...
 
Commits (14)
inventory_*
alfbm.retry
downloads/*.bz2
downloads/*.jar
downloads/artifacts/bm-server/*.war
downloads/artifacts/load-driver/*.war
downloads/packages/rpms/*.rpm
......@@ -14,10 +14,16 @@ The playbook has been written and tested with Ansible 2.4. If using Ansible <2.4
Just grab the python file (should be named `xml`) from the github repo and add it to a `library` folder at the root of the playbook.
Not all Linux distributions work. Only the one bellow have been tested:
- Ubuntu 16.04
- Ubuntu 14.04
- Centos 7
- Debian 8
### Architectural requirement
- ***This playbook doesn't deploy SSH keys so please make sure you're using it on nodes that already have the needed SSH keys.***
- ***At the moment the target hosts need to have direct acces to internet as we are using public repos.***
- ***Having internet access on target hosts is the prefered way on deploying.*** Experimental support for target without internet access has been added for RPM based hosts. Read about "restrictedNet" option for details.
- All names used in the inventory file need to be fully qualified DNS names resolvable by all hosts.
## How to use:
......@@ -26,6 +32,8 @@ Edit the _inventory_ file and add your (FQDN) hostnames to the appropriate secti
Make sure you set the right Alfresco version in the group_vars/all file (alfversion: 5.2., 5.1.x, 5.0.x).
###Running the playbook
To start using the playbook simply start it with:
```
......@@ -40,6 +48,35 @@ $ ansible-playbook -i inventory alfbm.yml -b -K
If some options need to be changed (e.g. java or tomcat version, etc...), edit the group_vars/all file or the host_vars/<HOSTNAME> if the variable is host specific.
###Restricted Networks
Often administrators prefer to prevent servers from accessing internet completely... No proxy, no nothing!
If target hosts use a proxy to access internet, you don't need that option. Just configure your proxy properly on your targets and run the playbook normally.
For without internet access it is needed to download required softwares on the ansible host and copy them over to the target for installation. This is done by setting the option bellow in group_vars/all:
`restrictedNetwork: True`
> this has not been very well tested and has some known limitations:
> - Base packages like bzip, tomcat and java MUST be available through a local repository, only packages and software a base repo doesn't provide are downloaded locally and pushed to targets.
> - doesn't deploy the VNC so if you need it please install manually.
> - doesn't work for Debian-like systems
If your environnement has even more paranoid restictions and the host you're deploying from cannot access internet the following should do the trick:
1 - On a host which can access internet get Ansible installed and the playbook with (Require to set `restrictedNetwork: True`):
```
$ ansible-playbook -i inventory alfbm.yml -t local_download
```
Then copy the playbook directory to the machine which has access to target hosts and run the playbook again (still with `restrictedNetwork: True` set).
```
$ ansible-playbook -i inventory alfbm.yml
```
###VNC server
If you need to check what selenium is doing with the browser, you need to:
- Spawn a VNC server on the load driver where you need to see what's hapenning:
......@@ -52,7 +89,8 @@ $ x11vnc -display :99 -rfbport 5900
## TODO
* Make it possible to download software from the Ansible machine instead of target machine (in case target cannot access internet).
* Make it possible to download software from the Ansible machine instead of target machine even on deb based systems.
* Allow Oracle JDK usage
* automate VNC server attachment to the virtual X server to be able to see what selenium actually doing headless
* support even more paranoid env where hosts which can access targets can't access internet either. Something like a tag in the existing playbook (sounds difficult) or a dedicated playbook/inventory
---
- include: yml/all.yml
- include: yml/mongodb.yml
- include: yml/bm-server.yml
- include: yml/load-driver.yml
- include: yml/selenium-grid.yml
- import_playbook: yml/all.yml
- import_playbook: yml/mongodb.yml
- import_playbook: yml/bm-server.yml
- import_playbook: yml/load-driver.yml
- import_playbook: yml/selenium-grid.yml
......@@ -22,6 +22,9 @@ alfversion: 5.2.x
# Specify a host to endorse the role of a Selenium Hub. defaults to the first bm-server (there should be only one)
#selenium_hub_port: 4444
# If the target hosts do not have internet access please set to True (EXPERIMENTAL)
#restrictedNetwork: False
# DO NOT EDIT FURTHER.
# Thereafter we only set defaults
......@@ -42,3 +45,4 @@ xserver_res: 1280x1024x24
# Only use even version numbers as odd numbers are considered unstable. Also use full version numbers
mongodb_version: "{{ mongodb_ver | default('3.2.17') }}"
restrictedNet: "{{ restrictedNetwork | default(False) }}"
ansible_user: toto
ansible_become: true
ansible_become_method: su
......@@ -12,8 +12,21 @@
group_id: "{{ item.value.group }}"
artifact_id: "{{ item.value.id }}"
extension: war
dest: "{{ catalina_home }}/webapps/{{ item.value.id }}.war"
dest: "{% if restrictedNet == True %}{{ playbook_dir }}/../downloads/artifacts/{{ role_name }}/{{ item.value.id }}.war{% else %}{{ catalina_home }}/webapps/{{ item.value.id }}.war{% endif %}"
#Removed as it's not mandatory and doesn't play well with local delegation
#owner: "{{ tomcat_user }}"
#group: "{{ tomcat_group }}"
with_dict: "{{ artifacts }}"
delegate_to: "{% if restrictedNet == True %}127.0.0.1{% endif %}"
tags:
- local_download
- name: Copy artifacts over to target
copy:
src: "{{ playbook_dir }}/../downloads/artifacts/{{ role_name }}/"
dest: "{{ catalina_home }}/webapps/"
force: no
owner: "{{ tomcat_user }}"
group: "{{ tomcat_group }}"
with_dict: "{{ artifacts }}"
when: restrictedNet == True
......@@ -12,6 +12,6 @@
when: ansible_os_family == 'RedHat'
- name: Apply SELinux deactivation right now
command: setenforce 0
command: /usr/sbin/setenforce 0
when: ansible_os_family == 'RedHat'
---
- include: dist.yml
- include: packages.yml
- include: config.yml
- import_tasks: dist.yml
- import_tasks: packages.yml
- import_tasks: config.yml
---
- name: Setup required repositories (Debian-like systems)
apt_repository: repo="{{ item }}" filename=alfbm
when: ansible_pkg_mgr == "apt" and repo_list is defined
when: ansible_pkg_mgr == "apt" and repo_list is defined and restrictedNet != True
with_items: "{{ repo_list }}"
- name: Install common packages (RedHat like systems)
......
repo_list:
- ppa:openjdk-r/ppa
warn_old: True
common_pkg:
- python3-lxml
- bzip2
......
......@@ -22,8 +22,20 @@
group_id: "{{ item.value.group }}"
artifact_id: "{{ item.value.id }}"
extension: war
dest: "{{ catalina_home }}/webapps/{{ item.value.id }}.war"
owner: "{{ tomcat_user }}"
group: "{{ tomcat_group }}"
dest: "{% if restrictedNet == True %}{{ playbook_dir }}/../downloads/artifacts/{{ role_name }}/{{ item.value.id }}.war{% else %}{{ catalina_home }}/webapps/{{ item.value.id }}.war{% endif %}"
#Removed as it's not mandatory and doesn't play well with local delegation
#owner: "{{ tomcat_user }}"
#group: "{{ tomcat_group }}"
with_dict: "{{ artifacts }}"
delegate_to: "{% if restrictedNet == True %}127.0.0.1{% endif %}"
tags:
- local_download
- name: Copy artifacts over to target
copy:
src: "{{ playbook_dir }}/../downloads/artifacts/{{ role_name }}/"
dest: "{{ catalina_home }}/webapps/"
force: no
owner: "{{ tomcat_user }}"
group: "{{ tomcat_group }}"
when: restrictedNet == True
......@@ -4,6 +4,8 @@
with_first_found:
- "{{ ansible_os_family|lower }}.yml"
ignore_errors: true
tags:
- local_download
- name: Load distribution vars
include_vars: "{{ item }}"
......
---
- include: dist.yml
- include: packages.yml
- include: config.yml
- import_tasks: dist.yml
- import_tasks: packages.yml
- import_tasks: config.yml
......@@ -7,21 +7,55 @@
- 0C49F3730359A14518585931BC711F9BA15703C6
- EA312927
- 7F0CEB10
when: ansible_pkg_mgr == 'apt'
when: ansible_pkg_mgr == 'apt' and restrictedNet != True
- name: Download packages locally
local_action:
module: get_url
url: "{{ mongo_pkg_url_prefix }}{{ item }}{{ mongo_pkg_url_suffix }}"
dest: "{{ playbook_dir }}/../downloads/packages/rpms/{{ item }}{{ mongo_pkg_url_suffix }}"
when: restrictedNet == True
with_items:
- mongodb-org
- mongodb-org-mongos
- mongodb-org-server
- mongodb-org-shell
- mongodb-org-tools
tags:
- local_download
- name: Copy packages over to target
copy:
src: "{{ playbook_dir }}/../downloads/packages/rpms/"
dest: "/opt/alfbs-packages"
force: no
when: restrictedNet == True
- name: Install createrepo
yum:
name: createrepo
when: ansible_pkg_mgr == 'yum' and restrictedNet == True
- name: Create Local Repository
command: createrepo ./
args:
chdir: "/opt/alfbs-packages"
creates: "/opt/alfbs-packages/repodata/"
when: ansible_pkg_mgr == 'yum' and restrictedNet == True
- name: Set up MongoDB reposirtory (RedHat-like)
yum_repository:
name: mongodb-org
description: MongoDB Community repository
baseurl: "{{ mongo_repo_url }}"
gpgcheck: yes
baseurl: "{% if restrictedNet != True %}{{ mongo_repo_url }}{% else %}file:///opt/alfbs-packages{% endif %}"
gpgcheck: "{% if restrictedNet != True %}yes{% else %}no{% endif %}"
gpgkey: "{{ mongo_repo_key }}"
when: ansible_pkg_mgr == 'yum'
- name: Set up MongoDB reposirtory (Debian-like)
apt_repository:
repo: "{{ mongo_repo_url }}"
when: ansible_pkg_mgr == 'apt'
when: ansible_pkg_mgr == 'apt'
- name: Install MongoDB (RedHat-like)
yum:
......
