opdavies/oliverdavies.uk-drupal-old
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add Ansible role to fix Drupal file permissions

Browse source 
Add a new `drupal-permissions` Ansible role that resets the file and
directory permissions to match the ones described in
https://www.drupal.org/node/244924.

This will later be released to Ansible Galaxy, but for now it will
remain in this repository until the required changes are made and the
appropriate documentation is added.

Fixes #191
This commit is contained in:
Oliver Davies 2020-09-04 20:19:00 +01:00
parent 9b26d772a8
commit 1781a2cf01
5 changed files with 44 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -12,7 +12,7 @@
!/phpunit.xml.dist !/phpunit.xml.dist
!/scripts/ !/scripts/
!/slides/ !/slides/
!/tools/ !/tools/**
!/web/modules/custom/** !/web/modules/custom/**
!/web/sites/default/environments/settings.*.php !/web/sites/default/environments/settings.*.php
!/web/sites/default/settings.php !/web/sites/default/settings.php

10
tools/ansible/deploy/after-symlink-shared.yml
View file

@ -1,10 +0,0 @@
---
- name: Setup directory permissions for files directories
become: true
file:
path: '{{ ansistrano_shared_path }}/{{ project_web_dir }}/sites/default/files'
state: directory
owner: www-data
group: root
mode: u=rwx,g=rw,o=
recurse: true

4
tools/ansible/deploy/after-update-code.yml
View file

@ -9,6 +9,10 @@
include_role: include_role:
name: opdavies.drupal_settings_files name: opdavies.drupal_settings_files
- name: Fix file permissions
include_role:
name: drupal-permissions
- name: Clear Drush cache - name: Clear Drush cache
command: > command: >
{{ release_drush_path }} {{ release_drush_path }}

29
tools/ansible/roles/drupal-permissions/tasks/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: Set the permissions for each Drupal root directory.
file:
group: www-data
mode: ug=rX,o=
owner: "{{ drupal_permissions.user }}"
path: "{{ item.root }}"
recurse: true
state: directory
with_items: "{{ drupal_permissions.sites }}"
- name: Set permissions for the defined settings files.
file:
mode: a-X
path: "{{ item.0.root }}/{{ item.1 }}"
state: file
with_subelements:
- "{{ drupal_permissions.sites }}"
- settings_files
- name: Set permissions for the defined files directories.
file:
mode: ug=rwX,o=
path: "{{ item.0.root }}/{{ item.1 }}"
recurse: true
state: directory
with_subelements:
- "{{ drupal_permissions.sites }}"
- files_directories

11
tools/ansible/vars/deploy_vars.yml
View file

@ -9,7 +9,6 @@ ansistrano_shared_paths:
- '{{ project_web_dir }}/sites/default/files' - '{{ project_web_dir }}/sites/default/files'
# Hooks # Hooks
ansistrano_after_symlink_shared_tasks_file: '{{ playbook_dir }}/deploy/after-symlink-shared.yml'
ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml' ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml'
ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml' ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
@ -21,6 +20,16 @@ release_drush_path: '{{ ansistrano_release_path.stdout }}/vendor/bin/drush'
release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}' release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}'
release_theme_path: '{{ release_web_path }}/themes/custom/opdavies' release_theme_path: '{{ release_web_path }}/themes/custom/opdavies'
drupal_permissions:
sites:
- root: "{{ release_web_path }}"
files_directories:
- sites/default/files
settings_files:
- sites/default/settings.php
- sites/default/settings.local.php
user: root
drupal_settings: drupal_settings:
- drupal_root: '{{ release_web_path }}' - drupal_root: '{{ release_web_path }}'
sites: sites: