Commit 2a08a4c5 authored by Илья Крылов's avatar Илья Крылов
Browse files

First commit

parents
[defaults]
host_key_checking = False
inventory = ./inventory.yml
interpreter_python = auto
<?php
return [];
\ No newline at end of file
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAt4VCY4NCwCUv1ABakofdE3x7Pdgt2vytQOXEMn3clLxBY5NRLtcG
FtUxCGjwqPEVYnOyVZoKhnkhdNiOCvZk4gPmqLmhbvdtg/GtAjZ9xSDs/2wFLk6vCymZFR
fCPl0pHKX1DNFYgdFOv0ghYQ+0IqHmUHK4tKXJPky36P8Q9Pi4JEjV+S9rRGbnHmAYlH9q
NiJf2gLv0gKgRO3tJUXnj8wpod+/mSroUW2MtD9c1KRQQLwdrbiKH9jSdQX+l44QOHT8jG
eRQswuDJCevU7Lb9lbDG1wT8lkKZ2KRhURuogoEjZYygHmqvSiRFCDshqrqlsHrOqsfqD7
THFUCNwrWLjaUGYrLDA6W/+GVPCqDyRa8TAqCDaYeKWaREh/PtZvd4+2n9aJnP3+G9nJyO
FKr2obIcQoMBlPFyBbI2Fyu+iTP1H9NM0W54GPaZA5ublrmG1IVETR4hIuBxmN4hSKq3HU
MnywcrFg5Juezdbl/PW2AurM+UOJgbuS8l41MXjRAAAFiKmeSwypnksMAAAAB3NzaC1yc2
EAAAGBALeFQmODQsAlL9QAWpKH3RN8ez3YLdr8rUDlxDJ93JS8QWOTUS7XBhbVMQho8Kjx
FWJzslWaCoZ5IXTYjgr2ZOID5qi5oW73bYPxrQI2fcUg7P9sBS5OrwspmRUXwj5dKRyl9Q
zRWIHRTr9IIWEPtCKh5lByuLSlyT5Mt+j/EPT4uCRI1fkva0Rm5x5gGJR/ajYiX9oC79IC
oETt7SVF54/MKaHfv5kq6FFtjLQ/XNSkUEC8Ha24ih/Y0nUF/peOEDh0/IxnkULMLgyQnr
1Oy2/ZWwxtcE/JZCmdikYVEbqIKBI2WMoB5qr0okRQg7Iaq6pbB6zqrH6g+0xxVAjcK1i4
2lBmKywwOlv/hlTwqg8kWvEwKgg2mHilmkRIfz7Wb3ePtp/WiZz9/hvZycjhSq9qGyHEKD
AZTxcgWyNhcrvokz9R/TTNFueBj2mQObm5a5htSFRE0eISLgcZjeIUiqtx1DJ8sHKxYOSb
ns3W5fz1tgLqzPlDiYG7kvJeNTF40QAAAAMBAAEAAAGAGbkh/xTM7GXJ+Gs8RsGoaSzPkX
GVq9Yy6p/KClG981MXzz8859XX0qd7QfSDlwqDttMEsh7vTr33xIr+DedPaKanVAsA567i
uNXNLDw7EMB2t66KY11AB86C2IQGA/vG4W8Zk/xb7YZLBWC03Qf4dco/oBMUdK2wMX1LYe
suk0exd9SFuXG+FU5fItDRYS8i0gera8Fxn/wiPscisFDGDk/NnhTgpDVxbshuKm2fM2b8
oLY9arYtFh2sEh8O+ms8+ef2teScCke0m1S4YSzluGws2BB2bXLQxc1Uri3qmsqVrkHToG
xmnC3SFmUugEI0BdvXGHuJ3rxLHvoOnL+kpqYLXvuMMJJNCxUU2sFcdH0kwIW2ZcpZyc6g
INjUAZ55MFta+5tIP2J66mA8ZI0NHKKVn1WyJveYrd3Fkjesuh8QRf17VZ3ItRci9j5U+S
4s5l6c80JFARpefdfXQU6bSR15k4ezcfcC2KABD/WZZITkdVM26v0BbHLZtvfN0zDhAAAA
wGg2ynJYWzxnYpk0NQZPDA7djtMMH67ur6SwxnN7ZWrub1arRNfiUrkA77AyMmdjNfM6Oe
hvOjFxafND5mdaU6zqhoT0iGZeEHkOI12Xm1qHhwBQKToKuT5WY0ToMR1mfoD1+TTMI0Tm
kDcb2KaADNJTGZlCBHjQHA+9BNzs6D3GtDe8CDvkGVH5mI3hDFr0yeeffWobIQmk2CF1PU
S7ixeLitgy9Q++V4Wi54Kx+RggqKYdtMzis0RofcnaiFbjQQAAAMEA53g3o7KdZANDsQJn
E6MU0FLlbJnwiDUf2mMfoMUPZygwsXWf7CB6O7bAUJQ4SGtx0mLLTOaAMjMUbrQqQBfJUT
NgrpVfqGgrx7Y3fzHcQC7IwfAMhc/K0+tflkIqnyjWQRZmMu/0j9iGcmQLd4GZdxMCZTOo
5ydzzBBP41r26KA9R8PobwmIZKUieYd9hpqHU56qtdU0zbuW6GYaPWLGISOhi8gTy8gDBu
Cnnntc3ir/gPKK5PaTXMXsf9Pp2MnFAAAAwQDK+C56lumIu+duMMErOUKnRoyxWM7tuW/v
MMK5TjQihCBgfOS5ig4OP1MJU3vra6o1Km2jN6oIl8OpJWcg0w75HzJ7qniTJrWHWhYnrD
W01G297Jh6oh6DcOGSL3DQb0MTdLTWLjVVFSDMw92CNwN/InlGegyr1EUnGYjv88kVHSDu
iE2mPcdk70NgB4fgUbi5FokONdzcLD3Sxybq0L2xPpJ9pcI6YQLp23gMyD2mK0cjnbwGs/
O1CDS/v9Xhf50AAAAOa2lhcGxheWVyQGpqMTQBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3hUJjg0LAJS/UAFqSh90TfHs92C3a/K1A5cQyfdyUvEFjk1Eu1wYW1TEIaPCo8RVic7JVmgqGeSF02I4K9mTiA+aouaFu922D8a0CNn3FIOz/bAUuTq8LKZkVF8I+XSkcpfUM0ViB0U6/SCFhD7QioeZQcri0pck+TLfo/xD0+LgkSNX5L2tEZuceYBiUf2o2Il/aAu/SAqBE7e0lReePzCmh37+ZKuhRbYy0P1zUpFBAvB2tuIof2NJ1Bf6XjhA4dPyMZ5FCzC4MkJ69Tstv2VsMbXBPyWQpnYpGFRG6iCgSNljKAeaq9KJEUIOyGquqWwes6qx+oPtMcVQI3CtYuNpQZissMDpb/4ZU8KoPJFrxMCoINph4pZpESH8+1m93j7af1omc/f4b2cnI4UqvahshxCgwGU8XIFsjYXK76JM/Uf00zRbngY9pkDm5uWuYbUhURNHiEi4HGY3iFIqrcdQyfLBysWDkm57N1uX89bYC6sz5Q4mBu5LyXjUxeNE= kiaplayer@jj14
server {
charset utf-8;
server_tokens off;
listen 80 default_server;
server_name _;
root {{ nginx_root }};
index index.php;
access_log {{ nginx_access_log }};
error_log {{ nginx_error_log }};
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_index index.php;
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name) {
set $fsn $fastcgi_script_name;
}
fastcgi_read_timeout 3600s;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
fastcgi_pass 127.0.0.1:9000;
}
location ~ /\. {
deny all;
}
}
---
# These parameters override all other parameters in playbook
db_name: 'yii2'
db_username: 'yii2'
db_password: 'password'
---
- name: PHP application playbook
hosts: all
become: true
vars:
timezone: Europe/Moscow
locale: en_US.UTF-8
sshers_groups:
- sshers
- vagrant
deploy_user: deploy
deploy_user_group: www-data
deploy_user_extra_groups:
- sshers
deploy_home: '/home/{{ deploy_user }}'
app_dir: '{{ deploy_home }}/www'
log_dir: '{{ deploy_home }}/log'
nginx_root: '{{ app_dir }}/web'
nginx_access_log: '{{ log_dir }}/access.log'
nginx_error_log: '{{ log_dir }}/error.log'
db_postgres_password: 'secret_password'
db_name: 'db_name'
db_username: 'db_username'
db_password: 'db_password'
composer_version: 1.9.3
composer_global_requirements:
- fxp/composer-asset-plugin:1.4.3
composer_github_auth_token: 'dbd6c5966b80f1379ad6c341fef220b8206ae985'
app_configs:
- {src: 'files/app_config.php', dest: '{{ app_dir }}/config/local.php'}
tasks:
# Basic server preparement
- name: Update APT cache if the last one is more than 3600 seconds ago
apt:
update_cache: yes
cache_valid_time: 3600
- name: Set timezone to Europe/Moscow
timezone:
name: '{{ timezone }}'
notify: Restart cron
- name: Ensure a locale exists
locale_gen:
name: '{{ locale }}'
state: present
# Packages installation
- name: Install required packages
apt: name='{{ item }}' state=latest
loop:
- wget
- ntp
- ntpdate
- ufw
- git
- unzip
- curl
- memcached
- nginx
- postgresql-10
- postgresql-server-dev-10
- php-fpm
- php-cli
- php-pgsql
- php-gd
- php-mbstring
- php-curl
- php-intl
- php-zip
- php-xml
- php-json
- php-memcached
- imagemagick
- python3-pip
- name: Install required Python packages
pip: name='{{ item }}' state=latest
loop:
- psycopg2 # PostgreSQL database adapter
- name: Enable NTPD serive
service: name=ntp state=started enabled=yes
- name: Set postgres user password
become_user: postgres
postgresql_user:
name: 'postgres'
password: '{{ db_postgres_password }}'
# Firewall setup
- name: Allow ssh and web traffic
ufw:
rule: allow
proto: tcp
port: '{{ item }}'
with_items:
- '22'
- '80'
- '443'
- '5432'
- name: Deny all other traffic
ufw:
state: enabled
policy: deny
# SSH setup
- name: Disallow password authentication
