Files
@ ea69b2719d8e
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml - annotation
ea69b2719d8e
3.0 KiB
text/x-yaml
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
7727c37bce67 7727c37bce67 1b05bae8e440 1b05bae8e440 3af07319e2f3 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 76e05de03837 7727c37bce67 3af07319e2f3 3af07319e2f3 e15b53d59517 3af07319e2f3 e15b53d59517 e15b53d59517 e15b53d59517 7727c37bce67 7727c37bce67 a40cf7a468ea 4a3c8915f967 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 3f2756d25f85 7727c37bce67 922cda0a1834 7727c37bce67 db91799cc8fa db91799cc8fa db91799cc8fa db91799cc8fa 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b aa2802e42d9d aa2802e42d9d aa2802e42d9d aa2802e42d9d 3f2756d25f85 7727c37bce67 be92dd65fc60 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- name: Calculate username and home
set_fact:
admin: "admin-{{ fqdn | replace('.', '_') }}"
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create PHP website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create PHP website admin user
user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
shell=/bin/bash createhome=yes home="{{ home }}" state=present
- name: Set-up directory for storing user profile configuration files
file: path="{{ home }}/.profile.d" state=directory
owner="{{ admin }}" group="{{ user }}" mode=750
- name: Create PHP website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
system=yes createhome=no state=present home="{{ home }}"
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template: src="forward.j2" dest="{{ home }}/.forward"
owner="root" group="{{ user }}" mode=640
- name: Install extra packages for website
apt: name="{{ item }}" state=installed
with_items: "{{ packages }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
file: src="/usr/bin/mariadb_config" dest="/usr/bin/mysql_config" state=link
when: "'libmariadb-client-lgpl-dev-compat' in packages"
- name: Deploy PHP FPM configuration file for website
template: src="fpm_site.conf.j2" dest="/etc/php5/fpm/pool.d/{{ fqdn }}.conf" validate="php5-fpm -t -y %s"
notify:
- Restart php5-fpm
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy: content="/etc/ssl/certs/{{ fqdn }}_https.pem" dest="/etc/check_certificate/{{ fqdn }}_https.conf"
owner=root group=root mode=644
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|