Ansible roles for setting up environment to server Drupal sites
wunderio / wundermachina Goto Github PK
View Code? Open in Web Editor NEWVagrant & Ansible stuff to build up virtual environment on your local
License: MIT License
Vagrant & Ansible stuff to build up virtual environment on your local
License: MIT License
Should be possible to define additional set_real_ip_from addresses to pass original request ip
Let developers write bash scripts to install their favorite node versions and do stuff.
I have a feeling that after the latest update to the role the backup is no longer properly done if provisioned based on that.
I took a look at sites that built it based on the previous version and noticed that this commit messes up the logic.
cbf5086
No longer are the backups created into
{{ backup_location }}/drupal/database and then also deleted according to the backup_keep_max_days because the backups are just thrown into the {{ backup_location }}/.tgz format.
Can the role be update to work like it used to with also having the file backup option?
We have a project where we would need multicore SOLR installation where both dev and stage sites are on the same server.
Currently default is once a day at 01:00, should be possible to define the crun intervals.
When defining a specific rule I would like to be able to add a description to that firewall rule so that it`s clear what is it for when looking at the upcloud control panel.
Currently we have fixed cache_form and search_index tables excluded. It should be possible to define those individually.
Verify all relevant logs get tracked automatically and setup drupal.log for syslog logging
failed: [192.168.10.11] (item=({u'section': u'XDebug'}, {u'val': 1, u'key': u'xdebug.remote_enable'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_enable", "val": 1}], "msg": "Destination /etc/php.d/zzz-xdebug.ini does not exist !", "rc": 257}
failed: [192.168.10.11] (item=({u'section': u'XDebug'}, {u'val': u'dbgp', u'key': u'xdebug.remote_handler'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_handler", "val": "dbgp"}], "msg": "Destination /etc/php.d/zzz-xdebug.ini does not exist !", "rc": 257}
failed: [192.168.10.11] (item=({u'section': u'XDebug'}, {u'val': 1, u'key': u'xdebug.remote_connect_back'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_connect_back", "val": 1}], "msg": "Destination /etc/php.d/zzz-xdebug.ini does not exist !", "rc": 257}
failed: [192.168.10.11] (item=({u'section': u'XDebug'}, {u'val': 9000, u'key': u'xdebug.remote_port'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_port", "val": 9000}], "msg": "Destination /etc/php.d/zzz-xdebug.ini does not exist !", "rc": 257}
failed: [192.168.10.11] (item=({u'section': u'XDebug'}, {u'val': 0, u'key': u'xdebug.remote_autostart'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_autostart", "val": 0}], "msg": "Destination /etc/php.d/zzz-xdebug.ini does not exist !", "rc": 257}
./provision.sh -t php-fpm stage
...
TASK [php-fpm : template] ******************************************************************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'unicode object' has no attribute 'key'"}
Traced the issue to a template file...
{% for variable in php_env_vars %}
env[{{ variable.key }}] = "{{ variable.value }}"
{% endfor %}
... that loads the following:
php_env_vars:
- key: "WKV_SITE_ENV"
value: "{{ wkv_site_env }}"
❯ ansible --version
ansible 2.3.0.0
---> Package mesa-libGLU.x86_64 0:9.0.0-4.el7 will be installed
--> Finished Dependency Resolution
Error: Package: ImageMagick-last-perl-6.9.3.3-1.el7.remi.x86_64 (remi)
Requires: ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Installed: ImageMagick-last-libs-6.9.3.4-1.el7.remi.x86_64 (@remi-safe)
ImageMagick-last-libs(x86-64) = 6.9.3.4-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.2-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.2-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.3-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Error: Package: ImageMagick-last-c++-6.9.3.3-1.el7.remi.x86_64 (remi)
Requires: ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Installed: ImageMagick-last-libs-6.9.3.4-1.el7.remi.x86_64 (@remi-safe)
ImageMagick-last-libs(x86-64) = 6.9.3.4-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.2-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.2-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.3-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Error: Package: ImageMagick-last-djvu-6.9.3.3-1.el7.remi.x86_64 (remi)
Requires: ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Installed: ImageMagick-last-libs-6.9.3.4-1.el7.remi.x86_64 (@remi-safe)
ImageMagick-last-libs(x86-64) = 6.9.3.4-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.2-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.2-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.3-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Error: Package: ImageMagick-last-6.9.3.3-1.el7.remi.x86_64 (remi)
Requires: ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
Installed: ImageMagick-last-libs-6.9.3.4-1.el7.remi.x86_64 (@remi-safe)
ImageMagick-last-libs(x86-64) = 6.9.3.4-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.2-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.2-1.el7.remi
Available: ImageMagick-last-libs-6.9.3.3-1.el7.remi.x86_64 (remi)
ImageMagick-last-libs(x86-64) = 6.9.3.3-1.el7.remi
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
This is suggested officially by drush install instructions.
Will use project specific drush versions by default.
Note, makes drush not work outside project folders!
Using a d8 box:
[vagrant@local current]$ pip install git-up
-bash: pip: command not found
Please could you include pip by default?
It'd also be nice to upgrade from Python 2.7.5 (released 15th May 2013) to the most recent 2.7.13 (released 17th December 2016).
Services like Cloudflare update their ip address ranges regularly so we need to have a way to automatically update the ip addresses defined in real_ip_from variable. We should also make sure that the list does not get overridden with old values when we provision some changes to configs via Ansible run.
I think we can use Cloudflare here as an example to start building from. They offer their ip address ranges as a simple txt file that can be found from here https://www.cloudflare.com/ips/
Currently we force the vagrant box version to 1.1.3, because 1.1.4 had issues, but 1.1.3 version is no longer available. This means projects like https://github.com/wunderkraut/wundertools that depend on wundermachina are unusable for any developers who don't have the old 1.1.3 version of the box available to them.
TASK [database : Setup databases] **********************************************
fatal: [192.168.10.48]: FAILED! => {"failed": true, "msg": "with_dict expects a dict"}
Related upstream error ansible/ansible#17636
We should have controlled releasees using e.g. tags to fix specific releases to make it easier to pin versions in projects to a specific tag. @mikaelkundert
... if not exists
We have a project where would need to have the Nginx client_max_body_size setting configurable, but I don't think it's currently possible
A few developers notice this while provisioning.
Related errors below:
TASK [devtools : PHP | Set up xdebug.ini] ************************************** failed: [default] (item=({u'section': u'XDebug'}, {u'key': u'xdebug.remote_enable', u'val': 1})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_enable", "val": 1}], "msg": "unsupported parameter for module: create"} failed: [default] (item=({u'section': u'XDebug'}, {u'key': u'xdebug.remote_handler', u'val': u'dbgp'})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_handler", "val": "dbgp"}], "msg": "unsupported parameter for module: create"} failed: [default] (item=({u'section': u'XDebug'}, {u'key': u'xdebug.remote_connect_back', u'val': 1})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_connect_back", "val": 1}], "msg": "unsupported parameter for module: create"} failed: [default] (item=({u'section': u'XDebug'}, {u'key': u'xdebug.remote_port', u'val': 9000})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_port", "val": 9000}], "msg": "unsupported parameter for module: create"} failed: [default] (item=({u'section': u'XDebug'}, {u'key': u'xdebug.remote_autostart', u'val': 0})) => {"failed": true, "item": [{"section": "XDebug"}, {"key": "xdebug.remote_autostart", "val": 0}], "msg": "unsupported parameter for module: create"}
Just need to update some configs
Please add xhprof to devtools playbook, so that we can debug performance related issues. Test it with devel module, it needs two variables - path to xhprof logs and url to xhprof html page.
Xhprof might save log files in jailed tmp folder, so you have set PrivateTmp to false in php-fpm systemd settings. If there is any way to avoid it, leave the PrivateTmp on.
I took latest master branch and configured Varnish. In my Vagrant environment the error pages aren't rendering anything when I take down memcached service (for testing the error page).
$ curl -v -k https://example.com
* Rebuilt URL to: https://example.com/
* Trying 192.168.10.172...
