├── .env.dist ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── ci-cd.yml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── Symfony-LICENSE ├── appspec.yml ├── automation ├── ansible │ ├── database_server.yml │ ├── roles │ │ ├── common │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ └── motd │ │ ├── dbutils │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── franklinkim.environment │ │ │ ├── .clog.toml │ │ │ ├── .editorconfig │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── CHANGELOG.md │ │ │ ├── LICENSE │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── Vagrantfile │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ ├── .galaxy_install_info │ │ │ │ ├── main.yml │ │ │ │ └── readme.yml │ │ │ ├── tasks │ │ │ │ ├── config.yml │ │ │ │ └── main.yml │ │ │ └── tests │ │ │ │ └── main.yml │ │ ├── geerlingguy.apache │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ ├── .galaxy_install_info │ │ │ │ └── main.yml │ │ │ ├── tasks │ │ │ │ ├── configure-Debian.yml │ │ │ │ ├── configure-RedHat.yml │ │ │ │ ├── configure-Solaris.yml │ │ │ │ ├── configure-Suse.yml │ │ │ │ ├── main.yml │ │ │ │ ├── setup-Debian.yml │ │ │ │ ├── setup-RedHat.yml │ │ │ │ ├── setup-Solaris.yml │ │ │ │ └── setup-Suse.yml │ │ │ ├── templates │ │ │ │ └── vhosts.conf.j2 │ │ │ ├── tests │ │ │ │ ├── README.md │ │ │ │ └── test.yml │ │ │ └── vars │ │ │ │ ├── AmazonLinux.yml │ │ │ │ ├── Debian.yml │ │ │ │ ├── RedHat.yml │ │ │ │ ├── Solaris.yml │ │ │ │ ├── Suse.yml │ │ │ │ ├── apache-22.yml │ │ │ │ └── apache-24.yml │ │ ├── geerlingguy.mysql │ │ │ ├── .ansible-lint │ │ │ ├── .github │ │ │ │ ├── FUNDING.yml │ │ │ │ └── stale.yml │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── .yamllint │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ ├── .galaxy_install_info │ │ │ │ └── main.yml │ │ │ ├── molecule │ │ │ │ └── default │ │ │ │ │ ├── converge.yml │ │ │ │ │ └── molecule.yml │ │ │ ├── tasks │ │ │ │ ├── configure.yml │ │ │ │ ├── databases.yml │ │ │ │ ├── main.yml │ │ │ │ ├── replication.yml │ │ │ │ ├── secure-installation.yml │ │ │ │ ├── setup-Archlinux.yml │ │ │ │ ├── setup-Debian.yml │ │ │ │ ├── setup-RedHat.yml │ │ │ │ ├── users.yml │ │ │ │ └── variables.yml │ │ │ ├── templates │ │ │ │ ├── my.cnf.j2 │ │ │ │ ├── root-my.cnf.j2 │ │ │ │ └── user-my.cnf.j2 │ │ │ └── vars │ │ │ │ ├── Archlinux.yml │ │ │ │ ├── Debian-10.yml │ │ │ │ ├── Debian.yml │ │ │ │ ├── RedHat-6.yml │ │ │ │ ├── RedHat-7.yml │ │ │ │ └── RedHat-8.yml │ │ ├── geerlingguy.php │ │ │ ├── .ansible-lint │ │ │ ├── .github │ │ │ │ ├── FUNDING.yml │ │ │ │ └── stale.yml │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── .yamllint │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ ├── .galaxy_install_info │ │ │ │ └── main.yml │ │ │ ├── molecule │ │ │ │ └── default │ │ │ │ │ ├── converge.yml │ │ │ │ │ ├── molecule.yml │ │ │ │ │ ├── playbook-source.yml │ │ │ │ │ └── requirements.yml │ │ │ ├── tasks │ │ │ │ ├── configure-apcu.yml │ │ │ │ ├── configure-fpm.yml │ │ │ │ ├── configure-opcache.yml │ │ │ │ ├── configure.yml │ │ │ │ ├── install-from-source.yml │ │ │ │ ├── main.yml │ │ │ │ ├── setup-Debian.yml │ │ │ │ └── setup-RedHat.yml │ │ │ ├── templates │ │ │ │ ├── apc.ini.j2 │ │ │ │ ├── fpm-init.j2 │ │ │ │ ├── opcache.ini.j2 │ │ │ │ ├── php-fpm.conf.j2 │ │ │ │ ├── php.ini.j2 │ │ │ │ └── www.conf.j2 │ │ │ └── vars │ │ │ │ ├── Debian.yml │ │ │ │ └── RedHat.yml │ │ ├── geerlingguy.pip │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ ├── .galaxy_install_info │ │ │ │ └── main.yml │ │ │ ├── molecule │ │ │ │ └── default │ │ │ │ │ ├── molecule.yml │ │ │ │ │ ├── playbook.yml │ │ │ │ │ ├── tests │ │ │ │ │ └── test_default.py │ │ │ │ │ └── yaml-lint.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ └── webserver.utils │ │ │ ├── tasks │ │ │ ├── create_webroots.yml │ │ │ ├── install_codedeploy.yml │ │ │ └── main.yml │ │ │ └── templates │ │ │ ├── http_foreground.sh.j2 │ │ │ ├── localdomains.crt.j2 │ │ │ └── localdomains.key.j2 │ ├── vars │ │ ├── database_server_vars.yml │ │ ├── web_server_vars.yml │ │ ├── web_server_vhosts_common.yml │ │ ├── web_server_vhosts_dev.yml │ │ └── web_server_vhosts_prod.yml │ └── web_server.yml ├── packer │ ├── create_docker_image_dbserver.json │ └── create_docker_image_webserver.json └── terraform │ ├── main.tf │ ├── modules │ ├── ci-cd │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── ec2 │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── network │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── outputs.tf │ ├── terraform.tf │ ├── terraform.tfvars.example │ └── variables.tf ├── bin ├── console └── phpunit ├── build-scripts ├── after-install-root.sh └── before-install-root.sh ├── composer.json ├── composer.lock ├── composer.phar ├── config ├── bundles.php ├── packages │ ├── cache.yaml │ ├── dev │ │ ├── debug.yaml │ │ ├── monolog.yaml │ │ └── web_profiler.yaml │ ├── doctrine.yaml │ ├── doctrine_migrations.yaml │ ├── framework.yaml │ ├── mailer.yaml │ ├── notifier.yaml │ ├── prod │ │ ├── deprecations.yaml │ │ ├── doctrine.yaml │ │ ├── monolog.yaml │ │ └── routing.yaml │ ├── routing.yaml │ ├── security.yaml │ ├── sensio_framework_extra.yaml │ ├── test │ │ ├── framework.yaml │ │ ├── monolog.yaml │ │ ├── twig.yaml │ │ ├── validator.yaml │ │ └── web_profiler.yaml │ ├── translation.yaml │ ├── twig.yaml │ └── validator.yaml ├── routes.yaml ├── routes │ ├── annotations.yaml │ └── dev │ │ ├── framework.yaml │ │ └── web_profiler.yaml └── services.yaml ├── docker-compose.yml ├── migrations └── .gitignore ├── phpunit.xml.dist ├── public ├── .htaccess └── index.php ├── src ├── Controller │ ├── .gitignore │ └── MainController.php ├── Entity │ └── .gitignore ├── Kernel.php └── Repository │ └── .gitignore ├── symfony.lock ├── templates └── base.html.twig ├── tests └── bootstrap.php └── translations └── .gitignore /.env.dist: -------------------------------------------------------------------------------- 1 | # In all environments, the following files are loaded if they exist, 2 | # the latter taking precedence over the former: 3 | # 4 | # * .env contains default values for the environment variables needed by the app 5 | # * .env.local uncommitted file with local overrides 6 | # * .env.$APP_ENV committed environment-specific defaults 7 | # * .env.$APP_ENV.local uncommitted environment-specific overrides 8 | # 9 | # Real environment variables win over .env files. 10 | # 11 | # DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES. 12 | # 13 | # Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2). 14 | # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration 15 | 16 | ###> symfony/framework-bundle ### 17 | APP_ENV=prod 18 | APP_SECRET=eca38df71fa4402078f6d6255b16d75c 19 | #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 20 | #TRUSTED_HOSTS='^(localhost|example\.com)$' 21 | ###< symfony/framework-bundle ### 22 | 23 | ###> symfony/mailer ### 24 | # MAILER_DSN=smtp://localhost 25 | ###< symfony/mailer ### 26 | 27 | ###> doctrine/doctrine-bundle ### 28 | # Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url 29 | # For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db" 30 | # For a PostgreSQL database, use: "postgresql://db_user:db_password@127.0.0.1:5432/db_name?serverVersion=11&charset=utf8" 31 | # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml 32 | DATABASE_URL=mysql://db_user:db_password@127.0.0.1:3306/db_name?serverVersion=5.7 33 | ###< doctrine/doctrine-bundle ### 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Tools and version [e.g. ansible, terraform, packer, docker] 29 | 30 | **Additional context** 31 | Add any other context about the problem here. 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/workflows/ci-cd.yml: -------------------------------------------------------------------------------- 1 | # Make sure to configure the secrets in your repository before running this 2 | # action: 3 | # 4 | # AWS_ACCESS_KEY_ID 5 | # AWS_SECRET_ACCESS_KEY 6 | # AWS_REGION 7 | # APPLICATION_NAME (the same you've configured in terraform.tfvars) 8 | # AWS_S3_DEPLOYMENT_BUCKET (the same you've configured in terraform.tfvars) 9 | # 10 | ############################################################################### 11 | name: CI/CD 12 | # Change workflow_dispatch for push if you want continuous deployment 13 | # on: [push, workflow_dispatch] 14 | on: workflow_dispatch 15 | jobs: 16 | production-deploy: 17 | runs-on: ubuntu-latest 18 | if: github.ref == 'refs/heads/master' 19 | steps: 20 | - uses: actions/checkout@v2 21 | - name: AWS Deploy push 22 | uses: ItsKarma/aws-cli@v1.70.0 23 | env: 24 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 25 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 26 | AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} 27 | with: 28 | args: >- 29 | deploy push 30 | --application-name "symfony_project_kickstart_${{ secrets.APPLICATION_NAME }}" 31 | --description "New automatic deployment for ${{ secrets.APPLICATION_NAME }}" 32 | --s3-location s3://${{ secrets.AWS_S3_DEPLOYMENT_BUCKET }}/production.zip 33 | --source . 34 | - name: AWS Create Deploy 35 | uses: ItsKarma/aws-cli@v1.70.0 36 | env: 37 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 38 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 39 | AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} 40 | with: 41 | args: >- 42 | deploy create-deployment 43 | --application-name "symfony_project_kickstart_${{ secrets.APPLICATION_NAME }}" 44 | --deployment-config-name CodeDeployDefault.OneAtATime 45 | --deployment-group-name SPK_Deployment_Group_Webservers 46 | --file-exists-behavior OVERWRITE 47 | --s3-location bucket=${{ secrets.AWS_S3_DEPLOYMENT_BUCKET }},key=production.zip,bundleType=zip -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | ###> symfony/framework-bundle ### 3 | /.env.local 4 | /.env.local.php 5 | /.env.*.local 6 | /config/secrets/prod/prod.decrypt.private.php 7 | /public/bundles/ 8 | /var/ 9 | /vendor/ 10 | ###< symfony/framework-bundle ### 11 | 12 | ###> symfony/phpunit-bridge ### 13 | .phpunit 14 | .phpunit.result.cache 15 | /phpunit.xml 16 | ###< symfony/phpunit-bridge ### 17 | /.env 18 | 19 | ### Terraform template 20 | # Local .terraform directories 21 | **/.terraform/* 22 | 23 | # .tfstate files 24 | *.tfstate 25 | *.tfstate.* 26 | 27 | # Crash log files 28 | crash.log 29 | 30 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 31 | # .tfvars files are managed as part of configuration and so should be included in 32 | # version control. 33 | # 34 | # example.tfvars 35 | 36 | # Ignore override files as they are usually used to override resources locally and so 37 | # are not checked in 38 | override.tf 39 | override.tf.json 40 | *_override.tf 41 | *_override.tf.json 42 | 43 | # Include override files you do wish to add to version control using negated pattern 44 | # 45 | # !example_override.tf 46 | 47 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 48 | # example: *tfplan* 49 | 50 | # Ignore CLI configuration files 51 | .terraformrc 52 | terraform.rc 53 | /automation/terraform/.terraform 54 | /automation/terraform/terraform.tfvars 55 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at nino@dafonte.dev. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Nino Dafonte 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Symfony-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) Fabien Potencier 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is furnished 8 | to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /appspec.yml: -------------------------------------------------------------------------------- 1 | version: 0.0 2 | os: linux 3 | files: 4 | - source: / 5 | destination: /var/www/symfony-project-kickstart 6 | permissions: 7 | - object: /var/www/symfony-project-kickstart 8 | pattern: "**" 9 | owner: www-data 10 | group: www-data 11 | type: 12 | - directory 13 | - file 14 | hooks: 15 | BeforeInstall: 16 | - location: build-scripts/before-install-root.sh 17 | timeout: 300 18 | runas: root 19 | AfterInstall: 20 | - location: build-scripts/after-install-root.sh 21 | timeout: 300 22 | runas: root -------------------------------------------------------------------------------- /automation/ansible/database_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: True 4 | gather_facts: False 5 | 6 | pre_tasks: 7 | - raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3) 8 | - setup: # aka gather_facts 9 | 10 | vars_files: 11 | - "./vars/database_server_vars.yml" 12 | 13 | roles: 14 | - { role: common } 15 | - { role: geerlingguy.pip } 16 | - { role: dbutils } 17 | - { role: geerlingguy.mysql } 18 | -------------------------------------------------------------------------------- /automation/ansible/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update repositories cache 3 | apt: 4 | update_cache: yes 5 | become: True 6 | 7 | - name: Update all packages to the latest version 8 | apt: 9 | upgrade: dist 10 | become: True 11 | 12 | - name: Ensure NTP is installed 13 | apt: 14 | name: ntp 15 | state: present 16 | update_cache: yes 17 | become: True 18 | 19 | - name: Ensure the NTP service is running and enabled 20 | service: 21 | name: ntp 22 | state: started 23 | enabled: True 24 | become: True 25 | 26 | - name: Ensure the MOTD file is present and updated 27 | template: 28 | src: motd 29 | dest: /etc/motd 30 | owner: root 31 | group: root 32 | mode: 0644 33 | become: True 34 | 35 | - name: install tool and utility packages for general use (git, curl, wget, vim, awscli, etc.) 36 | apt: 37 | name: ['language-pack-en', 'vim', 'htop', 'git', 'curl', 'wget', 'awscli'] 38 | update_cache: yes 39 | state: latest 40 | become: True -------------------------------------------------------------------------------- /automation/ansible/roles/common/templates/motd: -------------------------------------------------------------------------------- 1 | This system is managed by Terraform and Ansible 2 | Any change done on this system could be overwritten by Ansible 3 | 4 | OS: {{ ansible_distribution }} {{ ansible_distribution_version }} 5 | Hostname: {{ inventory_hostname }} 6 | 7 | All connections are monitored and recorded 8 | Disconnect IMMEDIATELY if you are not an authorized user 9 | 10 | 11 | -------------------------------------------------------------------------------- /automation/ansible/roles/dbutils/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Make sure pymysql is present 3 | pip: 4 | name: pymysql 5 | state: present 6 | become: True 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/.clog.toml: -------------------------------------------------------------------------------- 1 | [clog] 2 | changelog = "CHANGELOG.md" 3 | repository = "https://github.com/weareinteractive/ansible-environment" 4 | from-latest-tag = true 5 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig helps developers define and maintain consistent 2 | # coding styles between different editors and IDEs 3 | # editorconfig.org 4 | 5 | root = true 6 | 7 | [*] 8 | # Change these settings to your own preference 9 | indent_size = 2 10 | indent_style = space 11 | 12 | # We recommend you to keep these unchanged 13 | charset = utf-8 14 | end_of_line = lf 15 | insert_final_newline = true 16 | trim_trailing_whitespace = true 17 | 18 | [Makefile] 19 | indent_style = tab 20 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .vagrant 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: phyton 3 | python: "2.7" 4 | 5 | sudo: required 6 | 7 | services: 8 | - docker 9 | 10 | before_install: 11 | - docker pull williamyeh/ansible:ubuntu14.04 12 | 13 | script: 14 | - make test 15 | 16 | notifications: 17 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 18 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 2 | ## 1.3.0 (2017-10-25) 3 | 4 | 5 | #### Features 6 | 7 | * make role > 2.4 conform ([a35b8cbc](https://github.com/weareinteractive/ansible-environment/commit/a35b8cbc222fccf6b59753a6892b06c228a4d66a)) 8 | * change regex to match full key when removing it ([51772aa4](https://github.com/weareinteractive/ansible-environment/commit/51772aa4394ffb72965859cf4ebcc33741a8a64e)) 9 | 10 | 11 | 12 | 13 | ### 1.2.4 (2017-09-26) 14 | 15 | 16 | #### Features 17 | 18 | * set default environment config as a dict ([cd52980b](https://github.com/weareinteractive/ansible-environment/commit/cd52980b9ad9576d891f2af417f98fa305c48f48)) 19 | 20 | 21 | 22 | 23 | ### 1.2.3 (2017-03-09) 24 | 25 | 26 | #### Features 27 | 28 | * remove enforcement for upper key-names ([0fb9b167](https://github.com/weareinteractive/ansible-environment/commit/0fb9b16797f9c47ced17ebe4cadd8f2d59fddd3d)) 29 | 30 | 31 | 32 | 33 | ### 1.2.2 (2017-02-07) 34 | 35 | 36 | #### Features 37 | 38 | * ensure file exists only changes when file is created ([41cbbbc6](https://github.com/weareinteractive/ansible-environment/commit/41cbbbc626a702574d25da3cc07b24feed36d00e)) 39 | 40 | 41 | 42 | 43 | ## 1.2.0 (2016-07-25) 44 | 45 | 46 | #### Features 47 | 48 | * use ansible-role docgen to generate documentions ([857dc0f6](https://github.com/weareinteractive/ansible-environment/commit/857dc0f68c89a86bef35b407f73ca775afa77cce)) 49 | * add .editorconfig ([35798f5b](https://github.com/weareinteractive/ansible-environment/commit/35798f5bfc49ace1f9fdbfee5013725665a8c282)) 50 | * add CHANGELOG ([44b96586](https://github.com/weareinteractive/ansible-environment/commit/44b96586ecf38c20faf19f3466b0e5a0a690f0db)) 51 | * add environment file user and group vars ([d626b7bf](https://github.com/weareinteractive/ansible-environment/commit/d626b7bfaf515bfe123f2d6d66207d0af1bb498e)) 52 | * add environment_file var to allow writing alternative files ([df721dba](https://github.com/weareinteractive/ansible-environment/commit/df721dbab4511da678f05eba9a18fda2088a405a)) 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) We Are Interactive 2 | 3 | Permission is hereby granted, free of charge, to any person 4 | obtaining a copy of this software and associated documentation 5 | files (the "Software"), to deal in the Software without 6 | restriction, including without limitation the rights to use, 7 | copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the 9 | Software is furnished to do so, subject to the following 10 | conditions: 11 | 12 | The above copyright notice and this permission notice shall be 13 | included in all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 17 | OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 19 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 20 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/Makefile: -------------------------------------------------------------------------------- 1 | PWD=$(shell pwd) 2 | ROLE_NAME=franklinkim.environment 3 | ROLE_PATH=/etc/ansible/roles/$(ROLE_NAME) 4 | TEST_VERSION=ansible --version 5 | TEST_SYNTAX=ansible-playbook -vv -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml --syntax-check 6 | TEST_PLAYBOOK=ansible-playbook -vv -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml 7 | TEST_CMD=$(TEST_VERSION); $(TEST_SYNTAX); $(TEST_PLAYBOOK) 8 | 9 | .PHONY: test 10 | test: 11 | docker run -it --rm -e "ROLE_NAME=$(ROLE_NAME)" -v $(PWD):$(ROLE_PATH) williamyeh/ansible:ubuntu14.04 /bin/bash -c "$(TEST_CMD)" 12 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/README.md: -------------------------------------------------------------------------------- 1 | # Ansible franklinkim.environment role 2 | 3 | [![Build Status](https://img.shields.io/travis/weareinteractive/ansible-environment.svg)](https://travis-ci.org/weareinteractive/ansible-environment) 4 | [![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.environment-blue.svg)](https://galaxy.ansible.com/weareinteractive/environment) 5 | [![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-environment.svg)](https://github.com/weareinteractive/ansible-environment) 6 | [![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-environment.svg)](https://github.com/weareinteractive/ansible-environment) 7 | 8 | > `franklinkim.environment` is an [Ansible](http://www.ansible.com) role which: 9 | > 10 | > * adds `/etc/environment` variables 11 | 12 | ## Installation 13 | 14 | Using `ansible-galaxy`: 15 | 16 | ```shell 17 | $ ansible-galaxy install franklinkim.environment 18 | ``` 19 | 20 | Using `requirements.yml`: 21 | 22 | ```yaml 23 | - src: franklinkim.environment 24 | ``` 25 | 26 | Using `git`: 27 | 28 | ```shell 29 | $ git clone https://github.com/weareinteractive/ansible-environment.git franklinkim.environment 30 | ``` 31 | 32 | ## Dependencies 33 | 34 | * Ansible >= 2.4 35 | 36 | ## Variables 37 | 38 | Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`. 39 | 40 | ```yaml 41 | --- 42 | 43 | # Path to the environment file 44 | environment_file: /etc/environment 45 | # The environment file owner 46 | environment_file_owner: root 47 | # The environment file group 48 | environment_file_group: root 49 | # A dictionary of config parameters i.e 50 | # 51 | # environment_config: 52 | # LC_ALL: en_US.UTF-8 53 | environment_config: {} 54 | 55 | ``` 56 | 57 | 58 | ## Usage 59 | 60 | This is an example playbook: 61 | 62 | ```yaml 63 | --- 64 | 65 | - hosts: all 66 | roles: 67 | - franklinkim.environment 68 | vars: 69 | environment_config: 70 | LC_ALL: C 71 | 72 | ``` 73 | 74 | 75 | ## Testing 76 | 77 | ```shell 78 | $ git clone https://github.com/weareinteractive/ansible-environment.git 79 | $ cd ansible-environment 80 | $ make test 81 | ``` 82 | 83 | ## Contributing 84 | In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality. 85 | 86 | 1. Fork it 87 | 2. Create your feature branch (`git checkout -b my-new-feature`) 88 | 3. Commit your changes (`git commit -am 'Add some feature'`) 89 | 4. Push to the branch (`git push origin my-new-feature`) 90 | 5. Create new Pull Request 91 | 92 | *Note: To update the `README.md` file please install and run `ansible-role`:* 93 | 94 | ```shell 95 | $ gem install ansible-role 96 | $ ansible-role docgen 97 | ``` 98 | 99 | ## License 100 | Copyright (c) We Are Interactive under the MIT license. 101 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vbguest.no_remote = true 6 | config.vbguest.auto_update = false 7 | 8 | config.vm.define 'trusty' do |instance| 9 | instance.vm.box = 'ubuntu/trusty64' 10 | end 11 | 12 | # View the documentation for the provider you're using for more 13 | # information on available options. 14 | config.vm.provision "ansible" do |ansible| 15 | ansible.playbook = "tests/main.yml" 16 | ansible.verbose = 'vv' 17 | ansible.sudo = true 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Path to the environment file 4 | environment_file: /etc/environment 5 | # The environment file owner 6 | environment_file_owner: root 7 | # The environment file group 8 | environment_file_group: root 9 | # A dictionary of config parameters i.e 10 | # 11 | # environment_config: 12 | # LC_ALL: en_US.UTF-8 13 | environment_config: {} 14 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Mon Apr 30 15:15:51 2018', version: 1.3.0} 2 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: franklin 4 | company: We Are Interactive 5 | description: Adds /etc/environment variables 6 | min_ansible_version: 2.4 7 | license: MIT 8 | # Optionally specify the branch Galaxy will use when accessing the GitHub 9 | # repo for this role. During role install, if no tags are available, 10 | # Galaxy will use this branch. During import Galaxy will access files on 11 | # this branch. If travis integration is cofigured, only notification for this 12 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 13 | # (usually master) will be used. 14 | github_branch: master 15 | # 16 | # Below are all platforms currently available. Just uncomment 17 | # the ones that apply to your role. If you don't see your 18 | # platform on this list, let us know and we'll get it added! 19 | # 20 | platforms: 21 | #- name: EL 22 | # versions: 23 | # - all 24 | # - 5 25 | # - 6 26 | # - 7 27 | #- name: GenericUNIX 28 | # versions: 29 | # - all 30 | # - any 31 | #- name: Solaris 32 | # versions: 33 | # - all 34 | # - 10 35 | # - 11.0 36 | # - 11.1 37 | # - 11.2 38 | # - 11.3 39 | #- name: Fedora 40 | # versions: 41 | # - all 42 | # - 16 43 | # - 17 44 | # - 18 45 | # - 19 46 | # - 20 47 | # - 21 48 | # - 22 49 | # - 23 50 | #- name: Windows 51 | # versions: 52 | # - all 53 | # - 2012R2 54 | #- name: SmartOS 55 | # versions: 56 | # - all 57 | # - any 58 | #- name: opensuse 59 | # versions: 60 | # - all 61 | # - 12.1 62 | # - 12.2 63 | # - 12.3 64 | # - 13.1 65 | # - 13.2 66 | #- name: Amazon 67 | # versions: 68 | # - all 69 | # - 2013.03 70 | # - 2013.09 71 | #- name: GenericBSD 72 | # versions: 73 | # - all 74 | # - any 75 | #- name: FreeBSD 76 | # versions: 77 | # - all 78 | # - 10.0 79 | # - 10.1 80 | # - 10.2 81 | # - 8.0 82 | # - 8.1 83 | # - 8.2 84 | # - 8.3 85 | # - 8.4 86 | # - 9.0 87 | # - 9.1 88 | # - 9.1 89 | # - 9.2 90 | # - 9.3 91 | - name: Ubuntu 92 | versions: 93 | - all 94 | # - lucid 95 | # - maverick 96 | # - natty 97 | # - oneiric 98 | # - precise 99 | # - quantal 100 | # - raring 101 | # - saucy 102 | # - trusty 103 | # - utopic 104 | # - vivid 105 | # - wily 106 | #- name: SLES 107 | # versions: 108 | # - all 109 | # - 10SP3 110 | # - 10SP4 111 | # - 11 112 | # - 11SP1 113 | # - 11SP2 114 | # - 11SP3 115 | #- name: GenericLinux 116 | # versions: 117 | # - all 118 | # - any 119 | - name: Debian 120 | versions: 121 | - all 122 | # - etch 123 | # - jessie 124 | # - lenny 125 | # - squeeze 126 | # - wheezy categories: 127 | # 128 | # List tags for your role here, one per line. A tag is 129 | # a keyword that describes and categorizes the role. 130 | # Users find roles by searching for tags. Be sure to 131 | # remove the '[]' above if you add tags to this list. 132 | # 133 | # NOTE: A tag is limited to a single word comprised of 134 | # alphanumeric characters. Maximum 20 tags per role. 135 | galaxy_tags: 136 | - system 137 | - environment 138 | - env 139 | # List your role dependencies here, one per line. Only 140 | # dependencies available via galaxy should be listed here. 141 | # Be sure to remove the '[]' above if you add dependencies 142 | # to this list. 143 | dependencies: [] 144 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/meta/readme.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_name: franklinkim.environment 3 | github_user: weareinteractive 4 | github_name: ansible-environment 5 | badges: | 6 | [![Build Status](https://img.shields.io/travis/weareinteractive/ansible-environment.svg)](https://travis-ci.org/weareinteractive/ansible-environment) 7 | [![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.environment-blue.svg)](https://galaxy.ansible.com/weareinteractive/environment) 8 | [![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-environment.svg)](https://github.com/weareinteractive/ansible-environment) 9 | [![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-environment.svg)](https://github.com/weareinteractive/ansible-environment) 10 | description: | 11 | > * adds `/etc/environment` variables 12 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/tasks/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure file exists 4 | file: 5 | path: "{{ environment_file }}" 6 | owner: "{{ environment_file_owner }}" 7 | group: "{{ environment_file_group }}" 8 | state: touch 9 | register: environment_file_result 10 | changed_when: environment_file_result.diff.before.state != "file" 11 | 12 | - name: Remove previous values 13 | lineinfile: 14 | dest: "{{ environment_file }}" 15 | regexp: '^{{ item.key }}\ ?=' 16 | state: absent 17 | with_dict: "{{ environment_config }}" 18 | 19 | - name: Configuring environment 20 | lineinfile: 21 | dest: "{{ environment_file }}" 22 | line: "{{ item.key }}='{{ item.value }}'" 23 | with_dict: "{{ environment_config }}" 24 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - import_tasks: config.yml 4 | tags: 5 | - system 6 | - environment 7 | - config 8 | - environment-config 9 | -------------------------------------------------------------------------------- /automation/ansible/roles/franklinkim.environment/tests/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: all 4 | roles: 5 | - franklinkim.environment 6 | vars: 7 | environment_config: 8 | LC_ALL: C 9 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | tests/test.sh 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | services: docker 3 | 4 | env: 5 | - distro: centos7 6 | - distro: centos6 7 | - distro: ubuntu1804 8 | - distro: ubuntu1604 9 | - distro: ubuntu1404 10 | - distro: debian9 11 | - distro: debian8 12 | 13 | script: 14 | # Download test shim. 15 | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ 16 | - chmod +x ${PWD}/tests/test.sh 17 | 18 | # Run tests. 19 | - ${PWD}/tests/test.sh 20 | 21 | notifications: 22 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 23 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_enablerepo: "" 3 | 4 | apache_listen_ip: "*" 5 | apache_listen_port: 80 6 | apache_listen_port_ssl: 443 7 | 8 | apache_create_vhosts: true 9 | apache_vhosts_filename: "vhosts.conf" 10 | apache_vhosts_template: "vhosts.conf.j2" 11 | 12 | # On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. 13 | # Set this to `true` to remove that default. 14 | apache_remove_default_vhost: false 15 | 16 | apache_global_vhost_settings: | 17 | DirectoryIndex index.php index.html 18 | 19 | apache_vhosts: 20 | # Additional properties: 21 | # 'serveradmin, serveralias, allow_override, options, extra_parameters'. 22 | - servername: "local.dev" 23 | documentroot: "/var/www/html" 24 | 25 | apache_allow_override: "All" 26 | apache_options: "-Indexes +FollowSymLinks" 27 | 28 | apache_vhosts_ssl: [] 29 | # Additional properties: 30 | # 'serveradmin, serveralias, allow_override, options, extra_parameters'. 31 | # - servername: "local.dev", 32 | # documentroot: "/var/www/html", 33 | # certificate_file: "/path/to/certificate.crt", 34 | # certificate_key_file: "/path/to/certificate.key", 35 | # # Optional. 36 | # certificate_chain_file: "/path/to/certificate_chain.crt" 37 | 38 | apache_ignore_missing_ssl_certificate: true 39 | 40 | apache_ssl_protocol: "All -SSLv2 -SSLv3" 41 | apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" 42 | 43 | # Only used on Debian/Ubuntu. 44 | apache_mods_enabled: 45 | - rewrite.load 46 | - ssl.load 47 | apache_mods_disabled: [] 48 | 49 | # Set initial apache state. Recommended values: `started` or `stopped` 50 | apache_state: started 51 | 52 | # Set apache state when configuration changes are made. Recommended values: 53 | # `restarted` or `reloaded` 54 | apache_restart_state: restarted 55 | 56 | # Apache package state; use `present` to make sure it's installed, or `latest` 57 | # if you want to upgrade or switch versions using a new repo. 58 | apache_packages_state: present 59 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart apache 3 | service: 4 | name: "{{ apache_service }}" 5 | state: "{{ apache_restart_state }}" 6 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Apr 29 12:07:28 2018', version: 3.0.0} 2 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: Apache 2.x for Linux. 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 2.4 10 | platforms: 11 | - name: EL 12 | versions: 13 | - all 14 | - name: Amazon 15 | versions: 16 | - all 17 | - name: Debian 18 | versions: 19 | - all 20 | - name: Ubuntu 21 | versions: 22 | - trusty 23 | - xenial 24 | - bionic 25 | - name: Suse 26 | versions: 27 | - all 28 | - name: Solaris 29 | versions: 30 | - 11.3 31 | galaxy_tags: 32 | - web 33 | - apache 34 | - webserver 35 | - html 36 | 37 | allow_duplicates: yes 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure Apache. 3 | lineinfile: 4 | dest: "{{ apache_server_root }}/ports.conf" 5 | regexp: "{{ item.regexp }}" 6 | line: "{{ item.line }}" 7 | state: present 8 | with_items: "{{ apache_ports_configuration_items }}" 9 | notify: restart apache 10 | 11 | - name: Enable Apache mods. 12 | file: 13 | src: "{{ apache_server_root }}/mods-available/{{ item }}" 14 | dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" 15 | state: link 16 | with_items: "{{ apache_mods_enabled }}" 17 | notify: restart apache 18 | 19 | - name: Disable Apache mods. 20 | file: 21 | path: "{{ apache_server_root }}/mods-enabled/{{ item }}" 22 | state: absent 23 | with_items: "{{ apache_mods_disabled }}" 24 | notify: restart apache 25 | 26 | - name: Check whether certificates defined in vhosts exist. 27 | stat: "path={{ item.certificate_file }}" 28 | register: apache_ssl_certificates 29 | with_items: "{{ apache_vhosts_ssl }}" 30 | 31 | - name: Add apache vhosts configuration. 32 | template: 33 | src: "{{ apache_vhosts_template }}" 34 | dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" 35 | owner: root 36 | group: root 37 | mode: 0644 38 | notify: restart apache 39 | when: apache_create_vhosts 40 | 41 | - name: Add vhost symlink in sites-enabled. 42 | file: 43 | src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" 44 | dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" 45 | state: link 46 | notify: restart apache 47 | when: apache_create_vhosts 48 | 49 | - name: Remove default vhost in sites-enabled. 50 | file: 51 | path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" 52 | state: absent 53 | notify: restart apache 54 | when: apache_remove_default_vhost 55 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure Apache. 3 | lineinfile: 4 | dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" 5 | regexp: "{{ item.regexp }}" 6 | line: "{{ item.line }}" 7 | state: present 8 | with_items: "{{ apache_ports_configuration_items }}" 9 | notify: restart apache 10 | 11 | - name: Check whether certificates defined in vhosts exist. 12 | stat: path={{ item.certificate_file }} 13 | register: apache_ssl_certificates 14 | with_items: "{{ apache_vhosts_ssl }}" 15 | 16 | - name: Add apache vhosts configuration. 17 | template: 18 | src: "{{ apache_vhosts_template }}" 19 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" 20 | owner: root 21 | group: root 22 | mode: 0644 23 | notify: restart apache 24 | when: apache_create_vhosts 25 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure Apache. 3 | lineinfile: 4 | dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" 5 | regexp: "{{ item.regexp }}" 6 | line: "{{ item.line }}" 7 | state: present 8 | with_items: "{{ apache_ports_configuration_items }}" 9 | notify: restart apache 10 | 11 | - name: Add apache vhosts configuration. 12 | template: 13 | src: "{{ apache_vhosts_template }}" 14 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" 15 | owner: root 16 | group: root 17 | mode: 0644 18 | notify: restart apache 19 | when: apache_create_vhosts 20 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure Apache. 3 | lineinfile: 4 | dest: "{{ apache_server_root }}/listen.conf" 5 | regexp: "{{ item.regexp }}" 6 | line: "{{ item.line }}" 7 | state: present 8 | with_items: "{{ apache_ports_configuration_items }}" 9 | notify: restart apache 10 | 11 | - name: Check whether certificates defined in vhosts exist. 12 | stat: path={{ item.certificate_file }} 13 | register: apache_ssl_certificates 14 | with_items: "{{ apache_vhosts_ssl }}" 15 | 16 | - name: Add apache vhosts configuration. 17 | template: 18 | src: "{{ apache_vhosts_template }}" 19 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" 20 | owner: root 21 | group: root 22 | mode: 0644 23 | notify: restart apache 24 | when: apache_create_vhosts 25 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Include variables and define needed variables. 3 | - name: Include OS-specific variables. 4 | include_vars: "{{ ansible_os_family }}.yml" 5 | 6 | - name: Include variables for Amazon Linux. 7 | include_vars: "AmazonLinux.yml" 8 | when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" 9 | 10 | - name: Define apache_packages. 11 | set_fact: 12 | apache_packages: "{{ __apache_packages | list }}" 13 | when: apache_packages is not defined 14 | 15 | # Setup/install tasks. 16 | - include_tasks: "setup-{{ ansible_os_family }}.yml" 17 | 18 | # Figure out what version of Apache is installed. 19 | - name: Get installed version of Apache. 20 | shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" 21 | changed_when: false 22 | check_mode: no 23 | register: _apache_version 24 | 25 | - name: Create apache_version variable. 26 | set_fact: 27 | apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" 28 | 29 | - include_vars: apache-22.yml 30 | when: "apache_version.split('.')[1] == '2'" 31 | 32 | - include_vars: apache-24.yml 33 | when: "apache_version.split('.')[1] == '4'" 34 | 35 | # Configure Apache. 36 | - include_tasks: "configure-{{ ansible_os_family }}.yml" 37 | 38 | - name: Ensure Apache has selected state and enabled on boot. 39 | service: 40 | name: "{{ apache_service }}" 41 | state: "{{ apache_state }}" 42 | enabled: yes 43 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/setup-Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt cache. 3 | apt: update_cache=yes cache_valid_time=3600 4 | 5 | - name: Ensure Apache is installed on Debian. 6 | apt: "name={{ item }} state={{ apache_packages_state }}" 7 | with_items: "{{ apache_packages }}" 8 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/setup-RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure Apache is installed on RHEL. 3 | yum: 4 | name: "{{ item }}" 5 | state: "{{ apache_packages_state }}" 6 | enablerepo: "{{ apache_enablerepo }}" 7 | with_items: "{{ apache_packages }}" 8 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/setup-Solaris.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure Apache is installed on Solaris. 3 | pkg5: 4 | name: "{{ item }}" 5 | state: "{{ apache_packages_state }}" 6 | with_items: "{{ apache_packages }}" 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tasks/setup-Suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure Apache is installed on Suse. 3 | zypper: 4 | name: "{{ item }}" 5 | state: "{{ apache_packages_state }}" 6 | with_items: "{{ apache_packages }}" 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/templates/vhosts.conf.j2: -------------------------------------------------------------------------------- 1 | {{ apache_global_vhost_settings }} 2 | 3 | {# Set up VirtualHosts #} 4 | {% for vhost in apache_vhosts %} 5 | 6 | ServerName {{ vhost.servername }} 7 | {% if vhost.serveralias is defined %} 8 | ServerAlias {{ vhost.serveralias }} 9 | {% endif %} 10 | {% if vhost.documentroot is defined %} 11 | DocumentRoot "{{ vhost.documentroot }}" 12 | {% endif %} 13 | 14 | {% if vhost.serveradmin is defined %} 15 | ServerAdmin {{ vhost.serveradmin }} 16 | {% endif %} 17 | {% if vhost.documentroot is defined %} 18 | 19 | AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} 20 | Options {{ vhost.options | default(apache_options) }} 21 | {% if apache_vhosts_version == "2.2" %} 22 | Order allow,deny 23 | Allow from all 24 | {% else %} 25 | Require all granted 26 | {% endif %} 27 | 28 | {% endif %} 29 | {% if vhost.extra_parameters is defined %} 30 | {{ vhost.extra_parameters }} 31 | {% endif %} 32 | 33 | 34 | {% endfor %} 35 | 36 | {# Set up SSL VirtualHosts #} 37 | {% for vhost in apache_vhosts_ssl %} 38 | {% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} 39 | 40 | ServerName {{ vhost.servername }} 41 | {% if vhost.serveralias is defined %} 42 | ServerAlias {{ vhost.serveralias }} 43 | {% endif %} 44 | {% if vhost.documentroot is defined %} 45 | DocumentRoot "{{ vhost.documentroot }}" 46 | {% endif %} 47 | 48 | SSLEngine on 49 | SSLCipherSuite {{ apache_ssl_cipher_suite }} 50 | SSLProtocol {{ apache_ssl_protocol }} 51 | SSLHonorCipherOrder On 52 | {% if apache_vhosts_version == "2.4" %} 53 | SSLCompression off 54 | {% endif %} 55 | SSLCertificateFile {{ vhost.certificate_file }} 56 | SSLCertificateKeyFile {{ vhost.certificate_key_file }} 57 | {% if vhost.certificate_chain_file is defined %} 58 | SSLCertificateChainFile {{ vhost.certificate_chain_file }} 59 | {% endif %} 60 | 61 | {% if vhost.serveradmin is defined %} 62 | ServerAdmin {{ vhost.serveradmin }} 63 | {% endif %} 64 | {% if vhost.documentroot is defined %} 65 | 66 | AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} 67 | Options {{ vhost.options | default(apache_options) }} 68 | {% if apache_vhosts_version == "2.2" %} 69 | Order allow,deny 70 | Allow from all 71 | {% else %} 72 | Require all granted 73 | {% endif %} 74 | 75 | {% endif %} 76 | {% if vhost.extra_parameters is defined %} 77 | {{ vhost.extra_parameters }} 78 | {% endif %} 79 | 80 | 81 | {% endif %} 82 | {% endfor %} 83 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tests/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role tests 2 | 3 | To run the test playbook(s) in this directory: 4 | 5 | 1. Install and start Docker. 6 | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: 7 | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` 8 | 1. Make the test shim executable: `chmod +x tests/test.sh`. 9 | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` 10 | 11 | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` 12 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | 4 | vars: 5 | apache_listen_port_ssl: 443 6 | apache_create_vhosts: true 7 | apache_vhosts_filename: "vhosts.conf" 8 | apache_vhosts: 9 | - servername: "example.com" 10 | documentroot: "/var/www/vhosts/example_com" 11 | 12 | roles: 13 | - role_under_test 14 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/AmazonLinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_service: httpd 3 | apache_daemon: httpd 4 | apache_daemon_path: /usr/sbin/ 5 | apache_server_root: /etc/httpd 6 | apache_conf_path: /etc/httpd/conf.d 7 | 8 | apache_vhosts_version: "2.4" 9 | 10 | __apache_packages: 11 | - httpd24 12 | - httpd24-devel 13 | - mod24_ssl 14 | - openssh 15 | 16 | apache_ports_configuration_items: 17 | - regexp: "^Listen " 18 | line: "Listen {{ apache_listen_port }}" 19 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_service: apache2 3 | apache_daemon: apache2 4 | apache_daemon_path: /usr/sbin/ 5 | apache_server_root: /etc/apache2 6 | apache_conf_path: /etc/apache2 7 | 8 | __apache_packages: 9 | - apache2 10 | - apache2-utils 11 | 12 | apache_ports_configuration_items: 13 | - regexp: "^Listen " 14 | line: "Listen {{ apache_listen_port }}" 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_service: httpd 3 | apache_daemon: httpd 4 | apache_daemon_path: /usr/sbin/ 5 | apache_server_root: /etc/httpd 6 | apache_conf_path: /etc/httpd/conf.d 7 | 8 | apache_vhosts_version: "2.2" 9 | 10 | __apache_packages: 11 | - httpd 12 | - httpd-devel 13 | - mod_ssl 14 | - openssh 15 | 16 | apache_ports_configuration_items: 17 | - regexp: "^Listen " 18 | line: "Listen {{ apache_listen_port }}" 19 | - regexp: "^#?NameVirtualHost " 20 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/Solaris.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_service: apache24 3 | apache_daemon: httpd 4 | apache_daemon_path: /usr/apache2/2.4/bin/ 5 | apache_server_root: /etc/apache2/2.4/ 6 | apache_conf_path: /etc/apache2/2.4/conf.d 7 | 8 | apache_vhosts_version: "2.2" 9 | 10 | __apache_packages: 11 | - web/server/apache-24 12 | - web/server/apache-24/module/apache-ssl 13 | - web/server/apache-24/module/apache-security 14 | 15 | apache_ports_configuration_items: 16 | - regexp: "^Listen " 17 | line: "Listen {{ apache_listen_port }}" 18 | - regexp: "^#?NameVirtualHost " 19 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" 20 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_service: apache2 3 | apache_daemon: httpd2 4 | apache_daemon_path: /usr/sbin/ 5 | apache_server_root: /etc/apache2 6 | apache_conf_path: /etc/apache2/conf.d 7 | 8 | apache_vhosts_version: "2.2" 9 | 10 | __apache_packages: 11 | - apache2 12 | - openssh 13 | 14 | apache_ports_configuration_items: 15 | - regexp: "^Listen " 16 | line: "Listen {{ apache_listen_port }}" 17 | - regexp: "^#?NameVirtualHost " 18 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" 19 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/apache-22.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_vhosts_version: "2.2" 3 | apache_default_vhost_filename: 000-default 4 | apache_ports_configuration_items: 5 | - { 6 | regexp: "^Listen ", 7 | line: "Listen {{ apache_listen_port }}" 8 | } 9 | - { 10 | regexp: "^#?NameVirtualHost ", 11 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" 12 | } 13 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.apache/vars/apache-24.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_vhosts_version: "2.4" 3 | apache_default_vhost_filename: 000-default.conf 4 | apache_ports_configuration_items: 5 | - { 6 | regexp: "^Listen ", 7 | line: "Listen {{ apache_listen_port }}" 8 | } 9 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '204' 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | --- 3 | github: geerlingguy 4 | patreon: geerlingguy 5 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-stale - https://github.com/probot/stale 2 | 3 | # Number of days of inactivity before an Issue or Pull Request becomes stale 4 | daysUntilStale: 90 5 | 6 | # Number of days of inactivity before an Issue or Pull Request with the stale label is closed. 7 | # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. 8 | daysUntilClose: 30 9 | 10 | # Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) 11 | onlyLabels: [] 12 | 13 | # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable 14 | exemptLabels: 15 | - pinned 16 | - security 17 | - planned 18 | 19 | # Set to true to ignore issues in a project (defaults to false) 20 | exemptProjects: false 21 | 22 | # Set to true to ignore issues in a milestone (defaults to false) 23 | exemptMilestones: false 24 | 25 | # Set to true to ignore issues with an assignee (defaults to false) 26 | exemptAssignees: false 27 | 28 | # Label to use when marking as stale 29 | staleLabel: stale 30 | 31 | # Limit the number of actions per hour, from 1-30. Default is 30 32 | limitPerRun: 30 33 | 34 | pulls: 35 | markComment: |- 36 | This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! 37 | 38 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. 39 | 40 | unmarkComment: >- 41 | This pull request is no longer marked for closure. 42 | 43 | closeComment: >- 44 | This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. 45 | 46 | issues: 47 | markComment: |- 48 | This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! 49 | 50 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. 51 | 52 | unmarkComment: >- 53 | This issue is no longer marked for closure. 54 | 55 | closeComment: >- 56 | This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. 57 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | */__pycache__ 3 | *.pyc 4 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | services: docker 4 | 5 | env: 6 | global: 7 | - ROLE_NAME: mysql 8 | matrix: 9 | - MOLECULE_DISTRO: centos8 10 | - MOLECULE_DISTRO: centos7 11 | - MOLECULE_DISTRO: centos6 12 | - MOLECULE_DISTRO: ubuntu1804 13 | - MOLECULE_DISTRO: ubuntu1604 14 | - MOLECULE_DISTRO: debian10 15 | 16 | install: 17 | # Install test dependencies. 18 | - pip install molecule yamllint ansible-lint docker 19 | 20 | before_script: 21 | # Use actual Ansible Galaxy role name for the project directory. 22 | - cd ../ 23 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME 24 | - cd geerlingguy.$ROLE_NAME 25 | 26 | script: 27 | # Run tests. 28 | - molecule test 29 | 30 | notifications: 31 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 32 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 160 6 | level: warning 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Set this to the user ansible is logging in as - should have root 3 | # or sudo access 4 | mysql_user_home: /root 5 | mysql_user_name: root 6 | mysql_user_password: root 7 | 8 | # The default root user installed by mysql - almost always root 9 | mysql_root_home: /root 10 | mysql_root_username: root 11 | mysql_root_password: root 12 | 13 | # Set this to `true` to forcibly update the root password. 14 | mysql_root_password_update: false 15 | mysql_user_password_update: false 16 | 17 | mysql_enabled_on_startup: true 18 | 19 | # Whether my.cnf should be updated on every run. 20 | overwrite_global_mycnf: true 21 | 22 | # The following variables have a default value depending on operating system. 23 | # mysql_config_file: /etc/my.cnf 24 | # mysql_config_include_dir: /etc/my.cnf.d 25 | 26 | # Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only 27 | # for RedHat systems (and derivatives). 28 | mysql_enablerepo: "" 29 | 30 | # Define a custom list of packages to install; if none provided, the default 31 | # package list from vars/[OS-family].yml will be used. 32 | # mysql_packages: 33 | # - mysql 34 | # - mysql-server 35 | # - MySQL-python 36 | 37 | # MySQL connection settings. 38 | mysql_port: "3306" 39 | mysql_bind_address: '0.0.0.0' 40 | mysql_skip_name_resolve: false 41 | mysql_datadir: /var/lib/mysql 42 | mysql_sql_mode: '' 43 | # The following variables have a default value depending on operating system. 44 | # mysql_pid_file: /var/run/mysqld/mysqld.pid 45 | # mysql_socket: /var/lib/mysql/mysql.sock 46 | 47 | # Log file settings. 48 | mysql_log_file_group: mysql 49 | 50 | # Slow query log settings. 51 | mysql_slow_query_log_enabled: false 52 | mysql_slow_query_time: "2" 53 | # The following variable has a default value depending on operating system. 54 | # mysql_slow_query_log_file: /var/log/mysql-slow.log 55 | 56 | # Memory settings (default values optimized ~512MB RAM). 57 | mysql_key_buffer_size: "256M" 58 | mysql_max_allowed_packet: "64M" 59 | mysql_table_open_cache: "256" 60 | mysql_sort_buffer_size: "1M" 61 | mysql_read_buffer_size: "1M" 62 | mysql_read_rnd_buffer_size: "4M" 63 | mysql_myisam_sort_buffer_size: "64M" 64 | mysql_thread_cache_size: "8" 65 | mysql_query_cache_type: "0" 66 | mysql_query_cache_size: "16M" 67 | mysql_query_cache_limit: "1M" 68 | mysql_max_connections: "151" 69 | mysql_tmp_table_size: "16M" 70 | mysql_max_heap_table_size: "16M" 71 | mysql_group_concat_max_len: "1024" 72 | mysql_join_buffer_size: "262144" 73 | 74 | # Other settings. 75 | mysql_lower_case_table_names: "0" 76 | mysql_wait_timeout: "28800" 77 | mysql_event_scheduler_state: "OFF" 78 | 79 | # InnoDB settings. 80 | mysql_innodb_file_per_table: "1" 81 | # Set .._buffer_pool_size up to 80% of RAM but beware of setting too high. 82 | mysql_innodb_buffer_pool_size: "256M" 83 | # Set .._log_file_size to 25% of buffer pool size. 84 | mysql_innodb_log_file_size: "64M" 85 | mysql_innodb_log_buffer_size: "8M" 86 | mysql_innodb_flush_log_at_trx_commit: "1" 87 | mysql_innodb_lock_wait_timeout: "50" 88 | 89 | # These settings require MySQL > 5.5. 90 | mysql_innodb_large_prefix: "1" 91 | mysql_innodb_file_format: "barracuda" 92 | 93 | # mysqldump settings. 94 | mysql_mysqldump_max_allowed_packet: "64M" 95 | 96 | # Logging settings. 97 | mysql_log: "" 98 | # The following variables have a default value depending on operating system. 99 | # mysql_log_error: /var/log/mysql/mysql.err 100 | # mysql_syslog_tag: mysql 101 | 102 | mysql_config_include_files: [] 103 | # - src: path/relative/to/playbook/file.cnf 104 | # - { src: path/relative/to/playbook/anotherfile.cnf, force: yes } 105 | 106 | # Databases. 107 | mysql_databases: [] 108 | # - name: example 109 | # collation: utf8_general_ci 110 | # encoding: utf8 111 | # replicate: 1 112 | 113 | # Users. 114 | mysql_users: [] 115 | # - name: example 116 | # host: 127.0.0.1 117 | # password: secret 118 | # priv: *.*:USAGE 119 | 120 | # Replication settings (replication is only enabled if master/user have values). 121 | mysql_server_id: "1" 122 | mysql_max_binlog_size: "100M" 123 | mysql_binlog_format: "ROW" 124 | mysql_expire_logs_days: "10" 125 | mysql_replication_role: '' 126 | mysql_replication_master: '' 127 | # Same keys as `mysql_users` above. 128 | mysql_replication_user: [] 129 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart mysql 3 | service: "name={{ mysql_daemon }} state=restarted sleep=5" 4 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | install_date: Tue Jul 21 15:49:02 2020 2 | version: 3.1.0 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: MySQL server for RHEL/CentOS and Debian/Ubuntu. 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 2.4 10 | platforms: 11 | - name: EL 12 | versions: 13 | - 6 14 | - 7 15 | - 8 16 | - name: Ubuntu 17 | versions: 18 | - all 19 | - name: Debian 20 | versions: 21 | - all 22 | - name: Archlinux 23 | versions: 24 | - all 25 | galaxy_tags: 26 | - database 27 | - mysql 28 | - mariadb 29 | - db 30 | - sql 31 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | mysql_python_package_debian: python3-mysqldb 8 | 9 | roles: 10 | - role: geerlingguy.mysql 11 | 12 | post_tasks: 13 | - name: Make sure we can connect to MySQL via Unix socket. 14 | command: "mysql -u root -proot -e 'show databases;'" 15 | changed_when: false 16 | 17 | - name: Make sure we can connect to MySQL via TCP. 18 | command: "mysql -u root -proot -h 127.0.0.1 -e 'show databases;'" 19 | changed_when: false 20 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" 13 | command: ${MOLECULE_DOCKER_COMMAND:-""} 14 | volumes: 15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | playbooks: 21 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 22 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get MySQL version. 3 | command: 'mysql --version' 4 | register: mysql_cli_version 5 | changed_when: false 6 | check_mode: false 7 | 8 | - name: Copy my.cnf global MySQL configuration. 9 | template: 10 | src: my.cnf.j2 11 | dest: "{{ mysql_config_file }}" 12 | owner: root 13 | group: root 14 | mode: 0644 15 | force: "{{ overwrite_global_mycnf }}" 16 | notify: restart mysql 17 | 18 | - name: Verify mysql include directory exists. 19 | file: 20 | path: "{{ mysql_config_include_dir }}" 21 | state: directory 22 | owner: root 23 | group: root 24 | mode: 0755 25 | when: mysql_config_include_files | length 26 | 27 | - name: Copy my.cnf override files into include directory. 28 | template: 29 | src: "{{ item.src }}" 30 | dest: "{{ mysql_config_include_dir }}/{{ item.src | basename }}" 31 | owner: root 32 | group: root 33 | mode: 0644 34 | force: "{{ item.force | default(False) }}" 35 | with_items: "{{ mysql_config_include_files }}" 36 | notify: restart mysql 37 | 38 | - name: Create slow query log file (if configured). 39 | command: "touch {{ mysql_slow_query_log_file }}" 40 | args: 41 | creates: "{{ mysql_slow_query_log_file }}" 42 | warn: false 43 | when: mysql_slow_query_log_enabled 44 | 45 | - name: Create datadir if it does not exist 46 | file: 47 | path: "{{ mysql_datadir }}" 48 | state: directory 49 | owner: mysql 50 | group: mysql 51 | mode: 0755 52 | setype: mysqld_db_t 53 | 54 | - name: Set ownership on slow query log file (if configured). 55 | file: 56 | path: "{{ mysql_slow_query_log_file }}" 57 | state: file 58 | owner: mysql 59 | group: "{{ mysql_log_file_group }}" 60 | mode: 0640 61 | when: mysql_slow_query_log_enabled 62 | 63 | - name: Create error log file (if configured). 64 | command: "touch {{ mysql_log_error }}" 65 | args: 66 | creates: "{{ mysql_log_error }}" 67 | warn: false 68 | when: 69 | - mysql_log | default(true) 70 | - mysql_log_error | default(false) 71 | tags: ['skip_ansible_galaxy'] 72 | 73 | - name: Set ownership on error log file (if configured). 74 | file: 75 | path: "{{ mysql_log_error }}" 76 | state: file 77 | owner: mysql 78 | group: "{{ mysql_log_file_group }}" 79 | mode: 0640 80 | when: 81 | - mysql_log | default(true) 82 | - mysql_log_error | default(false) 83 | tags: ['skip_ansible_galaxy'] 84 | 85 | - name: Ensure MySQL is started and enabled on boot. 86 | service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}" 87 | register: mysql_service_configuration 88 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/databases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure MySQL databases are present. 3 | mysql_db: 4 | name: "{{ item.name }}" 5 | collation: "{{ item.collation | default('utf8_general_ci') }}" 6 | encoding: "{{ item.encoding | default('utf8') }}" 7 | state: "{{ item.state | default('present') }}" 8 | with_items: "{{ mysql_databases }}" 9 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variable configuration. 3 | - include_tasks: variables.yml 4 | 5 | # Setup/install tasks. 6 | - include_tasks: setup-RedHat.yml 7 | when: ansible_os_family == 'RedHat' 8 | 9 | - include_tasks: setup-Debian.yml 10 | when: ansible_os_family == 'Debian' 11 | 12 | - include_tasks: setup-Archlinux.yml 13 | when: ansible_os_family == 'Archlinux' 14 | 15 | - name: Check if MySQL packages were installed. 16 | set_fact: 17 | mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed) 18 | or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed) 19 | or (arch_mysql_install_packages is defined and arch_mysql_install_packages.changed) }}" 20 | 21 | # Configure MySQL. 22 | - include_tasks: configure.yml 23 | - include_tasks: secure-installation.yml 24 | - include_tasks: databases.yml 25 | - include_tasks: users.yml 26 | - include_tasks: replication.yml 27 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/replication.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure replication user exists on master. 3 | mysql_user: 4 | name: "{{ mysql_replication_user.name }}" 5 | host: "{{ mysql_replication_user.host | default('%') }}" 6 | password: "{{ mysql_replication_user.password }}" 7 | priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE,REPLICATION CLIENT') }}" 8 | state: present 9 | when: 10 | - mysql_replication_role == 'master' 11 | - mysql_replication_user.name is defined 12 | - mysql_replication_master | default(false) 13 | tags: ['skip_ansible_galaxy'] 14 | 15 | - name: Check slave replication status. 16 | mysql_replication: 17 | mode: getslave 18 | login_user: "{{ mysql_replication_user.name }}" 19 | login_password: "{{ mysql_replication_user.password }}" 20 | ignore_errors: true 21 | register: slave 22 | when: 23 | - mysql_replication_role == 'slave' 24 | - mysql_replication_master | default(false) 25 | tags: ['skip_ansible_galaxy'] 26 | 27 | - name: Check master replication status. 28 | mysql_replication: mode=getmaster 29 | delegate_to: "{{ mysql_replication_master }}" 30 | register: master 31 | when: 32 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) 33 | - mysql_replication_role == 'slave' 34 | - mysql_replication_master | default(false) 35 | tags: ['skip_ansible_galaxy'] 36 | 37 | - name: Configure replication on the slave. 38 | mysql_replication: 39 | mode: changemaster 40 | master_host: "{{ mysql_replication_master }}" 41 | master_user: "{{ mysql_replication_user.name }}" 42 | master_password: "{{ mysql_replication_user.password }}" 43 | master_log_file: "{{ master.File }}" 44 | master_log_pos: "{{ master.Position }}" 45 | ignore_errors: true 46 | when: 47 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) 48 | - mysql_replication_role == 'slave' 49 | - mysql_replication_user.name is defined 50 | - mysql_replication_master | default(false) 51 | 52 | - name: Start replication. 53 | mysql_replication: mode=startslave 54 | when: 55 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) 56 | - mysql_replication_role == 'slave' 57 | - mysql_replication_master | default(false) 58 | tags: ['skip_ansible_galaxy'] 59 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure default user is present. 3 | mysql_user: 4 | name: "{{ mysql_user_name }}" 5 | host: 'localhost' 6 | password: "{{ mysql_user_password }}" 7 | priv: '*.*:ALL,GRANT' 8 | state: present 9 | when: mysql_user_name != mysql_root_username 10 | 11 | # Has to be after the password assignment, for idempotency. 12 | - name: Copy user-my.cnf file with password credentials. 13 | template: 14 | src: "user-my.cnf.j2" 15 | dest: "{{ mysql_user_home }}/.my.cnf" 16 | owner: "{{ mysql_user_name }}" 17 | mode: 0600 18 | when: > 19 | mysql_user_name != mysql_root_username 20 | and (mysql_install_packages | bool or mysql_user_password_update) 21 | 22 | - name: Disallow root login remotely 23 | command: 'mysql -NBe "{{ item }}"' 24 | with_items: 25 | - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1') 26 | changed_when: false 27 | 28 | - name: Get list of hosts for the root user. 29 | command: mysql -NBe 30 | "SELECT Host 31 | FROM mysql.user 32 | WHERE User = '{{ mysql_root_username }}' 33 | ORDER BY (Host='localhost') ASC" 34 | register: mysql_root_hosts 35 | changed_when: false 36 | check_mode: false 37 | when: mysql_install_packages | bool or mysql_root_password_update 38 | 39 | # Note: We do not use mysql_user for this operation, as it doesn't always update 40 | # the root password correctly. See: https://goo.gl/MSOejW 41 | # Set root password for MySQL >= 5.7.x. 42 | - name: Update MySQL root password for localhost root account (5.7.x). 43 | shell: > 44 | mysql -u root -NBe 45 | 'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" 46 | IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";' 47 | with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}" 48 | when: > 49 | ((mysql_install_packages | bool) or mysql_root_password_update) 50 | and ('5.7.' in mysql_cli_version.stdout or '8.0.' in mysql_cli_version.stdout) 51 | 52 | # Set root password for MySQL < 5.7.x. 53 | - name: Update MySQL root password for localhost root account (< 5.7.x). 54 | shell: > 55 | mysql -NBe 56 | 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");' 57 | with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}" 58 | when: > 59 | ((mysql_install_packages | bool) or mysql_root_password_update) 60 | and ('5.7.' not in mysql_cli_version.stdout and '8.0.' not in mysql_cli_version.stdout) 61 | 62 | # Has to be after the root password assignment, for idempotency. 63 | - name: Copy .my.cnf file with root password credentials. 64 | template: 65 | src: "root-my.cnf.j2" 66 | dest: "{{ mysql_root_home }}/.my.cnf" 67 | owner: root 68 | group: root 69 | mode: 0600 70 | when: mysql_install_packages | bool or mysql_root_password_update 71 | 72 | - name: Get list of hosts for the anonymous user. 73 | command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""' 74 | register: mysql_anonymous_hosts 75 | changed_when: false 76 | check_mode: false 77 | 78 | - name: Remove anonymous MySQL users. 79 | mysql_user: 80 | name: "" 81 | host: "{{ item }}" 82 | state: absent 83 | with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}" 84 | 85 | - name: Remove MySQL test database. 86 | mysql_db: "name='test' state=absent" 87 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/setup-Archlinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure MySQL Python libraries are installed. 3 | pacman: "name=mysql-python state=present" 4 | 5 | - name: Ensure MySQL packages are installed. 6 | pacman: "name={{ mysql_packages }} state=present" 7 | register: arch_mysql_install_packages 8 | 9 | - name: Run mysql_install_db if MySQL packages were changed. 10 | command: mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql 11 | when: arch_mysql_install_packages.changed 12 | tags: ['skip_ansible_lint'] 13 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check if MySQL is already installed. 3 | stat: path=/etc/init.d/mysql 4 | register: mysql_installed 5 | 6 | - name: Update apt cache if MySQL is not yet installed. 7 | apt: update_cache=yes 8 | when: not mysql_installed.stat.exists 9 | 10 | - name: Determine required MySQL Python libraries. 11 | set_fact: 12 | mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter|default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}" 13 | when: mysql_python_package_debian is not defined 14 | 15 | - name: Ensure MySQL Python libraries are installed. 16 | apt: 17 | name: "{{ mysql_python_package_debian }}" 18 | state: present 19 | 20 | - name: Ensure MySQL packages are installed. 21 | apt: 22 | name: "{{ mysql_packages }}" 23 | state: present 24 | register: deb_mysql_install_packages 25 | 26 | # Because Ubuntu starts MySQL as part of the install process, we need to stop 27 | # mysql and remove the logfiles in case the user set a custom log file size. 28 | - name: Ensure MySQL is stopped after initial install. 29 | service: "name={{ mysql_daemon }} state=stopped" 30 | when: not mysql_installed.stat.exists 31 | 32 | - name: Delete innodb log files created by apt package after initial install. 33 | file: path={{ mysql_datadir }}/{{ item }} state=absent 34 | with_items: 35 | - ib_logfile0 36 | - ib_logfile1 37 | when: not mysql_installed.stat.exists 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure MySQL packages are installed. 3 | yum: 4 | name: "{{ mysql_packages }}" 5 | state: present 6 | enablerepo: "{{ mysql_enablerepo | default(omit, true) }}" 7 | register: rh_mysql_install_packages 8 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure MySQL users are present. 3 | mysql_user: 4 | name: "{{ item.name }}" 5 | host: "{{ item.host | default('localhost') }}" 6 | password: "{{ item.password }}" 7 | priv: "{{ item.priv | default('*.*:USAGE') }}" 8 | state: "{{ item.state | default('present') }}" 9 | append_privs: "{{ item.append_privs | default('no') }}" 10 | encrypted: "{{ item.encrypted | default('no') }}" 11 | with_items: "{{ mysql_users }}" 12 | no_log: true 13 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/tasks/variables.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variable configuration. 3 | - name: Include OS-specific variables. 4 | include_vars: "{{ item }}" 5 | with_first_found: 6 | - files: 7 | - "vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" 8 | - "vars/{{ ansible_os_family }}.yml" 9 | skip: true 10 | 11 | - name: Define mysql_packages. 12 | set_fact: 13 | mysql_packages: "{{ __mysql_packages | list }}" 14 | when: mysql_packages is not defined 15 | 16 | - name: Define mysql_daemon. 17 | set_fact: 18 | mysql_daemon: "{{ __mysql_daemon }}" 19 | when: mysql_daemon is not defined 20 | 21 | - name: Define mysql_slow_query_log_file. 22 | set_fact: 23 | mysql_slow_query_log_file: "{{ __mysql_slow_query_log_file }}" 24 | when: mysql_slow_query_log_file is not defined 25 | 26 | - name: Define mysql_log_error. 27 | set_fact: 28 | mysql_log_error: "{{ __mysql_log_error }}" 29 | when: mysql_log_error is not defined 30 | 31 | - name: Define mysql_syslog_tag. 32 | set_fact: 33 | mysql_syslog_tag: "{{ __mysql_syslog_tag }}" 34 | when: mysql_syslog_tag is not defined 35 | 36 | - name: Define mysql_pid_file. 37 | set_fact: 38 | mysql_pid_file: "{{ __mysql_pid_file }}" 39 | when: mysql_pid_file is not defined 40 | 41 | - name: Define mysql_config_file. 42 | set_fact: 43 | mysql_config_file: "{{ __mysql_config_file }}" 44 | when: mysql_config_file is not defined 45 | 46 | - name: Define mysql_config_include_dir. 47 | set_fact: 48 | mysql_config_include_dir: "{{ __mysql_config_include_dir }}" 49 | when: mysql_config_include_dir is not defined 50 | 51 | - name: Define mysql_socket. 52 | set_fact: 53 | mysql_socket: "{{ __mysql_socket }}" 54 | when: mysql_socket is not defined 55 | 56 | - name: Define mysql_supports_innodb_large_prefix. 57 | set_fact: 58 | mysql_supports_innodb_large_prefix: "{{ __mysql_supports_innodb_large_prefix }}" 59 | when: mysql_supports_innodb_large_prefix is not defined 60 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [client] 4 | #password = your_password 5 | port = {{ mysql_port }} 6 | socket = {{ mysql_socket }} 7 | 8 | [mysqld] 9 | port = {{ mysql_port }} 10 | bind-address = {{ mysql_bind_address }} 11 | datadir = {{ mysql_datadir }} 12 | socket = {{ mysql_socket }} 13 | pid-file = {{ mysql_pid_file }} 14 | {% if mysql_skip_name_resolve %} 15 | skip-name-resolve 16 | {% endif %} 17 | {% if mysql_sql_mode %} 18 | sql_mode = {{ mysql_sql_mode }} 19 | {% endif %} 20 | 21 | # Logging configuration. 22 | {% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %} 23 | syslog 24 | syslog-tag = {{ mysql_syslog_tag }} 25 | {% else %} 26 | {% if mysql_log %} 27 | log = {{ mysql_log }} 28 | {% endif %} 29 | log-error = {{ mysql_log_error }} 30 | {% endif %} 31 | 32 | {% if mysql_slow_query_log_enabled %} 33 | # Slow query log configuration. 34 | slow_query_log = 1 35 | slow_query_log_file = {{ mysql_slow_query_log_file }} 36 | long_query_time = {{ mysql_slow_query_time }} 37 | {% endif %} 38 | 39 | {% if mysql_replication_master %} 40 | # Replication 41 | server-id = {{ mysql_server_id }} 42 | 43 | {% if mysql_replication_role == 'master' %} 44 | log_bin = mysql-bin 45 | log-bin-index = mysql-bin.index 46 | expire_logs_days = {{ mysql_expire_logs_days }} 47 | max_binlog_size = {{ mysql_max_binlog_size }} 48 | binlog_format = {{mysql_binlog_format}} 49 | 50 | {% for db in mysql_databases %} 51 | {% if db.replicate|default(1) %} 52 | binlog_do_db = {{ db.name }} 53 | {% else %} 54 | binlog_ignore_db = {{ db.name }} 55 | {% endif %} 56 | {% endfor %} 57 | {% endif %} 58 | 59 | {% if mysql_replication_role == 'slave' %} 60 | read_only 61 | relay-log = relay-bin 62 | relay-log-index = relay-bin.index 63 | {% endif %} 64 | {% endif %} 65 | 66 | # Disabling symbolic-links is recommended to prevent assorted security risks 67 | symbolic-links = 0 68 | 69 | # User is ignored when systemd is used (fedora >= 15). 70 | user = mysql 71 | 72 | # http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html 73 | ;performance_schema 74 | 75 | # Memory settings. 76 | key_buffer_size = {{ mysql_key_buffer_size }} 77 | max_allowed_packet = {{ mysql_max_allowed_packet }} 78 | table_open_cache = {{ mysql_table_open_cache }} 79 | sort_buffer_size = {{ mysql_sort_buffer_size }} 80 | read_buffer_size = {{ mysql_read_buffer_size }} 81 | read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }} 82 | myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }} 83 | thread_cache_size = {{ mysql_thread_cache_size }} 84 | {% if '8.0.' not in mysql_cli_version.stdout %} 85 | query_cache_type = {{ mysql_query_cache_type }} 86 | query_cache_size = {{ mysql_query_cache_size }} 87 | query_cache_limit = {{ mysql_query_cache_limit }} 88 | {% endif %} 89 | max_connections = {{ mysql_max_connections }} 90 | tmp_table_size = {{ mysql_tmp_table_size }} 91 | max_heap_table_size = {{ mysql_max_heap_table_size }} 92 | group_concat_max_len = {{ mysql_group_concat_max_len }} 93 | join_buffer_size = {{ mysql_join_buffer_size }} 94 | 95 | # Other settings. 96 | wait_timeout = {{ mysql_wait_timeout }} 97 | lower_case_table_names = {{ mysql_lower_case_table_names }} 98 | event_scheduler = {{ mysql_event_scheduler_state }} 99 | 100 | # InnoDB settings. 101 | {% if mysql_supports_innodb_large_prefix and '8.0.' not in mysql_cli_version.stdout %} 102 | innodb_large_prefix = {{ mysql_innodb_large_prefix }} 103 | innodb_file_format = {{ mysql_innodb_file_format }} 104 | {% endif %} 105 | innodb_file_per_table = {{ mysql_innodb_file_per_table }} 106 | innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }} 107 | innodb_log_file_size = {{ mysql_innodb_log_file_size }} 108 | innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }} 109 | innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }} 110 | innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }} 111 | 112 | [mysqldump] 113 | quick 114 | max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }} 115 | 116 | [mysqld_safe] 117 | pid-file = {{ mysql_pid_file }} 118 | 119 | {% if mysql_config_include_files | length %} 120 | # * IMPORTANT: Additional settings that can override those from this file! 121 | # The files must end with '.cnf', otherwise they'll be ignored. 122 | # 123 | !includedir {{ mysql_config_include_dir }} 124 | {% endif %} 125 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [client] 4 | user="{{ mysql_root_username }}" 5 | password="{{ mysql_root_password }}" 6 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [client] 4 | user="{{ mysql_user_name }}" 5 | password="{{ mysql_user_password }}" 6 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/Archlinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mariadb 3 | __mysql_packages: 4 | - mariadb 5 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log 6 | __mysql_log_error: /var/log/mysql.err 7 | __mysql_syslog_tag: mysql 8 | __mysql_pid_file: /run/mysqld/mysqld.pid 9 | __mysql_config_file: /etc/mysql/my.cnf 10 | __mysql_config_include_dir: /etc/mysql/conf.d 11 | __mysql_socket: /run/mysqld/mysqld.sock 12 | __mysql_supports_innodb_large_prefix: true 13 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mariadb 3 | __mysql_packages: 4 | - default-mysql-server 5 | mysql_log_file_group: adm 6 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log 7 | __mysql_log_error: /var/log/mysql/mysql.log 8 | __mysql_syslog_tag: mariadb 9 | __mysql_pid_file: /run/mysqld/mysqld.pid 10 | __mysql_config_file: /etc/mysql/my.cnf 11 | __mysql_config_include_dir: /etc/mysql/conf.d 12 | __mysql_socket: /run/mysqld/mysqld.sock 13 | __mysql_supports_innodb_large_prefix: true 14 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mysql 3 | __mysql_packages: 4 | - mysql-common 5 | - mysql-server 6 | mysql_log_file_group: adm 7 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log 8 | __mysql_log_error: /var/log/mysql/mysql.err 9 | __mysql_syslog_tag: mysql 10 | __mysql_pid_file: /var/run/mysqld/mysqld.pid 11 | __mysql_config_file: /etc/mysql/my.cnf 12 | __mysql_config_include_dir: /etc/mysql/conf.d 13 | __mysql_socket: /var/run/mysqld/mysqld.sock 14 | __mysql_supports_innodb_large_prefix: true 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/RedHat-6.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mysqld 3 | __mysql_packages: 4 | - mysql 5 | - mysql-server 6 | - MySQL-python 7 | __mysql_slow_query_log_file: /var/log/mysql-slow.log 8 | __mysql_log_error: /var/log/mysql.err 9 | __mysql_syslog_tag: mysql 10 | __mysql_pid_file: /var/run/mysqld/mysqld.pid 11 | __mysql_config_file: /etc/my.cnf 12 | __mysql_config_include_dir: /etc/my.cnf.d 13 | __mysql_socket: /var/lib/mysql/mysql.sock 14 | __mysql_supports_innodb_large_prefix: false 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/RedHat-7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mariadb 3 | __mysql_packages: 4 | - mariadb 5 | - mariadb-server 6 | - mariadb-libs 7 | - MySQL-python 8 | - perl-DBD-MySQL 9 | __mysql_slow_query_log_file: /var/log/mysql-slow.log 10 | __mysql_log_error: /var/log/mariadb/mariadb.log 11 | __mysql_syslog_tag: mariadb 12 | __mysql_pid_file: /var/run/mariadb/mariadb.pid 13 | __mysql_config_file: /etc/my.cnf 14 | __mysql_config_include_dir: /etc/my.cnf.d 15 | __mysql_socket: /var/lib/mysql/mysql.sock 16 | __mysql_supports_innodb_large_prefix: true 17 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.mysql/vars/RedHat-8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __mysql_daemon: mariadb 3 | __mysql_packages: 4 | - mariadb 5 | - mariadb-server 6 | - mariadb-connector-c 7 | - python3-PyMySQL 8 | - perl-DBD-MySQL 9 | __mysql_slow_query_log_file: /var/log/mysql-slow.log 10 | __mysql_log_error: /var/log/mariadb/mariadb.log 11 | __mysql_syslog_tag: mariadb 12 | __mysql_pid_file: /var/run/mariadb/mariadb.pid 13 | __mysql_config_file: /etc/my.cnf 14 | __mysql_config_include_dir: /etc/my.cnf.d 15 | __mysql_socket: /var/lib/mysql/mysql.sock 16 | # The entries controlled by this value should not be used with MariaDB >= 10.2.2 17 | # See https://github.com/frappe/bench/issues/681#issuecomment-398984706 18 | __mysql_supports_innodb_large_prefix: false 19 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '306' 3 | - '405' 4 | - '503' 5 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | --- 3 | github: geerlingguy 4 | patreon: geerlingguy 5 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-stale - https://github.com/probot/stale 2 | 3 | # Number of days of inactivity before an Issue or Pull Request becomes stale 4 | daysUntilStale: 90 5 | 6 | # Number of days of inactivity before an Issue or Pull Request with the stale label is closed. 7 | # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. 8 | daysUntilClose: 30 9 | 10 | # Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) 11 | onlyLabels: [] 12 | 13 | # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable 14 | exemptLabels: 15 | - pinned 16 | - security 17 | - planned 18 | 19 | # Set to true to ignore issues in a project (defaults to false) 20 | exemptProjects: false 21 | 22 | # Set to true to ignore issues in a milestone (defaults to false) 23 | exemptMilestones: false 24 | 25 | # Set to true to ignore issues with an assignee (defaults to false) 26 | exemptAssignees: false 27 | 28 | # Label to use when marking as stale 29 | staleLabel: stale 30 | 31 | # Limit the number of actions per hour, from 1-30. Default is 30 32 | limitPerRun: 30 33 | 34 | pulls: 35 | markComment: |- 36 | This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! 37 | 38 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. 39 | 40 | unmarkComment: >- 41 | This pull request is no longer marked for closure. 42 | 43 | closeComment: >- 44 | This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. 45 | 46 | issues: 47 | markComment: |- 48 | This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! 49 | 50 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. 51 | 52 | unmarkComment: >- 53 | This issue is no longer marked for closure. 54 | 55 | closeComment: >- 56 | This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. 57 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | */__pycache__ 3 | *.pyc 4 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | services: docker 4 | 5 | env: 6 | global: 7 | - ROLE_NAME: php 8 | matrix: 9 | - MOLECULE_DISTRO: centos8 10 | - MOLECULE_DISTRO: centos7 11 | - MOLECULE_DISTRO: ubuntu1804 12 | - MOLECULE_DISTRO: ubuntu1604 13 | - MOLECULE_DISTRO: debian9 14 | 15 | - MOLECULE_DISTRO: centos7 16 | MOLECULE_PLAYBOOK: playbook-source.yml 17 | 18 | install: 19 | # Install test dependencies. 20 | - pip install molecule yamllint ansible-lint docker 21 | 22 | before_script: 23 | # Use actual Ansible Galaxy role name for the project directory. 24 | - cd ../ 25 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME 26 | - cd geerlingguy.$ROLE_NAME 27 | 28 | script: 29 | # Run tests. 30 | - molecule test 31 | 32 | notifications: 33 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 34 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 120 6 | level: warning 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only 3 | # for RHEL/CentOS. 4 | php_enablerepo: "" 5 | 6 | # Extra packages to install (in addition to distro-specific default lists). 7 | php_packages_extra: [] 8 | 9 | # Default PHP version to install on Debian-based OSes. 10 | php_default_version_debian: "7.0" 11 | 12 | # PHP package state; use 'present' to make sure it's installed, or 'latest' if 13 | # you want to upgrade or switch versions using a new repo. 14 | php_packages_state: present 15 | 16 | # Whether to install recommended packages. Used only for Debian/Ubuntu. 17 | php_install_recommends: true 18 | 19 | # Set this to false if you're not using PHP with Apache/Nginx/etc. 20 | php_enable_webserver: true 21 | 22 | # PHP-FPM configuration. 23 | php_enable_php_fpm: false 24 | php_fpm_state: started 25 | php_fpm_handler_state: restarted 26 | php_fpm_enabled_on_boot: true 27 | php_fpm_listen: "127.0.0.1:9000" 28 | php_fpm_listen_allowed_clients: "127.0.0.1" 29 | php_fpm_pm_max_children: 50 30 | php_fpm_pm_start_servers: 5 31 | php_fpm_pm_min_spare_servers: 5 32 | php_fpm_pm_max_spare_servers: 5 33 | 34 | # The executable to run when calling PHP from the command line. 35 | php_executable: "php" 36 | 37 | # OpCache settings. 38 | php_opcache_zend_extension: "opcache.so" 39 | php_opcache_enable: "1" 40 | php_opcache_enable_cli: "0" 41 | php_opcache_memory_consumption: "96" 42 | php_opcache_interned_strings_buffer: "16" 43 | php_opcache_max_accelerated_files: "4096" 44 | php_opcache_max_wasted_percentage: "5" 45 | php_opcache_validate_timestamps: "1" 46 | php_opcache_revalidate_path: "0" 47 | php_opcache_revalidate_freq: "2" 48 | php_opcache_max_file_size: "0" 49 | php_opcache_blacklist_filename: "" 50 | 51 | # APCu settings. 52 | php_enable_apc: true 53 | php_apc_shm_size: "96M" 54 | php_apc_enable_cli: "0" 55 | 56 | # If this is set to false, none of the following options will have any effect. 57 | # Any and all changes to /etc/php.ini will be your responsibility. 58 | php_use_managed_ini: true 59 | 60 | php_expose_php: "On" 61 | php_memory_limit: "256M" 62 | php_max_execution_time: "60" 63 | php_max_input_time: "60" 64 | php_max_input_vars: "1000" 65 | php_realpath_cache_size: "32K" 66 | 67 | php_file_uploads: "On" 68 | php_upload_max_filesize: "64M" 69 | php_max_file_uploads: "20" 70 | 71 | php_post_max_size: "32M" 72 | php_date_timezone: "America/Chicago" 73 | php_allow_url_fopen: "On" 74 | 75 | php_sendmail_path: "/usr/sbin/sendmail -t -i" 76 | php_output_buffering: "4096" 77 | php_short_open_tag: "Off" 78 | php_disable_functions: [] 79 | php_precision: 14 80 | php_serialize_precision: "-1" 81 | 82 | php_session_cookie_lifetime: 0 83 | php_session_gc_probability: 1 84 | php_session_gc_divisor: 1000 85 | php_session_gc_maxlifetime: 1440 86 | php_session_save_handler: files 87 | php_session_save_path: '' 88 | 89 | php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" 90 | php_display_errors: "Off" 91 | php_display_startup_errors: "Off" 92 | 93 | # Install PHP from source (instead of using a package manager) with these vars. 94 | php_install_from_source: false 95 | php_source_repo: "https://git.php.net/repository/php-src.git" 96 | php_source_version: "master" 97 | php_source_clone_dir: "~/php-src" 98 | php_source_clone_depth: 1 99 | php_source_install_path: "/opt/php" 100 | php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" 101 | # For faster compile time: "make --jobs=X" where X is # of cores present. 102 | php_source_make_command: "make" 103 | php_source_configure_command: > 104 | ./configure 105 | --prefix={{ php_source_install_path }} 106 | --with-config-file-path={{ php_conf_paths | first }} 107 | --enable-mbstring 108 | --enable-zip 109 | --enable-bcmath 110 | --enable-pcntl 111 | --enable-ftp 112 | --enable-exif 113 | --enable-calendar 114 | --enable-opcache 115 | --enable-pdo 116 | --enable-sysvmsg 117 | --enable-sysvsem 118 | --enable-sysvshm 119 | --enable-wddx 120 | --with-curl 121 | --with-mcrypt 122 | --with-iconv 123 | --with-gmp 124 | --with-pspell 125 | --with-gd 126 | --with-jpeg-dir=/usr 127 | --with-png-dir=/usr 128 | --with-zlib-dir=/usr 129 | --with-xpm-dir=/usr 130 | --with-freetype-dir=/usr 131 | --enable-gd-native-ttf 132 | --enable-gd-jis-conv 133 | --with-openssl 134 | --with-pdo-mysql=/usr 135 | --with-gettext=/usr 136 | --with-zlib=/usr 137 | --with-bz2=/usr 138 | --with-recode=/usr 139 | --with-mysqli=/usr/bin/mysql_config 140 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart webserver 3 | service: 4 | name: "{{ php_webserver_daemon }}" 5 | state: restarted 6 | notify: restart php-fpm 7 | when: php_enable_webserver 8 | 9 | - name: restart php-fpm 10 | service: 11 | name: "{{ php_fpm_daemon }}" 12 | state: "{{ php_fpm_handler_state }}" 13 | when: 14 | - php_enable_php_fpm 15 | - php_fpm_state == 'started' 16 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | install_date: Tue Jul 14 22:46:14 2020 2 | version: 4.3.1 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | role_name: php 6 | author: geerlingguy 7 | description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. 8 | company: "Midwestern Mac, LLC" 9 | license: "license (BSD, MIT)" 10 | min_ansible_version: 2.8 11 | platforms: 12 | - name: EL 13 | versions: 14 | - 6 15 | - 7 16 | - 8 17 | - name: Fedora 18 | versions: 19 | - all 20 | - name: Debian 21 | versions: 22 | - all 23 | - name: Ubuntu 24 | versions: 25 | - trusty 26 | - xenial 27 | - bionic 28 | galaxy_tags: 29 | - development 30 | - web 31 | - php 32 | - language 33 | - fpm 34 | - drupal 35 | - wordpress 36 | - joomla 37 | - magento 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | php_enable_webserver: false 8 | php_enable_php_fpm: true 9 | php_memory_limit: "192M" 10 | php_enablerepo: "remi,remi-php70" 11 | php_install_recommends: false 12 | 13 | handlers: 14 | - name: update apt cache 15 | apt: update_cache=true 16 | when: ansible_os_family == 'Debian' 17 | 18 | pre_tasks: 19 | - name: Update apt cache. 20 | apt: update_cache=true cache_valid_time=600 21 | when: ansible_os_family == 'Debian' 22 | changed_when: false 23 | 24 | # Ubuntu-specific tasks. 25 | - name: Ensure dirmngr is installed (gnupg dependency). 26 | apt: 27 | name: dirmngr 28 | state: present 29 | when: ansible_distribution == 'Ubuntu' 30 | 31 | - name: Add repository for PHP 7. 32 | apt_repository: repo='ppa:ondrej/php' 33 | when: ansible_distribution == 'Ubuntu' 34 | 35 | # Debian-specific tasks. 36 | - name: Add dependencies for PHP versions (Debian). 37 | apt: 38 | name: 39 | - apt-transport-https 40 | - ca-certificates 41 | state: present 42 | when: ansible_distribution == "Debian" 43 | 44 | - name: Add Ondrej Sury's apt key (Debian). 45 | apt_key: 46 | url: https://packages.sury.org/php/apt.gpg 47 | state: present 48 | when: ansible_distribution == "Debian" 49 | 50 | - name: Add Ondrej Sury's repo (Debian). 51 | apt_repository: 52 | repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" 53 | state: present 54 | when: ansible_distribution == "Debian" 55 | notify: update apt cache 56 | 57 | - meta: flush_handlers 58 | 59 | roles: 60 | - role: geerlingguy.repo-remi 61 | when: 62 | - ansible_os_family == 'RedHat' 63 | - ansible_distribution != 'Fedora' 64 | - role: geerlingguy.php 65 | 66 | post_tasks: 67 | - name: Confirm PHP configuration is correct. 68 | shell: php -i | grep 'memory_limit.*192' 69 | changed_when: false 70 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" 13 | command: ${MOLECULE_DOCKER_COMMAND:-""} 14 | volumes: 15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | playbooks: 21 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 22 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/molecule/default/playbook-source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | php_enable_webserver: false 8 | php_install_from_source: true 9 | php_source_clone_dir: /root/php-src 10 | php_source_make_command: "make --jobs=2" 11 | php_version: "7.1.17" 12 | php_source_version: "php-{{ php_version }}" 13 | php_memory_limit: "192M" 14 | 15 | pre_tasks: 16 | - name: Update apt cache. 17 | apt: update_cache=true cache_valid_time=600 18 | when: ansible_os_family == 'Debian' 19 | changed_when: false 20 | 21 | roles: 22 | - role: geerlingguy.git 23 | - role: geerlingguy.php 24 | 25 | post_tasks: 26 | - name: Confirm PHP configuration is correct. 27 | shell: php -i | grep 'memory_limit.*192' 28 | changed_when: false 29 | 30 | - name: Check the installed PHP version. 31 | shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"' 32 | changed_when: false 33 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/molecule/default/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: geerlingguy.repo-remi 3 | - src: geerlingguy.git 4 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/configure-apcu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check for existing APCu config files. 3 | find: 4 | paths: "{{ item }}" 5 | contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' 6 | register: php_installed_apc_confs 7 | with_items: "{{ php_extension_conf_paths }}" 8 | 9 | - name: Remove any non-role-supplied APCu config files. 10 | file: 11 | path: "{{ item.1.path }}" 12 | state: absent 13 | when: php_apc_conf_filename != (item.1.path.split('/') | last) 14 | with_subelements: 15 | - "{{ php_installed_apc_confs.results }}" 16 | - files 17 | notify: restart webserver 18 | 19 | - name: Ensure APCu config file is present. 20 | template: 21 | src: apc.ini.j2 22 | dest: "{{ item }}/{{ php_apc_conf_filename }}" 23 | owner: root 24 | group: root 25 | force: true 26 | mode: 0644 27 | with_items: "{{ php_extension_conf_paths }}" 28 | when: php_enable_apc 29 | notify: restart webserver 30 | 31 | - name: Remove APCu config file if APC is disabled. 32 | file: 33 | path: "{{ item }}/{{ php_apc_conf_filename }}" 34 | state: absent 35 | with_items: "{{ php_extension_conf_paths }}" 36 | when: not php_enable_apc 37 | notify: restart webserver 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Define php_fpm_daemon. 3 | set_fact: 4 | php_fpm_daemon: "{{ __php_fpm_daemon }}" 5 | when: php_fpm_daemon is not defined 6 | 7 | - name: Define php_fpm_pool_conf_path. 8 | set_fact: 9 | php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" 10 | when: php_fpm_pool_conf_path is not defined 11 | 12 | - name: Define php_fpm_pool_user. 13 | set_fact: 14 | php_fpm_pool_user: "{{ __php_fpm_pool_user }}" 15 | when: php_fpm_pool_user is not defined 16 | 17 | - name: Define php_fpm_pool_group. 18 | set_fact: 19 | php_fpm_pool_group: "{{ __php_fpm_pool_group }}" 20 | when: php_fpm_pool_group is not defined 21 | 22 | - name: Stat php_fpm_pool_conf_path 23 | stat: 24 | path: "{{ php_fpm_pool_conf_path | dirname }}" 25 | register: php_fpm_pool_conf_path_dir_stat 26 | 27 | - name: Ensure the default pool directory exists. 28 | file: 29 | path: "{{ php_fpm_pool_conf_path | dirname }}" 30 | state: directory 31 | owner: root 32 | group: root 33 | mode: 0755 34 | when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined 35 | 36 | - name: Ensure the default pool exists. 37 | template: 38 | src: www.conf.j2 39 | dest: "{{ php_fpm_pool_conf_path }}" 40 | owner: root 41 | group: root 42 | mode: 0644 43 | force: false 44 | when: php_enable_php_fpm 45 | 46 | - name: Configure php-fpm pool (if enabled). 47 | lineinfile: 48 | dest: "{{ php_fpm_pool_conf_path }}" 49 | regexp: "{{ item.regexp }}" 50 | line: "{{ item.line }}" 51 | state: present 52 | with_items: 53 | - regexp: "^user.?=.+$" 54 | line: "user = {{ php_fpm_pool_user }}" 55 | - regexp: "^group.?=.+$" 56 | line: "group = {{ php_fpm_pool_group }}" 57 | - regexp: "^listen.?=.+$" 58 | line: "listen = {{ php_fpm_listen }}" 59 | - regexp: '^listen\.allowed_clients.?=.+$' 60 | line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" 61 | - regexp: '^pm\.max_children.?=.+$' 62 | line: "pm.max_children = {{ php_fpm_pm_max_children }}" 63 | - regexp: '^pm\.start_servers.?=.+$' 64 | line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" 65 | - regexp: '^pm\.min_spare_servers.?=.+$' 66 | line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" 67 | - regexp: '^pm\.max_spare_servers.?=.+$' 68 | line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" 69 | when: php_enable_php_fpm 70 | notify: restart php-fpm 71 | 72 | - name: Ensure php-fpm is started and enabled at boot (if configured). 73 | service: 74 | name: "{{ php_fpm_daemon }}" 75 | state: "{{ php_fpm_state }}" 76 | enabled: "{{ php_fpm_enabled_on_boot }}" 77 | when: php_enable_php_fpm and ansible_distribution != "Debian" 78 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check for existing OpCache config files. 3 | find: 4 | paths: "{{ item }}" 5 | contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' 6 | register: php_installed_opcache_confs 7 | with_items: "{{ php_extension_conf_paths }}" 8 | 9 | - name: Remove any non-role-supplied OpCache config files. 10 | file: 11 | path: "{{ item.1.path }}" 12 | state: absent 13 | when: php_opcache_conf_filename != (item.1.path.split('/') | last) 14 | with_subelements: 15 | - "{{ php_installed_opcache_confs.results }}" 16 | - files 17 | notify: restart webserver 18 | 19 | - name: Ensure OpCache config file is present. 20 | template: 21 | src: opcache.ini.j2 22 | dest: "{{ item }}/{{ php_opcache_conf_filename }}" 23 | owner: root 24 | group: root 25 | force: true 26 | mode: 0644 27 | with_items: "{{ php_extension_conf_paths }}" 28 | when: php_opcache_enable | bool 29 | notify: restart webserver 30 | 31 | - name: Remove OpCache config file if OpCache is disabled. 32 | file: 33 | path: "{{ item }}/{{ php_opcache_conf_filename }}" 34 | state: absent 35 | with_items: "{{ php_extension_conf_paths }}" 36 | when: not php_opcache_enable | bool 37 | notify: restart webserver 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure configuration directories exist. 3 | file: 4 | path: "{{ item }}" 5 | state: directory 6 | follow: true 7 | with_flattened: 8 | - "{{ php_conf_paths }}" 9 | - "{{ php_extension_conf_paths }}" 10 | 11 | - name: Place PHP configuration file in place. 12 | template: 13 | src: php.ini.j2 14 | dest: "{{ item }}/php.ini" 15 | owner: root 16 | group: root 17 | mode: 0644 18 | with_items: "{{ php_conf_paths }}" 19 | notify: restart webserver 20 | when: php_use_managed_ini 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/install-from-source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure dependencies for building from source are installed (RedHat). 3 | package: 4 | name: 5 | - autoconf 6 | - automake 7 | - libtool 8 | - bison 9 | - make 10 | - curl-devel 11 | - recode-devel 12 | - aspell-devel 13 | - libxml2-devel 14 | - pkgconfig 15 | - libmcrypt-devel 16 | - t1lib-devel 17 | - libXpm-devel 18 | - libpng-devel 19 | - libjpeg-turbo-devel 20 | - bzip2-devel 21 | - openssl-devel 22 | - freetype-devel 23 | - libicu-devel 24 | - mariadb-devel 25 | - gmp-devel 26 | state: present 27 | when: ansible_os_family == 'RedHat' 28 | 29 | - name: Update apt cache (Debian). 30 | apt: update_cache=yes cache_valid_time=86400 31 | when: ansible_os_family == 'Debian' 32 | 33 | - name: Ensure dependencies for building from source are installed (Debian). 34 | apt: 35 | name: 36 | - build-essential 37 | - autoconf 38 | - automake 39 | - libtool 40 | - bison 41 | - pkg-config 42 | - re2c 43 | - libxml2-dev 44 | - libcurl4-openssl-dev 45 | - libbz2-dev 46 | - libjpeg-dev 47 | - libpng-dev 48 | - libxpm-dev 49 | - libfreetype6-dev 50 | - libgmp3-dev 51 | - libmcrypt-dev 52 | - libmysqlclient-dev 53 | - libpspell-dev 54 | - librecode-dev 55 | - libssl-dev 56 | state: present 57 | when: ansible_os_family == 'Debian' 58 | 59 | - name: Define php_fpm_daemon (if not defined already). 60 | set_fact: 61 | php_fpm_daemon: "php-fpm" 62 | when: php_fpm_daemon is not defined 63 | 64 | - name: Check if gmp.h is already in a location accessible to gcc. 65 | stat: path=/usr/include/gmp.h 66 | register: gmp_file 67 | 68 | - name: Ensure gmp.h is symlinked into a location accessible to gcc. 69 | file: 70 | src: "{{ php_source_install_gmp_path }}" 71 | dest: /usr/include/gmp.h 72 | state: link 73 | when: not gmp_file.stat.exists 74 | 75 | - name: Check if PHP is installed. 76 | command: which php 77 | changed_when: false 78 | failed_when: false 79 | register: php_installed 80 | 81 | - name: Clone the PHP repository. 82 | git: 83 | repo: "{{ php_source_repo }}" 84 | dest: "{{ php_source_clone_dir }}" 85 | version: "{{ php_source_version }}" 86 | accept_hostkey: true 87 | depth: "{{ php_source_clone_depth }}" 88 | when: php_installed.rc != 0 89 | 90 | - name: Ensure PHP installation path exists. 91 | file: 92 | path: "{{ php_source_install_path }}" 93 | state: directory 94 | mode: 0755 95 | when: php_installed.rc != 0 96 | 97 | - name: Build configure script. 98 | command: > 99 | ./buildconf --force 100 | chdir={{ php_source_clone_dir }} 101 | when: php_installed.rc != 0 102 | 103 | - name: Run configure script. 104 | command: > 105 | {{ php_source_configure_command }} 106 | chdir={{ php_source_clone_dir }} 107 | when: php_installed.rc != 0 108 | 109 | - name: Make and install PHP. 110 | command: > 111 | {{ item }} 112 | chdir={{ php_source_clone_dir }} 113 | with_items: 114 | - "{{ php_source_make_command }}" 115 | - make install 116 | when: php_installed.rc != 0 117 | 118 | - name: Ensure php executable is symlinked into a standard path. 119 | file: 120 | src: "{{ php_source_install_path }}/bin/php" 121 | dest: /usr/bin/php 122 | state: link 123 | 124 | # PHP FPM configuration. 125 | - name: Ensure php-fpm executable is symlinked into a standard path. 126 | file: 127 | src: "{{ php_source_install_path }}/sbin/php-fpm" 128 | dest: "/usr/sbin/{{ php_fpm_daemon }}" 129 | state: link 130 | when: "'--enable-fpm' in php_source_configure_command" 131 | 132 | - name: Ensure php-fpm init script is installed. 133 | template: 134 | src: fpm-init.j2 135 | dest: "/etc/init.d/{{ php_fpm_daemon }}" 136 | mode: 0755 137 | when: "'--enable-fpm' in php_source_configure_command" 138 | notify: restart php-fpm 139 | 140 | - name: Ensure php-fpm config directory exists. 141 | file: 142 | path: "{{ php_fpm_conf_path }}" 143 | state: directory 144 | when: "'--enable-fpm' in php_source_configure_command" 145 | 146 | - name: Ensure php-fpm config file is installed. 147 | template: 148 | src: php-fpm.conf.j2 149 | dest: "{{ php_fpm_conf_path }}/php-fpm.conf" 150 | mode: 0644 151 | when: "'--enable-fpm' in php_source_configure_command" 152 | notify: restart php-fpm 153 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variable setup. 3 | - name: Include OS-specific variables. 4 | include_vars: "{{ ansible_os_family }}.yml" 5 | 6 | - name: Define php_packages. 7 | set_fact: 8 | php_packages: "{{ __php_packages | list }}" 9 | when: php_packages is not defined 10 | 11 | - name: Define php_webserver_daemon. 12 | set_fact: 13 | php_webserver_daemon: "{{ __php_webserver_daemon }}" 14 | when: php_webserver_daemon is not defined 15 | 16 | - name: Define php_conf_paths. 17 | set_fact: 18 | php_conf_paths: "{{ __php_conf_paths }}" 19 | when: php_conf_paths is not defined 20 | 21 | - name: Define php_extension_conf_paths. 22 | set_fact: 23 | php_extension_conf_paths: "{{ __php_extension_conf_paths }}" 24 | when: php_extension_conf_paths is not defined 25 | 26 | - name: Define php_apc_conf_filename. 27 | set_fact: 28 | php_apc_conf_filename: "{{ __php_apc_conf_filename }}" 29 | when: php_apc_conf_filename is not defined 30 | 31 | - name: Define php_opcache_conf_filename (Ubuntu 16.04). 32 | set_fact: 33 | php_opcache_conf_filename: "10-opcache.ini" 34 | when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" 35 | 36 | - name: Define php_opcache_conf_filename. 37 | set_fact: 38 | php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" 39 | when: php_opcache_conf_filename is not defined 40 | 41 | - name: Define php_fpm_conf_path. 42 | set_fact: 43 | php_fpm_conf_path: "{{ __php_fpm_conf_path }}" 44 | when: php_fpm_conf_path is not defined 45 | 46 | # Setup/install tasks. 47 | - include_tasks: setup-RedHat.yml 48 | when: 49 | - not php_install_from_source 50 | - ansible_os_family == 'RedHat' 51 | 52 | - include_tasks: setup-Debian.yml 53 | when: 54 | - not php_install_from_source 55 | - ansible_os_family == 'Debian' 56 | 57 | # Install PHP from source when php_install_from_source is true. 58 | - include_tasks: install-from-source.yml 59 | when: php_install_from_source 60 | 61 | # Configure PHP. 62 | - include_tasks: configure.yml 63 | - include_tasks: configure-apcu.yml 64 | - include_tasks: configure-opcache.yml 65 | - include_tasks: configure-fpm.yml 66 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt cache. 3 | apt: update_cache=yes cache_valid_time=86400 4 | 5 | - name: Ensure PHP packages are installed. 6 | apt: 7 | name: "{{ php_packages + php_packages_extra }}" 8 | state: "{{ php_packages_state }}" 9 | install_recommends: "{{ php_install_recommends }}" 10 | register: php_package_install 11 | notify: restart webserver 12 | 13 | - name: Delete APCu configuration file if this role will provide one. 14 | file: 15 | path: "{{ item }}/{{ php_apc_conf_filename }}" 16 | state: absent 17 | with_items: "{{ php_extension_conf_paths }}" 18 | when: php_enable_apc and php_package_install.changed 19 | notify: restart webserver 20 | 21 | - name: Delete OpCache configuration file if this role will provide one. 22 | file: 23 | path: "{{ item }}/{{ php_opcache_conf_filename }}" 24 | state: absent 25 | with_items: "{{ php_extension_conf_paths }}" 26 | when: php_opcache_enable | bool and php_package_install.changed 27 | notify: restart webserver 28 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure PHP packages are installed. 3 | package: 4 | name: "{{ php_packages + php_packages_extra }}" 5 | state: "{{ php_packages_state }}" 6 | enablerepo: "{{ php_enablerepo | default(omit, true) }}" 7 | notify: restart webserver 8 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/apc.ini.j2: -------------------------------------------------------------------------------- 1 | extension=apcu.so 2 | apc.shm_size={{ php_apc_shm_size }} 3 | apc.enable_cli={{ php_apc_enable_cli }} 4 | apc.rfc1867=1 5 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/fpm-init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: php-fpm {{ php_fpm_daemon }} 4 | # Required-Start: $remote_fs $network 5 | # Required-Stop: $remote_fs $network 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # Short-Description: starts {{ php_fpm_daemon }} 9 | # Description: Starts The PHP FastCGI Process Manager Daemon 10 | ### END INIT INFO 11 | 12 | # Author: Ondrej Sury 13 | 14 | PATH=/sbin:/usr/sbin:/bin:/usr/bin 15 | DESC="PHP FastCGI Process Manager" 16 | NAME={{ php_fpm_daemon }} 17 | DAEMON=/usr/sbin/$NAME 18 | DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" 19 | PIDFILE=/var/run/{{ php_fpm_daemon }}.pid 20 | TIMEOUT=2 21 | SCRIPTNAME=/etc/init.d/$NAME 22 | 23 | # Exit if the package is not installed 24 | [ -x "$DAEMON" ] || exit 0 25 | 26 | # Read configuration variable file if it is present 27 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME 28 | 29 | # Load the VERBOSE setting and other rcS variables 30 | . /lib/init/vars.sh 31 | 32 | # Define LSB log_* functions. 33 | # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. 34 | . /lib/lsb/init-functions 35 | 36 | # Don't run if we are running upstart 37 | if init_is_upstart; then 38 | exit 1 39 | fi 40 | 41 | # 42 | # Function to check the correctness of the config file 43 | # 44 | do_check() 45 | { 46 | /usr/lib/php5/php5-fpm-checkconf || return 1 47 | return 0 48 | } 49 | 50 | # 51 | # Function that starts the daemon/service 52 | # 53 | do_start() 54 | { 55 | # Return 56 | # 0 if daemon has been started 57 | # 1 if daemon was already running 58 | # 2 if daemon could not be started 59 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ 60 | || return 1 61 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ 62 | $DAEMON_ARGS 2>/dev/null \ 63 | || return 2 64 | # Add code here, if necessary, that waits for the process to be ready 65 | # to handle requests from services started subsequently which depend 66 | # on this one. As a last resort, sleep for some time. 67 | } 68 | 69 | # 70 | # Function that stops the daemon/service 71 | # 72 | do_stop() 73 | { 74 | # Return 75 | # 0 if daemon has been stopped 76 | # 1 if daemon was already stopped 77 | # 2 if daemon could not be stopped 78 | # other if a failure occurred 79 | start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME 80 | RETVAL="$?" 