lineinfile: dest=/etc/ssh/sshd_config
regexp='^PasswordAuthentication'
line='PasswordAuthentication no'
state=present
notify: Restart ssh
- name: Disallow root SSH access
lineinfile: dest=/etc/ssh/sshd_config
regexp='^PermitRootLogin'
line='PermitRootLogin no'
state=present
notify: Restart ssh
- name: Add sshers groups
group: name='{{ item }}' state=present
loop: '{{ sshers_groups }}'
- name: Allow SSH access for sshers groups only
lineinfile: dest=/etc/ssh/sshd_config
regexp='^AllowGroups'
line='AllowGroups {{ sshers_groups | join(' ') }}'
state=present
notify: Restart ssh
# Add deploy user
- name: Add deploy user
user:
name: '{{ deploy_user }}'
home: '{{ deploy_home }}'
group: '{{ deploy_user_group }}'
groups: '{{ deploy_user_extra_groups }}'
shell: /bin/bash
- name: Add deploy user to sudoers
lineinfile: dest=/etc/sudoers
regexp='{{ deploy_user }} ALL'
line='{{ deploy_user }} ALL=(ALL) NOPASSWD:ALL'
state=present
- name: Set up authorized keys for deploy user
authorized_key:
user: '{{ deploy_user }}'
state: present
exclusive: yes
key: "{{ lookup('file', 'files/ssh/deploy_public_key.pub') }}"
- name: Set up private key for deploy user
copy:
src: 'files/ssh/deploy_public_key.pub'
dest: '{{ deploy_home }}/.ssh/id_rsa'
mode: '0600'
- name: Get known hosts keys
shell: ssh-keyscan -H github.com git.cloud-team.ru
register: khown_hosts
- name: Set known hosts keys
copy:
content: '{{ khown_hosts }}'
dest: '{{ deploy_home }}/.ssh/known_hosts'
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
# Application deployment
- name: Create a project directories
file:
path: '{{ item }}'
state: directory
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0750'
loop:
- '{{ app_dir }}'
- '{{ log_dir }}'
- '{{ deploy_home }}/.composer'
- name: Add application vhost for Nginx
template:
src: files/vhost.conf.j2
dest: /etc/nginx/sites-available/application.conf
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
notify: Reload nginx
- name: Enable application vhost
file:
src: /etc/nginx/sites-available/application.conf
dest: /etc/nginx/sites-enabled/application.conf
state: link
notify: Reload nginx
- name: Create DB-user for application
become_user: postgres
postgresql_user:
db: 'postgres'
name: '{{ db_username }}'
password: '{{ db_password }}'
- name: Create database for application
become_user: postgres
postgresql_db:
name: '{{ db_name }}'
owner: '{{ db_username }}'
encoding: 'UTF-8'
lc_collate: '{{ locale }}'
lc_ctype: '{{ locale }}'
template: template0
- name: Download and install Composer
shell: wget -O - https://getcomposer.org/installer | php -- --filename=composer --install-dir=/usr/bin ----version={{ composer_version }}
args:
warn: false
creates: '/usr/bin/composer'
- name: Add Github access token to increase API limits
copy:
content: '{"github-oauth":{"github.com": "{{ composer_github_auth_token}}"}}'
dest: '{{ deploy_home }}/.composer/auth.json'
owner: '{{ deploy_user }}'
group: '{{ deploy_user_group }}'
mode: '0600'
- name: Install global requirements
