1 - Installation d'Ansible
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install ansible sshpass
2 - Paramétrage d'Ansible
Création d'un dossier qui va contenir la configuration de notre hôte :
cd
mkdir webapp
Ce dossier va contenir les fichiers suivants :
- ansible.cfg
- hosts
- playbook.yml
- virtualhost.conf
Création du fichier ansible.cfg :
cd webapp
nano ansible.cfg
[defaults]
hostfile = ./hosts
host_key_checking = False
Création du fichier hosts :
nano hosts
HOSTNAME ansible_ssh_host=HOST_IP ansible_ssh_user=USER ansible_ssh_pass=PASSWORD host_key_checking=false
Création du fichier playbook.yml :
nano playbook.yml
---
- hosts: all
sudo: true
vars:
domain: webapp.local
app_name: frontside
handlers:
- name: restart postgresql
service: name=postgresql state=restarted
- name: restart nginx
service: name=nginx state=restarted
- name: restart php-fpm
service: name=php7.2-fpm state=restarted
tasks:
- name: Mise à jour de l'apt cache
apt: update_cache=yes
- name: installer aptitude
apt: name=aptitude state=present
- name: Mise à jour système
apt: upgrade=full
- name: installer curl
apt: name=curl state=present
- name: installer htop
apt: name=htop state=present
- name: installer zip
apt: name=zip state=present
- name: installer git
apt: name=git state=present
- name: installer memcached
apt: name=memcached state=present
- name: installer nginx
apt: name=nginx state=present
- name: installer ca-certificates
apt: name=ca-certificates state=present
- name: installer lsb-release
apt: name=lsb-release state=present
- name: installer apt-transport-https
apt: name=apt-transport-https state=present
- name: Add an Apt signing key, uses whichever key is at the URL
apt_key:
url: https://packages.sury.org/php/apt.gpg
state: present
validate_certs: no
- apt_repository:
repo: deb https://packages.sury.org/php/ stretch main
state: present
- name: Mise à jour de l'apt cache
apt: update_cache=yes
# PHP 7.2
- name: installer php7.2
apt: name=php7.2 state=present
- name: installer php7.2-common
apt: name=php7.2-common state=present
- name: installer php7.2-fpm
apt: name=php7.2-fpm state=present
- name: php7.2-cli
apt: name=php7.2-cli state=present
- name: php7.2-dom
apt: name=php7.2-dom state=present
- name: php7.2-xmlrpc
apt: name=php7.2-xmlrpc state=present
- name: php7.2-mbstring
apt: name=php7.2-mbstring state=present
- name: php7.2-intl
apt: name=php7.2-intl state=present
- name: php7.2-pgsql
apt: name=php7.2-pgsql state=present
- name: installer php7.2-memcached
apt: name=php7.2-memcached state=present
- name: installer php7.2-curl
apt: name=php7.2-curl state=present
# NGINX activate
- name: create vhost
template: src=virtualhost.conf dest=/etc/nginx/sites-available/{{ app_name }}
- name: activate site
command: ln -s /etc/nginx/sites-available/{{ app_name }} /etc/nginx/sites-enabled/{{ app_name }}
args:
creates: /etc/nginx/sites-available/{{ app_name }}
notify:
- restart nginx
- restart php-fmp
# PostgreSQL 9.x
- name: installer postgresql
apt: name=postgresql state=present
- name: installer postgresql-contrib-9*
apt: name=postgresql-contrib-9* state=present
- name: Start PostgreSQL and enable at boot
service:
name=postgresql
enabled=yes
state=started
# Params PostgreSQL
- name: Accept external hosts
lineinfile:
dest=/etc/postgresql/9.6/main/pg_hba.conf
regexp='host\s+all\s+all\s+127.0.0.1/32\s+md5'
line='host all all 192.168.0.0/24 md5'
insertbefore=BOF
notify: restart postgresql
- name: Modify bind local adress postgresql
lineinfile:
dest=/etc/postgresql/9.6/main/postgresql.conf
regexp='#listen_addresses = 'localhost''
line='listen_addresses = '*''
insertbefore=BOF
notify: restart postgresql
Création du template VHOST :
sudo nano virtualhost.conf
server {
server_name {{ domain }};
root /var/www/{{ app_name }}/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#fastcgi_pass unix:/var/run/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
#include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#fastcgi_pass unix:/var/run/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
#include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
3 - Création du fichier Vagrantfile
On crée un fichier Vagrantfile basé sur une box Debian 9.4 [cf tutoriel installation Vagrant]
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = "Debian940"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network", ip: "192.168.0.125"
#config.vm.network "public_network", ip: "172.20.10.5"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "4096"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
# such as FTP and Heroku are also available. See the documentation at
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
# config.push.define "atlas" do |push|
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
# end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
end
end
4 - Exécution de la VM
Se positionner dans le dossier webapp.
vagrant up