Commit 1d1719bd authored by Илья Крылов's avatar Илья Крылов
Browse files

Fix playbook

parent 0a2a47e2
......@@ -24,7 +24,7 @@ server {
fastcgi_read_timeout 3600s;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:{{ php_fpm_socket }};
}
location ~ /\. {
......
[app]
listen = {{ php_fpm_socket }}
user = {{ deploy_user }}
group = {{ deploy_user_group }}
listen.owner = www-data
listen.group = www-data
listen.mode = '0600'
pm = dynamic
pm.max_children = 100
pm.min_spare_servers = 3
pm.max_spare_servers = 10
env[LANG] = {{ locale }}
env[LANGUAGE] = {{ locale }}
env[LC_ALL] = {{ locale }}
---
# These parameters override all other parameters in playbook
db_postgres_password: 'secret_password'
db_name: 'yii2'
db_username: 'yii2'
db_password: 'password'
......@@ -6,32 +6,46 @@
vars:
timezone: Europe/Moscow
locale: en_US.UTF-8
sshers_groups:
ssh_allowed_groups:
- sshers
- vagrant
ssh_private_key: files/ssh/deploy_private_key
ssh_public_key: files/ssh/deploy_public_key.pub
ssh_known_hosts:
- github.com
- git.cloud-team.ru
deploy_user: deploy
deploy_user_group: www-data
deploy_user_extra_groups:
- sshers
deploy_home: '/home/{{ deploy_user }}'
app_dir: '{{ deploy_home }}/www'
log_dir: '{{ deploy_home }}/log'
nginx_root: '{{ app_dir }}/web'
nginx_access_log: '{{ log_dir }}/access.log'
nginx_error_log: '{{ log_dir }}/error.log'
db_postgres_password: 'secret_password'
db_name: 'db_name'
db_username: 'db_username'
db_password: 'db_password'
php_fpm_socket: /var/run/php-fpm.app.sock
git_repo: 'ssh://git@git.cloud-team.ru/lections/ansible-php-app.git'
git_branch: 'master'
composer_version: 1.9.3
composer_no_dev: no
composer_global_requirements:
- fxp/composer-asset-plugin:1.4.3
composer_github_auth_token: 'dbd6c5966b80f1379ad6c341fef220b8206ae985'
app_configs:
- {src: 'files/app_config.php', dest: '{{ app_dir }}/config/local.php'}
- { src: 'files/app_config.php', dest: '{{ app_dir }}/config/local.php' }
tasks:
......@@ -52,6 +66,33 @@
name: '{{ locale }}'
state: present
# Add additional repositories
- name: Add GPG apt key for PHP
apt_key:
keyserver: keyserver.ubuntu.com
id: '{{ item }}'
state: present
loop:
- E5267A6C
- name: Add GPG apt keys for PostgreSql and Nginx
apt_key:
url: '{{ item }}'
state: present
loop:
- https://www.postgresql.org/media/keys/ACCC4CF8.asc
- http://nginx.org/keys/nginx_signing.key
- name: Add apt repositories (Nginx, PostgreSql, PHP)
apt_repository:
repo: '{{ item }}'
state: present
loop:
- deb http://nginx.org/packages/ubuntu/ bionic stable
- deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main
- ppa:ondrej/php
# Packages installation
- name: Install required packages
......@@ -66,18 +107,20 @@
- curl
- memcached
- nginx
- postgresql-10
- postgresql-server-dev-10
- php-fpm
- php-cli
- php-pgsql
- php-gd
- php-mbstring
- php-curl
- php-intl
- php-zip
- php-xml
- php-json
- postgresql-12
- postgresql-client-12
- postgresql-contrib-12
- libpq-dev
- php7.4-fpm
- php7.4-cli
- php7.4-pgsql
- php7.4-gd
- php7.4-mbstring
- php7.4-curl
- php7.4-intl
- php7.4-zip
- php7.4-xml
- php7.4-json
- php-memcached
- imagemagick
- python3-pip
......@@ -96,6 +139,16 @@
name: 'postgres'
password: '{{ db_postgres_password }}'
- name: Allow access to PostgreSql from all hosts with password
postgresql_pg_hba:
dest: /etc/postgresql/12/main/pg_hba.conf
contype: host
users: all
source: 0.0.0.0/0
databases: all
method: md5
notify: Reload postgresql
# Firewall setup
- name: Allow ssh and web traffic
......@@ -132,12 +185,12 @@
- name: Add sshers groups
group: name='{{ item }}' state=present
loop: '{{ sshers_groups }}'
loop: '{{ ssh_allowed_groups }}'
- name: Allow SSH access for sshers groups only
lineinfile: dest=/etc/ssh/sshd_config
regexp='^AllowGroups'
line='AllowGroups {{ sshers_groups | join(' ') }}'
line='AllowGroups {{ ssh_allowed_groups | join(' ') }}'
state=present
notify: Restart ssh
......@@ -162,32 +215,27 @@
user: '{{ deploy_user }}'
state: present
exclusive: yes
key: "{{ lookup('file', 'files/ssh/deploy_public_key.pub') }}"
key: "{{ lookup('file', ssh_public_key) }}"
- name: Set up private key for deploy user
copy:
src: 'files/ssh/deploy_private_key'
src: '{{ ssh_private_key }}'
dest: '{{ deploy_home }}/.ssh/id_rsa'
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
- name: Get known hosts keys
- name: Set known hosts
become_user: '{{ deploy_user }}'
shell: ssh-keyscan -H github.com git.cloud-team.ru
register: khown_hosts
- name: Set known hosts keys
copy:
content: '{{ khown_hosts.stdout }}'
dest: '{{ deploy_home }}/.ssh/known_hosts'
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
known_hosts:
name: '{{ item }}'
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa ' + item) }}"
state: present
loop: '{{ ssh_known_hosts }}'
# Application deployment
- name: Create a project directories
- name: Create directories
file:
path: '{{ item }}'
state: directory
......@@ -201,8 +249,8 @@
- name: Add application vhost for Nginx
template:
src: files/vhost.conf.j2
dest: /etc/nginx/sites-available/application.conf
src: files/nginx-vhost.conf.j2
dest: /etc/nginx/sites-available/app
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
......@@ -210,11 +258,24 @@
- name: Enable application vhost
file:
src: /etc/nginx/sites-available/application.conf
dest: /etc/nginx/sites-enabled/application.conf
src: /etc/nginx/sites-available/app
dest: /etc/nginx/sites-enabled/app
state: link
notify: Reload nginx
- name: Disable default vhost
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: Reload nginx
- name: Add application pool for php-fpm
template:
src: files/php-fpm-pool.conf.j2
dest: /etc/php/7.4/fpm/pool.d/app.conf
mode: '0644'
notify: Reload php-fpm
- name: Create DB-user for application
become_user: postgres
postgresql_user:
......@@ -277,6 +338,8 @@
command:
cmd: 'php yii migrate --interactive=0'
chdir: '{{ app_dir }}'
register: migrate_result
changed_when: "'No new migrations found' not in migrate_result.stdout"
handlers:
......@@ -288,3 +351,9 @@
- name: Reload nginx
service: name=nginx state=reloaded
- name: Reload php-fpm
service: name=php7.4-fpm state=reloaded
- name: Reload postgresql
service: name=postgresql state=reloaded
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment