Verified Commit 202933fe authored by Tharyrok's avatar Tharyrok
Browse files

Refactore new provision

parent 1c91dfd5
......@@ -124,5 +124,7 @@ pip-selfcheck.json
.vagrant/
src/
contracts/
ansible/playbook-debug.yml
cert-test/
......@@ -17,12 +17,8 @@ Vagrant.configure("2") do |config|
node.vm.hostname = 'backend.ketupa.vagrant.neutri.net'
node.vm.network :private_network, ip: '192.168.33.10'
node.hostsupdater.aliases = [
"ipam.backend.ketupa.neutirnet.be",
"certificates.backend.ketupa.neutirnet.be",
"stats.backend.ketupa.neutirnet.be",
"ketupa.neutirnet.be",
"api.ketupa.neutirnet.be",
"docs.ketupa.neutirnet.be"
"ketupa.vagrant.neutrinet.me",
"api.ketupa.vagrant.neutrinet.me"
]
node.vm.synced_folder "src/", "/home/vagrant/src", type: "nfs", mount_options: ['rw', 'vers=3', 'tcp', 'fsc' ,'actimeo=2']
......@@ -36,6 +32,7 @@ Vagrant.configure("2") do |config|
end
config.vm.provision "ansible_local" do |ansible|
ansible.become = true
ansible.config_file = "/vagrant/ansible/ansible.cfg"
ansible.playbook = "ansible/playbook-ketupa.yml"
ansible.compatibility_mode = "2.0"
......
......@@ -3,3 +3,4 @@ roles_path = /vagrant/ansible/roles:/vagrant/ansible/projetcs
retry_files_enabled = False
host_key_checking = False
interpreter_python = auto_silent
allow_world_readable_tmpfiles = True
\ No newline at end of file
hosts:
- {name: backend.ketupa.vagrant.neutri.net, ip: 192.168.33.10}
- {name: ipam.backend.ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: certificates.backend.ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: stats.backend.ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: api.ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: docs.ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: ketupa.neutirnet.be, ip: 192.168.33.10}
- {name: ketupa.vagrant.neutrinet.me, ip: 192.168.33.10}
- {name: api.ketupa.vagrant.neutrinet.me, ip: 192.168.33.10}
......@@ -8,29 +8,37 @@
pre_tasks:
- name: refresh cache apt
apt: update_cache=yes
apt:
update_cache: yes
- name: Update all packages to the latest version
apt: upgrade=dist
apt:
upgrade: dist
roles:
- commun
tasks:
- include_role: name=nginx
- include_role:
name: nginx
when: inventory_hostname in ['ketupa-backend']
- include_role: name=php_7_4
- include_role:
name: php_7_4
when: inventory_hostname in ['ketupa-backend']
- include_role: name=composer
- include_role:
name: composer
when: inventory_hostname in ['ketupa-backend']
- include_role: name=python
- include_role:
name: python
when: inventory_hostname in ['ketupa-backend']
- include_role: name=postgresql
when: ansible_fqdn in ['backend.ketupa.vagrant.neutri.net']
- include_role: name=backend-certificates
- include_role:
name: postgresql
when: inventory_hostname in ['ketupa-backend']
- include_role: name=backend-ipam
- include_role:
name: frontend
when: inventory_hostname in ['ketupa-backend']
- include_role: name=backend-stats
- include_role:
name: backend
when: inventory_hostname in ['ketupa-backend']
\ No newline at end of file
server {
listen 80;
listen [::]:80;
server_name certificates.backend.ketupa.neutirnet.be;
root /home/vagrant/src/backend/certificates/public;
access_log /var/log/nginx/certificates-backend-ketupa-neutirnet-be-access.log main;
error_log /var/log/nginx/certificates-backend-ketupa-neutirnet-be-error.log;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-certificates-backend-ketupa-neutirnet-be.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 900;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
expires 7d;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
include '/etc/nginx/errors/generic-error.conf';
}
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/certificates
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy: src=certificates-backend-ketupa-neutirnet-be.conf dest=/etc/php/7.4/fpm/pool.d/certificates-backend-ketupa-neutirnet-be.conf owner=root group=root mode="u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: copy virtualhost nginx
copy: src=certificates-backend-ketupa-neutirnet-be.nginx dest=/etc/nginx/sites-available/certificates-backend-ketupa-neutirnet-be owner=root group=root mode="u+rw,g+r,o+r"
notify: restart nginx
- name: enable virtualhost nginx
file: dest=/etc/nginx/sites-enabled/certificates-backend-ketupa-neutirnet-be src=/etc/nginx/sites-available/certificates-backend-ketupa-neutirnet-be state=link
notify: restart nginx
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/ipam
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy: src=ipam-backend-ketupa-neutirnet-be.conf dest=/etc/php/7.4/fpm/pool.d/ipam-backend-ketupa-neutirnet-be.conf owner=root group=root mode="u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: copy virtualhost nginx
copy: src=ipam-backend-ketupa-neutirnet-be.nginx dest=/etc/nginx/sites-available/ipam-backend-ketupa-neutirnet-be owner=root group=root mode="u+rw,g+r,o+r"
notify: restart nginx
- name: enable virtualhost nginx
file: dest=/etc/nginx/sites-enabled/ipam-backend-ketupa-neutirnet-be src=/etc/nginx/sites-available/ipam-backend-ketupa-neutirnet-be state=link
notify: restart nginx
server {
listen 80;
listen [::]:80;
server_name stats.backend.ketupa.neutirnet.be;
root /home/vagrant/src/backend/stats/public;
access_log /var/log/nginx/stats-backend-ketupa-neutirnet-be-access.log main;
error_log /var/log/nginx/stats-backend-ketupa-neutirnet-be-error.log;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-stats-backend-ketupa-neutirnet-be.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 900;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
expires 7d;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
include '/etc/nginx/errors/generic-error.conf';
}
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/stats
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy: src=stats-backend-ketupa-neutirnet-be.conf dest=/etc/php/7.4/fpm/pool.d/stats-backend-ketupa-neutirnet-be.conf owner=root group=root mode="u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: copy virtualhost nginx
copy: src=stats-backend-ketupa-neutirnet-be.nginx dest=/etc/nginx/sites-available/stats-backend-ketupa-neutirnet-be owner=root group=root mode="u+rw,g+r,o+r"
notify: restart nginx
- name: enable virtualhost nginx
file: dest=/etc/nginx/sites-enabled/stats-backend-ketupa-neutirnet-be src=/etc/nginx/sites-available/stats-backend-ketupa-neutirnet-be state=link
notify: restart nginx
server {
listen 80;
listen [::]:80;
server_name api.ketupa.vagrant.neutrinet.me;
access_log /var/log/nginx/api-ketupa-neutrinet-me-access.log main;
error_log /var/log/nginx/api-ketupa-neutrinet-me-error.log;
location / {
return 204 '';
}
location /certificates {
alias /home/vagrant/src/backend/certificates/public;
try_files $uri $uri/ /certificates/index.php?$query_string;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-certificates-api-ketupa-neutrinet-me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
fastcgi_read_timeout 900;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
location /ipam {
alias /home/vagrant/src/backend/ipam/public;
try_files $uri $uri/ /ipam/index.php?$query_string;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-ipam-api-ketupa-neutrinet-me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
fastcgi_read_timeout 900;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
location /stats {
alias /home/vagrant/src/backend/stats/public;
try_files $uri $uri/ /stats/index.php?$query_string;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-stats-api-ketupa-neutrinet-me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
fastcgi_read_timeout 900;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
expires 7d;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
include '/etc/nginx/errors/generic-error.conf';
}
[certificates-backend-ketupa-neutirnet-be]
listen = /var/run/php-certificates-backend-ketupa-neutirnet-be.sock
[certificates-api-ketupa-neutrinet-me]
listen = /var/run/php-certificates-api-ketupa-neutrinet-me.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
......
[ipam-backend-ketupa-neutirnet-be]
listen = /var/run/php-ipam-backend-ketupa-neutirnet-be.sock
[ipam-api-ketupa-neutrinet-me]
listen = /var/run/php-ipam-api-ketupa-neutrinet-me.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
......
[stats-backend-ketupa-neutirnet-be]
listen = /var/run/php-stats-backend-ketupa-neutirnet-be.sock
[stats-api-ketupa-neutrinet-me]
listen = /var/run/php-stats-api-ketupa-neutrinet-me.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
......
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/certificates
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy:
src: certificates-api-ketupa-neutrinet-me.conf
dest: /etc/php/7.4/fpm/pool.d/certificates-api-ketupa-neutrinet-me.conf
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: Create database postgresql
postgresql_db:
name: "ketupa-backend-certificates"
become: yes
become_user: postgres
- name: Create user postgresql
postgresql_user:
db: "ketupa-backend-certificates"
name: "ketupa-backend-certificates"
priv: ALL
password: "password"
become: yes
become_user: postgres
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/ipam
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy:
src: ipam-api-ketupa-neutrinet-me.conf
dest: /etc/php/7.4/fpm/pool.d/ipam-api-ketupa-neutrinet-me.conf
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: Create database postgresql
postgresql_db:
name: "ketupa-backend-ipam"
become: yes
become_user: postgres
- name: Create user postgresql
postgresql_user:
db: "ketupa-backend-ipam"
name: "ketupa-backend-ipam"
priv: ALL
password: "password"
become: yes
become_user: postgres
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/backend/stats
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy:
src: stats-api-ketupa-neutrinet-me.conf
dest: /etc/php/7.4/fpm/pool.d/stats-api-ketupa-neutrinet-me.conf
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: Create database postgresql
postgresql_db:
name: "ketupa-backend-stats"
become: yes
become_user: postgres
- name: Create user postgresql
postgresql_user:
db: "ketupa-backend-stats"
name: "ketupa-backend-stats"
priv: ALL
password: "password"
become: yes
become_user: postgres
- name: copy virtualhost nginx
copy:
src: api-ketupa-vagrant-neutrinet-me.nginx
dest: /etc/nginx/sites-available/api-ketupa-vagrant-neutrinet-me
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart nginx
- name: enable virtualhost nginx
file:
dest: /etc/nginx/sites-enabled/api-ketupa-vagrant-neutrinet-me
src: /etc/nginx/sites-available/api-ketupa-vagrant-neutrinet-me
state: link
notify: restart nginx
[ketupa-vagrant-neutrinet-me]
listen = /var/run/php-ketupa-vagrant-neutrinet-me.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
user = vagrant
group = vagrant
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
pm.max_requests = 500
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[memory_limit] = 256M
php_flag[display_errors] = on
php_admin_value[date.timezone] = Etc/UTC
php_admin_value[max_execution_time] = 900
env[APP_ENV] = "dev"
......@@ -2,12 +2,12 @@ server {
listen 80;
listen [::]:80;
server_name ipam.backend.ketupa.neutirnet.be;
server_name ketupa.vagrant.neutrinet.me;
root /home/vagrant/src/backend/ipam/public;
root /home/vagrant/src/frontend/public;
access_log /var/log/nginx/ipam-backend-ketupa-neutirnet-be-access.log main;
error_log /var/log/nginx/ipam-backend-ketupa-neutirnet-be-error.log;
access_log /var/log/nginx/ketupa-vagrant-neutrinet-me-access.log main;
error_log /var/log/nginx/ketupa-vagrant-neutrinet-me-error.log;
location / {
try_files $uri /index.php$is_args$args;
......@@ -15,7 +15,7 @@ server {
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-ipam-backend-ketupa-neutirnet-be.sock;
fastcgi_pass unix:/var/run/php-ketupa-vagrant-neutrinet-me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
......
- name: Composer install
composer:
command: install
working_dir: /home/vagrant/src/frontend
executable: /usr/bin/php7.4
no_dev: no
become_user: vagrant
- name: copy virtualhost php
copy:
src: ketupa-vagrant-neutrinet-me.conf
dest: /etc/php/7.4/fpm/pool.d/ketupa-vagrant-neutrinet-me.conf
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart php7.4-fpm
- name: copy virtualhost nginx
copy:
src: ketupa-vagrant-neutrinet-me.nginx
dest: /etc/nginx/sites-available/ketupa-vagrant-neutrinet-me
owner: root
group: root
mode: "u+rw,g+r,o+r"
notify: restart nginx
- name: enable virtualhost nginx
file:
dest: /etc/nginx/sites-enabled/ketupa-vagrant-neutrinet-me
src: /etc/nginx/sites-available/ketupa-vagrant-neutrinet-me
state: link
notify: restart nginx
- name: Create database postgresql
postgresql_db:
name: "ketupa-frontend"
become: yes
become_user: postgres
- name: Create user postgresql
postgresql_user:
db: "ketupa-frontend"
name: "ketupa-frontend"
priv: ALL
password: "password"
become: yes
become_user: postgres
......@@ -20,7 +20,7 @@
- name: Install php7.4
apt:
name: [php7.4-fpm, php7.4-bcmath, php7.4-bz2, php7.4-cli, php7.4-curl, php7.4-gd, php7.4-intl, php7.4-json, php7.4-mbstring, php7.4-opcache, php7.4-soap, php7.4-tidy, php7.4-xml, php7.4-zip, php7.4-mysql, php-xdebug]
name: [php7.4-fpm, php7.4-bcmath, php7.4-bz2, php7.4-cli, php7.4-curl, php7.4-gd, php7.4-intl, php7.4-json, php7.4-mbstring, php7.4-opcache, php7.4-soap, php7.4-tidy, php7.4-xml, php7.4-zip, php7.4-mysql, php-xdebug, php7.4-gmp]
state: present