init

group_vars/all.yml

@@ -955,7 +955,6 @@ magento_admin_user_lastname: Suite
 
 # Path to node warmup script executed at instance start relative to magento app root dir - never need to override...
 magento_node_warmup_script_path: /bin/node-warmup.sh
-mageops_wait_for_warmup_secs: 600
 
 # ------------------------------
 # --------  Magento SCD --------
@@ -1673,8 +1672,6 @@ varnish_strip_params:
   - "{{ https_termination_redirect_source_domain_param }}"
 
 varnish_debug_request_info_header_name: "{{ mageops_debug_http_header_prefix }}-Info-Varnish"
-varnish_bypass_request_info_header_name: "{{ mageops_bypass_http_header_prefix }}-Info-Varnish"
-
 
 # ----------------------------------------------------------
 # --------  Varnish Language Detection & Redirects  --------
@@ -1823,11 +1820,6 @@ mageops_cli_features_dir: /usr/local/lib/mageops/features
 # Whether to perform full update
 mageops_packages_full_update: yes
 
-# Package manager to use
-mageops_pkg_mgr:
-  # Supported options: dnf, yum
-  centos7: dnf
-
 # Packages that are ensured to be absent on all nodes
 mageops_packages_mirrorlist_countrycode: "de"
 
@@ -2055,4 +2047,5 @@ aws_pio_ebs_volume_size: "{{ aws_app_node_ebs_volume_size }}"
 # ----- New Relic -----
 # ---------------------
 new_relic_app_name: "{{ mageops_app_name }}"
-mageops_new_relic_enabled: yes
+mageops_new_relic_enabled: no
+# new_relic_license need to be set up

requirements-python.txt

@@ -4,10 +4,6 @@ ansible>=6,<7
 # make sure this is BEFORE boto3 and boto
 awscli
 
-# some tasks call aws command on localhost
-# make sure this is BEFORE boto3 and boto
-awscli
-
 # needed for inventory and aws modules
 boto3
 

roles/cs.aws-iam-employee-access/templates/employee_full_access.policy.json

@@ -29,6 +29,7 @@
             "Effect": "Allow",
             "Resource": "arn:aws:pi:*:*:metrics/rds/*"
         },
+
         {
             "Action": "ec2:*",
             "Effect": "Allow",
@@ -306,11 +307,6 @@
                 "freetier:Get*"
             ],
             "Resource": "*"
-        },
-        {
-            "Action": "dlm:*",
-            "Effect": "Allow",
-            "Resource": "*"
         }
     ]
 }

roles/cs.aws-iam/defaults/main.yml

@@ -12,9 +12,6 @@ aws_iam_policy_cloudwatch_metrics_access: "{{ aws_iam_name_prefix }}CloudWatchMe
 aws_iam_policy_lambda_access: "{{ aws_iam_name_prefix }}LambdaAccess"
 aws_iam_policy_kms_access: "{{ aws_iam_name_prefix }}KmsAccess"
 
-aws_iam_policy_dlm_sts_access: "{{ aws_iam_name_prefix }}DLMAllowSTSAccess"
-aws_iam_policy_dlm_aws_access: "{{ aws_iam_name_prefix }}DLMAccess"
-
 aws_iam_group_custom_policies: "{{ aws_iam_name_prefix }}CustomPolicies"
 aws_iam_group_standard_policies: "{{ aws_iam_name_prefix }}StandardPolicies"
 
@@ -32,5 +29,3 @@ aws_iam_role_node_coordinator_lambda_execution: "{{ aws_iam_name_prefix }}Handle
 aws_iam_role_app_node: "{{ aws_iam_name_prefix }}AppNode"
 aws_iam_role_varnish: "{{ aws_iam_role_app_node }}"
 aws_iam_role_persistent_node: "{{ aws_iam_name_prefix }}PersistentNode"
-
-aws_iam_role_dlm: "{{ aws_iam_name_prefix }}DLM"

roles/cs.aws-iam/tasks/main.yml

@@ -3,4 +3,3 @@
 - import_tasks: lambda-roles.yml
 - import_tasks: kms-roles.yml
 - import_tasks: provisioning-groups.yml
-- import_tasks: dlm-roles.yml

roles/cs.cloudflare/defaults/main.yml

@@ -1,5 +1,5 @@
 cloudflare_enabled: no
-# Accept only traffic coming from Cloudflare
+# Accept only traffic comming from Cloudflare
 cloudflare_exclusive_traffic: yes
 
