majic-ansible-roles Files · roles/web

Files @ 500658358454

Branch filter:

Location: majic-ansible-roles/roles/web_server/tasks/main.yml

500658358454 3.4 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-44: Added backup server implementation. Updated testsite to include deployment of dedicated backup server. Documented the backup server implementation (except for usage instructions).

---

- name: Install nginx
  apt: name=nginx state=installed

- name: Allow nginx user to traverse the directory with TLS private keys
  user: name=www-data append=yes groups=ssl-cert
  notify:
    - Restart nginx

- name: Deploy nginx TLS private key
  copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy nginx TLS certificate
  copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy script for verification of nginx vhost configurations
  copy: src="nginx_verify_site.sh" dest="/usr/local/bin/nginx_verify_site.sh"
        owner=root group=root mode=755

- name: Deploy default vhost configuration
  template: src="nginx-default.j2" dest="/etc/nginx/sites-available/default"
             owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n default %s"
  notify:
    - Restart nginx

- name: Enable default website
  file: src="/etc/nginx/sites-available/default" dest="/etc/nginx/sites-enabled/default"
        state=link
  notify:
    - Restart nginx

- name: Deploy firewall configuration for web server
  copy: src="ferm_http.conf" dest="/etc/ferm/conf.d/30-web.conf" owner=root group=root mode=640
  notify:
    - Restart ferm

- name: Remove the default Debian html files
  file: path="{{ item }}" state=absent
  with_items:
    - /var/www/html/index.nginx-debian.html
    - /var/www/html/

- name: Create directory for storing the default website page
  file: path="/var/www/default/" state=directory
        owner=root group=www-data mode=750

- name: Deploy the default index.html
  template: src="index.html.j2" dest=/var/www/default/index.html
            owner=root group=www-data mode=640

- name: Enable nginx service
  service: name=nginx enabled=yes state=started

- name: Install base packages for Python web applications
  apt: name="{{ item }}" state=installed
  with_items:
    - virtualenv
    - virtualenvwrapper

- name: Create directory where WSGI will store per-site socket files
  file: path="/run/wsgi/" state="directory"
        owner="root" group="www-data" mode="771"

- name: Install base packages for PHP web applications
  apt: name="{{ item }}" state=installed
  with_items:
    - php5-fpm

- name: Create directory where PHP FPM will store per-site socket files
  file: path="/run/php5-fpm/" state="directory"
        owner="root" group="www-data" mode="770"

- name: Create directory for storing PHP FPM service configuration overrides
  file: path="/etc/systemd/system/php5-fpm.service.d/" state=directory
        owner=root group=root mode=755

- name: Configure php5-fpm service to run with umask 0007
  copy: src="php5_fpm_umask.conf" dest="/etc/systemd/system/php5-fpm.service.d/umask.conf"
        owner=root group=root mode=644
  notify:
    - Restart php5-fpm

- name: Enable service used for running PHP web applications
  service: name="php5-fpm" enabled=yes state=started

- name: Read timezone on server
  slurp: src=/etc/timezone
  register: server_timezone

- name: Configure timezone for PHP
  template: src="php_timezone.ini.j2" dest="{{ item }}/30-timezone.ini"
            owner=root group=root mode=644
  with_items:
    - /etc/php5/cli/conf.d/
    - /etc/php5/fpm/conf.d/
  notify:
    - Restart php5-fpm