* Connected to example.com (192.168.10.172) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: example.com
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 503 Internal Error
< Date: Thu, 30 Jun 2016 14:47:58 GMT
< Server: Varnish
< X-Varnish: 32782
< Content-Length: 0
< Connection: close
<
* Closing connection 0
In varnishlog
* << Request >> 32782
- Begin req 32781 rxreq
- Timestamp Start: 1467298078.173739 0.000000 0.000000
- Timestamp Req: 1467298078.173739 0.000000 0.000000
- ReqStart 127.0.0.1 19798
- ReqMethod GET
- ReqURL /
- ReqProtocol HTTP/1.0
- ReqHeader Host: example.com
- ReqHeader User-Agent: curl/7.43.0
- ReqHeader Accept: */*
- ReqHeader X-Forwarded-For: 192.168.10.1
- ReqHeader X-Forwarded-Host: example.com
- ReqHeader X-Forwarded-Server: example.com
- ReqUnset X-Forwarded-For: 192.168.10.1
- ReqHeader X-Forwarded-For: 192.168.10.1, 127.0.0.1
- VCL_call RECV
- VCL_acl MATCH upstream_proxy "127.0.0.1"
- VCL_acl MATCH upstream_proxy "127.0.0.1"
- ReqUnset X-Forwarded-For: 192.168.10.1, 127.0.0.1
- ReqHeader X-Forwarded-For: 192.168.10.1, 127.0.0.1
- ReqHeader Surrogate-Capability: key=ESI/1.0
- VCL_return hash
- VCL_call HASH
- VCL_return lookup
- Debug "XXXX MISS"
- VCL_call MISS
- VCL_return fetch
- Link bereq 32783 fetch
- Timestamp Fetch: 1467298078.173944 0.000205 0.000205
- RespProtocol HTTP/1.1
- RespStatus 503
- RespReason Backend fetch failed
- RespHeader Date: Thu, 30 Jun 2016 14:47:58 GMT
- RespHeader Server: Varnish
- RespHeader Content-Type: text/html; charset=utf-8
- RespHeader Retry-After: 5
- RespHeader X-Varnish: 32782
- RespHeader Age: 0
- RespHeader Via: 1.1 varnish-v4
- VCL_call DELIVER
- RespHeader X-W-Cache: MISS
- RespHeader X-W-Cache-Hits: 0
- RespUnset Server: Varnish
- RespUnset X-Varnish: 32782
- RespUnset Via: 1.1 varnish-v4
- Debug "VCL_error(503, Internal Error)"
- VCL_return synth
- Timestamp Process: 1467298078.173966 0.000227 0.000022
- Timestamp Process: 1467298078.173971 0.000232 0.000005
- RespHeader Date: Thu, 30 Jun 2016 14:47:58 GMT
- RespHeader Server: Varnish
- RespHeader X-Varnish: 32782
- RespProtocol HTTP/1.1
- RespStatus 503
- RespReason Service Unavailable
- RespReason Internal Error
- VCL_call SYNTH
- VCL_return deliver
- RespHeader Content-Length: 0
- Debug "RES_MODE 2"
- RespHeader Connection: close
- Timestamp Resp: 1467298078.174002 0.000263 0.000031
- ReqAcct 212 0 212 141 0 141
- End
I'm getting this issue:
TASK [solr : ensure solr is running now and on boot] ***************************
fatal: [default]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service \"'solr'\": "}
Drupal 8 doesn't have cache_form or search_index tables that are excluded by default in backup.sh resulting in error. Excluded tables should be better configurable.
It would be ideal to provide releases, so projects may specify which version of WunderMachina they want to pull (and therefore knows that is compatible to its project).
It seems that we have two major branches, centos6 and centos7. We could have releases for each branch as following example:
We also need to discuss that if this can be done, what type of changes is allowed to change the each version segment. I would prefer to follow semantic version standard here.
It should be possible to separate / group those e.g. by the top level domains by running the client multiple times, once for each group.
