majic-ansible-roles Changeset

Changeset - 4a3c8915f967

Parent rev.

Child rev.

[Not reviewed]

0 7 3

Branko Majic (branko) - 7 years ago 2016-11-27 00:20:06
branko@majic.rs

MAR-80: Added support to wsgi_website and php_website roles to specify list of e-mails or accounts that should receive mails delivered to role's administrator/application users. Updated application users in both roles to use same home directory as the admin. Added .keep file for docs/_static in order to avoid warnings when building documentation.

10 files changed with 40 insertions and 4 deletions:

docs/_static/.keep

new file

docs/rolereference.rst

docs/usage.rst

roles/php_website/defaults/main.yml

roles/php_website/tasks/main.yml

roles/php_website/templates/forward.j2

roles/wsgi_website/defaults/main.yml

roles/wsgi_website/tasks/main.yml

roles/wsgi_website/templates/forward.j2

testsite/group_vars/web.yml

0 comments (0 inline, 0 general)

docs/_static/.keep

➞

Show inline comments

new file 100644

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1332,6 +1332,11 @@ Parameters @@
   UID/GID (they are set-up to be the same) of the dedicated website
   user/group.
 **website_mail_recipients** (string, optional, ``root``)
   Space-separated list of e-mails or local users to which the mails, sent to
   either the website admin or website user, should be forwarded to. Forwarding
   is configured via ``~/.forward`` configuration file.
 Examples
 ~~~~~~~~
@@ @@ -1370,6 +1375,7 @@ running *ownCloud* and *The Bug Genie* applications): @@
           value: error_page 404 /core/templates/404.php;
       additional_fpm_config:
         "env[PATH]": "\"/usr/local/bin:/usr/bin:/bin\""
       website_mail_recipients: "root john.doe@example.com"
     - role: php_website
       deny_files_regex:
         - ^\..*
@@ @@ -1540,6 +1546,11 @@ Parameters @@
   A list of additional packages to install for this particular WSGI appliction
   in its virtual environment using ``pip``.
 **website_mail_recipients** (string, optional, ``root``)
   Space-separated list of e-mails or local users to which the mails, sent to
   either the website admin or website user, should be forwarded to. Forwarding
   is configured via ``~/.forward`` configuration file.
 **wsgi_application** (string, mandatory)
   WSGI application that should be started by Gunicorn. The format should be
   conformant to what the ``gunicorn`` command-line tool accepts. If the
@@ @@ -1577,6 +1588,7 @@ running a bare Django project): @@
           value: error_page 403 /static/403.html;
         - comment: Use custom page for non-existing locations/files.
           value: error_page 404 /static/404.html;
       website_mail_recipients: "root john.doe@example.com"
 Database Server

docs/usage.rst

➞

Show inline comments

 * If you ever need to set some additional PHP FPM settings, this can easily be
   done via the ``additional_fpm_config`` role parameter. This particular example
   does not set any, though.
 * Mails deliverd to local admin/application users are forwarded to ``root``
   account instead (this can be configured via ``website_mail_recipients`` role
   parameter.
 * Static content (non-PHP) is served directly by *Nginx*.
 * Each web application gets distinct sub-directory under ``/var/www``, named
   after the FQDN. All sub-directories created under there are created with
@@ @@ -1479,6 +1482,9 @@ on the safe side: @@
 * If you ever need to set some environment variables, this can easily be done
   via the ``environment_variables`` role parameter. This particular example does
   not set any, though.
 * Mails deliverd to local admin/application users are forwarded to ``root``
   account instead (this can be configured via ``website_mail_recipients`` role
   parameter.
 * Static content is served directly by *Nginx*.
 * Each web application gets distinct sub-directory under ``/var/www``, named
   after the FQDN. All sub-directories created under there are created with

roles/php_website/defaults/main.yml

➞

Show inline comments

@@ @@ -10,4 +10,5 @@ php_rewrite_urls: [] @@
 rewrites: []
 https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
 https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 additional_fpm_config: {}
@@ \ No newline at end of file @@
 additional_fpm_config: {}
 website_mail_recipients: "root"
@@ \ No newline at end of file @@

roles/php_website/tasks/main.yml

➞

Show inline comments

@@ @@ -19,13 +19,19 @@ @@
 - name: Create PHP website user
   user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
         system=yes createhome=no state=present
+        system=yes createhome=no state=present home="{{ home }}"
 - name: Add nginx user to website group
   user: name="www-data" groups="{{ user }}" append="yes"
   notify:
     - Restart nginx
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   template: src="forward.j2" dest="{{ home }}/.forward"
             owner="root" group="{{ user }}" mode=640
 - name: Install extra packages for website
   apt: name="{{ item }}" state=installed
   with_items: "{{ packages }}"

roles/php_website/templates/forward.j2

➞

Show inline comments

		new file 100644
		{{ website_mail_recipients }}

roles/wsgi_website/defaults/main.yml

➞

Show inline comments

@@ @@ -12,4 +12,5 @@ admin: "web-{{ fqdn | replace('.', '_') }}" @@
 https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
 https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 gunicorn_version: "19.6.0"
 futures_version: "3.0.5"
@@ \ No newline at end of file @@
 futures_version: "3.0.5"
 website_mail_recipients: "root"
@@ \ No newline at end of file @@

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -26,13 +26,19 @@ @@
 - name: Create WSGI website user
   user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
         system=yes createhome=no state=present
+        system=yes createhome=no state=present home="{{ home }}"
 - name: Add nginx user to website group
   user: name="www-data" groups="{{ user }}" append="yes"
   notify:
     - Restart nginx
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   template: src="forward.j2" dest="{{ home }}/.forward"
             owner="root" group="{{ user }}" mode=640
 - name: Install extra packages for website
   apt: name="{{ item }}" state=present
   with_items: "{{ packages }}"

roles/wsgi_website/templates/forward.j2

➞

Show inline comments

		new file 100644
		{{ website_mail_recipients }}

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -14,3 +14,5 @@ web_default_title: "Welcome to Example Inc." @@
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
 db_root_password: "root"
 website_mail_recipients: "john.doe@example.com"
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)