From 7526625df8825637a43c68e10b87c3738cda3d6b Mon Sep 17 00:00:00 2001 From: flifloo Date: Mon, 2 May 2022 17:37:08 +0200 Subject: [PATCH] Create roles --- .gitignore | 1 + README.md | 15 + ansible.cfg | 3 +- my.cnf.j2 | 3 - roles/ansistrano.deploy/.gitattributes | 8 + roles/ansistrano.deploy/.gitignore | 53 ++ roles/ansistrano.deploy/.travis.yml | 51 ++ roles/ansistrano.deploy/.yamllint | 21 + roles/ansistrano.deploy/CODE_OF_CONDUCT.md | 76 +++ roles/ansistrano.deploy/LICENSE | 21 + roles/ansistrano.deploy/README.md | 569 ++++++++++++++++++ roles/ansistrano.deploy/ansible.cfg | 2 + roles/ansistrano.deploy/defaults/main.yml | 90 +++ .../meta/.galaxy_install_info | 2 + roles/ansistrano.deploy/meta/main.yml | 47 ++ roles/ansistrano.deploy/tasks/anon-stats.yml | 16 + roles/ansistrano.deploy/tasks/cleanup.yml | 5 + roles/ansistrano.deploy/tasks/empty.yml | 2 + roles/ansistrano.deploy/tasks/funding.yml | 8 + roles/ansistrano.deploy/tasks/main.yml | 38 ++ .../ansistrano.deploy/tasks/rsync-deploy.yml | 41 ++ roles/ansistrano.deploy/tasks/setup.yml | 32 + .../tasks/symlink-shared.yml | 33 + roles/ansistrano.deploy/tasks/symlink.yml | 20 + roles/ansistrano.deploy/tasks/update-code.yml | 27 + .../tasks/update-code/copy.yml | 10 + .../tasks/update-code/copy_unarchive.yml | 8 + .../tasks/update-code/download.yml | 13 + .../tasks/update-code/download_unarchive.yml | 8 + .../tasks/update-code/gcs.yml | 15 + .../tasks/update-code/gcs_unarchive.yml | 8 + .../tasks/update-code/git.yml | 76 +++ .../tasks/update-code/hg.yml | 18 + .../tasks/update-code/rsync.yml | 21 + .../tasks/update-code/rsync_direct.yml | 13 + .../tasks/update-code/s3.yml | 32 + .../tasks/update-code/s3_unarchive.yml | 8 + .../tasks/update-code/svn.yml | 31 + .../tasks/update-code/unarchive.yml | 32 + roles/apt/.travis.yml | 29 + roles/apt/README.md | 38 ++ roles/apt/defaults/main.yml | 2 + roles/apt/handlers/main.yml | 2 + roles/apt/meta/main.yml | 52 ++ roles/apt/tasks/main.yml | 9 + roles/apt/tests/inventory | 2 + roles/apt/tests/test.yml | 5 + roles/apt/vars/main.yml | 2 + roles/mariadb/.travis.yml | 29 + roles/mariadb/README.md | 38 ++ roles/mariadb/defaults/main.yml | 2 + roles/mariadb/handlers/main.yml | 2 + roles/mariadb/meta/main.yml | 52 ++ roles/mariadb/tasks/main.yml | 16 + roles/mariadb/tests/inventory | 2 + roles/mariadb/tests/test.yml | 5 + roles/mariadb/vars/main.yml | 2 + roles/nginx/.travis.yml | 29 + roles/nginx/README.md | 38 ++ roles/nginx/defaults/main.yml | 3 + roles/nginx/handlers/main.yml | 5 + roles/nginx/meta/main.yml | 52 ++ roles/nginx/tasks/main.yml | 43 ++ roles/nginx/templates/gzip.conf | 6 + .../nginx/templates/vhost.conf | 25 +- roles/nginx/tests/inventory | 2 + roles/nginx/tests/test.yml | 5 + roles/nginx/vars/main.yml | 2 + roles/nodejs/.travis.yml | 29 + roles/nodejs/README.md | 38 ++ roles/nodejs/defaults/main.yml | 2 + roles/nodejs/handlers/main.yml | 2 + roles/nodejs/meta/main.yml | 52 ++ roles/nodejs/tasks/main.yml | 8 + roles/nodejs/tests/inventory | 2 + roles/nodejs/tests/test.yml | 5 + roles/nodejs/vars/main.yml | 2 + roles/php/.travis.yml | 29 + roles/php/README.md | 38 ++ roles/php/defaults/main.yml | 2 + roles/php/handlers/main.yml | 2 + roles/php/meta/main.yml | 52 ++ roles/php/tasks/main.yml | 39 ++ roles/php/tests/inventory | 2 + roles/php/tests/test.yml | 5 + roles/php/vars/main.yml | 2 + readme.md => subject.md | 0 87 files changed, 2267 insertions(+), 20 deletions(-) create mode 100644 .gitignore create mode 100644 README.md delete mode 100644 my.cnf.j2 create mode 100644 roles/ansistrano.deploy/.gitattributes create mode 100644 roles/ansistrano.deploy/.gitignore create mode 100644 roles/ansistrano.deploy/.travis.yml create mode 100644 roles/ansistrano.deploy/.yamllint create mode 100644 roles/ansistrano.deploy/CODE_OF_CONDUCT.md create mode 100644 roles/ansistrano.deploy/LICENSE create mode 100644 roles/ansistrano.deploy/README.md create mode 100644 roles/ansistrano.deploy/ansible.cfg create mode 100644 roles/ansistrano.deploy/defaults/main.yml create mode 100644 roles/ansistrano.deploy/meta/.galaxy_install_info create mode 100644 roles/ansistrano.deploy/meta/main.yml create mode 100644 roles/ansistrano.deploy/tasks/anon-stats.yml create mode 100644 roles/ansistrano.deploy/tasks/cleanup.yml create mode 100644 roles/ansistrano.deploy/tasks/empty.yml create mode 100644 roles/ansistrano.deploy/tasks/funding.yml create mode 100644 roles/ansistrano.deploy/tasks/main.yml create mode 100644 roles/ansistrano.deploy/tasks/rsync-deploy.yml create mode 100644 roles/ansistrano.deploy/tasks/setup.yml create mode 100644 roles/ansistrano.deploy/tasks/symlink-shared.yml create mode 100644 roles/ansistrano.deploy/tasks/symlink.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/copy.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/copy_unarchive.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/download.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/download_unarchive.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/gcs.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/gcs_unarchive.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/git.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/hg.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/rsync.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/rsync_direct.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/s3.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/s3_unarchive.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/svn.yml create mode 100644 roles/ansistrano.deploy/tasks/update-code/unarchive.yml create mode 100644 roles/apt/.travis.yml create mode 100644 roles/apt/README.md create mode 100644 roles/apt/defaults/main.yml create mode 100644 roles/apt/handlers/main.yml create mode 100644 roles/apt/meta/main.yml create mode 100644 roles/apt/tasks/main.yml create mode 100644 roles/apt/tests/inventory create mode 100644 roles/apt/tests/test.yml create mode 100644 roles/apt/vars/main.yml create mode 100644 roles/mariadb/.travis.yml create mode 100644 roles/mariadb/README.md create mode 100644 roles/mariadb/defaults/main.yml create mode 100644 roles/mariadb/handlers/main.yml create mode 100644 roles/mariadb/meta/main.yml create mode 100644 roles/mariadb/tasks/main.yml create mode 100644 roles/mariadb/tests/inventory create mode 100644 roles/mariadb/tests/test.yml create mode 100644 roles/mariadb/vars/main.yml create mode 100644 roles/nginx/.travis.yml create mode 100644 roles/nginx/README.md create mode 100644 roles/nginx/defaults/main.yml create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/meta/main.yml create mode 100644 roles/nginx/tasks/main.yml create mode 100644 roles/nginx/templates/gzip.conf rename vhost.conf => roles/nginx/templates/vhost.conf (57%) create mode 100644 roles/nginx/tests/inventory create mode 100644 roles/nginx/tests/test.yml create mode 100644 roles/nginx/vars/main.yml create mode 100644 roles/nodejs/.travis.yml create mode 100644 roles/nodejs/README.md create mode 100644 roles/nodejs/defaults/main.yml create mode 100644 roles/nodejs/handlers/main.yml create mode 100644 roles/nodejs/meta/main.yml create mode 100644 roles/nodejs/tasks/main.yml create mode 100644 roles/nodejs/tests/inventory create mode 100644 roles/nodejs/tests/test.yml create mode 100644 roles/nodejs/vars/main.yml create mode 100644 roles/php/.travis.yml create mode 100644 roles/php/README.md create mode 100644 roles/php/defaults/main.yml create mode 100644 roles/php/handlers/main.yml create mode 100644 roles/php/meta/main.yml create mode 100644 roles/php/tasks/main.yml create mode 100644 roles/php/tests/inventory create mode 100644 roles/php/tests/test.yml create mode 100644 roles/php/vars/main.yml rename readme.md => subject.md (100%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62c8935 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..b05d938 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Ansible Project +> Florian Charlaix P1905458 | DevOps 1 + +## SSH Keys +### VM + +### Git + +## Roles +* + +## Setup +(Also makefile can be used) + +## Schema diff --git a/ansible.cfg b/ansible.cfg index 6e5f1e8..7603560 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,2 +1,3 @@ [defaults] -roles_path=roles \ No newline at end of file +roles_path=roles +inventory=hosts.yml diff --git a/my.cnf.j2 b/my.cnf.j2 deleted file mode 100644 index b4f44e4..0000000 --- a/my.cnf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -[client] -user=root -password={{ mariadb_root_password }} \ No newline at end of file diff --git a/roles/ansistrano.deploy/.gitattributes b/roles/ansistrano.deploy/.gitattributes new file mode 100644 index 0000000..0908492 --- /dev/null +++ b/roles/ansistrano.deploy/.gitattributes @@ -0,0 +1,8 @@ +docs/ export-ignore +example/ export-ignore +test/ export-ignore +TESTING.md export-ignore +Vagrantfile export-ignore +*.html linguist-detectable=false +*.yml linguist-detectable=true +*.yaml linguist-detectable=true diff --git a/roles/ansistrano.deploy/.gitignore b/roles/ansistrano.deploy/.gitignore new file mode 100644 index 0000000..f7afe75 --- /dev/null +++ b/roles/ansistrano.deploy/.gitignore @@ -0,0 +1,53 @@ +# Created by .ignore support plugin (hsz.mobi) + +### Vagrant template +.vagrant/ + +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio + +*.iml + +## Directory-based project format: +.idea/ +# if you remove the above rule, at least ignore the following: + +# User-specific stuff: +# .idea/workspace.xml +# .idea/tasks.xml +# .idea/dictionaries + +# Sensitive or high-churn files: +# .idea/dataSources.ids +# .idea/dataSources.xml +# .idea/sqlDataSources.xml +# .idea/dynamic.xml +# .idea/uiDesigner.xml + +# Gradle: +# .idea/gradle.xml +# .idea/libraries + +# Mongo Explorer plugin: +# .idea/mongoSettings.xml + +## File-based project format: +*.ipr +*.iws + +## Plugin-specific files: + +# IntelliJ +/out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties + diff --git a/roles/ansistrano.deploy/.travis.yml b/roles/ansistrano.deploy/.travis.yml new file mode 100644 index 0000000..d82f62b --- /dev/null +++ b/roles/ansistrano.deploy/.travis.yml @@ -0,0 +1,51 @@ +language: python +services: + - docker + +env: + - ANSIBLE_VERSION: "2.9.27" + - ANSIBLE_VERSION: "2.10.7" + - ANSIBLE_VERSION: "3.4.0" + - ANSIBLE_VERSION: "4.10.0" + - distribution: Ubuntu + distribution_version: bionic + init: /lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + ANSIBLE_VERSION: docker + - distribution: Ubuntu + distribution_version: xenial + init: /lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + ANSIBLE_VERSION: docker + - distribution: Debian + distribution_version: buster + init: /lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + ANSIBLE_VERSION: docker + +before_install: + # Standard Local Testing Commands + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then sudo apt-get -y install software-properties-common ; fi + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then sudo apt-get -y install python-pip ; fi + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then sudo pip install ansible==$ANSIBLE_VERSION ; fi + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then ansible --version ; fi + # Docker Testing pull container. + - if [ "${ANSIBLE_VERSION}" == "docker" ]; then docker pull ansiblecheck/ansiblecheck:${distribution,,}-${distribution_version} ; fi + + +script: + # Local Testing Commands + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then echo localhost > inventory ; fi + - if [ "${ANSIBLE_VERSION}" != "docker" ]; then ansible-playbook -i inventory --connection=local --become -v test/main.yml ; fi + + # Docker Testing Commands + - if [ "${ANSIBLE_VERSION}" == "docker" ]; then container_id=$(mktemp) ; fi + # Start The Built Container In The Background + - if [ "${ANSIBLE_VERSION}" == "docker" ]; then docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ansiblecheck/ansiblecheck:"${distribution,,}"-"${distribution_version}" "${init}" > "${container_id}" ; fi + # Ansible syntax check. + - if [ "${ANSIBLE_VERSION}" == "docker" ]; then docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/test/main.yml --syntax-check ; fi + # Test role. + - if [ "${ANSIBLE_VERSION}" == "docker" ]; then docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/test/main.yml -v -e update_cache=1; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/ansistrano.deploy/.yamllint b/roles/ansistrano.deploy/.yamllint new file mode 100644 index 0000000..1708d26 --- /dev/null +++ b/roles/ansistrano.deploy/.yamllint @@ -0,0 +1,21 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: {max-spaces-inside: 1, level: error} + brackets: {max-spaces-inside: 1, level: error} + colons: {max-spaces-after: -1, level: error} + commas: {max-spaces-after: -1, level: error} + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: {max: 3, level: error} + hyphens: {level: error} + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: {type: unix} + trailing-spaces: disable + truthy: disable diff --git a/roles/ansistrano.deploy/CODE_OF_CONDUCT.md b/roles/ansistrano.deploy/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..ecd37af --- /dev/null +++ b/roles/ansistrano.deploy/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at coc@ansistrano.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/roles/ansistrano.deploy/LICENSE b/roles/ansistrano.deploy/LICENSE new file mode 100644 index 0000000..44d3fcc --- /dev/null +++ b/roles/ansistrano.deploy/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2021 Carlos Buenosvinos + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/ansistrano.deploy/README.md b/roles/ansistrano.deploy/README.md new file mode 100644 index 0000000..7eb91cf --- /dev/null +++ b/roles/ansistrano.deploy/README.md @@ -0,0 +1,569 @@ +Ansistrano +========== + +[![Build Status](https://travis-ci.com/ansistrano/deploy.svg?branch=master)](https://travis-ci.com/ansistrano/deploy) +[![Total Deployments](https://img.shields.io/badge/dynamic/json.svg?label=overall&uri=https%3A%2F%2Fansistrano.com%2Finfo&query=deployments.total&colorB=green&suffix=%20deployments)](https://ansistrano.com) +[![Year Deployments](https://img.shields.io/badge/dynamic/json.svg?label=year&uri=https%3A%2F%2Fansistrano.com%2Finfo&query=deployments.year&colorB=green&suffix=%20deployments)](https://ansistrano.com) +[![Month Deployments](https://img.shields.io/badge/dynamic/json.svg?label=month&uri=https%3A%2F%2Fansistrano.com%2Finfo&query=deployments.month&colorB=green&suffix=%20deployments)](https://ansistrano.com) +[![Today Deployments](https://img.shields.io/badge/dynamic/json.svg?label=today&uri=https%3A%2F%2Fansistrano.com%2Finfo&query=deployments.today&colorB=green&suffix=%20deployments)](https://ansistrano.com) + +**ansistrano.deploy** and **ansistrano.rollback** are Ansible roles to easily manage the deployment process for scripting applications such as PHP, Python and Ruby. It's an Ansible port for Capistrano. + +- [Ansistrano](#ansistrano) + - [History](#history) + - [Project name](#project-name) + - [Ansistrano anonymous usage stats](#ansistrano-anonymous-usage-stats) + - [Who is using Ansistrano?](#who-is-using-ansistrano) + - [Requirements](#requirements) + - [Installation](#installation) + - [Update](#update) + - [Features](#features) + - [Main workflow](#main-workflow) + - [Role Variables](#role-variables) + - [Deploying](#deploying) + - [Rolling back](#rolling-back) + - [Hooks: Custom tasks](#hooks-custom-tasks) + - [Variables in custom tasks](#variables-in-custom-tasks) + - [Pruning old releases](#pruning-old-releases) + - [Example Playbook](#example-playbook) + - [Sample projects](#sample-projects) + - [They're talking about us](#theyre-talking-about-us) + - [License](#license) + - [Other resources](#other-resources) + +History +------- + +[Capistrano](http://capistranorb.com/) is a remote server automation tool and it's currently in Version 3. [Version 2.0](https://github.com/capistrano/capistrano/tree/legacy-v2) was originally thought in order to deploy RoR applications. With additional plugins, you were able to deploy non Rails applications such as PHP and Python, with different deployment strategies, stages and much more. I loved Capistrano v2. I have used it a lot. I developed a plugin for it. + +Capistrano 2 was a great tool and it still works really well. However, it is not maintained anymore since the original team is working in v3. This new version does not have the same set of features so it is less powerful and flexible. Besides that, other new tools are becoming easier to use in order to deploy applications, such as Ansible. + +So, I have decided to stop using Capistrano because v2 is not maintained, v3 does not have enough features, and I can do everything Capistrano was doing with Ansible. If you are looking for alternatives, check Fabric or Chef Solo. + +Project name +------------ + +Ansistrano comes from Ansible + Capistrano, easy, isn't it? + +Ansistrano anonymous usage stats +-------------------------------- + +There is an optional step in Ansistrano that sends a HTTP request to our servers. Unfortunately, the metrics we can get from Ansible Galaxy are limited so this is one of the few ways we have to measure how many active users we really have. + +We only use this data for usage statistics but anyway, if you are not comfortable with this, you can disable this extra step by setting `ansistrano_allow_anonymous_stats` to false in your playbooks. + +Who is using Ansistrano? +------------------------ + +Is Ansistrano ready to be used? Here are some companies currently using it: + +* [ABA English](http://www.abaenglish.com/) +* [Another Place Productions](http://www.anotherplaceproductions.com) +* [Aptvision](https://www.aptvision.com) +* [ARTACK WebLab](https://www.artack.ch) +* [Atrápalo](http://www.atrapalo.com) +* [Beroomers](https://www.beroomers.com) +* [CMP Group](http://www.teamcmp.com) +* [Cabissimo](https://www.cabissimo.com) +* [Camel Secure](https://camelsecure.com) +* [Cherry Hill](https://chillco.com) +* [Claranet France](http://www.claranet.fr/) +* [Clearpoint](http://www.clearpoint.co.nz) +* [Clever Age](https://www.clever-age.com) +* [CridaDemocracia](https://cridademocracia.org) +* [Cycloid](http://www.cycloid.io) +* [Daemonit](https://daemonit.com) +* [Deliverea](https://www.deliverea.com/) +* [DevOps Barcelona Conference](https://devops.barcelona/) +* [EnAlquiler](http://www.enalquiler.com/) +* [Euromillions.com](http://euromillions.com/) +* [Finizens](https://finizens.com/) +* [FloraQueen](https://www.floraqueen.com/) +* [Fluxus](http://www.fluxus.io/) +* [Geocalia](https://geocalia.com/) +* [Gstock](http://www.g-stock.es) +* [HackSoft](https://hacksoft.io/) +* [HackConf](https://hackconf.bg/en/) +* [Hexanet](https://www.hexanet.fr) +* [HiringThing](https://www.hiringthing.com/) +* [Holaluz](https://www.holaluz.com) +* [Hosting4devs](https://hosting4devs.com) +* [Jolicode](http://jolicode.com/) +* [Kidfund](http://link.kidfund.us/github "Kidfund") +* [Lumao SAS](https://lumao.eu) +* [mailXpert](https://www.mailxpert.ch) +* [MEDIA.figaro](http://media.figaro.fr) +* [Moss](https://moss.sh) +* [Nice&Crazy](http://www.niceandcrazy.com) +* [Nodo Ámbar](http://www.nodoambar.com/) +* [Oferplan](http://oferplan.com/) +* [Ofertix](http://www.ofertix.com) +* [Òmnium Cultural](https://www.omnium.cat) +* [OpsWay Software Factory](http://opsway.com) +* [Parkimeter](https://parkimeter.com) +* [PHP Barcelona Conference](https://php.barcelona/) +* [Scoutim](https://scoutim.com) +* [Socialnk](https://socialnk.com/) +* [Spotahome](https://www.spotahome.com) +* [Suntransfers](http://www.suntransfers.com) +* [TechPump](http://www.techpump.com/) +* [Tienda Online VirginMobile](https://cambiate.virginmobile.cl) +* [The Cocktail](https://the-cocktail.com/) +* [Timehook](https://timehook.io) +* [TMTFactory](https://tmtfactory.com) +* [UNICEF Comité Español](https://www.unicef.es) +* [Ulabox](https://www.ulabox.com) +* [Uvinum](http://www.uvinum.com) +* [VirginMobile Chile](https://empresas.virginmobile.cl) +* [Wavecontrol](http://monitoring.wavecontrol.com/ca/public/demo/) +* [WAVE Meditation](https://wavemeditation.com/) +* [Yubl](https://yubl.me/) + +If you are also using it, please let us know via a PR to this document. + +Requirements +------------ + +In order to deploy your apps with Ansistrano, you will need: + +* Ansible in your deployer machine +* `rsync` on the target machine if you are using either the `rsync`, `rsync_direct`, or `git` deployment strategy or if you are using `ansistrano_current_via = rsync` + +Installation +------------ + +Ansistrano is an Ansible role distributed globally using [Ansible Galaxy](https://galaxy.ansible.com/). In order to install Ansistrano role you can use the following command. + +``` +$ ansible-galaxy install ansistrano.deploy ansistrano.rollback +``` + +Update +------ + +If you want to update the role, you need to pass **--force** parameter when installing. Please, check the following command: + +``` +$ ansible-galaxy install --force ansistrano.deploy ansistrano.rollback +``` + +Features +-------- + +* Rollback in seconds (with ansistrano.rollback role) +* Customize your deployment with hooks before and after critical steps +* Save disk space keeping a maximum fixed releases in your hosts +* Choose between SCP, RSYNC, GIT, SVN, HG, HTTP Download or S3 GET deployment strategies (optional unarchive step included) + +Main workflow +------------- + +Ansistrano deploys applications following the Capistrano flow. + +* Setup phase: Creates the folder structure to hold your releases +* Code update phase: Puts the new release into your hosts +* Symlink phase: After deploying the new release into your hosts, this step changes the `current` softlink to new the release +* Cleanup phase: Removes any old version based in the `ansistrano_keep_releases` parameter (see "Role Variables") + +![Ansistrano Flow](https://raw.githubusercontent.com/ansistrano/deploy/master/docs/ansistrano-flow.png) + +Role Variables +-------------- + +```yaml +vars: + ansistrano_deploy_from: "{{ playbook_dir }}/" # Where my local project is (relative or absolute path) + ansistrano_deploy_to: "/var/www/my-app" # Base path to deploy to. + ansistrano_version_dir: "releases" # Releases folder name + ansistrano_current_dir: "current" # Softlink name. You should rarely changed it. + ansistrano_current_via: "symlink" # Deployment strategy who code should be deployed to current path. Options are symlink or rsync + ansistrano_keep_releases: 0 # Releases to keep after a new deployment. See "Pruning old releases". + + # Arrays of directories and files to be shared. + # The following arrays of directories and files will be symlinked to the current release directory after the 'update-code' step and its callbacks + # Notes: + # * Paths are relative to the /shared directory (no starting /) + # * If your items are in a subdirectory, write the entire path to each shared directory + # + # Example: + # ansistrano_shared_paths: + # - path/to/first-dir + # - path/next-dir + # ansistrano_shared_files: + # - my-file.txt + # - path/to/file.txt + ansistrano_shared_paths: [] + ansistrano_shared_files: [] + + + # Shared paths and basedir shared files creation. + # By default the shared paths directories and base directories for shared files are created automatically if not exists. But in some scenarios those paths could be symlinks to another directories in the filesystem, and the deployment process would fails. With these variables you can disable the involved tasks. If you have two or three shared paths, and don't need creation only for some of them, you always could disable the automatic creation and add a custom task in a hook. + ansistrano_ensure_shared_paths_exist: yes + ansistrano_ensure_basedirs_shared_files_exist: yes + + # Deployment strategy - method used to deliver code. Options are copy, download, git, rsync, rsync_direct, svn, or s3. + ansistrano_deploy_via: rsync + # Copy, download and s3 have an optional step to unarchive the downloaded file which can be used by adding _unarchive. + # The rsync_direct strategy omits a file copy on the target offering a slight speed increase if you are deploying to shared hosts, are experiancing bad file-performance, or serve static assets from the same host you deploy your app to and rsync many files. + # You can check all the options inside tasks/update-code folder! + + ansistrano_allow_anonymous_stats: yes + + # Variables used in the rsync/rsync_direct deployment strategy + ansistrano_rsync_extra_params: "" # Extra parameters to use when deploying with rsync in a single string. Although Ansible allows an array this can cause problems if we try to add multiple --include args as it was reported in https://github.com/ansistrano/deploy/commit/e98942dc969d4e620313f00f003a7ea2eab67e86 + ansistrano_rsync_set_remote_user: yes # See [ansible synchronize module](http://docs.ansible.com/ansible/synchronize_module.html). Options are yes, no. + ansistrano_rsync_path: "" # See [ansible synchronize module](http://docs.ansible.com/ansible/synchronize_module.html). By default is "sudo rsync", it can be overwriten with (example): "sudo -u user rsync". + ansistrano_rsync_use_ssh_args: no # See [ansible synchronize module](http://docs.ansible.com/ansible/synchronize_module.html). If set yes, use the ssh_args specified in ansible.cfg. + + # Variables used in the Git deployment strategy + ansistrano_git_repo: git@github.com:USERNAME/REPO.git # Location of the git repository + ansistrano_git_branch: master # What version of the repository to check out. This can be the full 40-character SHA-1 hash, the literal string HEAD, a branch name, or a tag name + ansistrano_git_repo_tree: "" # If specified the subtree of the repository to deploy + ansistrano_git_identity_key_path: "" # If specified this file is copied over and used as the identity key for the git commands, path is relative to the playbook in which it is used + ansistrano_git_identity_key_remote_path: "" # If specified this file on the remote server is used as the identity key for the git commands, remote path is absolute + ansistrano_git_identity_key_shred: true # Shred identity key by default but can be overloaded to false if you encounter the following issue (https://github.com/ansistrano/deploy/issues/357) + # Optional variables, omitted by default + ansistrano_git_refspec: ADDITIONAL_GIT_REFSPEC # Additional refspec to be used by the 'git' module. Uses the same syntax as the 'git fetch' command. + ansistrano_git_ssh_opts: "-o StrictHostKeyChecking=no" # Additional ssh options to be used in Git + ansistrano_git_depth: 1 # Additional history truncated to the specified number or revisions + ansistrano_git_executable: /opt/local/bin/git # Path to git executable to use. If not supplied, the normal mechanism for resolving binary paths will be used. + + # Variables used in the SVN deployment strategy + # Please note there was a bug in the subversion module in Ansible 1.8.x series (https://github.com/ansible/ansible-modules-core/issues/370) so it is only supported from Ansible 1.9 + ansistrano_svn_repo: https://svn.company.com/project # Location of the svn repository + ansistrano_svn_branch: trunk # What branch from the repository to check out. + ansistrano_svn_revision: HEAD # What revision from the repository to check out. + ansistrano_svn_username: user # SVN authentication username + ansistrano_svn_password: Pa$$word # SVN authentication password + ansistrano_svn_environment: {} # Dict with environment variables for svn tasks (https://docs.ansible.com/ansible/playbooks_environment.html) + + # Variables used in the HG deployment strategy + ansistrano_hg_repo: https://USERNAME@bitbucket.org/USERNAME/REPO # Location of the hg repo + ansistrano_hg_branch: default # Any branch identifier that works with hg -r, so named branch, bookmark, commit hash... + + # Variables used in the download deployment strategy + ansistrano_get_url: https://github.com/someproject/somearchive.tar.gz + ansistrano_download_force_basic_auth: false # no default as this is only supported from Ansible 2.0 + ansistrano_download_headers: "" # no default as this is only supported from Ansible 2.0 + + # Variables used in the S3 deployment strategy + ansistrano_s3_bucket: s3bucket + ansistrano_s3_object: s3object.tgz # Add the _unarchive suffix to the ansistrano_deploy_via if your object is a package (ie: s3_unarchive) + ansistrano_s3_region: eu-west-1 + ansistrano_s3_rgw: false # must be Ansible >= 2.2. use Ceph RGW for S3 compatible cloud providers + ansistrano_s3_url: http://rgw.example.com # when use Ceph RGW, set url + # Optional variables, omitted by default + ansistrano_s3_aws_access_key: YOUR_AWS_ACCESS_KEY + ansistrano_s3_aws_secret_key: YOUR_AWS_SECRET_KEY + ansistrano_s3_ignore_nonexistent_bucket: false + + # Variables used in the GCS deployment strategy + ansistrano_gcs_bucket: gcsbucket + ansistrano_gcs_object: gcsobject.tgz # Add the _unarchive suffix to the ansistrano_deploy_via if your object is a package (ie: s3_unarchive) + ansistrano_gcs_region: eu-west-1 # https://cloud.google.com/storage/docs/bucket-locations + # Optional variables, omitted by default + ansistrano_gcs_access_key: YOUR_GCS_ACCESS_KEY # navigate to Cloud console > Storage > Settings > Interoperability + ansistrano_gcs_secret_key: YOUR_GCS_SECRET_KEY + + # Hooks: custom tasks if you need them + ansistrano_before_setup_tasks_file: "{{ playbook_dir }}//my-before-setup-tasks.yml" + ansistrano_after_setup_tasks_file: "{{ playbook_dir }}//my-after-setup-tasks.yml" + ansistrano_before_update_code_tasks_file: "{{ playbook_dir }}//my-before-update-code-tasks.yml" + ansistrano_after_update_code_tasks_file: "{{ playbook_dir }}//my-after-update-code-tasks.yml" + ansistrano_before_symlink_shared_tasks_file: "{{ playbook_dir }}//my-before-symlink-shared-tasks.yml" + ansistrano_after_symlink_shared_tasks_file: "{{ playbook_dir }}//my-after-symlink-shared-tasks.yml" + ansistrano_before_symlink_tasks_file: "{{ playbook_dir }}//my-before-symlink-tasks.yml" + ansistrano_after_symlink_tasks_file: "{{ playbook_dir }}//my-after-symlink-tasks.yml" + ansistrano_before_cleanup_tasks_file: "{{ playbook_dir }}//my-before-cleanup-tasks.yml" + ansistrano_after_cleanup_tasks_file: "{{ playbook_dir }}//my-after-cleanup-tasks.yml" +``` + +`{{ playbook_dir }}` is an Ansible variable that holds the path to the current playbook. + +Deploying +--------- + +In order to deploy with Ansistrano, you need to perform some steps: + +* Create a new `hosts` file. Check [ansible inventory documentation](http://docs.ansible.com/intro_inventory.html) if you need help. This file will identify all the hosts where to deploy to. For multistage environments check [Multistage environments](#multistage-environment-devel-preprod-prod-etc). +* Create a new playbook for deploying your app, for example, `deploy.yml` +* Set up role variables (see [Role Variables](#role-variables)) +* Include the `ansistrano.deploy` role as part of a play +* Run the deployment playbook + +```ansible-playbook -i hosts deploy.yml``` + +If everything has been set up properly, this command will create the following approximate directory structure on your server. Check how the hosts folder structure would look like after one, two and three deployments. + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100509145325 +|-- releases +| |-- 20100509145325 +|-- shared +``` + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100509150741 +|-- releases +| |-- 20100509150741 +| |-- 20100509145325 +|-- shared +``` + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100512131539 +|-- releases +| |-- 20100512131539 +| |-- 20100509150741 +| |-- 20100509145325 +|-- shared +``` + +### Serial deployments + +To prevent different timestamps when deploying to several servers using the [`serial`](http://docs.ansible.com/playbooks_delegation.html#rolling-update-batch-size) option, you should set the `ansistrano_release_version` variable. + +```ansible-playbook -i hosts -e "ansistrano_release_version=`date -u +%Y%m%d%H%M%SZ`" deploy.yml``` + + +Rolling back +----------- + +In order to rollback with Ansistrano, you need to set up the deployment and run the rollback playbook. + +```ansible-playbook -i hosts rollback.yml``` + +If you try to rollback with zero or one releases deployed, an error will be raised and no actions performed. + +Variables you can tune in rollback role are less than in deploy one: + +```yaml +vars: + ansistrano_deploy_to: "/var/www/my-app" # Base path to deploy to. + ansistrano_version_dir: "releases" # Releases folder name + ansistrano_current_dir: "current" # Softlink name. You should rarely changed it. + ansistrano_rollback_to_release: "" # If specified, the application will be rolled back to this release version; previous release otherwise. + ansistrano_remove_rolled_back: yes # You can change this setting in order to keep the rolled back release in the server for later inspection + ansistrano_allow_anonymous_stats: yes + + # Hooks: custom tasks if you need them + ansistrano_rollback_before_setup_tasks_file: "{{ playbook_dir }}//my-rollback-before-setup-tasks.yml" + ansistrano_rollback_after_setup_tasks_file: "{{ playbook_dir }}//my-rollback-after-setup-tasks.yml" + ansistrano_rollback_before_symlink_tasks_file: "{{ playbook_dir }}//my-rollback-before-symlink-tasks.yml" + ansistrano_rollback_after_symlink_tasks_file: "{{ playbook_dir }}//my-rollback-after-symlink-tasks.yml" + ansistrano_rollback_before_cleanup_tasks_file: "{{ playbook_dir }}//my-rollback-before-cleanup-tasks.yml" + ansistrano_rollback_after_cleanup_tasks_file: "{{ playbook_dir }}//my-rollback-after-cleanup-tasks.yml" +``` + +Multistage environment (devel, preprod, prod, etc.) +--------------------------------------------------- + +If you want to deploy to different environments such as devel, preprod and prod, it's recommended to create different hosts files. When done, you can specify a different host file when running the deployment playbook using the **-i** parameter. On every host file, you can specify different users, password, connection parameters, etc. + +```ansible-playbook -i hosts_devel deploy.yml``` + +```ansible-playbook -i hosts_preprod deploy.yml``` + +```ansible-playbook -i hosts_prod deploy.yml``` + +Hooks: Custom tasks +------------------- + +You will typically need to reload your webserver after the `Symlink` step, or download your dependencies before `Code update` or even do it in production before the `Symlink`. So, in order to perform your custom tasks you have some hooks that Ansistrano will execute before and after each of the main 3 steps. **This is the main benefit against other similar deployment roles.** + +``` +-- /my-local-machine/my-app.com +|-- hosts +|-- deploy.yml +|-- my-custom-tasks +| |-- before-code-update.yml +| |-- after-code-update.yml +| |-- before-symlink.yml +| |-- after-symlink.yml +| |-- before-cleanup.yml +| |-- after-cleanup.yml +``` + +For example, in order to restart apache after `Symlink` step, we'll add in the `after-symlink.yml` + +``` +- name: Restart Apache + service: name=httpd state=reloaded +``` + +* **Q: Where would you add sending email notification after a deployment?** +* **Q: (for PHP and Symfony developers) Where would you clean the cache?** + +You can specify a custom tasks file for before and after every step using `ansistrano_before_*_tasks_file` and `ansistrano_after_*_tasks_file` role variables. See "Role Variables" for more information. + +Variables in custom tasks +------------------------- + +When writing your custom tasks files you may need some variables that Ansistrano makes available to you: + +* ```{{ ansistrano_release_path.stdout }}```: Path to current deployment release (probably the one you are going to use the most) +* ```{{ ansistrano_releases_path }}```: Path to releases folder +* ```{{ ansistrano_shared_path }}```: Path to shared folder (where common releases assets can be stored) +* ```{{ ansistrano_release_version }}```: Relative directory name for the release (by default equals to the current timestamp in UTC timezone) + +Pruning old releases +-------------------- + +In continuous delivery environments, you will possibly have a high number of releases in production. Maybe you have tons of space and you don't mind, but it's common practice to keep just a custom number of releases. + +After the deployment, if you want to remove old releases just set the `ansistrano_keep_releases` variable to the total number of releases you want to keep. + +Let's see three deployments with an `ansistrano_keep_releases: 2` configuration: + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100509145325 +|-- releases +| |-- 20100509145325 +|-- shared +``` + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100509150741 +|-- releases +| |-- 20100509150741 +| |-- 20100509145325 +|-- shared +``` + +``` +-- /var/www/my-app.com +|-- current -> /var/www/my-app.com/releases/20100512131539 +|-- releases +| |-- 20100512131539 +| |-- 20100509150741 +|-- shared +``` + +See how the release `20100509145325` has been removed. + +Example Playbook +---------------- + +In the folder, `example` you can check an example project that shows how to deploy a small application with Ansistrano. + +In order to run it, you will need to have Vagrant and the ansistrano roles installed. Please check https://www.vagrantup.com for more information about Vagrant and our Installation section. + +``` +$ cd example/my-playbook +$ vagrant up +$ ansible-playbook -i hosts deploy.yml +``` + +And after running these commands, the index.html located in the `my-app` folder will be deployed to both vagrant boxes + +In order to test the rollback playbook, you will need to run deploy.yml at least twice (so that there is something to rollback to). And once this is done, you only need to run + +``` +$ ansible-playbook -i hosts rollback.yml +``` + +You can check more advanced examples inside the test folder which are run against Travis-CI + +Sample projects +--------------- + +We have added Ansistrano support for other projects we are working on. + +* LastWishes: Domain-Driven Design PHP Sample App: https://github.com/dddinphp/last-wishes + +As an example, see the execution log of the LastWishes deployment: + +``` +PLAY [Deploy last wishes app to my server] ************************************ + +GATHERING FACTS *************************************************************** +ok: [quepimquepam.com] + +TASK: [ansistrano.deploy | Ensure deployment base path exists] *** +ok: [quepimquepam.com] + +TASK: [ansistrano.deploy | Ensure releases folder exists] *** +ok: [quepimquepam.com] + +TASK: [ansistrano.deploy | Ensure shared elements folder exists] *** +ok: [quepimquepam.com] + +TASK: [ansistrano.deploy | Get release timestamp] *********** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Get release path] **************** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Get releases path] *************** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Get shared path (in rsync case)] *** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Rsync application files to remote shared copy (in rsync case)] *** +changed: [quepimquepam.com -> 127.0.0.1] + +TASK: [ansistrano.deploy | Deploy existing code to servers] *** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Deploy existing code to remote servers] *** +skipping: [quepimquepam.com] + +TASK: [ansistrano.deploy | Update remote repository] ******** +skipping: [quepimquepam.com] + +TASK: [ansistrano.deploy | Export a copy of the repo] ******* +skipping: [quepimquepam.com] + +TASK: [ansistrano.deploy | Deploy code from to servers] ***** +skipping: [quepimquepam.com] + +TASK: [ansistrano.deploy | Copy release version into REVISION file] *** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Touches up the release code] ***** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Change softlink to new release] *** +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Reload Apache] ******************* +changed: [quepimquepam.com] + +TASK: [ansistrano.deploy | Clean up releases] *************** +skipping: [quepimquepam.com] + +PLAY RECAP ******************************************************************** +quepimquepam.com : ok=14 changed=10 unreachable=0 failed=0 +``` + +They're talking about us +------------------------ + +* [Pablo Godel - Deploying Symfony - Symfony Cat 2016](https://youtu.be/K2bBhrkmpSg?t=26m) +* [https://www.artansoft.com/2016/05/deploy-de-proyectos-php-ansistrano/](https://www.artansoft.com/2016/05/deploy-de-proyectos-php-ansistrano/) +* [http://alexmoreno.net/ansistrano-deploying-drupal-ansible](http://alexmoreno.net/ansistrano-deploying-drupal-ansible) +* [http://www.ricardclau.com/2015/10/deploying-php-applications-with-ansistrano/](http://www.ricardclau.com/2015/10/deploying-php-applications-with-ansistrano/) +* [http://es.slideshare.net/OrestesCA/ansible-intro-ansible-barcelona-user-group-june-2015](http://es.slideshare.net/OrestesCA/ansible-intro-ansible-barcelona-user-group-june-2015) +* [http://carlosbuenosvinos.com/deploying-symfony-and-php-apps-with-ansistrano/](http://carlosbuenosvinos.com/deploying-symfony-and-php-apps-with-ansistrano/) +* [https://www.youtube.com/watch?v=CPz5zPzzMZE](https://www.youtube.com/watch?v=CPz5zPzzMZE) +* [https://github.com/cbrunnkvist/ansistrano-symfony-deploy](https://github.com/cbrunnkvist/ansistrano-symfony-deploy) +* [https://www.reddit.com/r/ansible/comments/2ezzz5/rapid_rollback_with_ansible/](https://www.reddit.com/r/ansible/comments/2ezzz5/rapid_rollback_with_ansible/) +* [Cookiecutting Ansible for Django](https://hacksoft.io/blog/cookiecutting-django-ansible/) +* [Deploying PHP applications with Ansible, Ansible Vault and Ansistrano](https://www.oliverdavies.uk/talks/deploying-php-ansible-ansistrano) + +License +------- + +MIT + +Other resources +--------------- + +* [Thoughts on deploying with Ansible](http://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/) +* [Docker image](https://hub.docker.com/r/lavoweb/ansistrano/) diff --git a/roles/ansistrano.deploy/ansible.cfg b/roles/ansistrano.deploy/ansible.cfg new file mode 100644 index 0000000..5a5b553 --- /dev/null +++ b/roles/ansistrano.deploy/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ../ \ No newline at end of file diff --git a/roles/ansistrano.deploy/defaults/main.yml b/roles/ansistrano.deploy/defaults/main.yml new file mode 100644 index 0000000..536df02 --- /dev/null +++ b/roles/ansistrano.deploy/defaults/main.yml @@ -0,0 +1,90 @@ +--- +# Path where the code to deploy is +ansistrano_deploy_from: "{{ playbook_dir }}/" + +# Path where the code must be deployed to +ansistrano_deploy_to: "/var/www/my-app" + +# Folder name for the releases +ansistrano_version_dir: "releases" + +# Full path to the releases +ansistrano_releases_path: "{{ ansistrano_deploy_to }}/{{ ansistrano_version_dir }}" + +# Full path to the shared path folder +ansistrano_shared_path: "{{ ansistrano_deploy_to }}/shared" + +# Softlink name for the current release +ansistrano_current_dir: "current" + +# Current directory deployment strategy +ansistrano_current_via: "symlink" + +# Shared paths to symlink to release dir +ansistrano_shared_paths: [] + +# Shared files to symlink to release dir +ansistrano_shared_files: [] + +# Shared paths and basedir shared files creation +ansistrano_ensure_shared_paths_exist: yes +ansistrano_ensure_basedirs_shared_files_exist: yes + +# Number of releases to keep in your hosts, if 0, unlimited releases will be kept +ansistrano_keep_releases: 0 + +# Deployment strategies variables + +# Due to runtime variable evaluation, the ansistrano_deploy_via default is actually +# defined in update-code.yml instead of this file. You can still override it in your +# playbook as needed. +# ansistrano_deploy_via: "rsync" + +# Directory name for the checked out repository +ansistrano_repo_dir: "repo" + +## GIT pull strategy +ansistrano_git_repo: git@github.com:USERNAME/REPO.git +ansistrano_git_branch: master +ansistrano_git_repo_tree: "" +ansistrano_git_identity_key_path: "" +ansistrano_git_identity_key_remote_path: "" +ansistrano_git_identity_key_shred: true + +## SVN pull strategy +ansistrano_svn_repo: "https://svn.company.com/project" +ansistrano_svn_branch: "trunk" +ansistrano_svn_revision: "HEAD" +ansistrano_svn_username: "user" +ansistrano_svn_password: "Pa$$word" +ansistrano_svn_environment: {} + +## HG pull strategy +ansistrano_hg_repo: "https://USERNAME@bitbucket.org/USERNAME/REPO" +ansistrano_hg_branch: "default" + +## RSYNC push strategy +# ansistrano_rsync_extra_params: "" +## put user@ for the remote paths. If you have a custom ssh config to define +## the remote user for a host that does not match the inventory user, +## you should set this parameter to "no". +ansistrano_rsync_set_remote_user: yes + +## Download strategy +ansistrano_get_url: https://github.com/someproject/somearchive.tar.gz + +## S3 get strategy +ansistrano_s3_bucket: s3bucket +ansistrano_s3_object: s3object.tgz +ansistrano_s3_region: eu-west-1 +ansistrano_s3_rgw: false + +## Sends anonymous stats to the www.ansistrano.com servers +## You can disallow it by just setting this parameter to "no" in your playbook +ansistrano_allow_anonymous_stats: yes + +ansistrano_unarchive_owner: "default" +ansistrano_unarchive_group: "default" +## Exclude some files or directory +## * is allowed (ex: *.pdf, *.docx) +ansistrano_unarchive_exclude: [] diff --git a/roles/ansistrano.deploy/meta/.galaxy_install_info b/roles/ansistrano.deploy/meta/.galaxy_install_info new file mode 100644 index 0000000..d74d5a6 --- /dev/null +++ b/roles/ansistrano.deploy/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: lun. 02 mai 2022 13:35:39 +version: 3.11.0 diff --git a/roles/ansistrano.deploy/meta/main.yml b/roles/ansistrano.deploy/meta/main.yml new file mode 100644 index 0000000..ad89d30 --- /dev/null +++ b/roles/ansistrano.deploy/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: ansistrano + description: Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a Capistrano style + company: Ansistrano + license: MIT + min_ansible_version: 2.6 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: Amazon + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - cloud + - web + - deploy + - deployment +dependencies: [] diff --git a/roles/ansistrano.deploy/tasks/anon-stats.yml b/roles/ansistrano.deploy/tasks/anon-stats.yml new file mode 100644 index 0000000..a98daf8 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/anon-stats.yml @@ -0,0 +1,16 @@ +--- +# Sends anonymous stats if the user is ok with it +- name: ANSISTRANO | Send anonymous stats + uri: + url: https://ansistrano.com/deploy + follow_redirects: all + method: POST + timeout: 5 + body: "deploy_via={{ ansistrano_deploy_via | default('rsync') }}&version={{ ansible_version.string }}" + headers: + Content-Type: "application/x-www-form-urlencoded" + when: ansistrano_allow_anonymous_stats|bool + run_once: true + ignore_errors: yes + delegate_to: 127.0.0.1 + become: false diff --git a/roles/ansistrano.deploy/tasks/cleanup.yml b/roles/ansistrano.deploy/tasks/cleanup.yml new file mode 100644 index 0000000..3231194 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/cleanup.yml @@ -0,0 +1,5 @@ +--- +# Clean up releases +- name: ANSISTRANO | Clean up releases + shell: ls -1dt {{ ansistrano_releases_path }}/* | tail -n +{{ ansistrano_keep_releases | int + 1 }} | xargs rm -rf + when: ansistrano_keep_releases | int > 0 diff --git a/roles/ansistrano.deploy/tasks/empty.yml b/roles/ansistrano.deploy/tasks/empty.yml new file mode 100644 index 0000000..ca79f30 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/empty.yml @@ -0,0 +1,2 @@ +# This file is intentionally left empty and it is used in those Capistrano flow steps +# where you don't need to execute any custom tasks \ No newline at end of file diff --git a/roles/ansistrano.deploy/tasks/funding.yml b/roles/ansistrano.deploy/tasks/funding.yml new file mode 100644 index 0000000..cc2c79f --- /dev/null +++ b/roles/ansistrano.deploy/tasks/funding.yml @@ -0,0 +1,8 @@ +--- +- name: Thanks to all our generous sponsors! + debug: + msg: "Ansistrano is funded by: Rigor Guild, Holaluz" + +- name: Please consider sponsoring Ansistrano + debug: + msg: If Ansistrano is saving money for your company, please visit https://github.com/sponsors/ansistrano and consider a small donation! diff --git a/roles/ansistrano.deploy/tasks/main.yml b/roles/ansistrano.deploy/tasks/main.yml new file mode 100644 index 0000000..0cced59 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- include_tasks: "{{ ansistrano_before_setup_tasks_file | default('empty.yml') }}" + +- include_tasks: setup.yml + +- include_tasks: "{{ ansistrano_after_setup_tasks_file | default('empty.yml') }}" + +- include_tasks: "{{ ansistrano_before_update_code_tasks_file | default('empty.yml') }}" + +- include_tasks: update-code.yml + +- include_tasks: "{{ ansistrano_after_update_code_tasks_file | default('empty.yml') }}" + +- include_tasks: "{{ ansistrano_before_symlink_shared_tasks_file | default('empty.yml') }}" + +- include_tasks: symlink-shared.yml + +- include_tasks: "{{ ansistrano_after_symlink_shared_tasks_file | default('empty.yml') }}" + +- include_tasks: "{{ ansistrano_before_symlink_tasks_file | default('empty.yml') }}" + +- include_tasks: symlink.yml + when: ansistrano_current_via == "symlink" + +- include_tasks: rsync-deploy.yml + when: ansistrano_current_via == "rsync" + +- include_tasks: "{{ ansistrano_after_symlink_tasks_file | default('empty.yml') }}" + +- include_tasks: "{{ ansistrano_before_cleanup_tasks_file | default('empty.yml') }}" + +- include_tasks: cleanup.yml + +- include_tasks: "{{ ansistrano_after_cleanup_tasks_file | default('empty.yml') }}" + +- include_tasks: anon-stats.yml + +- include_tasks: funding.yml diff --git a/roles/ansistrano.deploy/tasks/rsync-deploy.yml b/roles/ansistrano.deploy/tasks/rsync-deploy.yml new file mode 100644 index 0000000..405779b --- /dev/null +++ b/roles/ansistrano.deploy/tasks/rsync-deploy.yml @@ -0,0 +1,41 @@ +--- + +# Migration check from symlink deployment +- name: ANSISTRANO | Get current folder + stat: + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + register: stat_current_dir + +- name: ANSISTRANO | Remove current folder if it's a symlink + file: + state: absent + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + when: stat_current_dir.stat.islnk is defined and stat_current_dir.stat.islnk + +# Perform rsync deployment +- name: ANSISTRANO | Ensure current folder is a directory + file: + state: directory + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + +- name: ANSISTRANO | Sync release to new current path + command: rsync -a -F --no-times --delete-after "{{ ansistrano_release_path.stdout }}/" "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}/" + +# Ensure symlinks target paths is absent +- name: ANSISTRANO | Ensure shared paths targets are absent + file: + state: absent + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}/{{ item }}" + with_flattened: + - "{{ ansistrano_shared_paths }}" + - "{{ ansistrano_shared_files }}" + +# Symlinks shared paths +- name: ANSISTRANO | Create softlinks for shared paths + file: + state: link + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}/{{ item }}" + src: "{{ item | regex_replace('[^\\/]+', '..') }}/shared/{{ item }}" + with_flattened: + - "{{ ansistrano_shared_paths }}" + - "{{ ansistrano_shared_files }}" diff --git a/roles/ansistrano.deploy/tasks/setup.yml b/roles/ansistrano.deploy/tasks/setup.yml new file mode 100644 index 0000000..ca8bf07 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/setup.yml @@ -0,0 +1,32 @@ +--- +# Setup folders +- name: ANSISTRANO | Ensure deployment base path exists + file: + state: directory + path: "{{ ansistrano_deploy_to }}" + +- name: ANSISTRANO | Ensure releases folder exists + file: + state: directory + path: "{{ ansistrano_releases_path }}" + +- name: ANSISTRANO | Ensure shared elements folder exists + file: + state: directory + path: "{{ ansistrano_shared_path }}" + +# Ensure shared path exists +- name: ANSISTRANO | Ensure shared paths exists + file: + state: directory + path: "{{ ansistrano_shared_path }}/{{ item }}" + with_items: "{{ ansistrano_shared_paths }}" + when: ansistrano_ensure_shared_paths_exist|bool + +# Ensure basedir shared files exists +- name: ANSISTRANO | Ensure basedir shared files exists + file: + state: directory + path: "{{ ansistrano_shared_path }}/{{ item | dirname }}" + with_items: "{{ ansistrano_shared_files }}" + when: ansistrano_ensure_basedirs_shared_files_exist|bool diff --git a/roles/ansistrano.deploy/tasks/symlink-shared.yml b/roles/ansistrano.deploy/tasks/symlink-shared.yml new file mode 100644 index 0000000..7eccdc5 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/symlink-shared.yml @@ -0,0 +1,33 @@ +--- +# Ensure symlinks target paths is absent +# This was removed in 1.7.3 to improve speed but it introduced regressions in cases where +# there are .gitkeep files in such folders (common practice in some PHP frameworks) +- name: ANSISTRANO | Ensure shared paths targets are absent + file: + state: absent + path: "{{ ansistrano_release_path.stdout }}/{{ item }}" + loop: "{{ (ansistrano_shared_paths | flatten ) + (ansistrano_shared_files | flatten) }}" + +# Symlinks shared paths and files +- name: ANSISTRANO | Create softlinks for shared paths and files + file: + state: link + path: "{{ ansistrano_release_path.stdout }}/{{ item }}" + src: "{{ item | regex_replace('[^\\/]+', '..') }}/../shared/{{ item }}" + loop: "{{ (ansistrano_shared_paths | flatten ) + (ansistrano_shared_files | flatten) }}" + +# Remove previous .rsync-filter file (rsync current deployment) +- name: ANSISTRANO | Ensure .rsync-filter is absent + file: + state: absent + path: "{{ ansistrano_release_path.stdout }}/.rsync-filter" + when: ansistrano_current_via == "rsync" + +# Setup .rsync-filter file for current rsync deployment (exclude shared folders for rsync current deployment) +- name: ANSISTRANO | Setup .rsync-filter with shared-folders + lineinfile: + dest: "{{ ansistrano_release_path.stdout }}/.rsync-filter" + line: "- /{{ item }}" + create: yes + loop: "{{ (ansistrano_shared_paths | flatten ) + (ansistrano_shared_files | flatten) }}" + when: ansistrano_current_via == "rsync" diff --git a/roles/ansistrano.deploy/tasks/symlink.yml b/roles/ansistrano.deploy/tasks/symlink.yml new file mode 100644 index 0000000..8846bc3 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/symlink.yml @@ -0,0 +1,20 @@ +--- + +# Migration check from rsync deployment +- name: ANSISTRANO | Get current folder + stat: + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + register: stat_current_dir + +- name: ANSISTRANO | Remove current folder if it's a directory + file: + state: absent + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + when: stat_current_dir.stat.isdir is defined and stat_current_dir.stat.isdir + +# Performs symlink exchange +- name: ANSISTRANO | Change softlink to new release + file: + state: link + path: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}" + src: "./{{ ansistrano_version_dir }}/{{ ansistrano_release_version }}" diff --git a/roles/ansistrano.deploy/tasks/update-code.yml b/roles/ansistrano.deploy/tasks/update-code.yml new file mode 100644 index 0000000..57a8403 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code.yml @@ -0,0 +1,27 @@ +--- +# Update code deployment step +- name: ANSISTRANO | Get release version + set_fact: + ansistrano_release_version: "{{ lookup('pipe', 'date -u +%Y%m%d%H%M%SZ') }}" + run_once: true + when: ansistrano_release_version is not defined + delegate_to: 127.0.0.1 + +- name: ANSISTRANO | Get release path + command: echo "{{ ansistrano_releases_path }}/{{ ansistrano_release_version }}" + check_mode: no + register: ansistrano_release_path + +- include_tasks: "update-code/{{ ansistrano_deploy_via | default('rsync') }}.yml" + +- name: ANSISTRANO | Copy release version into REVISION file + copy: + content: "{{ ansistrano_release_version }}" + dest: "{{ ansistrano_release_path.stdout }}/REVISION" + when: ansistrano_git_result is not defined + +- name: ANSISTRANO | Copy git released version into REVISION file + copy: + content: "{{ ansistrano_git_result.after }}" + dest: "{{ ansistrano_release_path.stdout }}/REVISION" + when: ansistrano_git_result is defined diff --git a/roles/ansistrano.deploy/tasks/update-code/copy.yml b/roles/ansistrano.deploy/tasks/update-code/copy.yml new file mode 100644 index 0000000..3326bda --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/copy.yml @@ -0,0 +1,10 @@ +--- +- name: ANSISTRANO | SCP | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | SCP | Deploy existing code to remote servers + copy: + src: "{{ ansistrano_deploy_from }}" + dest: "{{ ansistrano_release_path.stdout }}" diff --git a/roles/ansistrano.deploy/tasks/update-code/copy_unarchive.yml b/roles/ansistrano.deploy/tasks/update-code/copy_unarchive.yml new file mode 100644 index 0000000..981caff --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/copy_unarchive.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: copy.yml + +- name: ANSISTRANO | copy_unarchive | Set archived file + set_fact: + ansistrano_archived_file: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_deploy_from | basename }}" + +- include_tasks: unarchive.yml diff --git a/roles/ansistrano.deploy/tasks/update-code/download.yml b/roles/ansistrano.deploy/tasks/update-code/download.yml new file mode 100644 index 0000000..11bd26e --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/download.yml @@ -0,0 +1,13 @@ +--- +- name: ANSISTRANO | download | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +# We should be able to remove default(omit) filters and add defaults once we deprecate Ansible 1.9 +- name: ANSISTRANO | download | Download artifact + get_url: + url: "{{ ansistrano_get_url }}" + dest: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_get_url | urlsplit('path') | basename }}" + force_basic_auth: "{{ ansistrano_download_force_basic_auth | default(omit) }}" + headers: "{{ ansistrano_download_headers | default(omit) }}" diff --git a/roles/ansistrano.deploy/tasks/update-code/download_unarchive.yml b/roles/ansistrano.deploy/tasks/update-code/download_unarchive.yml new file mode 100644 index 0000000..01bc638 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/download_unarchive.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: download.yml + +- name: ANSISTRANO | download_unarchive | Set archived file + set_fact: + ansistrano_archived_file: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_get_url | urlsplit('path') | basename }}" + +- include_tasks: unarchive.yml diff --git a/roles/ansistrano.deploy/tasks/update-code/gcs.yml b/roles/ansistrano.deploy/tasks/update-code/gcs.yml new file mode 100644 index 0000000..331b395 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/gcs.yml @@ -0,0 +1,15 @@ +--- +- name: ANSISTRANO | GC storage | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | GC storage | Get object from GC storage + gc_storage: + bucket: "{{ ansistrano_gcs_bucket }}" + object: "{{ ansistrano_gcs_object }}" + region: "{{ ansistrano_gcs_region }}" + gs_access_key: "{{ ansistrano_gcs_access_key | default(omit) }}" + gs_secret_key: "{{ ansistrano_gcs_secret_key | default(omit) }}" + dest: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_gcs_object | basename }}" + mode: get \ No newline at end of file diff --git a/roles/ansistrano.deploy/tasks/update-code/gcs_unarchive.yml b/roles/ansistrano.deploy/tasks/update-code/gcs_unarchive.yml new file mode 100644 index 0000000..6a92cef --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/gcs_unarchive.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: gcs.yml + +- name: ANSISTRANO | gcs_unarchive | Set archived file + set_fact: + ansistrano_archived_file: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_gcs_object | basename }}" + +- include_tasks: unarchive.yml \ No newline at end of file diff --git a/roles/ansistrano.deploy/tasks/update-code/git.yml b/roles/ansistrano.deploy/tasks/update-code/git.yml new file mode 100644 index 0000000..f16ee3a --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/git.yml @@ -0,0 +1,76 @@ +--- +- name: ANSISTRANO | GIT | Ensure GIT deployment key is up to date (local key file) + copy: + src: "{{ ansistrano_git_identity_key_path }}" + dest: "{{ ansistrano_deploy_to }}/git_identity_key" + mode: 0400 + when: ansistrano_git_identity_key_path|trim + +- name: ANSISTRANO | GIT | Ensure GIT deployment key is up to date (remote key file) + copy: + remote_src: true + src: "{{ ansistrano_git_identity_key_remote_path }}" + dest: "{{ ansistrano_deploy_to }}/git_identity_key" + mode: 0400 + when: ansistrano_git_identity_key_remote_path|trim + +- name: ANSISTRANO | GIT | Update remote repository + git: + repo: "{{ ansistrano_git_repo }}" + dest: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}" + version: "{{ ansistrano_git_branch }}" + accept_hostkey: true + update: yes + force: yes + ssh_opts: "{{ ansistrano_git_ssh_opts | default(omit) }}" + refspec: "{{ ansistrano_git_refspec | default(omit) }}" + depth: "{{ ansistrano_git_depth | default(omit) }}" + executable: "{{ ansistrano_git_executable | default(omit) }}" + register: ansistrano_git_result_update + when: not ansistrano_git_identity_key_path|trim and not ansistrano_git_identity_key_remote_path|trim + +- name: ANSISTRANO | GIT | Update remote repository using SSH key + git: + repo: "{{ ansistrano_git_repo }}" + dest: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}" + version: "{{ ansistrano_git_branch }}" + accept_hostkey: true + update: yes + force: yes + ssh_opts: "{{ ansistrano_git_ssh_opts | default(omit) }}" + refspec: "{{ ansistrano_git_refspec | default(omit) }}" + depth: "{{ ansistrano_git_depth | default(omit) }}" + key_file: "{{ ansistrano_deploy_to }}/git_identity_key" + executable: "{{ ansistrano_git_executable | default(omit) }}" + register: ansistrano_git_result_update_ssh + when: ansistrano_git_identity_key_path|trim or ansistrano_git_identity_key_remote_path|trim + +- name: ANSISTRANO | GIT | Register ansistrano_git_result variable + set_fact: ansistrano_git_result={{ ansistrano_git_result_update_ssh if ansistrano_git_result_update is skipped else ansistrano_git_result_update }} + +- name: ANSISTRANO | GIT | Shred GIT deployment key + command: shred -f "{{ ansistrano_deploy_to }}/git_identity_key" + when: (ansistrano_git_identity_key_path|trim or ansistrano_git_identity_key_remote_path|trim) and ansistrano_git_identity_key_shred|bool == true + +- name: ANSISTRANO | GIT | Set git_real_repo_tree + set_fact: + ansistrano_git_real_repo_tree: "{{ ansistrano_git_repo_tree | trim | regex_replace('^[/]*', '') | regex_replace('[/]*$', '') }}" + +- name: ANSISTRANO | GIT | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | GIT | Sync repo subtree["{{ ansistrano_git_real_repo_tree }}"] to release path + shell: >- + { + git ls-files -z --with-tree="{{ ansistrano_git_branch }}" | tr '\0' '\n'; + git submodule foreach --recursive | sed -n -e "s/^Entering '\(.*\)'$/\1/p" | while read -r line; do (cd "$line"; git ls-files -z | tr "\0" "\n" | sed "s#^#$line/#"; cd $OLDPWD); done + } + | grep "^$prefix" + | sed "s#^$prefix/##" + | rsync -a --files-from=- "./$prefix/" {{ ansistrano_release_path.stdout }}/ + args: + chdir: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}/" + environment: + prefix: "{{ ansistrano_git_real_repo_tree }}" diff --git a/roles/ansistrano.deploy/tasks/update-code/hg.yml b/roles/ansistrano.deploy/tasks/update-code/hg.yml new file mode 100644 index 0000000..9171a31 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/hg.yml @@ -0,0 +1,18 @@ +--- +- name: ANSISTRANO | HG | Update remote repository + hg: + repo: "{{ ansistrano_hg_repo }}" + dest: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}" + revision: "{{ ansistrano_hg_branch }}" + force: yes + register: ansistrano_hg_result + +- name: ANSISTRANO | HG | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | HG | Sync repo to release path + command: "hg archive -r {{ ansistrano_hg_branch }} {{ ansistrano_release_path.stdout }}" + args: + chdir: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}/" diff --git a/roles/ansistrano.deploy/tasks/update-code/rsync.yml b/roles/ansistrano.deploy/tasks/update-code/rsync.yml new file mode 100644 index 0000000..a3b29ae --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/rsync.yml @@ -0,0 +1,21 @@ +--- +- name: ANSISTRANO | RSYNC | Get shared path (in rsync case) + command: echo "{{ ansistrano_shared_path }}/.shared-copy" + check_mode: no + register: ansistrano_shared_rsync_copy_path + +- name: ANSISTRANO | RSYNC | Rsync application files to remote shared copy + synchronize: + src: "{{ ansistrano_deploy_from }}" + dest: "{{ ansistrano_shared_rsync_copy_path.stdout }}" + set_remote_user: "{{ ansistrano_rsync_set_remote_user }}" + recursive: yes + delete: yes + archive: yes + compress: yes + use_ssh_args: "{{ ansistrano_rsync_use_ssh_args | default(omit) }}" + rsync_opts: "{{ ansistrano_rsync_extra_params | default(omit) }}" + rsync_path: "{{ ansistrano_rsync_path | default(omit) }}" + +- name: ANSISTRANO | RSYNC | Deploy existing code to servers + command: cp -a {{ ansistrano_shared_rsync_copy_path.stdout }} {{ ansistrano_release_path.stdout }} diff --git a/roles/ansistrano.deploy/tasks/update-code/rsync_direct.yml b/roles/ansistrano.deploy/tasks/update-code/rsync_direct.yml new file mode 100644 index 0000000..b9a5840 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/rsync_direct.yml @@ -0,0 +1,13 @@ +--- +- name: ANSISTRANO | RSYNC DIRECT | Rsync application files directly to remote release path + synchronize: + src: "{{ ansistrano_deploy_from }}" + dest: "{{ ansistrano_release_path.stdout }}" + set_remote_user: "{{ ansistrano_rsync_set_remote_user }}" + recursive: yes + delete: yes + archive: yes + compress: yes + use_ssh_args: "{{ ansistrano_rsync_use_ssh_args | default(omit) }}" + rsync_opts: "{{ ansistrano_rsync_extra_params | default(omit) }}" + rsync_path: "{{ ansistrano_rsync_path | default(omit) }}" diff --git a/roles/ansistrano.deploy/tasks/update-code/s3.yml b/roles/ansistrano.deploy/tasks/update-code/s3.yml new file mode 100644 index 0000000..205051b --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/s3.yml @@ -0,0 +1,32 @@ +--- +- name: ANSISTRANO | S3 | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | S3 | Get object from S3 + aws_s3: + bucket: "{{ ansistrano_s3_bucket }}" + object: "{{ ansistrano_s3_object }}" + dest: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_s3_object | basename }}" + mode: get + region: "{{ ansistrano_s3_region }}" + aws_access_key: "{{ ansistrano_s3_aws_access_key | default(omit) }}" + aws_secret_key: "{{ ansistrano_s3_aws_secret_key | default(omit) }}" + ignore_nonexistent_bucket: "{{ ansistrano_s3_ignore_nonexistent_bucket | default(omit) }}" + when: not ansistrano_s3_rgw + +- name: ANSISTRANO | S3 | Get object from Ceph RGW + aws_s3: + rgw: true + s3_url: "{{ ansistrano_s3_url }}" + encrypt: "{{ ansistrano_s3_encrypt | default(false) }}" + bucket: "{{ ansistrano_s3_bucket }}" + object: "{{ ansistrano_s3_object }}" + dest: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_s3_object | basename }}" + mode: get + aws_access_key: "{{ ansistrano_s3_aws_access_key | default(omit) }}" + aws_secret_key: "{{ ansistrano_s3_aws_secret_key | default(omit) }}" + region: "{{ ansistrano_s3_region | default(omit) }}" + ignore_nonexistent_bucket: "{{ ansistrano_s3_ignore_nonexistent_bucket | default(omit) }}" + when: ansistrano_s3_rgw diff --git a/roles/ansistrano.deploy/tasks/update-code/s3_unarchive.yml b/roles/ansistrano.deploy/tasks/update-code/s3_unarchive.yml new file mode 100644 index 0000000..36b6b16 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/s3_unarchive.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: s3.yml + +- name: ANSISTRANO | s3_unarchive | Set archived file + set_fact: + ansistrano_archived_file: "{{ ansistrano_release_path.stdout }}/{{ ansistrano_s3_object | basename }}" + +- include_tasks: unarchive.yml \ No newline at end of file diff --git a/roles/ansistrano.deploy/tasks/update-code/svn.yml b/roles/ansistrano.deploy/tasks/update-code/svn.yml new file mode 100644 index 0000000..6b695cc --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/svn.yml @@ -0,0 +1,31 @@ +--- +- name: ANSISTRANO | SVN | Update remote repository + subversion: + repo: "{{ ansistrano_svn_repo }}/{{ ansistrano_svn_branch }}" + dest: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}" + revision: "{{ ansistrano_svn_revision }}" + username: "{{ ansistrano_svn_username }}" + password: "{{ ansistrano_svn_password }}" + force: yes + environment: "{{ ansistrano_svn_environment }}" + register: ansistrano_svn_result_update + +- name: ANSISTRANO | SVN | Register ansistrano_svn_result variable + set_fact: ansistrano_svn_result={{ ansistrano_svn_result_update }} + +- name: ANSISTRANO | SVN | Create release folder + file: + state: directory + path: "{{ ansistrano_release_path.stdout }}" + +- name: ANSISTRANO | SVN | Copy repo to release path + subversion: + repo: "{{ ansistrano_deploy_to }}/{{ ansistrano_repo_dir }}" + dest: "{{ ansistrano_release_path.stdout }}" + revision: "{{ ansistrano_svn_revision }}" + username: "{{ ansistrano_svn_username }}" + password: "{{ ansistrano_svn_password }}" + export: yes + force: yes + environment: "{{ ansistrano_svn_environment }}" + register: ansistrano_svn_result_export diff --git a/roles/ansistrano.deploy/tasks/update-code/unarchive.yml b/roles/ansistrano.deploy/tasks/update-code/unarchive.yml new file mode 100644 index 0000000..c127eb1 --- /dev/null +++ b/roles/ansistrano.deploy/tasks/update-code/unarchive.yml @@ -0,0 +1,32 @@ +--- +- name: ANSISTRANO | Unarchive | Unarchive source + unarchive: + copy: no + src: "{{ ansistrano_archived_file }}" + dest: "{{ ansistrano_release_path.stdout }}" + exclude: "{{ ansistrano_unarchive_exclude }}" + when: ansistrano_unarchive_owner == "default" and ansistrano_unarchive_group == "default" + +- name: ANSISTRANO | Unarchive | Unarchive source + fail: + msg: "must set ansistrano_unarchive_group and ansistrano_unarchive_owner" + when: > + (ansistrano_unarchive_owner == "default" and ansistrano_unarchive_group != "default") or + (ansistrano_unarchive_owner != "default" and ansistrano_unarchive_group == "default") + +- name: ANSISTRANO | Unarchive | Unarchive source with owner and group + unarchive: + copy: no + src: "{{ ansistrano_archived_file }}" + dest: "{{ ansistrano_release_path.stdout }}" + owner: "{{ ansistrano_unarchive_owner }}" + group: "{{ ansistrano_unarchive_group }}" + exclude: "{{ ansistrano_unarchive_exclude }}" + when: > + ansistrano_unarchive_owner != "default" and + ansistrano_unarchive_group != "default" + +- name: ANSISTRANO | Unarchive | Delete archived file + file: + path: "{{ ansistrano_archived_file }}" + state: absent diff --git a/roles/apt/.travis.yml b/roles/apt/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/apt/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/apt/README.md b/roles/apt/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/apt/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/apt/defaults/main.yml b/roles/apt/defaults/main.yml new file mode 100644 index 0000000..4712147 --- /dev/null +++ b/roles/apt/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for apt diff --git a/roles/apt/handlers/main.yml b/roles/apt/handlers/main.yml new file mode 100644 index 0000000..0944dbd --- /dev/null +++ b/roles/apt/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for apt diff --git a/roles/apt/meta/main.yml b/roles/apt/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/apt/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml new file mode 100644 index 0000000..48f9fea --- /dev/null +++ b/roles/apt/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: "Install dependencies" + ansible.builtin.apt: + name: + - zip + - unzip + - acl + update_cache: true + cache_valid_time: 86400 diff --git a/roles/apt/tests/inventory b/roles/apt/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/apt/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/apt/tests/test.yml b/roles/apt/tests/test.yml new file mode 100644 index 0000000..a56f64e --- /dev/null +++ b/roles/apt/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - apt diff --git a/roles/apt/vars/main.yml b/roles/apt/vars/main.yml new file mode 100644 index 0000000..f6e2657 --- /dev/null +++ b/roles/apt/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for apt diff --git a/roles/mariadb/.travis.yml b/roles/mariadb/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/mariadb/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/mariadb/README.md b/roles/mariadb/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/mariadb/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml new file mode 100644 index 0000000..311d0c6 --- /dev/null +++ b/roles/mariadb/defaults/main.yml @@ -0,0 +1,2 @@ +--- +scope: "prod" diff --git a/roles/mariadb/handlers/main.yml b/roles/mariadb/handlers/main.yml new file mode 100644 index 0000000..49ba9f4 --- /dev/null +++ b/roles/mariadb/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for mariadb diff --git a/roles/mariadb/meta/main.yml b/roles/mariadb/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/mariadb/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml new file mode 100644 index 0000000..8c7fa4a --- /dev/null +++ b/roles/mariadb/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: "Install dependencies" + ansible.builtin.apt: + name: "mariadb-server" + update_cache: true + cache_valid_time: 86400 + +- name: "Create database" + mysql_db: + name: "{{ db_name }}" + +- name: "Create user" + mysql_user: + name: "{{ db_user }}" + password: "{{ db_password }}" + priv: "{{ db_name }}.*:ALL" diff --git a/roles/mariadb/tests/inventory b/roles/mariadb/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/mariadb/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/mariadb/tests/test.yml b/roles/mariadb/tests/test.yml new file mode 100644 index 0000000..cb3f768 --- /dev/null +++ b/roles/mariadb/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - mariadb diff --git a/roles/mariadb/vars/main.yml b/roles/mariadb/vars/main.yml new file mode 100644 index 0000000..618771d --- /dev/null +++ b/roles/mariadb/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for mariadb diff --git a/roles/nginx/.travis.yml b/roles/nginx/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/nginx/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/nginx/README.md b/roles/nginx/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/nginx/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..f065454 --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,3 @@ +--- +gzip: true +scope: prod diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..051152e --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: "Reload Nginx" + ansible.builtin.service: + name: nginx + state: reloaded diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/nginx/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..8644c62 --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,43 @@ +- name: "Install dependencies" + ansible.builtin.apt: + name: "nginx" + update_cache: true + cache_valid_time: 86400 + +- name: "Add gzip snippet" + ansible.builtin.template: + src: gzip.conf + dest: "/etc/nginx/snippets/gzip.conf" + mode: "0640" + notify: + - Reload Nginx + +- name: "Setup Vhost" + ansible.builtin.template: + src: "vhost.conf" + dest: "/etc/nginx/sites-available/projectsend-{{ scope }}.conf" + mode: "0640" + notify: + - Reload Nginx + +- name: "Disable default" + file: + path: "/etc/nginx/sites-enabled/default" + state: absent + notify: + - Reload Nginx + +- name: "Enable Vhost" + ansible.builtin.file: + src: "/etc/nginx/sites-available/projectsend-{{ scope }}.conf" + dest: "/etc/nginx/sites-enabled/projectsend-{{ scope }}.conf" + state: link + notify: + - Reload Nginx + +- name: "Create base dir" + file: + path: "/var/www/{{ scope }}" + owner: www-data + group: www-data + state: directory diff --git a/roles/nginx/templates/gzip.conf b/roles/nginx/templates/gzip.conf new file mode 100644 index 0000000..067fae0 --- /dev/null +++ b/roles/nginx/templates/gzip.conf @@ -0,0 +1,6 @@ +gzip on; +gzip_vary on; +gzip_min_length 10240; +gzip_proxied expired no-cache no-store private auth; +gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; +gzip_disable "MSIE [1-6]\."; diff --git a/vhost.conf b/roles/nginx/templates/vhost.conf similarity index 57% rename from vhost.conf rename to roles/nginx/templates/vhost.conf index 352eed4..6d73af2 100644 --- a/vhost.conf +++ b/roles/nginx/templates/vhost.conf @@ -1,33 +1,26 @@ - -# Default server configuration -# server { listen 80 default_server; listen [::]:80 default_server; - - root /var/www/html/symfony_blog/current/public; - + root /var/www/{{ scope }}/projectsend/current; index index.php; - server_name _; + {% if gzip %} + include /etc/nginx/snippets/gzip.conf; + {% endif %} + location / { - try_files $uri /index.php$is_args$args; + try_files $uri $uri/ /index.php; } - location ~ ^/index\.php(/|$) { + location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; } - location ~ \.php$ { - return 404; - } - - error_log /var/log/nginx/symfony_blog_error.log; - access_log /var/log/nginx/symfony_blog_access.log; + error_log /var/log/nginx/projectsend_{{ scope }}_error.log; + access_log /var/log/nginx/projectsend_{{ scope }}_access.log; } diff --git a/roles/nginx/tests/inventory b/roles/nginx/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/nginx/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/nginx/tests/test.yml b/roles/nginx/tests/test.yml new file mode 100644 index 0000000..261c779 --- /dev/null +++ b/roles/nginx/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - nginx diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml new file mode 100644 index 0000000..d45faf6 --- /dev/null +++ b/roles/nginx/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for nginx diff --git a/roles/nodejs/.travis.yml b/roles/nodejs/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/nodejs/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/nodejs/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml new file mode 100644 index 0000000..9643b90 --- /dev/null +++ b/roles/nodejs/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for nodejs diff --git a/roles/nodejs/handlers/main.yml b/roles/nodejs/handlers/main.yml new file mode 100644 index 0000000..7c65bbd --- /dev/null +++ b/roles/nodejs/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for nodejs diff --git a/roles/nodejs/meta/main.yml b/roles/nodejs/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/nodejs/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml new file mode 100644 index 0000000..179bc64 --- /dev/null +++ b/roles/nodejs/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: "Install dependencies" + ansible.builtin.apt: + name: + - nodejs + - npm + update_cache: true + cache_valid_time: 86400 diff --git a/roles/nodejs/tests/inventory b/roles/nodejs/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/nodejs/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/nodejs/tests/test.yml b/roles/nodejs/tests/test.yml new file mode 100644 index 0000000..eba122b --- /dev/null +++ b/roles/nodejs/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - nodejs diff --git a/roles/nodejs/vars/main.yml b/roles/nodejs/vars/main.yml new file mode 100644 index 0000000..6422ced --- /dev/null +++ b/roles/nodejs/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for nodejs diff --git a/roles/php/.travis.yml b/roles/php/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/php/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/php/README.md b/roles/php/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/php/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml new file mode 100644 index 0000000..0158eb6 --- /dev/null +++ b/roles/php/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for php diff --git a/roles/php/handlers/main.yml b/roles/php/handlers/main.yml new file mode 100644 index 0000000..8b978ea --- /dev/null +++ b/roles/php/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for php diff --git a/roles/php/meta/main.yml b/roles/php/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/php/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml new file mode 100644 index 0000000..983c2bf --- /dev/null +++ b/roles/php/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: "Install dependencies" + ansible.builtin.apt: + name: + - php7.4-fpm + - php7.4-common + - php7.4-curl + - php7.4-intl + - php7.4-mbstring + - php7.4-xmlrpc + - php7.4-mysql + - php7.4-gd + - php7.4-xml + - php7.4-cli + - php7.4-zip + - imagemagick + - php-imagick + - php7.4-bz2 + - php7.4-bcmath + - php7.4-gmp + - composer + update_cache: true + cache_valid_time: 86400 + +- name: "Edit php config" + ini_file: + path: "/etc/php/7.4/fpm/php.ini" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + create: false + loop: + - {section: "PHP", option: "file_uploads", value: "On"} + - {section: "PHP", option: "allow_url_fopen", value: "On"} + - {section: "PHP", option: "short_open_tag", value: "On"} + - {section: "PHP", option: "memory_limit", value: "256M"} + - {section: "PHP", option: "upload_max_filesize", value: "100M"} + - {section: "PHP", option: "max_execution_time", value: "60"} + - {section: "Date", option: "date.timezone", value: "Europe/Paris"} diff --git a/roles/php/tests/inventory b/roles/php/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/php/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/php/tests/test.yml b/roles/php/tests/test.yml new file mode 100644 index 0000000..c2727bb --- /dev/null +++ b/roles/php/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - php diff --git a/roles/php/vars/main.yml b/roles/php/vars/main.yml new file mode 100644 index 0000000..be45ded --- /dev/null +++ b/roles/php/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for php diff --git a/readme.md b/subject.md similarity index 100% rename from readme.md rename to subject.md