From cfbee7baad7995ff322d4788bc7b6e2200a7fcf8 Mon Sep 17 00:00:00 2001 From: Hamatoma Date: Sat, 5 Apr 2025 19:49:15 +0200 Subject: [PATCH] V0.1.0: first working version as ansknife --- .gitignore | 1 + CHANGELOG.md | 2 + SetRights | 1 + playbooks/i_10_basic.yaml | 44 +------------- playbooks/i_15_server_packages.yaml | 1 + playbooks/i_20_nginx.yaml | 62 +------------------- playbooks/i_30_mariadb.yaml | 17 +----- playbooks/i_40_php8.2.yaml | 51 +--------------- playbooks/i_50_git_server.yaml | 1 + playbooks/i_99_test.yaml | 16 +---- playbooks/mysql_create_admin.yaml | 1 + playbooks/mysql_create_db_and_user copy.yaml | 1 + playbooks/mysql_create_db_and_user.yaml | 1 + playbooks/webapp_create.yaml | 1 + playbooks/webapp_export.yaml | 1 + playbooks/webapp_import.yaml | 1 + resources/needed.tgz | 2 +- resources/rsh.tgz | 2 +- scripts/CreatePlaybook | 1 + scripts/CreateTask | 1 + tasks/t_mysql_create_admin.yaml | 1 + tasks/t_mysql_create_db_and_user.yaml | 1 + tasks/t_webapp_create.yaml | 1 + tasks/t_webapp_export.yaml | 1 + tasks/t_webapp_import.yaml | 1 + var/common.yaml | 3 + var/db.yaml | 8 +++ {playbooks/var => var}/php.yaml | 0 {playbooks/var => var}/ssl-certificate.yaml | 0 var/vault_db.yaml | 1 + var/webapps.yaml | 11 ++++ 31 files changed, 49 insertions(+), 187 deletions(-) create mode 120000 SetRights mode change 100644 => 120000 playbooks/i_10_basic.yaml create mode 120000 playbooks/i_15_server_packages.yaml mode change 100644 => 120000 playbooks/i_20_nginx.yaml mode change 100644 => 120000 playbooks/i_30_mariadb.yaml mode change 100644 => 120000 playbooks/i_40_php8.2.yaml create mode 120000 playbooks/i_50_git_server.yaml mode change 100644 => 120000 playbooks/i_99_test.yaml create mode 120000 playbooks/mysql_create_admin.yaml create mode 120000 playbooks/mysql_create_db_and_user copy.yaml create mode 120000 playbooks/mysql_create_db_and_user.yaml create mode 120000 playbooks/webapp_create.yaml create mode 120000 playbooks/webapp_export.yaml create mode 120000 playbooks/webapp_import.yaml create mode 120000 scripts/CreatePlaybook create mode 120000 scripts/CreateTask create mode 120000 tasks/t_mysql_create_admin.yaml create mode 120000 tasks/t_mysql_create_db_and_user.yaml create mode 120000 tasks/t_webapp_create.yaml create mode 120000 tasks/t_webapp_export.yaml create mode 120000 tasks/t_webapp_import.yaml create mode 100644 var/common.yaml create mode 100644 var/db.yaml rename {playbooks/var => var}/php.yaml (100%) rename {playbooks/var => var}/ssl-certificate.yaml (100%) create mode 100644 var/vault_db.yaml create mode 100644 var/webapps.yaml diff --git a/.gitignore b/.gitignore index 722d5e7..0d806df 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .vscode +.vault diff --git a/CHANGELOG.md b/CHANGELOG.md index 51ee0d2..1ec6b54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1 +1,3 @@ # Change log of +## V0.1.0: first working version as ansknife + diff --git a/SetRights b/SetRights new file mode 120000 index 0000000..6172707 --- /dev/null +++ b/SetRights @@ -0,0 +1 @@ +../ansknife/SetRights \ No newline at end of file diff --git a/playbooks/i_10_basic.yaml b/playbooks/i_10_basic.yaml deleted file mode 100644 index a5f64df..0000000 --- a/playbooks/i_10_basic.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- hosts: all - vars: - hostname: "nest" - tasks: - - name: Prepare /media/trg directory - file: path=/media/trg state=directory - - name: Prepare /media/tmp directory - file: path=/media/trg state=directory - - name: Prepare /media/fs.cave directory - file: path=/media/fs.cave state=directory - - name: Prepare /media/fs.sys directory - file: path=/media/fs.sys state=directory - - name: Prepare /usr/local/bin directory - file: path=/usr/local/bin state=directory - - name: Prepare /usr/local/bin/local directory - file: path=/usr/local/bin/local state=directory - - name: Prepare /usr/share/pyrshell directory - file: path=/usr/share/pyrshell state=directory - - name: Symbolic link to local directory - file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link - - name: Unpack a tar into /usr/local/bin/local - unarchive: src=../resources/needed.tgz dest=/usr/local/bin - - name: Symbolic link to /p - file: src=/usr/local/bin/std.profile dest=/p state=link - - name: Unpack a tar into /usr/share/pyrshell - unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell - - name: Create user bupsrv - user: name=bupsrv state=present uid=201 - - name: Create user bupsupply - user: name=bupsupply state=present uid=202 - - name: Create user bupwiki - user: name=bupwiki state=present uid=203 - - name: Create user buptmp - user: name=buptmp state=present uid=204 - - name: Create user extdata - user: name=extdata state=present uid=211 - - name: Create user extcloud - user: name=extcloud state=present uid=212 - - name: Create user extbup - user: name=extbup state=present uid=213 - \ No newline at end of file diff --git a/playbooks/i_10_basic.yaml b/playbooks/i_10_basic.yaml new file mode 120000 index 0000000..4250d9d --- /dev/null +++ b/playbooks/i_10_basic.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_10_basic.yaml \ No newline at end of file diff --git a/playbooks/i_15_server_packages.yaml b/playbooks/i_15_server_packages.yaml new file mode 120000 index 0000000..5d15839 --- /dev/null +++ b/playbooks/i_15_server_packages.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_15_server_packages.yaml \ No newline at end of file diff --git a/playbooks/i_20_nginx.yaml b/playbooks/i_20_nginx.yaml deleted file mode 100644 index 99e2f67..0000000 --- a/playbooks/i_20_nginx.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -- name: Install and configure with letsencrypt - hosts: all - become: yes - - vars: - user: www-data - hostname: "{{ inventory_hostname }}" - log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" - vars_files: - - var/ssl-certificate.yaml - tasks: - - name: Install nginx - apt: - name: nginx - state: latest - update_cache: yes - - name: Prepare letsencrypt home directory - file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory - - name: Add test file1 - copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/ - - name: Add test file2 - copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt - - name: Prepare letsencrypt - copy: - src: ../templates/nginx/letsencrypt.conf - dest: /etc/nginx/snippets - - name: add HTTP-variables - copy: - src: ../templates/nginx/http.conf - dest: /etc/nginx/snippets - - name: create a www directory - file: path=/home/www state=directory owner=root group=www-data - - - name: create the /srv/www link - file: src=/home/www dest=/srv/www state=link - - name: Ensure nginx is running - systemd: - name: nginx - state: started - enabled: yes - - name: create a test virtual hosts - template: - src: ../templates/nginx/test.site - dest: /etc/nginx/sites-available/{{hostname}} - - name: activate by link in sites-enabled - file: - src: /etc/nginx/sites-available/{{hostname}} - dest: /etc/nginx/sites-enabled/{{hostname}} - state: link - - name: create a ssh-certificate - command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/{{hostname}}.key -out /etc/ssl/certs/{{hostname}}.pem -subj "/C={{SSL_COUNTRY}}/ST={{SSL_STATE}}/L={{SSL_LOCALITY}}/O={{SSL_ORGANIZATION}}/CN={{hostname}}" - args: - creates: /etc/ssl/private/{{hostname}}.key - - name: create a document root - file: dest=/srv/www/{{hostname}} state=directory owner=www-data group=www-data - - name: create a test index.html - template: src=../templates/nginx/index.html dest=/srv/www/{{hostname}}/index.html - - name: create a test index.php - copy: src=../templates/nginx/index.php dest=/srv/www/{{hostname}}/index.php - diff --git a/playbooks/i_20_nginx.yaml b/playbooks/i_20_nginx.yaml new file mode 120000 index 0000000..fef4661 --- /dev/null +++ b/playbooks/i_20_nginx.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_20_nginx.yaml \ No newline at end of file diff --git a/playbooks/i_30_mariadb.yaml b/playbooks/i_30_mariadb.yaml deleted file mode 100644 index a5852e1..0000000 --- a/playbooks/i_30_mariadb.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: all - vars: - - PHP_VERS: "8.3" - - tasks: - - name: Install mariadb - ansible.builtin.apt: - name: - - mariadb-server - state: latest - update_cache: yes - - name: Ensure mariadb is running - ansible.builtin.systemd: - name: mysqld - state: started - enabled: yes \ No newline at end of file diff --git a/playbooks/i_30_mariadb.yaml b/playbooks/i_30_mariadb.yaml new file mode 120000 index 0000000..d1c8dd2 --- /dev/null +++ b/playbooks/i_30_mariadb.