bronsen/learn-ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: bronsen:05e10e6a653953cf83f8823356b86552e0784f22
Branches Tags
bronsen:main
..
compare: bronsen:e3915185813935ae6bfd23d0b5d90899c82af9b2
Branches Tags
bronsen:main

No commits in common. "05e10e6a653953cf83f8823356b86552e0784f22" and "e3915185813935ae6bfd23d0b5d90899c82af9b2" have entirely different histories.
05e10e6a65 ... e391518581

9 changed files with 2 additions and 275 deletions
Download patch file Download diff file Expand all files Collapse all files

9
NOTES.md
View file

@ -1,9 +0,0 @@
---
title: Notes
---
## Show ALL possible configuration options for ansible
```shell
ansible-config init --disabled -t all > demo-all.cfg
```

38
TODO.md
View file

@ -1,38 +0,0 @@
---
title: Things that ought to be done
description: Todo items in lists, and lists themselves, are not prioritised
---
- [ ] write first playbook
- [ ] install postgres on "database_servers"
- [ ] become "postgres", not root
- [ ] create db schema and user for the django project
- [ ] install some django project via git on "application_servers"
- [ ] avoid using git&python as root
- [ ] use caddy server instead of nginx
- [ ] allow "application_servers" to conntect to "database_servers"
- [ ] `./manage.py check` should pass as well
- [ ] make playbook available via "just deploy"
- [ ] add just targets for testing/linting
- [ ] make just use "dry run" by default
- [x] change from .ini to .yaml (because of better highlighting)
- [ ] create backups (sql dump) or snapshot of postgres DB
- [ ] make it available via "just backup"
- [ ] install docker
- [ ] install some test image and run it
- [ ] set up virtual machine stuff
- [ ] run some OS in such a VM
- VM in a VM: does that work on local test?
- [ ] change setup of that virtualised VM
- [ ] install a software and change its configuration (via ansible?)
- [ ] deploy local Raspberry pi
- [ ] NAS
- [ ] media player
- [ ] pi hole

16
Vagrantfile vendored
View file

@ -23,19 +23,3 @@ Vagrant.configure("2") do |config|
db.vm.network :private_network, ip: "192.168.60.6"
end
end
Vagrant.configure("2") do |config|
config.vm.box = "generic/debian12"
config.ssh.insert_key = false
config.vm.synced_folder "." "/vagrant", disabled: true
config.vm.provider :virtualbox do |v|
v.memory = 512
v.linked_clone = true
end
config.vm.define "deb" do |app|
app.vm.hostname = "deb.test"
app.vm.network :private_network, ip: "192.168.60.7"
end
end

1
ansible.cfg
View file

@ -2,4 +2,3 @@
inventory = hosts.yaml
gathering = smart
transport = ssh
pipelining = true

9
hosts.yaml
View file

@ -1,4 +1,4 @@
all:
multi:
vars:
ansible_host: "127.0.0.1"
ansible_ssh_user: "vagrant"
@ -9,7 +9,7 @@ all:
# hide all warnings regarding the discovered python interpreters on the remote side
# https://docs.ansible.com/ansible-core/2.18/reference_appendices/interpreter_discovery.html
ansible_python_interpreter: "auto_silent"
multi:
children:
application_servers:
database_servers:
@ -26,8 +26,3 @@ database_servers:
ansible_ssh_port: 2201
ansible_become_user: "postgres"
debian:
hosts:
deb:
ansible_host: 127.0.0.1
ansible_ssh_port: 2202

7
justfile
View file

@ -1,11 +1,4 @@
default: check
default_playbook := "playbooks/default.yaml"
default_inventory := "./hosts.yaml"
deps:
pip-compile-multi \
--generate-hashes base \
--header requirements/_header_text
check playbook=playbook inventory=default_inventory:
ansible-playbook {{playbook}} --inventory={{inventory}} --check

183
playbooks/playbook.yaml
View file

@ -1,183 +0,0 @@
---
- name: Follow Tutorial
hosts: debian
become: true
vars_files:
- vars.yaml
pre_tasks:
- name: Update apt cache if needed
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
handlers:
- name: restart apache
ansible.builtin.service:
name: apache2
state: restarted
tasks:
- name: Get software for apt repository management
ansible.builtin.apt:
state: present
name:
- python3-apt
- python3-pycurl
- name: "Install Apache, MySQL, PHP, and other dependencies"
ansible.builtin.apt:
state: present
name:
- acl
- git
- curl
- unzip
- sendmail
- apache2
- php8.2-common
- php8.2-cli
- php8.2-dev
- php8.2-gd
- php8.2-curl
- php8.2-opcache
- php8.2-xml
- php8.2-mbstring
- php8.2-pdo
- php8.2-mysql
- php8.2-apcu
- libpcre3-dev
- libapache2-mod-php8.2
- python3-mysqldb
- default-mysql-server
- name: Install the firewall
ansible.builtin.apt:
name: ufw
state: present
- name: Disable the firewall (since this is for local dev only).
ansible.builtin.service:
name: ufw
state: stopped
- name: "Start Apache, MySQL, and PHP."
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: true
loop:
- apache2
- mysql
- name: Enable Apache rewrite module (required for Drupal).
community.general.apache2_module:
name: rewrite
state: present
notify: restart apache
- name: Add Apache virtualhost for Drupal.
ansible.builtin.template:
src: "templates/drupal.test.conf.j2"
dest: "/etc/apache2/sites-available/{{ domain }}.test.conf"
owner: root
group: root
mode: "0664"
notify: restart apache
- name: Enable Drupal site.
ansible.builtin.command: >
a2ensite {{ domain }}.test
creates=/etc/apache2/sites-enabled/{{ domain }}.test.conf
notify: restart apache
- name: Disable the default site.
ansible.builtin.command: >
a2dissite 000-default
removes=/etc/apache2/sites-enabled/000-default.conf
notify: restart apache
- name: Adjust OpCache memory setting.
ansible.builtin.lineinfile:
dest: "/etc/php/8.2/apache2/conf.d/10-opcache.ini"
regexp: "^opcache/memory_consumption"
line: "opcache.memory_consumption = 96"
state: present
notify: restart apache
- name: Create a MySQL database for Drupal.
community.mysql.mysql_db:
db: "{{ domain }}"
state: present
- name: Create a MySQL user for Drupal.
community.mysql.mysql_user:
name: "{{ domain }}"
password: "1234"
priv: "{{ domain }}.*:ALL"
host: localhost
state: present
- name: Download Composer installer.
ansible.builtin.get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-installer.php
mode: "0755"
- name: Run Composer installer.
ansible.builtin.command: >
php composer-installer.php
chdir=/tmp
creates=/usr/local/bin/composer
- name: Mov Composer into globally-accessible location.
ansible.builtin.command: >
mv /tmp/composer.phar /usr/local/bin/composer
creates=/usr/local/bin/composer
- name: Ensure Drupal directory exists.
ansible.builtin.file:
path: "{{ drupal_core_path }}"
state: directory
owner: www-data
group: www-data
- name: Check if Drupal project already exists.
ansible.builtin.stat:
path: "{{ drupal_core_path }}/composer.json"
register: drupal_composer_json
- name: Create Drupal project.
community.general.composer:
command: create-project
arguments: drupal/recommended-project:^9 "{{ drupal_core_path }}"
working_dir: "{{ drupal_core_path }}"
no_dev: true
become_user: www-data
when: not drupal_composer_json.stat.exists
- name: Ensure cache dir is writable by www-data.
ansible.builtin.file:
dest: "/var/www/.cache"
state: directory
group: www-data
owner: www-data
mode: "0755"
- name: Add drush to the Drupal site with composer.
community.general.composer:
command: require
arguments: "drush/drush:^11"
working_dir: "{{ drupal_core_path }}"
become_user: www-data
when: not drupal_composer_json.stat.exists
- name: Install Drupal
ansible.builtin.command: >
vendor/bin/drush si -y --site-name="{{ drupal_site_name }}"
--account-name=admin
--account-pass=admin
--db-url=mysql:://{{ domain }}:1234@localhost/{{ domain }}
--root={{ drupal_core_path }}/web
chdir={{ drupal_core_path }}
creates={{ drupal_core_path }}/web/sites/default/settings.php
notify: restart apache
become_user: www-data

10
playbooks/templates/drupal.test.conf.j2
View file

@ -1,10 +0,0 @@
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName {{ domain }}.test
ServerAlias www.{{ domain }}.test
DocumentRoot {{ drupal_core_path }}/web
<Directory "{{ drupal_core_path }}/web">
Options FollowSymlinks Indexes
AllowOverride All
</Directory>
</VirtualHost>

4
playbooks/vars.yaml
View file

@ -1,4 +0,0 @@
---
drupal_core_path: "/var/www/drupal"
domain: "drupal"
drupal_site_name: "Drupal Test"