Ansible Practice - Session 2

Ansible Practice - Session 2

Melanjutken kita materi Ansible di Part 2..

Create Roles Database MariaDB

next kita bikin roles install MariaDB, buat folder dengan nama mariadb di folder roles, dan di dalam folder mariadb create folder tasks.

main.yaml

- name: install database mariadb
  apt:
    name: '{{ item }}'
    state: present
  loop:
    - mariadb-server
    - mariadb-client
    - python3-mysqldb

- name: database user
  mysql_user:
    name: '{{ db_user }}'
    password: '{{db_password}}'
    priv: '*.*:ALL'
    state: present
    host: '{{db_host}}'

- name: tambah database
  mysql_db:
    name: '{{ db_name }}'
    state: present

- name: change bind address to 0.0.0.0
  lineinfile:
    path: /etc/mysql/mariadb.conf.d/50-server.cnf
    regexp: '^bind-address'
    line: bind-address = 0.0.0.0
    backup: yes
  notify:
    - restart mariadb

mariadb-server-playbook.yaml

- name: Install Database Mariadb
  hosts: database
  become: yes
  roles:
    - roles/update-os
    - role: roles/mariadb
      vars: 
        db_user: 
        db_password: 
        db_host: '%'
        db_name: 'db_landing_page'

untuk db_user dan db_password kita akan menggunakan ansible-vault karna itu merupakan data sensitif yang tidak mungkin lgsung terlihat. cara nya seperti ini :

~/studi-kasus$ ansible-vault encrypt_string 'mdrdani'
New Vault password: *buat password untuk encrypt/decrypt*
Confirm New Vault password: 
!vault |
          $ANSIBLE_VAULT;1.1;AES256
          39643539643366643331396338383763393063396164646264633130653762623839653431323162
          316331663131643065633334663531660a383135366333326237353435336638
          37623935396361303432346535343135313066663464613036363732386166336164
          3637393964356263310a383561323761666339366464643865376234623263623763383462653365
          6566

Copy semua dari !vault| sampai angka terakhir . Lakukan juga untuk password tinggal di rubah string nya.

selanjutnya buat folder dengan nama handlers di dalam folder mariadb. Kegunaan untuk merestart service mariadb.

main.yaml

- name: restart mariadb
  service: 
    name: mariadb
    state: restarted

jika sudah semua maka kita jalankan playbook mariadb nya.

~/studi-kasus$ ansible-playbook -i inventory mariadb-server-playbook.yaml --ask-vault-password

Create Roles Web Landing Page

create folder landing-page di dalam folder roles, dan selanjut nya create folder tasks di dalam folder landing-page.

main.yaml

- name: install requirement
  apt:
    name: '{{ item }}'
    state: present
  loop:
    - php-fpm
    - php-mysql
    - git

- name: create folder for app code
  file:
    path: /var/www/landingpage.***.me/html/
    state: directory
    owner: www-data
    group: www-data
    recurse: yes

- name: delete default config nginx
  file:
    path: '{{ item }}'
    state: absent
  loop:
    - /etc/nginx/sites-available/default
    - /etc/nginx/sites-enabled/default

- name: copy nginx config
  copy:
    src: files/default
    dest: /etc/nginx/sites-available/default

- name: symbolik link nginx
  file:
    src: /etc/nginx/sites-available/default
    dest: /etc/nginx/sites-enabled/default
    state: link
  notify:
    - reload nginx

- name: git config safe directory
  shell: git config --global --add safe.directory /var/www/landingpage.***.me/html

- name: pulling app
  git:
    repo: https://github.com/mdrdani/sample-php.git
    dest: /var/www/landingpage.***.me/html/
    update: yes
    force: yes

- name: copy database.php ke server
  template:
    src: templates/database.php.j2
    dest: /var/www/landingpage.***.me/html/application/config/database.php

*** diganti sesuai keinginan

pada main.yaml bagian name : copy nginx config kita akan membuat satu file dengan nama default. create folder files di dalam folder landing-page dan letakkan file default di dalamnya.

default

server {
    listen 80;
    root /var/www/landingpage.***.me/html/;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name _;
    access_log /var/log/nginx/example.access.log;
    error_log /var/log/nginx/example.error.log;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

next kita akan membuat file handlers untuk mereload ulang web service nginx. buat folder handlers di dalam folder landing-page.

main.yaml

- name: reload nginx
  service: 
    name: nginx
    state: reloaded

Selanjutnya kita akan merubah database.php dari framework Codeigniter. buat folder dengan nama templates didalam folder landing-page. setelah itu buat file dengan nama database.php.j2 didalam folder templates.

database.php.j2

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

$active_group = 'default';
$query_builder = TRUE;

$db['default'] = array(
    'dsn'    => '',
    'hostname' => '{{ db_host }}',
    'username' => '{{ db_user }}',
    'password' => '{{ db_password }}',
    'database' => '{{ db_name }}',
    'dbdriver' => 'mysqli',
    'dbprefix' => '',
    'pconnect' => FALSE,
    'db_debug' => (ENVIRONMENT !== 'production'),
    'cache_on' => FALSE,
    'cachedir' => '',
    'char_set' => 'utf8',
    'dbcollat' => 'utf8_general_ci',
    'swap_pre' => '',
    'encrypt' => FALSE,
    'compress' => FALSE,
    'stricton' => FALSE,
    'failover' => array(),
    'save_queries' => TRUE
);

variable db_host, db_user, db_password, dan db_name akan di simpan di folder vars sebagai salah satu usaha mengamankan credential. Buat folder vars didalam folder landing-page dan buat file di dalam nya.

main.yaml

db_host: 102.108.****
db_user: ****
db_password: ******
db_name: db_landing_page

sesuaikan dengan konfigurasi yang diinginkan. jika sudah kita encrypt

~/vars$ ansible-vault encrypt main.yaml
New Vault password:
Confirm New Vault password:
Encryption successful

sehingga isi nya akan terenkripsi.

$ANSIBLE_VAULT;1.1;AES256
31376261373831303463343839303832333334613938363738656265366534313932356264663966
3032303462633033343532303737656333383434303539340a346131353862633363663431616465
37383630323532636531343231663036623337643437373765316362643535653166333366396133
6432643232666565610a666235613334316165313864343863663832326661653934323762636638
35373134636230643431383631346635653438336663656138346161346534343063646330616362
31633638623431376636346536393663646132636636393963373166393066303965346364373731
33666131386164666138616431343638616162656266643135326330666632636339643063386562
30346264633565623662333638333765316431393032313931643135393838653331333163646662
6435

Tambahkan roles/landing-page pada landing-page-playbook.yaml

- name: setup landing page server
  hosts: landing-page
  become: yes
  roles:
    - roles/update-os
    - roles/nginx
    - roles/landing-page

jika sudah semua maka kita jalankan playbook landing-page nya.

~/studi-kasus$ ansible-playbook -i inventory landing-page-playbook.yaml --ask-vault-password

oke check Web server nya apakah sudah berubah tampilan landing-page nya.