMI is found + fail: + msg: Error! No clean base AMI found! + when: ami_clean_base_facts.images | length == 0 -- name: Set latest clean base AMI info fact - set_fact: - aws_ami_clean_base_info: "{{ ami_clean_base_facts.images | sort(attribute='creation_date') | last }}" + - name: Set latest clean base AMI info fact + set_fact: + aws_ami_clean_base_info_best: "{{ ami_clean_base_facts.images | sort(attribute='creation_date') | last }}" + + - name: Set base clean AMI facts + set_fact: + aws_ami_clean_base_info: "{{ aws_ami_clean_base_info | combine( {ami_facts_architecture: aws_ami_clean_base_info_best} ) }}" + when: aws_ami_clean_base_info[ami_facts_architecture] is not defined - name: Set base clean AMI facts set_fact: - aws_ami_clean_base_id: "{{ aws_ami_clean_base_info.image_id }}" - aws_ami_clean_base_name: "{{ aws_ami_clean_base_info.name }}" - aws_ami_clean_base_location: "{{ aws_ami_clean_base_info.image_location }}" - aws_ami_root_device: "{{ aws_ami_clean_base_info.root_device_name }}" + aws_ami_clean_base_info: "{{ aws_ami_clean_base_info | combine( {ami_facts_instance: aws_ami_clean_base_info[ami_facts_architecture]} ) }}" - name: Print information about base AMI found debug: @@ -26,9 +29,4 @@ Clean base AMI information ========================== - {{ aws_ami_clean_base_name }} [{{ aws_ami_clean_base_id }}] - ({{ aws_ami_clean_base_location }}) - - --- Details --- - - {{ aws_ami_clean_base_info | to_nice_yaml }} \ No newline at end of file + {{ aws_ami_clean_base_info | to_nice_yaml }} diff --git a/roles/cs.aws-autoscaling/meta/main.yml b/roles/cs.aws-autoscaling/meta/main.yml index 7b928d58..30782307 100644 --- a/roles/cs.aws-autoscaling/meta/main.yml +++ b/roles/cs.aws-autoscaling/meta/main.yml @@ -2,4 +2,3 @@ dependencies: - role: cs.ansible-plugins - role: cs.aws-vpc-facts - role: cs.aws-security-group-facts - - role: cs.aws-ami-facts diff --git a/roles/cs.aws-cli/tasks/main.yml b/roles/cs.aws-cli/tasks/main.yml index 4d2afaa7..aed7d282 100644 --- a/roles/cs.aws-cli/tasks/main.yml +++ b/roles/cs.aws-cli/tasks/main.yml @@ -1,12 +1,11 @@ -- name: Make sure pip aws is not installed - pip: - name: awscli - state: absent +# - name: Make sure pip aws is not installed +# pip: +# name: awscli +# state: absent - name: Install awscli - yum: + dnf: name: awscli - enablerepo: mageops state: latest - name: Ensure default AWS Region is set @@ -14,4 +13,4 @@ path: /root/.aws/credentials section: default option: region - value: "{{ aws_region }}" \ No newline at end of file + value: "{{ aws_region }}" diff --git a/roles/cs.aws-cloudfront-facts/tasks/main.yml b/roles/cs.aws-cloudfront-facts/tasks/main.yml index 18338720..8fe691dc 100644 --- a/roles/cs.aws-cloudfront-facts/tasks/main.yml +++ b/roles/cs.aws-cloudfront-facts/tasks/main.yml @@ -1,18 +1,19 @@ - name: Get list of cloudfront distributions - cloudfront_facts: + community.aws.cloudfront_info: region: "{{ aws_region }}" + summary: yes register: cloudfront_distributions_info - name: Set list of cloudfront distributions set_fact: - aws_cloudfront_distributions: "{{ cloudfront_distributions_info.ansible_facts.cloudfront.summary.distributions }}" - + aws_cloudfront_distributions: "{{ cloudfront_distributions_info.cloudfront.summary.distributions }}" + - name: Filter cloudfront distribution list by tags set_fact: aws_cloudfront_distributions: "{{ aws_cloudfront_distributions | json_query(distributions_tag_filter_query) }}" vars: distributions_tag_filter_query: "[?{% for k, v in aws_cloudfront_distribution_tags.items() -%}Tags.{{ k }} == '{{ v }}'{% if not loop.last %} && {% endif %}{% endfor %}]" - + - name: Warn when more than one distribution has been found debug: msg: | @@ -31,4 +32,4 @@ debug: msg: | Using Cloudfront Distribution: {{ aws_cloudfront_distribution_id }} with domain {{ aws_cloudfront_distribution_domain }} - when: aws_cloudfront_distributions | length > 0 \ No newline at end of file + when: aws_cloudfront_distributions | length > 0 diff --git a/roles/cs.aws-ebs-vol/tasks/main.yml b/roles/cs.aws-ebs-vol/tasks/main.yml index b953f192..5c6e2d0a 100644 --- a/roles/cs.aws-ebs-vol/tasks/main.yml +++ b/roles/cs.aws-ebs-vol/tasks/main.yml @@ -90,4 +90,4 @@ loop_control: loop_var: volume label: "{{ volume.VolumeId }} / {{ volume | pick_keys(aws_ebs_volume_modify_params.keys()) | to_yaml | trim }} -> {{ aws_ebs_volume_modify_params | to_yaml| trim }}" - loop: "{{ ( aws_ebs_volume_describe.stdout | from_json ).Volumes }}" \ No newline at end of file + loop: "{{ ( aws_ebs_volume_describe.stdout | from_json ).Volumes }}" diff --git a/roles/cs.aws-ec2-cleanup/tasks/main.yml b/roles/cs.aws-ec2-cleanup/tasks/main.yml index 6fa173c5..4e86be70 100644 --- a/roles/cs.aws-ec2-cleanup/tasks/main.yml +++ b/roles/cs.aws-ec2-cleanup/tasks/main.yml @@ -1,5 +1,5 @@ - name: Get available Lauch Configurations - ec2_lc_facts: + community.aws.ec2_lc_info: region: "{{ aws_region }}" sort: created_time sort_order: descending diff --git a/roles/cs.aws-efs/tasks/main.yml b/roles/cs.aws-efs/tasks/main.yml index d7584151..8091fd98 100644 --- a/roles/cs.aws-efs/tasks/main.yml +++ b/roles/cs.aws-efs/tasks/main.yml @@ -39,7 +39,7 @@ --lifecycle-policies '{{ efs_lifecycle_policies | to_json }}' - name: Install AWS EFS utils - yum: + dnf: name: - stunnel - nfs-utils diff --git a/roles/cs.aws-facts-all/meta/main.yml b/roles/cs.aws-facts-all/meta/main.yml index 81be9666..1de469c1 100644 --- a/roles/cs.aws-facts-all/meta/main.yml +++ b/roles/cs.aws-facts-all/meta/main.yml @@ -14,4 +14,4 @@ dependencies: - role: cs.aws-ami-facts when: aws_facts_gather_ami - role: cs.aws-autoscaling-facts - when: aws_facts_autoscaling \ No newline at end of file + when: aws_facts_autoscaling diff --git a/roles/cs.aws-lambda-import/defaults/main.yml b/roles/cs.aws-lambda-import/defaults/main.yml index 44d4b7fd..bfdffabf 100644 --- a/roles/cs.aws-lambda-import/defaults/main.yml +++ b/roles/cs.aws-lambda-import/defaults/main.yml @@ -3,6 +3,6 @@ aws_import_scaling_lambda_schedule: rate(5 minutes) aws_lambda_handle_import_scaling_name: "handleImportScaling-{{ mageops_app_name }}" aws_lambda_handle_import_scaling_runtime: python3.7 -aws_lambda_import_scaling_deploy_package_version: "1.7.0" +aws_lambda_import_scaling_deploy_package_version: "1.7.1" aws_lambda_import_scaling_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/{{ aws_lambda_import_scaling_deploy_package_version }}/autoscaling-lambdas-deploy-package.python3.7.zip" -aws_lambda_import_scaling_deploy_package_path: "{{ mageops_ansible_temp_dir }}/import-scaling-lambda-deploy-package-{{ aws_lambda_import_scaling_deploy_package_version }}.zip" \ No newline at end of file +aws_lambda_import_scaling_deploy_package_path: "{{ mageops_ansible_temp_dir }}/import-scaling-lambda-deploy-package-{{ aws_lambda_import_scaling_deploy_package_version }}.zip" diff --git a/roles/cs.aws-lambda-varnish/defaults/main.yml b/roles/cs.aws-lambda-varnish/defaults/main.yml index adffe325..51b4bd2e 100644 --- a/roles/cs.aws-lambda-varnish/defaults/main.yml +++ b/roles/cs.aws-lambda-varnish/defaults/main.yml @@ -1,5 +1,5 @@ -aws_lambda_varnish_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/1.6.0/autoscaling-lambdas-deploy-package.python3.7.zip" -aws_lambda_varnish_deploy_package_path: "{{ mageops_ansible_temp_dir }}/varnish-lambda-deploy-package.zip" +aws_lambda_varnish_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/1.7.1/autoscaling-lambdas-deploy-package.python3.7.zip" +aws_lambda_varnish_deploy_package_path: "{{ mageops_ansible_temp_dir }}/varnish-lambda-deploy-package-f44a1b91479964bca0e73e222c1c004f08e87a3c.zip" aws_lambda_varnish_runtime: python3.7 aws_lambda_handle_varnish_autoscaling_event_name: "handleVarnishAutoscalingEvent-{{ mageops_app_name }}" diff --git a/roles/cs.aws-logs/tasks/002-install-daemon.yml b/roles/cs.aws-logs/tasks/002-install-daemon.yml index 8e479d50..1be220b6 100644 --- a/roles/cs.aws-logs/tasks/002-install-daemon.yml +++ b/roles/cs.aws-logs/tasks/002-install-daemon.yml @@ -1,5 +1,4 @@ - name: Install AWS Cloudwatch Agent - yum: + dnf: name: "{{ aws_cloudwatch_agent_package }}" state: latest - diff --git a/roles/cs.aws-logs/tasks/004-setup-magento-crash-report-handler.yml b/roles/cs.aws-logs/tasks/004-setup-magento-crash-report-handler.yml index 580dc24a..68aa7320 100644 --- a/roles/cs.aws-logs/tasks/004-setup-magento-crash-report-handler.yml +++ b/roles/cs.aws-logs/tasks/004-setup-magento-crash-report-handler.yml @@ -1,9 +1,9 @@ - name: Install AWS Exception Forwarder package - yum: + dnf: name: "{{ aws_cloudwatch_exception_forwarder_package }}" - name: Set up magento exception report pushing cronjob cron: name: "Push magento exception reports to CloudWatch Logs" minute: "*/2" - job: "/bin/aws-excfwd push:directory -v --formatter=serialized_array --region={{ aws_region }} --group=/{{ mageops_project }}/{{ mageops_environment }}/magento/report {{ aws_logs_project_root }}/var/report/ --stream={{ aws_logs_stream_name }}" \ No newline at end of file + job: "/bin/aws-excfwd push:directory -v --formatter=serialized_array --region={{ aws_region }} --group=/{{ mageops_project }}/{{ mageops_environment }}/magento/report {{ aws_logs_project_root }}/var/report/ --stream={{ aws_logs_stream_name }}" diff --git a/roles/cs.aws-node-ami-builder/meta/main.yml b/roles/cs.aws-node-ami-builder/meta/main.yml index 7d34cfe6..0d6ca489 100644 --- a/roles/cs.aws-node-ami-builder/meta/main.yml +++ b/roles/cs.aws-node-ami-builder/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - - role: cs.aws-ami-facts \ No newline at end of file + - role: cs.aws-ami-facts + ami_facts_instance: "{{ aws_app_builder_node_instance_type }}" diff --git a/roles/cs.aws-node-ami-builder/tasks/main.yml b/roles/cs.aws-node-ami-builder/tasks/main.yml index 41acff63..8afe5c8c 100644 --- a/roles/cs.aws-node-ami-builder/tasks/main.yml +++ b/roles/cs.aws-node-ami-builder/tasks/main.yml @@ -50,8 +50,7 @@ | flatten | map(attribute='value') | map(attribute='volume_id') - | list - | to_nice_json }} + | list }} aws_ebs_volume_modify_type: "{{ aws_builder_node_ebs_volume_type }}" aws_ebs_volume_modify_iops: "{{ aws_builder_node_ebs_gp3_iops }}" aws_ebs_volume_modify_throughput: "{{ aws_builder_node_ebs_gp3_throughput }}" diff --git a/roles/cs.aws-node-facts/tasks/main.yml b/roles/cs.aws-node-facts/tasks/main.yml index d04e84ca..166d4081 100644 --- a/roles/cs.aws-node-facts/tasks/main.yml +++ b/roles/cs.aws-node-facts/tasks/main.yml @@ -46,6 +46,8 @@ aws_app_builder_node_ami_id: "{{ aws_nodes_info.app_builder.image_id | default(omit, true) }}" aws_persistent_node_ami_id: "{{ aws_nodes_info.persistent.image_id | default(omit, true) }}" aws_varnish_node_ami_id: "{{ aws_nodes_info.varnish_loadbalancer.image_id | default(omit, true) }}" + # Ansible require at least one variable to be set in set_fact, this dummy set is required in case there is no instances present + _dummy: "_" - name: Set varnish host to varnish loadbalancer set_fact: diff --git a/roles/cs.aws-node-persistent/defaults/main.yml b/roles/cs.aws-node-persistent/defaults/main.yml index a0129f90..7c2ee825 100644 --- a/roles/cs.aws-node-persistent/defaults/main.yml +++ b/roles/cs.aws-node-persistent/defaults/main.yml @@ -1,4 +1,4 @@ -aws_persistent_node_ami_id: "{{ aws_ami_clean_base_id }}" +aws_persistent_node_ami_id: "{{ aws_ami_clean_base_info[aws_persistent_node_instance_type].image_id }}" aws_persistent_node_instance_type: t3a.micro aws_persistent_node_ebs_volume_size: 10 aws_ansible_persistent_node_inventory_group: persistent @@ -13,4 +13,4 @@ aws_persistent_node_security_groups: aws_persistent_node_ebs_volume_type: "{{ aws_ec2_ebs_volume_type | default('gp3', true) }}" aws_persistent_node_ebs_gp3_convert: "{{ aws_ec2_ebs_gp3_convert | default(false) }}" aws_persistent_node_ebs_gp3_iops: "{{ aws_ec2_ebs_gp3_iops | default(3000, true) }}" -aws_persistent_node_ebs_gp3_throughput: "{{ aws_ec2_ebs_gp3_throughput | default(125, true) }}" \ No newline at end of file +aws_persistent_node_ebs_gp3_throughput: "{{ aws_ec2_ebs_gp3_throughput | default(125, true) }}" diff --git a/roles/cs.aws-node-persistent/tasks/main.yml b/roles/cs.aws-node-persistent/tasks/main.yml index f474aa9f..d36e61f1 100644 --- a/roles/cs.aws-node-persistent/tasks/main.yml +++ b/roles/cs.aws-node-persistent/tasks/main.yml @@ -60,14 +60,13 @@ name: cs.aws-ebs-vol vars: aws_ebs_volume_modify_ids: >- - {{ ( aws_persistent_ec2.instances + aws_persistent_ec2.tagged_instances ) - | map(attribute='block_device_mapping') - | map('dict2items') - | flatten + {{ ( aws_persistent_ec2.instances + aws_persistent_ec2.tagged_instances ) + | map(attribute='block_device_mapping') + | map('dict2items') + | flatten | map(attribute='value') | map(attribute='volume_id') - | list - | to_nice_json }} + | list }} aws_ebs_volume_modify_type: "{{ aws_persistent_node_ebs_volume_type }}" aws_ebs_volume_modify_iops: "{{ aws_persistent_node_ebs_gp3_iops }}" aws_ebs_volume_modify_throughput: "{{ aws_persistent_node_ebs_gp3_throughput }}" diff --git a/roles/cs.aws-node-varnish/defaults/main.yml b/roles/cs.aws-node-varnish/defaults/main.yml index bf2c6baa..e8e1b8e6 100644 --- a/roles/cs.aws-node-varnish/defaults/main.yml +++ b/roles/cs.aws-node-varnish/defaults/main.yml @@ -1,4 +1,4 @@ -aws_varnish_node_ami_id: "{{ aws_ami_clean_base_id }}" +aws_varnish_node_ami_id: "{{ aws_ami_clean_base_info[aws_varnish_node_instance_type].image_id }}" aws_varnish_node_instance_type: t3a.micro aws_varnish_node_ebs_volume_size: 10 aws_ansible_varnish_node_inventory_group: varnish @@ -14,4 +14,3 @@ aws_varnish_node_ebs_volume_type: "{{ aws_ec2_ebs_volume_type | default('gp3', t aws_varnish_node_ebs_gp3_convert: "{{ aws_ec2_ebs_gp3_convert | default(false) }}" aws_varnish_node_ebs_gp3_iops: "{{ aws_ec2_ebs_gp3_iops | default(3000, true) }}" aws_varnish_node_ebs_gp3_throughput: "{{ aws_ec2_ebs_gp3_throughput | default(125, true) }}" - diff --git a/roles/cs.aws-node-varnish/tasks/main.yml b/roles/cs.aws-node-varnish/tasks/main.yml index 05339b8c..94966fc7 100644 --- a/roles/cs.aws-node-varnish/tasks/main.yml +++ b/roles/cs.aws-node-varnish/tasks/main.yml @@ -49,13 +49,12 @@ vars: aws_ebs_volume_modify_ids: >- {{ ( aws_varnish_ec2.instances + aws_varnish_ec2.tagged_instances ) - | map(attribute='block_device_mapping') - | map('dict2items') - | flatten + | map(attribute='block_device_mapping') + | map('dict2items') + | flatten | map(attribute='value') | map(attribute='volume_id') - | list - | to_nice_json }} + | list }} aws_ebs_volume_modify_type: "{{ aws_varnish_node_ebs_volume_type }}" aws_ebs_volume_modify_iops: "{{ aws_varnish_node_ebs_gp3_iops }}" aws_ebs_volume_modify_throughput: "{{ aws_varnish_node_ebs_gp3_throughput }}" diff --git a/roles/cs.aws-rds-facts/tasks/main.yml b/roles/cs.aws-rds-facts/tasks/main.yml index 691ae445..8f1f43f8 100644 --- a/roles/cs.aws-rds-facts/tasks/main.yml +++ b/roles/cs.aws-rds-facts/tasks/main.yml @@ -1,5 +1,5 @@ - name: Get list of RDS instances - rds_instance_facts: + community.aws.rds_instance_info: region: "{{ aws_region }}" register: rds_instances_info diff --git a/roles/cs.aws-rds-gfs-backup/tasks/main.yml b/roles/cs.aws-rds-gfs-backup/tasks/main.yml index bd1d5edf..70433950 100644 --- a/roles/cs.aws-rds-gfs-backup/tasks/main.yml +++ b/roles/cs.aws-rds-gfs-backup/tasks/main.yml @@ -4,7 +4,7 @@ when: rds_gfs_instance_id is not defined - name: Get facts about RDS instance - rds_instance_facts: + community.aws.rds_instance_info: db_instance_identifier: "{{ rds_gfs_instance_id }}" region: "{{ aws_region }}" register: rds_gfs_instance_data @@ -45,5 +45,3 @@ - import_tasks: cluster-db.yml when: rds_gfs_cluster_id != False - - diff --git a/roles/cs.aws-region-facts/tasks/main.yml b/roles/cs.aws-region-facts/tasks/main.yml index f718f9fa..50c7090d 100644 --- a/roles/cs.aws-region-facts/tasks/main.yml +++ b/roles/cs.aws-region-facts/tasks/main.yml @@ -1,5 +1,5 @@ - name: Get AWS region - aws_region_facts: + community.aws.aws_region_info: region: "{{ aws_region }}" register: region_facts @@ -42,4 +42,3 @@ set_fact: aws_s3_website_endpoint: "{{ aws_s3_website_info.website_endpoint }}" cacheable: yes - diff --git a/roles/cs.aws-security-group-facts/tasks/main.yml b/roles/cs.aws-security-group-facts/tasks/main.yml index 0eba7640..022c21f6 100644 --- a/roles/cs.aws-security-group-facts/tasks/main.yml +++ b/roles/cs.aws-security-group-facts/tasks/main.yml @@ -1,5 +1,5 @@ - name: Get info about security groups - ec2_group_facts: + amazon.aws.ec2_group_info: region: "{{ aws_region }}" filters: "{{ aws_sg_facts_filters | combine (aws_sg_facts_tags | prefix_keys('tag:')) }}" register: ec2_group_facts @@ -20,7 +20,7 @@ aws_security_group_lb: "{{ aws_security_groups_info | selectattr('group_name', 'equalto', aws_security_group_lb_name) | list | default([false], true) | first }}" aws_security_group_ssh: "{{ aws_security_groups_info | selectattr('group_name', 'equalto', aws_security_group_ssh_name) | list | default([false], true) | first }}" aws_security_group_lambda_ssh: "{{ aws_security_groups_info | selectattr('group_name', 'equalto', aws_security_group_lambda_ssh_name) | list | default([false], true) | first }}" - aws_security_group_persistant: "{{ aws_security_groups_info | selectattr('group_name', 'equalto', aws_security_group_persistant_name) | list | default([false], true) | first }}" + aws_security_group_persistant: "{{ aws_security_groups_info | selectattr('group_name', 'equalto', aws_security_group_persistant_name) | list | default([false], true) | first }}" cacheable: yes - name: Set id fact for each security group @@ -35,4 +35,4 @@ aws_security_group_ssh_id: "{{ aws_security_group_ssh.group_id | default(omit) }}" aws_security_group_lambda_ssh_id: "{{ aws_security_group_lambda_ssh.group_id | default(omit) }}" aws_security_group_persistant_id: "{{ aws_security_group_persistant.group_id | default(omit) }}" - cacheable: yes \ No newline at end of file + cacheable: yes diff --git a/roles/cs.aws-vpc-facts/tasks/network.yml b/roles/cs.aws-vpc-facts/tasks/network.yml index e074d22b..f097049a 100644 --- a/roles/cs.aws-vpc-facts/tasks/network.yml +++ b/roles/cs.aws-vpc-facts/tasks/network.yml @@ -1,5 +1,5 @@ - name: Get info about VPC networks - ec2_vpc_net_facts: + amazon.aws.ec2_vpc_net_info: region: "{{ aws_region }}" filters: "{{ aws_vpc_facts_net_filters | combine (aws_vpc_facts_net_tags | prefix_keys('tag:')) }}" register: vpc_net_facts diff --git a/roles/cs.aws-vpc-facts/tasks/subnets.yml b/roles/cs.aws-vpc-facts/tasks/subnets.yml index 574a606b..ff1cf2dd 100644 --- a/roles/cs.aws-vpc-facts/tasks/subnets.yml +++ b/roles/cs.aws-vpc-facts/tasks/subnets.yml @@ -1,6 +1,6 @@ - name: Get info about VPC subnets - ec2_vpc_subnet_facts: + amazon.aws.ec2_vpc_subnet_info: region: "{{ aws_region }}" filters: "{{ aws_vpc_facsts_subnet_filters_base | combine (aws_vpc_facts_subnet_filters, aws_vpc_facts_subnet_tags | prefix_keys('tag:')) }}" vars: diff --git a/roles/cs.blackfire/defaults/main.yml b/roles/cs.blackfire/defaults/main.yml index 147ba583..07365696 100644 --- a/roles/cs.blackfire/defaults/main.yml +++ b/roles/cs.blackfire/defaults/main.yml @@ -6,5 +6,5 @@ blackfire_deprecated_packages: blackfire_server_id: "" blackfire_server_token: "" blackfire_install: yes -blackfire_agent_socket: "unix:///var/run/blackfire/agent.sock" +blackfire_agent_socket: "unix:///run/blackfire/agent.sock" blackfire_enable_apm: no diff --git a/roles/cs.blackfire/tasks/main.yml b/roles/cs.blackfire/tasks/main.yml index 5a356743..b5930973 100644 --- a/roles/cs.blackfire/tasks/main.yml +++ b/roles/cs.blackfire/tasks/main.yml @@ -1,8 +1,8 @@ - name: Install blackfire when configured block: - - name: Install pypgpme - yum: - name: pygpgme + - name: Install pgpme + dnf: + name: gpgme state: present - name: Add Blackfire repository @@ -11,12 +11,12 @@ dest: /etc/yum.repos.d/blackfire.repo - name: Ensure Blackfire deprecated packages are gone. - yum: + dnf: name: "{{ blackfire_deprecated_packages }}" state: absent - name: Ensure Blackfire packages are installed. - yum: + dnf: name: "{{ blackfire_packages }}" state: present diff --git a/roles/cs.blackfire/templates/agent.j2 b/roles/cs.blackfire/templates/agent.j2 index 4e0eb433..dfb9050a 100644 --- a/roles/cs.blackfire/templates/agent.j2 +++ b/roles/cs.blackfire/templates/agent.j2 @@ -53,12 +53,12 @@ server-token={{ blackfire_server_token }} ; ; setting: socket -; desc : Sets the socket the agent should read traces from. Possible value can be a unix socket or a TCP address. ie: unix:///var/run/blackfire/agent.sock or tcp://127.0.0.1:8307 -; default: unix:///var/run/blackfire/agent.sock -socket=unix:///var/run/blackfire/agent.sock +; desc : Sets the socket the agent should read traces from. Possible value can be a unix socket or a TCP address. ie: unix:///run/blackfire/agent.sock or tcp://127.0.0.1:8307 +; default: unix:///run/blackfire/agent.sock +socket=unix:///run/blackfire/agent.sock ; ; setting: spec ; desc : Sets the path to the json specifications file ; default: -spec= \ No newline at end of file +spec= diff --git a/roles/cs.centos-update-kernel/tasks/main.yml b/roles/cs.centos-update-kernel/tasks/main.yml deleted file mode 100644 index 9edefcd9..00000000 --- a/roles/cs.centos-update-kernel/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ -- name: Install elrepo rpm key - rpm_key: - state: present - key: https://www.elrepo.org/RPM-GPG-KEY-elrepo.org - -- name: Install elrepo repo - dnf: - state: present - name: https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm - -- name: Elable el-kernel repo - ini_file: - state: present - create: no - path: /etc/yum.repos.d/elrepo.repo - section: elrepo-kernel - option: enabled - value: '1' - no_extra_spaces: yes - -- name: Switch default kernel setting - replace: - path: /etc/sysconfig/kernel - regexp: '^DEFAULTKERNEL=[^\n]*$' - replace: DEFAULTKERNEL={{ centos_update_kernel_kernel_name }} - -- name: Disable mitigations - replace: - path: /etc/default/grub - regexp: '^GRUB_CMDLINE_LINUX=[^\n]*$' - replace: GRUB_CMDLINE_LINUX="console=tty0 crashkernel=auto net.ifnames=0 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off" - when: centos_update_kernel_disable_mitigations - -- name: Update kernel - dnf: - state: latest - name: "{{ centos_update_kernel_kernel_name }}" - -- name: Set modern network congestion algorithm - block: - - sysctl: - name: net.core.default_qdisc - value: fq - reload: yes - state: present - - sysctl: - name: net.ipv4.tcp_congestion_control - value: bbr - reload: yes - state: present - when: centos_update_kernel_network_tune diff --git a/roles/cs.cron/tasks/main.yml b/roles/cs.cron/tasks/main.yml index e5785094..09207086 100644 --- a/roles/cs.cron/tasks/main.yml +++ b/roles/cs.cron/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install Cron deamon - yum: + dnf: name: cronie state: latest become: true diff --git a/roles/cs.deploy-containerized-tasks/handlers/main.yml b/roles/cs.deploy-containerized-tasks/handlers/main.yml index 9904a3bc..ee5086bc 100644 --- a/roles/cs.deploy-containerized-tasks/handlers/main.yml +++ b/roles/cs.deploy-containerized-tasks/handlers/main.yml @@ -5,7 +5,7 @@ enabled: no - name: Clean packages - yum: + dnf: name: "{{ containerized_tasks_packages }}" state: absent diff --git a/roles/cs.deploy-containerized-tasks/tasks/main.yml b/roles/cs.deploy-containerized-tasks/tasks/main.yml index 73b47922..d5a0ac30 100644 --- a/roles/cs.deploy-containerized-tasks/tasks/main.yml +++ b/roles/cs.deploy-containerized-tasks/tasks/main.yml @@ -3,12 +3,12 @@ - name: Prepare execution environment block: - name: Install packages - yum: + dnf: name: "{{ containerized_tasks_packages }}" state: present notify: - Clean packages - + - name: Ensure docker daemon is started service: name: docker diff --git a/roles/cs.deploy-containerized-tasks/vars/main.yml b/roles/cs.deploy-containerized-tasks/vars/main.yml index 591359d7..f30695e4 100644 --- a/roles/cs.deploy-containerized-tasks/vars/main.yml +++ b/roles/cs.deploy-containerized-tasks/vars/main.yml @@ -1,4 +1,4 @@ containerized_tasks_internal_workdir_default: "/workdir" containerized_tasks_packages: - docker - - python-docker-py \ No newline at end of file + - python3-docker diff --git a/roles/cs.earlyoom/defaults/main.yml b/roles/cs.earlyoom/defaults/main.yml index cf3c8fcb..8a6ace93 100644 --- a/roles/cs.earlyoom/defaults/main.yml +++ b/roles/cs.earlyoom/defaults/main.yml @@ -1,5 +1,5 @@ earlyoom_ram_min_percent: 10 -earlyoom_swap_min_percent: 50 +earlyoom_swap_min_percent: 10 earlyoom_avoid_regexp: '(^|/)(init|systemd|systemd-journald|sshd|nginx|redis-server|zstd)$' earlyoom_prefer_regexp: '(^|/)(java|php)$' earlyoom_report_interval_sec: 60 diff --git a/roles/cs.earlyoom/tasks/main.yml b/roles/cs.earlyoom/tasks/main.yml index a5df5f78..bb8cd0dc 100644 --- a/roles/cs.earlyoom/tasks/main.yml +++ b/roles/cs.earlyoom/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install earlyoom packages - yum: + dnf: name: earlyoom state: present