Tyler/Ansible-Nginx-Cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Ansible-Nginx-Cluster/roles/nginx_cluster/tasks/main.yml

146 lines
3.6 KiB
YAML
Raw Permalink Blame History

---
# file: roles/nginx_cluster/tasks/main.yml
- name: Install EPEL RPM
package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
disable_gpg_check: True
when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
tags: packages
- name: Install remi RPM
package:
name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm
state: present
disable_gpg_check: True
tags: packages
- name: Enable DNF module for php
shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}"
register: dnf_module_enable
changed_when: "'Nothing to do' not in dnf_module_enable.stdout"
- name: Install prereq packages
package:
name:
- nginx
- php
- php-mysqlnd
- lsyncd
state: latest
tags: packages
- name: Install additional packages
package:
name: "{{ item }}"
state: latest
loop: "{{ nginx_cluster_aditional_packages }}"
tags: packages
- name: Create a symbolic link for host cert
file:
src: "/etc/ssl/{{ ansible_hostname }}"
dest: "/etc/ssl/host"
state: link
- name: Create temp directory
file:
path: "{{ nginx_cluster_temp_dir }}"
state: directory
owner: "{{ nginx_cluster_user }}"
group: "{{ nginx_cluster_user }}"
mode: '700'
- name: Create sync directory
file:
path: "{{ nginx_cluser_sync_site_dir }}"
state: directory
owner: "nginx"
group: "nginx"
mode: '755'
- name: Generate ssh keypair for cluster communication
user:
name: "{{ nginx_cluster_user }}"
generate_ssh_key: yes
ssh_key_type: ed25519
ssh_key_bits: 4096
ssh_key_file: "{{ nginx_cluster_private_key }}"
ssh_key_passphrase: ""
force: no
- name: Get the public key
slurp:
src: "{{ nginx_cluster_private_key }}.pub"
register: slurped_pub_key
- name: Decode the pub key and store as fact
set_fact:
nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"
- name: Setup access for other servers
include_tasks: setup-server.yml
loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
loop_control:
extended: yes
- name: Create variable of other members IPs to be included into the cluster
set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}
- name: Update lsyncd config
template:
src: "lsynd.conf.j2"
dest: "/etc/lsyncd.conf"
notify: Restart lsyncd
- name: Allow web server to listen on tcp port
seport:
ports: "{{ item }}"
proto: tcp
setype: http_port_t
state: present
loop: "{{ nginx_cluster_open_ports }}"
- name: Set selinux flags
seboolean:
name: "{{ item }}"
state: true
persistent: true
loop: "{{ nginx_cluster_sebool }}"
when: nginx_cluster_sebool != ""
- name: Start and enable lsyncd
service:
name: lsyncd
state: started
enabled: yes
- name: Start and enable nginx
service:
name: nginx
state: started
enabled: yes
- name: Start and enable php
service:
name: php-fpm
state: started
enabled: yes
- name: Enable firewall for access IPs
include_tasks: firewall.yml
loop: "{{ nginx_cluster_access_ip }}"
loop_control:
loop_var: access_ip
when: nginx_cluster_access_ip != ""
- name: Enable firewall rules
firewalld:
port: "{{ item }}/tcp"
permanent: yes
immediate: yes
state: enabled
notify: Reload firewalld
loop: "{{ nginx_cluster_open_ports }}"
when: nginx_cluster_access_ip == ""
Reference in a new issue View git blame Copy permalink