From: Hamatoma Date: Sat, 5 Apr 2025 17:49:15 +0000 (+0200) Subject: V0.1.0: first working version as ansknife X-Git-Url: https://gitweb.hamatoma.de/?a=commitdiff_plain;h=cfbee7baad7995ff322d4788bc7b6e2200a7fcf8;p=nest_ansible.git V0.1.0: first working version as ansknife --- diff --git a/.gitignore b/.gitignore index 722d5e7..0d806df 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .vscode +.vault diff --git a/CHANGELOG.md b/CHANGELOG.md index 51ee0d2..1ec6b54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1 +1,3 @@ # Change log of +## V0.1.0: first working version as ansknife + diff --git a/SetRights b/SetRights new file mode 120000 index 0000000..6172707 --- /dev/null +++ b/SetRights @@ -0,0 +1 @@ +../ansknife/SetRights \ No newline at end of file diff --git a/playbooks/i_10_basic.yaml b/playbooks/i_10_basic.yaml deleted file mode 100644 index a5f64df..0000000 --- a/playbooks/i_10_basic.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- hosts: all - vars: - hostname: "nest" - tasks: - - name: Prepare /media/trg directory - file: path=/media/trg state=directory - - name: Prepare /media/tmp directory - file: path=/media/trg state=directory - - name: Prepare /media/fs.cave directory - file: path=/media/fs.cave state=directory - - name: Prepare /media/fs.sys directory - file: path=/media/fs.sys state=directory - - name: Prepare /usr/local/bin directory - file: path=/usr/local/bin state=directory - - name: Prepare /usr/local/bin/local directory - file: path=/usr/local/bin/local state=directory - - name: Prepare /usr/share/pyrshell directory - file: path=/usr/share/pyrshell state=directory - - name: Symbolic link to local directory - file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link - - name: Unpack a tar into /usr/local/bin/local - unarchive: src=../resources/needed.tgz dest=/usr/local/bin - - name: Symbolic link to /p - file: src=/usr/local/bin/std.profile dest=/p state=link - - name: Unpack a tar into /usr/share/pyrshell - unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell - - name: Create user bupsrv - user: name=bupsrv state=present uid=201 - - name: Create user bupsupply - user: name=bupsupply state=present uid=202 - - name: Create user bupwiki - user: name=bupwiki state=present uid=203 - - name: Create user buptmp - user: name=buptmp state=present uid=204 - - name: Create user extdata - user: name=extdata state=present uid=211 - - name: Create user extcloud - user: name=extcloud state=present uid=212 - - name: Create user extbup - user: name=extbup state=present uid=213 - \ No newline at end of file diff --git a/playbooks/i_10_basic.yaml b/playbooks/i_10_basic.yaml new file mode 120000 index 0000000..4250d9d --- /dev/null +++ b/playbooks/i_10_basic.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_10_basic.yaml \ No newline at end of file diff --git a/playbooks/i_15_server_packages.yaml b/playbooks/i_15_server_packages.yaml new file mode 120000 index 0000000..5d15839 --- /dev/null +++ b/playbooks/i_15_server_packages.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_15_server_packages.yaml \ No newline at end of file diff --git a/playbooks/i_20_nginx.yaml b/playbooks/i_20_nginx.yaml deleted file mode 100644 index 99e2f67..0000000 --- a/playbooks/i_20_nginx.