diff --git a/roles/cs.elasticsearch/tasks/main.yml b/roles/cs.elasticsearch/tasks/main.yml index f0ce2f5d..ae00a54c 100644 --- a/roles/cs.elasticsearch/tasks/main.yml +++ b/roles/cs.elasticsearch/tasks/main.yml @@ -25,7 +25,7 @@ {{ entry.argument | default('-') }} create: yes loop: - - path: /var/run/elasticsearch/ + - path: /run/elasticsearch/ - path: /var/log/elasticsearch/ - path: /var/lib/elasticsearch/ - path: /var/log/elasticsearch/*.log diff --git a/roles/cs.firewalld/tasks/main.yml b/roles/cs.firewalld/tasks/main.yml index 6c447c1c..06e6284b 100644 --- a/roles/cs.firewalld/tasks/main.yml +++ b/roles/cs.firewalld/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install firewalld - yum: + dnf: name: firewalld - name: Start & enable firewalld diff --git a/roles/cs.geolite2/tasks/main.yml b/roles/cs.geolite2/tasks/main.yml index 2415483e..1f8632e9 100644 --- a/roles/cs.geolite2/tasks/main.yml +++ b/roles/cs.geolite2/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install geolite2 pakcages - yum: + dnf: name: "{{ packages }}" vars: packages: diff --git a/roles/cs.goaccess/tasks/main.yml b/roles/cs.goaccess/tasks/main.yml index 5cc3e830..dbb17317 100644 --- a/roles/cs.goaccess/tasks/main.yml +++ b/roles/cs.goaccess/tasks/main.yml @@ -14,7 +14,7 @@ state: directory - name: Ensure goaccess is installed - yum: + dnf: name: goaccess state: present @@ -45,4 +45,4 @@ src: vhost.conf dest: "{{ nginx_confd_dir }}/goaccess.conf" notify: Reload nginx - when: goaccess_vhost_port is defined \ No newline at end of file + when: goaccess_vhost_port is defined diff --git a/roles/cs.java/tasks/main.yml b/roles/cs.java/tasks/main.yml index f938ed82..e9ab8dc1 100644 --- a/roles/cs.java/tasks/main.yml +++ b/roles/cs.java/tasks/main.yml @@ -1,9 +1,9 @@ - name: Ensure Java 7 is gone - yum: + dnf: name: java-1.7.0-openjdk state: absent - name: Ensure Java 8 is installed - yum: + dnf: name: java-1.8.0-openjdk - state: latest \ No newline at end of file + state: latest diff --git a/roles/cs.logrotate/tasks/main.yml b/roles/cs.logrotate/tasks/main.yml index f1afb650..a59005b2 100644 --- a/roles/cs.logrotate/tasks/main.yml +++ b/roles/cs.logrotate/tasks/main.yml @@ -1,19 +1,29 @@ - name: Install logrotate and zstd - yum: + dnf: state: present name: - logrotate - zstd -- name: Schedule logrotate hourly - copy: - remote_src: yes - src: /etc/cron.daily/logrotate - dest: /etc/cron.hourly/logrotate +- name: Ensure directory exists + file: + path: "/etc/systemd/system/logrotate.timer.d" + state: directory mode: 0755 +- name: Schedule logrotate hourly + template: + src: logrotate.override + dest: /etc/systemd/system/logrotate.timer.d/override.conf + mode: 0644 + - name: Install syslog logroate config template: src: syslog.logrotate - dest: /etc/logrotate.d/syslog + dest: /etc/logrotate.d/rsyslog mode: 0644 + +- name: Reload logrotate + service: + name: logrotate.timer + state: restarted diff --git a/roles/cs.logrotate/templates/logrotate.override b/roles/cs.logrotate/templates/logrotate.override new file mode 100644 index 00000000..a2c9c3e5 --- /dev/null +++ b/roles/cs.logrotate/templates/logrotate.override @@ -0,0 +1,3 @@ +[Timer] +OnCalendar=hourly +AccuracySec=15m diff --git a/roles/cs.logrotate/templates/syslog.logrotate b/roles/cs.logrotate/templates/syslog.logrotate index fdf8980c..e8310d52 100644 --- a/roles/cs.logrotate/templates/syslog.logrotate +++ b/roles/cs.logrotate/templates/syslog.logrotate @@ -16,6 +16,6 @@ missingok sharedscripts postrotate - /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true + /bin/kill -HUP `cat /run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } diff --git a/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml b/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml index 1d9bc160..a6a7d6c8 100644 --- a/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml +++ b/roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml @@ -63,12 +63,6 @@ magento_core_config_settings: "{{ magento_core_config_settings + magento_baler_js_bundling_core_config }}" when: magento_scd_advanced_js_bundling and magento_scd_advanced_js_bundling_strategy == 'baler' -- name: Install required python modules - yum: - # Required for the `mysql_query` module - name: python2-PyMySQL - state: present - - name: Check if database is initialized command: mysql -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';" changed_when: false diff --git a/roles/cs.magento-configure/tasks/080-core-config.yml b/roles/cs.magento-configure/tasks/080-core-config.yml index 2bfe10b1..4b40bc05 100644 --- a/roles/cs.magento-configure/tasks/080-core-config.yml +++ b/roles/cs.magento-configure/tasks/080-core-config.yml @@ -10,52 +10,55 @@ when: magento_varnish_host | default(false, true) - name: Ensure core config database settings' values - mysql_query: - name: "{{ mageops_app_mysql_db }}" - table: core_config_data + community.mysql.mysql_query: + login_db: "{{ mageops_app_mysql_db }}" login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" - identifiers: - path: "{{ magento_db_setting.path }}" - values: - value: "{{ magento_db_setting.value }}" - defaults: - scope_id: 0 - scope: "default" + query: | + INSERT INTO `core_config_data` + SET + path = "{{ magento_db_setting.path | quote }}", + value = "{{ magento_db_setting.path | quote }}", + scope_id = 0, + scope = "default" + ON DUPLICATE KEY UPDATE + value = "{{ magento_db_setting.path | quote }}" when: not magento_db_setting.default | default(false) and magento_db_setting.value | default(false) is string and magento_db_setting.enabled | default(true) loop: "{{ magento_core_config_settings }}" loop_control: loop_var: magento_db_setting - name: Ensure core config database default values (no update if exists) - mysql_query: - name: "{{ mageops_app_mysql_db }}" - table: core_config_data + community.mysql.mysql_query: + login_db: "{{ mageops_app_mysql_db }}" login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" - identifiers: - path: "{{ magento_db_setting.path }}" - defaults: - scope_id: 0 - scope: "default" - value: "{{ magento_db_setting.value }}" + query: | + INSERT INTO `core_config_data` + SET + path = "{{ magento_db_setting.path | quote }}", + value = "{{ magento_db_setting.path | quote }}", + scope_id = 0, + scope = "default" + ON DUPLICATE KEY UPDATE + path = path when: magento_db_setting.default | default(false) and magento_db_setting.value | default(false) is string and magento_db_setting.enabled | default(true) loop: "{{ magento_core_config_settings }}" loop_control: loop_var: magento_db_setting - name: Ensure core config database settings are absent (defaults are used) - mysql_query: - state: absent - name: "{{ mageops_app_mysql_db }}" - table: core_config_data + community.mysql.mysql_query: + login_db: "{{ mageops_app_mysql_db }}" login_host: "{{ mageops_mysql_host }}" login_user: "{{ mageops_app_mysql_user }}" login_password: "{{ mageops_app_mysql_pass }}" - identifiers: - path: "{{ magento_db_setting_path }}" + query: | + DELETE FROM core_config_data + WHERE + path = "{{ magento_db_setting_path | quote }}" loop: "{{ magento_core_config_settings_to_remove }}" loop_control: loop_var: magento_db_setting_path diff --git a/roles/cs.magento-preload-fscache/tasks/main.yml b/roles/cs.magento-preload-fscache/tasks/main.yml index a8e63e14..d878ef20 100644 --- a/roles/cs.magento-preload-fscache/tasks/main.yml +++ b/roles/cs.magento-preload-fscache/tasks/main.yml @@ -1,5 +1,5 @@ # TODO: Remove once we're made sure the old `magento-preload.service` is finally gone -- name: Make sure the previous version of the service is disabled and stopped +- name: Make sure the previous version of the service is disabled and stopped shell: >- systemctl --no-legend --no-pager --plain \ list-unit-files magento-preload.service \ @@ -13,7 +13,7 @@ failed_when: no - name: Install vmtouch for preloading fs cache - yum: + dnf: name: vmtouch state: latest diff --git a/roles/cs.monitoring/tasks/elasticsearch-exporter.yml b/roles/cs.monitoring/tasks/elasticsearch-exporter.yml index 7dfdea39..406e14f2 100644 --- a/roles/cs.monitoring/tasks/elasticsearch-exporter.yml +++ b/roles/cs.monitoring/tasks/elasticsearch-exporter.yml @@ -1,5 +1,5 @@ - name: Install elasticsearch-exporter - yum: + dnf: name: elasticsearch-exporter state: latest diff --git a/roles/cs.monitoring/tasks/node-exporter.yml b/roles/cs.monitoring/tasks/node-exporter.yml index b67bf90a..329fcd89 100644 --- a/roles/cs.monitoring/tasks/node-exporter.yml +++ b/roles/cs.monitoring/tasks/node-exporter.yml @@ -1,5 +1,5 @@ - name: Install node-exporter - yum: + dnf: name: node-exporter state: latest diff --git a/roles/cs.monitoring/tasks/php-fpm-exporter.yml b/roles/cs.monitoring/tasks/php-fpm-exporter.yml index d7150ca4..3441294a 100644 --- a/roles/cs.monitoring/tasks/php-fpm-exporter.yml +++ b/roles/cs.monitoring/tasks/php-fpm-exporter.yml @@ -11,7 +11,7 @@ force: yes - name: Install php-fpm-exporter - yum: + dnf: name: php-fpm-exporter state: latest diff --git a/roles/cs.monitoring/tasks/pushprox.yml b/roles/cs.monitoring/tasks/pushprox.yml index 237d5639..c71ffca0 100644 --- a/roles/cs.monitoring/tasks/pushprox.yml +++ b/roles/cs.monitoring/tasks/pushprox.yml @@ -1,5 +1,5 @@ - name: Install pushprox - yum: + dnf: name: pushprox-client state: latest diff --git a/roles/cs.monitoring/tasks/redis-exporter.yml b/roles/cs.monitoring/tasks/redis-exporter.yml index 0828cea7..d79b9f24 100644 --- a/roles/cs.monitoring/tasks/redis-exporter.yml +++ b/roles/cs.monitoring/tasks/redis-exporter.yml @@ -1,5 +1,5 @@ - name: Install redis-exporter - yum: + dnf: name: redis-exporter state: latest diff --git a/roles/cs.monitoring/tasks/varnish-exporter.yml b/roles/cs.monitoring/tasks/varnish-exporter.yml index 90362ce4..d904736d 100644 --- a/roles/cs.monitoring/tasks/varnish-exporter.yml +++ b/roles/cs.monitoring/tasks/varnish-exporter.yml @@ -1,5 +1,5 @@ - name: Install varnish-exporter - yum: + dnf: name: varnish-exporter state: latest diff --git a/roles/cs.mysql/tasks/flavor/mariadb.yml b/roles/cs.mysql/tasks/flavor/mariadb.yml index 580aa41a..567e594e 100644 --- a/roles/cs.mysql/tasks/flavor/mariadb.yml +++ b/roles/cs.mysql/tasks/flavor/mariadb.yml @@ -10,7 +10,7 @@ group: mysql mode: 0755 loop: - - /var/run/mariadb + - /run/mariadb - /var/log/mariadb # In case `/var` or `/var/run` is a tmpfs (common thing nowadays) @@ -28,7 +28,7 @@ {{ entry.argument | default('-') }} create: yes loop: - - path: /var/run/mariadb + - path: /run/mariadb - path: /var/log/mariadb - path: /var/log/mariadb/*.log mode: '0644' @@ -49,7 +49,7 @@ mysql_root_name: "{{ mysql_root_user }}" mysql_root_password: "{{ mysql_root_pass }}" mysql_root_password_update: yes - mysql_pid_file: /var/run/mariadb/mariadb.pid + mysql_pid_file: /run/mariadb/mariadb.pid mysql_packages: - MariaDB-server - MariaDB-client diff --git a/roles/cs.mysql/tasks/flavor/mysql.yml b/roles/cs.mysql/tasks/flavor/mysql.yml index 9bd8b0cb..5761aa25 100644 --- a/roles/cs.mysql/tasks/flavor/mysql.yml +++ b/roles/cs.mysql/tasks/flavor/mysql.yml @@ -1,5 +1,5 @@ - name: Install mysql-server - yum: + dnf: name: mysql-server state: present register: mysql_install @@ -20,7 +20,7 @@ - mysql-community-server - mysql-community-client mysql_syslog_tag: mysqld - mysql_pid_file: /var/run/mysqld/mysqld.pid + mysql_pid_file: /run/mysqld/mysqld.pid mysql_socket: /var/lib/mysql/mysql.sock mysql_datadir: /var/lib/mysql mysql_log_error: /var/log/mysqld.err diff --git a/roles/cs.new-relic/tasks/main.yml b/roles/cs.new-relic/tasks/main.yml index 2e00b9ae..99f4f086 100644 --- a/roles/cs.new-relic/tasks/main.yml +++ b/roles/cs.new-relic/tasks/main.yml @@ -1,11 +1,11 @@ - name: Install new relic repo - yum: + dnf: name: "{{ new_relic_repo_url }}" state: present disable_gpg_check: true - name: Install new relic packages - yum: + dnf: name: "{{ new_relic_packages }}" state: latest diff --git a/roles/cs.nginx-https-termination/defaults/main.yml b/roles/cs.nginx-https-termination/defaults/main.yml index 19df7211..5e2aa3ea 100644 --- a/roles/cs.nginx-https-termination/defaults/main.yml +++ b/roles/cs.nginx-https-termination/defaults/main.yml @@ -44,7 +44,7 @@ https_termination_crt_acme_staging: no # - header `Cache-Control` starts with `public` # - header `X-Magento-Cache-Debug` equals `MISS` # - reponse code is 200 OK -https_termination_page_cache_misses_logging: yes +https_termination_page_cache_misses_logging: no https_termination_page_cache_misses_logfile: "{{ nginx_log_dir }}/access.page-cache-misses.json.log" # An array of items each containing: diff --git a/roles/cs.nginx-https-termination/tasks/032-certificates-bootstrap.yml b/roles/cs.nginx-https-termination/tasks/032-certificates-bootstrap.yml index a3775d04..c7b18eed 100644 --- a/roles/cs.nginx-https-termination/tasks/032-certificates-bootstrap.yml +++ b/roles/cs.nginx-https-termination/tasks/032-certificates-bootstrap.yml @@ -1,6 +1,6 @@ - name: Install ansible runtime deps - yum: - name: python2-cryptography + dnf: + name: python3-cryptography state: present - name: Generate vhost private key @@ -95,4 +95,4 @@ }} loop_control: label: "{{ vhost.name }} -> {{ vhost[key.dst] }}" - loop_var: entry \ No newline at end of file + loop_var: entry diff --git a/roles/cs.nginx-https-termination/tasks/034-certificates-acme.yml b/roles/cs.nginx-https-termination/tasks/034-certificates-acme.yml index 3efa979f..b75b8cd7 100644 --- a/roles/cs.nginx-https-termination/tasks/034-certificates-acme.yml +++ b/roles/cs.nginx-https-termination/tasks/034-certificates-acme.yml @@ -1,5 +1,5 @@ - name: Install certbot - yum: + dnf: state: present name: certbot @@ -99,4 +99,3 @@ enabled: yes masked: no notify: Reload systemctl daemon - diff --git a/roles/cs.nginx-language-redirect-multilevel/tasks/000-install.yml b/roles/cs.nginx-language-redirect-multilevel/tasks/000-install.yml index 8432c03e..bb73038f 100644 --- a/roles/cs.nginx-language-redirect-multilevel/tasks/000-install.yml +++ b/roles/cs.nginx-language-redirect-multilevel/tasks/000-install.yml @@ -1,5 +1,5 @@ - name: Install latest nginx GeoIP module dependencies - yum: + dnf: name: "{{ packages }}" state: latest vars: @@ -11,7 +11,7 @@ # nging-module-geoip2 is available from mageops repo - name: Install latest nginx GeoIP module dependencies - yum: + dnf: name: "{{ packages }}" state: latest vars: diff --git a/roles/cs.nginx-language-redirect/tasks/000-install.yml b/roles/cs.nginx-language-redirect/tasks/000-install.yml index e3f825f9..7c0d39d2 100644 --- a/roles/cs.nginx-language-redirect/tasks/000-install.yml +++ b/roles/cs.nginx-language-redirect/tasks/000-install.yml @@ -1,5 +1,5 @@ - name: Install latest nginx GeoIP module dependencies - yum: + dnf: name: "{{ packages }}" state: latest vars: @@ -11,7 +11,7 @@ # nging-module-geoip2 is available from mageops repo - name: Install latest nginx GeoIP module dependencies - yum: + dnf: name: "{{ packages }}" state: latest vars: diff --git a/roles/cs.nginx-magento/defaults/main.yml b/roles/cs.nginx-magento/defaults/main.yml index 7f0535cf..587521b6 100644 --- a/roles/cs.nginx-magento/defaults/main.yml +++ b/roles/cs.nginx-magento/defaults/main.yml @@ -8,7 +8,7 @@ nginx_magento_mode: "{{ magento_mode | default('production') }}" nginx_fcgi_upstream_conf_file: "{{ nginx_confd_dir }}/000-php-fpm-upstream.conf" nginx_fcgi_read_timeout: '600s' nginx_fcgi_connect_timeout: '600s' -nginx_fcgi_backend_socket: '/var/run/php-fpm/backend.sock' +nginx_fcgi_backend_socket: '/run/php-fpm/backend.sock' nginx_fcgi_backend_debug_socket: "{{ nginx_fcgi_backend_socket }}" #Extracted to an variable so dev envs can have this low, and prod - 1 year. diff --git a/roles/cs.nginx-magento/tasks/002-htpasswd.yml b/roles/cs.nginx-magento/tasks/002-htpasswd.yml index 484cfbdd..3cce97c8 100644 --- a/roles/cs.nginx-magento/tasks/002-htpasswd.yml +++ b/roles/cs.nginx-magento/tasks/002-htpasswd.yml @@ -1,6 +1,6 @@ - name: Install passlib - yum: - name: python2-passlib + dnf: + name: python3-passlib state: present - name: Generate nginx htpasswdfile for site diff --git a/roles/cs.nginx/meta/main.yml b/roles/cs.nginx/meta/main.yml index d8957b13..71c904f1 100644 --- a/roles/cs.nginx/meta/main.yml +++ b/roles/cs.nginx/meta/main.yml @@ -1,24 +1,3 @@ allow_duplicates: no dependencies: - - cs.repo-nginx - cs.logrotate - -galaxy_info: - author: creativestyle - description: nginx web server - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - nginx - - webserver - - server - - http - - proxy - - mageops - - magento - - magesuite - - creativestyle diff --git a/roles/cs.nginx/tasks/001-install.yml b/roles/cs.nginx/tasks/001-install.yml index cb5ed513..c612e318 100644 --- a/roles/cs.nginx/tasks/001-install.yml +++ b/roles/cs.nginx/tasks/001-install.yml @@ -1,4 +1,4 @@ - name: Install nginx packages - yum: + dnf: name: "{{ [nginx_package] + nginx_packages_extra }}" state: present diff --git a/roles/cs.nginx/tasks/002-configure.yml b/roles/cs.nginx/tasks/002-configure.yml index 2e529b1d..9a6bbc35 100644 --- a/roles/cs.nginx/tasks/002-configure.yml +++ b/roles/cs.nginx/tasks/002-configure.yml @@ -62,3 +62,7 @@ service: name: nginx enabled: yes + state: started + +- name: Ensure logs are reopened to provide correct chown (https://superuser.com/a/1591135) + shell: nginx -s reopen diff --git a/roles/cs.nginx/templates/nginx.logrotate b/roles/cs.nginx/templates/nginx.logrotate index 56b2395a..470f9815 100644 --- a/roles/cs.nginx/templates/nginx.logrotate +++ b/roles/cs.nginx/templates/nginx.logrotate @@ -18,8 +18,8 @@ sharedscripts postrotate - if [ -f /var/run/nginx.pid ]; then - kill -USR1 `cat /var/run/nginx.pid` + if [ -f /run/nginx.pid ]; then + kill -USR1 `cat /run/nginx.pid` fi endscript } diff --git a/roles/cs.nodejs/tasks/main.yml b/roles/cs.nodejs/tasks/main.yml index 04bad4fd..57af8e46 100644 --- a/roles/cs.nodejs/tasks/main.yml +++ b/roles/cs.nodejs/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install nodejs and yarn - yum: + dnf: name: - nodejs - yarn diff --git a/roles/cs.centos-update-kernel/defaults/main.yml b/roles/cs.optimize-kernel/defaults/main.yml similarity index 65% rename from roles/cs.centos-update-kernel/defaults/main.yml rename to roles/cs.optimize-kernel/defaults/main.yml index c864e158..4a7c033d 100644 --- a/roles/cs.centos-update-kernel/defaults/main.yml +++ b/roles/cs.optimize-kernel/defaults/main.yml @@ -1,3 +1,2 @@ -centos_update_kernel_kernel_name: kernel-lt centos_update_kernel_disable_mitigations: no centos_update_kernel_network_tune: yes diff --git a/roles/cs.optimize-kernel/tasks/main.yml b/roles/cs.optimize-kernel/tasks/main.yml new file mode 100644 index 00000000..b0449db2 --- /dev/null +++ b/roles/cs.optimize-kernel/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Disable mitigations + replace: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX=[^\n]*$' + replace: GRUB_CMDLINE_LINUX="console=tty0 crashkernel=auto net.ifnames=0 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off" + when: centos_update_kernel_disable_mitigations + +- name: Set modern network congestion algorithm + block: + - sysctl: + name: net.core.default_qdisc + value: fq + reload: yes + state: present + - sysctl: + name: net.ipv4.tcp_congestion_control + value: bbr + reload: yes + state: present + when: centos_update_kernel_network_tune diff --git a/roles/cs.packages/tasks/main.yml b/roles/cs.packages/tasks/main.yml index 3bda064e..c2b08eee 100644 --- a/roles/cs.packages/tasks/main.yml +++ b/roles/cs.packages/tasks/main.yml @@ -1,9 +1,4 @@ -- name: Ensure /var/lib/rpm-state exists (fix for https://access.redhat.com/solutions/3573891) - file: - path: /var/lib/rpm-state - state: directory - - name: Get last package maintenance timestamp slurp: path: "{{ packages_maintenance_marker_path }}" @@ -13,21 +8,8 @@ - name: Perform one-time package maintenance block: - - name: Set localized yum mirrorlist for core repos - ini_file: - path: "/etc/yum.repos.d/{{ item.file }}" - section: "{{ item.repo }}" - option: mirrorlist - value: "{{ item.url }}" - backup: yes - no_extra_spaces: yes - loop: "{{ packages_mirrorlists }}" - loop_control: - label: "{{ item.repo }}" - when: packages_mirrorlist_countrycode is defined and packages_mirrorlist_countrycode - - name: Make sure banned packages are not present - yum: + dnf: name: "{{ packages_remove | default([]) }}" state: absent when: packages_remove is defined and packages_remove | length @@ -43,24 +25,25 @@ ) > packages_maintenance_interval | int ) -- name: Make sure there are no open yum transactions - shell: yum-complete-transaction -y --cleanup-only - args: - warn: no - +# Retries here are required because of funky fastly caching +# and sometimes selected fastly mirror is not resolving some packages (404) +# dns caches responses for 30s so we need this much to get another change at getting different mirror - name: "Install packages" - yum: + dnf: name: "{{ packages_install }}" state: present register: packages_install_command - retries: 5 - delay: 5 + retries: 10 + delay: 30 until: not packages_install_command is failed - name: "Ensure all packages are up to date" - yum: + dnf: name: '*' state: latest exclude: "{{ packages_full_update_exclude }}" when: packages_full_update - + register: packages_update_command + retries: 10 + delay: 30 + until: not packages_update_command is failed diff --git a/roles/cs.php-fpm/defaults/main.yml b/roles/cs.php-fpm/defaults/main.yml index a4afa75b..4e69685f 100644 --- a/roles/cs.php-fpm/defaults/main.yml +++ b/roles/cs.php-fpm/defaults/main.yml @@ -3,7 +3,7 @@ php_fpm_daemon_conf_file_path: "/etc/php-fpm.conf" php_fpm_pid_file_path: "{{ php_fpm_run_dir_path }}/php-fpm.pid" php_fpm_pool_conf_dir_path: "/etc/php-fpm.d" -php_fpm_run_dir_path: "/var/run/php-fpm" +php_fpm_run_dir_path: "/run/php-fpm" php_fpm_log_dir_path: "/var/log/php-fpm" php_fpm_listen_allowed_clients: "127.0.0.1" diff --git a/roles/cs.php-tideways/tasks/main.yml b/roles/cs.php-tideways/tasks/main.yml index 4a562495..e3ceefbb 100644 --- a/roles/cs.php-tideways/tasks/main.yml +++ b/roles/cs.php-tideways/tasks/main.yml @@ -19,9 +19,9 @@ description: Tideways baseurl: https://packages.tideways.com/yum-packages-main gpgkey: "{{ tideways_repo_gpgkeys }}" - + - name: Install tideways packages - yum: + dnf: state: present name: "{{ tideways_packages }}" notify: PHP Configuration Changed @@ -43,7 +43,7 @@ when: not tideways_enable block: - name: Uninstall tideways packages - yum: + dnf: name: "{{ tideways_packages }}" state: absent @@ -58,5 +58,3 @@ loop_control: loop_var: filepath notify: PHP Configuration Changed - - diff --git a/roles/cs.php/meta/main.yml b/roles/cs.php/meta/main.yml index d752d044..5928d73d 100644 --- a/roles/cs.php/meta/main.yml +++ b/roles/cs.php/meta/main.yml @@ -1,6 +1,2 @@ dependencies: - role: cs.repo-remi - php_repo_remi_variants_enabled: - - "safe" - - "php{{ php_version | replace('.', '') }}" - - "php{{ php_version | replace('.', '') }}-debuginfo" diff --git a/roles/cs.php/tasks/main.yml b/roles/cs.php/tasks/main.yml index 10ba55bf..bde9251c 100644 --- a/roles/cs.php/tasks/main.yml +++ b/roles/cs.php/tasks/main.yml @@ -1,5 +1,8 @@ +- name: Enable php module + shell: "dnf module reset php -y && dnf module install -y php:remi-{{ php_version }}" + - name: Install PHP and dependency packages - yum: + dnf: name: >- {{ ( @@ -124,10 +127,9 @@ enabled: no daemon_reload: yes when: php_tmpfiles_service_config is changed - + - name: Ensure tmpfiles maintenance service is enabled systemd: name: php-tmpfiles state: started enabled: yes - diff --git a/roles/cs.pio/tasks/app.yml b/roles/cs.pio/tasks/app.yml index 7b245ef1..f9162dd3 100644 --- a/roles/cs.pio/tasks/app.yml +++ b/roles/cs.pio/tasks/app.yml @@ -7,7 +7,7 @@ # - name: Install pio-worker rpm - yum: + dnf: name: "{{ pio_package_url }}" state: present disable_gpg_check: true diff --git a/roles/cs.pio/tasks/varnish.yml b/roles/cs.pio/tasks/varnish.yml index 202ba283..da642d0e 100644 --- a/roles/cs.pio/tasks/varnish.yml +++ b/roles/cs.pio/tasks/varnish.yml @@ -11,7 +11,7 @@ allow_duplicates: no - name: Install pio-worker rpm - yum: + dnf: name: "{{ pio_package_url }}" state: present disable_gpg_check: true diff --git a/roles/cs.rabbitmq/tasks/main.yml b/roles/cs.rabbitmq/tasks/main.yml index 2a6aeca3..474fe332 100644 --- a/roles/cs.rabbitmq/tasks/main.yml +++ b/roles/cs.rabbitmq/tasks/main.yml @@ -1,11 +1,11 @@ - name: Install RabbitMQ Erlang Package - yum: + dnf: allow_downgrade: no name: "erlang" notify: Restart rabbitmq - name: Install RabbitMQ Package - yum: + dnf: allow_downgrade: no name: "rabbitmq-server" notify: Restart rabbitmq diff --git a/roles/cs.redis/defaults/main.yml b/roles/cs.redis/defaults/main.yml index 412f356b..d9b4a557 100644 --- a/roles/cs.redis/defaults/main.yml +++ b/roles/cs.redis/defaults/main.yml @@ -1,7 +1,3 @@ -# Install stable redis 6.x from remi-safe repo instead of the 3.x version -# provided by the standard CentOS 6 epel repository. -redis_enable_v6: no - # Set it if you want to host multiple redis instances on the same server. # This is useful if you want separately-configurable databases (for example with different maxmemory policies) # on the same server. Usually you'll want to separate session and cache storage, so cache does not evict sessions. @@ -11,7 +7,7 @@ redis_package: redis redis_daemon: "redis{% if redis_instance_name %}-{{ redis_instance_name }}{% endif %}" redis_conf_path: "/etc/{{ redis_daemon }}.conf" -redis_piddir: "/var/run/redis" +redis_piddir: "/run/redis" redis_pidfile_path: "{{ redis_piddir }}/{{ redis_daemon }}.pid" redis_port: 6379 diff --git a/roles/cs.redis/meta/main.yml b/roles/cs.redis/meta/main.yml index e80e92d3..0990d7fa 100644 --- a/roles/cs.redis/meta/main.yml +++ b/roles/cs.redis/meta/main.yml @@ -1,25 +1,3 @@ dependencies: - role: cs.ansible-plugins - role: cs.repo-epel - # Do not enable any repositories permanently except the `safe` default - # one because we will enable it explicitly for just this one package. - - role: cs.repo-remi - when: redis_enable_v6 - -galaxy_info: - author: MageOps - description: Redis - company: creativestyle Polska Sp. z o. o. - license: "license (BSD, MIT)" - min_ansible_version: 2.7 - platforms: - - name: EL - versions: - - 7 - galaxy_tags: - - database - - development - - web - - redis - - cache - - performance diff --git a/roles/cs.redis/tasks/install.yml b/roles/cs.redis/tasks/install.yml index 7c52580a..e2d9b2cd 100644 --- a/roles/cs.redis/tasks/install.yml +++ b/roles/cs.redis/tasks/install.yml @@ -1,9 +1,7 @@ - name: Install redis packages package: name: "{{ redis_package }}" - state: "{{ redis_enable_v6 | ternary('latest', 'present') }}" - enablerepo: "{{ redis_enable_v6 | ternary('remi,remi-safe', omit) }}" + state: "latest" notify: - Reload systemctl daemon - Restart {{ redis_daemon }} - diff --git a/roles/cs.redis/templates/redis.conf b/roles/cs.redis/templates/redis.conf index 956f34c6..8255b132 100644 --- a/roles/cs.redis/templates/redis.conf +++ b/roles/cs.redis/templates/redis.conf @@ -42,16 +42,14 @@ appendonly yes appendfsync {{ redis_appendfsync }} - {% if redis_enable_v6 %} - appendfilename "{{ redis_appendfilename }}" - no-appendfsync-on-rewrite no - - aof-load-truncated yes - aof-rewrite-incremental-fsync yes - aof-use-rdb-preamble yes - auto-aof-rewrite-min-size 64mb - auto-aof-rewrite-percentage 100 - {% endif %} + appendfilename "{{ redis_appendfilename }}" + no-appendfsync-on-rewrite no + + aof-load-truncated yes + aof-rewrite-incremental-fsync yes + aof-use-rdb-preamble yes + auto-aof-rewrite-min-size 64mb + auto-aof-rewrite-percentage 100 {% endif %} {% else %} @@ -77,78 +75,76 @@ rename-command {{ redis_disabled_command }} "" {% endfor %} - {% if redis_enable_v6 %} - always-show-logo yes - hz 10 - dynamic-hz yes + always-show-logo yes + hz 10 + dynamic-hz yes - activerehashing yes - jemalloc-bg-thread yes + activerehashing yes + jemalloc-bg-thread yes - protected-mode {{ redis_protected_mode | ternary('yes', 'no') }} + protected-mode {{ redis_protected_mode | ternary('yes', 'no') }} - # Performance tuning via: - # - https://devdocs.magento.com/guides/v2.4/config-guide/redis/config-redis.html#config-redis-setup - # - http://antirez.com/news/93 - replica-lazy-flush yes - lazyfree-lazy-eviction yes - lazyfree-lazy-expire yes - lazyfree-lazy-server-del yes - lazyfree-lazy-user-del yes + # Performance tuning via: + # - https://devdocs.magento.com/guides/v2.4/config-guide/redis/config-redis.html#config-redis-setup + # - http://antirez.com/news/93 + replica-lazy-flush yes + lazyfree-lazy-eviction yes + lazyfree-lazy-expire yes + lazyfree-lazy-server-del yes + lazyfree-lazy-user-del yes - {# - # These are some of the defaults which we don't explicitly set for now + {# + # These are some of the defaults which we don't explicitly set for now - # latency-monitor-threshold 0 + # latency-monitor-threshold 0 - # client-output-buffer-limit normal 0 0 0 - # client-output-buffer-limit pubsub 32mb 8mb 60 - # client-output-buffer-limit replica 256mb 64mb 60 + # client-output-buffer-limit normal 0 0 0 + # client-output-buffer-limit pubsub 32mb 8mb 60 + # client-output-buffer-limit replica 256mb 64mb 60 - # list-compress-depth 0 - # list-max-ziplist-size -2 + # list-compress-depth 0 + # list-max-ziplist-size -2 - # lua-time-limit 1000 + # lua-time-limit 1000 - # notify-keyspace-events "" + # notify-keyspace-events "" - # oom-score-adj no - # oom-score-adj-values 0 200 800 + # oom-score-adj no + # oom-score-adj-values 0 200 800 - # rdb-del-sync-files no - # rdb-save-incremental-fsync yes + # rdb-del-sync-files no + # rdb-save-incremental-fsync yes - # rdbchecksum yes - # rdbcompression yes + # rdbchecksum yes + # rdbcompression yes - # repl-disable-tcp-nodelay no - # repl-diskless-load disabled - # repl-diskless-sync no - # repl-diskless-sync-delay 5 + # repl-disable-tcp-nodelay no + # repl-diskless-load disabled + # repl-diskless-sync no + # repl-diskless-sync-delay 5 - # replica-lazy-flush no - # replica-priority 100 - # replica-read-only yes - # replica-serve-stale-data yes + # replica-lazy-flush no + # replica-priority 100 + # replica-read-only yes + # replica-serve-stale-data yes - # set-max-intset-entries 512 + # set-max-intset-entries 512 - # slowlog-log-slower-than 10000 - # slowlog-max-len 128 + # slowlog-log-slower-than 10000 + # slowlog-max-len 128 - # stop-writes-on-bgsave-error yes + # stop-writes-on-bgsave-error yes - # stream-node-max-bytes 4096 - # stream-node-max-entries 100 + # stream-node-max-bytes 4096 + # stream-node-max-entries 100 - # tcp-backlog 511 - # tcp-keepalive 300 + # tcp-backlog 511 + # tcp-keepalive 300 - # zset-max-ziplist-entries 128 - # zset-max-ziplist-value 64 - #} + # zset-max-ziplist-entries 128 + # zset-max-ziplist-value 64 + #} - {% endif %} {% for include in redis_includes %} include {{ include }} {% endfor %} diff --git a/roles/cs.repo-elasticsearch/defaults/main.yml b/roles/cs.repo-elasticsearch/defaults/main.yml index d85ba657..ce1684cd 100644 --- a/roles/cs.repo-elasticsearch/defaults/main.yml +++ b/roles/cs.repo-elasticsearch/defaults/main.yml @@ -1,9 +1,2 @@ -repo_elasticsearch_package_name: elasticsearch-release -repo_elasticsearch_name_prefix: elasticsearch -repo_elasticsearch_variants: - - '5' - - '6' - - '7' - -repo_elasticsearch_variants_enabled: - - '5' \ No newline at end of file +repo_elasticsearch_version: '7' +repo_elasticsearch_gpg_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/roles/cs.repo-elasticsearch/meta/main.yml b/roles/cs.repo-elasticsearch/meta/main.yml index aec1c0cb..eaceda65 100644 --- a/roles/cs.repo-elasticsearch/meta/main.yml +++ b/roles/cs.repo-elasticsearch/meta/main.yml @@ -1,28 +1,3 @@ allow_duplicates: yes dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: EPEL repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - elastic - - elasticsearch - - database - - cluster - - search - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle - - diff --git a/roles/cs.repo-elasticsearch/tasks/main.yml b/roles/cs.repo-elasticsearch/tasks/main.yml index 52e50ed3..41f93f1c 100644 --- a/roles/cs.repo-elasticsearch/tasks/main.yml +++ b/roles/cs.repo-elasticsearch/tasks/main.yml @@ -1,17 +1,18 @@ -- name: Ensure Elasticsearch repo release package is installed and up-to-date - yum: - name: "{{ repo_elasticsearch_package_name }}" +- name: Workaround SHA-1 gpg key enable (https://github.com/elastic/elasticsearch/issues/85876) + shell: update-crypto-policies --set LEGACY -- name: Ensure chosen elasticsearch repo variants are enabled - ini_file: +## XXX: it need to be enabled whole time +## But use this when above workaround is no longer needed +# - name: Workaround SHA-1 gpg key disable (https://github.com/elastic/elasticsearch/issues/85876) +# shell: update-crypto-policies --set DEFAULT + +- name: Install gpg cert + rpm_key: state: present - create: no - path: "/etc/yum.repos.d/{{ repo_elasticsearch_filename }}.repo" - section: "{{ repo_elasticsearch_name_prefix }}{{ variant }}" - option: enabled - value: "{{ (variant in repo_elasticsearch_variants_enabled) | ternary('1', '0') }}" - no_extra_spaces: yes - loop: "{{ repo_elasticsearch_variants }}" - loop_control: - loop_var: variant + key: "{{ repo_elasticsearch_gpg_url }}" +- name: Install elasticsearch repo + template: + src: elasticsearch.repo + dest: "/etc/yum.repos.d/elasticsearch.repo" + mode: 0644 diff --git a/roles/cs.repo-elasticsearch/templates/elasticsearch.repo b/roles/cs.repo-elasticsearch/templates/elasticsearch.repo new file mode 100644 index 00000000..a601825f --- /dev/null +++ b/roles/cs.repo-elasticsearch/templates/elasticsearch.repo @@ -0,0 +1,8 @@ +[elasticsearch] +name=Elasticsearch repository for {{ repo_elasticsearch_version }}.x packages +baseurl=https://artifacts.elastic.co/packages/{{ repo_elasticsearch_version }}.x/yum +gpgcheck=1 +gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch +enabled=1 +autorefresh=1 +type=rpm-md diff --git a/roles/cs.repo-epel/meta/main.yml b/roles/cs.repo-epel/meta/main.yml index 6bc73190..e1e5bf66 100644 --- a/roles/cs.repo-epel/meta/main.yml +++ b/roles/cs.repo-epel/meta/main.yml @@ -1,24 +1,2 @@ allow_duplicates: no dependencies: [] - -galaxy_info: - author: Filip Sobalski - description: EPEL repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - rhel - - redhat - - creativestyle - - diff --git a/roles/cs.repo-epel/tasks/main.yml b/roles/cs.repo-epel/tasks/main.yml index 86e6b56d..68a439e3 100644 --- a/roles/cs.repo-epel/tasks/main.yml +++ b/roles/cs.repo-epel/tasks/main.yml @@ -1,6 +1,12 @@ - name: Ensure EPEL repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_epel_package_name }}" - name: Ensure EPEL is enabled command: yum-config-manager --enable epel + +- name: Ensure EPEL is enabled + command: yum-config-manager --enable epel-testing + +- name: Ensure crb is enabled + command: yum-config-manager --enable crb diff --git a/roles/cs.repo-mageops/meta/main.yml b/roles/cs.repo-mageops/meta/main.yml index ac626def..17e64eb8 100644 --- a/roles/cs.repo-mageops/meta/main.yml +++ b/roles/cs.repo-mageops/meta/main.yml @@ -1,23 +1,3 @@ allow_duplicates: no -dependencies: +dependencies: - cs.repo-epel - -galaxy_info: - author: Filip Sobalski - description: MageOps repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle - - diff --git a/roles/cs.repo-mageops/tasks/main.yml b/roles/cs.repo-mageops/tasks/main.yml index 4726d2a2..caadbb56 100644 --- a/roles/cs.repo-mageops/tasks/main.yml +++ b/roles/cs.repo-mageops/tasks/main.yml @@ -1,65 +1,10 @@ -- name: Check status MageOps repo config file - stat: - path: "/etc/yum.repos.d/{{ repo_mageops_config_name }}" - register: _repo_mageops_config_file_check +- name: Install mageops repo + template: + src: mageops.repo + dest: "/etc/yum.repos.d/mageops.repo" + mode: 0644 -- name: Check current keyring key - stat: - path: "{{ repo_mageops_gpg_key_location }}" - register: _repo_mageops_gpg_key_check - -- name: Decide if bootstrap is required - set_fact: - _repo_mageops_bootstrap_required: "{{ not _repo_mageops_config_file_check.stat.exists or not _repo_mageops_gpg_key_check.stat.exists }}" - -- name: Install Mageops GPG key +- name: Install gpg cert rpm_key: state: present - key: "{{ repo_mageops_gpg_key }}" - -- name: Bootstrap MageOps repo by installing remote package - yum: - name: "{{ repo_mageops_release_package_url }}" - state: present - register: result - until: result is succeeded - retries: "{{ repo_mageops_installation_retries }}" - delay: "{{ repo_mageops_installation_delay }}" - when: _repo_mageops_bootstrap_required - notify: Regenerate yum cache for MageOps repo - -- name: Check if repo update is required - stat: - path: "/etc/yum.repos.d/{{ repo_mageops_config_name }}.rpmnew" - register: _repo_mageops_repo_update - -# There is not move functionality to move file. -# Doing copy + delete is more complex so we just execute shell here -# We could also run rpmconf command, but this makes no sense to install that just for this -- name: Update repository configuration - command: "mv '/etc/yum.repos.d/{{ repo_mageops_config_name }}.rpmnew' '/etc/yum.repos.d/{{ repo_mageops_config_name }}'" - when: _repo_mageops_repo_update.stat.exists - -- name: Set higher priority for mageops repo - block: - - name: Install priorities plugin - yum: - name: - - yum-utils - - yum-plugin-priorities - - name: Set priority for mageops repo - ini_file: - path: "/etc/yum.repos.d/{{ repo_mageops_config_name }}" - section: mageops - option: priority - value: "{{ mageops_repo_priority | string }}" - backup: no - no_extra_spaces: yes - when: mageops_repo_priority | bool - -- name: Make sure MageOps repo release package is up to date - yum: - name: "{{ repo_mageops_release_package_name }}" - state: latest - when: _repo_mageops_bootstrap_required - notify: Regenerate yum cache for MageOps repo + key: https://cs-mageops-rocky-9.s3.eu-central-1.amazonaws.com/REPO-GPG-KEY diff --git a/roles/cs.repo-mageops/templates/mageops.repo b/roles/cs.repo-mageops/templates/mageops.repo new file mode 100644 index 00000000..9c0bf88f --- /dev/null +++ b/roles/cs.repo-mageops/templates/mageops.repo @@ -0,0 +1,8 @@ +[mageops] +name=Mageops repository +baseurl=https://cs-mageops-rocky-9.s3.eu-central-1.amazonaws.com/$basearch +gpgcheck=1 +gpgkey=https://cs-mageops-rocky-9.s3.eu-central-1.amazonaws.com/$basearch/RPM-GPG-KEY-MAGEOPS +enabled=1 +failovermethod=priority +autorefresh=1 diff --git a/roles/cs.repo-mariadb/meta/main.yml b/roles/cs.repo-mariadb/meta/main.yml index feb89db2..eaceda65 100644 --- a/roles/cs.repo-mariadb/meta/main.yml +++ b/roles/cs.repo-mariadb/meta/main.yml @@ -1,24 +1,3 @@ allow_duplicates: yes -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: MariaDB repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - database - - sql - - mysql - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle \ No newline at end of file diff --git a/roles/cs.repo-mariadb/tasks/main.yml b/roles/cs.repo-mariadb/tasks/main.yml index 1a19a414..0630e3a0 100644 --- a/roles/cs.repo-mariadb/tasks/main.yml +++ b/roles/cs.repo-mariadb/tasks/main.yml @@ -1,5 +1,5 @@ - name: Ensure MariaDB repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_mariadb_package_name }}" - name: Ensure chosen mariadb repo variants are enabled @@ -14,4 +14,3 @@ loop: "{{ repo_mariadb_variants }}" loop_control: loop_var: variant - diff --git a/roles/cs.repo-mysql/meta/main.yml b/roles/cs.repo-mysql/meta/main.yml index 20453ebd..eaceda65 100644 --- a/roles/cs.repo-mysql/meta/main.yml +++ b/roles/cs.repo-mysql/meta/main.yml @@ -1,24 +1,3 @@ allow_duplicates: yes -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: Installs MySQL Community repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - database - - sql - - mysql - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle \ No newline at end of file diff --git a/roles/cs.repo-mysql/tasks/main.yml b/roles/cs.repo-mysql/tasks/main.yml index 62495add..0896fa44 100644 --- a/roles/cs.repo-mysql/tasks/main.yml +++ b/roles/cs.repo-mysql/tasks/main.yml @@ -1,5 +1,5 @@ - name: Ensure MySQL Community repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_mysql_package_name }}" - name: Ensure chosen mysql repo variants are enabled @@ -14,4 +14,3 @@ loop: "{{ repo_mysql_variants }}" loop_control: loop_var: variant - diff --git a/roles/cs.repo-nginx/defaults/main.yml b/roles/cs.repo-nginx/defaults/main.yml index 1b6b5cde..777e1870 100644 --- a/roles/cs.repo-nginx/defaults/main.yml +++ b/roles/cs.repo-nginx/defaults/main.yml @@ -6,4 +6,3 @@ repo_nginx_variants: repo_nginx_variants_enabled: - stable - diff --git a/roles/cs.repo-nginx/meta/main.yml b/roles/cs.repo-nginx/meta/main.yml index 493d8191..eaceda65 100644 --- a/roles/cs.repo-nginx/meta/main.yml +++ b/roles/cs.repo-nginx/meta/main.yml @@ -1,28 +1,3 @@ allow_duplicates: yes -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: nginx repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - nginx - - webserver - - server - - http - - proxy - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle - - diff --git a/roles/cs.repo-nginx/tasks/main.yml b/roles/cs.repo-nginx/tasks/main.yml index e159e31c..da10e05d 100644 --- a/roles/cs.repo-nginx/tasks/main.yml +++ b/roles/cs.repo-nginx/tasks/main.yml @@ -1,5 +1,5 @@ - name: Ensure nginx repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_nginx_package_name }}" - name: Ensure chosen nginx repo variants are enabled @@ -14,4 +14,3 @@ loop: "{{ repo_nginx_variants }}" loop_control: loop_var: variant - diff --git a/roles/cs.repo-nodejs/meta/main.yml b/roles/cs.repo-nodejs/meta/main.yml index 917b8a93..eaceda65 100644 --- a/roles/cs.repo-nodejs/meta/main.yml +++ b/roles/cs.repo-nodejs/meta/main.yml @@ -1,26 +1,3 @@ allow_duplicates: yes dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: NodeJS NodeSource + Yarn repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - nodejs - - yarn - - search - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle - - diff --git a/roles/cs.repo-nodejs/tasks/main.yml b/roles/cs.repo-nodejs/tasks/main.yml index 838ee822..82bbbaf7 100644 --- a/roles/cs.repo-nodejs/tasks/main.yml +++ b/roles/cs.repo-nodejs/tasks/main.yml @@ -1,5 +1,5 @@ - name: Ensure nodejs repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_nodejs_package_name }}" state: latest diff --git a/roles/cs.repo-rabbitmq/meta/main.yml b/roles/cs.repo-rabbitmq/meta/main.yml index 36a1e965..eaceda65 100644 --- a/roles/cs.repo-rabbitmq/meta/main.yml +++ b/roles/cs.repo-rabbitmq/meta/main.yml @@ -1,27 +1,3 @@ allow_duplicates: yes -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: RabbitMQ repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - rabbitmq - - queue - - messaging - - server - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - creativestyle - - diff --git a/roles/cs.repo-rabbitmq/tasks/main.yml b/roles/cs.repo-rabbitmq/tasks/main.yml index 38dce74d..800b70c1 100644 --- a/roles/cs.repo-rabbitmq/tasks/main.yml +++ b/roles/cs.repo-rabbitmq/tasks/main.yml @@ -1,5 +1,5 @@ - name: Ensure RabbitMQ repo release package is installed and up-to-date - yum: + dnf: name: "{{ repo_rabbitmq_package_name }}" - name: Ensure chosen rabbitmq repo variants are enabled @@ -14,4 +14,3 @@ loop: "{{ repo_rabbitmq_variants }}" loop_control: loop_var: variant - diff --git a/roles/cs.repo-remi/defaults/main.yml b/roles/cs.repo-remi/defaults/main.yml index 4d8e37d0..55f02892 100644 --- a/roles/cs.repo-remi/defaults/main.yml +++ b/roles/cs.repo-remi/defaults/main.yml @@ -1,4 +1,4 @@ -php_repo_remi_package_name: remi-release +php_repo_remi_package_name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm php_repo_remi_variants_enabled: - safe diff --git a/roles/cs.repo-remi/meta/main.yml b/roles/cs.repo-remi/meta/main.yml index 7375977f..eaceda65 100644 --- a/roles/cs.repo-remi/meta/main.yml +++ b/roles/cs.repo-remi/meta/main.yml @@ -1,28 +1,3 @@ allow_duplicates: yes -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: Remi's repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - repository - - packages - - rpm - - mageops - - magento - - magesuite - - rhel - - redhat - - creativestyle - - php - - php-fpm - - remi - - diff --git a/roles/cs.repo-remi/tasks/main.yml b/roles/cs.repo-remi/tasks/main.yml index a5a63055..30030224 100644 --- a/roles/cs.repo-remi/tasks/main.yml +++ b/roles/cs.repo-remi/tasks/main.yml @@ -1,17 +1,8 @@ +- name: Install gpg cert + rpm_key: + state: present + key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2021 + - name: Ensure Remi's repo release package is installed and up-to-date - yum: + dnf: name: "{{ php_repo_remi_package_name }}" - -- name: Ensure chosen Remi's repo variants are enabled - ini_file: - state: present - create: no - path: "/etc/yum.repos.d/{{ variant.value.filename }}.repo" - section: "{{ variant.value.name }}" - option: enabled - value: "{{ (variant.key in php_repo_remi_variants_enabled) | ternary('1', '0') }}" - no_extra_spaces: yes - loop: "{{ php_repo_remi_variants | dict2items }}" - loop_control: - loop_var: variant - label: "{{ variant.key }}" \ No newline at end of file diff --git a/roles/cs.repo-varnish/defaults/main.yml b/roles/cs.repo-varnish/defaults/main.yml index 4dc5be62..917a1de9 100644 --- a/roles/cs.repo-varnish/defaults/main.yml +++ b/roles/cs.repo-varnish/defaults/main.yml @@ -1,12 +1 @@ -repo_varnish_package_name: varnish-release -repo_varnish_name_prefix: varnish -repo_varnish_variants: - - '60lts' - - '60' - - '61' - - '62' - - '63' - -repo_varnish_variants_enabled: - - 60lts - +repo_varnish_gpg_url: https://packagecloud.io/varnishcache/varnish72/gpgkey diff --git a/roles/cs.repo-varnish/meta/main.yml b/roles/cs.repo-varnish/meta/main.yml index 320f20eb..3595b7d5 100644 --- a/roles/cs.repo-varnish/meta/main.yml +++ b/roles/cs.repo-varnish/meta/main.yml @@ -1,27 +1,3 @@ allow_duplicates: no -dependencies: +dependencies: - cs.repo-mageops - -galaxy_info: - author: Filip Sobalski - description: Varnish repository for CentOS - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - repository - - packages - - mageops - - magento - - magesuite - - creativestyle - - varnish - - http - - cache - - caching - - server - - diff --git a/roles/cs.repo-varnish/tasks/main.yml b/roles/cs.repo-varnish/tasks/main.yml index 7281dd4e..ef0c3cd1 100644 --- a/roles/cs.repo-varnish/tasks/main.yml +++ b/roles/cs.repo-varnish/tasks/main.yml @@ -1,17 +1,10 @@ -- name: Ensure Varnish repo release package is installed and up-to-date - yum: - name: "{{ repo_varnish_package_name }}" - -- name: Ensure chosen varnish repo variants are enabled - ini_file: +- name: Install gpg cert + rpm_key: state: present - create: no - path: "/etc/yum.repos.d/{{ repo_varnish_filename }}.repo" - section: "{{ repo_varnish_name_prefix }}{{ variant }}" - option: enabled - value: "{{ (variant in repo_varnish_variants_enabled) | ternary('1', '0') }}" - no_extra_spaces: yes - loop: "{{ repo_varnish_variants }}" - loop_control: - loop_var: variant + key: "{{ repo_varnish_gpg_url }}" +- name: Install varnish lts repo + template: + src: varnish60lts.repo + dest: "/etc/yum.repos.d/varnish60lts.repo" + mode: 0644 diff --git a/roles/cs.repo-varnish/templates/varnish60lts.repo b/roles/cs.repo-varnish/templates/varnish60lts.repo new file mode 100644 index 00000000..b99106a1 --- /dev/null +++ b/roles/cs.repo-varnish/templates/varnish60lts.repo @@ -0,0 +1,21 @@ +[varnishcache_varnish60lts] +name=varnishcache_varnish60lts +baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/9/$basearch +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +[varnishcache_varnish60lts-source] +name=varnishcache_varnish60lts-source +baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/9/SRPMS +repo_gpgcheck=1 +gpgcheck=0 +enabled=0 +gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/roles/cs.s3-fuse-goofys/tasks/main.yml b/roles/cs.s3-fuse-goofys/tasks/main.yml index d608e2f9..3baaced9 100644 --- a/roles/cs.s3-fuse-goofys/tasks/main.yml +++ b/roles/cs.s3-fuse-goofys/tasks/main.yml @@ -1,4 +1,4 @@ - name: Install goofys packages - yum: + dnf: name: goofys state: present diff --git a/roles/cs.s3-fuse-s3fs/tasks/main.yml b/roles/cs.s3-fuse-s3fs/tasks/main.yml index be8e22da..77cb5e0e 100644 --- a/roles/cs.s3-fuse-s3fs/tasks/main.yml +++ b/roles/cs.s3-fuse-s3fs/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install s3fs from RPM - yum: + dnf: name: s3fs-fuse state: present diff --git a/roles/cs.selinux-disable/tasks/main.yml b/roles/cs.selinux-disable/tasks/main.yml new file mode 100644 index 00000000..0f65685a --- /dev/null +++ b/roles/cs.selinux-disable/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Check if selinux is installed + stat: + path: /etc/selinux/config + register: selinux_config_file + +- name: Disable selinux if installed + when: selinux_config_file.stat.exists is defined and selinux_config_file.stat.exists + block: + - name: Install libselinux + dnf: + name: python3-libselinux + state: present + + - name: Make selinux permissive + ansible.posix.selinux: + policy: targeted + state: permissive + + - name: disable in active system + shell: setenforce 0 + + - name: remove setroubleshoot-server + dnf: + name: setroubleshoot-server + state: absent diff --git a/roles/cs.sshd/tasks/main.yml b/roles/cs.sshd/tasks/main.yml index 025647d9..cb32d6bd 100644 --- a/roles/cs.sshd/tasks/main.yml +++ b/roles/cs.sshd/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install SSH Daemon packages - yum: + dnf: name: openssh-server state: present notify: Reload SSH Daemon @@ -73,5 +73,3 @@ until: sshd_service_reloaded is success retries: 5 delay: 5 - - diff --git a/roles/cs.supervisor/tasks/main.yml b/roles/cs.supervisor/tasks/main.yml index b1bf5181..e1163d0a 100644 --- a/roles/cs.supervisor/tasks/main.yml +++ b/roles/cs.supervisor/tasks/main.yml @@ -1,44 +1,8 @@ -# TODO: WE cannot install global PIP packages, -# this should be installed from yum. Current PIP version is 4.1 -# while official CentOS repo have 3.4.0. We need to check if -# we're compatible with 3.4.0 before the downgrade. - name: Install supervisor - pip: + dnf: name: supervisor state: present -- name: Install systemd service config - template: - src: supervisord.service - dest: /etc/systemd/system/supervisord.service - register: _svd_unit_install - -- name: Perform systemd daemon-reload - systemd: - daemon_reload: yes - when: _svd_unit_install is changed - -- name: Create supervisor config - template: - src: supervisord.conf.j2 - dest: "/etc/supervisord.conf" - owner: root - force: yes - mode: 0655 - notify: Restart supervisord - -- name: Create config directory - file: - path: /etc/supervisor.d - state: directory - mode: 0755 - -- name: Create log directory - file: - path: /var/log/supervisor - state: directory - mode: 0755 - - name: Ensure custom taks configuration exists template: src: "{{ mageops_project_templates_dir }}/{{ item.src }}" diff --git a/roles/cs.supervisor/templates/supervisord.conf.j2 b/roles/cs.supervisor/templates/supervisord.conf.j2 deleted file mode 100644 index 3df9120b..00000000 --- a/roles/cs.supervisor/templates/supervisord.conf.j2 +++ /dev/null @@ -1,141 +0,0 @@ -; Sample supervisor config file. -; -; For more information on the config file, please see: -; http://supervisord.org/configuration.html -; -; Notes: -; - Shell expansion ("~" or "$HOME") is not supported. Environment -; variables can be expanded using this syntax: "%(ENV_HOME)s". -; - Comments must have a leading space: "a=b ;comment" not "a=b;comment". - -[unix_http_server] -file=/var/run/supervisord.sock ; (the path to the socket file) -;chmod=0700 ; socket file mode (default 0700) -;chown=nobody:nogroup ; socket file uid:gid owner -;username=user ; (default is no username (open server)) -;password=123 ; (default is no password (open server)) - -;[inet_http_server] ; inet (TCP) server disabled by default -;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) -;username=user ; (default is no username (open server)) -;password=123 ; (default is no password (open server)) - -[supervisord] -logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) -logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) -logfile_backups=10 ; (num of main logfile rotation backups;default 10) -loglevel=info ; (log level;default info; others: debug,warn,trace) -pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) -nodaemon=false ; (start in foreground if true;default false) -minfds=1024 ; (min. avail startup file descriptors;default 1024) -minprocs=200 ; (min. avail process descriptors;default 200) -;umask=022 ; (process file creation umask;default 022) -;user=chrism ; (default is current user, required if root) -;identifier=supervisor ; (supervisord identifier, default is 'supervisor') -;directory=/tmp ; (default is not to cd during start) -;nocleanup=true ; (don't clean up tempfiles at start;default false) -;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) -;environment=KEY="value" ; (key value pairs to add to environment) -;strip_ansi=false ; (strip ansi escape codes in logs; def. false) - -; the below section must remain in the config file for RPC -; (supervisorctl/web interface) to work, additional interfaces may be -; added by defining them in separate rpcinterface: sections -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl=unix:///var/run/supervisord.sock ; use a unix:// URL for a unix socket -;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket -;username=chris ; should be same as http_username if set -;password=123 ; should be same as http_password if set -;prompt=mysupervisor ; cmd line prompt (default "supervisor") -;history_file=~/.sc_history ; use readline history if available - -; The below sample program section shows all possible program subsection values, -; create one or more 'real' program: sections to be able to control them under -; supervisor. - -;[program:theprogramname] -;command=/bin/cat ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=999 ; the relative start priority (default 999) -;autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -;startretries=3 ; max # of serial start failures when starting (default 3) -;autorestart=unexpected ; when to restart if exited after running (def: unexpected) -;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=true ; redirect proc stderr to stdout (default false) -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) -;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) -;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;environment=A="1",B="2" ; process environment additions (def no adds) -;serverurl=AUTO ; override serverurl computation (childutils) - -; The below sample eventlistener section shows all possible -; eventlistener subsection values, create one or more 'real' -; eventlistener: sections to be able to handle event notifications -; sent by supervisor. - -;[eventlistener:theeventlistenername] -;command=/bin/eventlistener ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;events=EVENT ; event notif. types to subscribe to (req'd) -;buffer_size=10 ; event buffer queue size (default 10) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=-1 ; the relative start priority (default -1) -;autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -;startretries=3 ; max # of serial start failures when starting (default 3) -;autorestart=unexpected ; autorestart if exited after running (def: unexpected) -;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;environment=A="1",B="2" ; process environment additions -;serverurl=AUTO ; override serverurl computation (childutils) - -; The below sample group section shows all possible group values, -; create one or more 'real' group: sections to create "heterogeneous" -; process groups. - -;[group:thegroupname] -;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions -;priority=999 ; the relative start priority (default 999) - -; The [include] section can just contain the "files" setting. This -; setting can list multiple files (separated by whitespace or -; newlines). It can also contain wildcards. The filenames are -; interpreted as relative to this file. Included files *cannot* -; include files themselves. - -[include] -files = /etc/supervisor.d/*.conf diff --git a/roles/cs.supervisor/templates/supervisord.service b/roles/cs.supervisor/templates/supervisord.service deleted file mode 100644 index 94954bca..00000000 --- a/roles/cs.supervisor/templates/supervisord.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Supervisor process control system for UNIX -Documentation=http://supervisord.org -After=network.target var-www-magento-shared-var-global.mount -ConditionPathExists=!{{ magento_live_release_dir }}/var/global/.maintenance.flag - -[Service] -ExecStart=/usr/bin/supervisord -n -c /etc/supervisord.conf -ExecStop=/usr/bin/supervisorctl -c /etc/supervisord.conf $OPTIONS shutdown -ExecReload=/usr/bin/supervisorctl -c /etc/supervisord.conf $OPTIONS reload -KillMode=process - -Restart=on-failure -RestartSec=50s - -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=supervisord - -[Install] -WantedBy=multi-user.target diff --git a/roles/cs.switch-to-dnf/files/dnf.conf b/roles/cs.switch-to-dnf/files/dnf.conf index 685079b1..d04e79d4 100644 --- a/roles/cs.switch-to-dnf/files/dnf.conf +++ b/roles/cs.switch-to-dnf/files/dnf.conf @@ -1,6 +1,7 @@ [main] -gpgcheck=1 +gpgcheck=True installonly_limit=3 clean_requirements_on_remove=True -fastestmirror=true -max_parallel_downloads=10 +best=False +fastestmirror=True +max_parallel_downloads=20 diff --git a/roles/cs.switch-to-dnf/meta/main.yml b/roles/cs.switch-to-dnf/meta/main.yml new file mode 100644 index 00000000..1e12d026 --- /dev/null +++ b/roles/cs.switch-to-dnf/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - cs.repo-mageops diff --git a/roles/cs.switch-to-dnf/tasks/main.yml b/roles/cs.switch-to-dnf/tasks/main.yml index 5d9e81ef..a21098db 100644 --- a/roles/cs.switch-to-dnf/tasks/main.yml +++ b/roles/cs.switch-to-dnf/tasks/main.yml @@ -1,8 +1,9 @@ - name: Install dnf for speedup when installing packages - yum: + dnf: name: - dnf - - dnf-plugins-core + - python3-dnf-plugins-core + - python3-dnf-plugin-cow state: present - name: Set dnf configuration diff --git a/roles/cs.tuned/tasks/main.yml b/roles/cs.tuned/tasks/main.yml index 90a5139b..4bad69c1 100644 --- a/roles/cs.tuned/tasks/main.yml +++ b/roles/cs.tuned/tasks/main.yml @@ -1,2 +1,7 @@ +- name: Install tuned + dnf: + name: tuned + state: present + - name: Set tuned profile shell: "tuned-adm profile {{ tuned_profile }}" diff --git a/roles/cs.unison/tasks/install-centos.yml b/roles/cs.unison/tasks/install-centos.yml index ab1aa540..bfbeea16 100644 --- a/roles/cs.unison/tasks/install-centos.yml +++ b/roles/cs.unison/tasks/install-centos.yml @@ -6,14 +6,14 @@ state: present - name: Make sure conflicting packages are absent - yum: + dnf: name: - unison-static - unison-ocaml406 state: absent - name: Install latest unison version from MageOps RPM repo - yum: + dnf: name: unison state: latest enablerepo: mageops diff --git a/roles/cs.vagrant-sudo/tasks/main.yml b/roles/cs.vagrant-sudo/tasks/main.yml index 722483e2..93394d16 100644 --- a/roles/cs.vagrant-sudo/tasks/main.yml +++ b/roles/cs.vagrant-sudo/tasks/main.yml @@ -1,9 +1,9 @@ - name: Install sudo package - yum: + dnf: name: sudo - name: Add superuser group - group: + group: name: wheel state: present @@ -13,4 +13,4 @@ regexp: "^\\s*%wheel\\s+ALL\\s*=" dest: /etc/sudoers state: present - validate: "visudo -cf %s" \ No newline at end of file + validate: "visudo -cf %s" diff --git a/roles/cs.varnish-manager/meta/main.yml b/roles/cs.varnish-manager/meta/main.yml index c46138a0..e69de29b 100644 --- a/roles/cs.varnish-manager/meta/main.yml +++ b/roles/cs.varnish-manager/meta/main.yml @@ -1,21 +0,0 @@ -galaxy_info: - author: creativestyle - description: Autoscaling Varnish backends Manager for MageOps Infrastructure - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - varnish - - aws - - autoscaling - - webserver - - server - - http - - proxy - - mageops - - magento - - magesuite - - creativestyle diff --git a/roles/cs.varnish-purge-proxy/templates/varnish-purge-proxy.init.d.j2 b/roles/cs.varnish-purge-proxy/templates/varnish-purge-proxy.init.d.j2 index c10c9071..801ec091 100644 --- a/roles/cs.varnish-purge-proxy/templates/varnish-purge-proxy.init.d.j2 +++ b/roles/cs.varnish-purge-proxy/templates/varnish-purge-proxy.init.d.j2 @@ -25,7 +25,7 @@ export PATH name=varnish-purge-proxy program={{ varnish_pp_bin.path }} args='aws {{ varnish_pp_instance_tags }} --listen={{ varnish_pp_listen_address }} --destport={{ varnish_pp_listen_port }} --port={{ varnish_pp_listen_port }}' -pidfile="/var/run/$name.pid" +pidfile="/run/$name.pid" [ -r /etc/default/$name ] && . /etc/default/$name [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name diff --git a/roles/cs.varnish/defaults/main.yml b/roles/cs.varnish/defaults/main.yml index 863aeabc..cb83f729 100644 --- a/roles/cs.varnish/defaults/main.yml +++ b/roles/cs.varnish/defaults/main.yml @@ -63,7 +63,8 @@ varnish_workspace_client: 64k varnish_workspace_thread: 4k # As of varnish 6.0 the default is 48k and lower values cause segfault with our VCL -varnish_thread_pool_stack: 64k +# 128k is minimum for aarch64 +varnish_thread_pool_stack: 128k # Max. number of thread pools that should be at most the number of vCPUs # See: https://varnish-cache.org/docs/6.0/reference/varnishd.html#thread-pool-max @@ -172,7 +173,7 @@ varnish_media_cors_max_age: 2678400 varnish_vcl_conf: /etc/varnish/default.vcl varnish_backends_vcl: /etc/varnish/backends.vcl -varnish_run_dir: /var/run/varnish +varnish_run_dir: /run/varnish varnish_pid_file: "{{ varnish_run_dir }}/varnish.pid" varnish_syscfg_limit_nofile: 131072 diff --git a/roles/cs.varnish/meta/main.yml b/roles/cs.varnish/meta/main.yml index 1fe9b278..49613e25 100644 --- a/roles/cs.varnish/meta/main.yml +++ b/roles/cs.varnish/meta/main.yml @@ -5,26 +5,3 @@ dependencies: - role: cs.aws-cloudfront-facts delegate_to: localhost when: aws_use and aws_cloudfront_distribution_create - - -galaxy_info: - author: creativestyle - description: Varnish server for MageOps Infrastructure - company: creativestyle Polska - license: license (BSD, MIT) - min_ansible_version: 2.7 - platforms: - - name: EL - versions: [7] - galaxy_tags: - - varnish - - aws - - autoscaling - - webserver - - server - - http - - proxy - - mageops - - magento - - magesuite - - creativestyle diff --git a/roles/cs.varnish/tasks/001-install.yml b/roles/cs.varnish/tasks/001-install.yml index 11047a98..058cc41a 100644 --- a/roles/cs.varnish/tasks/001-install.yml +++ b/roles/cs.varnish/tasks/001-install.yml @@ -1,10 +1,10 @@ - name: Install Varnish Packages - yum: + dnf: name: "{{ [varnish_package_name] + varnish_extra_packages }}" state: present - name: Install blobdigest module - yum: + dnf: name: "varnish-module-blobdigest" state: present when: varnish_magento_vary_sign diff --git a/roles/cs.versionlock/tasks/main.yml b/roles/cs.versionlock/tasks/main.yml index a29abf78..331d81c1 100644 --- a/roles/cs.versionlock/tasks/main.yml +++ b/roles/cs.versionlock/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install versionlock plugin - yum: + dnf: name: - yum-plugin-versionlock - dnf-plugin-versionlock diff --git a/site.maintenance.aws-remove-all.yml b/site.maintenance.aws-remove-all.yml index 83662461..71be44eb 100644 --- a/site.maintenance.aws-remove-all.yml +++ b/site.maintenance.aws-remove-all.yml @@ -1,10 +1,18 @@ - hosts: localhost connection: local - roles: - - role: cs.aws-region-facts - - role: cs.aws-rds-facts - - role: cs.aws-node-facts - - role: cs.aws-autoscaling-facts + pre_tasks: + - name: Get VPC data + block: + - name: Get VPC data + amazon.aws.ec2_vpc_net_info: + region: "{{ aws_region }}" + filters: + "tag:Project": "{{ mageops_project }}" + "tag:Environment": "{{ mageops_environment }}" + register: _aws_vpc + - name: Set VPC ID + set_fact: + _aws_vpc_id: "{{ _aws_vpc | json_query('vpcs[0].vpc_id')}}" tasks: @@ -31,11 +39,35 @@ when: remove_ec2 - name: Remove RDS - rds_instance: - state: absent - region: "{{ aws_region }}" - db_instance_identifier: "{{ aws_rds_instance.db_instance_identifier }}" - skip_final_snapshot: yes + block: + - name: Get list of RDS instances + community.aws.rds_instance_info: + region: "{{ aws_region }}" + register: _rds_instances_info + - name: Set list of rds instances + set_fact: + _aws_rds_instances: "{{ _rds_instances_info.instances }}" + - name: Filter rds instance list by tags + set_fact: + _aws_rds_instances: "{{ _aws_rds_instances | json_query(rds_instances_tag_filter_query) | default([]) }}" + vars: + rds_instances_tag_filter_query: "[?{% for k, v in aws_rds_facts_mysql_tags.items() -%}tags.{{ k }} == '{{ v }}'{% if not loop.last %} && {% endif %}{% endfor %}]" + - name: Warn when more than one instance has been found + debug: + msg: | + Warning! More than one matching rds instance found, using first one. + Found: {{ _aws_rds_instances | map(attribute='db_instance_identifier') | join(', ') }} + when: _aws_rds_instances | length > 1 + - name: Set facts about project's rds instance + set_fact: + aws_rds_instance_id: "{{ (_aws_rds_instances | first).db_instance_identifier }}" + when: _aws_rds_instances | length > 0 + - name: Terminate RDS instance + when: _aws_rds_instance_id == aws_rds_instance_name + rds: + command: delete + instance_name: "{{ aws_rds_instance_name }}" + # snapshot: "{{ aws_rds_instance_name }}-snapshot" when: remove_rds - name: Remove Volumes @@ -86,7 +118,7 @@ - name: Remove Security Groups block: - name: Get list of Security Groups for VPC - ec2_group_facts: + amazon.aws.ec2_group_info: region: "{{ aws_region }}" filters: "vpc-id": "{{ _aws_vpc_id }}" diff --git a/site.step-10-infrastructure-aws.yml b/site.step-10-infrastructure-aws.yml index fb854ef2..396f018f 100644 --- a/site.step-10-infrastructure-aws.yml +++ b/site.step-10-infrastructure-aws.yml @@ -27,14 +27,17 @@ lb_http_port: "{{ mageops_varnish_port }}" when: aws_elb_create - role: cs.aws-ami-facts + ami_facts_instance: "{{ aws_varnish_node_instance_type }}" + - role: cs.aws-ami-facts + ami_facts_instance: "{{ aws_persistent_node_instance_type }}" - role: cs.aws-node-facts - role: cs.aws-node-varnish - aws_varnish_node_root_device: "{{ aws_ami_root_device }}" + aws_varnish_node_root_device: "{{ aws_ami_clean_base_info[aws_varnish_node_instance_type].root_device_name }}" aws_varnish_node_vpc_subnet_id: "{{ aws_vpc_subnet_id }}" aws_varnish_instance_id: "{{ aws_varnish_node_instance.instance_id | default(false) }}" when: varnish_standalone - role: cs.aws-node-persistent - aws_persistent_node_root_device: "{{ aws_ami_root_device }}" + aws_persistent_node_root_device: "{{ aws_ami_clean_base_info[aws_persistent_node_instance_type].root_device_name }}" aws_persistent_node_vpc_subnet_id: "{{ aws_vpc_subnet_id }}" aws_persistent_instance_id: "{{ aws_persistent_node_instance.instance_id | default(false) }}" when: aws_persistent_node_create diff --git a/site.step-15-varnish.yml b/site.step-15-varnish.yml index 3699689c..033527ec 100644 --- a/site.step-15-varnish.yml +++ b/site.step-15-varnish.yml @@ -11,9 +11,8 @@ node_name: varnish versionlock_packages: "{{ versionlock_varnish_packages + versionlock_varnish_packages_extra }}" versionlock_ban_packages: "{{ versionlock_varnish_ban_packages + versionlock_varnish_ban_packages_extra }}" - - role: pinkeen.selinux-disable - - role: cs.centos-update-kernel - when: mageops_upgrade_kernel + - role: cs.selinux-disable + - role: cs.optimize-kernel - role: cs.tuned - role: cs.swap - role: cs.earlyoom @@ -22,11 +21,7 @@ packages_mirrorlist_countrycode: "{{ mageops_packages_mirrorlist_countrycode | default(false) }}" packages_install: "{{ mageops_packages_common + mageops_packages_varnish + mageops_packages_varnish_extra }}" packages_remove: "{{ mageops_packages_banned }}" - - role: cs.provisioning-migrations - - role: cs.packages - packages_mirrorlist_countrycode: "{{ mageops_packages_mirrorlist_countrycode | default(false) }}" - packages_install: "{{ mageops_packages_common + mageops_packages_varnish + mageops_packages_varnish_extra }}" - packages_remove: "{{ mageops_packages_banned }}" + packages_full_update: no - role: cs.mageops-cli-profile - role: cs.mageops-cli-user mageops_cli_user: root @@ -93,6 +88,7 @@ monitoring_varnish_exporter_enabled: yes when: mageops_monitoring_enabled + - role: cs.packages - role: cs.pkg-mgr-cleanup tasks: diff --git a/site.step-20-persistent.yml b/site.step-20-persistent.yml index c67df06b..f9c942c0 100644 --- a/site.step-20-persistent.yml +++ b/site.step-20-persistent.yml @@ -21,9 +21,8 @@ node_name: persistent versionlock_packages: "{{ versionlock_persistent_packages + versionlock_persistent_packages_extra }}" versionlock_ban_packages: "{{ versionlock_persistent_ban_packages + versionlock_persistent_ban_packages_extra }}" - - role: pinkeen.selinux-disable - - role: cs.centos-update-kernel - when: mageops_upgrade_kernel + - role: cs.selinux-disable + - role: cs.optimize-kernel - role: cs.tuned - role: cs.swap - role: cs.earlyoom @@ -32,11 +31,7 @@ packages_mirrorlist_countrycode: "{{ mageops_packages_mirrorlist_countrycode | default(false) }}" packages_install: "{{ mageops_packages_common + mageops_packages_persistent + mageops_packages_persistent_extra }}" packages_remove: "{{ mageops_packages_banned }}" - - role: cs.provisioning-migrations - - role: cs.packages - packages_mirrorlist_countrycode: "{{ mageops_packages_mirrorlist_countrycode | default(false) }}" - packages_install: "{{ mageops_packages_common + mageops_packages_persistent + mageops_packages_persistent_extra }}" - packages_remove: "{{ mageops_packages_banned }}" + packages_full_update: no - role: cs.mageops-cli-profile - role: cs.mageops-cli-user mageops_cli_user: root @@ -93,6 +88,7 @@ monitoring_elasticsearch_exporter_enabled: yes monitoring_redis_exporter_enabled: yes when: mageops_monitoring_enabled + - role: cs.packages - role: cs.pkg-mgr-cleanup tasks: diff --git a/site.step-30-builder.yml b/site.step-30-builder.yml index 3a0a90e5..8db884cb 100644 --- a/site.step-30-builder.yml +++ b/site.step-30-builder.yml @@ -16,8 +16,8 @@ {{ aws_app_node_base_ami_id_forced | default( aws_ami_force_clean_build | ternary( - aws_ami_clean_base_id, - aws_ami_app_node_id | default(aws_ami_clean_base_id, true) + aws_ami_clean_base_info[aws_app_builder_node_instance_type].image_id, + aws_ami_app_node_id | default(aws_ami_clean_base_info[aws_app_builder_node_instance_type].image_id, true) ), true ) @@ -30,7 +30,7 @@ builder_instance_ssh_key_name: "{{ aws_ec2_ssh_key_name }}" builder_instance_iam_role: "{{ aws_iam_role_app_node }}" builder_instance_user_data: "{{ aws_ec2_instance_user_data }}" - builder_instance_root_device: "{{ aws_ami_root_device }}" + builder_instance_root_device: "{{ aws_ami_clean_base_info[aws_app_builder_node_instance_type].root_device_name }}" builder_instance_security_groups: - "{{ aws_security_group_app_id }}" - "{{ aws_security_group_ssh_id }}" diff --git a/site.step-40-app-node.yml b/site.step-40-app-node.yml index fe094850..aac1cfe4 100644 --- a/site.step-40-app-node.yml +++ b/site.step-40-app-node.yml @@ -24,15 +24,30 @@ - role: cs.switch-to-dnf + - role: cs.mageops-cli-user + mageops_cli_user: root + mageops_cli_user_bashrc_fragments: + - magento-root + + - role: cs.mageops-cli-user + mageops_cli_user: "{{ magento_user }}" + mageops_cli_user_group: "{{ magento_group }}" + mageops_cli_user_uid: "{{ magento_uid }}" + mageops_cli_user_gid: "{{ magento_gid }}" + mageops_cli_user_bashrc_fragments: + - magento + + - role: cs.mageops-authorize-keys + mageops_ssh_authorize_app: yes + - role: cs.versionlock node_name: app versionlock_packages: "{{ versionlock_app_node_packages + versionlock_app_node_packages_extra }}" versionlock_ban_packages: "{{ versionlock_app_node_ban_packages + versionlock_app_node_ban_packages_extra }}" - - role: pinkeen.selinux-disable + - role: cs.selinux-disable - - role: cs.centos-update-kernel - when: mageops_upgrade_kernel + - role: cs.optimize-kernel - role: cs.tuned @@ -50,34 +65,16 @@ - role: cs.earlyoom when: mageops_earlyoom_enable - - role: cs.packages - packages_install: "{{ mageops_packages_common + mageops_packages_app_node + mageops_packages_app_node_extra }}" - - - role: cs.provisioning-migrations + - role: cs.aws-cli + when: aws_use - role: cs.packages packages_install: "{{ mageops_packages_common + mageops_packages_app_node + mageops_packages_app_node_extra }}" - - - role: cs.mageops-cli-user - mageops_cli_user: root - mageops_cli_user_bashrc_fragments: - - magento-root - - - role: cs.mageops-cli-user - mageops_cli_user: "{{ magento_user }}" - mageops_cli_user_group: "{{ magento_group }}" - mageops_cli_user_uid: "{{ magento_uid }}" - mageops_cli_user_gid: "{{ magento_gid }}" - mageops_cli_user_bashrc_fragments: - - magento + packages_full_update: no - role: cs.mageops-cli-profile - - role: cs.mageops-authorize-keys - mageops_ssh_authorize_app: yes - - role: cs.aws-cli - when: aws_use - role: cs.cron @@ -168,6 +165,10 @@ monitoring_php_fpm_exporter_enabled: yes when: mageops_monitoring_enabled + # We need to upgrade packages at the end as they might break some ansible action + # ansible would need to recconnect to node to refresh some python dependencies + - role: cs.packages + tasks: - set_fact: mageops_extra_tasks_app_node: [ diff --git a/site.step-60-autoscaling.yml b/site.step-60-autoscaling.yml index dd39986e..cba72b05 100644 --- a/site.step-60-autoscaling.yml +++ b/site.step-60-autoscaling.yml @@ -5,6 +5,7 @@ gather_facts: no roles: - role: cs.aws-ami-facts + ami_facts_instance: "{{ aws_app_node_instance_type }}" delegate_to: localhost tasks: - block: @@ -59,6 +60,9 @@ ) }} roles: + - role: cs.aws-ami-facts + ami_facts_instance: "{{ aws_app_node_instance_type }}" + delegate_to: localhost - role: cs.aws-autoscaling autoscaling_assign_public_ip: yes autoscaling_loadbalancers: "{{ aws_app_asg_load_balancers }}" diff --git a/vagrant.vbox-guest-additions.yml b/vagrant.vbox-guest-additions.yml index 3b387a7a..ef947cd9 100644 --- a/vagrant.vbox-guest-additions.yml +++ b/vagrant.vbox-guest-additions.yml @@ -10,7 +10,7 @@ state: mounted - name: Install development tools - yum: + dnf: name: - "dkms" - "@Development tools" @@ -29,4 +29,4 @@ src: /dev/sr0 state: absent - # Now vagrant needs to be rebooted \ No newline at end of file + # Now vagrant needs to be rebooted diff --git a/vagrant.xdebug.yml b/vagrant.xdebug.yml index 27fc182c..44d6e40d 100644 --- a/vagrant.xdebug.yml +++ b/vagrant.xdebug.yml @@ -2,7 +2,7 @@ become: yes tasks: - name: Install xdebug extension - yum: + dnf: state: present name: php-pecl-xdebug3 when: xdebug_enable | bool @@ -20,7 +20,7 @@ regexp: "xdebug.remote_connect_back =" when: xdebug_enable | bool - name: Remove xdebug extension - yum: + dnf: state: absent name: php-pecl-xdebug3 when: not xdebug_enable | bool