 # configuration file paths

roles/cs.geolite2/tasks/main.yml

@@ -10,12 +10,7 @@
 - name: Install geoupdate configuration
   template:
     src: GeoIP.conf.j2
-    dest: /usr/local/etc/GeoIP.conf
-
-- name: Install geoupdate 6.x configuration
-  template:
-    src: GeoIP6.conf.j2
-    dest: /usr/local/etc/GeoIP.conf
+    dest: /etc/GeoIP.conf
 
 - name: Update geolite2 databases
   shell: geoipupdate

roles/cs.magento-configure/defaults/main/app-etc.yml

@@ -165,9 +165,6 @@ magento_app_etc_config_consumer_workers:
   cron_consumers_runner:
     cron_run: false
     max_messages: "{{ magento_consumer_workers_max_messages | default(500) }}"
-  queue:
-    consumers_wait_for_messages: 0
-    only_spawn_when_message_available: 1
 
 magento_app_etc_config_cron_consumers:
   cron_consumers_runner:

roles/cs.magento-configure/tasks/000-prepare-runtime-config.yml

@@ -63,8 +63,14 @@
             magento_core_config_settings: "{{ magento_core_config_settings + magento_baler_js_bundling_core_config }}"
   when: magento_scd_advanced_js_bundling and magento_scd_advanced_js_bundling_strategy == 'baler'
 
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
 - name: Check if database is initialized
-  command: mysql -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';"
+  command: mysql --ssl-ca=/tmp/eu-central-1-bundle.pem -N --batch -u {{ mageops_app_mysql_user|quote }} -p{{ mageops_app_mysql_pass|quote }} -h {{ mageops_mysql_host|quote }} -e "SHOW TABLES FROM `{{ mageops_app_mysql_db }}` LIKE 'admin_user';"
   changed_when: false
   register: admins
 

roles/cs.magento-configure/tasks/080-core-config.yml

@@ -9,12 +9,20 @@
     magento_core_config_settings: "{{ magento_core_config_settings + _extra_items }}"
   when: magento_varnish_host | default(false, true)
 
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
+
 - name: Ensure core config database settings' values
   community.mysql.mysql_query:
     login_db: "{{ mageops_app_mysql_db }}"
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
+    ca_cert: /tmp/eu-central-1-bundle.pem
     query: |
       INSERT INTO `core_config_data`
       SET
@@ -35,6 +43,7 @@
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
+    ca_cert: /tmp/eu-central-1-bundle.pem
     query: |
       INSERT IGNORE INTO `core_config_data`
       SET
@@ -47,16 +56,18 @@
   loop_control:
     loop_var: magento_db_setting
 
+
 - name: Ensure core config database settings are absent (defaults are used)
   community.mysql.mysql_query:
-    login_db: "{{ mageops_app_mysql_db }}"
+    state: absent
+    name: "{{ mageops_app_mysql_db }}"
+    table: core_config_data
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_app_mysql_user }}"
     login_password: "{{ mageops_app_mysql_pass }}"
-    query: |
-      DELETE FROM core_config_data
-      WHERE
-        path = "{{ magento_db_setting_path | quote }}"
+    ca_cert: /tmp/eu-central-1-bundle.pem
+    identifiers:
+      path: "{{ magento_db_setting_path }}"
   loop: "{{ magento_core_config_settings_to_remove }}"
   loop_control:
     loop_var: magento_db_setting_path

roles/cs.mageops-cli/files/mageopscli

@@ -151,7 +151,6 @@ main::help() {
     main::eprintln "  is_feature_flag_set <feature>        Checks if there is any value set for feature flag"
     main::eprintln "                                       status code 0 means flag is set, 1 otherwise"
     main::eprintln "  apply_features                       Apply feature updates to this host"
-    main::eprintln "  clear_opcache                        Clears opcache for php and php-fpm"
     main::eprintln ""
     main::eprintln " Mageops cli tools"
     main::eprintln "  (c) Creativestyle 2020"