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -- name: Install and configure with letsencrypt - hosts: all - become: yes - - vars: - user: www-data - hostname: "{{ inventory_hostname }}" - log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" - vars_files: - - var/ssl-certificate.yaml - tasks: - - name: Install nginx - apt: - name: nginx - state: latest - update_cache: yes - - name: Prepare letsencrypt home directory - file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory - - name: Add test file1 - copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/ - - name: Add test file2 - copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt - - name: Prepare letsencrypt - copy: - src: ../templates/nginx/letsencrypt.conf - dest: /etc/nginx/snippets - - name: add HTTP-variables - copy: - src: ../templates/nginx/http.conf - dest: /etc/nginx/snippets - - name: create a www directory - file: path=/home/www state=directory owner=root group=www-data - - - name: create the /srv/www link - file: src=/home/www dest=/srv/www state=link - - name: Ensure nginx is running - systemd: - name: nginx - state: started - enabled: yes - - name: create a test virtual hosts - template: - src: ../templates/nginx/test.site - dest: /etc/nginx/sites-available/{{hostname}} - - name: activate by link in sites-enabled - file: - src: /etc/nginx/sites-available/{{hostname}} - dest: /etc/nginx/sites-enabled/{{hostname}} - state: link - - name: create a ssh-certificate - command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/{{hostname}}.key -out /etc/ssl/certs/{{hostname}}.pem -subj "/C={{SSL_COUNTRY}}/ST={{SSL_STATE}}/L={{SSL_LOCALITY}}/O={{SSL_ORGANIZATION}}/CN={{hostname}}" - args: - creates: /etc/ssl/private/{{hostname}}.key - - name: create a document root - file: dest=/srv/www/{{hostname}} state=directory owner=www-data group=www-data - - name: create a test index.html - template: src=../templates/nginx/index.html dest=/srv/www/{{hostname}}/index.html - - name: create a test index.php - copy: src=../templates/nginx/index.php dest=/srv/www/{{hostname}}/index.php - diff --git a/playbooks/i_20_nginx.yaml b/playbooks/i_20_nginx.yaml new file mode 120000 index 0000000..fef4661 --- /dev/null +++ b/playbooks/i_20_nginx.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_20_nginx.yaml \ No newline at end of file diff --git a/playbooks/i_30_mariadb.yaml b/playbooks/i_30_mariadb.yaml deleted file mode 100644 index a5852e1..0000000 --- a/playbooks/i_30_mariadb.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: all - vars: - - PHP_VERS: "8.3" - - tasks: - - name: Install mariadb - ansible.builtin.apt: - name: - - mariadb-server - state: latest - update_cache: yes - - name: Ensure mariadb is running - ansible.builtin.systemd: - name: mysqld - state: started - enabled: yes \ No newline at end of file diff --git a/playbooks/i_30_mariadb.yaml b/playbooks/i_30_mariadb.yaml new file mode 120000 index 0000000..d1c8dd2 --- /dev/null +++ b/playbooks/i_30_mariadb.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_30_mariadb.yaml \ No newline at end of file diff --git a/playbooks/i_40_php8.2.yaml b/playbooks/i_40_php8.2.yaml deleted file mode 100644 index d2a6d17..0000000 --- a/playbooks/i_40_php8.2.yaml +++ /dev/null @@ -1,50 +0,0 @@ -- hosts: all - vars: - - PHP_VERS: "8.2" - vars_files: - - var/php.yaml - pre_tasks: - - name: - apt: - name: gpg - state: present - update_cache: true - - name: add packages.sury.org (Debian case) - block: - - name: add gpg repo key - apt_key: - url: 'https://packages.sury.org/php/apt.gpg' - state: present - - - name: add apt repo - apt_repository: - repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main' - state: present - filename: php - when: ansible_distribution == 'Debian' - tasks: - - name: Install PHP {{PHP_VERS}} and common modules - ansible.builtin.apt: - name: "{{ item }}" - state: present - update_cache: true - cache_valid_time: 3600 - with_items: "{{ php_packages + php_additional_packages }}" - - name: Define PHP variables in php.ini - ansible.builtin.ini_file: - dest: /etc/php/{{PHP_VERS}}/fpm/php.ini - section: "{{ item.section }}" - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - "{{ php_ini_settings }}" - - name: Ensure PHP-FPM is running - ansible.builtin.systemd: - name: php{{PHP_VERS}}-fpm - state: started - enabled: yes - - name: Ensure Redis is running - ansible.builtin.systemd: - name: redis-server - state: started - enabled: yes \ No newline at end of file diff --git a/playbooks/i_40_php8.2.yaml b/playbooks/i_40_php8.2.yaml new file mode 120000 index 0000000..37b9910 --- /dev/null +++ b/playbooks/i_40_php8.2.