145 lines
3.7 KiB
YAML
145 lines
3.7 KiB
YAML
---
|
|
# file: roles/nginx_cluster/tasks/main.yml
|
|
|
|
- name: Install EPEL RPM
|
|
package:
|
|
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
|
|
state: present
|
|
disable_gpg_check: True
|
|
when: ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux' or ansible_distribution == 'Rocky'
|
|
tags: packages
|
|
|
|
- name: Install remi RPM
|
|
package:
|
|
name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm
|
|
state: present
|
|
disable_gpg_check: True
|
|
tags: packages
|
|
|
|
- name: Enable DNF module for php
|
|
shell: "dnf module enable -y php:remi-{{ nginx_cluster_php_version }}"
|
|
register: dnf_module_enable
|
|
changed_when: "'Nothing to do' not in dnf_module_enable.stdout"
|
|
|
|
- name: Install prereq packages
|
|
package:
|
|
name:
|
|
- nginx
|
|
- php
|
|
- php-mysqlnd
|
|
- lsyncd
|
|
state: latest
|
|
tags: packages
|
|
|
|
- name: Install additional packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: latest
|
|
loop: "{{ nginx_cluster_additional_packages | default([], true) }}"
|
|
tags: packages
|
|
|
|
- name: Create a symbolic link for host cert
|
|
file:
|
|
src: "/etc/ssl/{{ ansible_hostname }}"
|
|
dest: "/etc/ssl/host"
|
|
state: link
|
|
|
|
- name: Create temp directory
|
|
file:
|
|
path: "{{ nginx_cluster_temp_dir }}"
|
|
state: directory
|
|
owner: "{{ nginx_cluster_user }}"
|
|
group: "{{ nginx_cluster_user }}"
|
|
mode: '700'
|
|
|
|
- name: Create sync directory
|
|
file:
|
|
path: "{{ nginx_cluser_sync_site_dir }}"
|
|
state: directory
|
|
owner: "nginx"
|
|
group: "nginx"
|
|
mode: '755'
|
|
|
|
- name: Generate ssh keypair for cluster communication
|
|
user:
|
|
name: "{{ nginx_cluster_user }}"
|
|
generate_ssh_key: yes
|
|
ssh_key_type: ed25519
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: "{{ nginx_cluster_private_key }}"
|
|
ssh_key_passphrase: ""
|
|
force: no
|
|
|
|
- name: Get the public key
|
|
slurp:
|
|
src: "{{ nginx_cluster_private_key }}.pub"
|
|
register: slurped_pub_key
|
|
|
|
- name: Decode the pub key and store as fact
|
|
set_fact:
|
|
nginx_cluster_public_key: "{{ slurped_pub_key.content | b64decode }}"
|
|
|
|
- name: Setup access for other servers
|
|
include_tasks: setup-server.yml
|
|
loop: "{{ groups['nginx_cluster']|difference([inventory_hostname]) }}"
|
|
loop_control:
|
|
extended: yes
|
|
|
|
- name: Create variable of other members IPs to be included into the cluster
|
|
set_fact: nodelist={%for host in groups['nginx_cluster']|difference([inventory_hostname])%}"{{hostvars[host].ansible_host}}"{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
- name: Update lsyncd config
|
|
template:
|
|
src: "lsynd.conf.j2"
|
|
dest: "/etc/lsyncd.conf"
|
|
notify: Restart lsyncd
|
|
|
|
- name: Allow web server to listen on tcp port
|
|
seport:
|
|
ports: "{{ item }}"
|
|
proto: tcp
|
|
setype: http_port_t
|
|
state: present
|
|
loop: "{{ nginx_cluster_open_ports | default([], true) }}"
|
|
|
|
- name: Set selinux flags
|
|
seboolean:
|
|
name: "{{ item }}"
|
|
state: true
|
|
persistent: true
|
|
loop: "{{ nginx_cluster_sebool | default([], true) }}"
|
|
|
|
- name: Start and enable lsyncd
|
|
service:
|
|
name: lsyncd
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Start and enable nginx
|
|
service:
|
|
name: nginx
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Start and enable php
|
|
service:
|
|
name: php-fpm
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Enable firewall for access IPs
|
|
include_tasks: firewall.yml
|
|
loop: "{{ nginx_cluster_access_ip | default([], true) }}"
|
|
loop_control:
|
|
loop_var: access_ip
|
|
when: nginx_cluster_access_ip != ""
|
|
|
|
- name: Enable firewall rules
|
|
firewalld:
|
|
port: "{{ item }}/tcp"
|
|
permanent: yes
|
|
immediate: yes
|
|
state: enabled
|
|
notify: Reload firewalld
|
|
loop: "{{ nginx_cluster_open_ports | default([], true) }}"
|
|
when: nginx_cluster_access_ip == ""
|