Skip to content

Instantly share code, notes, and snippets.

@phips

phips/hasetup.yml

Last active September 11, 2017 17:56
Show Gist options
  • Save phips/04f11a89f5c28aaea162 to your computer and use it in GitHub Desktop.
Save phips/04f11a89f5c28aaea162 to your computer and use it in GitHub Desktop.
Download ZIP
Tower HA pre-run
Raw
hasetup.yml
---
# vim: set ft=ansible sw=2 ts=2 et:
#
# Prepare for Tower HA install
#
#* Download offline bundle
#* Unarchive offline bundle on ALL hosts
#* do ./bundle_setup.sh on ALL hosts
#* do pre-dependency installs [yum install -y $(cat required_os_packages.txt)] on PRIMARY host
#
# On primary
# Put this gist in ansible-tower-setup-2.2.* directory
#
# get these:
# https://github.com/chrismeyersfsu/role-required_vars/archive/master.zip
# https://github.com/chrismeyersfsu/role-install_mongod
#
# cd to ansible-tower-setup-2.2.*/roles
# unzip master
# mv role-required_vars-master chrismeyersfsu.required_vars
# unzip updates_for_ha_support.zip
# mv role-install_mongod install_mongod
## cut off the iptables dependency
# head -n-2 install_mongod/meta/main.yml > xx && mv xx install_mongod/meta/main.yml
#
# run ./configure - DO NOT run setup.sh yet -- strongly recommended you configure the one primary
# and at least two secondary hosts. ** This play has been tested with two 2arys **
#
# run...
# ansible-playbook -i inventory hasetup.yml -e pw=(password_for_database_user) -e repl_pw=(password_for_database_replication) -e install_mongod_admin_password=(obvious) -e install_mongod_user_password=(also_obvious) -e bundled=True
#
# ...this should set up postgres and mongo across the three hosts.
#
# run setup.sh
- hosts: all
sudo: yes
vars:
dbuser: awx
dbname: awx
dbpath: /var/lib/pgsql/9.4/data
pre_tasks:
- name: Check for variables
fail:
msg: 'Must pass -e pw for DB user, repl_pw for replication user'
when: (pw is not defined) or (repl_pw is not defined)
- name: Check for OS version
fail:
msg: 'Only tested on RHEL'
when: ansible_os_family != 'RedHat'
- name: CBA with selinux
selinux:
state: permissive
policy: targeted
- name: Check for availability of postgresql94
command: yum info postgresql94
register: check
ignore_errors: true
- name: Install pgdg94 yum repo
yum:
name: http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-redhat94-9.4-1.noarch.rpm
state: present
when: check|failed
- name: Ensure packages are installed
yum:
name: "{{ item }}"
with_items:
- libselinux-python
- postgresql94-server
- python-psycopg2
# https://github.com/phips/role-install_mongod/tree/updates_for_ha_support
# README!! https://github.com/phips/role-install_mongod/blob/updates_for_ha_support/README.md
roles:
- { role: install_mongod
, install_mongod_admin_username: admin
, install_mongod_admin_password: ''
, install_mongod_user_username: awx
, install_mongod_user_password: ''
, install_mongod_user_database: awx
, install_mongod_replset: tower
, install_mongod_keyfile: '/etc/pki/mongo/keyfile'
, tags: mongo }
- hosts: primary
sudo: yes
sudo_user: postgres
vars:
dbuser: awx
dbname: awx
dbpath: /var/lib/pgsql/9.4/data
initdb:
"6": /sbin/service postgresql-9.4 initdb
"7": /usr/pgsql-9.4/bin/postgresql94-setup initdb
tasks:
- name: initdb
command: "{{ initdb[ansible_distribution_major_version] }}"
args:
creates: "{{ dbpath }}/PG_VERSION"
sudo: yes
sudo_user: root
- name: Ensure pgsql is listening on IP
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^listen_addresses
line: "listen_addresses = '{{ ansible_default_ipv4.address }}'"
state: present
notify: restartdb
- name: Set wal_level
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^wal_level
line: "wal_level = 'hot_standby'"
state: present
# needs prefix on network
- name: Ensure dbuser has remote access to db