mongo_repo_url: https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/"{{ mongodb_version[:3] }}"/"{{ ansible_architecture }}"/
mongo_repo_url: "https://repo.mongodb.org/yum/redhat/{{ ansible_distribution_major_version }}/mongodb-org/{{ mongodb_version[:3] }}/{{ ansible_architecture }}"
mongo_pkg_url_prefix: "{% if ansible_pkg_mgr == 'yum' %}{{ mongo_repo_url }}/RPMS/{% endif %}"
mongo_pkg_url_suffix: "{% if ansible_pkg_mgr == 'yum' %}-{{ mongodb_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm{% endif %}"
mongo_repo_key: https://www.mongodb.org/static/pgp/server-"{{ mongodb_version[:3] }}".asc
---
- include: dist.yml
- include: packages.yml
- include: selenium.yml
- import_tasks: dist.yml
- import_tasks: packages.yml
- import_tasks: selenium.yml
......@@ -12,21 +12,44 @@
yum:
name: "{{ item }}"
with_items:
- epel-release
- xorg-x11-server-Xvfb
- gtk2
when: ansible_pkg_mgr == "yum" and inventory_hostname in groups['load-driver']
- name: Add EPEL repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
when: restrictedNet != True
- name: Install extra convenient packages
yum:
name: x11vnc
disable_gpg_check: yes
when: ansible_pkg_mgr == "yum" and inventory_hostname in groups['load-driver']
when: restrictedNet != True
- name: Firefox local download
local_action:
module: get_url
url: "https://ftp.mozilla.org/pub/firefox/releases/44.0/linux-x86_64/en-GB/firefox-44.0.tar.bz2"
dest: "{{ playbook_dir }}/../downloads/"
when: restrictedNet == True
tags:
- local_download
- name: Copy Firefox archive over to target
copy:
src: "{{ playbook_dir }}/../downloads/firefox-44.0.tar.bz2"
dest: "/tmp"
force: no
when: restrictedNet == True
- name: Firefox installation
unarchive:
src: https://ftp.mozilla.org/pub/firefox/releases/44.0/linux-x86_64/en-GB/firefox-44.0.tar.bz2
dest: /opt/
src: "{% if restrictedNet == True %}/tmp/firefox-44.0.tar.bz2{% else %}https://ftp.mozilla.org/pub/firefox/releases/44.0/linux-x86_64/en-GB/firefox-44.0.tar.bz2{% endif %}"
dest: "/opt/"
remote_src: yes
creates: "{{ ff_install_path }}/firefox"
when: inventory_hostname in groups['load-driver']
......
......@@ -7,11 +7,28 @@
home: /usr/local/share/selenium
comment: "Selenium Browser autamation user"
- name: Selenium local download
local_action:
module: get_url
url: "{{ selenium_url }}"
dest: "{{ playbook_dir }}/../downloads/"
when: restrictedNet == True
tags:
- local_download
- name: Copy artifacts over to target
copy:
src: "{{ playbook_dir }}/../downloads/selenium-server-standalone-{{ selenium_version }}.jar"
dest: "/usr/local/share/selenium/"
force: no
when: restrictedNet == True
- name: Get Selenium server
get_url:
url: "{{ selenium_url }}"
dest: "/usr/local/share/selenium/selenium-server-standalone-{{ selenium_version }}.jar"
mode: 0644
when: restrictedNet != True
- name: Add Selenium Hub init script
template:
......
......@@ -4,6 +4,8 @@
with_first_found:
- "{{ ansible_os_family|lower }}.yml"
ignore_errors: true
tags:
- local_download
- name: Load distribution vars
include_vars: "{{ item }}"
......
---
- include: dist.yml
- include: packages.yml
- include: config.yml
- import_tasks: dist.yml
- import_tasks: packages.yml
- import_tasks: config.yml
---
- name: Install common packages (RedHat like systems)
- name: Install Tomcat packages (RedHat like systems)
yum: pkg={{ item }}
when: ansible_pkg_mgr == "yum"
with_items: "{{ servlet_pkg }}"
- name: Install common packages (Debian like systems)
- name: Install Tomcat packages (Debian like systems)
apt: name={{ item }}
when: ansible_pkg_mgr == "apt"
with_items: "{{ servlet_pkg }}"
......