Commit 5a5e4633 authored by eric pellegrini's avatar eric pellegrini

added role for installing and configuring nginx

parent b3ee54cb
---
- hosts: cluster
remote_user: "{{ cluster_users.0.name }}"
become: True
environment: "{{ proxy_settings }}"
tasks:
- import_role:
name: roles/nginx
vars:
temp: "{{ groups['jhub_servers'] | map('extract',hostvars,['ansible_default_ipv4','address']) | list }}"
balanced_servers: "{{ temp | map('string_postfix',':'+(keycloak['port']|string)) | list }}"
nginx_server: "{{ ansible_default_ipv4.address }}"
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults file for roles/nginx
balanced_servers: []
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgIQB4kD/Y79Mp4InSSHen0QWzANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0xNjEyMDIwMDAwMDBaFw0xOTEyMTExMjAwMDBaMIGKMQswCQYDVQQG
EwJGUjEPMA0GA1UECAwGSXPDqHJlMREwDwYDVQQHEwhHcmVub2JsZTEuMCwGA1UE
ChMlSW5zdGl0dXQgTWF4IFZvbiBMYXVlIC0gUGF1bCBMYW5nZXZpbjEUMBIGA1UE
CxMLSVQgU2VydmljZXMxETAPBgNVBAMMCCouaWxsLmZyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAuY8pyE98FAwiDWfPU4IW6BqMrzn+9HS0ZvLV8JQL
pXgaN+og9HdG/hnAITwWTfzvoFccx4n5fvP1rlKJ5MvbP4d1z0MJp+HxTjsCwqNM
dE4xfrus0SyGE/HNb+6y6MZVXUud4aPd5GLjU0VGvuuo0dwifExOuT8ZfZjBz3Z1
vLX2j4bYADqgaCxu4aGW0o57/XtEwhJTcuWlClm4ARRQKv/r8Fhjog0mz8+nxPNw
LAOAidD/2hDd62zvFYAKYzn/pVjXTBeTMasyOl0X35CkBgpgxdrLOsrfn0wLeuFA
n4XPETRFubIl8ovj4/pGCKXPu2l8gTNYn0cG/DZ3iMlFxQIDAQABo4IByTCCAcUw
HwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHZ/gxp1
8hrHXLlDHtRpRknYQOlSMBsGA1UdEQQUMBKCCCouaWxsLmZyggZpbGwuZnIwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNV
HR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NM
Q0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNT
TENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYc
aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUH
AQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYI
KwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xD
QTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADBuF/jAWn2k
IcBtY+ZzyCTG1N/ad+drGxbdZhQkPXh8x/igZz7grethe4f0mlfcyYSr7/TQLY0s
PFwH2zcLsqPtP5Gvq/5abFXhh6ccwTLBI4uPdoTUJjEZruOZ4qV5wMjMW37S+2ux
POcnoltYaDUQG/WHVb9kMiSGYUtVdCbUOLOCqikEK7x8Rnj/Mezm6UxVULAk+PX+
GVqeNVVyMwOZqUhrfde4zLEZXLESLhNL/3E/HyB1sgiJy2FSKyzBj76k/cWyQfe9
4bVww7G2OZiXCttYOlgoytBOvsdFM+ZH4a9nm3DCfgKvUzIKXWxlzcR2QuXQ1BB4
BNyQ/65FtnI=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuY8pyE98FAwiDWfPU4IW6BqMrzn+9HS0ZvLV8JQLpXgaN+og
9HdG/hnAITwWTfzvoFccx4n5fvP1rlKJ5MvbP4d1z0MJp+HxTjsCwqNMdE4xfrus
0SyGE/HNb+6y6MZVXUud4aPd5GLjU0VGvuuo0dwifExOuT8ZfZjBz3Z1vLX2j4bY
ADqgaCxu4aGW0o57/XtEwhJTcuWlClm4ARRQKv/r8Fhjog0mz8+nxPNwLAOAidD/
2hDd62zvFYAKYzn/pVjXTBeTMasyOl0X35CkBgpgxdrLOsrfn0wLeuFAn4XPETRF
ubIl8ovj4/pGCKXPu2l8gTNYn0cG/DZ3iMlFxQIDAQABAoIBACG7nvLlUD8svXwG
ZTBfM97aBL1OI8U4+hrFBpOHtl5MaSfFDlyi2msTL1RbYgqncsCJVZgIwyyLGRyp
