Files
@ 71bc6c4991f8
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml
71bc6c4991f8
3.3 KiB
text/x-yaml
MAR-132: Fix virtual environment set-up in wsgi_website role:
- Install more up-to-date version of pip. This fixes some issues
related to pip freeze detecting argparse and wsgiref in virtualenv
as separate packages.
- Remove the pkg-resources package from virtualenv. Workaround for
Debian-specific behaviour. More details at:
- https://github.com/pypa/pip/issues/4022
- https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1635463
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871790
- Deploy Gunicorn requirements file without switching to website admin
user (otherwise Ansible fails to template the file due to
permissions restrictions).
- Updated test for checking packages installed in the virtualenv.
- Install more up-to-date version of pip. This fixes some issues
related to pip freeze detecting argparse and wsgiref in virtualenv
as separate packages.
- Remove the pkg-resources package from virtualenv. Workaround for
Debian-specific behaviour. More details at:
- https://github.com/pypa/pip/issues/4022
- https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1635463
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871790
- Deploy Gunicorn requirements file without switching to website admin
user (otherwise Ansible fails to template the file due to
permissions restrictions).
- Updated test for checking packages installed in the virtualenv.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 | ---
- name: Create PHP website group
group:
name: "{{ user }}"
gid: "{{ uid | default(omit) }}"
state: present
- name: Create PHP website admin user
user:
name: "{{ admin }}"
uid: "{{ admin_uid | default(omit) }}"
group: "{{ user }}"
shell: /bin/bash
createhome: true
home: "{{ home }}"
state: present
- name: Set-up directory for storing user profile configuration files
file:
path: "{{ home }}/.profile.d"
state: directory
owner: "{{ admin }}"
group: "{{ user }}"
mode: 0750
- name: Create PHP website user
user:
name: "{{ user }}"
uid: "{{ uid | default(omit) }}"
group: "{{ user }}"
comment: "umask=0007"
system: true
createhome: false
state: present
home: "{{ home }}"
# This is a workaround for a rather stupid bug that Debian seems
# uninterested to backport -
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
shell: /bin/sh
- name: Add nginx user to website group
user:
name: "www-data"
groups: "{{ user }}"
append: "yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template:
src: "forward.j2"
dest: "{{ home }}/.forward"
owner: root
group: "{{ user }}"
mode: 0640
- name: Install extra packages for website
apt:
name: "{{ item }}"
state: present
with_items: "{{ packages }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility on Jessie (workaround for Debian bug 766996)
file:
src: "/usr/bin/mariadb_config"
dest: "/usr/bin/mysql_config"
state: link
when: "'libmariadb-client-lgpl-dev-compat' in packages and ansible_distribution_release == 'jessie'"
- name: Deploy PHP FPM configuration file for website
template:
src: "fpm_site.conf.j2"
dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf"
validate: "{{ php_fpm_binary }} -t -y %s"
owner: root
group: root
mode: 0640
notify:
- Restart PHP-FPM
- name: Deploy nginx TLS private key for website
copy:
dest: "/etc/ssl/private/{{ fqdn }}_https.key"
content: "{{ https_tls_key }}"
owner: root
group: root
mode: 0640
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy:
dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
content: "{{ https_tls_certificate }}"
owner: root
group: root
mode: 0644
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy:
content: "/etc/ssl/certs/{{ fqdn }}_https.pem"
dest: "/etc/check_certificate/{{ fqdn }}_https.conf"
owner: root
group: root
mode: 0644
- name: Deploy nginx configuration file for website
template:
src: "nginx_site.j2"
dest: "/etc/nginx/sites-available/{{ fqdn }}"
owner: root
group: root
mode: 0640
validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file:
src: "/etc/nginx/sites-available/{{ fqdn }}"
dest: "/etc/nginx/sites-enabled/{{ fqdn }}"
state: link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|