become_user: '{{ deploy_user }}'
composer:
command: require
global_command: yes
arguments: "{{ composer_global_requirements | join(' ') }}"
- name: Clone application source code
become_user: '{{ deploy_user }}'
git:
repo: 'git@git.cloud-team.ru:lections/ansible-php-app.git'
dest: '{{ app_dir }}'
version: master
- name: Copy application configuration files
become_user: '{{ deploy_user }}'
copy: src={{ item.src }} dest={{ item.dest }} mode=0750
loop: '{{ app_configs }}'
- name: Install application requirements
become_user: '{{ deploy_user }}'
composer:
command: install
working_dir: '{{ app_dir }}'
- name: Migrate database
become_user: '{{ deploy_user }}'
command:
cmd: 'php yii migrate --interactive=0'
chdir: '{{ app_dir }}'
handlers:
- name: Restart ssh
service: name=ssh state=restarted
- name: Restart cron
service: name=cron state=restarted
- name: Reload nginx
service: name=nginx state=reloaded
/.*
/*.log
!.gitignore
/vendor
!/.ansible
Copyright © 2008 by Yii Software LLC (http://www.yiisoft.com)
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Yii Software LLC nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
<p align="center">
<a href="https://github.com/yiisoft" target="_blank">
<img src="https://avatars0.githubusercontent.com/u/993323" height="100px">
</a>
<h1 align="center">Yii 2 Basic Project Template</h1>
<br>
</p>
Yii 2 Basic Project Template is a skeleton [Yii 2](http://www.yiiframework.com/) application best for
rapidly creating small projects.
The template contains the basic features including user login/logout and a contact page.
It includes all commonly used configurations that would allow you to focus on adding new
features to your application.
[![Latest Stable Version](https://img.shields.io/packagist/v/yiisoft/yii2-app-basic.svg)](https://packagist.org/packages/yiisoft/yii2-app-basic)
[![Total Downloads](https://img.shields.io/packagist/dt/yiisoft/yii2-app-basic.svg)](https://packagist.org/packages/yiisoft/yii2-app-basic)
[![Build Status](https://travis-ci.com/yiisoft/yii2-app-basic.svg?branch=master)](https://travis-ci.com/yiisoft/yii2-app-basic)
DIRECTORY STRUCTURE
-------------------
assets/ contains assets definition
commands/ contains console commands (controllers)
config/ contains application configurations
controllers/ contains Web controller classes
mail/ contains view files for e-mails
models/ contains model classes
runtime/ contains files generated during runtime
tests/ contains various tests for the basic application
vendor/ contains dependent 3rd-party packages
views/ contains view files for the Web application
web/ contains the entry script and Web resources
REQUIREMENTS
------------
The minimum requirement by this project template that your Web server supports PHP 5.6.0.
INSTALLATION
------------
### Install via Composer
If you do not have [Composer](http://getcomposer.org/), you may install it by following the instructions
at [getcomposer.org](http://getcomposer.org/doc/00-intro.md#installation-nix).