sJvBW4g/DfGx1C2K6503KRdNLHbwSBsr7wzPtUgm6xvwHuImPBqLxpXgflQojf7z
VxsaKESOak6CaMVQbUfh30nh1SGK+5b1phU6+mFURBVNacvF7bXWqwXk3zXIQ0UJ
0Lv7m2M0Gtab27OEz19x7z5ouHrJsIs/sc2n3Q2KOscPI3DEUoB/arAGJRpooWO3
MyrEO+Q8qUwSScIwjj5a87LS1B1xoRVHt4ZvEFJk6l/ZXs4WyGrMT6HKyNgiyCgI
9r+BjDkCgYEA3muHcuclTOw/Nv6wdP1K4byCpSeGEQzPFKLnBqr9LyZTkd7C6U8v
TQgVfo64zW1qEC0avwyBzQqMItoPATnoy4OwKel5MnvscPSajuj58V2Yqh8cvuXS
MPcX2BCWNlrf3OnPJp5mfnxpDcN4ZbNDa8rog1pKOOikfg1WDT12OrMCgYEA1ZL5
fCgPBGd08ePa7wLzuUlX1jZgUMf+58ldKtR4selPLpAhGIba3cV25A7ocvefg0A2
8IpPiL9fkPFE49yGzwmYR0oa7+O71keYW6At9Fsp9LDkr6AVmEpoU/Or+IOGkCby
tKe5WilmVUXFlx3Is8CdSMgkgEz34FN0yjQcmacCgYAlxsejmWS5cuqtsYZQ6HBe
dMEPwe3AWZeWXrC0bjhAWNca0GX0cHGNONFFxIHYyjuYccC4MCyfoan5hWXFBIvo
fP5fr/rYuzmGWdUibql8+DOkuVINjkUr8dvH49FPfBHHmKKJYZ/w3bqODuQVCeRq
m3TwUlaG4eSGUEeMSiMZhwKBgEabGkODcsN/+Fdnfp95mF1u88zrmRfbple2aEia
iXQ3r2ezWl2jZ4PdnhpzG0G2v1NCzWbkMrsAmXVvbdjutNqJT4Bx7UnVPenvLV1N
LSQVZ19vg4rUH4+DOc5XRkkYIkpRtfcnY8181knmkRYOUKWsTdMb54VK7L+Kl5ep
drMNAoGBAKt5S+96ipXDRACKYpLg9XQakaGAOVIvXxKKn9lIIs0lT2AOXVlWL+ND
ZVSoDcka28rFEqKOxB7TnMEjUWVDNEi9Z9zykaWGktEL+os0f0j6aUwROEWzHtGe
UJ60K5BR6i9PrQ09et5vaia18OJd7VjapIXR9DkuhyPoXM3IO/5K
-----END RSA PRIVATE KEY-----
---
- name: restart nginx
systemd:
name: nginx
state: restarted
enabled: True
galaxy_info:
author: Eric Pellegrini
description: Role to install and configure nginx
company: Institut Laue Langevin
license: GPL-3.0-only
min_ansible_version: 2.0
platforms:
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- nginx
dependencies: []
---
- name: template load balancer configuration file
template:
src: load-balancer.conf.j2
dest: /etc/nginx/conf.d/load-balancer.conf
force: True
notify: restart nginx
- name: copy ILL certificates
copy:
src: "{{ item }}"
dest: /etc/ssl/certs/
force: True
loop:
- star.ill.fr.key
- star.ill.fr.crt
notify: restart nginx
---
- name: install nginx
apt:
name: nginx
force_apt_get: yes
update_cache: yes
---
# tasks file for roles/nginx
- import_tasks: install.yml
- import_tasks: configure.yml
# Define which servers to include in the load balancing scheme.
# It's best to use the servers' private IPs for better performance and security.
# You can find the private IPs at your UpCloud control panel Network section.
#http {
upstream visa-jupyter {
{% for server in balanced_servers %}
server {{ server }};
{% endfor %}
}
# This server accepts all traffic to port 80 and passes it to the upstream.
# Notice that the upstream name and the proxy_pass need to match.
server {
listen 80;
listen [::]:80;
server_name {{ nginx_server }};
return 301 https://{{ nginx_server }}$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/star.ill.fr.crt;
ssl_certificate_key /etc/ssl/certs/star.ill.fr.key;
location / {
proxy_pass http://visa-jupyter;
}
}
#}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment