Add ansible stuff

2019-12-05 12:16:37 +00:00 · 2019-12-05 12:16:37 +00:00 · 23fcf88ad9
parent bbb4a9c666
commit 23fcf88ad9
21 changed files with 319 additions and 0 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,7 @@
 [defaults]
 inventory = tools/ansible/hosts.yml
 nocows = True
 private_key_file = .vagrant/machines/dransible/virtualbox/private_key
 remote_user = vagrant
 retry_files_enabled = False
 vault_password_file = tools/ansible/vault-password.txt
--- a/config/sync/.gitkeep
+++ b/config/sync/.gitkeep
--- a/tools/ansible/deploy.yml
+++ b/tools/ansible/deploy.yml
@ -0,0 +1,24 @@
 ---
 - hosts: webservers
  become: true
  roles:
    - ansistrano.deploy
  vars_files:
    - vars/provision_vault.yml
    - vars/deploy_vault.yml
    - vars/vars.yml
    - vars/provision_vars.yml
    - vars/deploy_vars.yml
  vars:
    ansistrano_deploy_via: "rsync"
    ansistrano_deploy_from: "{{ playbook_dir }}/../../"
    ansistrano_deploy_to: "{{ project_deploy_path }}"
    ansistrano_keep_releases: 5
    ansistrano_after_symlink_shared_tasks_file: "{{ playbook_dir }}/deploy/after-symlink-shared.yml"
    ansistrano_after_symlink_tasks_file: "{{ playbook_dir }}/deploy/after-symlink.yml"
    ansistrano_after_update_code_tasks_file: "{{ playbook_dir }}/deploy/after-update-code.yml"
    ansistrano_shared_paths:
      - "{{ project_web_root }}/sites/default/files"
--- a/tools/ansible/deploy/after-symlink-shared.yml
+++ b/tools/ansible/deploy/after-symlink-shared.yml
@ -0,0 +1,12 @@
 ---
 - name: Install Drupal
  command: |
    {{ release_drush_path }} site-install config_installer -y
    --account-pass=admin123
  args:
    chdir: '{{ release_drupal_path }}'
 - name: Rebuild cache
  command: '{{ release_drush_path }} cache-rebuild'
  args:
    chdir: '{{ release_drupal_path }}'
--- a/tools/ansible/deploy/after-symlink.yml
+++ b/tools/ansible/deploy/after-symlink.yml
@ -0,0 +1,22 @@
 ---
 - name: Update directory permissions
  file:
    path: '{{ item.path }}'
    mode: '{{ item.mode }}'
    state: directory
    owner: vagrant
    group: www-data
    recurse: true
  loop:
    - path: '{{ release_drupal_path }}'
      mode: u=rwX,g=rX,o=
    - path: '{{ ansistrano_shared_path }}/{{ project_web_root }}/sites/default/files'
      mode: ug=rwX,o=
 - name: Update file permissions
  file:
    path: '{{ release_drupal_path }}/sites/default/settings.php'
    mode: ug=r,o=
    state: file
    owner: vagrant
    group: www-data
--- a/tools/ansible/deploy/after-update-code.yml
+++ b/tools/ansible/deploy/after-update-code.yml
@ -0,0 +1,9 @@
 ---
 - name: Install Composer dependencies
  composer:
    command: install
    working_dir: '{{ ansistrano_release_path.stdout }}'
 - name: Generate settings.php file
  include_role:
    name: './roles/drupal-settings'
--- a/tools/ansible/hosts.yml
+++ b/tools/ansible/hosts.yml
@ -0,0 +1,5 @@
 all:
  hosts:
    webservers:
      ansible_ssh_host: 192.168.33.10
      ansible_ssh_port: 22
--- a/tools/ansible/provision.yml
+++ b/tools/ansible/provision.yml
@ -0,0 +1,36 @@
 ---
 - hosts: webservers
  name: Provision the webserver machines
  become: true
  roles:
    - role: geerlingguy.apache
      tags: [web]
    - role: geerlingguy.mysql
      tags: [mysql]
    - role: geerlingguy.php-versions
      tags: [php]
    - role: geerlingguy.php
      tags: [php]
    - role: geerlingguy.php-mysql
      tags: [php, mysql]
    - role: geerlingguy.composer
      tags: [php, composer]
  vars_files:
    - vars/provision_vault.yml
    - vars/vars.yml
    - vars/provision_vars.yml
  tasks:
    - name: Create a database
      mysql_db:
        name: '{{ database_name }}'
        state: present
    - name: Add the database user
      mysql_user:
        name: '{{ database_user }}'
        password: '{{ database_password }}'
        priv: '*.*:ALL'
        state: present
--- a/tools/ansible/requirements.yml
+++ b/tools/ansible/requirements.yml
@ -0,0 +1,17 @@
 ---
 - src: ansistrano.deploy
  version: 3.0.1
 - src: ansistrano.rollback
  version: 3.0.0
 - src: geerlingguy.apache
  version: 3.0.3
 - src: geerlingguy.composer
  version: 1.7.3
 - src: geerlingguy.mysql
  version: 2.9.4
 - src: geerlingguy.php
  version: 3.7.0
 - src: geerlingguy.php-versions
  version: 4.0.2
 - src: geerlingguy.php-mysql
  version: 2.0.2
--- a/tools/ansible/roles/drupal-settings/LICENSE
+++ b/tools/ansible/roles/drupal-settings/LICENSE
@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2019 Oliver Davies
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/tools/ansible/roles/drupal-settings/README.md
+++ b/tools/ansible/roles/drupal-settings/README.md
@ -0,0 +1,27 @@
 # Ansible Role: Drupal settings
 ```yaml
 drupal_settings:
  - drupal_root: /var/www/web
    sites:
      - name: default
        filename: settings.php # Optional, defaults to 'settings.php'
        settings:
          base_url: https://www.example.com # Optional, Drupal 7
          hash_salt: '' # Optional
          databases:
            default: # The database key
              default: # The database target
                driver: mysql # Optional, defaults to 'mysql'
                host: localhost # Optional, defaults to 'localhost'
                database: mydatabase
                username: user
                password: secret
          config_directories: # Optional, Drupal 8
            sync: path/to/config
          trusted_hosts: # Optional, Drupal 8
            - '^example\.com$'
            - '^.+\.example\.com$'
            - '^example\.org$'
            - '^.+\.example\.org$'
 ```
--- a/tools/ansible/roles/drupal-settings/defaults/main.yml
+++ b/tools/ansible/roles/drupal-settings/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 drupal_settings: []
--- a/tools/ansible/roles/drupal-settings/tasks/main.yml
+++ b/tools/ansible/roles/drupal-settings/tasks/main.yml
@ -0,0 +1,18 @@
 ---
 - name: Ensure directory exists
  file:
    state: directory
    path: '{{ item.0.drupal_root }}/sites/{{ item.1.name|default("default") }}'
  with_subelements:
    - '{{ drupal_settings }}'
    - sites
  no_log: true
 - name: Create settings files
  template:
    src: settings.php.j2
    dest: '{{ item.0.drupal_root }}/sites/{{ item.1.name|default("default") }}/{{ item.1.filename|default("settings.php") }}'
  with_subelements:
    - '{{ drupal_settings }}'
    - sites
  no_log: true
--- a/tools/ansible/roles/drupal-settings/templates/settings.php.j2
+++ b/tools/ansible/roles/drupal-settings/templates/settings.php.j2
@ -0,0 +1,42 @@
 <?php
 // {{ ansible_managed }}
 {% for key, values in item.1.settings.databases.items() %}
 {% for target, values in values.items() %}
 $databases['{{ key }}']['{{ target }}'] = array(
  'driver' => '{{ values.driver|default('mysql') }}',
  'host' => '{{ values.host|default('localhost') }}',
  'database' => '{{ values.database }}',
  'username' => '{{ values.username }}',
  'password' => '{{ values.password }}',
 );
 {% endfor %}
 {% endfor %}
 {% if item.1.settings.base_url is defined %}
 $base_url = '{{ item.1.settings.base_url }}';
 {% endif %}
 {% if item.1.settings.hash_salt is defined %}
 $settings['hash_salt'] = '{{ item.1.settings.hash_salt }}';
 {% endif %}
 {% if item.1.settings.config_directories is defined %}
 {% for name, value in item.1.settings.config_directories.items() %}
 $config_directories['{{ name }}'] = '{{ value }}';
 {% endfor %}
 {% endif %}
