libretic/ansible-role-apache
6
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-apache synced 2025-01-05 01:20:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit '36c0b61c598e34c572283c7d76d42cf8e81cd126' as 'roles/ansible-role-apache'

Browse source
This commit is contained in:
Ivan Grynenko 2016-07-06 20:47:29 +10:00
commit 70f5fbc741
181 changed files with 577 additions and 5013 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
wordpress-nginx/hosts
.DS_Store

13
roles/ansible-role-apache-php-fpm/.travis.yml → .travis.yml
View file

@ -2,6 +2,10 @@
sudo: required
env:
- distribution: centos
version: 6
init: /sbin/init
run_opts: ""
- distribution: centos
version: 7
init: /usr/lib/systemd/systemd
@ -19,6 +23,7 @@ services:
- docker
before_install:
# - sudo apt-get update
# Pull container
- 'sudo docker pull ${distribution}:${version}'
# Customize container
@ -26,18 +31,14 @@ before_install:
script:
- container_id=$(mktemp)
# Run container in detached state.
# Run container in detached state
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
# Install required Galaxy roles.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.repo-remi geerlingguy.apache geerlingguy.php'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml'
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml'
# Test role idempotence.
- >
@ -50,4 +51,4 @@ script:
- 'sudo docker stop "$(cat ${container_id})"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
webhooks: https://galaxy.ansible.com/api/v1/notifications/

5
LICENSE.md
View file

@ -1,5 +0,0 @@
Modified by David Beck (techiscool@gmail.com) 2015
Copyright (C) 2015 Eugene Varnavsky (varnavruz@gmail.com)
This work is licensed under the Creative Commons Attribution 3.0 Unported License.
To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US.

138
README.md
View file

@ -1,34 +1,124 @@
## WordPress+Nginx+PHP-FPM+MariaDB Deployment
# Ansible Role: Apache 2.x
- Requires Ansible 1.2 or newer
- Expects CentOS/RHEL 7.x host/s
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache)
RHEL7 version reflects changes in Red Hat Enterprise Linux and CentOS 7:
1. Network device naming scheme has changed
2. iptables is replaced with firewalld
3. MySQL is replaced with MariaDB
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
These playbooks deploy a simple all-in-one configuration of the popular
WordPress blogging platform and CMS, frontend by the Nginx web server and the
PHP-FPM process manager. To use, copy the `hosts.example` file to `hosts` and
edit the `hosts` inventory file to include the names or URLs of the servers
you want to deploy.
## Requirements
Then run the playbook, like this:
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
ansible-playbook -i hosts site.yml
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
The playbooks will configure MariaDB, WordPress, Nginx, and PHP-FPM. When the run
is complete, you can hit access server to begin the WordPress configuration.
## Role Variables
### Ideas for Improvement
Available variables are listed below, along with default values (see `defaults/main.yml`):
Here are some ideas for ways that these playbooks could be extended:
apache_enablerepo: ""
- Parameterize the WordPress deployment to handle multi-site configurations.
- Separate the components (PHP-FPM, MySQL, Nginx) onto separate hosts and
handle the configuration appropriately.
- Handle WordPress upgrades automatically.
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
We would love to see contributions and improvements, so please fork this
repository on GitHub and send us your changes via pull requests.
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
apache_vhosts_ssl: []
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
apache_vhosts_ssl:
- {
servername: "local.dev",
documentroot: "/var/www/html",
certificate_file: "/home/vagrant/example.crt",
certificate_key_file: "/home/vagrant/example.key",
certificate_chain_file: "/path/to/certificate_chain.crt"
}
Other SSL directives can be managed with other SSL-related role variables.
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
apache_packages:
- [platform-specific]
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
apache_state: started
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
*Inside `vars/main.yml`*:
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

44
defaults/main.yml Normal file
View file

@ -0,0 +1,44 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_vhosts_ssl: []
# Additional properties: 'serveradmin, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started

335
group_vars/all.yml
View file

@ -1,335 +0,0 @@
---
# Variables listed here are applicable to all host groups
server_hostname: web01.redyhost.com
mysql_root_password: Ff!2KDSUOs10[tXR*M</_#mgvlJCkz5W
mysql_databases:
- name: drupal8db
encoding: utf8
collation: utf8_general_ci
mysql_users:
- name: drupal8user
host: "127.0.0.1"
password: "dcSEMWpH]O2P"
priv: "drupal8db.*:ALL"
- name: drupal8user
host: "localshot"
password: "dcSEMWpH]O2P"
priv: "drupal8db.*:ALL"
php_date_timezone: "Australia/Melbourne"
# Default user password for vmuser
default_user_username: "vmuser"
default_user_password: #uVOInGP&p<jfd}bkelLMEH!ZNRg$xiz
# Whether to enable BigPipe. Put Yes to enable.
nginx_bigpipe_enable: ""
# DO NOT MODIFY BELOW THIS LINE.
ansible_ssh_private_key_file: /home/redyhost/.ssh/id_rsa_provisioning
wp_version: 4.3
wp_sha256sum: 3b0db3abe8504f15a33cf64188a493ec0de01eaa8d20e37c3d6a1d9fa0a40fb4
# These are the WordPress database settings
wp_db_name: wordpress
wp_db_user: wordpress
wp_db_password: secret
# MySQL settings
mysql_root_password_update: yes
mysql_bind_address: '127.0.0.1'
mysql_slow_query_log_enabled: yes
mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_pid_file: /var/lib/mysql/mysql.pid
mysql_slow_query_time: 2
mysql_max_allowed_packet: "256M"
mysql_innodb_buffer_pool_size: "1G"
mysql_innodb_log_buffer_size: "1G"
mysql_innodb_log_file_size: "1G"
mysql_innodb_flush_log_at_trx_commit: "2"
mysql_innodb_file_per_table: 1
mysql_innodb_log_buffer_size: "16M"
# This is used for the nginx server configuration, but access to the
# WordPress site is not restricted by a named host.
nginx_port: 80
server_hostname: server.example.com
# Listing Vhost domains, required to create docroot directories.
vhost_domains:
first:
name: '{{ server_hostname }}'
second:
name: '2-{{ server_hostname }}'
# Apache configuration behind Nginx reverse proxy.
apache_listen_ip: "127.0.0.1"
apache_listen_port: 82
apache_listen_port_ssl: 2443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_remove_default_vhost: false
apache_state: started
apache_vhosts_version: "2.4"
apache_enable_event_mpm: true
apache_packages:
- mod_ssl
- mod_security
apache_mods_disabled:
- php
- php7
apache_vhosts_ssl: []
apache_vhosts:
- servername: "www.{{ server_hostname }}"
serveralias: "{{ server_hostname }}"
documentroot: "/var/www/html/{{ server_hostname }}"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ErrorLog "/var/log/httpd/{{ server_hostname }}_error.log"
ServerSignature Off
ProxyTimeout 600
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/{{ server_hostname }}/$1"
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog
CustomLog "/var/log/httpd/{{ server_hostname }}_access.log" combinedlog
<Proxy fcgi://localhost:9000>
ProxySet timeout=600
</Proxy>
- servername: "www.2{{ server_hostname }}"
serveralias: "2{{ server_hostname }}"
documentroot: "/var/www/html/2{{ server_hostname }}"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ErrorLog "/var/log/httpd/2{{ server_hostname }}_error.log"
ServerSignature Off
ProxyTimeout 600
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/2{{ server_hostname }}/$1"
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog
CustomLog "/var/log/httpd/2{{ server_hostname }}_access.log" combinedlog
<Proxy fcgi://localhost:9000>
ProxySet timeout=600
</Proxy>
# Disable All Updates
# By default automatic updates are enabled, set this value to true to disable all automatic updates
auto_up_disable: false
#Define Core Update Level
# true = Development, minor, and major updates are all enabled
# false = Development, minor, and major updates are all disabled
# minor = Minor updates are enabled, development, and major updates are disabled
core_update_level: true
# Defines PHP values
php_enablerepo: "remi-php70"
# PHP-FPM configuration.
php_enable_php_fpm: true
php_fpm_pool_user: vmuser
php_fpm_pool_group: www-php
php_apc_shm_size: "128M"
php_post_max_size: "256M"
php_upload_max_filesize: "1024M"
php_max_input_vars: "4000"
# Interaction with which web server
php_webserver_daemon: "httpd"
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE & ~E_WARNING"
php_packages:
- php
- php-cli
- php-common
- php-devel
- php-fpm
- php-gd
- php-imap
- php-ldap
- php-mbstring
- php-mcrypt
- php-memcached
- php-mysql
- php-opcache
- php-pdo
- php-pear
- php-pecl-apcu
- php-xml
- php-twig
- php-xmlrpc
- php-pecl-uploadprogress
# Drush
drush_keep_updated: yes
drush_force_update: yes
# Nginx vhosts configuration
nginx_vhosts:
- listen: "{{ nginx_port }}"
server_name: "{{ server_hostname }} www.{{ server_hostname }}"
root: "/var/www/html/{{ server_hostname }}"
open_file_cache: "max=2000 inactive=120s"
open_file_cache_valid: "240s"
open_file_cache_min_uses: "5"
open_file_cache_errors: "off"
client_max_body_size: "5m"
client_body_timeout: "60"
index: "index.php index.html index.htm"
error_page: "403 =404"
access_log: "/var/log/nginx/{{ server_hostname }}_access.log"
error_log: "/var/log/nginx/{{ server_hostname }}_error.log"
extra_parameters: |
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^/sites/default/files/ {
try_files $uri @rewrite;
}
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ {
expires max;
log_not_found off;
add_header Cache-Control "public";
add_header X-Cache $upstream_cache_status;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "/";
add_header X-Your-IP $remote_addr;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "php";
add_header X-Your-IP $remote_addr;
}
location = /backup {
deny all;
}
location ~* \.(txt|log)$ {
allow 127.0.0.1;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location ~ ~$ {
access_log off;
log_not_found off;
deny all;
}
location ~ /\.ht {
deny all;
}
location @rewrite {
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1 last;
}
- listen: "{{ nginx_port }}"
server_name: "2{{ server_hostname }} www.2{{ server_hostname }}"
root: "/var/www/html/2{{ server_hostname }}"
open_file_cache: "max=2000 inactive=120s"
open_file_cache_valid: "240s"
open_file_cache_min_uses: "5"
open_file_cache_errors: "off"
client_max_body_size: "5m"
client_body_timeout: "60"
index: "index.php index.html index.htm"
error_page: "403 =404"
access_log: "/var/log/nginx/2{{ server_hostname }}_access.log"
error_log: "/var/log/nginx/2{{ server_hostname }}_error.log"
extra_parameters: |
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^/sites/default/files/ {
try_files $uri @rewrite;
}
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ {
expires max;
log_not_found off;
add_header Cache-Control "public";
add_header X-Cache $upstream_cache_status;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "/";
add_header X-Your-IP $remote_addr;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "php";
add_header X-Your-IP $remote_addr;
}
location = /backup {
deny all;
}
location ~* \.(txt|log)$ {
allow 127.0.0.1;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location ~ ~$ {
access_log off;
log_not_found off;
deny all;
}
location ~ /\.ht {
deny all;
}
location @rewrite {
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1 last;
}

5
handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: restarted

2
hosts
View file

@ -1,2 +0,0 @@
[lemp-server]
122.129.219.67:221

25
roles/ansible-role-memcached/meta/main.yml → meta/main.yml
View file

@ -3,22 +3,29 @@ dependencies: []
galaxy_info:
author: geerlingguy
description: Memcached for Linux
description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.8
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- precise
- trusty
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- precise
- raring
- saucy
- trusty
- xenial
- name: Suse
versions:
- all
- name: Solaris
versions:
- 11.3
galaxy_tags:
- web
- database

57
roles/ansible-role-apache-php-fpm/README.md
View file

@ -1,57 +0,0 @@
# Ansible Role: Apache PHP-FPM
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache-php-fpm.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache-php-fpm)
An Ansible Role that configures Apache for PHP-FPM usage on RHEL/CentOS and Debian/Ubuntu.
## Requirements
This role is dependent upon `geerlingguy.apache`, and also requires you have PHP running with PHP-FPM somewhere on the server or elsewhere (I usually configure PHP with the `geerlingguy.php` role).
Additionally, this role will only work correctly if you have Apache 2.4.9+ installed; on older versions of Debian/Ubuntu Linux (e.g. 12.04), you can add `ppa:ondrej/apache2` prior to Apache installation to install Apache 2.4, for example:
- name: Add repository for Apache 2.4 on Ubuntu 12.04.
apt_repository: repo='ppa:ondrej/apache2'
when: ansible_distribution_version == "12.04"
When configuring your Apache virtual hosts, you can add the following line to any vhost definition to enable passthrough to PHP-FPM:
# If using a TCP port:
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/example"
# If using a Unix socket:
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/example"
For a full usage example with the `geerlingguy.apache` role, see the Example Playbook later in this README.
## Role Variables
None.
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars:
apache_vhosts:
- servername: "www.example.com"
documentroot: "/var/www/example"
extra_parameters: |
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/example"
roles:
- { role: geerlingguy.apache }
- { role: geerlingguy.php }
- { role: geerlingguy.apache-fastcgi-php }
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://www.ansiblefordevops.com/).

26
roles/ansible-role-apache-php-fpm/meta/main.yml
View file

@ -1,26 +0,0 @@
---
dependencies:
- ansible-role-apache
galaxy_info:
author: geerlingguy
description: Apache 2.4+ PHP-FPM support for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.4
platforms:
- name: EL
versions:
- 6
- 7
- name: Debian
versions:
- wheezy
- jessie
- name: Ubuntu
versions:
- precise
- trusty
- xenial
galaxy_tags:
- web

10
roles/ansible-role-apache-php-fpm/tasks/configure-Debian.yml
View file

@ -1,10 +0,0 @@
---
- name: Enable mod_proxy_fcgi.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: link
with_items:
- proxy.load
- proxy_fcgi.load
notify: restart apache

7
roles/ansible-role-apache-php-fpm/tasks/configure-RedHat.yml
View file

@ -1,7 +0,0 @@
---
# RHEL/CentOS 7 automatically installs and enables mod_proxy_fcgi by default.
# RHEL/CentOS 6 installs Apache 2.2... and is much harder to get configured with
# FastCGI, but here are two guides:
# - Apache 2.2 + mod_fastcgi: http://stackoverflow.com/a/21409702/100134
# - Apache 2.4 + mod_proxy_fcgi: http://unix.stackexchange.com/a/138903/16194

7
roles/ansible-role-apache-php-fpm/tasks/main.yml
View file

@ -1,7 +0,0 @@
---
# Configuration tasks.
- include: configure-Debian.yml
when: ansible_os_family == 'Debian'
- include: configure-RedHat.yml
when: ansible_os_family == 'RedHat'

27
roles/ansible-role-apache-php-fpm/tests/test.yml
View file

@ -1,27 +0,0 @@
---
- hosts: all
vars:
php_enablerepo: "remi,remi-php56"
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
pre_tasks:
- name: Add repository for PHP 5.5 + Apache 2.4 on Ubuntu 12.04.
apt_repository: repo='ppa:ondrej/php5'
when: ansible_distribution_version == "12.04"
- name: Update apt cache on Ubuntu 12.04.
apt: update_cache=yes
when: ansible_distribution_version == "12.04"
roles:
- role: geerlingguy.repo-remi
when: ansible_os_family == 'RedHat'
- role: geerlingguy.apache
- role: geerlingguy.php
- role: role_under_test

42
roles/ansible-role-composer/.travis.yml
View file

@ -1,42 +0,0 @@
---
sudo: required
language: python
python: "2.7"
env:
- SITE=test.yml
- SITE=test-global-require.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
# Install required dependencies.
- ansible-galaxy install geerlingguy.php
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Check if composer is installed and working.
- composer
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

68
roles/ansible-role-composer/README.md
View file

@ -1,68 +0,0 @@
# Ansible Role: Composer
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-composer.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-composer)
Installs Composer, the PHP Dependency Manager, on any Linux or UNIX system.
## Requirements
- `php` (version 5.4+) should be installed and working (you can use the `geerlingguy.php` role to install).
- `git` should be installed and working (you can use the `geerlingguy.git` role to install).
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
composer_path: /usr/local/bin/composer
The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `composer` instead of the full path.
composer_keep_updated: false
Set this to `true` to update Composer to the latest release every time the playbook is run.
composer_home_path: '~/.composer'
composer_home_owner: root
composer_home_group: root
The `COMPOSER_HOME` path and directory ownership; this is the directory where global packages will be installed.
composer_version: ''
You can install a specific release of Composer, e.g. `composer_version: '1.0.0-alpha11'`. If left empty the latest development version will be installed. Note that `composer_keep_updated` will override this variable, as it will always install the latest development version.
composer_global_packages: {}
A list of packages to install globally (using `composer global require`). If you want to install any packages globally, add a list item with a dictionary with the `name` of the package and a `release`, e.g. `- { name: phpunit/phpunit, release: "4.7.*" }`. The 'release' is optional, and defaults to `@stable`.
composer_add_to_path: true
If `true`, and if there are any configured `composer_global_packages`, the `vendor/bin` directory inside `composer_home_path` will be added to the system's default `$PATH` (for all users).
composer_github_oauth_token: ''
GitHub OAuth token, used to avoid GitHub API rate limiting errors when building and rebuilding applications using Composer. Follow GitHub's directions to [Create a personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) if you run into these rate limit errors.
php_executable: php
The executable name or full path to the PHP executable. This is defaulted to `php` if you don't override the variable.
## Dependencies
None (but make sure you've installed PHP; the `geerlingguy.php` role is recommended).
## Example Playbook
- hosts: servers
roles:
- geerlingguy.composer
After the playbook runs, `composer` will be placed in `/usr/local/bin/composer` (this location is configurable), and will be accessible via normal system accounts.
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

20
roles/ansible-role-composer/defaults/main.yml
View file

@ -1,20 +0,0 @@
---
composer_path: /usr/local/bin/composer
composer_keep_updated: false
composer_version: ''
# The directory where global packages will be installed.
composer_home_path: '~/.composer'
composer_home_owner: root
composer_home_group: root
# A list of packages to install globally. See commented examples below for
# usage; the 'release' is optional, and defaults to '@stable'.
composer_global_packages: []
# - { name: phpunit/phpunit, release: "4.7.x" }
# - { name: phpunit/phpunit, release: "@stable" }
composer_add_to_path: true
# GitHub OAuth token (used to help overcome API rate limits).
composer_github_oauth_token: ''

43
roles/ansible-role-composer/meta/main.yml
View file

@ -1,43 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Composer PHP Dependency Manager
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- packaging
- web

17
roles/ansible-role-composer/tasks/global-require.yml
View file

@ -1,17 +0,0 @@
---
- name: Install configured globally-required packages.
become: yes
become_user: "{{ composer_home_owner }}"
shell: >
COMPOSER_HOME={{ composer_home_path }}
composer global require {{ item.name }}:{{ item.release | default('@stable') }} --no-progress
creates={{ composer_home_path }}/vendor/{{ item.name }}
register: composer_global_require_result
with_items: "{{ composer_global_packages }}"
- name: Add composer_home_path bin directory to global $PATH.
template:
src: composer.sh.j2
dest: /etc/profile.d/composer.sh
mode: 0644
when: composer_add_to_path

53
roles/ansible-role-composer/tasks/main.yml
View file

@ -1,53 +0,0 @@
---
- name: Set php_executable variable to a default if not defined.
set_fact:
php_executable: php
when: php_executable is not defined
- name: Check if Composer is installed.
stat: "path={{ composer_path }}"
register: composer_bin
- name: Download Composer installer.
get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-installer.php
mode: 0755
when: not composer_bin.stat.exists
- name: Run Composer installer.
command: >
{{ php_executable }} composer-installer.php {% if composer_version != '' %} --version={{ composer_version }}{% endif %}
chdir=/tmp
when: not composer_bin.stat.exists
- name: Move Composer into globally-accessible location.
shell: >
mv /tmp/composer.phar {{ composer_path }}
creates={{ composer_path }}
when: not composer_bin.stat.exists
- name: Update Composer to latest version (if configured).
shell: >
{{ php_executable }} {{ composer_path }} self-update
register: composer_update
changed_when: "'Updating to version' in composer_update.stdout"
when: composer_keep_updated
- name: Ensure composer directory exists.
file:
path: "{{ composer_home_path }}"
owner: "{{ composer_home_owner }}"
group: "{{ composer_home_group }}"
state: directory
- name: Add GitHub OAuth token for Composer (if configured).
template:
src: "auth.json.j2"
dest: "{{ composer_home_path }}/auth.json"
owner: "{{ composer_home_owner }}"
group: "{{ composer_home_group }}"
when: composer_github_oauth_token != ''
- include: global-require.yml
when: composer_global_packages|length > 0

5
roles/ansible-role-composer/templates/auth.json.j2
View file

@ -1,5 +0,0 @@
{
"github-oauth": {
"github.com": "{{ composer_github_oauth_token }}"
}
}

1
roles/ansible-role-composer/templates/composer.sh.j2
View file

@ -1 +0,0 @@
export PATH=$PATH:{{ composer_home_path }}/vendor/bin

1
roles/ansible-role-composer/tests/inventory
View file

@ -1 +0,0 @@
localhost

12
roles/ansible-role-composer/tests/test-global-require.yml
View file

@ -1,12 +0,0 @@
---
- hosts: localhost
remote_user: root
vars:
php_enable_webserver: false
composer_global_packages:
- { name: phpunit/phpunit, release: "@stable" }
roles:
- geerlingguy.php
- ansible-role-composer

10
roles/ansible-role-composer/tests/test.yml
View file

@ -1,10 +0,0 @@
---
- hosts: localhost
remote_user: root
vars:
php_enable_webserver: false
roles:
- geerlingguy.php
- ansible-role-composer

41
roles/ansible-role-drupal-console/.travis.yml
View file

@ -1,41 +0,0 @@
---
sudo: required
language: python
python: "2.7"
env:
- SITE=test.yml
- SITE=test-self-update.yml
before_install:
- sudo apt-get update -qq
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
# Install required dependencies.
- ansible-galaxy install geerlingguy.php
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Check if Drupal Console is installed and working.
- drupal
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

45
roles/ansible-role-drupal-console/README.md
View file

@ -1,45 +0,0 @@
# Ansible Role: Drupal Console
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-drupal-console.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-drupal-console)
Installs [Drupal Console](http://drupalconsole.com/) on any Linux or UNIX system.
## Requirements
`php` (version 5.4+) should be installed and working.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
drupal_console_path: /usr/local/bin/drupal
The path where Drupal Console will be installed and available to your system. Should be in your user's `$PATH` so you can use Drupal Console by entering `drupal` instead of the full path.
drupal_console_keep_updated: false
By default, this role not update Drupal Console when it is run again. If you'd like always update Drupal Console to the latest version when this role is run, switch this variable to `true`.
drupal_console_config: ~/.console
The path to the Drupal Console configuration file.
## Dependencies
- geerlingguy.php (Installs PHP).
## Example Playbook
- hosts: servers
roles:
- { role: geerlingguy.drupal-console }
After the playbook runs, `drupal` will be placed in `/usr/local/bin/drupal` (this location is configurable), and will be accessible via normal system accounts.
## License
MIT / BSD
## Author Information
This role was created in 2015 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

4
roles/ansible-role-drupal-console/defaults/main.yml
View file

@ -1,4 +0,0 @@
---
drupal_console_path: /usr/local/bin/drupal
drupal_console_keep_updated: false
drupal_console_config: ~/.console

44
roles/ansible-role-drupal-console/meta/main.yml
View file

@ -1,44 +0,0 @@
---
dependencies:
- ansible-role-php
galaxy_info:
author: geerlingguy
description: Drupal Console
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.4
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- packaging
- web

22
roles/ansible-role-drupal-console/tasks/main.yml
View file

@ -1,22 +0,0 @@
---
- name: Install Drupal Console.
get_url:
url: https://drupalconsole.com/installer
dest: "{{ drupal_console_path }}"
- name: Ensure Drupal Console is executable.
file:
path: "{{ drupal_console_path }}"
mode: 0755
- name: Run Drupal Console init.
shell: >
php {{ drupal_console_path }} init
creates={{ drupal_console_config }}
- name: Update Drupal Console to latest version (if configured).
shell: >
php {{ drupal_console_path }} self-update
register: drupal_console_update
changed_when: "'console has been updated' in drupal_console_update.stdout"
when: drupal_console_keep_updated

1
roles/ansible-role-drupal-console/tests/inventory
View file

@ -1 +0,0 @@
localhost

15
roles/ansible-role-drupal-console/tests/test-self-update.yml
View file

@ -1,15 +0,0 @@
---
- hosts: localhost
remote_user: root
vars:
php_enable_webserver: false
drupal_console_keep_updated: true
pre_tasks:
- name: Add ondrej repository for PHP 5.6.
apt_repository: repo='ppa:ondrej/php5-5.6'
roles:
- geerlingguy.php
- ansible-role-drupal-console

14
roles/ansible-role-drupal-console/tests/test.yml
View file

@ -1,14 +0,0 @@
---
- hosts: localhost
remote_user: root
vars:
php_enable_webserver: false
pre_tasks:
- name: Add ondrej repository for PHP 5.6.
apt_repository: repo='ppa:ondrej/php5-5.6'
roles:
- geerlingguy.php
- ansible-role-drupal-console

42
roles/ansible-role-drush/.travis.yml
View file

@ -1,42 +0,0 @@
---
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo add-apt-repository ppa:ondrej/php5 -y
- sudo apt-get update -q
- sudo apt-get update -qq
- sudo apt-get install curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
# Install required dependencies.
- ansible-galaxy install geerlingguy.php geerlingguy.composer geerlingguy.git
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Check if drush is installed and working.
- drush --version
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

56
roles/ansible-role-drush/README.md
View file

@ -1,56 +0,0 @@
# Ansible Role: Drush
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-drush.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-drush)
Installs Drush, a command line shell and scripting interface for Drupal, on any Linux or UNIX system.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
drush_install_path: /usr/local/share/drush
The location of the entire drush installation (includes all the supporting files, as well as the `drush` executable file.
drush_path: /usr/local/bin/drush
The path where drush will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `drush` instead of the full path.
drush_version: "master"
The version of Drush to install (examples: `"master"` for the bleeding edge, `"7.x"`, `"6.x"`, `"6.2.0"`). This should be a string as it refers to a git branch, tag, or commit hash.
drush_keep_updated: no
drush_force_update: no
Whether to keep Drush up-to-date with the latest revision of the branch specified by `drush_version`, and whether to force the update (e.g. overwrite local modifications to the drush repository).
drush_composer_cli_options: "--prefer-source --no-interaction"
These options are the safest for avoiding GitHub API rate limits when installing Drush, and can be very helpful when working on dependencies/installation, but builds can be sped up substantially by changing the first option to --prefer-dist.
## Dependencies
- geerlingguy.git (Installs Git).
- geerlingguy.php (Installs PHP).
- geerlingguy.composer (Installs Composer).
## Example Playbook
- hosts: servers
roles:
- { role: geerlingguy.drush }
After the playbook runs, the `drush` command will be accessible from normal system accounts.
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

10
roles/ansible-role-drush/defaults/main.yml
View file

@ -1,10 +0,0 @@
---
drush_install_path: /usr/local/share/drush
drush_path: /usr/local/bin/drush
drush_version: "master"
drush_keep_updated: no
drush_force_update: no
# These options are the safest for avoiding GitHub API rate limits, but builds
# can be sped up substantially by changing to --prefer-dist.
drush_composer_cli_options: "--prefer-source --no-interaction"

46
roles/ansible-role-drush/meta/main.yml
View file

@ -1,46 +0,0 @@
---
dependencies:
- ansible-role-git
- ansible-role-php
- ansible-role-composer
galaxy_info:
author: geerlingguy
description: Drush - command line shell for Drupal
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.4
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- development
- web

38
roles/ansible-role-drush/tasks/main.yml
View file

@ -1,38 +0,0 @@
---
- name: Clone Drush from GitHub.
git:
repo: https://github.com/drush-ops/drush.git
dest: "{{ drush_install_path }}"
version: "{{ drush_version }}"
update: "{{ drush_keep_updated }}"
force: "{{ drush_force_update }}"
register: drush_clone
- name: Check for composer.json
stat: path={{ drush_install_path }}/composer.json
register: drush_composer
# See: https://github.com/geerlingguy/ansible-role-drush/issues/6
- name: Ensure Drush can be installed on Debian Wheezy.
shell: >
{{ composer_path }} update {{ drush_composer_cli_options }}
chdir={{ drush_install_path }}
when: drush_clone.changed and ansible_distribution == "Debian" and ansible_distribution_release == "wheezy" and drush_composer.stat.exists
- name: Install Drush dependencies with Composer.
shell: >
{{ composer_path }} install {{ drush_composer_cli_options }}
chdir={{ drush_install_path }}
when: drush_clone.changed and drush_composer.stat.exists
- name: Create drush symlink.
file:
src: "{{ drush_install_path }}/drush"
dest: "{{ drush_path }}"
state: link
- name: Run drush to finish setting it up.
command: "{{ drush_path }}"
register: drush_result
changed_when: "'Execute a drush command' not in drush_result.stdout"
become: no

1
roles/ansible-role-drush/tests/inventory
View file

@ -1 +0,0 @@
localhost

13
roles/ansible-role-drush/tests/test.yml
View file

@ -1,13 +0,0 @@
---
- hosts: localhost
remote_user: root
vars:
php_enable_webserver: false
php_opcache_enable: "0"
roles:
- geerlingguy.php
- geerlingguy.composer
- geerlingguy.git
- ansible-role-drush

1
roles/ansible-role-git/.gitignore vendored
View file

@ -1 +0,0 @@
.LSOverride

84
roles/ansible-role-git/.travis.yml
View file

@ -1,84 +0,0 @@
---
sudo: required
env:
# Only test source install on latest supported OSes.
# - distribution: centos
# version: 7
# init: /usr/lib/systemd/systemd
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
# SITE: source
# GIT_VERSION: 2.7.1
- distribution: ubuntu
version: 14.04
init: /sbin/init
run_opts: ""
SITE: source
GIT_VERSION: 2.7.1
# Test package install on all supported OSes.
- distribution: centos
version: 6
init: /sbin/init
run_opts: ""
SITE: package
GIT_VERSION: 1.7.1
- distribution: centos
version: 7
init: /usr/lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
SITE: package
GIT_VERSION: 1.8.3.1
- distribution: ubuntu
version: 14.04
init: /sbin/init
run_opts: ""
SITE: package
GIT_VERSION: 1.9.1
- distribution: ubuntu
version: 12.04
init: /sbin/init
run_opts: ""
SITE: package
GIT_VERSION: 1.7.9.5
services:
- docker
before_install:
# - sudo apt-get update
# Pull container
- 'sudo docker pull ${distribution}:${version}'
# Customize container
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
script:
- container_id=$(mktemp)
# Run container in detached state
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml'
# Test role idempotence.
- >
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Ensure Git is installed and at the right version.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which git'
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm test -x /usr/bin/git'
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm git --version'
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm /usr/bin/git --version | grep -qF "$GIT_VERSION"'
# Clean up
- 'sudo docker stop "$(cat ${container_id})"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

55
roles/ansible-role-git/README.md
View file

@ -1,55 +0,0 @@
# Ansible Role: Git
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-git.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-git)
Installs Git, a distributed version control system, on any RHEL/CentOS or Debian/Ubuntu Linux system.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
workspace: /root
Where certain files will be downloaded and adjusted prior to git installation, if needed.
git_enablerepo: ""
This variable, a well as `git_packages`, will be used to install git via a particular `yum` repo if `git_install_from_source` is false (CentOS only). Any additional repositories you have installed that you would like to use for a newer/different Git version.
git_packages:
- git
- git-svn
The specific Git packages that will be installed. By default, `git-svn` is included, but you can easily add this variable to your playbook's variables and remove `git-svn` if desired.
git_install_from_source: false
git_install_path: "/usr"
git_version: "2.1.0"
Whether to install Git from source; if set to `true`, `git_version` is required and will be used to install a particular version of git (see all available versions here: https://www.kernel.org/pub/software/scm/git/), and `git_install_path` defines where git should be installed.
git_install_from_source_force_update: false
If git is already installed at and older version, force a new source build. Only applies if `git_install_from_source` is `true`.
## Dependencies
None.
## Example Playbook
- hosts: servers
roles:
- { role: geerlingguy.git }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

23
roles/ansible-role-git/defaults/main.yml
View file

@ -1,23 +0,0 @@
---
workspace: /root
# If git_install_from_source is set to false, these two variables define whether
# to use an additional repo for the package installation, and which git packages
# will be installed.
git_enablerepo: ""
git_packages:
- git
- git-svn
# If set to TRUE, git will be installed from source, using the version set with
# the 'git_version' variable instead of using a package.
git_install_from_source: false
git_install_path: "/usr"
git_version: "2.7.1"
# If git is already installed at and older version, force a new source build.
# Only applies if git_install_from_source is `true`.
git_install_from_source_force_update: false
# Leave this at it's default.
git_reinstall_from_source: false

22
roles/ansible-role-git/meta/main.yml
View file

@ -1,22 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Git version control software
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- development
- system

62
roles/ansible-role-git/tasks/install-from-source.yml
View file

@ -1,62 +0,0 @@
---
- name: Ensure git's dependencies are installed (RedHat).
yum: "pkg={{ item }} state=installed"
with_items:
- gettext-devel
- expat-devel
- curl-devel
- zlib-devel
- perl-devel
- openssl-devel
- subversion-perl
- make
- gcc
when: ansible_os_family == 'RedHat'
- name: Ensure git's dependencies are installed (Debian).
apt: "pkg={{ item }} state=installed"
with_items:
- libcurl4-gnutls-dev
- libexpat1-dev
- gettext
- libssl-dev
- build-essential
- gcc
when: ansible_os_family == 'Debian'
- name: Get installed version
command: git --version
changed_when: false
failed_when: false
# Ansible 1.8 feature.
# warn: no
register: git_installed_version
- name: Force git install if the version numbers do not match
set_fact:
git_reinstall_from_source: true
when: 'git_install_from_source_force_update and (git_installed_version|success and (git_installed_version.stdout | regex_replace("^.*?([0-9\.]+)$", "\\1") | version_compare(git_version, operator="!=")))'
- name: Download git.
get_url:
url: "https://www.kernel.org/pub/software/scm/git/git-{{ git_version }}.tar.gz"
dest: "{{ workspace }}/git-{{ git_version }}.tar.gz"
when: git_installed_version|failed or git_reinstall_from_source
- name: Expand git archive.
unarchive:
src: "{{ workspace }}/git-{{ git_version }}.tar.gz"
dest: "{{ workspace }}"
creates: "{{ workspace }}/git-{{ git_version }}/README"
copy: no
when: git_installed_version|failed or git_reinstall_from_source
- name: Build git.
command: >
make prefix={{ git_install_path }} {{ item }}
chdir={{ workspace }}/git-{{ git_version }}
with_items:
- all
- install
when: git_installed_version|failed or git_reinstall_from_source
become: yes

