# Change log of
+## V0.1.0: first working version as ansknife
+
--- /dev/null
+../ansknife/SetRights
\ No newline at end of file
+++ /dev/null
----
-
-- hosts: all
- vars:
- hostname: "nest"
- tasks:
- - name: Prepare /media/trg directory
- file: path=/media/trg state=directory
- - name: Prepare /media/tmp directory
- file: path=/media/trg state=directory
- - name: Prepare /media/fs.cave directory
- file: path=/media/fs.cave state=directory
- - name: Prepare /media/fs.sys directory
- file: path=/media/fs.sys state=directory
- - name: Prepare /usr/local/bin directory
- file: path=/usr/local/bin state=directory
- - name: Prepare /usr/local/bin/local directory
- file: path=/usr/local/bin/local state=directory
- - name: Prepare /usr/share/pyrshell directory
- file: path=/usr/share/pyrshell state=directory
- - name: Symbolic link to local directory
- file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link
- - name: Unpack a tar into /usr/local/bin/local
- unarchive: src=../resources/needed.tgz dest=/usr/local/bin
- - name: Symbolic link to /p
- file: src=/usr/local/bin/std.profile dest=/p state=link
- - name: Unpack a tar into /usr/share/pyrshell
- unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell
- - name: Create user bupsrv
- user: name=bupsrv state=present uid=201
- - name: Create user bupsupply
- user: name=bupsupply state=present uid=202
- - name: Create user bupwiki
- user: name=bupwiki state=present uid=203
- - name: Create user buptmp
- user: name=buptmp state=present uid=204
- - name: Create user extdata
- user: name=extdata state=present uid=211
- - name: Create user extcloud
- user: name=extcloud state=present uid=212
- - name: Create user extbup
- user: name=extbup state=present uid=213
-
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_10_basic.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_15_server_packages.yaml
\ No newline at end of file
+++ /dev/null
----
-- name: Install and configure with letsencrypt
- hosts: all
- become: yes
-
- vars:
- user: www-data
- hostname: "{{ inventory_hostname }}"
- log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}"
- vars_files:
- - var/ssl-certificate.yaml
- tasks:
- - name: Install nginx
- apt:
- name: nginx
- state: latest
- update_cache: yes
- - name: Prepare letsencrypt home directory
- file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory
- - name: Add test file1
- copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/
- - name: Add test file2
- copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt
- - name: Prepare letsencrypt
- copy:
- src: ../templates/nginx/letsencrypt.conf
- dest: /etc/nginx/snippets
- - name: add HTTP-variables
- copy:
- src: ../templates/nginx/http.conf
- dest: /etc/nginx/snippets
- - name: create a www directory
- file: path=/home/www state=directory owner=root group=www-data
-
- - name: create the /srv/www link
- file: src=/home/www dest=/srv/www state=link
- - name: Ensure nginx is running
- systemd:
- name: nginx
- state: started
- enabled: yes
- - name: create a test virtual hosts
- template:
- src: ../templates/nginx/test.site
- dest: /etc/nginx/sites-available/{{hostname}}
- - name: activate by link in sites-enabled
- file:
- src: /etc/nginx/sites-available/{{hostname}}
- dest: /etc/nginx/sites-enabled/{{hostname}}
- state: link
- - name: create a ssh-certificate
- command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/{{hostname}}.key -out /etc/ssl/certs/{{hostname}}.pem -subj "/C={{SSL_COUNTRY}}/ST={{SSL_STATE}}/L={{SSL_LOCALITY}}/O={{SSL_ORGANIZATION}}/CN={{hostname}}"
- args:
- creates: /etc/ssl/private/{{hostname}}.key
- - name: create a document root
- file: dest=/srv/www/{{hostname}} state=directory owner=www-data group=www-data
- - name: create a test index.html
- template: src=../templates/nginx/index.html dest=/srv/www/{{hostname}}/index.html
- - name: create a test index.php
- copy: src=../templates/nginx/index.php dest=/srv/www/{{hostname}}/index.php
-
--- /dev/null
+../../ansknife/playbooks/i_20_nginx.yaml
\ No newline at end of file
+++ /dev/null
-- hosts: all
- vars:
- - PHP_VERS: "8.3"
-
- tasks:
- - name: Install mariadb
- ansible.builtin.apt:
- name:
- - mariadb-server
- state: latest
- update_cache: yes
- - name: Ensure mariadb is running
- ansible.builtin.systemd:
- name: mysqld
- state: started
- enabled: yes
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_30_mariadb.yaml
\ No newline at end of file
+++ /dev/null
-- hosts: all
- vars:
- - PHP_VERS: "8.2"
- vars_files:
- - var/php.yaml
- pre_tasks:
- - name:
- apt:
- name: gpg
- state: present
- update_cache: true
- - name: add packages.sury.org (Debian case)
- block:
- - name: add gpg repo key
- apt_key:
- url: 'https://packages.sury.org/php/apt.gpg'
- state: present
-
- - name: add apt repo
- apt_repository:
- repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main'
- state: present
- filename: php
- when: ansible_distribution == 'Debian'
- tasks:
- - name: Install PHP {{PHP_VERS}} and common modules
- ansible.builtin.apt:
- name: "{{ item }}"
- state: present
- update_cache: true
- cache_valid_time: 3600
- with_items: "{{ php_packages + php_additional_packages }}"
- - name: Define PHP variables in php.ini
- ansible.builtin.ini_file:
- dest: /etc/php/{{PHP_VERS}}/fpm/php.ini
- section: "{{ item.section }}"
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- with_items:
- "{{ php_ini_settings }}"
- - name: Ensure PHP-FPM is running
- ansible.builtin.systemd:
- name: php{{PHP_VERS}}-fpm
- state: started
- enabled: yes
- - name: Ensure Redis is running
- ansible.builtin.systemd:
- name: redis-server
- state: started
- enabled: yes
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_40_php8.2.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_50_git_server.yaml
\ No newline at end of file
+++ /dev/null
----
-- name: Install and configure with letsencrypt
- hosts: all
- become: yes
-
- vars:
- user: www-data
- hostname: "{{ inventory_hostname }}"
- log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}"
- vars_files:
- - var/ssl-certificate.yaml
- tasks:
- - name: Install nginx
- debug:
- msg: "hostname: {{hostname}} log_name: {{log_name}}"
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/i_99_test.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/mysql_create_admin.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/mysql_create_db_and_user.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/mysql_create_db_and_user.yaml
\ No newline at end of file
+++ /dev/null
----
-# php.yaml:
-# Defines variables for the PHP role.
-# This file is used to set up the PHP environment and configuration.
-# needed variables: PHP_VERS
-
-php_packages:
- - php{{PHP_VERS}}-common
- - php{{PHP_VERS}}-curl
- - php{{PHP_VERS}}-fpm
- - php{{PHP_VERS}}-gd
- - php{{PHP_VERS}}-igbinary
- - php{{PHP_VERS}}-imagick
- - php{{PHP_VERS}}-imap
- - php{{PHP_VERS}}-intl
- - php{{PHP_VERS}}-mbstring
- - php{{PHP_VERS}}-memcached
- - php{{PHP_VERS}}-msgpack
- - php{{PHP_VERS}}-mysql
- - php{{PHP_VERS}}-opcache
- - php{{PHP_VERS}}-phpdbg
- - php{{PHP_VERS}}-readline
- - php{{PHP_VERS}}-redis
- - php{{PHP_VERS}}-xdebug
- - php{{PHP_VERS}}-xml
- - php{{PHP_VERS}}-zip
-php_additional_packages:
- - redis-server
- - imagemagick
-
-php_ini_settings:
- - { section: "DEFAULT", option: "memory_limit", value: "512M" }
- - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" }
- - { section: "DEFAULT", option: "max_file_uploads", value: 100 }
- - { section: "DEFAULT", option: "post_max_size", value: "512M" }
- - { section: "DEFAULT", option: "max_execution_time", value: 600 }
- - { section: "DEFAULT", option: "max_input_time", value: 600 }
- - { section: "DEFAULT", option: "default_socket_timeout", value: 600 }
- - { section: "Session", option: "session.save_handler", value: "redis" }
- - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" }
- - { section: "opcache", option: "opcache.enable", value: 1 }
- - { section: "opcache", option: "opcache.memory_consumption", value: 512 }
- - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 }
-
+++ /dev/null
----
-# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}"
-SSL_COUNTRY: DE
-SSL_STATE: Bavaria
-SSL_LOCALITY: Kempten
-SSL_ORGANIZATION: IT
-
--- /dev/null
+../../ansknife/playbooks/webapp_create.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/webapp_export.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/playbooks/webapp_import.yaml
\ No newline at end of file
-../../common/resources/needed.tgz
\ No newline at end of file
+../../ansknife/resources/needed.tgz
\ No newline at end of file
-../../common/resources/rsh.tgz
\ No newline at end of file
+../../ansknife/resources/rsh.tgz
\ No newline at end of file
--- /dev/null
+../../ansknife/scripts/CreatePlaybook
\ No newline at end of file
--- /dev/null
+../../ansknife/scripts/CreateTask
\ No newline at end of file
--- /dev/null
+../../ansknife/tasks/t_mysql_create_admin.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/tasks/t_mysql_create_db_and_user.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/tasks/t_webapp_create.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/tasks/t_webapp_export.yaml
\ No newline at end of file
--- /dev/null
+../../ansknife/tasks/t_webapp_import.yaml
\ No newline at end of file
--- /dev/null
+configuration_directory: /etc/ansknife
+remote_webapps_directory: "{{ configuration_directory }}/webapps.d"
+local_webapps_directory: "../webapps"
\ No newline at end of file
--- /dev/null
+---
+# Creation of the central password file:
+# echo "top_secret_password" > resources/.vaults
+# Creation of the encrypted vault file:
+# ansible-vault encrypt_string --vault-password-file resources/.vault --name 'vault_dba_password' --stdin-name 'vault_dba_password' | tee var/vault_db.yaml
+# Find the password file: ANSIBLE_VAULT_PASSWORD_FILE=resources/.vault
+dba_name: dba
+dba_password: "{{ vault_dba_password }}"
\ No newline at end of file
--- /dev/null
+---
+# php.yaml:
+# Defines variables for the PHP role.
+# This file is used to set up the PHP environment and configuration.
+# needed variables: PHP_VERS
+
+php_packages:
+ - php{{PHP_VERS}}-common
+ - php{{PHP_VERS}}-curl
+ - php{{PHP_VERS}}-fpm
+ - php{{PHP_VERS}}-gd
+ - php{{PHP_VERS}}-igbinary
+ - php{{PHP_VERS}}-imagick
+ - php{{PHP_VERS}}-imap
+ - php{{PHP_VERS}}-intl
+ - php{{PHP_VERS}}-mbstring
+ - php{{PHP_VERS}}-memcached
+ - php{{PHP_VERS}}-msgpack
+ - php{{PHP_VERS}}-mysql
+ - php{{PHP_VERS}}-opcache
+ - php{{PHP_VERS}}-phpdbg
+ - php{{PHP_VERS}}-readline
+ - php{{PHP_VERS}}-redis
+ - php{{PHP_VERS}}-xdebug
+ - php{{PHP_VERS}}-xml
+ - php{{PHP_VERS}}-zip
+php_additional_packages:
+ - redis-server
+ - imagemagick
+
+php_ini_settings:
+ - { section: "DEFAULT", option: "memory_limit", value: "512M" }
+ - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" }
+ - { section: "DEFAULT", option: "max_file_uploads", value: 100 }
+ - { section: "DEFAULT", option: "post_max_size", value: "512M" }
+ - { section: "DEFAULT", option: "max_execution_time", value: 600 }
+ - { section: "DEFAULT", option: "max_input_time", value: 600 }
+ - { section: "DEFAULT", option: "default_socket_timeout", value: 600 }
+ - { section: "Session", option: "session.save_handler", value: "redis" }
+ - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" }
+ - { section: "opcache", option: "opcache.enable", value: 1 }
+ - { section: "opcache", option: "opcache.memory_consumption", value: 512 }
+ - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 }
+
--- /dev/null
+---
+# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}"
+SSL_COUNTRY: DE
+SSL_STATE: Bavaria
+SSL_LOCALITY: Kempten
+SSL_ORGANIZATION: IT
+
--- /dev/null
+vault_dba_password: Sekret.Top
\ No newline at end of file
--- /dev/null
+webapps_list:
+ - webapp_name: myapp5.example.com
+ db_name: dbdummy5
+ db_user: dummy5
+ db_password: NeverKnown5
+ directory: /srv/www/myapp5.example.com
+ - webapp_name: 'app7.example.com'
+ db_name: 'dbapp7'
+ db_user: 'appusr7'
+ db_password: 'Unknown7'
+ directory: '/srv/www/app7.example.com'
projects / nest_ansible.git / commitdiff