diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index f833928..27186ae 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,5 +1,13 @@ ansible_python_interpreter: /usr/bin/python3.6 +nginx_worker_processes: auto +nginx_error_log: /var/log/nginx/error.log +nginx_error_log_level: warn +nginx_worker_connections: 1024 +nginx_access_log: /var/log/nginx/access.log main +nginx_keepalive_timeout: 65 +nginx_types_hash_max_size: 2048 + siteA: site_title: "SiteA - Добро пожаловать" site_h1: "Добро пожаловать на SiteA" diff --git a/ansible/roles/firewall/handlers/main.yml b/ansible/roles/firewall/handlers/main.yml new file mode 100644 index 0000000..7f6245d --- /dev/null +++ b/ansible/roles/firewall/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart firewalld + systemd: + name: firewalld + state: restarted diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index dffa1c6..22787b0 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -2,12 +2,16 @@ zypper: name: firewalld state: present + notify: + - Restart firewalld - name: Ensure firewalld is enabled and started systemd: name: firewalld enabled: yes state: started + notify: + - Restart firewalld - name: Open specified firewall ports firewalld: @@ -15,4 +19,6 @@ permanent: yes state: enabled immediate: yes - loop: "{{ firewall_ports }}" \ No newline at end of file + loop: "{{ firewall_ports }}" + notify: + - Restart firewalld \ No newline at end of file diff --git a/ansible/roles/nginx_proxy/handlers/main.yml b/ansible/roles/nginx_proxy/handlers/main.yml new file mode 100644 index 0000000..2e1d9c4 --- /dev/null +++ b/ansible/roles/nginx_proxy/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart Nginx + systemd: + name: nginx + state: restarted diff --git a/ansible/roles/nginx_proxy/tasks/main.yml b/ansible/roles/nginx_proxy/tasks/main.yml index c26c9f9..6f96ef9 100644 --- a/ansible/roles/nginx_proxy/tasks/main.yml +++ b/ansible/roles/nginx_proxy/tasks/main.yml @@ -2,12 +2,16 @@ zypper: name: nginx state: present + notify: + - Restart Nginx - name: Ensure Nginx is enabled and started systemd: name: nginx enabled: yes state: started + notify: + - Restart Nginx - name: Create directory for error pages file: @@ -16,19 +20,28 @@ owner: nginx group: nginx mode: '0755' + notify: + - Restart Nginx - name: Deploy custom error page template: src: site_down.html.j2 dest: /var/www/errors/site_down.html mode: '0644' + notify: + - Restart Nginx - name: Deploy Proxy Configuration template: src: proxy.conf.j2 dest: /etc/nginx/conf.d/proxy.conf + notify: + - Restart Nginx -- name: Reload Nginx - systemd: - name: nginx - state: reloaded \ No newline at end of file +- name: Deploy Main Nginx Configuration + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + mode: '0644' + notify: + - Restart Nginx \ No newline at end of file diff --git a/ansible/roles/nginx_proxy/templates/nginx.conf.j2 b/ansible/roles/nginx_proxy/templates/nginx.conf.j2 new file mode 100644 index 0000000..2894461 --- /dev/null +++ b/ansible/roles/nginx_proxy/templates/nginx.conf.j2 @@ -0,0 +1,27 @@ +user nginx; +worker_processes {{ nginx_worker_processes }}; +error_log {{ nginx_error_log }} {{ nginx_error_log_level }}; +pid /var/run/nginx.pid; + +events { + worker_connections {{ nginx_worker_connections }}; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log {{ nginx_access_log }} main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout {{ nginx_keepalive_timeout }}; + types_hash_max_size {{ nginx_types_hash_max_size }}; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/ansible/roles/nginx_site/handlers/main.yml b/ansible/roles/nginx_site/handlers/main.yml new file mode 100644 index 0000000..b2f2476 --- /dev/null +++ b/ansible/roles/nginx_site/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart Nginx + systemd: + name: nginx + state: restarted \ No newline at end of file diff --git a/ansible/roles/nginx_site/tasks/main.yml b/ansible/roles/nginx_site/tasks/main.yml index 7d60153..161c95a 100644 --- a/ansible/roles/nginx_site/tasks/main.yml +++ b/ansible/roles/nginx_site/tasks/main.yml @@ -2,12 +2,16 @@ zypper: name: nginx state: present + notify: + - Restart Nginx - name: Ensure Nginx is enabled and started systemd: name: nginx enabled: yes state: started + notify: + - Restart Nginx - name: Create web root for SiteA file: @@ -17,6 +21,8 @@ group: nginx mode: '0755' when: "'SiteA' in group_names" + notify: + - Restart Nginx - name: Create web root for SiteB file: @@ -26,18 +32,24 @@ group: nginx mode: '0755' when: "'SiteB' in group_names" + notify: + - Restart Nginx - name: Deploy SiteA Configuration template: src: siteA.conf.j2 dest: /etc/nginx/conf.d/siteA.conf when: "'SiteA' in group_names" + notify: + - Restart Nginx - name: Deploy SiteB Configuration template: src: siteB.conf.j2 dest: /etc/nginx/conf.d/siteB.conf when: "'SiteB' in group_names" + notify: + - Restart Nginx - name: Deploy SiteA HTML template: @@ -49,6 +61,8 @@ site_h2: "{{ siteA.site_h2 }}" site_p: "{{ siteA.site_p }}" when: "'SiteA' in group_names" + notify: + - Restart Nginx - name: Deploy SiteB HTML template: @@ -60,8 +74,13 @@ site_h2: "{{ siteB.site_h2 }}" site_p: "{{ siteB.site_p }}" when: "'SiteB' in group_names" + notify: + - Restart Nginx -- name: Reload Nginx - systemd: - name: nginx - state: reloaded \ No newline at end of file +- name: Deploy Main Nginx Configuration + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + mode: '0644' + notify: + - Restart Nginx \ No newline at end of file diff --git a/ansible/roles/nginx_site/templates/nginx.conf.j2 b/ansible/roles/nginx_site/templates/nginx.conf.j2 new file mode 100644 index 0000000..2894461 --- /dev/null +++ b/ansible/roles/nginx_site/templates/nginx.conf.j2 @@ -0,0 +1,27 @@ +user nginx; +worker_processes {{ nginx_worker_processes }}; +error_log {{ nginx_error_log }} {{ nginx_error_log_level }}; +pid /var/run/nginx.pid; + +events { + worker_connections {{ nginx_worker_connections }}; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log {{ nginx_access_log }} main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout {{ nginx_keepalive_timeout }}; + types_hash_max_size {{ nginx_types_hash_max_size }}; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file