lineinfile:
dest: "{{ dbpath }}/pg_hba.conf"
regexp: ^host.+awx
line: "host {{ dbname }} {{ dbuser }} samenet md5"
state: present
sudo: yes
sudo_user: postgres
notify: restartdb
- name: Ensure pgsql service is started
service:
name: postgresql-9.4
state: started
enabled: true
sudo: yes
sudo_user: root
# This will be much easier in 1.9 with the hash() filter
- name: Create encrypted password
shell: echo -n {{ pw }}{{ dbuser }} | /usr/bin/openssl dgst -md5
register: towerpw
changed_when: false
- name: Ensure DB user exists
postgresql_user:
name: "{{ dbuser }}"
encrypted: True
password: 'md5{{ towerpw.stdout | regex_replace(".+?\s","") }}'
sudo: yes
sudo_user: postgres
- name: Ensure Tower DB exists
postgresql_db:
name: "{{ dbname }}"
owner: "{{ dbuser }}"
sudo: yes
sudo_user: postgres
# This will be much easier in 1.9 with the hash() filter
- name: Create encrypted repl password
shell: echo -n {{ repl_pw }}repl | /usr/bin/openssl dgst -md5
register: replpw
changed_when: false
- name: Ensure replication user exists
postgresql_user:
name: repl
encrypted: True
role_attr_flags: "LOGIN,REPLICATION"
password: 'md5{{ replpw.stdout | regex_replace(".+?\s","") }}'
- name: Ensure replication user can access from standby
lineinfile:
dest: "{{ dbpath }}/pg_hba.conf"
regexp: ^host.+replication.+hostvars[item]['ansible_default_ipv4']['address']
line: "host replication repl {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5"
state: present
with_items: "{{ groups['secondary'] | default([]) }}"
notify: restartdb
# replication tuning stuff
# http://www.olegdulin.com/2015/01/configuring-master-slave-replication-with-postgresql-93.html
- name: Set max_wal_senders
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^max_wal_senders
line: "max_wal_senders = 5"
state: present
notify: restartdb
# 16MB each
- name: Set wal_keep_segments
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^wal_keep_segments
line: "wal_keep_segments = 100"
state: present
notify: restartdb
handlers:
- name: restartdb
service:
name: postgresql-9.4
state: restarted
sudo: yes
sudo_user: root
- hosts: secondary
sudo: yes
sudo_user: postgres
vars:
dbpath: /var/lib/pgsql/9.4/data
tasks:
- name: (SSSSSH)
copy:
dest: "{{ ansible_env.HOME }}/.pgpass"
content: "{{ hostvars[groups['primary'][0]]['ansible_default_ipv4']['address'] }}:5432:replication:repl:{{ repl_pw }}"
mode: 0600
no_log: true
- name: Copy init DBs from master
command: pg_basebackup -h {{ hostvars[groups['primary'][0]]['ansible_default_ipv4']['address'] }} -D {{ dbpath }} -U repl -X stream
args:
creates: "{{ dbpath }}/PG_VERSION"
- name: Ensure pgsql is listening on IP
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^listen_addresses
line: "listen_addresses = '{{ ansible_default_ipv4.address }}'"
state: present
- name: Ensure pgsql service is started
service:
name: postgresql-9.4
state: started
enabled: true
sudo: yes
sudo_user: root
- name: Ensure pgsql is hot standby
lineinfile:
dest: "{{ dbpath }}/postgresql.conf"
regexp: ^hot_standby
line: "hot_standby = on"
state: present
notify: restartdb
- name: Ensure streaming mode is set
lineinfile:
dest: "{{ dbpath }}/recovery.conf"
create: yes
state: present
regexp: ^standby_mode
line: "standby_mode = 'on'"
mode: 0600
notify: restartdb
- name: Ensure streaming conninfo present
lineinfile:
dest: "{{ dbpath }}/recovery.conf"
create: yes
state: present
regexp: ^primary_conninfo
line: "primary_conninfo = 'host={{ hostvars[groups['primary'][0]]['ansible_default_ipv4']['address'] }} port=5432 user=repl password={{ repl_pw }}'"
mode: 0600
notify: restartdb
handlers:
- name: restartdb
service:
name: postgresql-9.4
state: restarted
sudo: yes
sudo_user: root
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment