Installation de docker.
This commit is contained in:
William
parent
2290ada68e
commit
b3d82b8848
@ -5,8 +5,9 @@ This playbook installs webserver (Nginx, Mariadb, PHP)
|
||||
## Usage
|
||||
|
||||
```shell
|
||||
cp hosts.example.ini hosts.ini # change config values
|
||||
touch deploy.sub # paste your ssh pub key for www_user
|
||||
# copy config file then change values
|
||||
cp hosts.example.ini hosts.ini
|
||||
|
||||
ansible-playbook -i hosts.ini playbook.yml # run playbook
|
||||
# run playbook
|
||||
ansible-playbook -i hosts.ini playbook.yml --extra-vars "ssh_key=id.pub"
|
||||
```
|
||||
|
||||
@ -4,9 +4,6 @@
|
||||
[web:vars]
|
||||
ansible_ssh_user=ubuntu
|
||||
ansible_python_interpreter=/usr/bin/python3
|
||||
mysql_root_password='motdepasse'
|
||||
mysql_old_root_password='motdepasse'
|
||||
php_version='8.0'
|
||||
www_user=user
|
||||
www_group=group
|
||||
www_home=/home/user
|
||||
|
||||
@ -11,6 +11,5 @@
|
||||
update_cache: yes
|
||||
|
||||
roles:
|
||||
- mariadb
|
||||
- nginx
|
||||
- php
|
||||
- wwwuser
|
||||
- docker
|
||||
|
||||
45
roles/docker/tasks/main.yml
Normal file
45
roles/docker/tasks/main.yml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
- name: install
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- software-properties-common
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: add Docker GPG apt Key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
state: present
|
||||
|
||||
- name: add Docker Repository
|
||||
apt_repository:
|
||||
repo: "deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
state: present
|
||||
|
||||
- name: update apt and install docker-ce
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
state: latest
|
||||
update_cache: yes
|
||||
|
||||
- name: add the Python client for Docker
|
||||
pip:
|
||||
name: docker-py
|
||||
|
||||
- name: install docker-compose
|
||||
get_url:
|
||||
url : https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
|
||||
dest: /usr/local/bin/docker-compose
|
||||
mode: 'u+x,g+x'
|
||||
group: docker
|
||||
|
||||
- name: add admin to docker group
|
||||
user:
|
||||
name: "{{ www_user }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
@ -1,27 +0,0 @@
|
||||
---
|
||||
- name: install
|
||||
apt:
|
||||
name:
|
||||
- mariadb-server
|
||||
- libmysqlclient-dev
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: install python client
|
||||
pip:
|
||||
name: mysqlclient
|
||||
state: present
|
||||
|
||||
- name: ensure service is start
|
||||
service:
|
||||
name: mysql
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: change root password
|
||||
mysql_user:
|
||||
name: root
|
||||
password: '{{ mysql_root_password }}'
|
||||
host: 'localhost'
|
||||
login_user: root
|
||||
login_password: '{{ mysql_old_root_password }}'
|
||||
@ -1,52 +0,0 @@
|
||||
---
|
||||
- name: install
|
||||
apt:
|
||||
name:
|
||||
- nginx
|
||||
- letsencrypt
|
||||
- python3-certbot-nginx
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: create wwwuser group
|
||||
group:
|
||||
name: "{{ www_group }}"
|
||||
state: present
|
||||
system: true
|
||||
|
||||
- name: create wwwuser user
|
||||
user:
|
||||
name: "{{ www_user }}"
|
||||
group: "{{ www_group }}"
|
||||
comment: "Web user"
|
||||
shell: /bin/bash
|
||||
home: "{{ www_home }}"
|
||||
system: true
|
||||
state: present
|
||||
|
||||
- name: authorize deployer ssh key to wwwuser
|
||||
authorized_key:
|
||||
user: "{{ www_user }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', '../../../deploy.pub') }}"
|
||||
|
||||
- name: define wwwuser as nginx's user
|
||||
replace:
|
||||
path: /etc/nginx/nginx.conf
|
||||
regexp: '^user (.+);$'
|
||||
replace: "user {{ www_user }};"
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
- name: create letsencrypt's challenge directory
|
||||
file:
|
||||
name: /var/www/letsencrypt
|
||||
state: directory
|
||||
|
||||
- name: generate letsencrypt's dhparams
|
||||
shell: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
|
||||
args:
|
||||
creates: /etc/letsencrypt/ssl-dhparams.pem
|
||||
@ -1,17 +0,0 @@
|
||||
php_version: 8.0
|
||||
|
||||
php_packages:
|
||||
- php{{ php_version }}-common
|
||||
- php{{ php_version }}-zip
|
||||
- php{{ php_version }}-pdo
|
||||
- php{{ php_version }}-mbstring
|
||||
- php{{ php_version }}-tokenizer
|
||||
- php{{ php_version }}-xml
|
||||
- php{{ php_version }}-opcache
|
||||
- php{{ php_version }}-mysql
|
||||
- php{{ php_version }}-imap
|
||||
- php{{ php_version }}-curl
|
||||
- php{{ php_version }}-memcached
|
||||
- php{{ php_version }}-intl
|
||||
- php{{ php_version }}-gd
|
||||
- php{{ php_version }}-bcmath
|
||||
@ -1,62 +0,0 @@
|
||||
---
|
||||
- name: add gpg key (debian)
|
||||
apt_key:
|
||||
url: "https://packages.sury.org/php/apt.gpg"
|
||||
state: present
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- name: add repository (debian)
|
||||
apt_repository:
|
||||
repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- name: add repository (ubuntu)
|
||||
apt_repository:
|
||||
repo: ppa:ondrej/php
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: install
|
||||
apt:
|
||||
name: "php{{ php_version }}-fpm"
|
||||
state: present
|
||||
update_cache: yes
|
||||
install_recommends: no
|
||||
|
||||
- name: install packages
|
||||
apt:
|
||||
name: "{{ php_packages | list }}"
|
||||
state: present
|
||||
install_recommends: no
|
||||
|
||||
- name: change default version
|
||||
alternatives:
|
||||
name: php
|
||||
path: /usr/bin/php{{ php_version }}
|
||||
|
||||
- name: define wwwuser as php-fpm's user
|
||||
replace:
|
||||
path: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
|
||||
regexp: '{{ item.from }}'
|
||||
replace: "{{ item.to }}"
|
||||
with_items:
|
||||
- {from: '^user = (.+)$', to: 'user = {{ www_user }}'}
|
||||
- {from: '^group = (.+)$', to: 'group = {{ www_group }}'}
|
||||
- {from: '^listen.owner = (.+)$', to: 'listen.owner = {{ www_user }}'}
|
||||
- {from: '^listen.group = (.+)$', to: 'listen.group = {{ www_group }}'}
|
||||
|
||||
- name: add permission to wwwuser to reload php-fpm
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^{{ www_user }} ALL=NOPASSWD: /usr/sbin/service php{{ php_version }}-fpm reload$'
|
||||
line: '{{ www_user }} ALL=NOPASSWD: /usr/sbin/service php{{ php_version }}-fpm reload'
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- name: restart php-fpm
|
||||
service:
|
||||
name: php{{ php_version }}-fpm
|
||||
state: restarted
|
||||
30
roles/wwwuser/tasks/main.yml
Normal file
30
roles/wwwuser/tasks/main.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: create wwwuser group
|
||||
group:
|
||||
name: "{{ www_group }}"
|
||||
state: present
|
||||
system: true
|
||||
|
||||
- name: create wwwuser user
|
||||
user:
|
||||
name: "{{ www_user }}"
|
||||
group: "{{ www_group }}"
|
||||
comment: "Web user"
|
||||
shell: /bin/bash
|
||||
home: "{{ www_home }}"
|
||||
system: true
|
||||
state: present
|
||||
|
||||
- name: authorize ssh key to wwwuser
|
||||
authorized_key:
|
||||
user: "{{ www_user }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', ssh_key) }}"
|
||||
when: ssh_key is defined
|
||||
|
||||
- name: create app's directory
|
||||
file:
|
||||
path: "{{ www_home }}/apps"
|
||||
state: directory
|
||||
owner: "{{ www_user }}"
|
||||
group: "{{ www_group }}"
|
||||
Loading…
x
Reference in New Issue
Block a user