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_30_mariadb.yaml \ No newline at end of file diff --git a/playbooks/i_40_php8.2.yaml b/playbooks/i_40_php8.2.yaml deleted file mode 100644 index d2a6d17..0000000 --- a/playbooks/i_40_php8.2.yaml +++ /dev/null @@ -1,50 +0,0 @@ -- hosts: all - vars: - - PHP_VERS: "8.2" - vars_files: - - var/php.yaml - pre_tasks: - - name: - apt: - name: gpg - state: present - update_cache: true - - name: add packages.sury.org (Debian case) - block: - - name: add gpg repo key - apt_key: - url: 'https://packages.sury.org/php/apt.gpg' - state: present - - - name: add apt repo - apt_repository: - repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main' - state: present - filename: php - when: ansible_distribution == 'Debian' - tasks: - - name: Install PHP {{PHP_VERS}} and common modules - ansible.builtin.apt: - name: "{{ item }}" - state: present - update_cache: true - cache_valid_time: 3600 - with_items: "{{ php_packages + php_additional_packages }}" - - name: Define PHP variables in php.ini - ansible.builtin.ini_file: - dest: /etc/php/{{PHP_VERS}}/fpm/php.ini - section: "{{ item.section }}" - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - "{{ php_ini_settings }}" - - name: Ensure PHP-FPM is running - ansible.builtin.systemd: - name: php{{PHP_VERS}}-fpm - state: started - enabled: yes - - name: Ensure Redis is running - ansible.builtin.systemd: - name: redis-server - state: started - enabled: yes \ No newline at end of file diff --git a/playbooks/i_40_php8.2.yaml b/playbooks/i_40_php8.2.yaml new file mode 120000 index 0000000..37b9910 --- /dev/null +++ b/playbooks/i_40_php8.2.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_40_php8.2.yaml \ No newline at end of file diff --git a/playbooks/i_50_git_server.yaml b/playbooks/i_50_git_server.yaml new file mode 120000 index 0000000..31bad60 --- /dev/null +++ b/playbooks/i_50_git_server.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_50_git_server.yaml \ No newline at end of file diff --git a/playbooks/i_99_test.yaml b/playbooks/i_99_test.yaml deleted file mode 100644 index e21156f..0000000 --- a/playbooks/i_99_test.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Install and configure with letsencrypt - hosts: all - become: yes - - vars: - user: www-data - hostname: "{{ inventory_hostname }}" - log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" - vars_files: - - var/ssl-certificate.yaml - tasks: - - name: Install nginx - debug: - msg: "hostname: {{hostname}} log_name: {{log_name}}" \ No newline at end of file diff --git a/playbooks/i_99_test.yaml b/playbooks/i_99_test.yaml new file mode 120000 index 0000000..e7ae028 --- /dev/null +++ b/playbooks/i_99_test.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/i_99_test.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_admin.yaml b/playbooks/mysql_create_admin.yaml new file mode 120000 index 0000000..9ebc574 --- /dev/null +++ b/playbooks/mysql_create_admin.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_admin.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_db_and_user copy.yaml b/playbooks/mysql_create_db_and_user copy.yaml new file mode 120000 index 0000000..33e8e09 --- /dev/null +++ b/playbooks/mysql_create_db_and_user copy.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/playbooks/mysql_create_db_and_user.yaml b/playbooks/mysql_create_db_and_user.yaml new file mode 120000 index 0000000..33e8e09 --- /dev/null +++ b/playbooks/mysql_create_db_and_user.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/playbooks/webapp_create.yaml b/playbooks/webapp_create.yaml new file mode 120000 index 0000000..b9d23a9 --- /dev/null +++ b/playbooks/webapp_create.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_create.yaml \ No newline at end of file diff --git a/playbooks/webapp_export.yaml b/playbooks/webapp_export.yaml new file mode 120000 index 0000000..0d1daad --- /dev/null +++ b/playbooks/webapp_export.