mirror of
https://github.com/KevinMidboe/schleppe-pulumi.git
synced 2026-02-12 20:39:19 +00:00
copy varnish config templates to all hosts
This commit is contained in:
46
ansible/roles/varnish/tasks/copy-source.yml
Normal file
46
ansible/roles/varnish/tasks/copy-source.yml
Normal file
@@ -0,0 +1,46 @@
|
||||
---
|
||||
- file:
|
||||
path: "/etc/varnish"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- template:
|
||||
src: default.vcl.j2
|
||||
dest: "{{ varnish_cfg_path }}/default.vcl"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
# validate: "haproxy -c -f %s"
|
||||
notify: reload varnish
|
||||
|
||||
- template:
|
||||
src: vcl_deliver.vcl.j2
|
||||
dest: "{{ varnish_cfg_path }}/vcl_deliver.vcl"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
# validate: "haproxy -c -f %s"
|
||||
notify: reload varnish
|
||||
|
||||
- file:
|
||||
path: "/etc/varnish/includes"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- template:
|
||||
src: includes/x-cache-header.vcl.j2
|
||||
dest: "{{ varnish_cfg_path }}/includes/x-cache-header.vcl"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
# validate: "haproxy -c -f %s"
|
||||
notify: reload varnish
|
||||
|
||||
- service:
|
||||
name: varnish
|
||||
state: restarted
|
||||
|
||||
113
ansible/roles/varnish/tasks/install.yml
Normal file
113
ansible/roles/varnish/tasks/install.yml
Normal file
@@ -0,0 +1,113 @@
|
||||
---
|
||||
- name: Ensure apt cache is up to date (pre)
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: Debian only - ensure debian-archive-keyring is installed
|
||||
ansible.builtin.apt:
|
||||
name: debian-archive-keyring
|
||||
state: present
|
||||
when: ansible_facts.distribution == "Debian"
|
||||
|
||||
- name: Ensure required tools are installed (curl, gnupg, apt-transport-https)
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- curl
|
||||
- gnupg
|
||||
- apt-transport-https
|
||||
state: present
|
||||
|
||||
# Packagecloud repo parameters:
|
||||
# os = "debian" or "ubuntu"
|
||||
# dist = codename (e.g. bookworm, bullseye, focal, jammy, noble)
|
||||
# :contentReference[oaicite:1]{index=1}
|
||||
- name: Set packagecloud repo parameters
|
||||
ansible.builtin.set_fact:
|
||||
varnish_pkgcloud_os: "{{ 'ubuntu' if ansible_facts.distribution == 'Ubuntu' else 'debian' }}"
|
||||
varnish_pkgcloud_dist: "bookworm"
|
||||
# varnish_pkgcloud_dist: "{{ ansible_facts.distribution_release }}"
|
||||
|
||||
# ---- apt >= 1.1 path (keyrings + signed-by) ----
|
||||
- name: Ensure /etc/apt/keyrings exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/keyrings
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Download packagecloud GPG key (ascii)
|
||||
ansible.builtin.get_url:
|
||||
url: https://packagecloud.io/varnishcache/varnish{{ varnish_major }}/gpgkey
|
||||
dest: /tmp/varnishcache_varnish{{ varnish_major }}.gpgkey
|
||||
mode: "0644"
|
||||
|
||||
- name: Dearmor packagecloud key into /etc/apt/keyrings
|
||||
ansible.builtin.command: >
|
||||
gpg --dearmor -o /etc/apt/keyrings/varnishcache_varnish{{ varnish_major }}-archive-keyring.gpg
|
||||
/tmp/varnishcache_varnish{{ varnish_major }}.gpgkey
|
||||
args:
|
||||
creates: /etc/apt/keyrings/varnishcache_varnish{{ varnish_major }}-archive-keyring.gpg
|
||||
|
||||
- name: Ensure Sequoia crypto-policy directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/crypto-policies/back-ends
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: Allow SHA1 signatures for sequoia (packagecloud compatibility)
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/crypto-policies/back-ends/sequoia.config
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
backup: true
|
||||
content: |
|
||||
[hash_algorithms]
|
||||
sha1 = "always"
|
||||
|
||||
- name: Add Varnish 6.0 LTS repo
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/varnishcache_varnish{{ varnish_major }}-archive-keyring.gpg] https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_pkgcloud_os }}/ {{ varnish_pkgcloud_dist }} main"
|
||||
filename: varnishcache_varnish{{ varnish_major }}
|
||||
state: present
|
||||
|
||||
- name: Add Varnish 6.0 LTS source repo (optional)
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb-src [signed-by=/etc/apt/keyrings/varnishcache_varnish{{ varnish_major }}-archive-keyring.gpg] https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_pkgcloud_os }}/ {{ varnish_pkgcloud_dist }} main"
|
||||
filename: varnishcache_varnish{{ varnish_major }}
|
||||
state: present
|
||||
when:
|
||||
- varnish_enable_deb_src | default(false)
|
||||
|
||||
- name: Update apt cache (after adding repo)
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Install Varnish Cache 6.0 LTS
|
||||
ansible.builtin.apt:
|
||||
name: "{{ varnish_packages | default(['varnish']) }}"
|
||||
state: present
|
||||
|
||||
|
||||
- name: Copy systemd template
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: varnish-systemd.j2
|
||||
dest: /lib/systemd/system/varnish.service
|
||||
owner: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Restart systemd daemon
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: Reload varnish service
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: varnish.service
|
||||
state: reloaded
|
||||
|
||||
|
||||
@@ -1,57 +1,2 @@
|
||||
---
|
||||
- name: update apt
|
||||
become: true
|
||||
apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
|
||||
- name: install required packages
|
||||
package:
|
||||
name:
|
||||
- debian-archive-keyring
|
||||
- curl
|
||||
- gnupg
|
||||
- apt-transport-https
|
||||
|
||||
- name: add varnish apt key & repo
|
||||
block:
|
||||
- name: add varnish key
|
||||
apt_key:
|
||||
url: https://packagecloud.io/varnishcache/varnish60lts/gpgkey
|
||||
state: present
|
||||
|
||||
- name: add varnish repo
|
||||
apt_repository:
|
||||
repo: 'deb https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_release }} {{ varnish_release_codename }} main'
|
||||
state: present
|
||||
|
||||
- name: add varnish repo src
|
||||
apt_repository:
|
||||
repo: 'deb-src https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_release }} {{ varnish_release_codename }} main'
|
||||
state: present
|
||||
|
||||
- name: update apt
|
||||
become: true
|
||||
apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
|
||||
- name: install varnish package
|
||||
package:
|
||||
name: varnish
|
||||
|
||||
- name: copy systemd template
|
||||
template:
|
||||
src: varnish-systemd.j2
|
||||
dest: /lib/systemd/system/varnish.service
|
||||
owner: root
|
||||
mode: 644
|
||||
|
||||
- name: restart systemd daemon
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: restart varnish service
|
||||
systemd:
|
||||
name: varnish.service
|
||||
state: reloaded
|
||||
- import_tasks: install.yml
|
||||
- import_tasks: copy-source.yml
|
||||
|
||||
Reference in New Issue
Block a user