majic-ansible-roles Changeset

Changeset - 0079746d9a8b

Parent rev.

Child rev.

[Not reviewed]

0 4 1

Branko Majic (branko) - 9 years ago 2015-05-06 21:54:56
branko@majic.rs

MAR-5: Updated the web server role to include deployment of some base packages for PHP and Python web apps.

5 files changed with 41 insertions and 2 deletions:

docs/rolereference.rst

roles/web_server/handlers/main.yml

roles/web_server/tasks/main.yml

roles/web_server/templates/php_timezone.ini.j2

testsite/group_vars/all.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

   # well.
   local_mail_aliases:
     root: "root john.doe@example.com"
   smtp_relay_host: mail.example.com
   smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem
 Web Server
 ----------
 The ``web_server`` role can be used for setting-up a web server on destination
 machine.
 The role is supposed very lightweight, providing a basis for deployment of web
 applications.
 The role implements the following:
 * Installs and configures nginx with a single, default vhost with a small static
   index page.
 * Deploys the HTTPS TLS private key and certificate (for default vhost).
 * Configures firewall to allow incoming connections to the web server.
 * Installs and configures supervisor, virtualenv, and virtualenvwrapper as a
   common base for Python apps.
 * Installs and configures PHP FPM as a common base for PHP apps.
 Parameters
 ~~~~~~~~~~
 **https_tls_key** (string, mandatory)
   Path to file on Ansible host that contains the private key used for TLS for
   HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
 **https_tls_certificate** (string, mandatory)
   Path to file on Ansible host that contains the X.509 certificate used for TLS
   for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
 **web_default_title** (string, mandatory)
   Title for the default web page shown to users (if no other vhosts were matched).
 **web_default_message** (string, mandatory)
   Message for the default web page shown to users (if no other vhosts were
   matched).
 Examples
 ~~~~~~~~

roles/web_server/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart nginx
   service: name=nginx state=restarted
@@ \ No newline at end of file @@
   service: name=nginx state=restarted
 - name: Restart php5-fpm
   service: name=php5-fpm state=restarted
@@ \ No newline at end of file @@

roles/web_server/tasks/main.yml

➞

Show inline comments

@@ @@ -25,25 +25,56 @@ @@
              owner=root group=root mode=644
   notify:
     - Restart nginx
 - name: Deploy firewall configuration for web server
   copy: src="ferm_http.conf" dest="/etc/ferm/conf.d/30-web.conf" owner=root group=root mode=640
   notify:
     - Restart ferm
 - name: Remove the default Debian html files
   file: path="{{ item }}" state=absent
   with_items:
     - /var/www/html/index.nginx-debian.html
     - /var/www/html/
 - name: Create directory for storing the default website page
   file: path="/var/www/default/" state=directory
         owner=root group=www-data mode=750
 - name: Deploy the default index.html
   template: src="index.html.j2" dest=/var/www/default/index.html
             owner=root group=www-data mode=640
 - name: Enable nginx service
   service: name=nginx enabled=yes state=started
@@ \ No newline at end of file @@
   service: name=nginx enabled=yes state=started
 - name: Install base packages for Python web applications
   apt: name="{{ item }}" state=installed
   with_items:
     - supervisor
     - virtualenv
     - virtualenvwrapper
 - name: Install base packages for PHP web applications
   apt: name="{{ item }}" state=installed
   with_items:
     - php5-fpm
 - name: Enable services used for running web applications
   service: name="{{ item }}" enabled=yes state=started
   with_items:
     - php5-fpm
     - supervisor
 - name: Read timezone on server
   slurp: src=/etc/timezone
   register: server_timezone
 - name: Configure timezone for PHP
   template: src="php_timezone.ini.j2" dest="{{ item }}/30-timezone.ini"
             owner=root group=root mode=644
   with_items:
     - /etc/php5/cli/conf.d/
     - /etc/php5/fpm/conf.d/
   notify:
     - Restart php5-fpm
@@ \ No newline at end of file @@

roles/web_server/templates/php_timezone.ini.j2

➞

Show inline comments

		new file 100644
		date.timezone = '{{ server_timezone.content \| b64decode \| trim }}'

testsite/group_vars/all.yml

➞

Show inline comments

@@ @@ -5,31 +5,32 @@ ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" @@
 # Configuration for role 'common', shared across all servers.
 os_users:
   - name: admin
     uid: 1000
     additional_groups: sudo
     authorized_keys:
       - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
     password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
   - name: johndoe
     uid: 1001
     additional_groups: "office,developer"
     authorized_keys: []
     password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'
 os_groups:
   - name: office
     gid: 2000
   - name: developer
     gid: 2001
 common_packages:
   - emacs24-nox
   - screen
   - debconf-utils
   - colordiff
 ca_certificates:
   - "{{ inventory_dir }}/tls/example_ca_chain.pem"
 incoming_connection_limit: 2/second
 incoming_connection_limit_burst: 6
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)