You can then install this project template using the following command:
~~~
composer create-project --prefer-dist yiisoft/yii2-app-basic basic
~~~
Now you should be able to access the application through the following URL, assuming `basic` is the directory
directly under the Web root.
~~~
http://localhost/basic/web/
~~~
### Install from an Archive File
Extract the archive file downloaded from [yiiframework.com](http://www.yiiframework.com/download/) to
a directory named `basic` that is directly under the Web root.
Set cookie validation key in `config/web.php` file to some random secret string:
```php
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => '<secret random string goes here>',
],
```
You can then access the application through the following URL:
~~~
http://localhost/basic/web/
~~~
### Install with Docker
Update your vendor packages
docker-compose run --rm php composer update --prefer-dist
Run the installation triggers (creating cookie validation code)
docker-compose run --rm php composer install
Start the container
docker-compose up -d
You can then access the application through the following URL:
http://127.0.0.1:8000
**NOTES:**
- Minimum required Docker engine version `17.04` for development (see [Performance tuning for volume mounts](https://docs.docker.com/docker-for-mac/osxfs-caching/))
- The default configuration uses a host-volume in your home directory `.docker-composer` for composer caches
CONFIGURATION
-------------
### Database
Edit the file `config/db.php` with real data, for example:
```php
return [
'class' => 'yii\db\Connection',
'dsn' => 'mysql:host=localhost;dbname=yii2basic',
'username' => 'root',
'password' => '1234',
'charset' => 'utf8',
];
```
**NOTES:**
- Yii won't create the database for you, this has to be done manually before you can access it.
- Check and edit the other files in the `config/` directory to customize your application as required.
- Refer to the README in the `tests` directory for information specific to basic application tests.
TESTING
-------
Tests are located in `tests` directory. They are developed with [Codeception PHP Testing Framework](http://codeception.com/).
By default there are 3 test suites:
- `unit`
- `functional`
- `acceptance`
Tests can be executed by running
```
vendor/bin/codecept run
```
The command above will execute unit and functional tests. Unit tests are testing the system components, while functional
tests are for testing user interaction. Acceptance tests are disabled by default as they require additional setup since
they perform testing in real browser.
### Running acceptance tests
To execute acceptance tests do the following:
1. Rename `tests/acceptance.suite.yml.example` to `tests/acceptance.suite.yml` to enable suite configuration
2. Replace `codeception/base` package in `composer.json` with `codeception/codeception` to install full featured
version of Codeception
3. Update dependencies with Composer
```
composer update
```
4. Download [Selenium Server](http://www.seleniumhq.org/download/) and launch it:
```
java -jar ~/selenium-server-standalone-x.xx.x.jar
```
In case of using Selenium Server 3.0 with Firefox browser since v48 or Google Chrome since v53 you must download [GeckoDriver](https://github.com/mozilla/geckodriver/releases) or [ChromeDriver](https://sites.google.com/a/chromium.org/chromedriver/downloads) and launch Selenium with it:
```
# for Firefox
java -jar -Dwebdriver.gecko.driver=~/geckodriver ~/selenium-server-standalone-3.xx.x.jar
# for Google Chrome
java -jar -Dwebdriver.chrome.driver=~/chromedriver ~/selenium-server-standalone-3.xx.x.jar
```
As an alternative way you can use already configured Docker container with older versions of Selenium and Firefox:
```
docker run --net=host selenium/standalone-firefox:2.53.0
```
5. (Optional) Create `yii2_basic_tests` database and update it by applying migrations if you have them.
```
tests/bin/yii migrate
```
The database configuration can be found at `config/test_db.php`.
6. Start web server:
```
tests/bin/yii serve
```
7. Now you can run all available tests
```
# run all available tests
vendor/bin/codecept run
# run acceptance tests
vendor/bin/codecept run acceptance
# run only unit and functional tests
vendor/bin/codecept run unit,functional
```
### Code coverage support
By default, code coverage is disabled in `codeception.yml` configuration file, you should uncomment needed rows to be able
to collect code coverage. You can run your tests and collect coverage with the following command:
```
#collect coverage for all tests
vendor/bin/codecept run -- --coverage-html --coverage-xml