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_40_php8.2.yaml \ No newline at end of file diff --git a/playbooks/i_50_git_server.yaml b/playbooks/i_50_git_server.yaml new file mode 120000 index 0000000..31bad60 --- /dev/null +++ b/playbooks/i_50_git_server.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_50_git_server.yaml \ No newline at end of file diff --git a/playbooks/i_99_test.yaml b/playbooks/i_99_test.yaml deleted file mode 100644 index e21156f..0000000 --- a/playbooks/i_99_test.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Install and configure with letsencrypt - hosts: all - become: yes - - vars: - user: www-data - hostname: "{{ inventory_hostname }}" - log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" - vars_files: - - var/ssl-certificate.yaml - tasks: - - name: Install nginx - debug: - msg: "hostname: {{hostname}} log_name: {{log_name}}" \ No newline at end of file diff --git a/playbooks/i_99_test.yaml b/playbooks/i_99_test.yaml new file mode 120000 index 0000000..e7ae028 --- /dev/null +++ b/playbooks/i_99_test.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_99_test.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_admin.yaml b/playbooks/mysql_create_admin.yaml new file mode 120000 index 0000000..9ebc574 --- /dev/null +++ b/playbooks/mysql_create_admin.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_admin.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_db_and_user copy.yaml b/playbooks/mysql_create_db_and_user copy.yaml new file mode 120000 index 0000000..33e8e09 --- /dev/null +++ b/playbooks/mysql_create_db_and_user copy.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_db_and_user.yaml b/playbooks/mysql_create_db_and_user.yaml new file mode 120000 index 0000000..33e8e09 --- /dev/null +++ b/playbooks/mysql_create_db_and_user.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/playbooks/var/php.yaml b/playbooks/var/php.yaml deleted file mode 100644 index 5bc552c..0000000 --- a/playbooks/var/php.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# php.yaml: -# Defines variables for the PHP role. -# This file is used to set up the PHP environment and configuration. -# needed variables: PHP_VERS - -php_packages: - - php{{PHP_VERS}}-common - - php{{PHP_VERS}}-curl - - php{{PHP_VERS}}-fpm - - php{{PHP_VERS}}-gd - - php{{PHP_VERS}}-igbinary - - php{{PHP_VERS}}-imagick - - php{{PHP_VERS}}-imap - - php{{PHP_VERS}}-intl - - php{{PHP_VERS}}-mbstring - - php{{PHP_VERS}}-memcached - - php{{PHP_VERS}}-msgpack - - php{{PHP_VERS}}-mysql - - php{{PHP_VERS}}-opcache - - php{{PHP_VERS}}-phpdbg - - php{{PHP_VERS}}-readline - - php{{PHP_VERS}}-redis - - php{{PHP_VERS}}-xdebug - - php{{PHP_VERS}}-xml - - php{{PHP_VERS}}-zip -php_additional_packages: - - redis-server - - imagemagick - -php_ini_settings: - - { section: "DEFAULT", option: "memory_limit", value: "512M" } - - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" } - - { section: "DEFAULT", option: "max_file_uploads", value: 100 } - - { section: "DEFAULT", option: "post_max_size", value: "512M" } - - { section: "DEFAULT", option: "max_execution_time", value: 600 } - - { section: "DEFAULT", option: "max_input_time", value: 600 } - - { section: "DEFAULT", option: "default_socket_timeout", value: 600 } - - { section: "Session", option: "session.save_handler", value: "redis" } - - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" } - - { section: "opcache", option: "opcache.enable", value: 1 } - - { section: "opcache", option: "opcache.memory_consumption", value: 512 } - - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 } - diff --git a/playbooks/var/ssl-certificate.yaml b/playbooks/var/ssl-certificate.yaml deleted file mode 100644 index 07bc809..0000000 --- a/playbooks/var/ssl-certificate.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}" -SSL_COUNTRY: DE -SSL_STATE: Bavaria -SSL_LOCALITY: Kempten -SSL_ORGANIZATION: IT - diff --git a/playbooks/webapp_create.yaml b/playbooks/webapp_create.yaml new file mode 120000 index 0000000..b9d23a9 --- /dev/null +++ b/playbooks/webapp_create.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_create.yaml \ No newline at end of file diff --git a/playbooks/webapp_export.yaml b/playbooks/webapp_export.yaml new file mode 120000 index 0000000..0d1daad --- /dev/null +++ b/playbooks/webapp_export.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_export.yaml \ No newline at end of file diff --git a/playbooks/webapp_import.yaml b/playbooks/webapp_import.yaml new file mode 120000 index 0000000..a06bb76 --- /dev/null +++ b/playbooks/webapp_import.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_import.yaml \ No newline at end of file diff --git a/resources/needed.tgz b/resources/needed.tgz index 0da7040..3c4ed1f 120000 --- a/resources/needed.tgz +++ b/resources/needed.tgz @@ -1 +1 @@ -../../common/resources/needed.tgz \ No newline at end of file +../../ansknife/resources/needed.tgz \ No newline at end of file diff --git a/resources/rsh.tgz b/resources/rsh.tgz index fda2b9c..1030745 120000 --- a/resources/rsh.tgz +++ b/resources/rsh.tgz @@ -1 +1 @@ -../../common/resources/rsh.tgz \ No newline at end of file +../../ansknife/resources/rsh.tgz \ No newline at end of file diff --git a/scripts/CreatePlaybook b/scripts/CreatePlaybook new file mode 120000 index 0000000..71ad78a --- /dev/null +++ b/scripts/CreatePlaybook @@ -0,0 +1 @@ +../../ansknife/scripts/CreatePlaybook \ No newline at end of file diff --git a/scripts/CreateTask b/scripts/CreateTask new file mode 120000 index 0000000..af89d80 --- /dev/null +++ b/scripts/CreateTask @@ -0,0 +1 @@ +../../ansknife/scripts/CreateTask \ No newline at end of file diff --git a/tasks/t_mysql_create_admin.yaml b/tasks/t_mysql_create_admin.yaml new file mode 120000 index 0000000..0df504c --- /dev/null +++ b/tasks/t_mysql_create_admin.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_mysql_create_admin.yaml \ No newline at end of file diff --git a/tasks/t_mysql_create_db_and_user.yaml b/tasks/t_mysql_create_db_and_user.yaml new file mode 120000 index 0000000..f91e0db --- /dev/null +++ b/tasks/t_mysql_create_db_and_user.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/tasks/t_webapp_create.yaml b/tasks/t_webapp_create.yaml new file mode 120000 index 0000000..194111e --- /dev/null +++ b/tasks/t_webapp_create.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_create.yaml \ No newline at end of file diff --git a/tasks/t_webapp_export.yaml b/tasks/t_webapp_export.yaml new file mode 120000 index 0000000..7df312c --- /dev/null +++ b/tasks/t_webapp_export.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_export.yaml \ No newline at end of file diff --git a/tasks/t_webapp_import.yaml b/tasks/t_webapp_import.yaml new file mode 120000 index 0000000..fe09c5c --- /dev/null +++ b/tasks/t_webapp_import.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_import.yaml \ No newline at end of file diff --git a/var/common.yaml b/var/common.yaml new file mode 100644 index 0000000..9031605 --- /dev/null +++ b/var/common.yaml @@ -0,0 +1,3 @@ +configuration_directory: /etc/ansknife +remote_webapps_directory: "{{ configuration_directory }}/webapps.d" +local_webapps_directory: "../webapps" \ No newline at end of file diff --git a/var/db.yaml b/var/db.yaml new file mode 100644 index 0000000..e713d30 --- /dev/null +++ b/var/db.yaml @@ -0,0 +1,8 @@ +--- +# Creation of the central password file: +# echo "top_secret_password" > resources/.vaults +# Creation of the encrypted vault file: +# ansible-vault encrypt_string --vault-password-file resources/.vault --name 'vault_dba_password' --stdin-name 'vault_dba_password' | tee var/vault_db.yaml +# Find the password file: ANSIBLE_VAULT_PASSWORD_FILE=resources/.vault +dba_name: dba +dba_password: "{{ vault_dba_password }}" \ No newline at end of file diff --git a/var/php.yaml b/var/php.yaml new file mode 100644 index 0000000..5bc552c --- /dev/null +++ b/var/php.yaml @@ -0,0 +1,44 @@ +--- +# php.yaml: +# Defines variables for the PHP role. +# This file is used to set up the PHP environment and configuration. +# needed variables: PHP_VERS + +php_packages: + - php{{PHP_VERS}}-common + - php{{PHP_VERS}}-curl + - php{{PHP_VERS}}-fpm + - php{{PHP_VERS}}-gd + - php{{PHP_VERS}}-igbinary + - php{{PHP_VERS}}-imagick + - php{{PHP_VERS}}-imap + - php{{PHP_VERS}}-intl + - php{{PHP_VERS}}-mbstring + - php{{PHP_VERS}}-memcached + - php{{PHP_VERS}}-msgpack + - php{{PHP_VERS}}-mysql + - php{{PHP_VERS}}-opcache + - php{{PHP_VERS}}-phpdbg + - php{{PHP_VERS}}-readline + - php{{PHP_VERS}}-redis + - php{{PHP_VERS}}-xdebug + - php{{PHP_VERS}}-xml + - php{{PHP_VERS}}-zip +php_additional_packages: + - redis-server + - imagemagick + +php_ini_settings: + - { section: "DEFAULT", option: "memory_limit", value: "512M" } + - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" } + - { section: "DEFAULT", option: "max_file_uploads", value: 100 } + - { section: "DEFAULT", option: "post_max_size", value: "512M" } + - { section: "DEFAULT", option: "max_execution_time", value: 600 } + - { section: "DEFAULT", option: "max_input_time", value: 600 } + - { section: "DEFAULT", option: "default_socket_timeout", value: 600 } + - { section: "Session", option: "session.save_handler", value: "redis" } + - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" } + - { section: "opcache", option: "opcache.enable", value: 1 } + - { section: "opcache", option: "opcache.memory_consumption", value: 512 } + - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 } + diff --git a/var/ssl-certificate.yaml b/var/ssl-certificate.yaml new file mode 100644 index 0000000..07bc809 --- /dev/null +++ b/var/ssl-certificate.yaml @@ -0,0 +1,7 @@ +--- +# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}" +SSL_COUNTRY: DE +SSL_STATE: Bavaria +SSL_LOCALITY: Kempten +SSL_ORGANIZATION: IT + diff --git a/var/vault_db.yaml b/var/vault_db.yaml new file mode 100644 index 0000000..4830f1e --- /dev/null +++ b/var/vault_db.yaml @@ -0,0 +1 @@ +vault_dba_password: Sekret.Top \ No newline at end of file diff --git a/var/webapps.yaml b/var/webapps.yaml new file mode 100644 index 0000000..40f6e88 --- /dev/null +++ b/var/webapps.yaml @@ -0,0 +1,11 @@ +webapps_list: + - webapp_name: myapp5.example.com + db_name: dbdummy5 + db_user: dummy5 + db_password: NeverKnown5 + directory: /srv/www/myapp5.example.com + - webapp_name: 'app7.example.com' + db_name: 'dbapp7' + db_user: 'appusr7' + db_password: 'Unknown7' + directory: '/srv/www/app7.example.com'