RHEL7x_Install-NGINX-as-a-Redis-stunnel-load-balancer-playbook.yml

---

################################################################################
#  description: Installs NGINX as a Redis stunnel load balancer on RHEL7x
#  usage: ansible-playbook RHEL7x_Install-NGINX-as-a-Redis-stunnel-load-balancer-playbook.yml --extra-vars 'HostOrGroup=YourServerOrGroupNameGoesHere'
#  author: Ernest G. Wilson II <ErnestGWilsonII@gmail.com> (https://github.com/ernestgwilsonii)
#  license: MIT
################################################################################


# Ansible Playbook options
# REF: http://docs.ansible.com/ansible/playbooks.html
#####################################################

- name: Install NGINX as a Redis stunnel load balancer on RHEL7x
  hosts: "{{ HostOrGroup|default ('FATAL ERROR --> HostOrGroup NOT SET! You must specify either a Host or a Group name!') }}"
  serial: "100%"
  gather_facts: False
  tasks:


# Install or configure repository used on the OS by yum
# REF: https://docs.ansible.com/ansible/yum_repository_module.html
##################################################################

# /etc/yum.repos.d/nginx.repo
  - name: Install repository nginx
    yum_repository:
      name: nginx
      description: NGINX Repository
      file: nginx
      baseurl: http://nginx.org/packages/mainline/centos/7/$basearch/
      enabled: yes
      gpgcheck: no


# Install yum packages
# REF: http://docs.ansible.com/ansible/yum_module.html
######################################################

  - name: Install nginx
    yum:
      name: nginx
      state: latest

  - name: Install lsof
    yum:
      name: lsof
      state: latest


# Restart firewalld to make sure it is running OK before changing any rules
# REF: http://docs.ansible.com/ansible/service_module.html
##########################################################

  - name: Ensure the firewalld service is enabled and re-started before changing any rules
    service:
      name: firewalld
      enabled: yes
      state: restarted


# Update the firewalld configuration
# REF: http://docs.ansible.com/ansible/firewalld_module.html
############################################################

  - name: Update firewall to allow port TCP 6379 for incoming NGINX Redis stunnel connections
    firewalld:
      port: 6379/tcp
      permanent: true
      immediate: yes
      state: enabled
      zone: public

  - name: Update firewall to allow port TCP 6380 for incoming NGINX Redis stunnel connections
    firewalld:
      port: 6380/tcp
      permanent: true
      immediate: yes
      state: enabled
      zone: public


# Use the file module to delete unwanted files
# REF: http://docs.ansible.com/ansible/file_module.html
#######################################################

# /etc/nginx/conf.d/default.conf
  - name: rm /etc/nginx/conf.d/default.conf
    file:
      path: /etc/nginx/conf.d/default.conf
      state: absent


# Use the template module to populate files with data
# REF: http://docs.ansible.com/ansible/template_module.html
###########################################################

# /etc/nginx/nginx.conf
  - name: Fill in the variables and copy templates/NGINX/nginx-redis-stunnel-load-balancer.conf.j2 to remote /etc/nginx/nginx.conf
    template:
      src: templates/NGINX/nginx-redis-stunnel-load-balancer.conf.j2
      dest: /etc/nginx/nginx.conf
      owner: root
      group: root
      mode: 0644


# Enable and start nginx
# REF: http://docs.ansible.com/ansible/service_module.html
##########################################################

  - name: Enable and start the nginx service
    service:
      name: nginx
      enabled: yes
      state: restarted
      # Note: Verify nginx via SSH command line:
      # systemctl status nginx
      # journalctl -xe
      # cat /etc/systemd/system/multi-user.target.wants/nginx.service
      # /usr/sbin/nginx -t -c /etc/nginx/nginx.conf
      # lsof -P | grep IPv4
      # lsof -P | grep IPv4 | sort -t: -k2,2n
      # https://www.nginx.com/resources/admin-guide/tcp-load-balancing/