208 lines
7.2 KiB
YAML
208 lines
7.2 KiB
YAML
---
|
|
|
|
- include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
|
|
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
|
|
- vars/{{ ansible_distribution }}.yml
|
|
- vars/{{ ansible_os_family }}.yml
|
|
tags: web
|
|
|
|
- name: Install needed tools
|
|
yum: name{{ wh_backend_packages }}
|
|
tags: web
|
|
|
|
- set_fact: wh_app_dir=[]
|
|
tags: web
|
|
- name: Build a list of app root
|
|
set_fact:
|
|
wh_app_dir: "{{ wh_app_dir }} + [ '/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}' ]"
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
tags: web
|
|
|
|
- name: Create unix accounts
|
|
user:
|
|
name: "wh-{{ item.name }}"
|
|
comment: "Unix account for {{ item.name }}"
|
|
system: True
|
|
shell: "{{ shell | default('/sbin/nologin') }}"
|
|
home: /opt/wh/{{ item.name }}
|
|
loop: "{{ wh_clients }}"
|
|
tags: web
|
|
|
|
- name: Create ssh directories
|
|
file: path=/etc/ssh/wh/{{ item.name }}/ state=directory mode=755
|
|
loop: "{{ wh_clients }}"
|
|
tags: web
|
|
|
|
- name: Deploy SSH keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ item.ssh_keys | default([]) | join(\"\n\") }}"
|
|
path: /etc/ssh/wh/{{ item.name }}/authorized_keys
|
|
manage_dir: False
|
|
exclusive: True
|
|
loop: "{{ wh_clients }}"
|
|
tags: web
|
|
|
|
- name: Set correct permissions on authorized_key files
|
|
file: path=/etc/ssh/wh/{{ item.name }}/authorized_keys owner=root group=root mode=644
|
|
loop: "{{ wh_clients }}"
|
|
when: item.ssh_keys | default([]) | length > 0
|
|
tags: web
|
|
|
|
- name: List all authorized keys directories
|
|
shell: ls -1 /etc/ssh/wh | xargs -n1 basename
|
|
register: wh_existing_ssh_keys
|
|
changed_when: False
|
|
tags: web
|
|
|
|
- name: Remove unmanaged ssh keys
|
|
file: path=/etc/ssh/wh/{{ item }} state=absent
|
|
with_items: "{{ wh_existing_ssh_keys.stdout_lines | default([]) }}"
|
|
when: item not in wh_clients | map(attribute='name')
|
|
tags: web
|
|
|
|
- name: Create applications directories
|
|
file: path={{ item.0 }}/{{ item.1 }} state=directory
|
|
loop: "{{ wh_app_dir | product(['web','data','tmp','logs','archives','bin','info', 'db_dumps']) | list }}"
|
|
notify: reset permissions
|
|
tags: web
|
|
|
|
- name: Set correct SELinux context for apps directories
|
|
sefcontext:
|
|
target: "{{ item }}(/.*)?"
|
|
setype: httpd_sys_content_t
|
|
state: present
|
|
when: ansible_selinux.status == 'enabled'
|
|
loop: "{{ wh_app_dir }}"
|
|
notify: reset permissions
|
|
tags: web
|
|
|
|
- name: Deploy PHP FPM pools
|
|
template: src=php-fpm.conf.j2 dest=/etc/opt/remi/php{{ item }}/php-fpm.d/wh.conf
|
|
vars:
|
|
wh_php_version: "{{ item }}"
|
|
loop: "{{ httpd_php_versions }}"
|
|
notify: restart php-fpm
|
|
tags: web
|
|
|
|
- name: Deploy httpd configuration
|
|
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/31-wh.conf
|
|
notify: reload httpd
|
|
tags: web
|
|
|
|
- name: Deploy permissions scripts
|
|
template: src=perms.sh.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/bin/perms.sh
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
notify: reset permissions
|
|
tags: web
|
|
|
|
- name: Create databases
|
|
mysql_db:
|
|
name: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}"
|
|
login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
collation: "{{ (wh_default_app | combine(item.1)).database.collation }}"
|
|
encoding: "{{ (wh_default_app | combine(item.1)).database.encoding }}"
|
|
state: present
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when:
|
|
- (wh_default_app | combine(item.1)).database.enabled
|
|
- (wh_default_app | combine(item.1)).database.engine == 'mysql'
|
|
- item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
tags: web
|
|
|
|
- name: Create applications database users
|
|
mysql_user:
|
|
name: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}"
|
|
password: "{{ (wh_default_app | combine(item.1)).database.pass | default((wh_pass_seed | password_hash('sha256', 65534 | random(seed=item.0.name + item.1.name) | string))[9:27] ) }}"
|
|
priv: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}.*:ALL"
|
|
host: "%"
|
|
login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
state: present
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when:
|
|
- (wh_default_app | combine(item.1)).database.enabled
|
|
- (wh_default_app | combine(item.1)).database.engine == 'mysql'
|
|
- item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
tags: web
|
|
|
|
- name: Create clients database user
|
|
mysql_user:
|
|
name: "{{ item.0.name[0:15] }}"
|
|
password: "{{ item.0.db_pass | default((wh_pass_seed | password_hash('sha256', 65534 | random(seed=item.0.name) | string))[9:27]) }}"
|
|
priv: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}.*:ALL"
|
|
host: "%"
|
|
login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
append_privs: True
|
|
state: present
|
|
loop: "{{ wh_clients | subelements('apps')}}"
|
|
when:
|
|
- (wh_default_app | combine(item.1)).database.enabled
|
|
- (wh_default_app | combine(item.1)).database.engine == 'mysql'
|
|
- item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
tags: web
|
|
|
|
- name: Deploy databases info file
|
|
template: src=database.txt.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/info/database.txt
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
notify: reset permissions
|
|
tags: web
|
|
|
|
- name: Deploy per app backup scripts
|
|
template: src=backup.sh.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/bin/backup.sh mode=750
|
|
loop: "{{ wh_clients | subelements('apps') }}"
|
|
when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
|
|
tags: web
|
|
|
|
- name: Deploy wh_create_archives script to archive all the hosted apps
|
|
template: src=wh_create_archives.sh.j2 dest=/usr/local/bin/wh_create_archives.sh mode=750
|
|
tags: web
|
|
|
|
- name: Setup a daily cronjob to take automatic archives of webapps
|
|
cron:
|
|
name: wh_backups
|
|
special_time: daily
|
|
user: root
|
|
job: 'systemd-cat /usr/local/bin/wh_create_archives.sh'
|
|
cron_file: wh
|
|
state: present
|
|
tags: web
|
|
|
|
- name: Deploy global pre/post backup scripts
|
|
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/wh.sh mode=700
|
|
loop: [ 'pre', 'post' ]
|
|
tags: web
|
|
|
|
- name: Deploy logrotate snippet
|
|
template: src=logrotate.j2 dest=/etc/logrotate.d/wh
|
|
tags: web
|
|
|
|
- name: Deploy wh-acld
|
|
template: src=wh-acld.j2 dest=/usr/local/bin/wh-acld mode=750
|
|
notify: restart wh-acld
|
|
tags: web
|
|
|
|
- name: Deploy wh-acld service unit
|
|
template: src=wh-acld.service.j2 dest=/etc/systemd/system/wh-acld.service
|
|
register: wh_acld_unit
|
|
tags: web
|
|
|
|
- name: Reload systemd
|
|
systemd: daemon_reload=True
|
|
when: wh_acld_unit.changed
|
|
tags: web
|
|
|
|
- name: Start and enable wh-acld
|
|
service: name=wh-acld state=started enabled=True
|
|
tags: web
|