v3

roles/demolamp/defaults/main.yml

@@ -0,0 +1,159 @@
+---
+# defaults vars for redisha
+# All vars could be overrided by declaration in each envoirnment file
+#   for example : vars/env_{{ ansENV }}.yml
+
+# ******* DO NOT CHANGE THIS FILE AS IT IS DEFAULT SETTINGS *******
+
+############################# General ##############################
+
+# Temporary directory for file deployment to the target nodes.
+pathTemp: "/tmp/ansible-deployment"
+
+# Gather facts fliter (for faster)
+# Only use needed facts
+gfacts_filter:
+  - "!all"
+  - distribution
+  - distribution_major_version
+  - distribution_release
+  - distribution_version
+  - os_family
+  - pkg_mgr
+  - python
+  - python_version
+
+######################### Build Settings ###########################
+
+# The type of repository for push the docker image
+#   true: It will create a private registry service to the swarm and 
+#         push docker images onto it.
+#   false: Use a docker repository
+localRegistry: false
+
+# The information of push the docker image.
+imagePushDomain: "pvgharbor.duckdns.org"
+registryUser: "ansible"
+registryPass: "P@ssw0rd"
+
+####################### Deployment Settings ########################
+
+# The repository for pull the docker image
+imagePullDomain: "pvgharbor.duckdns.org"
+
+# The configuration
+redis:
+  imageName: "{{ imagePullDomain }}/demolamp/demolamp"
+  pushRepoName: "{{ imagePushDomain }}/demolamp/demolamp"
+  dockerFile: "Dockerfile_demolamp.yml"
+
+# Update the docker-compose file (var=fileCompose) every execution.
+#   true: Ansible will use template module to transfer the file.
+#   false: If docker-compose file exists in the node and chosen "false",
+#          Ansible will not update and template it.
+updateComposeTpl: true
+
+# The directory which store the docker-compose file (only in the first node).
+pathCompose: "/opt/demolamp"
+
+# The file which use by Ansible template module, replace all placeholders by 
+# all ansible variables.
+#   for example: files/{{ansTagVer}}/redis_stack.tpl
+templateCompose: "demolamp.tpl"
+
+# After Ansible template module replaced all placeholders in above, it will
+# rename the docker-compose file name by below variables in the target node.
+fileCompose: "demolamp.yml"
+
+# The stack name use for startup the stack
+stackName: demolamp
+
+######################## Redis-HA Settings #########################
+
+# ACL feature of the Redis-HA
+#   true: enable the feature, require to connect with username-password pair.
+#         REMARKS: you must also update acl files under vars/{{ansENV}}/ per envoirnment.
+#   false: disable by default, retain the authentication method as same as Redis v5.x
+enableACL: false
+
+# Store Redis data to docker local volume.
+#   true: Presist the data to docker local volume
+#   false: Data will be lost every start or stop
+storeRedisData: false
+
+# The publish port for Redis, Replica and Sentinel.
+publish_redisPort: 6379
+publish_sentinelPort: 26379
+
+# The admin credential for Redis and Replica.
+#   Default is "redis4{{ ansENV }}" means "redis4hkdev" for example of HKDEV
+redisAdminUser: "admin"
+redisAdminPass: "redis4{{ ansENV }}"
+
+# The admin credential for Sentinel
+#   Default is "sentinel4{{ ansENV }}" means sentinel4hkdev" for example of HKDEV
+sentinelAdminUser: "admin"
+sentinelAdminPass: "sentinel4{{ ansENV }}"
+
+# This setting equal to Sentinel configuration:
+#   sentinel down-after-milliseconds <master-name> <milliseconds>
+sentinelDownAfter: 5000
+#   sentinel failover-timeout <master-name> <milliseconds>
+sentinelFailover: 15000
+#   sentinel parallel-syncs <master-name> <numreplicas>
+sentinelParallelSync: 1
+#   SENTINEL resolve-hostnames no
+#   SENTINEL announce-hostnames no
+sentinelResolveHostame: "no"
+sentinelAnnounceHostame: "no"
+
+# This setting equal to Sentinel configuration:
+#   sentinel monitor <master-name> <ip> <redis-port> <quorum>
+sentinelMasterName: "mymaster"
+sentinelQuorum: 2
+
+# To limit the memory usage of Redis and Replica.
+redisha_memLimit: "1GB"
+
+# Redis and Sentinel ACL file name
+#   Note: Must match and place correctly under vars/{{ansENV}}/
+filename_redisACL: "redis_users.acl"
+filename_sentinelACL: "sentinel_users.acl"
+
+# Redis-HA nodes setup
+#   Note 1) Must declare in envoirnment variables file.
+#           For example: vars/hkdev/env_hkdev.yml
+#   Note 2) The hostname must match to "docker node ls".
+#   Note 3) Must one master and at least two replicas.
+#             isMaster: true
+#             isReplica: false
+#   
+# ~~~Template~~~
+#       redisha_nodes:
+#         - hostname: "swarm-worker-01"
+#           ipaddr: "192.168.1.10"
+#           isMaster: true
+#           isReplica: false
+#         - hostname: "swarm-worker-02"
+#           ipaddr: "192.168.1.11"
+#           isMaster: false
+#           isReplica: true
+#         - hostname: "swarm-worker-N"
+#           ipaddr: "192.168.1.N"
+#           isMaster: false
+#           isReplica: true
+#
+# ~~~Example~~~
+#       redisha_nodes:
+#         - hostname: "swarm-worker-01"
+#           ipaddr: "192.168.1.10"
+#           isMaster: true
+#           isReplica: false
+#         - hostname: "swarm-worker-02"
+#           ipaddr: "192.168.1.11"
+#           isMaster: false
+#           isReplica: true
+#         - hostname: "swarm-worker-03"
+#           ipaddr: "192.168.1.13"
+#           isMaster: false
+#           isReplica: true

roles/demolamp/tasks/build.yml

@@ -0,0 +1,53 @@
+---
+# Maintainer: Jacky
+
+# Build docker image -------------------------------------------------------------
+# -- Target: The first node only.
+# -- Objective: Build a docker image for Redis-HA.
+
+- block:
+  - name: create build dir if not exists
+    file:
+      path: "{{ build_root_abspath }}"
+      state: directory
+      owner: root
+      group: root
+      mode: '0755'
+
+  - name: git clone
+    git:
+      repo: "https://pvggitea.duckdns.org/GiteaTeam/demolamp.git"
+      dest: "{{ build_root_abspath }}"
+      remote: "origin"
+      version: "main"
+    
+  - name: Remove the docker image for demolamp if exists
+    community.docker.docker_image:
+      name: "demolamp"
+      tag: "{{ demobackend_version }}"
+      state: absent
+ 
+  - name: Docker login to ECV private repository if not pull from local registry
+    community.docker.docker_login:
+      registry: "{{ imagePushDomain }}"
+      username: "{{ registryUser }}"
+      password: "{{ registryPass }}"
+      state: present
+    when: not localRegistry | bool
+
+  - name: Build demolamp image
+    community.docker.docker_image:
+      name: demolamp
+      source: build
+      tag: "{{ demobackend_version }}"
+      build:
+        path: "{{ build_root_abspath }}"
+        pull: false
+      push: yes
+      repository: "{{ demolamp.pushRepoName }}:{{ ansTagVer }}"
+      force_tag: yes
+      timeout: 300
+      state: present
+      
+  delegate_to: "{{ deploy_nodes.split(',') | first }}"
+  run_once: true

roles/demolamp/tasks/deploy.yml

@@ -0,0 +1,17 @@
+---
+# Maintainer: Jacky
+
+# Deploy stage -------------------------------------------------------------
+# -- Target: The first node only.
+# -- Objective: Stack startup.
+
+- block:
+  - name: run docker
+    community.docker.docker_container:
+      name: demolamp
+      state: started
+      recreate: yes
+      image: "demolamp:{{ demobackend_version }}"
+      ports:
+        - "80:80"
+

roles/demolamp/tasks/main.yml

@@ -1,49 +1,25 @@
 ---
-- name: show remote host
+# Main tasks file for Redis-HA
-  debug:
-    msg: "the remote server is {{ ansible_host }}"
-- name: create build dir if not exists
-  file:
-    path: "{{ build_root_abspath }}"
-    state: directory
-- name: git clone
-  git:
-    repo: "https://pvggitea.duckdns.org/GiteaTeam/demolamp.git"
-    dest: "{{ build_root_abspath }}"
-    remote: "origin"
-    version: "main"
 
-- name: Stop a container
+- name: Gather facts
-  community.docker.docker_container:
+  ansible.builtin.setup:
-    name: demolamp
+    gather_subset: "{{ gfacts_filter }}"
-    state: stopped
 
-- name: Remove container
+- name: Include precheck task 
-  community.docker.docker_container:
+  ansible.builtin.include_tasks: precheck.yml
-    name: demolamp
-    state: absent
   
-- name: Remove the docker image for demolamp if exists
+- name: Include environment variables
-  community.docker.docker_image:
+  ansible.builtin.include_vars: "{{ ansENV }}/env_{{ ansENV }}.yml"
-   name: "demolamp"
-   tag: "{{ demobackend_version }}"
-   state: absent
   
-- name: Build demolamp image
+- name: Include build task if option is "build"
-  community.docker.docker_image:
+  ansible.builtin.include_tasks: build.yml
-   name: demolamp
+  when: ansAction == "build"
-   source: build
-   build:
-      path: "{{ build_root_abspath }}"
-      pull: false
-   tag: "{{ demobackend_version }}"
   
+- name: Include undeploy task if option is "undeploy"
+  ansible.builtin.include_tasks: undeploy.yml
+  when: ansAction == "undeploy"
+  
+- name: Include deploy task if option is "deploy"
+  ansible.builtin.include_tasks: deploy.yml
+  when: ansAction == "deploy"
   
-- name: run docker
-  community.docker.docker_container:
-    name: demolamp
-    state: started
-    recreate: yes
-    image: "demolamp:{{ demobackend_version }}"
-    ports:
-      - "80:80"

roles/demolamp/tasks/main2.yml

@@ -0,0 +1,49 @@
+---
+- name: show remote host
+  debug:
+    msg: "the remote server is {{ ansible_host }}"
+- name: create build dir if not exists
+  file:
+    path: "{{ build_root_abspath }}"
+    state: directory
+- name: git clone
+  git:
+    repo: "https://pvggitea.duckdns.org/GiteaTeam/demolamp.git"
+    dest: "{{ build_root_abspath }}"
+    remote: "origin"
+    version: "main"
+
+- name: Stop a container
+  community.docker.docker_container:
+    name: demolamp
+    state: stopped
+
+- name: Remove container
+  community.docker.docker_container:
+    name: demolamp
+    state: absent
+
+- name: Remove the docker image for demolamp if exists
+  community.docker.docker_image:
+   name: "demolamp"
+   tag: "{{ demobackend_version }}"
+   state: absent
+
+- name: Build demolamp image
+  community.docker.docker_image:
+   name: demolamp
+   source: build
+   build:
+      path: "{{ build_root_abspath }}"
+      pull: false
+   tag: "{{ demobackend_version }}"
+
+
+- name: run docker
+  community.docker.docker_container:
+    name: demolamp
+    state: started
+    recreate: yes
+    image: "demolamp:{{ demobackend_version }}"
+    ports:
+      - "80:80"

roles/demolamp/tasks/precheck.yml

@@ -0,0 +1,36 @@
+---
+# tasks file for Redis-HA (Prechecking inputs and packages for all nodes)
+
+- name: Check inputs
+  ansible.builtin.fail: msg="Missing ansTagVer, ansAction or ansENV."
+  when: ansTagVer is undefined or ansAction is undefined or ansENV is undefined
+  
+- name: Check and intall Python 3
+  ansible.builtin.yum:
+    name: python3
+    state: present
+  when: ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky'
+  register: py3_result
+  
+- name: Set python_interpreter to 3 if Python 3 installed
+  ansible.builtin.set_fact:
+    ansible_python_interpreter: /usr/bin/python3
+  when: py3_result.rc == 0
+  
+- name: Check and install Python's SDK
+  ansible.builtin.pip:
+    name:
+      - docker==5.0.3
+      - jsondiff==1.3.0
+      - pyyaml==6.0
+      - docker-compose==1.29.2
+    executable: pip3
+  when: py3_result.rc == 0
+  
+- name: Set Kernel parameter - vm.overcommit_memory to 1
+  ansible.posix.sysctl:
+    name: vm.overcommit_memory
+    value: '1'
+    sysctl_set: yes
+    state: present
+    reload: yes

roles/demolamp/tasks/undeploy.yml

@@ -0,0 +1,12 @@
+---
+
+- block:
+  - name: Stop a container
+    community.docker.docker_container:
+      name: demolamp
+      state: stopped
+
+  - name: Remove container
+    community.docker.docker_container:
+      name: demolamp
+      state: absent

roles/demolamp/vars/hkdev/env_hkdev.yml

@@ -0,0 +1,20 @@
+---
+# vars file for ENV - HKDEV
+
+enableACL: true
+sentinelMasterName: "mymaster_hkdev"
+redisha_memLimit: "2GB"
+
+redisha_nodes:
+  - hostname: "hkof1devrds01.ecvision.com"
+    ipaddr: "10.75.42.25"
+    isMaster: true
+    isReplica: false
+  - hostname: "hkof1devrds02.ecvision.com"
+    ipaddr: "10.75.42.26"
+    isMaster: false
+    isReplica: true
+  - hostname: "hkof1devrds03.ecvision.com"
+    ipaddr: "10.75.42.27"
+    isMaster: false
+    isReplica: true

roles/demolamp/vars/hkdev/redis_users.acl

@@ -0,0 +1,2 @@
+user default on >{{ redisAdminPass }} ~* &* +@all
+user {{ redisAdminUser }} on >{{ redisAdminPass }} ~* &* +@all

roles/demolamp/vars/hkdev/sentinel_users.acl

@@ -0,0 +1,2 @@
+user default on >{{ sentinelAdminPass }} ~* &* +@all
+user {{ sentinelAdminUser }} on >{{ sentinelAdminPass }} ~* &* +@all

roles/demolamp/vars/main.yml

@@ -1 +1,2 @@
-greeting: "hello ansible-playbook"
+---
+# vars file for trunk