Files
@ 14eb78a4f466
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml
14eb78a4f466
3.1 KiB
text/x-yaml
MAR-129: Updated php_website role for Ansible 2.5.x and new Molecule:
- Include global linting configuration file in tests.
- Fixed linting issues.
- Fix deprecation warnings from Ansible (for apt module and
state=installed).
- Updated how the hosts are being referenced within tests.
- Include global linting configuration file in tests.
- Fixed linting issues.
- Fix deprecation warnings from Ansible (for apt module and
state=installed).
- Updated how the hosts are being referenced within tests.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | ---
- name: Create PHP website group
group:
name: "{{ user }}"
gid: "{{ uid | default(omit) }}"
state: present
- name: Create PHP website admin user
user:
name: "{{ admin }}"
uid: "{{ admin_uid | default(omit) }}"
group: "{{ user }}"
shell: /bin/bash
createhome: true
home: "{{ home }}"
state: present
- name: Set-up directory for storing user profile configuration files
file:
path: "{{ home }}/.profile.d"
state: directory
owner: "{{ admin }}"
group: "{{ user }}"
mode: 0750
- name: Create PHP website user
user:
name: "{{ user }}"
uid: "{{ uid | default(omit) }}"
group: "{{ user }}"
comment: "umask=0007"
system: true
createhome: false
state: present
home: "{{ home }}"
- name: Add nginx user to website group
user:
name: "www-data"
groups: "{{ user }}"
append: "yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template:
src: "forward.j2"
dest: "{{ home }}/.forward"
owner: root
group: "{{ user }}"
mode: 0640
- name: Install extra packages for website
apt:
name: "{{ item }}"
state: present
with_items: "{{ packages }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
file:
src: "/usr/bin/mariadb_config"
dest: "/usr/bin/mysql_config"
state: link
when: "'libmariadb-client-lgpl-dev-compat' in packages"
- name: Deploy PHP FPM configuration file for website
template:
src: "fpm_site.conf.j2"
dest: "/etc/php5/fpm/pool.d/{{ fqdn }}.conf"
validate: "php5-fpm -t -y %s"
owner: root
group: root
mode: 0640
notify:
- Restart php5-fpm
- name: Deploy nginx TLS private key for website
copy:
dest: "/etc/ssl/private/{{ fqdn }}_https.key"
content: "{{ https_tls_key }}"
owner: root
group: root
mode: 0640
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy:
dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
content: "{{ https_tls_certificate }}"
owner: root
group: root
mode: 0644
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy:
content: "/etc/ssl/certs/{{ fqdn }}_https.pem"
dest: "/etc/check_certificate/{{ fqdn }}_https.conf"
owner: root
group: root
mode: 0644
- name: Deploy nginx configuration file for website
template:
src: "nginx_site.j2"
dest: "/etc/nginx/sites-available/{{ fqdn }}"
owner: root
group: root
mode: 0640
validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file:
src: "/etc/nginx/sites-available/{{ fqdn }}"
dest: "/etc/nginx/sites-enabled/{{ fqdn }}"
state: link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|