-
Notifications
You must be signed in to change notification settings - Fork 0
/
inventory.yml
142 lines (123 loc) · 5.52 KB
/
inventory.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
all:
hosts:
# backup_fast: FQDN needs to be added here, so that ansible can SSH into it
original.mycompany.com:
ansible_user: root
monitors.mycompany.com:
ansible_user: root
# group name used for deployments, can be used with ansible-playbook -e target=minus
minus:
hosts:
# server names must be FQDNs, will be used to bootstrap postfix configuration
minus.mycompany.com:
ansible_user: root
vars:
# server variables
deploy_user: deployer
rvm_ruby: 3.0.1
# activate the cron: jobs by default, and the cron for backups
active: yes
# used by cronjobs and logrotate
notifyemail: notifications@mycompany.com
# used by the munin/monitor/stats role
muninserver: monitors.mycompany.com
# restore db and files from this server, instead of the tarsnap/backups
# backup_fast: original.mycompany.com # way faster restores than tarsnap
# all backups have as root directory inside them the "backup" directory
backup_root: /
# each service must have its own (role) entry in the roles directory
services:
- { name: checks, os: Debian } # we love Debian, you should install it
- { name: update }
- { name: harden }
- { name: firewalld }
- { name: ntp, sync: pool.ntp.org }
- { name: passenger }
- { name: nginx }
- { name: html }
- { name: middleman }
- { name: percona, version: "5.7", password: oh..please..change..me }
# use postix's ssl: opt only when the certicate is already generated
# for instance certdebug: on will generate a dummy one for each app
# otherwise it generates its own certificate under inventory_hostname
# enforcessl: is used to generate a certificate even when usessl: no
- { name: postfix, enforcessl: yes }
- { name: tarsnap, seed: minus.mycompany.com }
- { name: rails, nodejs: 10 }
- { name: munin }
- { name: extras }
- { name: restart, enforce: false } # server reboots only when enforce:d
wwwroot: /var/www/html
logroot: /all-webapps-logs
usessl: yes
certroot: /ssl-private-certs
certemail: ssl.admin@mycompany.com
certacckey: certbot-private-key.pem
certackdir: .well-known/acme-challenge
# used to generate dummy www<i> SSL certs for testing purposes
certdebug: no
# (en)force SSL certs regeneration on every run; useful when web apps defs change
certforce: no
certusage:
- digitalSignature
- keyEncipherment
certversion: 2
certdays: 30
appshome: /all-webapps-home
temphome: /tmp/automate.magic
# rails apps, coded with (recent) Ruby on Rails, see the rails role
# name:s need to be unique, as they share the common appshome directory
#
# sites: *forces* the app to be hosted *only* via specific URLs i.e. "ab.com www.t2.com"
# name: is used (in the absence of sites:) to define *also* the domain used for hosting,
# i.e. a name: xxx.com will host the project under xxx.com *and* www.xxx.com URLs
# alias: is used (together with sites: or name:) to specify additional domains / URLs
# i.e. an alias: "t1.co t2.co" will host the app under both t?.co *and* www.t?.co URLs
#
# sync: xxx if present! extracts all files matching *xxx* from tarsnap/backup
# mysqldb-tarsnap and uploads-tarsnap tasks will use these *xxx* files!
# with backup_fast:
# mysqld restores the db as found in config/database.yml +branch:
# uploads gets appshome/{{ app.name }} uploads files from backup_fast:
#
# cron: installs the selected template as daily cronjob
# uploads: restores user uploads for the designated app
# branch: deploys the desired branch instead of master
apps:
- {
# Example 1, rails code deployed from repo:, restore db, no uploads:
name: reddrill.com,
repo: "git@bitbucket.org:aimget/reddrill.git",
sync: reddrill
}
# web apps, coded with https://middlemanapp.com/, see the middleman role
# name:s need to be unique, as they share the common appshome directory
#
# sites: *forces* the app to be hosted *only* via specific URLs i.e. "ab.com www.t2.com"
# name: is used (in the absence of sites:) to define *also* the domain used for hosting,
# i.e. a name: xxx.com will host the project under xxx.com *and* www.xxx.com URLs
# alias: is used (together with sites: or name:) to specify additional domains / URLs
# i.e. an alias: "t1.co t2.co" will host the app under both t?.co *and* www.t?.co URLs
#
# cron: not supported yet
# branch: deploys the desired branch instead of master
www:
- {
# Example 2, middleman code deployed from repo:, additional alias:
name: tacsi.fi,
repo: "git@bitbucket.org:aimget/tacsi.git",
alias: tacsi.co
}
# html sites, plain html, static, deploys only their git /html directory
# name:s need to be unique, as they share the common appshome directory
#
# sites: name: alias: behave as described above in all the other web apps
# cron: not supported yet
# branch: deploys the desired branch instead of master
html:
- {
# Example 3, plain/html site deployed from repo:, no extras
name: lunch-roulette.org,
repo: "git@bitbucket.org:aimget/roulette.git"
}