Files @ 8a6ebeaabb26
Branch filter:

Location: majic-ansible-roles/roles/php_website/playbook.yml

8a6ebeaabb26 4.1 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-125: Eliminated a couple of warnings:

- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

    - name: Set-up /etc/hosts entries
      lineinfile:
        dest: /etc/hosts
        line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local php-website"

    - name: Install curl for testing redirects and webpage content
      apt:
        name: curl
        state: installed

    - name: Install swaks for testing mail forwarding
      apt:
        name: swaks
        state: installed

    - name: Install Postfix for testing mail forwarding (Exim4 not covered)
      apt:
        name: postfix
        state: installed

    - name: Set-up group for an additional user
      group:
        name: user
        state: present

    - name: Set-up additional user for testing mail delivery
      user:
        name: user
        group: user
        shell: /bin/bash

- hosts: all
  vars:
    # common
    ca_certificates:
      testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

    # web_server
    default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"
    default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"

    # Common parameters (general, not role).
    tls_certificate_dir: tests/data/x509/
    tls_private_key_dir: tests/data/x509/

  roles:
    - role: php_website
      fqdn: parameters-mandatory

    - role: php_website
      additional_fpm_config:
        "env[PATH]": "\"/usr/local/bin:/usr/bin:/bin\""
        "security.limit_extensions": ".php .myphp"
      additional_nginx_config:
        - comment: Custom missing page.
          value: error_page 404 /404.myphp;
      admin_uid: 5000
      deny_files_regex:
        - '^/secretfile.txt'
      enforce_https: no
      environment_indicator:
        background_colour: "#ff0000"
        text_colour: "#00ff00"
        text: "parameters-optional"
      fqdn: parameters-optional.local
      index: myindex.php
      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
      https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
      php_file_regex: "\\.myphp$"
      php_rewrite_urls:
        - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last
        - ^/rewrite2/(.*)$ /rewrite.myphp?url=$1 last
      rewrites:
        - '^/rewrite_to_index1/(.*) /myindex.php last'
        - '^/rewrite_to_index2/(.*) /myindex.php last'
      packages:
        - php5-ldap
        - php5-json
        - libmariadb-client-lgpl-dev-compat
      uid: 5001
      website_mail_recipients: user

- hosts: all
  tasks:
    # parameters-mandatory application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-mandatory/htdocs
        state: directory
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: 0750

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/mandatory/{{ item }}"
        dest: "/var/www/parameters-mandatory/htdocs/{{ item }}"
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: 0640
      with_items:
        - index.php
        - index.php3

    # parameters-optional application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-optional.local/htdocs
        state: directory
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: 0750

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/optional/{{ item }}"
        dest: "/var/www/parameters-optional.local/htdocs/{{ item }}"
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: 0640
      with_items:
        - myindex.php
        - myindex.myphp
        - path.myphp
        - secretfile.txt
        - info.myphp
        - 404.myphp
        - rewrite.myphp
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.