23
roles/ansible-role-git/tasks/main.yml
View file

@ -1,23 +0,0 @@
---
- name: Ensure git is installed (RedHat).
yum:
name: "{{ item }}"
state: installed
enablerepo: "{{ git_enablerepo }}"
with_items: "{{ git_packages }}"
when: (git_install_from_source == false) and (ansible_os_family == 'RedHat')
- name: Update apt cache (Debian).
apt: update_cache=yes cache_valid_time=86400
when: ansible_os_family == 'Debian'
- name: Ensure git is installed (Debian).
apt:
name: "{{ item }}"
state: installed
with_items: "{{ git_packages }}"
when: (git_install_from_source == false) and (ansible_os_family == 'Debian')
# Install git from source when git_install_from_source is true.
- include: install-from-source.yml
when: git_install_from_source == true

27
roles/ansible-role-git/tests/Dockerfile.centos-7
View file

@ -1,27 +0,0 @@
FROM centos:7
# Install systemd -- See https://hub.docker.com/_/centos/
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
# Install Ansible
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

11
roles/ansible-role-git/tests/Dockerfile.ubuntu-12.04
View file

@ -1,11 +0,0 @@
FROM ubuntu:12.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common python-software-properties git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

11
roles/ansible-role-git/tests/Dockerfile.ubuntu-14.04
View file

@ -1,11 +0,0 @@
FROM ubuntu:14.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

14
roles/ansible-role-git/tests/test-package.yml
View file

@ -1,14 +0,0 @@
---
- hosts: all
vars:
git_install_from_source: false
git_install_path: /usr/local
pre_tasks:
- name: Ensure build dependencies are installed (RedHat).
yum: name=which state=present
when: ansible_os_family == 'RedHat'
roles:
- role_under_test

15
roles/ansible-role-git/tests/test-source.yml
View file

@ -1,15 +0,0 @@
---
- hosts: all
vars:
git_install_from_source: true
git_install_from_source_force_update: true
git_version: 2.7.1
pre_tasks:
- name: Ensure build dependencies are installed (RedHat).
yum: name=which state=present
when: ansible_os_family == 'RedHat'
roles:
- role_under_test

2
roles/ansible-role-git/vars/main.yml
View file

@ -1,2 +0,0 @@
---
# This space intentionally left blank.

1
roles/ansible-role-memcached/.gitignore vendored
View file

@ -1 +0,0 @@
.DS_Store

38
roles/ansible-role-memcached/.travis.yml
View file

@ -1,38 +0,0 @@
---
sudo: required
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Check the version of Memcached (if this output fails, it's not running).
- memcached -h | head -1
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

53
roles/ansible-role-memcached/README.md
View file

@ -1,53 +0,0 @@
# Ansible Role: Memcached
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-memcached.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-memcached)
An Ansible Role that installs Memcached on RedHat/CentOS or Debian/Ubuntu Linux.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
memcached_user: memcache
The user under which the Memcached daemon will run.
memcached_port: 11211
memcached_listen_ip: 127.0.0.1
The port and IP address (127.0.0.1 for localhost) on which Memcached will listen for requests.
memcached_memory_limit: 64
memcached_connections: 1024
Memcached limits. The maximum amount of RAM `memcached` will consume (64MB is the default), and the maximum number of simultaneous connections memcached will handle.
memcached_log_file: /var/log/memcached.log
The location of the memcached log file.
memcached_log_verbosity: ""
Normally memcached does not log anything. Change to "-v" to enable logging or to "-vv" for debug logging.
## Dependencies
None.
## Example Playbook
- hosts: cache
roles:
- { role: geerlingguy.memcached }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

9
roles/ansible-role-memcached/defaults/main.yml
View file

@ -1,9 +0,0 @@
---
memcached_port: 11211
memcached_listen_ip: 127.0.0.1
memcached_memory_limit: 64
memcached_connections: 1024
memcached_log_file: /var/log/memcached.log
memcached_log_verbosity: ""

3
roles/ansible-role-memcached/handlers/main.yml
View file

@ -1,3 +0,0 @@
---
- name: restart memcached
service: name=memcached state=restarted

29
roles/ansible-role-memcached/tasks/main.yml
View file

@ -1,29 +0,0 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define memcached_user.
set_fact:
memcached_user: "{{ __memcached_user }}"
when: memcached_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Configure Memcached.
- name: Copy Memcached configuration.
template:
src: memcached-{{ ansible_os_family }}.conf.j2
dest: "{{ memcached_config_file }}"
owner: root
group: root
mode: 0644
notify: restart memcached
- name: Ensure Memcached is started and set to run on startup.
service: name=memcached state=started enabled=yes

6
roles/ansible-role-memcached/tasks/setup-Debian.yml
View file

@ -1,6 +0,0 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=86400
- name: Install Memcached.
apt: name=memcached state=installed

3
roles/ansible-role-memcached/tasks/setup-RedHat.yml
View file

@ -1,3 +0,0 @@
---
- name: Install Memcached.
yum: name=memcached state=installed

28
roles/ansible-role-memcached/templates/memcached-Debian.conf.j2
View file

@ -1,28 +0,0 @@
# {{ ansible_managed }}
# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run.
-d
# Log memcached's output to /var/log/memcached
logfile {{ memcached_log_file }}
{{ memcached_log_verbosity }}
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m {{ memcached_memory_limit }}
# Default connection port is 11211
-p {{ memcached_port }}
# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u {{ memcached_user }}
# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l {{ memcached_listen_ip }}
# Limit the number of simultaneous incoming connections. The daemon default is 1024
-c {{ memcached_connections }}

20
roles/ansible-role-memcached/templates/memcached-RedHat.conf.j2
View file

@ -1,20 +0,0 @@
# {{ ansible_managed }}
# Default connection port is 11211
PORT="{{ memcached_port }}"
# The user to run memcached as.
USER="{{ memcached_user }}"
# Limit the number of simultaneous incoming connections. The daemon default is 1024.
MAXCONN="{{ memcached_connections }}"
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
CACHESIZE="{{ memcached_memory_limit }}"
# Extra options:
# -l Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
OPTIONS="-l {{ memcached_listen_ip }} {{ memcached_log_verbosity }} >> {{ memcached_log_file }} 2>&1"

1
roles/ansible-role-memcached/tests/inventory
View file

@ -1 +0,0 @@
localhost

5
roles/ansible-role-memcached/tests/test.yml
View file

@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- ansible-role-memcached

3
roles/ansible-role-memcached/vars/Debian.yml
View file

@ -1,3 +0,0 @@
---
__memcached_user: memcache
memcached_config_file: /etc/memcached.conf

3
roles/ansible-role-memcached/vars/RedHat.yml
View file

@ -1,3 +0,0 @@
---
__memcached_user: memcached
memcached_config_file: /etc/sysconfig/memcached

76
roles/ansible-role-mysql/.travis.yml
View file

@ -1,76 +0,0 @@
---
sudo: required
env:
- distribution: centos
version: 6
init: /sbin/init
run_opts: ""
playbook: test.yml
- distribution: centos
version: 7
init: /usr/lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
playbook: centos-7-test.yml
- distribution: ubuntu
version: 14.04
init: /sbin/init
run_opts: ""
playbook: test.yml
# - distribution: ubuntu
# version: 12.04
# init: /sbin/init
# run_opts: ""
# playbook: test.yml
services:
- docker
before_install:
# Pull container
- 'sudo docker pull ${distribution}:${version}'
# Customize container
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
script:
- container_id=$(mktemp)
# Run container in detached state
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}'
# Test role idempotence.
- >
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Some MySQL debugging (show all the logs).
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ls -lah /var/log
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql/error.log || true
- sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm cat /var/log/mysql.err || true
# Check to make sure we can connect to MySQL via Unix socket.
- >
sudo docker exec "$(cat ${container_id})" mysql -u root -proot -e 'show databases;'
| grep -q 'information_schema'
&& (echo 'MySQL running normally' && exit 0)
|| (echo 'MySQL not running' && exit 1)
# Check to make sure we can connect to MySQL via TCP.
- >
sudo docker exec "$(cat ${container_id})" mysql -u root -proot -h 127.0.0.1 -e 'show databases;'
| grep -q 'information_schema'
&& (echo 'MySQL running normally' && exit 0)
|| (echo 'MySQL not running' && exit 1)
# Clean up
- sudo docker stop "$(cat ${container_id})"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