81 | [ "$RETVAL" = 2 ] && return 2 82 | # Wait for children to finish too if this is a daemon that forks 83 | # and if the daemon is only ever run from this initscript. 84 | # If the above conditions are not satisfied then add some other code 85 | # that waits for the process to drop all resources that could be 86 | # needed by services started subsequently. A last resort is to 87 | # sleep for some time. 88 | start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON 89 | [ "$?" = 2 ] && return 2 90 | # Many daemons don't delete their pidfiles when they exit. 91 | rm -f $PIDFILE 92 | return "$RETVAL" 93 | } 94 | 95 | # 96 | # Function that sends a SIGHUP to the daemon/service 97 | # 98 | do_reload() { 99 | # 100 | # If the daemon can reload its configuration without 101 | # restarting (for example, when it is sent a SIGHUP), 102 | # then implement that here. 103 | # 104 | start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME 105 | return 0 106 | } 107 | 108 | case "$1" in 109 | start) 110 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" 111 | do_start 112 | case "$?" in 113 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 114 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 115 | esac 116 | ;; 117 | stop) 118 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" 119 | do_stop 120 | case "$?" in 121 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 122 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 123 | esac 124 | ;; 125 | status) 126 | status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? 127 | ;; 128 | check) 129 | do_check yes 130 | ;; 131 | reload|force-reload) 132 | log_daemon_msg "Reloading $DESC" "$NAME" 133 | do_reload 134 | log_end_msg $? 135 | ;; 136 | reopen-logs) 137 | log_daemon_msg "Reopening $DESC logs" $NAME 138 | if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ 139 | --pidfile $PIDFILE --exec $DAEMON 140 | then 141 | log_end_msg 0 142 | else 143 | log_end_msg 1 144 | fi 145 | ;; 146 | restart) 147 | log_daemon_msg "Restarting $DESC" "$NAME" 148 | do_stop 149 | case "$?" in 150 | 0|1) 151 | do_start 152 | case "$?" in 153 | 0) log_end_msg 0 ;; 154 | 1) log_end_msg 1 ;; # Old process is still running 155 | *) log_end_msg 1 ;; # Failed to start 156 | esac 157 | ;; 158 | *) 159 | # Failed to stop 160 | log_end_msg 1 161 | ;; 162 | esac 163 | ;; 164 | *) 165 | echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 166 | exit 1 167 | ;; 168 | esac 169 | 170 | : 171 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/opcache.ini.j2: -------------------------------------------------------------------------------- 1 | zend_extension={{ php_opcache_zend_extension }} 2 | opcache.enable={{ php_opcache_enable }} 3 | opcache.enable_cli={{ php_opcache_enable_cli }} 4 | opcache.memory_consumption={{ php_opcache_memory_consumption }} 5 | opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} 6 | opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} 7 | opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} 8 | opcache.validate_timestamps={{ php_opcache_validate_timestamps }} 9 | opcache.revalidate_path={{ php_opcache_revalidate_path }} 10 | opcache.revalidate_freq={{ php_opcache_revalidate_freq }} 11 | opcache.max_file_size={{ php_opcache_max_file_size }} 12 | {% if php_opcache_blacklist_filename != '' %} 13 | opcache.blacklist_filename={{ php_opcache_blacklist_filename }} 14 | {% endif %} 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/php-fpm.conf.j2: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | include={{ php_fpm_conf_path }}/pool.d/*.conf 6 | 7 | ;;;;;;;;;;;;;;;;;; 8 | ; Global Options ; 9 | ;;;;;;;;;;;;;;;;;; 10 | 11 | [global] 12 | error_log = /var/log/php-fpm.log 13 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/php.ini.j2: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;;; 4 | ; Language Options ; 5 | ;;;;;;;;;;;;;;;;;;;; 6 | 7 | engine = On 8 | short_open_tag = {{ php_short_open_tag }} 9 | precision = {{ php_precision }} 10 | output_buffering = {{ php_output_buffering }} 11 | 12 | zlib.output_compression = Off 13 | 14 | implicit_flush = Off 15 | unserialize_callback_func = 16 | serialize_precision = {{ php_serialize_precision }} 17 | disable_functions = {{ php_disable_functions|join(",") }} 18 | disable_classes = 19 | 20 | zend.enable_gc = On 21 | 22 | ;;;;;;;;;;;;;;;;; 23 | ; Miscellaneous ; 24 | ;;;;;;;;;;;;;;;;; 25 | 26 | expose_php = {{ php_expose_php }} 27 | 28 | ;;;;;;;;;;;;;;;;;;; 29 | ; Resource Limits ; 30 | ;;;;;;;;;;;;;;;;;;; 31 | 32 | max_execution_time = {{ php_max_execution_time }} 33 | max_input_time = {{ php_max_input_time }} 34 | max_input_vars = {{ php_max_input_vars }} 35 | memory_limit = {{ php_memory_limit }} 36 | 37 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 38 | ; Error handling and logging ; 39 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 40 | 41 | error_reporting = {{ php_error_reporting }} 42 | display_errors = {{ php_display_errors }} 43 | display_startup_errors = {{ php_display_startup_errors }} 44 | log_errors = On 45 | log_errors_max_len = 1024 46 | ignore_repeated_errors = Off 47 | ignore_repeated_source = Off 48 | report_memleaks = On 49 | track_errors = Off 50 | html_errors = On 51 | 52 | ;;;;;;;;;;;;;;;;; 53 | ; Data Handling ; 54 | ;;;;;;;;;;;;;;;;; 55 | 56 | variables_order = "GPCS" 57 | request_order = "GP" 58 | register_argc_argv = Off 59 | auto_globals_jit = On 60 | 61 | post_max_size = {{ php_post_max_size }} 62 | auto_prepend_file = 63 | auto_append_file = 64 | 65 | default_mimetype = "text/html" 66 | 67 | ;;;;;;;;;;;;;;;;;;;;;;;;; 68 | ; Paths and Directories ; 69 | ;;;;;;;;;;;;;;;;;;;;;;;;; 70 | 71 | doc_root = 72 | user_dir = 73 | 74 | enable_dl = Off 75 | 76 | realpath_cache_size = {{ php_realpath_cache_size }} 77 | 78 | ;;;;;;;;;;;;;;;; 79 | ; File Uploads ; 80 | ;;;;;;;;;;;;;;;; 81 | 82 | file_uploads = {{ php_file_uploads }} 83 | upload_max_filesize = {{ php_upload_max_filesize }} 84 | max_file_uploads = {{ php_max_file_uploads }} 85 | 86 | ;;;;;;;;;;;;;;;;;; 87 | ; Fopen wrappers ; 88 | ;;;;;;;;;;;;;;;;;; 89 | 90 | allow_url_fopen = {{ php_allow_url_fopen }} 91 | allow_url_include = Off 92 | 93 | default_socket_timeout = 60 94 | 95 | ;;;;;;;;;;;;;;;;;;; 96 | ; Module Settings ; 97 | ;;;;;;;;;;;;;;;;;;; 98 | 99 | [CLI Server] 100 | cli_server.color = On 101 | 102 | [Date] 103 | date.timezone = {{ php_date_timezone }} 104 | 105 | [Pdo_mysql] 106 | pdo_mysql.cache_size = 2000 107 | pdo_mysql.default_socket= 108 | 109 | [mail function] 110 | ; For Win32 only. 111 | SMTP = localhost 112 | smtp_port = 25 113 | 114 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 115 | sendmail_path = {{ php_sendmail_path }} 116 | 117 | mail.add_x_header = On 118 | 119 | [SQL] 120 | sql.safe_mode = Off 121 | 122 | [ODBC] 123 | odbc.allow_persistent = On 124 | odbc.check_persistent = On 125 | odbc.max_persistent = -1 126 | odbc.max_links = -1 127 | odbc.defaultlrl = 4096 128 | odbc.defaultbinmode = 1 129 | 130 | [MySQL] 131 | mysql.allow_local_infile = On 132 | mysql.allow_persistent = On 133 | mysql.cache_size = 2000 134 | mysql.max_persistent = -1 135 | mysql.max_links = -1 136 | mysql.default_port = 137 | mysql.default_socket = 138 | mysql.default_host = 139 | mysql.default_user = 140 | mysql.default_password = 141 | mysql.connect_timeout = 60 142 | mysql.trace_mode = Off 143 | 144 | [MySQLi] 145 | mysqli.max_persistent = -1 146 | mysqli.allow_persistent = On 147 | mysqli.max_links = -1 148 | mysqli.cache_size = 2000 149 | mysqli.default_port = 3306 150 | mysqli.default_socket = 151 | mysqli.default_host = 152 | mysqli.default_user = 153 | mysqli.default_pw = 154 | mysqli.reconnect = Off 155 | 156 | [mysqlnd] 157 | mysqlnd.collect_statistics = On 158 | mysqlnd.collect_memory_statistics = Off 159 | 160 | [PostgreSQL] 161 | pgsql.allow_persistent = On 162 | pgsql.auto_reset_persistent = Off 163 | pgsql.max_persistent = -1 164 | pgsql.max_links = -1 165 | pgsql.ignore_notice = 0 166 | pgsql.log_notice = 0 167 | 168 | [bcmath] 169 | bcmath.scale = 0 170 | 171 | [Session] 172 | session.save_handler = {{ php_session_save_handler }} 173 | session.save_path = {{ php_session_save_path }} 174 | session.use_cookies = 1 175 | session.use_only_cookies = 1 176 | session.name = PHPSESSID 177 | session.auto_start = 0 178 | 179 | session.cookie_lifetime = {{ php_session_cookie_lifetime }} 180 | session.cookie_path = / 181 | session.cookie_domain = 182 | session.cookie_httponly = 183 | 184 | session.serialize_handler = php 185 | 186 | session.gc_probability = {{ php_session_gc_probability }} 187 | session.gc_divisor = {{ php_session_gc_divisor }} 188 | session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} 189 | 190 | session.referer_check = 191 | 192 | session.cache_limiter = nocache 193 | session.cache_expire = 180 194 | 195 | session.use_trans_sid = 0 196 | 197 | session.hash_function = 0 198 | session.hash_bits_per_character = 5 199 | 200 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 201 | 202 | [MSSQL] 203 | mssql.allow_persistent = On 204 | mssql.max_persistent = -1 205 | mssql.max_links = -1 206 | mssql.min_error_severity = 10 207 | mssql.min_message_severity = 10 208 | mssql.compatability_mode = Off 209 | mssql.secure_connection = Off 210 | 211 | [Tidy] 212 | tidy.clean_output = Off 213 | 214 | [soap] 215 | soap.wsdl_cache_enabled=1 216 | soap.wsdl_cache_dir="/tmp" 217 | soap.wsdl_cache_ttl=86400 218 | soap.wsdl_cache_limit = 5 219 | 220 | [ldap] 221 | ldap.max_links = -1 222 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/templates/www.conf.j2: -------------------------------------------------------------------------------- 1 | [www] 2 | listen = 127.0.0.1:9000 3 | listen.allowed_clients = 127.0.0.1 4 | user = {{ php_fpm_pool_user }} 5 | group = {{ php_fpm_pool_group }} 6 | 7 | listen.owner = {{ php_fpm_pool_user }} 8 | listen.group = {{ php_fpm_pool_group }} 9 | 10 | pm = dynamic 11 | pm.max_children = 50 12 | pm.start_servers = 5 13 | pm.min_spare_servers = 5 14 | pm.max_spare_servers = 5 15 | pm.max_requests = 500 16 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __php_packages: 3 | - php{{ php_default_version_debian }}-common 4 | - php{{ php_default_version_debian }}-cli 5 | - php{{ php_default_version_debian }}-dev 6 | - php{{ php_default_version_debian }}-fpm 7 | - libpcre3-dev 8 | - php{{ php_default_version_debian }}-gd 9 | - php{{ php_default_version_debian }}-curl 10 | - php{{ php_default_version_debian }}-imap 11 | - php{{ php_default_version_debian }}-json 12 | - php{{ php_default_version_debian }}-opcache 13 | - php{{ php_default_version_debian }}-xml 14 | - php{{ php_default_version_debian }}-mbstring 15 | - php-sqlite3 16 | - php-apcu 17 | __php_webserver_daemon: "apache2" 18 | 19 | # Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. 20 | __php_conf_paths: 21 | - /etc/php/{{ php_default_version_debian }}/fpm 22 | - /etc/php/{{ php_default_version_debian }}/apache2 23 | - /etc/php/{{ php_default_version_debian }}/cli 24 | 25 | __php_extension_conf_paths: 26 | - /etc/php/{{ php_default_version_debian }}/fpm/conf.d 27 | - /etc/php/{{ php_default_version_debian }}/apache2/conf.d 28 | - /etc/php/{{ php_default_version_debian }}/cli/conf.d 29 | 30 | __php_apc_conf_filename: 20-apcu.ini 31 | __php_opcache_conf_filename: 10-opcache.ini 32 | __php_fpm_daemon: php{{ php_default_version_debian }}-fpm 33 | __php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm" 34 | __php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" 35 | 36 | __php_fpm_pool_user: www-data 37 | __php_fpm_pool_group: www-data 38 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.php/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __php_packages: 3 | - php 4 | - php-cli 5 | - php-common 6 | - php-devel 7 | - php-fpm 8 | - php-gd 9 | - php-ldap 10 | - php-mbstring 11 | - php-opcache 12 | - php-pdo 13 | - php-pear 14 | - php-pecl-apcu 15 | - php-xml 16 | - php-xmlrpc 17 | __php_webserver_daemon: "httpd" 18 | 19 | __php_conf_paths: 20 | - /etc 21 | 22 | __php_extension_conf_paths: 23 | - /etc/php.d 24 | 25 | __php_apc_conf_filename: 50-apc.ini 26 | __php_opcache_conf_filename: 10-opcache.ini 27 | __php_fpm_daemon: php-fpm 28 | __php_fpm_conf_path: "/etc/fpm" 29 | __php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" 30 | 31 | __php_fpm_pool_user: apache 32 | __php_fpm_pool_group: apache 33 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | */__pycache__ 3 | *.pyc 4 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | services: docker 4 | 5 | env: 6 | global: 7 | - ROLE_NAME: pip 8 | matrix: 9 | - MOLECULE_DISTRO: centos7 10 | - MOLECULE_DISTRO: fedora29 11 | - MOLECULE_DISTRO: ubuntu1804 12 | - MOLECULE_DISTRO: debian9 13 | 14 | install: 15 | # Install test dependencies. 16 | - pip install molecule docker 17 | 18 | before_script: 19 | # Use actual Ansible Galaxy role name for the project directory. 20 | - cd ../ 21 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME 22 | - cd geerlingguy.$ROLE_NAME 23 | 24 | script: 25 | # Run tests. 26 | - molecule test 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 30 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: Pip (for Python) 2 | 3 | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pip.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pip) 4 | 5 | An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux. 6 | 7 | ## Requirements 8 | 9 | On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `defaults/main.yml`): 14 | 15 | pip_package: python-pip 16 | 17 | The name of the packge to install to get `pip` on the system. You can set to `python3-pip`, for example, when using Python 3 on Ubuntu. 18 | 19 | pip_executable: pip 20 | 21 | The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`. 22 | 23 | pip_install_packages: [] 24 | 25 | A list of packages to install with pip. Examples below: 26 | 27 | pip_install_packages: 28 | # Specify names and versions. 29 | - name: docker 30 | version: "1.2.3" 31 | - name: awscli 32 | version: "1.11.91" 33 | 34 | # Or specify bare packages to get the latest release. 35 | - docker 36 | - awscli 37 | 38 | # Or uninstall a package. 39 | - name: docker 40 | state: absent 41 | 42 | # Or update a package ot the latest version. 43 | - name: docker 44 | state: latest 45 | 46 | # Or force a reinstall. 47 | - name: docker 48 | state: forcereinstall 49 | 50 | # Or install a package in a particular virtualenv. 51 | - name: docker 52 | virtualenv: /my_app/venv 53 | 54 | ## Dependencies 55 | 56 | None. 57 | 58 | ## Example Playbook 59 | 60 | - hosts: all 61 | 62 | vars: 63 | pip_install_packages: 64 | - name: docker 65 | - name: awscli 66 | 67 | roles: 68 | - geerlingguy.pip 69 | 70 | ## License 71 | 72 | MIT / BSD 73 | 74 | ## Author Information 75 | 76 | This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). 77 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # For Python 3, use python3-pip. 3 | pip_package: python-pip 4 | pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}" 5 | 6 | pip_install_packages: [] 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | install_date: Tue Jul 21 12:45:09 2020 2 | version: 1.3.0 3 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: Pip (Python package manager) for Linux. 7 | issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues 8 | company: "Midwestern Mac, LLC" 9 | license: "license (BSD, MIT)" 10 | min_ansible_version: 2.0 11 | platforms: 12 | - name: EL 13 | versions: 14 | - all 15 | - name: Fedora 16 | versions: 17 | - all 18 | - name: Debian 19 | versions: 20 | - all 21 | - name: Ubuntu 22 | versions: 23 | - all 24 | galaxy_tags: 25 | - system 26 | - server 27 | - packaging 28 | - python 29 | - pip 30 | - tools 31 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: 7 | name: yamllint 8 | options: 9 | config-file: molecule/default/yaml-lint.yml 10 | platforms: 11 | - name: instance 12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" 13 | command: ${MOLECULE_DOCKER_COMMAND:-""} 14 | volumes: 15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | lint: 21 | name: ansible-lint 22 | playbooks: 23 | converge: ${MOLECULE_PLAYBOOK:-playbook.yml} 24 | scenario: 25 | name: default 26 | verifier: 27 | name: testinfra 28 | lint: 29 | name: flake8 30 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/molecule/default/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | 6 | vars: 7 | pip_install_packages: 8 | # Test installing a specific version of a package. 9 | - name: ipaddress 10 | version: "1.0.18" 11 | # Test installing a package by name. 12 | - colorama 13 | 14 | pre_tasks: 15 | - name: Update apt cache. 16 | apt: update_cache=true cache_valid_time=600 17 | when: ansible_os_family == 'Debian' 18 | 19 | roles: 20 | - role: geerlingguy.pip 21 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_hosts_file(host): 10 | f = host.file('/etc/hosts') 11 | 12 | assert f.exists 13 | assert f.user == 'root' 14 | assert f.group == 'root' 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/molecule/default/yaml-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 120 6 | level: warning 7 | -------------------------------------------------------------------------------- /automation/ansible/roles/geerlingguy.pip/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure Pip is installed. 3 | package: 4 | name: "{{ pip_package }}" 5 | state: present 6 | 7 | - name: Ensure pip_install_packages are installed. 8 | pip: 9 | name: "{{ item.name | default(item) }}" 10 | version: "{{ item.version | default(omit) }}" 11 | virtualenv: "{{ item.virtualenv | default(omit) }}" 12 | state: "{{ item.state | default(omit) }}" 13 | executable: "{{ pip_executable }}" 14 | with_items: "{{ pip_install_packages }}" 15 | -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/tasks/create_webroots.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create webroots for sites 3 | file: 4 | path={{ item }} 5 | state=directory 6 | with_items: 7 | - /var/www/symfony-project-kickstart 8 | become: True -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/tasks/install_codedeploy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Download Code Deploy Agent 3 | get_url: 4 | url=https://aws-codedeploy-eu-west-1.s3.amazonaws.com/latest/install 5 | dest=/tmp 6 | 7 | - name: Make it executable 8 | command: "chmod +x /tmp/install" 9 | 10 | - name: Install agent 11 | command: "/tmp/install auto" 12 | become: True 13 | 14 | - name: Delete installation script 15 | file: 16 | state=absent 17 | path=/tmp/install 18 | 19 | - name: Make sure service is started 20 | service: 21 | name: "codedeploy-agent" 22 | state: started -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure needed packages are installed 3 | apt: 4 | name: ['composer', 'nodejs', 'npm', 'ruby', 'software-properties-common', 'ca-certificates', 'python3-pip'] 5 | 6 | - name: set timezone to Europe/Madrid 7 | timezone: 8 | name: Europe/Madrid 9 | 10 | # Add specified repository into sources list. 11 | - apt_repository: 12 | repo: ppa:ondrej/php 13 | 14 | - apt_repository: 15 | repo: ppa:ondrej/apache2 16 | 17 | - name: Run the equivalent of "apt-get update" as a separate step 18 | apt: 19 | update_cache: yes 20 | 21 | - name: Create a symbolink link to configure tzdata (and avoid problems installing php7.2) 22 | file: 23 | src: "/usr/share/zoneinfo/Europe/Berlin" 24 | dest: "/etc/localtime" 25 | state: link 26 | force: yes 27 | 28 | - name: Install "less" node.js package globally. 29 | npm: 30 | name: less 31 | global: yes 32 | 33 | - name: Ensure aws module dependencies are installed 34 | pip: 35 | name: ['boto3', 'botocore'] 36 | executable: "pip3" 37 | 38 | - name: Create self-signed certificates folder if not exists 39 | file: 40 | path=/etc/ssl/crt 41 | state=directory 42 | 43 | - name: Create certificate file for localdomain 44 | template: 45 | src: localdomains.crt.j2 46 | dest: /etc/ssl/crt/localdomains.crt 47 | mode: 0744 48 | 49 | - name: Create key file for localdomain 50 | template: 51 | src: localdomains.key.j2 52 | dest: /etc/ssl/crt/localdomains.key 53 | mode: 0744 54 | 55 | - name: Create startup command for docker image 56 | template: 57 | src: http_foreground.sh.j2 58 | dest: /usr/local/bin/http_foreground.sh 59 | mode: 0744 60 | when: target_environment == "dev" 61 | 62 | # Merge php packages list based on environment: 63 | - name: Merge php packages list when in dev. 64 | set_fact: 65 | php_packages: "{{ php_packages_common }} + {{ php_packages_dev }}" 66 | when: target_environment == "dev" 67 | 68 | - name: Merge php packages list when in prod. 69 | set_fact: 70 | php_packages: "{{ php_packages_common }} + {{ php_packages_prod }}" 71 | when: target_environment == "prod" 72 | 73 | # Merge vhosts definition list based on environment: 74 | - name: Merge vhosts definition list when in DEV. 75 | set_fact: 76 | apache_vhosts: "{{ apache_vhosts_common }} + {{ apache_vhosts_dev }}" 77 | when: target_environment == "dev" 78 | 79 | - name: Merge vhosts definition list when in PROD. 80 | set_fact: 81 | apache_vhosts: "{{ apache_vhosts_common }} + {{ apache_vhosts_prod }}" 82 | when: target_environment == "prod" 83 | 84 | - name: Merge vhosts SSL definition list when in DEV. 85 | set_fact: 86 | apache_vhosts_ssl: "{{ apache_vhosts_ssl_common }} + {{ apache_vhosts_ssl_dev }}" 87 | when: target_environment == "dev" 88 | 89 | - name: Merge vhosts SSL definition list when in PROD. 90 | set_fact: 91 | apache_vhosts_ssl: "{{ apache_vhosts_ssl_common }} + {{ apache_vhosts_ssl_prod }}" 92 | when: target_environment == "prod" 93 | 94 | # Set environment variables for server: 95 | - name: Configure env variables for dev servers 96 | set_fact: 97 | environment_config: 98 | SYMFONY_ENV: 'dev' 99 | when: target_environment == "dev" 100 | 101 | - name: Configure env variables for prod servers 102 | set_fact: 103 | environment_config: 104 | SYMFONY_ENV: 'prod' 105 | when: target_environment == "prod" 106 | 107 | # Create folders for webroots in production servers 108 | - include_tasks: create_webroots.yml 109 | when: target_environment == "prod" 110 | 111 | # Include Code Deploy Agent when building image for AWS (prod) 112 | - include_tasks: install_codedeploy.yml 113 | when: target_environment == "prod" 114 | -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/templates/http_foreground.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # Apache gets grumpy about PID files pre-existing 5 | rm -f $(. /etc/apache2/envvars && echo $APACHE_PID_FILE) 6 | 7 | exec /usr/sbin/apache2ctl -D FOREGROUND 8 | -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/templates/localdomains.crt.j2: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFizCCA3OgAwIBAgIURA88v4xS12D0wz8z4Y3yp8dZFBowDQYJKoZIhvcNAQEL 3 | BQAwVTELMAkGA1UEBhMCRVMxEzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAcM 4 | BGNpdHkxIjAgBgNVBAoMGVN5bWZvbnkgS2lja3N0YXJ0IFByb2plY3QwHhcNMjAw 5 | NzE0MjIxNTQwWhcNMzAwNzEyMjIxNTQwWjBVMQswCQYDVQQGEwJFUzETMBEGA1UE 6 | CAwKU29tZS1TdGF0ZTENMAsGA1UEBwwEY2l0eTEiMCAGA1UECgwZU3ltZm9ueSBL 7 | aWNrc3RhcnQgUHJvamVjdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB 8 | ALSNCyjgiaQYIavDY1nJtu6PjuyQ8ewH+ivUy/IvUsWhEjwBlT5AzhtDzIICTz4y 9 | u30EnwOqZnKPwmv7CqlWmpwY7fgDt7VXE3iGb2y5BPKdHA0cYZvlfqDDKiIa8wly 10 | HvAUj121Ko+33S9SQ+2obsd+NXsVcs0ecN/UxBdiGFZXZvNpYJDn4dftsIPprw/O 11 | ZR0gxiFExm9oJCaX5q8a8qey6ARvw8D06/DhcgZ8l7enswpEHPk9MQexEQxfGq/4 12 | l9Fj9MKVxzJTFWU6rPqvgyss/robZrbO2lJEZEDyraUaranZM3bivp6QIH7bmJpT 13 | 0hKuYjMno4SceTmF/zGJiqMQ4rYOAXZvjC0rmUA8rdUmIOkTd9lRY/KT+zDfNGzE 14 | tcEB1hz2zQ1tywB6182+9nmHd63ccNr5frElhVNJ/HyA+BZeXT4taxoPtJD/sqVk 15 | gQJDlUagj4l1chJlxQdfWoeh6O7GZ4Uebi6TUrW6j6Ft6DI8bB0PXjljv/9r7gzv 16 | KnBQ9WQ3nOCfDRNHd1LtWpnDz9QDq6PCNV02pzzIiwvYRnC4KHMkpQdXG0oXRICz 17 | Tjsqkx8gt/xDscgwAHAEX3kJIY14s3VtMt9t1OJl5zkyVuhVnuHI/g++/IpFb6wk 18 | n0uzqgDxbzoEPJ1/e7U4oq0kxKzaZvOqwhry5H5x33IfAgMBAAGjUzBRMB0GA1Ud 19 | DgQWBBTbLPyLtWkpCxiHw5f5Ymi86d58WjAfBgNVHSMEGDAWgBTbLPyLtWkpCxiH 20 | w5f5Ymi86d58WjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA4 21 | fyBrfQT8UOZDDV25Swk5Zse5eW3pc/YDRBGvI5NBr6wBhEbp12G4zSnBa9L45Ooe 22 | 6G0VHiE9DaHf4rzQ0A+m+FRzeMiwyDzTPEpUxpxwdYirwxn4Xn/jaaLGWKwroPkm 23 | S/WDimwDQs34TWi0EOceY79sqNZiJ80ZS3YnCRu9CnQa5wLaBKg7ftRjbhmRmSg/ 24 | hBSBwgFVBNplSQYY6WT+HQo+SvrX8Z+cZh5/HrMfwHktLEWLOJngw66EitpoB53G 25 | gzNVUWusJHuhcC9IDPcPEC4crQJBOlkv3vB5DplzJOZ0Uw9cNKRDbj+rGyowBasQ 26 | Ts05FVVg5Ga0of7a3ixtf7xx42NMs9pLT9RQEfFCDjFW4xfUQMDnNvoPEkn8+7oL 27 | 0NWd4ISxGGW9M5IiClmHZJhaf/K92+V8aMXNsBfg+3L/rVIw1PVZCoXJLXhfFFf2 28 | ZUfcaAP/+aF+ge1OpwJUX9TjL7WmcYjKbJ0EnRxXV1uO+s47lrv72rnvyYnVPUKU 29 | 2vbUsTXU6xV/ACVG4NwLNItUTwu8H9fYNEE36dcmSPpoNVPJksxuDtThlifhb/XW 30 | kt9w5R3JxKlU9b3t0PlCSBl/sIDHsd419W4XAdYYVvJ3ykjPVgN47whWiPD/zXdS 31 | noobe/0iXVsXrbmEMtdsxP0ZJhS4XB58LeBJkWR/bg== 32 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /automation/ansible/roles/webserver.utils/templates/localdomains.key.j2: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0jQso4ImkGCGr 3 | w2NZybbuj47skPHsB/or1MvyL1LFoRI8AZU+QM4bQ8yCAk8+Mrt9BJ8DqmZyj8Jr 4 | +wqpVpqcGO34A7e1VxN4hm9suQTynRwNHGGb5X6gwyoiGvMJch7wFI9dtSqPt90v 5 | UkPtqG7HfjV7FXLNHnDf1MQXYhhWV2bzaWCQ5+HX7bCD6a8PzmUdIMYhRMZvaCQm 6 | l+avGvKnsugEb8PA9Ovw4XIGfJe3p7MKRBz5PTEHsREMXxqv+JfRY/TClccyUxVl 7 | Oqz6r4MrLP66G2a2ztpSRGRA8q2lGq2p2TN24r6ekCB+25iaU9ISrmIzJ6OEnHk5 8 | hf8xiYqjEOK2DgF2b4wtK5lAPK3VJiDpE3fZUWPyk/sw3zRsxLXBAdYc9s0NbcsA 9 | etfNvvZ5h3et3HDa+X6xJYVTSfx8gPgWXl0+LWsaD7SQ/7KlZIECQ5VGoI+JdXIS 10 | ZcUHX1qHoejuxmeFHm4uk1K1uo+hbegyPGwdD145Y7//a+4M7ypwUPVkN5zgnw0T 11 | R3dS7VqZw8/UA6ujwjVdNqc8yIsL2EZwuChzJKUHVxtKF0SAs047KpMfILf8Q7HI 12 | MABwBF95CSGNeLN1bTLfbdTiZec5MlboVZ7hyP4PvvyKRW+sJJ9Ls6oA8W86BDyd 13 | f3u1OKKtJMSs2mbzqsIa8uR+cd9yHwIDAQABAoICACczPEoKvjefeagGSwrSjeIr 14 | zxczvSLG9J0RnZoehjUcbI4UteeHQHiQ9tT/VV8muqhBGZk9JPMYnVi+b6kmgXkE 15 | vJ4NiJRZrIONhKGxZg6a59083UBwylZzKTGwcjYJzgfIHvx0eiIsBFzi2pa97Bdq 16 | IohvtrYsNsuSMWT2Slxsq5CLv4iWn+U22Q067mRbJn71f673dLH5hWfPsSkxi5+3 17 | a0KTVYgOZS+ucwhPgs1AHtJKyZOfooaN/iqWd3/fVG8E6b5ZsJ8PhOSuoaHn+22j 18 | Xkbf7iQgsywLZ0zmo6bmLPBklRTp1AMvPa7tVKulKUYfEHkU0R7YrkU7/5UszKmP 19 | WjBs3un9qsQ8DfgJQ3Ac4Qx9/En9iUduHXcHVr3T5yV+bbkuEx565tTqQBjfK/Vn 20 | 3Woulv9JaxxmNRyjUkBze6Vjki0VwSKyUNJgL9nHrsxo/oraq63p9HfP+4GSs05y 21 | PHRb0SKzj4yEoH+c0VKUf7p8VjbLVKUyuF3bmw+sfp3s/Z7+27BgnHHLlLM21cZT 22 | 1EmXU3lnzAwnbzZg3qAdYUGLjJKsnD7J4u444rhhpmhMYdNZgZwytNEl4RUrjUwB 23 | R/OEDijYJN/iMcZ9uI6AVkgg9tiC3K9yYYW1M6YOGTIG4Mut41ju6m/ICgx/8nxZ 24 | GTbHOmUkCdR5jKG+p85pAoIBAQDkNLrgit2Or5VGXVAMF2452FN8kUG0P1o2wwR1 25 | MUeAJBKDsW7Ef2VzJOIY8da9a5fmFq+tmU5iWk/Zi5NShz0LAbl9e2G6l8m9wfbA 26 | GGoyRzttOl8gQN6GAtG7CMZEH/lEuhwiLKmWSDy4UGczI46u8M9YdeS+XzVWXMdW 27 | HIMYnTTdzcSFyOcdwkuSHe9SSa0Ic6o/wHl22W7UyGgWwt89PSJzV8AzMWXn9kUg 28 | Ll5bunQiCzErR1sTCIaViEeuBDYudZGQuR4+3Kdu8z8VwWZoHepc0AA9X3Iw78wt 29 | bLnGoArFZeKqD3yWwXvwQibP1TJj5NCfWPGCO1BY1dAKzzwTAoIBAQDKinhXxeNM 30 | Zpt6nQAXDJS5M/Wgh7S1iNN1eUgpET9zpzE1RitnB+S3wEysQbNxgZZgG/V+N4kg 31 | 6c2iqsUxwJBos2/fnNoqNUTZ+LUJmyrZso0ttE5xvh00ljVOZcunlP8SDXAiMm2g 32 | rxwmcl78RxNg/dhx/dP36aaGusXgS6QmSNI+NtOpyqIB4UoAePMhttIcl7ULPEaA 33 | AwlTJZgwFOhvncpSvQxgEH2cYU6EdtC1VZmb17C6W1niZe9aILyA2AWMCDYywY+4 34 | +9jo4k8tHhngP38gv+K4V73dxTUBDEwz8lViuk/Z0t7MCYnms8MpCpK1Ha5YNzhb 35 | 0hOIPnF14NtFAoIBAQC1HwC/XJfSOptgmIkCv8n1UTOZ53PdinaghhHQrccQ9hBX 36 | w4ilnnM3eyuUHsWP24hYzuKqBsZGm2VKxVOtKbcSOFEvPbDoNragzAR6nCYVN6H7 37 | 5FtBrxquBCjPqHwr77CYkpnnqckDhNvkcbQmy27gfDIlBJUDX29m1wZC2yhVbdha 38 | vojeogCFBwORuf6LMfyKe7rBFJOS96nWaiTrA8nIwe/I2fmq5+b4vuZIT2UGqqqn 39 | pnhk4CJxrc+beOljPOZ/40IgOjy+KcUd8yO7sZ8EvdGXzmKSU2G/Y2OLHgMomTdT 40 | SrUmwlnhETm8C9TgGVcAH8hQ4Hf2I/t2NmUDX01PAoIBAC+XH7XICqN+DJRf5ZCE 41 | 5UErI1Dn8h8hmkYlDD6SDe234EkbRsF7ylMevSVQfsBx6YqFp0ZT+EWiii3poFIT 42 | ZBsl5miNa3m1cIsi9C7gpc3nNWMC1dfGCwi7LqVQJ+0lhlWQkMOIQ9gYrS2ffBAd 43 | B0GoA76tHKxI21cW9b3BKD3SqIvzyAJCWZTFgeTghohqc65CO0j7jbkwfXVrBPpv 44 | PzpSwiJ0xz6fQVSITLG1VU72YRSMNrtjEZivyPDNdl1z5MHFgC6m6oVVr97wphf8 45 | 1amqYc2pKLWV8Ef2uYCYiiM+kq+TBYYyFSWuLBfoLzgqgtRJuBiESRrSHsLJoVFI 46 | V10CggEBAL80+4NlUExEZp4DCNEcHWXpyw/O+xp0KNbJthgPGiVBC7l1+Najx9ET 47 | xRZK60LLgGAb5PwhHuOn2Vdy4qotyXjiJnBQocq3FvocotPPfKLA9EiPLzZpFXDh 48 | badqxfTtGhJMvHFRqaHyHpcXpukI+42SFozkq723LFgdd7sIlLqejIfnF8IBNVy+ 49 | Dtrs+sXK3k2mEIY0gGVm8AmGRCsY69hLyr9iFBpAilNVn9DJK3blQTAc0YEZF4fd 50 | UD3N76YxYWfDERQyBSXO4ED0un9hza7XIbqXwPvnxP8KEzb1iFUMMXAUKJAIJaX4 51 | VCt9M/Npt1OALeZ9gkOXcyYVze++UmM= 52 | -----END PRIVATE KEY----- -------------------------------------------------------------------------------- /automation/ansible/vars/database_server_vars.yml: -------------------------------------------------------------------------------- 1 | pip_package: python3-pip 2 | 3 | mysql_user_home: /root 4 | mysql_user_name: root 5 | mysql_user_password: root 6 | 7 | mysql_port: "3306" 8 | mysql_bind_address: '0.0.0.0' 9 | mysql_datadir: /var/lib/mysql 10 | mysql_socket: /var/run/mysqld/mysqld.sock 11 | mysql_pid_file: /var/run/mysqld/mysqld.pid 12 | 13 | # Databases 14 | mysql_databases: 15 | - { name: experiment, collation: utf8_general_ci, encoding: utf8 } 16 | 17 | # Users 18 | mysql_users: 19 | - name: experiment 20 | host: '%' 21 | password: "{{ experiment_db_password | default('experiment') }}" 22 | priv: 'experiment.*:ALL' 23 | 24 | -------------------------------------------------------------------------------- /automation/ansible/vars/web_server_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################################ 3 | # 4 | # Apache related variables 5 | # 6 | ############################################ 7 | apache_remove_default_vhost: true 8 | 9 | apache_ignore_missing_ssl_certificate: false 10 | 11 | # Only used on Debian/Ubuntu. 12 | apache_mods_enabled: 13 | - rewrite.load 14 | - ssl.load 15 | 16 | # Set initial apache state. Recommended values: `started` or `stopped` 17 | apache_state: started 18 | 19 | # Set apache state when configuration changes are made. Recommended values: 20 | # `restarted` or `reloaded` 21 | apache_restart_state: restarted 22 | 23 | # Apache package state; use `present` to make sure it's installed, or `latest` 24 | # if you want to upgrade or switch versions using a new repo. 25 | apache_packages_state: present 26 | 27 | ############################################ 28 | # 29 | # PHP related variables 30 | # 31 | ############################################ 32 | php_memory_limit: "256M" 33 | php_max_execution_time: "90" 34 | php_upload_max_filesize: "256M" 35 | php_max_file_uploads: "20" 36 | php_post_max_size: "150M" 37 | php_date_timezone: "Europe/Madrid" 38 | php_opcache.max_accelerated_files: "20000" 39 | php_realpath_cache_size: "4096K" 40 | php_realpath_cache_ttl: "600" 41 | 42 | php_packages_common: 43 | - php7.4 44 | - php7.4-cli 45 | - php7.4-common 46 | - php7.4-gd 47 | - php7.4-mbstring 48 | - php7.4-pdo 49 | - php7.4-xml 50 | - php7.4-intl 51 | - php7.4-curl 52 | - php7.4-zip 53 | - php7.4-apcu 54 | - php7.4-mysql 55 | - php7.4-mongodb 56 | - php7.4-opcache 57 | - libapache2-mod-php7.4 58 | - php-http 59 | 60 | php_packages_dev: 61 | - php7.4-xdebug 62 | - php-codesniffer 63 | - phpcpd 64 | 65 | php_packages_prod: [] -------------------------------------------------------------------------------- /automation/ansible/vars/web_server_vhosts_common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################################ 3 | # 4 | # Apache vhosts 5 | # 6 | ############################################ 7 | apache_vhosts_common: 8 | - servername: "www.example.com" 9 | documentroot: "/var/www/symfony-project-kickstart/public" 10 | allow_override: 'All' 11 | option: 'FollowSymLinks MultiViews' 12 | extra_parameters: | 13 | ## Logging 14 | ErrorLog "/var/log/apache2/symfony-project-kickstart_error_ssl.log" 15 | ServerSignature Off 16 | CustomLog "/var/log/apache2/symfony-project-kickstart_access_ssl.log" combined 17 | 18 | ############################################ 19 | # 20 | # Apache SSL vhosts 21 | # 22 | ############################################ 23 | 24 | apache_vhosts_ssl_common: 25 | - servername: "www.example.com" 26 | documentroot: "/var/www/symfony-project-kickstart/public" 27 | certificate_file: "/etc/ssl/crt/localdomains.crt" 28 | certificate_key_file: "/etc/ssl/crt/localdomains.key" 29 | allow_override: 'All' 30 | option: 'FollowSymLinks MultiViews' 31 | extra_parameters: | 32 | ## Logging 33 | ErrorLog "/var/log/apache2/symfony-project-kickstart_error_ssl.log" 34 | ServerSignature Off 35 | CustomLog "/var/log/apache2/symfony-project-kickstart_access_ssl.log" combined 36 | 37 | ## SSL directives 38 | SSLCACertificatePath "/etc/ssl/crt" -------------------------------------------------------------------------------- /automation/ansible/vars/web_server_vhosts_dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################################ 3 | # 4 | # Apache vhosts 5 | # 6 | ############################################ 7 | apache_vhosts_dev: [] 8 | 9 | ############################################ 10 | # 11 | # Apache SSL vhosts 12 | # 13 | ############################################ 14 | apache_vhosts_ssl_dev: [] 15 | 16 | -------------------------------------------------------------------------------- /automation/ansible/vars/web_server_vhosts_prod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################################ 3 | # 4 | # Apache vhosts 5 | # 6 | ############################################ 7 | apache_vhosts_prod: [] 8 | 9 | 10 | ############################################ 11 | # 12 | # Apache SSL vhosts 13 | # 14 | ############################################ 15 | 16 | apache_vhosts_ssl_prod: [] 17 | 18 | -------------------------------------------------------------------------------- /automation/ansible/web_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: True 4 | gather_facts: False 5 | 6 | pre_tasks: 7 | - raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3) 8 | - setup: # aka gather_facts 9 | 10 | vars_files: 11 | - "./vars/web_server_vars.yml" 12 | - "./vars/web_server_vhosts_common.yml" 13 | - "./vars/web_server_vhosts_{{ target_environment }}.yml" 14 | 15 | roles: 16 | - { role: common } 17 | - { role: webserver.utils } 18 | - { role: geerlingguy.apache } 19 | - { role: geerlingguy.php } 20 | - { role: franklinkim.environment } -------------------------------------------------------------------------------- /automation/packer/create_docker_image_dbserver.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "ansible_host": "default", 4 | "ansible_connection": "docker" 5 | }, 6 | "builders": [ 7 | { 8 | "type": "docker", 9 | "image": "ubuntu:18.04", 10 | "commit": "true", 11 | "run_command": [ 12 | "-d", 13 | "-i", 14 | "-t", 15 | "--name", 16 | "{{user `ansible_host`}}", 17 | "{{.Image}}", 18 | "/bin/bash" 19 | ], 20 | "changes": [ 21 | "EXPOSE 3306", 22 | "CMD [\"mysqld\"]", 23 | "LABEL project=sbk" 24 | ] 25 | } 26 | ], 27 | "provisioners": [ 28 | { 29 | "type": "shell", 30 | "inline": [ 31 | "apt-get update", 32 | "apt-get install sudo -yq" 33 | ] 34 | }, 35 | { 36 | "type": "ansible", 37 | "playbook_file": "../ansible/database_server.yml", 38 | "extra_arguments": [ 39 | ], 40 | "ansible_env_vars": [ 41 | "ANSIBLE_SSH_ARGS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o AddKeysToAgent=no'" 42 | ] 43 | } 44 | ], 45 | "post-processors": [ 46 | [ 47 | { 48 | "type": "docker-tag", 49 | "repository": "spk_local/dbserver", 50 | "tag": "latest" 51 | } 52 | ] 53 | ] 54 | } 55 | -------------------------------------------------------------------------------- /automation/packer/create_docker_image_webserver.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "ansible_host": "default", 4 | "ansible_connection": "docker" 5 | }, 6 | "builders": [ 7 | { 8 | "type": "docker", 9 | "image": "ubuntu:18.04", 10 | "commit": "true", 11 | "run_command": [ 12 | "-d", 13 | "-i", 14 | "-t", 15 | "--name", 16 | "{{user `ansible_host`}}", 17 | "{{.Image}}", 18 | "/bin/bash" 19 | ], 20 | "changes": [ 21 | "EXPOSE 80 443", 22 | "CMD [\"/usr/local/bin/http_foreground.sh\"]", 23 | "LABEL project=sbk" 24 | ] 25 | } 26 | ], 27 | "provisioners": [ 28 | { 29 | "type": "shell", 30 | "inline": [ 31 | "apt-get update", 32 | "apt-get install sudo -yq" 33 | ] 34 | }, 35 | { 36 | "type": "ansible", 37 | "playbook_file": "../ansible/web_server.yml", 38 | "extra_arguments": [ 39 | "--extra-vars", 40 | "target_environment=dev" 41 | ], 42 | "ansible_env_vars": [ 43 | "ANSIBLE_SSH_ARGS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o AddKeysToAgent=no'" 44 | ] 45 | } 46 | ], 47 | "post-processors": [ 48 | [ 49 | { 50 | "type": "docker-tag", 51 | "repository": "spk_local/webserver", 52 | "tag": "latest" 53 | } 54 | ] 55 | ] 56 | } 57 | -------------------------------------------------------------------------------- /automation/terraform/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | profile = var.aws_profile 3 | region = var.region 4 | } 5 | 6 | resource "aws_key_pair" "terraform_executor_key" { 7 | key_name = "terraform_executor" 8 | public_key = file(var.public_key) 9 | tags = var.additional_tags 10 | } 11 | 12 | module "network" { 13 | source = "./modules/network" 14 | additional_tags = var.additional_tags 15 | cidr_vpc = var.cidr_vpc 16 | cidr_subnet = var.cidr_subnet 17 | webserver_private_ip = var.webserver_private_ip 18 | dbserver_private_ip = var.dbserver_private_ip 19 | webserver_instance_id = module.ec2.webserver_instance_id 20 | } 21 | 22 | module "ec2" { 23 | source = "./modules/ec2" 24 | additional_tags = var.additional_tags 25 | application_name = var.application_name 26 | ami = var.amis[var.region] 27 | subnet_id = module.network.subnet_id 28 | key_name = aws_key_pair.terraform_executor_key.key_name 29 | private_key = var.private_key 30 | iam_instance_profile = module.ci-cd.aws_iam_instance_profile_name 31 | webserver_private_ip = var.webserver_private_ip 32 | dbserver_private_ip = var.dbserver_private_ip 33 | security_groups_webserver = [ 34 | module.network.security_group_web_id, 35 | module.network.security_group_ssh_id, 36 | module.network.security_group_tls_id, 37 | module.network.security_group_icmp_id 38 | ] 39 | security_groups_dbserver = [ 40 | module.network.security_group_ssh_id, 41 | module.network.security_group_tls_id, 42 | module.network.security_group_icmp_id, 43 | module.network.security_group_mysql_id 44 | ] 45 | } 46 | 47 | module "ci-cd" { 48 | source = "./modules/ci-cd" 49 | additional_tags = var.additional_tags 50 | application_name = var.application_name 51 | deployment_s3_bucket = var.deployment_s3_bucket 52 | } 53 | -------------------------------------------------------------------------------- /automation/terraform/modules/ci-cd/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "code_deploy_executor_role" { 2 | name = "code_deploy_executor_role" 3 | tags = var.additional_tags 4 | 5 | assume_role_policy = <getParameterOption(['--env', '-e'], null, true)) { 24 | putenv('APP_ENV='.$_SERVER['APP_ENV'] = $_ENV['APP_ENV'] = $env); 25 | } 26 | 27 | if ($input->hasParameterOption('--no-debug', true)) { 28 | putenv('APP_DEBUG='.$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = '0'); 29 | } 30 | 31 | (new Dotenv())->bootEnv(dirname(__DIR__).'/.env'); 32 | 33 | if ($_SERVER['APP_DEBUG']) { 34 | umask(0000); 35 | 36 | if (class_exists(Debug::class)) { 37 | Debug::enable(); 38 | } 39 | } 40 | 41 | $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']); 42 | $application = new Application($kernel); 43 | $application->run($input); 44 | -------------------------------------------------------------------------------- /bin/phpunit: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | ['all' => true], 5 | Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true], 6 | Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true], 7 | Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true], 8 | Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true], 9 | Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true], 10 | Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true], 11 | Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true], 12 | Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true], 13 | Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true, 'test' => true], 14 | Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], 15 | ]; 16 | -------------------------------------------------------------------------------- /config/packages/cache.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | cache: 3 | # Unique name of your app: used to compute stable namespaces for cache keys. 4 | #prefix_seed: your_vendor_name/app_name 5 | 6 | # The "app" cache stores to the filesystem by default. 7 | # The data in this cache should persist between deploys. 8 | # Other options include: 9 | 10 | # Redis 11 | #app: cache.adapter.redis 12 | #default_redis_provider: redis://localhost 13 | 14 | # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues) 15 | #app: cache.adapter.apcu 16 | 17 | # Namespaced pools use the above "app" backend by default 18 | #pools: 19 | #my.dedicated.cache: null 20 | -------------------------------------------------------------------------------- /config/packages/dev/debug.yaml: -------------------------------------------------------------------------------- 1 | debug: 2 | # Forwards VarDumper Data clones to a centralized server allowing to inspect dumps on CLI or in your browser. 3 | # See the "server:dump" command to start a new server. 4 | dump_destination: "tcp://%env(VAR_DUMPER_SERVER)%" 5 | -------------------------------------------------------------------------------- /config/packages/dev/monolog.yaml: -------------------------------------------------------------------------------- 1 | monolog: 2 | handlers: 3 | main: 4 | type: stream 5 | path: "%kernel.logs_dir%/%kernel.environment%.log" 6 | level: debug 7 | channels: ["!event"] 8 | # uncomment to get logging in your browser 9 | # you may have to allow bigger header sizes in your Web server configuration 10 | #firephp: 11 | # type: firephp 12 | # level: info 13 | #chromephp: 14 | # type: chromephp 15 | # level: info 16 | console: 17 | type: console 18 | process_psr_3_messages: false 19 | channels: ["!event", "!doctrine", "!console"] 20 | -------------------------------------------------------------------------------- /config/packages/dev/web_profiler.yaml: -------------------------------------------------------------------------------- 1 | web_profiler: 2 | toolbar: true 3 | intercept_redirects: false 4 | 5 | framework: 6 | profiler: { only_exceptions: false } 7 | -------------------------------------------------------------------------------- /config/packages/doctrine.yaml: -------------------------------------------------------------------------------- 1 | doctrine: 2 | dbal: 3 | url: '%env(resolve:DATABASE_URL)%' 4 | 5 | # IMPORTANT: You MUST configure your server version, 6 | # either here or in the DATABASE_URL env var (see .env file) 7 | #server_version: '5.7' 8 | orm: 9 | auto_generate_proxy_classes: true 10 | naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware 11 | auto_mapping: true 12 | mappings: 13 | App: 14 | is_bundle: false 15 | type: annotation 16 | dir: '%kernel.project_dir%/src/Entity' 17 | prefix: 'App\Entity' 18 | alias: App 19 | -------------------------------------------------------------------------------- /config/packages/doctrine_migrations.yaml: -------------------------------------------------------------------------------- 1 | doctrine_migrations: 2 | migrations_paths: 3 | # namespace is arbitrary but should be different from App\Migrations 4 | # as migrations classes should NOT be autoloaded 5 | 'DoctrineMigrations': '%kernel.project_dir%/migrations' 6 | -------------------------------------------------------------------------------- /config/packages/framework.yaml: -------------------------------------------------------------------------------- 1 | # see https://symfony.com/doc/current/reference/configuration/framework.html 2 | framework: 3 | secret: '%env(APP_SECRET)%' 4 | #csrf_protection: true 5 | #http_method_override: true 6 | 7 | # Enables session support. Note that the session will ONLY be started if you read or write from it. 8 | # Remove or comment this section to explicitly disable session support. 9 | session: 10 | handler_id: null 11 | cookie_secure: auto 12 | cookie_samesite: lax 13 | 14 | #esi: true 15 | #fragments: true 16 | php_errors: 17 | log: true 18 | -------------------------------------------------------------------------------- /config/packages/mailer.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | mailer: 3 | dsn: '%env(MAILER_DSN)%' 4 | -------------------------------------------------------------------------------- /config/packages/notifier.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | notifier: 3 | #chatter_transports: 4 | # slack: '%env(SLACK_DSN)%' 5 | # telegram: '%env(TELEGRAM_DSN)%' 6 | #texter_transports: 7 | # twilio: '%env(TWILIO_DSN)%' 8 | # nexmo: '%env(NEXMO_DSN)%' 9 | channel_policy: 10 | # use chat/slack, chat/telegram, sms/twilio or sms/nexmo 11 | urgent: ['email'] 12 | high: ['email'] 13 | medium: ['email'] 14 | low: ['email'] 15 | admin_recipients: 16 | - { email: admin@example.com } 17 | -------------------------------------------------------------------------------- /config/packages/prod/deprecations.yaml: -------------------------------------------------------------------------------- 1 | # As of Symfony 5.1, deprecations are logged in the dedicated "deprecation" channel when it exists 2 | #monolog: 3 | # channels: [deprecation] 4 | # handlers: 5 | # deprecation: 6 | # type: stream 7 | # channels: [deprecation] 8 | # path: "%kernel.logs_dir%/%kernel.environment%.deprecations.log" 9 | -------------------------------------------------------------------------------- /config/packages/prod/doctrine.yaml: -------------------------------------------------------------------------------- 1 | doctrine: 2 | orm: 3 | auto_generate_proxy_classes: false 4 | metadata_cache_driver: 5 | type: pool 6 | pool: doctrine.system_cache_pool 7 | query_cache_driver: 8 | type: pool 9 | pool: doctrine.system_cache_pool 10 | result_cache_driver: 11 | type: pool 12 | pool: doctrine.result_cache_pool 13 | 14 | framework: 15 | cache: 16 | pools: 17 | doctrine.result_cache_pool: 18 | adapter: cache.app 19 | doctrine.system_cache_pool: 20 | adapter: cache.system 21 | -------------------------------------------------------------------------------- /config/packages/prod/monolog.yaml: -------------------------------------------------------------------------------- 1 | monolog: 2 | handlers: 3 | main: 4 | type: fingers_crossed 5 | action_level: error 6 | handler: nested 7 | excluded_http_codes: [404, 405] 8 | buffer_size: 50 # How many messages should be saved? Prevent memory leaks 9 | nested: 10 | type: stream 11 | path: "%kernel.logs_dir%/%kernel.environment%.log" 12 | level: debug 13 | console: 14 | type: console 15 | process_psr_3_messages: false 16 | channels: ["!event", "!doctrine"] 17 | -------------------------------------------------------------------------------- /config/packages/prod/routing.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | router: 3 | strict_requirements: null 4 | -------------------------------------------------------------------------------- /config/packages/routing.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | router: 3 | utf8: true 4 | 5 | # Configure how to generate URLs in non-HTTP contexts, such as CLI commands. 6 | # See https://symfony.com/doc/current/routing.html#generating-urls-in-commands 7 | #default_uri: http://localhost 8 | -------------------------------------------------------------------------------- /config/packages/security.yaml: -------------------------------------------------------------------------------- 1 | security: 2 | # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers 3 | providers: 4 | users_in_memory: { memory: null } 5 | firewalls: 6 | dev: 7 | pattern: ^/(_(profiler|wdt)|css|images|js)/ 8 | security: false 9 | main: 10 | anonymous: true 11 | lazy: true 12 | provider: users_in_memory 13 | 14 | # activate different ways to authenticate 15 | # https://symfony.com/doc/current/security.html#firewalls-authentication 16 | 17 | # https://symfony.com/doc/current/security/impersonating_user.html 18 | # switch_user: true 19 | 20 | # Easy way to control access for large sections of your site 21 | # Note: Only the *first* access control that matches will be used 22 | access_control: 23 | # - { path: ^/admin, roles: ROLE_ADMIN } 24 | # - { path: ^/profile, roles: ROLE_USER } 25 | -------------------------------------------------------------------------------- /config/packages/sensio_framework_extra.yaml: -------------------------------------------------------------------------------- 1 | sensio_framework_extra: 2 | router: 3 | annotations: false 4 | -------------------------------------------------------------------------------- /config/packages/test/framework.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | test: true 3 | session: 4 | storage_id: session.storage.mock_file 5 | -------------------------------------------------------------------------------- /config/packages/test/monolog.yaml: -------------------------------------------------------------------------------- 1 | monolog: 2 | handlers: 3 | main: 4 | type: fingers_crossed 5 | action_level: error 6 | handler: nested 7 | excluded_http_codes: [404, 405] 8 | channels: ["!event"] 9 | nested: 10 | type: stream 11 | path: "%kernel.logs_dir%/%kernel.environment%.log" 12 | level: debug 13 | -------------------------------------------------------------------------------- /config/packages/test/twig.yaml: -------------------------------------------------------------------------------- 1 | twig: 2 | strict_variables: true 3 | -------------------------------------------------------------------------------- /config/packages/test/validator.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | validation: 3 | not_compromised_password: false 4 | -------------------------------------------------------------------------------- /config/packages/test/web_profiler.yaml: -------------------------------------------------------------------------------- 1 | web_profiler: 2 | toolbar: false 3 | intercept_redirects: false 4 | 5 | framework: 6 | profiler: { collect: false } 7 | -------------------------------------------------------------------------------- /config/packages/translation.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | default_locale: en 3 | translator: 4 | default_path: '%kernel.project_dir%/translations' 5 | fallbacks: 6 | - en 7 | -------------------------------------------------------------------------------- /config/packages/twig.yaml: -------------------------------------------------------------------------------- 1 | twig: 2 | default_path: '%kernel.project_dir%/templates' 3 | -------------------------------------------------------------------------------- /config/packages/validator.yaml: -------------------------------------------------------------------------------- 1 | framework: 2 | validation: 3 | email_validation_mode: html5 4 | 5 | # Enables validator auto-mapping support. 6 | # For instance, basic validation constraints will be inferred from Doctrine's metadata. 7 | #auto_mapping: 8 | # App\Entity\: [] 9 | -------------------------------------------------------------------------------- /config/routes.yaml: -------------------------------------------------------------------------------- 1 | #index: 2 | # path: / 3 | # controller: App\Controller\DefaultController::index 4 | -------------------------------------------------------------------------------- /config/routes/annotations.yaml: -------------------------------------------------------------------------------- 1 | controllers: 2 | resource: ../../src/Controller/ 3 | type: annotation 4 | 5 | kernel: 6 | resource: ../../src/Kernel.php 7 | type: annotation 8 | -------------------------------------------------------------------------------- /config/routes/dev/framework.yaml: -------------------------------------------------------------------------------- 1 | _errors: 2 | resource: '@FrameworkBundle/Resources/config/routing/errors.xml' 3 | prefix: /_error 4 | -------------------------------------------------------------------------------- /config/routes/dev/web_profiler.yaml: -------------------------------------------------------------------------------- 1 | web_profiler_wdt: 2 | resource: '@WebProfilerBundle/Resources/config/routing/wdt.xml' 3 | prefix: /_wdt 4 | 5 | web_profiler_profiler: 6 | resource: '@WebProfilerBundle/Resources/config/routing/profiler.xml' 7 | prefix: /_profiler 8 | -------------------------------------------------------------------------------- /config/services.yaml: -------------------------------------------------------------------------------- 1 | # This file is the entry point to configure your own services. 2 | # Files in the packages/ subdirectory configure your dependencies. 3 | 4 | # Put parameters here that don't need to change on each machine where the app is deployed 5 | # https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration 6 | parameters: 7 | 8 | services: 9 | # default configuration for services in *this* file 10 | _defaults: 11 | autowire: true # Automatically injects dependencies in your services. 12 | autoconfigure: true # Automatically registers your services as commands, event subscribers, etc. 13 | 14 | # makes classes in src/ available to be used as services 15 | # this creates a service per class whose id is the fully-qualified class name 16 | App\: 17 | resource: '../src/*' 18 | exclude: '../src/{DependencyInjection,Entity,Migrations,Tests,Kernel.php}' 19 | 20 | # controllers are imported separately to make sure services can be injected 21 | # as action arguments even if you don't extend any base controller class 22 | App\Controller\: 23 | resource: '../src/Controller' 24 | tags: ['controller.service_arguments'] 25 | 26 | # add more service definitions when explicit configuration is needed 27 | # please note that last definitions always *replace* previous ones 28 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | web: 4 | image: "spk_local/webserver:latest" 5 | ports: 6 | - "80:80" 7 | - "443:443" 8 | volumes: 9 | - .:/var/www/symfony-project-kickstart:cached 10 | environment: 11 | XDEBUG_CONFIG: "remote_host=host.docker.internal remote_enable=1" 12 | PHP_IDE_CONFIG: "serverName=my.local" 13 | db: 14 | image: "spk_local/dbserver:latest" 15 | ports: 16 | - "127.0.0.1:3306:3306" 17 | -------------------------------------------------------------------------------- /migrations/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/migrations/.gitignore -------------------------------------------------------------------------------- /phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | tests 21 | 22 | 23 | 24 | 25 | 26 | src 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /public/.htaccess: -------------------------------------------------------------------------------- 1 | # Use the front controller as index file. It serves as a fallback solution when 2 | # every other rewrite/redirect fails (e.g. in an aliased environment without 3 | # mod_rewrite). Additionally, this reduces the matching process for the 4 | # start page (path "/") because otherwise Apache will apply the rewriting rules 5 | # to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl). 6 | DirectoryIndex index.php 7 | 8 | # By default, Apache does not evaluate symbolic links if you did not enable this 9 | # feature in your server configuration. Uncomment the following line if you 10 | # install assets as symlinks or if you experience problems related to symlinks 11 | # when compiling LESS/Sass/CoffeScript assets. 12 | # Options +FollowSymlinks 13 | 14 | # Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve 15 | # to the front controller "/index.php" but be rewritten to "/index.php/index". 16 | 17 | Options -MultiViews 18 | 19 | 20 | 21 | RewriteEngine On 22 | 23 | # Determine the RewriteBase automatically and set it as environment variable. 24 | # If you are using Apache aliases to do mass virtual hosting or installed the 25 | # project in a subdirectory, the base path will be prepended to allow proper 26 | # resolution of the index.php file and to redirect to the correct URI. It will 27 | # work in environments without path prefix as well, providing a safe, one-size 28 | # fits all solution. But as you do not need it in this case, you can comment 29 | # the following 2 lines to eliminate the overhead. 30 | RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$ 31 | RewriteRule .* - [E=BASE:%1] 32 | 33 | # Sets the HTTP_AUTHORIZATION header removed by Apache 34 | RewriteCond %{HTTP:Authorization} .+ 35 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] 36 | 37 | # Redirect to URI without front controller to prevent duplicate content 38 | # (with and without `/index.php`). Only do this redirect on the initial 39 | # rewrite by Apache and not on subsequent cycles. Otherwise we would get an 40 | # endless redirect loop (request -> rewrite to front controller -> 41 | # redirect -> request -> ...). 42 | # So in case you get a "too many redirects" error or you always get redirected 43 | # to the start page because your Apache does not expose the REDIRECT_STATUS 44 | # environment variable, you have 2 choices: 45 | # - disable this feature by commenting the following 2 lines or 46 | # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the 47 | # following RewriteCond (best solution) 48 | RewriteCond %{ENV:REDIRECT_STATUS} ="" 49 | RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] 50 | 51 | # If the requested filename exists, simply serve it. 52 | # We only want to let Apache serve files and not directories. 53 | # Rewrite all other queries to the front controller. 54 | RewriteCond %{REQUEST_FILENAME} !-f 55 | RewriteRule ^ %{ENV:BASE}/index.php [L] 56 | 57 | 58 | 59 | 60 | # When mod_rewrite is not available, we instruct a temporary redirect of 61 | # the start page to the front controller explicitly so that the website 62 | # and the generated links can still be used. 63 | RedirectMatch 307 ^/$ /index.php/ 64 | # RedirectTemp cannot be used instead 65 | 66 | 67 | -------------------------------------------------------------------------------- /public/index.php: -------------------------------------------------------------------------------- 1 | bootEnv(dirname(__DIR__).'/.env'); 11 | 12 | if ($_SERVER['APP_DEBUG']) { 13 | umask(0000); 14 | 15 | Debug::enable(); 16 | } 17 | 18 | if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) { 19 | Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST); 20 | } 21 | 22 | if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) { 23 | Request::setTrustedHosts([$trustedHosts]); 24 | } 25 | 26 | $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']); 27 | $request = Request::createFromGlobals(); 28 | $response = $kernel->handle($request); 29 | $response->send(); 30 | $kernel->terminate($request, $response); 31 | -------------------------------------------------------------------------------- /src/Controller/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/src/Controller/.gitignore -------------------------------------------------------------------------------- /src/Controller/MainController.php: -------------------------------------------------------------------------------- 1 | You made it!' 20 | ); 21 | } 22 | } -------------------------------------------------------------------------------- /src/Entity/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/src/Entity/.gitignore -------------------------------------------------------------------------------- /src/Kernel.php: -------------------------------------------------------------------------------- 1 | import('../config/{packages}/*.yaml'); 17 | $container->import('../config/{packages}/'.$this->environment.'/*.yaml'); 18 | 19 | if (is_file(\dirname(__DIR__).'/config/services.yaml')) { 20 | $container->import('../config/{services}.yaml'); 21 | $container->import('../config/{services}_'.$this->environment.'.yaml'); 22 | } elseif (is_file($path = \dirname(__DIR__).'/config/services.php')) { 23 | (require $path)($container->withPath($path), $this); 24 | } 25 | } 26 | 27 | protected function configureRoutes(RoutingConfigurator $routes): void 28 | { 29 | $routes->import('../config/{routes}/'.$this->environment.'/*.yaml'); 30 | $routes->import('../config/{routes}/*.yaml'); 31 | 32 | if (is_file(\dirname(__DIR__).'/config/routes.yaml')) { 33 | $routes->import('../config/{routes}.yaml'); 34 | } elseif (is_file($path = \dirname(__DIR__).'/config/routes.php')) { 35 | (require $path)($routes->withPath($path), $this); 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/Repository/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/src/Repository/.gitignore -------------------------------------------------------------------------------- /templates/base.html.twig: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {% block title %}Welcome!{% endblock %} 6 | {% block stylesheets %}{% endblock %} 7 | 8 | 9 | {% block body %}{% endblock %} 10 | {% block javascripts %}{% endblock %} 11 | 12 | 13 | -------------------------------------------------------------------------------- /tests/bootstrap.php: -------------------------------------------------------------------------------- 1 | bootEnv(dirname(__DIR__).'/.env'); 11 | } 12 | -------------------------------------------------------------------------------- /translations/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/translations/.gitignore --------------------------------------------------------------------------------