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_export.yaml \ No newline at end of file diff --git a/playbooks/webapp_import.yaml b/playbooks/webapp_import.yaml new file mode 120000 index 0000000..a06bb76 --- /dev/null +++ b/playbooks/webapp_import.yaml @@ -0,0 +1 @@ +../../ansknife/playbooks/webapp_import.yaml \ No newline at end of file diff --git a/resources/needed.tgz b/resources/needed.tgz index 0da7040..3c4ed1f 120000 --- a/resources/needed.tgz +++ b/resources/needed.tgz @@ -1 +1 @@ -../../common/resources/needed.tgz \ No newline at end of file +../../ansknife/resources/needed.tgz \ No newline at end of file diff --git a/resources/rsh.tgz b/resources/rsh.tgz index fda2b9c..1030745 120000 --- a/resources/rsh.tgz +++ b/resources/rsh.tgz @@ -1 +1 @@ -../../common/resources/rsh.tgz \ No newline at end of file +../../ansknife/resources/rsh.tgz \ No newline at end of file diff --git a/scripts/CreatePlaybook b/scripts/CreatePlaybook new file mode 120000 index 0000000..71ad78a --- /dev/null +++ b/scripts/CreatePlaybook @@ -0,0 +1 @@ +../../ansknife/scripts/CreatePlaybook \ No newline at end of file diff --git a/scripts/CreateTask b/scripts/CreateTask new file mode 120000 index 0000000..af89d80 --- /dev/null +++ b/scripts/CreateTask @@ -0,0 +1 @@ +../../ansknife/scripts/CreateTask \ No newline at end of file diff --git a/tasks/t_mysql_create_admin.yaml b/tasks/t_mysql_create_admin.yaml new file mode 120000 index 0000000..0df504c --- /dev/null +++ b/tasks/t_mysql_create_admin.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_mysql_create_admin.yaml \ No newline at end of file diff --git a/tasks/t_mysql_create_db_and_user.yaml b/tasks/t_mysql_create_db_and_user.yaml new file mode 120000 index 0000000..f91e0db --- /dev/null +++ b/tasks/t_mysql_create_db_and_user.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_mysql_create_db_and_user.yaml \ No newline at end of file diff --git a/tasks/t_webapp_create.yaml b/tasks/t_webapp_create.yaml new file mode 120000 index 0000000..194111e --- /dev/null +++ b/tasks/t_webapp_create.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_create.yaml \ No newline at end of file diff --git a/tasks/t_webapp_export.yaml b/tasks/t_webapp_export.yaml new file mode 120000 index 0000000..7df312c --- /dev/null +++ b/tasks/t_webapp_export.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_export.yaml \ No newline at end of file diff --git a/tasks/t_webapp_import.yaml b/tasks/t_webapp_import.yaml new file mode 120000 index 0000000..fe09c5c --- /dev/null +++ b/tasks/t_webapp_import.yaml @@ -0,0 +1 @@ +../../ansknife/tasks/t_webapp_import.yaml \ No newline at end of file diff --git a/var/common.yaml b/var/common.yaml new file mode 100644 index 0000000..9031605 --- /dev/null +++ b/var/common.yaml @@ -0,0 +1,3 @@ +configuration_directory: /etc/ansknife +remote_webapps_directory: "{{ configuration_directory }}/webapps.d" +local_webapps_directory: "../webapps" \ No newline at end of file diff --git a/var/db.yaml b/var/db.yaml new file mode 100644 index 0000000..e713d30 --- /dev/null +++ b/var/db.yaml @@ -0,0 +1,8 @@ +--- +# Creation of the central password file: +# echo "top_secret_password" > resources/.vaults +# Creation of the encrypted vault file: +# ansible-vault encrypt_string --vault-password-file resources/.vault --name 'vault_dba_password' --stdin-name 'vault_dba_password' | tee var/vault_db.yaml +# Find the password file: ANSIBLE_VAULT_PASSWORD_FILE=resources/.vault +dba_name: dba +dba_password: "{{ vault_dba_password }}" \ No newline at end of file diff --git a/playbooks/var/php.yaml b/var/php.yaml similarity index 100% rename from playbooks/var/php.yaml rename to var/php.yaml diff --git a/playbooks/var/ssl-certificate.yaml b/var/ssl-certificate.yaml similarity index 100% rename from playbooks/var/ssl-certificate.yaml rename to var/ssl-certificate.yaml diff --git a/var/vault_db.yaml b/var/vault_db.yaml new file mode 100644 index 0000000..4830f1e --- /dev/null +++ b/var/vault_db.yaml @@ -0,0 +1 @@ +vault_dba_password: Sekret.Top \ No newline at end of file diff --git a/var/webapps.yaml b/var/webapps.yaml new file mode 100644 index 0000000..40f6e88 --- /dev/null +++ b/var/webapps.yaml @@ -0,0 +1,11 @@ +webapps_list: + - webapp_name: myapp5.example.com + db_name: dbdummy5 + db_user: dummy5 + db_password: NeverKnown5 + directory: /srv/www/myapp5.example.com + - webapp_name: 'app7.example.com' + db_name: 'dbapp7' + db_user: 'appusr7' + db_password: 'Unknown7' + directory: '/srv/www/app7.example.com' -- 2.39.5