143
roles/ansible-role-mysql/README.md
View file

@ -1,143 +0,0 @@
# Ansible Role: MySQL
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-mysql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-mysql)
Installs and configures MySQL or MariaDB server on RHEL/CentOS or Debian/Ubuntu servers.
## Requirements
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
- hosts: database
roles:
- role: geerlingguy.mysql
become: yes
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
mysql_user_home: /root
The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role.
mysql_root_password: root
The MySQL root user account password.
mysql_root_password_update: no
Whether to force update the MySQL root user's password. By default, this role will only change the root user's password when MySQL is first configured. You can force an update by setting this to `yes`.
> Note: If you get an error like `ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)` after a failed or interrupted playbook run, this usually means the root password wasn't originally updated to begin with. Try either removing the `.my.cnf` file inside the configured `mysql_user_home` or updating it and setting `password=''` (the insecure default password). Run the playbook again, with `mysql_root_password_update` set to `yes`, and the setup should complete.
mysql_enabled_on_startup: yes
Whether MySQL should be enabled on startup.
overwrite_global_mycnf: yes
Whether the global my.cnf should be overwritten each time this role is run. Setting this to `no` tells Ansible to only create the `my.cnf` file if it doesn't exist. This should be left at its default value (`yes`) if you'd like to use this role's variables to configure MySQL.
mysql_config_include_files: []
A list of files that should override the default global my.cnf. Each item in the array requires a "src" parameter which is a path to a file. An optional "force" parameter can force the file to be updated each time ansible runs.
mysql_databases: []
The MySQL databases to create. A database has the values `name`, `encoding` (defaults to `utf8`), `collation` (defaults to `utf8_general_ci`) and `replicate` (defaults to `1`, only used if replication is configured). The formats of these are the same as in the `mysql_db` module.
mysql_users: []
The MySQL users and their privileges. A user has the values `name`, `host` (defaults to `localhost`), `password`, `priv` (defaults to `*.*:USAGE`), `append_privs` (defaults to `no`), `state` (defaults to `present`). The formats of these are the same as in the `mysql_user` module.
mysql_packages:
- mysql
- mysql-server
(OS-specific, RedHat/CentOS defaults listed here) Packages to be installed. In some situations, you may need to add additional packages, like `mysql-devel`.
mysql_enablerepo: ""
(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install later versions of MySQL.
mysql_port: "3306"
mysql_bind_address: '0.0.0.0'
mysql_datadir: /var/lib/mysql
Default MySQL connection configuration.
mysql_log: ""
mysql_log_error: /var/log/mysqld.log
mysql_syslog_tag: mysqld
MySQL logging configuration. Setting `mysql_log` (the general query log) or `mysql_log_error` to `syslog` will make MySQL log to syslog using the `mysql_syslog_tag`.
mysql_slow_query_log_enabled: no
mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_slow_query_time: 2
Slow query log settings. Note that the log file will be created by this role, but if you're running on a server with SELinux or AppArmor, you may need to add this path to the allowed paths for MySQL, or disable the mysql profile. For example, on Debian/Ubuntu, you can run `sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld && sudo service apparmor restart`.
mysql_key_buffer_size: "256M"
mysql_max_allowed_packet: "64M"
mysql_table_open_cache: "256"
[...]
The rest of the settings in `defaults/main.yml` control MySQL's memory usage. The default values are tuned for a server where MySQL can consume ~512 MB RAM, so you should consider adjusting them to suit your particular server better.
mysql_server_id: "1"
mysql_max_binlog_size: "100M"
mysql_expire_logs_days: "10"
mysql_replication_role: ''
mysql_replication_master: ''
mysql_replication_user: []
Replication settings. Set `mysql_server_id` and `mysql_replication_role` by server (e.g. the master would be ID `1`, with the `mysql_replication_role` of `master`, and the slave would be ID `2`, with the `mysql_replication_role` of `slave`). The `mysql_replication_user` uses the same keys as `mysql_users`, and is created on master servers, and used to replicate on all the slaves.
### MariaDB usage
This role works with either MySQL or a compatible version of MariaDB. On RHEL/CentOS 7+, the mariadb database engine was substituted as the default MySQL replacement package. No modifications are necessary though all of the variables still reference 'mysql' instead of mariadb.
#### Ubuntu 14.04 and 16.04 MariaDB configuration
On Ubuntu, the package names are named differently, so the `mysql_package` variable needs to be altered. Set the following variables (at a minimum):
mysql_packages:
- mariadb-client
- mariadb-server
- python-mysqldb
## Dependencies
None.
## Example Playbook
- hosts: db-servers
become: yes
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.mysql }
*Inside `vars/main.yml`*:
mysql_root_password: super-secure-password
mysql_databases:
- name: example_db
encoding: latin1
collation: latin1_general_ci
mysql_users:
- name: example_user
host: "%"
password: similarly-secure-password
priv: "example_db.*:ALL"
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

95
roles/ansible-role-mysql/defaults/main.yml
View file

@ -1,95 +0,0 @@
---
mysql_user_home: /root
mysql_root_username: root
mysql_root_password: root
# Set this to `yes` to forcibly update the root password.
mysql_root_password_update: no
mysql_enabled_on_startup: yes
# update my.cnf. each time role is run? yes | no
overwrite_global_mycnf: yes
# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
# for RedHat systems (and derivatives).
mysql_enablerepo: ""
# Define a custom list of packages to install; if none provided, the default
# package list from vars/[OS-family].yml will be used.
# mysql_packages:
# - mysql
# - mysql-server
# - MySQL-python
# MySQL connection settings.
mysql_port: "3306"
mysql_bind_address: '0.0.0.0'
mysql_datadir: /var/lib/mysql
mysql_pid_file: /var/run/mysqld/mysqld.pid
mysql_skip_name_resolve: no
# Slow query log settings.
mysql_slow_query_log_enabled: no
mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_slow_query_time: 2
# Memory settings (default values optimized ~512MB RAM).
mysql_key_buffer_size: "256M"
mysql_max_allowed_packet: "64M"
mysql_table_open_cache: "256"
mysql_sort_buffer_size: "1M"
mysql_read_buffer_size: "1M"
mysql_read_rnd_buffer_size: "4M"
mysql_myisam_sort_buffer_size: "64M"
mysql_thread_cache_size: "8"
mysql_query_cache_size: "16M"
mysql_max_connections: 151
# Other settings.
mysql_wait_timeout: 28800
# InnoDB settings.
# Set .._buffer_pool_size up to 80% of RAM but beware of setting too high.
mysql_innodb_file_per_table: "1"
mysql_innodb_buffer_pool_size: "256M"
# Set .._log_file_size to 25% of buffer pool size.
mysql_innodb_log_file_size: "64M"
mysql_innodb_log_buffer_size: "8M"
mysql_innodb_flush_log_at_trx_commit: "1"
mysql_innodb_lock_wait_timeout: 50
# mysqldump settings.
mysql_mysqldump_max_allowed_packet: "64M"
# Logging settings.
mysql_log: ""
mysql_log_error: /var/log/mysql.err
mysql_syslog_tag: mysql
mysql_config_include_files: []
# - src: path/relative/to/playbook/file.cnf
# - { src: path/relative/to/playbook/anotherfile.cnf, force: yes }
# Databases.
mysql_databases: []
# - name: example
# collation: utf8_general_ci
# encoding: utf8
# replicate: 1
# Users.
mysql_users: []
# - name: example
# host: 127.0.0.1
# password: secret
# priv: *.*:USAGE
# Replication settings (replication is only enabled if master/user have values).
mysql_server_id: "1"
mysql_max_binlog_size: "100M"
mysql_expire_logs_days: "10"
mysql_replication_role: ''
mysql_replication_master: ''
# Same keys as `mysql_users` above.
mysql_replication_user: []

3
roles/ansible-role-mysql/handlers/main.yml
View file

@ -1,3 +0,0 @@
---
- name: restart mysql
service: "name={{ mysql_daemon }} state=restarted sleep=5"

22
roles/ansible-role-mysql/meta/main.yml
View file

@ -1,22 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: MySQL server for RHEL/CentOS and Debian/Ubuntu.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- database

69
roles/ansible-role-mysql/tasks/configure.yml
View file

@ -1,69 +0,0 @@
---
- name: Copy my.cnf global MySQL configuration.
template:
src: my.cnf.j2
dest: "{{ mysql_config_file }}"
owner: root
group: root
mode: 0644
force: "{{ overwrite_global_mycnf }}"
notify: restart mysql
- name: Verify mysql include directory exists.
file:
path: "{{ mysql_config_include_dir }}"
state: directory
owner: root
group: root
mode: 0755
when: mysql_config_include_files | length
- name: Copy my.cnf override files into include directory.
template:
src: "{{ item.src }}"
dest: "{{ mysql_config_include_dir }}/{{ item.src | basename }}"
owner: root
group: root
mode: 0644
force: "{{ item.force | default(False) }}"
with_items: "{{ mysql_config_include_files }}"
notify: restart mysql
- name: Create slow query log file (if configured).
shell: "touch {{ mysql_slow_query_log_file }} creates={{ mysql_slow_query_log_file }}"
when: mysql_slow_query_log_enabled
- name: Create datadir if it does not exist
file:
path: "{{ mysql_datadir }}"
state: directory
owner: mysql
group: mysql
mode: 0755
setype: mysqld_db_t
- name: Set ownership on slow query log file (if configured).
file:
path: "{{ mysql_slow_query_log_file }}"
state: file
owner: mysql
group: mysql
mode: 0640
when: mysql_slow_query_log_enabled
- name: Create error log file (if configured).
shell: "touch {{ mysql_log_error }} creates={{ mysql_log_error }}"
when: mysql_log == "" and mysql_log_error != ""
- name: Set ownership on error log file (if configured).
file:
path: "{{ mysql_log_error }}"
state: file
owner: mysql
group: mysql
mode: 0640
when: mysql_log == "" and mysql_log_error != ""
- name: Ensure MySQL is started and enabled on boot.
service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}"
register: mysql_service_configuration