roles/cs.mysql-configure/tasks/create-db.yml

@@ -1,10 +1,17 @@
+- name: Download CA RDS
+  ansible.builtin.get_url:
+    url: https://truststore.pki.rds.amazonaws.com/eu-central-1/eu-central-1-bundle.pem
+    dest: /tmp/eu-central-1-bundle.pem
+    mode: '0666'
+
 - name: Ensure project database exists
   mysql_db:
     login_host: "{{ mageops_mysql_host }}"
     login_user: "{{ mageops_mysql_root_user }}"
     login_password: "{{ mageops_mysql_root_pass }}"
     name: "{{ mageops_app_mysql_db }}"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
 
 - name: Ensure project db user for external connections exists
   mysql_user:
@@ -15,6 +22,7 @@
     password: "{{ mageops_app_mysql_pass }}"
     host: "%"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
     priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}"
 
 - name: Ensure project db user for localhost exists
@@ -26,5 +34,6 @@
     password: "{{ mageops_app_mysql_pass }}"
     host: "localhost"
     state: present
+    ca_cert: /tmp/eu-central-1-bundle.pem
     priv: "{{ mageops_app_mysql_db }}.*:{{ mysql_configure_all_db_permissions }}"
   when: mysql_user_localhost_access

roles/cs.new-relic/defaults/main.yml

@@ -1,7 +1,7 @@
 new_relic_repo_url: http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
 new_relic_packages:
   - newrelic-php5
-new_relic_license:
+# new_relic_license:
 new_relic_app_name: "New relic app name"
 new_relic_collector_enabled: yes
 new_relic_ignore_user_exception_handler: no
@@ -15,7 +15,7 @@ new_relic_stact_trace_threshold: "3s"
 new_relic_explain_enabled: yes
 new_relic_explain_threshold: "500ms"
 new_relic_framework: magento2
-new_relic_enabled: "{{ new_relic_license != '' }}"
+new_relic_enabled: yes
 
 new_relic_cron_enabled: no
 new_relic_cron_start: "0 7 * * *" # From 7:00

roles/cs.new-relic/files/newrelic_feature.bash

@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 
 feature__flag_name="newrelic_apm"
-feature__license_key="newrelic_license_key"
 
 feature::apply() {
     local expected
@@ -10,15 +9,9 @@ feature::apply() {
     expected="$(feature::expected_value)"
     expected="$(feature::normalize_expected "$expected")"
     current="$(feature::current_value)"
-    current_license="$(feature::current_license_value)"
-    expected_license="$(feature::expected_license_value)"
 
-    if [ -z "$expected_license" ];then
-        # We cannot enable the feature without a license key
-        expected="false"
-    fi
-    if [ "$expected" != "$current" ] || [ "$expected_license" != "$current_license" ];then
-        feature::update "$expected" "$expected_license"
+    if [ "$expected" != "$current" ];then
+        feature::update "$expected"
     fi
 }
 
@@ -41,10 +34,6 @@ feature::expected_value() {
     features::read_feature_flag "$feature__flag_name" "false"
 }
 
-feature::expected_license_value() {
-    features::read_feature_flag "$feature__license_key" ""
-}
-
 feature::current_value() {
     local current
 
@@ -57,21 +46,12 @@ feature::current_value() {
     echo "$current"
 }
 
-feature::current_license_value() {
-    local current
-
-    current="$(grep '^newrelic.license' /etc/php.d/newrelic.ini | sed 's/.*=\s*"\(.*\)"\s*$/\1/')"
-
-    echo "$current"
-}
-
 feature::update() {
     local value=$1
-    local license=$2
+    local config
 
     echo "Setting newrelic apm to $value"
     sed -i -e "s/newrelic.enabled[[:space:]]=[[:space:]].*/newrelic.enabled = ${value}/" /etc/php.d/newrelic.ini
-    sed -i -e "s/newrelic.license[[:space:]]=[[:space:]].*/newrelic.license = \"${license}\"/" /etc/php.d/newrelic.ini
     echo "Reloading php-fpm"
     systemctl reload php-fpm
 }