Files @ 71bc6c4991f8
Branch filter:

Location: majic-ansible-roles/roles/php_website/tasks/main.yml

71bc6c4991f8 3.3 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-132: Fix virtual environment set-up in wsgi_website role:

- Install more up-to-date version of pip. This fixes some issues
related to pip freeze detecting argparse and wsgiref in virtualenv
as separate packages.
- Remove the pkg-resources package from virtualenv. Workaround for
Debian-specific behaviour. More details at:
- https://github.com/pypa/pip/issues/4022
- https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1635463
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871790
- Deploy Gunicorn requirements file without switching to website admin
user (otherwise Ansible fails to template the file due to
permissions restrictions).
- Updated test for checking packages installed in the virtualenv.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---

- name: Create PHP website group
  group:
    name: "{{ user }}"
    gid: "{{ uid | default(omit) }}"
    state: present

- name: Create PHP website admin user
  user:
    name: "{{ admin }}"
    uid: "{{ admin_uid | default(omit) }}"
    group: "{{ user }}"
    shell: /bin/bash
    createhome: true
    home: "{{ home }}"
    state: present

- name: Set-up directory for storing user profile configuration files
  file:
    path: "{{ home }}/.profile.d"
    state: directory
    owner: "{{ admin }}"
    group: "{{ user }}"
    mode: 0750

- name: Create PHP website user
  user:
    name: "{{ user }}"
    uid: "{{ uid | default(omit) }}"
    group: "{{ user }}"
    comment: "umask=0007"
    system: true
    createhome: false
    state: present
    home: "{{ home }}"
    # This is a workaround for a rather stupid bug that Debian seems
    # uninterested to backport -
    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
    shell: /bin/sh

- name: Add nginx user to website group
  user:
    name: "www-data"
    groups: "{{ user }}"
    append: "yes"
  notify:
    - Restart nginx

# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
  template:
    src: "forward.j2"
    dest: "{{ home }}/.forward"
    owner: root
    group: "{{ user }}"
    mode: 0640

- name: Install extra packages for website
  apt:
    name: "{{ item }}"
    state: present
  with_items: "{{ packages }}"

- name: Set-up MariaDB mysql_config symbolic link for compatibility on Jessie (workaround for Debian bug 766996)
  file:
    src: "/usr/bin/mariadb_config"
    dest: "/usr/bin/mysql_config"
    state: link
  when: "'libmariadb-client-lgpl-dev-compat' in packages and ansible_distribution_release == 'jessie'"

- name: Deploy PHP FPM configuration file for website
  template:
    src: "fpm_site.conf.j2"
    dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf"
    validate: "{{ php_fpm_binary }} -t -y %s"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart PHP-FPM

- name: Deploy nginx TLS private key for website
  copy:
    dest: "/etc/ssl/private/{{ fqdn }}_https.key"
    content: "{{ https_tls_key }}"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart nginx

- name: Deploy nginx TLS certificate for website
  copy:
    dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
    content: "{{ https_tls_certificate }}"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart nginx

- name: Deploy configuration file for checking certificate validity via cron
  copy:
    content: "/etc/ssl/certs/{{ fqdn }}_https.pem"
    dest: "/etc/check_certificate/{{ fqdn }}_https.conf"
    owner: root
    group: root
    mode: 0644

- name: Deploy nginx configuration file for website
  template:
    src: "nginx_site.j2"
    dest: "/etc/nginx/sites-available/{{ fqdn }}"
    owner: root
    group: root
    mode: 0640
    validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
  notify:
    - Restart nginx

- name: Enable website
  file:
    src: "/etc/nginx/sites-available/{{ fqdn }}"
    dest: "/etc/nginx/sites-enabled/{{ fqdn }}"
    state: link
  notify:
    - Restart nginx

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.