Ansible-Nginx-Cluster/roles/nginx_cluster/tasks/main.yml

---
# file: roles/nginx_cluster/tasks/main.yml

- name: Install EPEL RPM
  package:
    name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present
    disable_gpg_check: True
  when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
  tags: packages

- name: Install remi RPM
  package:
    name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm
    state: present
    disable_gpg_check: True
  tags: packages

- name: Enable DNF module for php
  shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}"
  register: dnf_module_enable
  changed_when: "'Nothing to do' not in dnf_module_enable.stdout"

- name: Install prereq packages
  package:
    name:
      - nginx
      - php
      - php-mysqlnd
      - lsyncd
    state: latest
  tags: packages

- name: Install additional packages
  package:
    name: "{{ item }}"
    state: latest
  loop: "{{ nginx_cluster_aditional_packages }}"
  tags: packages
    
- name: Create a symbolic link for host cert
  file:
    src: "/etc/ssl/{{ ansible_hostname }}"
    dest: "/etc/ssl/host"
    state: link

- name: Create temp directory
  file:
    path: "{{ nginx_cluster_temp_dir }}"
    state: directory
    owner: "{{ nginx_cluster_user }}"
    group: "{{ nginx_cluster_user }}"
    mode: '700'

- name: Create sync directory
  file:
    path: "{{ nginx_cluser_sync_site_dir }}"
    state: directory
    owner: "nginx"
    group: "nginx"
    mode: '755'

- name: Generate ssh keypair for cluster communication
  user:
    name: "{{ nginx_cluster_user }}"
    generate_ssh_key: yes
    ssh_key_type: ed25519
    ssh_key_bits: 4096
    ssh_key_file: "{{ nginx_cluster_private_key }}"
    ssh_key_passphrase: ""
    force: no

- name: Get the public key
  slurp:
    src: "{{ nginx_cluster_private_key }}.pub"
  register: slurped_pub_key

- name: Decode the pub key and store as fact
  set_fact:
    nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"

- name: Setup access for other servers
  include_tasks: setup-server.yml
  loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
  loop_control:
    extended: yes

- name: Create variable of other members IPs to be included into the cluster
  set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}

- name: Update lsyncd config
  template:
    src: "lsynd.conf.j2"
    dest: "/etc/lsyncd.conf"
  notify: Restart lsyncd

- name: Allow web server to listen on tcp port
  seport:
    ports: "{{ item }}"
    proto: tcp
    setype: http_port_t
    state: present
  loop: "{{ nginx_cluster_open_ports }}"

- name: Set selinux flags
  seboolean:
    name: "{{ item }}"
    state: true
    persistent: true
  loop: "{{ nginx_cluster_sebool }}"
  when: nginx_cluster_sebool != ''

- name: Start and enable lsyncd
  service:
    name: lsyncd
    state: started
    enabled: yes

- name: Start and enable nginx
  service:
    name: nginx
    state: started
    enabled: yes

- name: Start and enable php
  service:
    name: php-fpm
    state: started
    enabled: yes

- name: Enable firewall for access IPs
  include_tasks: firewall.yml
  loop: "{{ nginx_cluster_access_ip }}"
  loop_control:
    loop_var: access_ip
  when: nginx_cluster_access_ip != ""

- name: Enable firewall rules
  firewalld:
    port: "{{ item }}/tcp"
    permanent: yes
    immediate: yes
    state: enabled
  notify: Reload firewalld
  loop: "{{ nginx_cluster_open_ports }}"
  when: nginx_cluster_access_ip == ""
Initial commit 2023-01-18 14:42:02 -07:00			`---`
			`# file: roles/nginx_cluster/tasks/main.yml`

			`- name: Install EPEL RPM`
			`package:`
			`name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"`
			`state: present`
			`disable_gpg_check: True`
			`when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'`
Adding configuration options 2024-08-01 13:47:09 -06:00			`tags: packages`

			`- name: Install remi RPM`
			`package:`
			`name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm`
			`state: present`
			`disable_gpg_check: True`
			`tags: packages`

			`- name: Enable DNF module for php`
			`shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}"`
			`register: dnf_module_enable`
			`changed_when: "'Nothing to do' not in dnf_module_enable.stdout"`
Initial commit 2023-01-18 14:42:02 -07:00
			`- name: Install prereq packages`
			`package:`
			`name:`
			`- nginx`
			`- php`
Adding php-mysqlnd package 2023-02-03 09:36:42 -07:00			`- php-mysqlnd`
Initial commit 2023-01-18 14:42:02 -07:00			`- lsyncd`
			`state: latest`
Adding configuration options 2024-08-01 13:47:09 -06:00			`tags: packages`

			`- name: Install additional packages`
			`package:`
			`name: "{{ item }}"`
			`state: latest`
			`loop: "{{ nginx_cluster_aditional_packages }}"`
			`tags: packages`

			`- name: Create a symbolic link for host cert`
			`file:`
			`src: "/etc/ssl/{{ ansible_hostname }}"`
			`dest: "/etc/ssl/host"`
			`state: link`
Initial commit 2023-01-18 14:42:02 -07:00
			`- name: Create temp directory`
			`file:`
			`path: "{{ nginx_cluster_temp_dir }}"`
			`state: directory`
			`owner: "{{ nginx_cluster_user }}"`
			`group: "{{ nginx_cluster_user }}"`
			`mode: '700'`

			`- name: Create sync directory`
			`file:`
			`path: "{{ nginx_cluser_sync_site_dir }}"`
			`state: directory`
			`owner: "nginx"`
			`group: "nginx"`
			`mode: '755'`

			`- name: Generate ssh keypair for cluster communication`
			`user:`
			`name: "{{ nginx_cluster_user }}"`
			`generate_ssh_key: yes`
			`ssh_key_type: ed25519`
			`ssh_key_bits: 4096`
			`ssh_key_file: "{{ nginx_cluster_private_key }}"`
			`ssh_key_passphrase: ""`
			`force: no`

			`- name: Get the public key`
			`slurp:`
			`src: "{{ nginx_cluster_private_key }}.pub"`
			`register: slurped_pub_key`

			`- name: Decode the pub key and store as fact`
			`set_fact:`
			`nginx_cluster_public_key: "{{ slurped_pub_key.content \| b64decode }}"`

			`- name: Setup access for other servers`
			`include_tasks: setup-server.yml`
			`loop: "{{ groups['nginx_cluster']\|difference([inventory_hostname]) }}"`
			`loop_control:`
			`extended: yes`

			`- name: Create variable of other members IPs to be included into the cluster`
			`set_fact: nodelist={%for host in groups['nginx_cluster']\|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}`

			`- name: Update lsyncd config`
			`template:`
			`src: "lsynd.conf.j2"`
			`dest: "/etc/lsyncd.conf"`
			`notify: Restart lsyncd`

Adding configuration options 2024-08-01 13:47:09 -06:00			`- name: Allow web server to listen on tcp port`
			`seport:`
			`ports: "{{ item }}"`
			`proto: tcp`
			`setype: http_port_t`
			`state: present`
			`loop: "{{ nginx_cluster_open_ports }}"`

			`- name: Set selinux flags`
			`seboolean:`
			`name: "{{ item }}"`
			`state: true`
			`persistent: true`
			`loop: "{{ nginx_cluster_sebool }}"`
Sebool 2024-11-24 21:10:48 -07:00			`when: nginx_cluster_sebool != ''`
Adding configuration options 2024-08-01 13:47:09 -06:00
Initial commit 2023-01-18 14:42:02 -07:00			`- name: Start and enable lsyncd`
			`service:`
			`name: lsyncd`
			`state: started`
			`enabled: yes`

			`- name: Start and enable nginx`
			`service:`
			`name: nginx`
			`state: started`
Adding enabled command 2023-01-23 06:20:29 -07:00			`enabled: yes`
Initial commit 2023-01-18 14:42:02 -07:00
			`- name: Start and enable php`
			`service:`
			`name: php-fpm`
			`state: started`
Adding enabled command 2023-01-23 06:20:29 -07:00			`enabled: yes`
Adding configuration options 2024-08-01 13:47:09 -06:00
			`- name: Enable firewall for access IPs`
			`include_tasks: firewall.yml`
			`loop: "{{ nginx_cluster_access_ip }}"`
			`loop_control:`
			`loop_var: access_ip`
			`when: nginx_cluster_access_ip != ""`

			`- name: Enable firewall rules`
			`firewalld:`
			`port: "{{ item }}/tcp"`
			`permanent: yes`
			`immediate: yes`
			`state: enabled`
			`notify: Reload firewalld`
			`loop: "{{ nginx_cluster_open_ports }}"`
			`when: nginx_cluster_access_ip == ""`