TASK [sslterminator : lineinfile] ********************************************** fatal: [default]: FAILED! => {"failed": true, "msg": "ERROR! The conditional check 'papertrail_enabled == True' failed. The error was: ERROR! error while evaluating conditional (papertrail_enabled == True): ERROR! 'papertrail_enabled' is undefined\n\nThe error appears to have been in '/Users/bernt/Sites/altia-industrial/ansible/playbook/roles/sslterminator/tasks/main.yml': line 63, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n# Make papertrail follow appserver logs.\n- lineinfile:\n ^ here\n"}
I've gotten information this might be the right configuration:
- section: PHP
options:
- key: sendmail_path
val: "/usr/sbin/ssmtp -t"```
Elasticsearch 5 has been around for a while, we are using it on many projects, it makes sense to have it as the default.
Note that the "kopf" plugin is not available anymore (plugins that deliver HTML pages have been deprecated for security reasons). Instead we should provide https://github.com/lmenezes/cerebro as a separate role for development environments.
Change certbot to use webroot method for fetching the certificate too. Now it's only used to renew the certificate. https://certbot.eff.org/docs/using.html#webroot
Excluding varnish should not prevent those roles from working independently.
The varnish.control_key checks should also check whether varnish itself exists.
Using: Vagrant 1.8.1 , ansible 2.0.1.0 gets deprecation warnings:
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in a future release. [DEPRECATION WARNING]: Using bare variables is deprecated. Update your playbooks so that the environment value uses the full variable syntax ('{{databases}}'). This feature will be removed in a future release.
Missing application name variable
vagrant-hostmanager requires libffi to be present on a system. Missing libffi will lead to failure of any vagrant command.
Letsencrypt currently only adds new domain names in initial deployment. This hasn't been a problem so far because we usually use new servers for everything.
Today I needed to deploy new site into shared production server and couldn't add new domains to letsencrypt even though I used:
letsencrypt_domains:
- old-domain.com
- www.old-domain.com
- new-domain.com
- www.new-domain.com
This happens because the ansible will add the certs only in initial deploy:
- name: Run initial certificate request only if port 80 is free
command: "{{ letsencrypt_command }}"
when: port_80.stdout.find('nginx') == -1
What we should do is this:
vars:
# Define a command for servers which are already running
letsencrypt_webroot_command: "{{ letsencrypt_src }}/letsencrypt/letsencrypt-auto certonly --webroot --agree-tos --text -n --expand --email {{ letsencrypt_email }} {% for d in letsencrypt_domains %}-d {{ d }} {% endfor %}"
tasks:
- name: Run initial certificate request only if port 80 is free
command: "{{ letsencrypt_webroot_command }}"
when: port_80.stdout.find('nginx') != -1
This should also check the output of:
$ "{{ letsencrypt_src }}/letsencrypt/letsencrypt-auto certificates"
And only run the webroot command if all of the domains are not already in the list so we don't waste valuable request limits from letsencrypt.
Sorry to bother you @tharna :).
i tried to do a cd when vagrant ssh, but can't make it work. I'm pretty sure it has done once by inserting the same command directly in my ~/.bashrc, but putting it into provision.sh it fails and i can't understand why :).
I'm referring to the feature/14-cd_upon_login in git :)
Moved from Ansibleref
Will need several changes:
Today with a quick research I found out that memcache is not supported in PHP7 yet officially in current repositories.
Is there any way of support this before ”official" release? See https://serversforhackers.com/video/installing-php-7-with-memcached (didn't tried myself).
The css file is not available anymore, most likely because the WK site was recently renewed:
https://wunderkraut.fi/sites/default/files/error_page/style.css
We need to use https://github.com/juampynr/syncdb to sync a big database between environments. Please add support for it.
There's version 3.2.0 in EPEL repos and there's instructions for CentOS 6 here: http://idroot.net/tutorials/how-to-install-hhvm-on-centos-6/
Last commit to that branch was on Sep 29, 2014
I managed to build 3.5.2-dev (using instructions here - http://infinitescript.com/2015/02/building-and-installing-hhvm-on-centos-7/ ).
Last commit to that branch was on Feb 18, 2015
Building the latest version failed. I'll still try and get some newer version built.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.