 {% if item.1.settings.trusted_hosts is defined %}
 $settings['trusted_host_patterns'] = array(
 {% for host in item.1.settings.trusted_hosts %}
  '{{ host }}',
 {% endfor %}
 );
 {% endif %}
 {% if item.1.settings.extra_parameters is defined %}
  {{ item.1.settings.extra_parameters|indent(0) }}
 {% endif %}
--- a/tools/ansible/rollback.yml
+++ b/tools/ansible/rollback.yml
@ -0,0 +1,12 @@
 ---
 - hosts: webservers
  become: true
  roles:
    - ansistrano.rollback
  vars_files:
    - vars/vars.yml
  vars:
    ansistrano_deploy_to: "{{ project_deploy_path }}"
--- a/tools/ansible/vars/deploy_vars.yml
+++ b/tools/ansible/vars/deploy_vars.yml
@ -0,0 +1,27 @@
 ---
 ansistrano_allow_anonymous_stats: false
 release_drupal_path: "{{ ansistrano_release_path.stdout }}/{{ project_web_root }}"
 release_drush_path: "{{ ansistrano_release_path.stdout }}/vendor/bin/drush"
 hash_salt: "{{ vault_hash_salt }}"
 install_drupal: true
 drupal_settings:
  - drupal_root: '{{ release_drupal_path }}'
    sites:
      - name: default
        settings:
          databases:
            default:
              default:
                driver: mysql
                host: localhost
                database: '{{ database_name }}'
                username: '{{ database_user }}'
                password: '{{ database_password }}'
          hash_salt: '{{ hash_salt }}'
          config_directories:
            sync: ../config/sync
          trusted_hosts:
            - '^dransible$'
--- a/tools/ansible/vars/deploy_vault.yml
+++ b/tools/ansible/vars/deploy_vault.yml
@ -0,0 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
 63373634663964363330343938303439626535386239363766353635663066383035343433356365
 3563326664646666636436636462326436363964306439300a653630656239653566353666383764
 30373163303633356361653436393135666131346430383766646261373636396138623636343238
 3366616233323863370a666566383163303135313134656637393233366664303031663133343363
 63343866643163393961323238623866366636363136373932303366346433343530373139373733
 3738346466643464356663313637333331656163613433663930
--- a/tools/ansible/vars/provision_vars.yml
+++ b/tools/ansible/vars/provision_vars.yml
@ -0,0 +1,11 @@
 ---
 server_document_root: '{{ project_deploy_path }}/{{ ansistrano_current_dir }}/{{ project_web_root }}'
 apache_vhosts:
  - servername: dransible
    documentroot: '{{ server_document_root }}'
 php_version: '7.4'
 php_packages_extra:
  - libapache2-mod-php{{ php_version }}
  - libpcre3-dev
--- a/tools/ansible/vars/provision_vault.yml
+++ b/tools/ansible/vars/provision_vault.yml
@ -0,0 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
 33373134393232666463613136333836646334376361306630643432373161373363306433633932
 6637626266313264303734353136376439633939653837390a613631306563666663313361623136
 33383463333062643331376530393964356161346164336434346366333061373166636531336436
 3862316230366364630a616437356235626536376562303738653633316364353034636432666266
 33346639373931396237333636656637663861386530373965323037633636373330353061666465
 35313539343165643564376335303334353662346130343330343238623139386665363864386530
 30633562396666633464666565626437343039636136653032323035333662666664656162326539
 37363233646463363132343835656137343139613535323237346162636363396162343038303062
 3132
--- a/tools/ansible/vars/vars.yml
+++ b/tools/ansible/vars/vars.yml
@ -0,0 +1,9 @@
 ---
 ansistrano_current_dir: current
 database_name: "{{ vault_database_name }}"
 database_password: "{{ vault_database_password }}"
 database_user: "{{ vault_database_user }}"
 project_deploy_path: /app
 project_web_root: web
--- a/tools/ansible/vault-password.txt
+++ b/tools/ansible/vault-password.txt
@ -0,0 +1 @@
 dransible