--- # file: roles/nginx_cluster/tasks/main.yml - name: Install EPEL RPM package: name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" state: present disable_gpg_check: True when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky' tags: packages - name: Install remi RPM package: name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm state: present disable_gpg_check: True tags: packages - name: Enable DNF module for php shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}" register: dnf_module_enable changed_when: "'Nothing to do' not in dnf_module_enable.stdout" - name: Install prereq packages package: name: - nginx - php - php-mysqlnd - lsyncd state: latest tags: packages - name: Install additional packages package: name: "{{ item }}" state: latest loop: "{{ nginx_cluster_aditional_packages }}" tags: packages - name: Create a symbolic link for host cert file: src: "/etc/ssl/{{ ansible_hostname }}" dest: "/etc/ssl/host" state: link - name: Create temp directory file: path: "{{ nginx_cluster_temp_dir }}" state: directory owner: "{{ nginx_cluster_user }}" group: "{{ nginx_cluster_user }}" mode: '700' - name: Create sync directory file: path: "{{ nginx_cluser_sync_site_dir }}" state: directory owner: "nginx" group: "nginx" mode: '755' - name: Generate ssh keypair for cluster communication user: name: "{{ nginx_cluster_user }}" generate_ssh_key: yes ssh_key_type: ed25519 ssh_key_bits: 4096 ssh_key_file: "{{ nginx_cluster_private_key }}" ssh_key_passphrase: "" force: no - name: Get the public key slurp: src: "{{ nginx_cluster_private_key }}.pub" register: slurped_pub_key - name: Decode the pub key and store as fact set_fact: nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}" - name: Setup access for other servers include_tasks: setup-server.yml loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}" loop_control: extended: yes - name: Create variable of other members IPs to be included into the cluster set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %} - name: Update lsyncd config template: src: "lsynd.conf.j2" dest: "/etc/lsyncd.conf" notify: Restart lsyncd - name: Allow web server to listen on tcp port seport: ports: "{{ item }}" proto: tcp setype: http_port_t state: present loop: "{{ nginx_cluster_open_ports }}" - name: Set selinux flags seboolean: name: "{{ item }}" state: true persistent: true loop: "{{ nginx_cluster_sebool }}" when: nginx_cluster_sebool != "" - name: Start and enable lsyncd service: name: lsyncd state: started enabled: yes - name: Start and enable nginx service: name: nginx state: started enabled: yes - name: Start and enable php service: name: php-fpm state: started enabled: yes - name: Enable firewall for access IPs include_tasks: firewall.yml loop: "{{ nginx_cluster_access_ip }}" loop_control: loop_var: access_ip when: nginx_cluster_access_ip != "" - name: Enable firewall rules firewalld: port: "{{ item }}/tcp" permanent: yes immediate: yes state: enabled notify: Reload firewalld loop: "{{ nginx_cluster_open_ports }}" when: nginx_cluster_access_ip == ""