8
roles/ansible-role-mysql/tasks/databases.yml
View file

@ -1,8 +0,0 @@
---
- name: Ensure MySQL databases are present.
mysql_db:
name: "{{ item.name }}"
collation: "{{ item.collation | default('utf8_general_ci') }}"
encoding: "{{ item.encoding | default('utf8') }}"
state: present
with_items: "{{ mysql_databases }}"

42
roles/ansible-role-mysql/tasks/main.yml
View file

@ -1,42 +0,0 @@
---
# Variable configuration.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
when: ansible_os_family != "RedHat"
- name: Include OS-specific variables (RedHat).
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
when: ansible_os_family == "RedHat"
- name: Define mysql_packages.
set_fact:
mysql_packages: "{{ __mysql_packages | list }}"
when: mysql_packages is not defined
- name: Define mysql_daemon.
set_fact:
mysql_daemon: "{{ __mysql_daemon }}"
when: mysql_daemon is not defined
- name: Define mysql_slow_query_log_file.
set_fact:
mysql_slow_query_log_file: "{{ __mysql_slow_query_log_file }}"
when: mysql_slow_query_log_file is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Check if MySQL packages were installed.
set_fact:
mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed) or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed) }}"
# Configure MySQL.
- include: configure.yml
- include: secure-installation.yml
- include: databases.yml
- include: users.yml
- include: replication.yml

51
roles/ansible-role-mysql/tasks/replication.yml
View file

@ -1,51 +0,0 @@
---
- name: Ensure replication user exists on master.
mysql_user:
name: "{{ mysql_replication_user.name }}"
host: "{{ mysql_replication_user.host | default('%') }}"
password: "{{ mysql_replication_user.password }}"
priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE') }}"
state: present
when: >
(mysql_replication_role == 'master')
and mysql_replication_user
and (mysql_replication_master != '')
- name: Check slave replication status.
mysql_replication: mode=getslave
ignore_errors: true
register: slave
when: >
mysql_replication_role == 'slave'
and (mysql_replication_master != '')
- name: Check master replication status.
mysql_replication: mode=getmaster
delegate_to: "{{ mysql_replication_master }}"
register: master
when: >
slave|failed
and (mysql_replication_role == 'slave')
and (mysql_replication_master != '')
- name: Configure replication on the slave.
mysql_replication:
mode: changemaster
master_host: "{{ mysql_replication_master }}"
master_user: "{{ mysql_replication_user.name }}"
master_password: "{{ mysql_replication_user.password }}"
master_log_file: "{{ master.File }}"
master_log_pos: "{{ master.Position }}"
ignore_errors: True
when: >
slave|failed
and (mysql_replication_role == 'slave')
and (mysql_replication_master != '')
and mysql_replication_user
- name: Start replication.
mysql_replication: mode=startslave
when: >
slave|failed
and (mysql_replication_role == 'slave')
and (mysql_replication_master != '')

44
roles/ansible-role-mysql/tasks/secure-installation.yml
View file

@ -1,44 +0,0 @@
---
- name: Disallow root login remotely
command: 'mysql -NBe "{{ item }}"'
with_items:
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
changed_when: False
- name: Get list of hosts for the root user.
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
register: mysql_root_hosts
changed_when: false
# Note: We do not use mysql_user for this operation, as it doesn't always update
# the root password correctly. See: https://goo.gl/MSOejW
- name: Update MySQL root password for localhost root account.
shell: >
mysql -u root -NBe
'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
with_items: "{{ mysql_root_hosts.stdout_lines }}"
when: mysql_install_packages | bool or mysql_root_password_update
# Has to be after the root password assignment, for idempotency.
- name: Copy .my.cnf file with root password credentials.
template:
src: "user-my.cnf.j2"
dest: "{{ mysql_user_home }}/.my.cnf"
owner: root
group: root
mode: 0600
- name: Get list of hosts for the anonymous user.
command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
register: mysql_anonymous_hosts
changed_when: false
- name: Remove anonymous MySQL users.
mysql_user:
name: ""
host: "{{ item }}"
state: absent
with_items: "{{ mysql_anonymous_hosts.stdout_lines }}"
- name: Remove MySQL test database.
mysql_db: "name='test' state=absent"

26
roles/ansible-role-mysql/tasks/setup-Debian.yml
View file

@ -1,26 +0,0 @@
---
- name: Check if MySQL is already installed.
stat: path=/etc/init.d/mysql
register: mysql_installed
- name: Update apt cache if MySQL is not yet installed.
apt: update_cache=yes
when: mysql_installed.stat.exists == false
- name: Ensure MySQL Python libraries are installed.
apt: "name=python-mysqldb state=installed"
- name: Ensure MySQL packages are installed.
apt: "name={{ item }} state=installed"
with_items: "{{ mysql_packages }}"
register: deb_mysql_install_packages
# Because Ubuntu starts MySQL as part of the install process, we need to stop
# mysql and remove the logfiles in case the user set a custom log file size.
- name: Ensure MySQL is stopped after initial install.
service: "name={{ mysql_daemon }} state=stopped"
when: mysql_installed.stat.exists == false
- name: Delete innodb log files created by apt package after initial install.
shell: "rm -f {{ mysql_datadir }}/ib_logfile[01]"
when: mysql_installed.stat.exists == false

8
roles/ansible-role-mysql/tasks/setup-RedHat.yml
View file

@ -1,8 +0,0 @@
---
- name: Ensure MySQL packages are installed.
yum: "name={{ item }} state=installed enablerepo={{ mysql_enablerepo }}"
with_items: "{{ mysql_packages }}"
register: rh_mysql_install_packages
- name: Ensure MySQL Python libraries are installed.
yum: "name=MySQL-python state=installed enablerepo={{ mysql_enablerepo }}"

11
roles/ansible-role-mysql/tasks/users.yml
View file

@ -1,11 +0,0 @@
---
- name: Ensure MySQL users are present.
mysql_user:
name: "{{ item.name }}"
host: "{{ item.host | default('localhost') }}"
password: "{{ item.password }}"
priv: "{{ item.priv | default('*.*:USAGE') }}"
state: "{{ item.state | default('present') }}"
append_privs: "{{ item.append_privs | default('no') }}"
with_items: "{{ mysql_users }}"
no_log: true

110
roles/ansible-role-mysql/templates/my.cnf.j2
View file

@ -1,110 +0,0 @@
[client]
#password = your_password
port = {{ mysql_port }}
socket = {{ mysql_socket }}
[mysqld]
port = {{ mysql_port }}
bind-address = {{ mysql_bind_address }}
datadir = {{ mysql_datadir }}
socket = {{ mysql_socket }}
pid-file = {{ mysql_pid_file }}
{% if mysql_skip_name_resolve %}
skip-name-resolve
{% endif %}
# Logging configuration.
{% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %}
syslog
syslog-tag = {{ mysql_syslog_tag }}
{% else %}
{% if mysql_log %}
log = {{ mysql_log }}
{% endif %}
log-error = {{ mysql_log_error }}
{% endif %}
{% if mysql_slow_query_log_enabled %}
# Slow query log configuration.
slow_query_log = 1
slow_query_log_file = {{ mysql_slow_query_log_file }}
long_query_time = {{ mysql_slow_query_time }}
{% endif %}
{% if mysql_replication_master %}
# Replication
server-id = {{ mysql_server_id }}
{% if mysql_replication_role == 'master' %}
log_bin = mysql-bin
log-bin-index = mysql-bin.index
expire_logs_days = {{ mysql_expire_logs_days }}
max_binlog_size = {{ mysql_max_binlog_size }}
{% for db in mysql_databases %}
{% if db.replicate|default(1) %}
binlog_do_db = {{ db.name }}
{% else %}
binlog_ignore_db = {{ db.name }}
{% endif %}
{% endfor %}
{% endif %}
{% if mysql_replication_role == 'slave' %}
read_only
relay-log = relay-bin
relay-log-index = relay-bin.index
{% endif %}
{% endif %}
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links = 0
# User is ignored when systemd is used (fedora >= 15).
user = mysql
# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
;performance_schema
# Memory settings.
key_buffer_size = {{ mysql_key_buffer_size }}
max_allowed_packet = {{ mysql_max_allowed_packet }}
table_open_cache = {{ mysql_table_open_cache }}
sort_buffer_size = {{ mysql_sort_buffer_size }}
read_buffer_size = {{ mysql_read_buffer_size }}
read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }}
myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }}
thread_cache_size = {{ mysql_thread_cache_size }}
query_cache_size = {{ mysql_query_cache_size }}
max_connections = {{ mysql_max_connections }}
# Other settings.
wait_timeout = {{ mysql_wait_timeout }}
# InnoDB settings.
default-storage-engine = innodb
innodb_file_per_table = {{ mysql_innodb_file_per_table }}
innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
innodb_log_file_size = {{ mysql_innodb_log_file_size }}
innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }}
innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }}
innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }}
innodb_flush_method = O_DIRECT
innodb_open_files = 600
innodb_additional_mem_pool_size = 8M
innodb_thread_concurrency = 0
[mysqldump]
quick
max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }}
[mysqld_safe]
pid-file = {{ mysql_pid_file }}
{% if mysql_config_include_files | length %}
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir {{ mysql_config_include_dir }}
{% endif %}

3
roles/ansible-role-mysql/templates/user-my.cnf.j2
View file

@ -1,3 +0,0 @@
[client]
user={{ mysql_root_username }}
password="{{ mysql_root_password }}"

15
roles/ansible-role-mysql/tests/Dockerfile.centos-6
View file

@ -1,15 +0,0 @@
FROM centos:6
# Install Ansible
RUN yum -y update; yum clean all;
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
CMD ["/usr/sbin/init"]

27
roles/ansible-role-mysql/tests/Dockerfile.centos-7
View file

@ -1,27 +0,0 @@
FROM centos:7
# Install systemd -- See https://hub.docker.com/_/centos/
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
# Install Ansible
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

14
roles/ansible-role-mysql/tests/Dockerfile.ubuntu-12.04
View file

@ -1,14 +0,0 @@
FROM ubuntu:12.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common python-software-properties git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
COPY initctl_faker .
RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

14
roles/ansible-role-mysql/tests/Dockerfile.ubuntu-14.04
View file

@ -1,14 +0,0 @@
FROM ubuntu:14.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
COPY initctl_faker .
RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

15
roles/ansible-role-mysql/tests/centos-7-test.yml
View file

@ -1,15 +0,0 @@
---
- hosts: all
vars:
mysql_packages:
- mariadb
- mariadb-server
- mariadb-libs
- MySQL-python
- perl-DBD-MySQL
mysql_daemon: mariadb
mysql_log_error: /var/log/mariadb/mariadb.log
mysql_syslog_tag: mariadb
mysql_pid_file: /var/run/mariadb/mariadb.pid
roles:
- role_under_test

23
roles/ansible-role-mysql/tests/initctl_faker
View file

@ -1,23 +0,0 @@
#!/bin/sh
ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')"
case "$ALIAS_CMD" in
start|stop|restart|reload|status)
exec service $1 $ALIAS_CMD
;;
esac
case "$1" in
list )
exec service --status-all
;;
reload-configuration )
exec service $2 restart
;;
start|stop|restart|reload|status)
exec service $2 $1
;;
\?)
exit 0
;;
esac

1
roles/ansible-role-mysql/tests/inventory
View file

@ -1 +0,0 @@
localhost

4
roles/ansible-role-mysql/tests/test.yml
View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- role_under_test

9
roles/ansible-role-mysql/vars/Debian.yml
View file

@ -1,9 +0,0 @@
---
__mysql_daemon: mysql
__mysql_packages:
- mysql-common
- mysql-server
__mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log
mysql_config_file: /etc/mysql/my.cnf
mysql_config_include_dir: /etc/mysql/conf.d
mysql_socket: /var/run/mysqld/mysqld.sock

9
roles/ansible-role-mysql/vars/RedHat-6.yml
View file

@ -1,9 +0,0 @@
---
__mysql_daemon: mysqld
__mysql_packages:
- mysql
- mysql-server
__mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_config_file: /etc/my.cnf
mysql_config_include_dir: /etc/my.cnf.d
mysql_socket: /var/lib/mysql/mysql.sock

15
roles/ansible-role-mysql/vars/RedHat-7.yml
View file

@ -1,15 +0,0 @@
---
__mysql_daemon: mariadb
__mysql_packages:
- mariadb
- mariadb-server
- mariadb-libs
- MySQL-python
- perl-DBD-MySQL
__mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_log_error: /var/log/mariadb/mariadb.log
mysql_syslog_tag: mariadb
mysql_pid_file: /var/lib/mysql/mariadb.pid
mysql_config_file: /etc/my.cnf
mysql_config_include_dir: /etc/my.cnf.d
mysql_socket: /var/lib/mysql/mysql.sock

39
roles/ansible-role-nginx/.travis.yml
View file

@ -1,39 +0,0 @@
---
sudo: required
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# TODO - get the test working. Probably need to add a virtual host.
# Request a page via Nginx, to make sure Nginx is running and responds.
# - "curl http://localhost/"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

122
roles/ansible-role-nginx/README.md
View file

@ -1,122 +0,0 @@
# Ansible Role: Nginx
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, or FreeBSD servers.
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
nginx_vhosts: []
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
nginx_vhosts:
- listen: "80 default_server"
server_name: "example.com"
root: "/var/www/example.com"
index: "index.php index.html index.htm"
error_page: ""
access_log: ""
error_log: ""
extra_parameters: |
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`.
nginx_remove_default_vhost: false
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
nginx_upstreams: []
If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information.
nginx_user: "nginx"
The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian.
nginx_worker_processes: "1"
nginx_worker_connections: "1024"
nginx_multi_accept: "off"
`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately.
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives.
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests.
nginx_client_max_body_size: "64m"
This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low.
nginx_server_names_hash_bucket_size: "64"
If you have many server names, or have very long server names, you might get an Nginx error on startup requiring this value to be increased.
nginx_proxy_cache_path: ""
Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations).
nginx_extra_http_options: ""
Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example:
nginx_extra_http_options: |
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
nginx_default_release: ""
(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx.
nginx_ppa_use: false
nginx_ppa_version: stable
(For Ubuntu only) Allows you to use the official Nginx PPA instead of the system's package. You can set the version to `stable` or `development`.
## Dependencies
None.
## Example Playbook
- hosts: server
roles:
- { role: geerlingguy.nginx }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

68
roles/ansible-role-nginx/defaults/main.yml
View file

@ -1,68 +0,0 @@
---
# Used only for Debian/Ubuntu installation, as the -t option for apt.
nginx_default_release: ""
# Use the official Nginx PPA for Ubuntu, and the version to use if so.
nginx_ppa_use: false
nginx_ppa_version: stable
# The name of the nginx apt/yum package to install.
nginx_package_name: "nginx"
nginx_worker_processes: "auto"
nginx_worker_connections: "1024"
nginx_multi_accept: "off"
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
nginx_client_max_body_size: "64m"
nginx_server_names_hash_bucket_size: "64"
nginx_proxy_cache_path: ""
nginx_extra_conf_options: ""
# Example extra main options, used within the main nginx's context:
# nginx_extra_conf_options: |
# env VARIABLE;
# include /etc/nginx/main.d/*.conf;
nginx_extra_http_options: ""
# Example extra http options, printed inside the main server http config:
# nginx_extra_http_options: |
# proxy_buffering off;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Scheme $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
nginx_remove_default_vhost: false
nginx_vhosts: []
# Example vhost below, showing all available options:
# - listen: "80 default_server" # default: "80 default_server"
# server_name: "example.com" # default: N/A
# root: "/var/www/example.com" # default: N/A
# index: "index.html index.htm" # default: "index.html index.htm"
#
# # Properties that are only added if defined:
# error_page: ""
# access_log: ""
# error_log: ""
# extra_parameters: "" # Can be used to add extra config blocks (multiline).
nginx_upstreams: []
# - name: myapp1
# strategy: "ip_hash" # "least_conn", etc.
# servers: {
# "srv1.example.com",
# "srv2.example.com weight=3",
# "srv3.example.com"
# }

10
roles/ansible-role-nginx/handlers/main.yml
View file

@ -1,10 +0,0 @@
---
- name: restart nginx
service: name=nginx state=restarted
- name: validate nginx configuration
command: nginx -t -c /etc/nginx/nginx.conf
changed_when: False
- name: reload nginx
service: name=nginx state=reloaded

30
roles/ansible-role-nginx/meta/main.yml
View file

@ -1,30 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Nginx installation for Linux and FreeBSD.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.8
platforms:
- name: EL
versions:
- 6
- 7
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
- name: FreeBSD
versions:
- 10.3
- 10.2
- 10.1
- 10.0
- 9.3
galaxy_tags:
- development
- web

49
roles/ansible-role-nginx/tasks/main.yml
View file

@ -1,49 +0,0 @@
---
# Variable setup.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define nginx_user.
set_fact:
nginx_user: "{{ __nginx_user }}"
when: nginx_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include: setup-FreeBSD.yml
when: ansible_os_family == 'FreeBSD'
# Vhost configuration.
- include: vhosts.yml
# Nginx setup.
- name: Copy nginx configuration in place.
template:
src: nginx.conf.j2
dest: "{{ nginx_conf_file_path }}"
owner: root
group: "{{ root_group }}"
mode: 0644
notify:
- reload nginx
- name: Copy headers config file in place.
template:
src: headers.conf.j2
dest: "{{ nginx_conf_path }}"
owner: root
group: "{{ root_group }}"
mode: 0644
notify:
- reload nginx
- name: Ensure nginx is started and enabled to start at boot.
service: name=nginx state=started enabled=yes

Some files were not shown because too many files have changed in this diff Show more