diff options
| -rw-r--r-- | elk.yml | 51 | ||||
| -rw-r--r-- | phabricator.yml | 28 | ||||
| -rw-r--r-- | roles/phabricator/defaults/main.yml | 10 | ||||
| -rw-r--r-- | roles/phabricator/handlers/main.yml | 19 | ||||
| -rw-r--r-- | roles/phabricator/tasks/config.yml | 26 | ||||
| -rw-r--r-- | roles/phabricator/tasks/main.yml | 130 | ||||
| -rw-r--r-- | roles/phabricator/templates/mysqld.cnf | 109 | ||||
| -rw-r--r-- | roles/phabricator/templates/opcache.ini | 4 | ||||
| -rw-r--r-- | roles/phabricator/templates/phabricator-settings.ini | 25 | ||||
| -rw-r--r-- | roles/phabricator/templates/phd.service | 13 |
10 files changed, 0 insertions, 415 deletions
diff --git a/elk.yml b/elk.yml deleted file mode 100644 index 0e70a35d..00000000 --- a/elk.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- hosts: elk - become: yes - vars_files: - - ["{{secrets_dir}}/group_vars/all", "vars/empty.yml" ] - - ["{{secrets_dir}}/host_vars/{{inventory_hostname}}", "vars/empty.yml"] - - "{{secrets_dir}}/group_vars/dehydrated" - - ["{{secrets_dir}}/group_vars/ses-proxy"] - - roles: - - { role: docker-odp-hook, tags: [docker, odp] } - - { role: docker-elasticsearch, tags: [docker, elk, elasticsearch] } - - { role: docker-logstash, tags: [docker, elk, logstash] } - - { role: dehydrated, tags: [ssl] } - - { role: lava-elk-deps, tags: [docker, elk, lava] } - - { role: postfix, tags: [postfix] } - - { role: docker-elastalert, tags: [docker, elastalert] } -# potential race condition for new install. This requires the -# index .kibitersystems to be setup and the monitoring-systems -# container to be running - - { role: docker-heartbeat, tags: [docker, heartbeat] } - - { role: curator, tags: [curator] } - -- hosts: prometheus - become: yes - vars_files: - - ["{{secrets_dir}}/group_vars/all", "vars/empty.yml" ] - - ["{{secrets_dir}}/host_vars/{{inventory_hostname}}", "vars/empty.yml"] - - ["{{secrets_dir}}/group_vars/ses-proxy"] - roles: - - { role: docker-prometheus, tags: [prometheus] } - -- hosts: dashboard_private - vars_files: - - ["{{secrets_dir}}/host_vars/{{inventory_hostname}}", "vars/empty.yml"] - # pull this in for access to ldap pw - - ["{{secrets_dir}}/host_vars/elk.linaro.org", "vars/empty.yml"] - become: yes - roles: - - { role: docker-kibiter, tags: [docker, elk, dashboard] } - - { role: apache-site, src: "apache/monitoring-dashboard-private.conf", config: "{{inventory_hostname}}", tags: [apache] } - - { role: elastalert-rules, tags: [elastalert] } - -- hosts: dashboard_public - become: yes - gather_facts: no - roles: - - { role: docker-kibiter, tags: [docker, elk, dashboard] } - - { role: apache-site, src: "apache/monitoring-dashboard-public.conf", config: "{{inventory_hostname}}", tags: [apache] } - - { role: elastalert-rules, tags: [elastalert] } - - { role: heartbeat-monitors, when: hb_monitors is defined, tags: [heartbeat] } diff --git a/phabricator.yml b/phabricator.yml deleted file mode 100644 index 2125b215..00000000 --- a/phabricator.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Configure phabricator on a system - hosts: phabricator - become: yes - vars_files: - - "{{secrets_dir}}/host_vars/{{inventory_hostname}}" - - "{{secrets_dir}}/group_vars/all" - - "{{secrets_dir}}/group_vars/dehydrated" - - vars/empty.yml - pre_tasks: - - name: Prepopulate the ansible_dist vars for ssh-ldap - setup: - filter: ansible_dist* - roles: - - {role: ssh-ldap, tags: [ssh-ldap]} - - {role: dehydrated, tags: [ssl]} - - {role: phabricator, tags: [phabricator]} - - {role: apache-site, src: "phabricator/apache.conf", config: "{{inventory_hostname}}", tags: [apache]} - -- name: Configure redirect for issues to developer.tfo - hosts: developer.trustedfirmware.org - vars_files: - - roles/phabricator/defaults/main.yml - - host_vars/{{inventory_hostname}} - gather_facts: no - become: yes - roles: - - {role: apache-site, src: "phabricator/issues.trustedfirmware.org-apache.conf", config: "issues.trustedfirmware.org", tags: [issues]} diff --git a/roles/phabricator/defaults/main.yml b/roles/phabricator/defaults/main.yml deleted file mode 100644 index f557fbf3..00000000 --- a/roles/phabricator/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem -ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key - -phabricator_install_dir: /srv/phabricator -phabricator_libphutil_install_dir: /srv/libphutil -phabricator_arcanist_install_dir: /srv/arcanist - -phabricator_mysql_host: localhost -phabricator_mysql_user: phabricator diff --git a/roles/phabricator/handlers/main.yml b/roles/phabricator/handlers/main.yml deleted file mode 100644 index df367282..00000000 --- a/roles/phabricator/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: configure-phabricator - include_tasks: tasks/config.yml - -#note: have to bounce the process.. a simple reload isn't sufficient to -# change the settings we've adjusted -- name: restart-mysql - systemd: - enabled: yes - name: mysql - state: restarted - -- name: systemctl-enable-phd - systemd: - daemon_reload: yes - enabled: yes - name: phd - state: started - listen: restart-mysql diff --git a/roles/phabricator/tasks/config.yml b/roles/phabricator/tasks/config.yml deleted file mode 100644 index 284ef700..00000000 --- a/roles/phabricator/tasks/config.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Set initial config options - command: "{{item}}" - args: - chdir: "{{phabricator_install_dir}}" - with_items: - - ./bin/config set phabricator.base-uri https://{{inventory_hostname}} - - ./bin/config set mysql.user {{phabricator_mysql_user}} - - ./bin/config set mysql.pass "{{phabricator_mysql_password}}" - -#note: --force is needed for noninteractive install... because php monkeys -- name: Run db init - command: ./bin/storage upgrade --force - args: - chdir: "{{phabricator_install_dir}}" - -- name: Set configuration options to suppress Setup Issues - command: "{{item}}" - args: - chdir: "{{phabricator_install_dir}}" - with_items: - - ./bin/config set cluster.mailers '[{"key":"mailer","type":"sendmail"}]' - - ./bin/config set pygments.enabled true - - ./bin/config set phabricator.timezone "UTC" - - ./bin/config set storage.local-disk.path "{{phabricator_install_dir}}/uploads" - - ./bin/config set repository.default-local-path "{{phabricator_install_dir}}/repositories" diff --git a/roles/phabricator/tasks/main.yml b/roles/phabricator/tasks/main.yml deleted file mode 100644 index 5ca6d5a0..00000000 --- a/roles/phabricator/tasks/main.yml +++ /dev/null @@ -1,130 +0,0 @@ ---- -#need this because ansible's debconf will always detect password vtypes -# as having changed -- name: Get debconf setting for mysql-server root password - command: debconf-communicate - args: - stdin: GET mysql-server/root_password - register: debconf_output - changed_when: False - ignore_errors: yes - -- name: Set debconf for mysql root password - debconf: - name: mysql-server - question: "{{item}}" - value: "{{phabricator_mysql_root_password}}" - vtype: password - with_items: - - mysql-server/root_password - - mysql-server/root_password_again - when: debconf_output.stdout is undefined or not debconf_output.stdout| match("\d+\s+%s" % phabricator_mysql_root_password ) - -# xenial only support 7.0, phab wants at least 7.1 -- name: Add PHP 7.x PPA - apt_repository: - repo: ppa:ondrej/php - state: present - update_cache: yes - -- name: Install packages - apt: pkg={{ packages }} - vars: - packages: - - git - - apache2 - - libapache2-mod-php7.4 - - php7.4-common - - php7.4 - - php-pear # pulls in pecl tool - - php7.4-curl - - php7.4-mysql - - php7.4-gd - - php7.4-ldap - - php7.4-apcu - - php7.4-mbstring - - php7.4-zip - - mysql-server - - mysql-common - - mysql-client - - python-mysqldb # required by ansible mysql modules - - python-pygments - -- name: Enable apache modules - apache2_module: - name: "{{item}}" - state: present - with_items: - - rewrite - - ssl - notify: reload-apache - -- name: git clone phabricator repo - git: - repo: https://github.com/phacility/phabricator.git - dest: "{{phabricator_install_dir}}" - notify: - - configure-phabricator - -- name: git clone libphutil repo - git: - repo: https://github.com/phacility/libphutil.git - dest: "{{phabricator_libphutil_install_dir}}" - -- name: git clone arcanist repo - git: - repo: https://github.com/phacility/arcanist.git - dest: "{{phabricator_arcanist_install_dir}}" - -- name: Create mysql `phabricator` user - mysql_user: - name: "{{phabricator_mysql_user}}" - password: "{{phabricator_mysql_password}}" - login_user: root - login_password: "{{phabricator_mysql_root_password}}" - state: present - priv: '*.*:ALL' - -- name: Create phd systemctl service file - template: - src: phd.service - dest: /lib/systemd/system/phd.service - notify: systemctl-enable-phd - - -- name: Install mysqld.conf - template: - src: mysqld.cnf - dest: /etc/mysql/mysql.conf.d/mysqld.cnf - notify: restart-mysql - -- name: Install phabricator-settings.ini - template: - src: phabricator-settings.ini - dest: /etc/php/7.4/mods-available/phabricator-settings.ini - notify: reload-apache - -- name: Manually enable phabricator-settings.ini - file: - src: /etc/php/7.4/mods-available/phabricator-settings.ini - dest: /etc/php/7.4/apache2/conf.d/90-phabricator-settings.ini - state: link - force: yes - -- name: Fix opcache default - template: - src: opcache.ini - dest: /etc/php/7.4/mods-available/opcache.ini - notify: reload-apache - -- name: Create uploads dir - file: - path: "{{phabricator_install_dir}}/uploads" - owner: www-data - group: www-data - state: directory - -- name: Create repos dir - file: - path: "{{phabricator_install_dir}}/repositories" - state: directory diff --git a/roles/phabricator/templates/mysqld.cnf b/roles/phabricator/templates/mysqld.cnf deleted file mode 100644 index 9963a681..00000000 --- a/roles/phabricator/templates/mysqld.cnf +++ /dev/null @@ -1,109 +0,0 @@ -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -user = mysql -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -skip-external-locking -sql_mode = STRICT_ALL_TABLES -local_infile = 0 -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -bind-address = 127.0.0.1 -# -# * Fine Tuning -# -key_buffer_size = 16M -max_allowed_packet = 32M -thread_stack = 192K -thread_cache_size = 8 -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover-options = BACKUP -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 -# -# Error log - should be very few entries. -# -log_error = /var/log/mysql/error.log -# -# Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 -max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! - -#Linaro note: this should be set to 40% of RAM for server -innodb_buffer_pool_size = 800M - -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem diff --git a/roles/phabricator/templates/opcache.ini b/roles/phabricator/templates/opcache.ini deleted file mode 100644 index c9a9c2ac..00000000 --- a/roles/phabricator/templates/opcache.ini +++ /dev/null @@ -1,4 +0,0 @@ -; configuration for php opcache module -; priority=10 -zend_extension=opcache.so -opcache.validate_timestamps = 0 diff --git a/roles/phabricator/templates/phabricator-settings.ini b/roles/phabricator/templates/phabricator-settings.ini deleted file mode 100644 index 1ce624ab..00000000 --- a/roles/phabricator/templates/phabricator-settings.ini +++ /dev/null @@ -1,25 +0,0 @@ -[PHP] - -; How many GET/POST/COOKIE input variables may be accepted -max_input_vars = 100000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = -1 - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 32M - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 32M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 diff --git a/roles/phabricator/templates/phd.service b/roles/phabricator/templates/phd.service deleted file mode 100644 index b4ab91d1..00000000 --- a/roles/phabricator/templates/phd.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Phabricator Daemons -After=syslog.target network.target mysql.service - -[Service] -Type=forking -User=root -WorkingDirectory={{phabricator_install_dir}} -ExecStart={{phabricator_install_dir}}/bin/phd start -ExecStop={{phabricator_install_dir}}/bin/phd stop --force - -[Install] -WantedBy=multi-user.target |