Files
@ f4ac7ec4ad7f
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml - annotation
f4ac7ec4ad7f
3.1 KiB
text/x-yaml
MAR-129: Updated testsite configuration and playbooks:
- Specify path to inventory file in testsite Ansible configuration.
- Set-up group memberships in LDAP groups via separate play (since
state: append does not work with stock ldap_entry - which is now
used instead of m_ldap_entry).
- Replace deprecated use of include with import_playbook.
- Specify path to inventory file in testsite Ansible configuration.
- Set-up group memberships in LDAP groups via separate play (since
state: append does not work with stock ldap_entry - which is now
used instead of m_ldap_entry).
- Replace deprecated use of include with import_playbook.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | 7727c37bce67 7727c37bce67 7727c37bce67 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 3af07319e2f3 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 14eb78a4f466 0f24d5b272f5 0f24d5b272f5 3af07319e2f3 e15b53d59517 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 14eb78a4f466 14eb78a4f466 0f24d5b272f5 0f24d5b272f5 7727c37bce67 3f2756d25f85 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 7727c37bce67 4a3c8915f967 4a3c8915f967 4a3c8915f967 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 4a3c8915f967 3f2756d25f85 0f24d5b272f5 0f24d5b272f5 14eb78a4f466 922cda0a1834 7727c37bce67 db91799cc8fa 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 db91799cc8fa db91799cc8fa 3f2756d25f85 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 7727c37bce67 7727c37bce67 7727c37bce67 d26fe0368a4b 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 0f24d5b272f5 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 0f24d5b272f5 d26fe0368a4b d26fe0368a4b d26fe0368a4b aa2802e42d9d 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 aa2802e42d9d 3f2756d25f85 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- name: Create PHP website group
group:
name: "{{ user }}"
gid: "{{ uid | default(omit) }}"
state: present
- name: Create PHP website admin user
user:
name: "{{ admin }}"
uid: "{{ admin_uid | default(omit) }}"
group: "{{ user }}"
shell: /bin/bash
createhome: true
home: "{{ home }}"
state: present
- name: Set-up directory for storing user profile configuration files
file:
path: "{{ home }}/.profile.d"
state: directory
owner: "{{ admin }}"
group: "{{ user }}"
mode: 0750
- name: Create PHP website user
user:
name: "{{ user }}"
uid: "{{ uid | default(omit) }}"
group: "{{ user }}"
comment: "umask=0007"
system: true
createhome: false
state: present
home: "{{ home }}"
- name: Add nginx user to website group
user:
name: "www-data"
groups: "{{ user }}"
append: "yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template:
src: "forward.j2"
dest: "{{ home }}/.forward"
owner: root
group: "{{ user }}"
mode: 0640
- name: Install extra packages for website
apt:
name: "{{ item }}"
state: present
with_items: "{{ packages }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
file:
src: "/usr/bin/mariadb_config"
dest: "/usr/bin/mysql_config"
state: link
when: "'libmariadb-client-lgpl-dev-compat' in packages"
- name: Deploy PHP FPM configuration file for website
template:
src: "fpm_site.conf.j2"
dest: "/etc/php5/fpm/pool.d/{{ fqdn }}.conf"
validate: "php5-fpm -t -y %s"
owner: root
group: root
mode: 0640
notify:
- Restart php5-fpm
- name: Deploy nginx TLS private key for website
copy:
dest: "/etc/ssl/private/{{ fqdn }}_https.key"
content: "{{ https_tls_key }}"
owner: root
group: root
mode: 0640
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy:
dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
content: "{{ https_tls_certificate }}"
owner: root
group: root
mode: 0644
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy:
content: "/etc/ssl/certs/{{ fqdn }}_https.pem"
dest: "/etc/check_certificate/{{ fqdn }}_https.conf"
owner: root
group: root
mode: 0644
- name: Deploy nginx configuration file for website
template:
src: "nginx_site.j2"
dest: "/etc/nginx/sites-available/{{ fqdn }}"
owner: root
group: root
mode: 0640
validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file:
src: "/etc/nginx/sites-available/{{ fqdn }}"
dest: "/etc/nginx/sites-enabled/{{ fqdn }}"
state: link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|