From ccb512491ad140e32a3d177ab9e89a02fc8b24a6 Mon Sep 17 00:00:00 2001 From: Anton Vakhrushev Date: Sat, 26 Aug 2017 21:46:20 +0300 Subject: [PATCH] Add configuration for notes app --- Vagrantfile | 28 +++++++ ansible/configuration.yml | 100 ++++++++++++++++++++++- ansible/requirements.yml | 11 ++- ansible/roles/server/tasks/main.yml | 16 ---- ansible/roles/static-site/tasks/main.yml | 10 +-- ansible/templates/notes.vhost.j2 | 46 +++++++++++ 6 files changed, 188 insertions(+), 23 deletions(-) create mode 100644 Vagrantfile delete mode 100755 ansible/roles/server/tasks/main.yml create mode 100644 ansible/templates/notes.vhost.j2 diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..22eb0fa --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,28 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +ENV["LC_ALL"] = "en_US.UTF-8" + +# For installing ansible_local from pip on guest +Vagrant.require_version ">= 1.8.3" + +Vagrant.configure("2") do |config| + + config.vm.box = "ubuntu/xenial64" + + config.vm.network "private_network", ip: "192.168.50.10" + + config.vm.provision "ansible_local" do |ansible| + ansible.playbook = "ansible/configuration.yml" + ansible.galaxy_role_file = "ansible/requirements.yml" + ansible.galaxy_roles_path = "ansible/galaxy.roles" + ansible.sudo = true + ansible.extra_vars = { + from_vagrant: true, + deploy_user: "deployer_test", + } + end + + config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true + config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true +end diff --git a/ansible/configuration.yml b/ansible/configuration.yml index 7008e82..2f20744 100644 --- a/ansible/configuration.yml +++ b/ansible/configuration.yml @@ -3,16 +3,114 @@ become: true vars: + + from_vagrant: no + deploy_user: deployer + + apps: + notes: + name: notes + dbname: notes_db + dbuser: notes_user + dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd + www: '/var/www/notes' + + app_envs: + NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe + NOTES_DATABASE_HOST: 127.0.0.1 + NOTES_DATABASE_PORT: 3306 + NOTES_DATABASE_NAME: "{{ apps.notes.dbname }}" + NOTES_DATABASE_USER: "{{ apps.notes.dbuser }}" + NOTES_DATABASE_PASSWORD: "{{ apps.notes.dbpassword }}" + SYMFONY_ENV: prod + timezone: UTC + + # nginx settings + nginx_remove_default_vhost: true + nginx_vhosts: + - server_name: notes.anwinged.ru + template: "{{ playbook_dir }}/templates/notes.vhost.j2" + + # php settings + + php_version: "7.1" + php_packages: + - php7.1 + - php7.1-curl + - php7.1-gd + - php7.1-fpm + - php7.1-mbstring + - php7.1-xml + - php7.1-intl + - php7.1-zip + - php7.1-mysql + php_webserver_daemon: nginx + php_enable_php_fpm: true + php_date_timezone: "{{ timezone }}" + php_fpm_listen: /run/php/php{{ php_version }}-fpm.sock + + # mysql settings + + mysql_databases: + - name: "{{ apps.notes.dbname }}" + mysql_users: + - name: "{{ apps.notes.dbuser }}" + host: '127.0.0.1' + password: "{{ apps.notes.dbpassword }}" + priv: "{{ apps.notes.dbname }}.*:ALL" + + pre_tasks: + - name: Ensure that PHP PPA is added. + apt_repository: repo=ppa:ondrej/php state=present + - name: Update apt cache + apt: update_cache=yes + - name: Install system packages + apt: pkg={{ item }} state=latest + with_items: + - curl + - git + - make + - python-software-properties + - wget + - zip + - name: Add deploy user + user: + name: "{{ deploy_user }}" + groups: www-data + - name: "Set authorized key took from file for {{ deploy_user }}" + authorized_key: + user: "{{ deploy_user }}" + state: present + key: "{{ lookup('file', 'id_rsa.pub') }}" + when: from_vagrant roles: - yatesr.timezone - geerlingguy.nginx - - server + - geerlingguy.php-versions + - geerlingguy.php + - geerlingguy.mysql - role: static-site static_site_name: anwinged static_site_domain: anwinged.ru - role: static-site static_site_name: s2photo static_site_domain: s2photo.ru + + post_tasks: + - name: Create system environment variables. + lineinfile: + path: /etc/environment + regexp: '^{{ item.key }}=' + line: '{{ item.key }}="{{ item.value }}"' + with_dict: "{{ app_envs }}" + - name: 'Create folder for {{ apps.notes.name }}.' + file: + path: "{{ apps.notes.www }}" + state: directory + owner: "{{ deploy_user }}" + group: www-data + recurse: yes + notify: restart nginx diff --git a/ansible/requirements.yml b/ansible/requirements.yml index ba5db27..26a64d7 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -3,4 +3,13 @@ version: 1.0.0 - src: geerlingguy.nginx - version: 1.9.6 + version: 2.5.0 + +- src: geerlingguy.php-versions + version: 1.1.0 + +- src: geerlingguy.php + version: 3.4.5 + +- src: geerlingguy.mysql + version: 2.8.0 diff --git a/ansible/roles/server/tasks/main.yml b/ansible/roles/server/tasks/main.yml deleted file mode 100755 index f4c21c2..0000000 --- a/ansible/roles/server/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Update apt cache - apt: update_cache=yes - -- name: Install system packages - apt: pkg={{ item }} state=latest - with_items: - - curl - - wget - - python-software-properties - - git - -- name: Add deploy user - user: - name: deployer - groups: www-data diff --git a/ansible/roles/static-site/tasks/main.yml b/ansible/roles/static-site/tasks/main.yml index 7e6cf28..148f4d6 100644 --- a/ansible/roles/static-site/tasks/main.yml +++ b/ansible/roles/static-site/tasks/main.yml @@ -1,15 +1,15 @@ --- -- name: Create nginx config +- name: "Create nginx config for {{ static_site_name }}." template: src: site.conf.j2 - dest: /etc/nginx/sites-enabled/{{ static_site_name }}.conf + dest: "/etc/nginx/sites-enabled/{{ static_site_name }}.conf" notify: restart nginx -- name: Create root folder +- name: "Create root folder for {{ static_site_name }}." file: - path: /var/www/{{ static_site_name }} + path: "/var/www/{{ static_site_name }}" state: directory - owner: deployer + owner: "{{ deploy_user }}" group: www-data recurse: yes notify: restart nginx diff --git a/ansible/templates/notes.vhost.j2 b/ansible/templates/notes.vhost.j2 new file mode 100644 index 0000000..ce8c14b --- /dev/null +++ b/ansible/templates/notes.vhost.j2 @@ -0,0 +1,46 @@ +server { + + server_name notes.anwinged.ru; + + root /var/www/notes/current/web; + + location / { + # try to serve file directly, fallback to app.php + try_files $uri /app.php$is_args$args; + } + + # PROD + location ~ ^/app\.php(/|$) { + fastcgi_pass unix:/var/run/php{{ php_version }}-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + {% for name, value in app_envs.iteritems() %} + fastcgi_param {{ name }} "{{ value }}"; + {% endfor %} + + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/app.php/some-path + # Remove the internal directive to allow URIs like this + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + error_log /var/log/nginx/{{ apps.notes.name }}_error.log; + access_log /var/log/nginx/{{ apps.notes.name }}_access.log; +}