Files
@ b4ac65219ef1
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml - annotation
b4ac65219ef1
1.9 KiB
text/x-yaml
MAR-34: Small usability improvements, not related to original issue. Improved the ssh-keyscan command a bit to include IP addresses in output as well. Store Ansible retry files locally in the retry directory (relative to testsite).
7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 3f2756d25f85 7727c37bce67 be92dd65fc60 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 | ---
- set_fact:
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create PHP website group
group: name="{{ user }}" gid="{{ uid }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create PHP website user
user: name="{{ user }}" uid="{{ uid }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Install extra packages for website
apt: name="{{ item }}" state=installed
with_items: packages
- name: Deploy PHP FPM configuration file for website
template: src="fpm_site.conf.j2" dest="/etc/php5/fpm/pool.d/{{ fqdn }}.conf" validate="php5-fpm -t -y %s"
notify:
- Restart php5-fpm
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
|