Files @ 61e6cfb81789
Branch filter:

Location: majic-ansible-roles/roles/php_website/tasks/main.yml

61e6cfb81789 1.9 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-51: Fixed documentation for ansible_key parameter in preseed role. Updated ca_certificates parameter in common role to accept key-value pairs of filenames and certificates to put on remote host (so lookups/inventory can be utilised in more flexible manner). Updated backup_client role to fail if it is not possible to extract encryption key IDs from deployed keys. Moved purging of Exim4 configuration files from handlers to tasks (more robust, and still idempotent). All documentation has been updated as well.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---

- set_fact:
    user: "web-{{ fqdn | replace('.', '_') }}"
    home: "/var/www/{{ fqdn }}"

- name: Create PHP website group
  group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present

- name: Create home directory for the user (avoid populating with skeleton)
  file: path="{{ home }}" state=directory
        owner="{{ admin }}" group="{{ user }}" mode=2750

- name: Create PHP website user
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"
        system=yes createhome=no state=present

- name: Add nginx user to website group
  user: name="www-data" groups="{{ user }}" append="yes"
  notify:
    - Restart nginx

- name: Add admin to website group
  user: name="{{ admin }}" groups="{{ user }}" append="yes"

- name: Install extra packages for website
  apt: name="{{ item }}" state=installed
  with_items: packages

- name: Deploy PHP FPM configuration file for website
  template: src="fpm_site.conf.j2" dest="/etc/php5/fpm/pool.d/{{ fqdn }}.conf" validate="php5-fpm -t -y %s"
  notify:
    - Restart php5-fpm

- name: Deploy nginx TLS private key for website
  copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy nginx TLS certificate for website
  copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy nginx configuration file for website
  template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
            owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
  notify:
    - Restart nginx

- name: Enable website
  file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
        state=link
  notify:
    - Restart nginx
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.