├── .env.dist
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
└── workflows
│ └── ci-cd.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── LICENSE
├── README.md
├── Symfony-LICENSE
├── appspec.yml
├── automation
├── ansible
│ ├── database_server.yml
│ ├── roles
│ │ ├── common
│ │ │ ├── tasks
│ │ │ │ └── main.yml
│ │ │ └── templates
│ │ │ │ └── motd
│ │ ├── dbutils
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ ├── franklinkim.environment
│ │ │ ├── .clog.toml
│ │ │ ├── .editorconfig
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── CHANGELOG.md
│ │ │ ├── LICENSE
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── Vagrantfile
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── meta
│ │ │ │ ├── .galaxy_install_info
│ │ │ │ ├── main.yml
│ │ │ │ └── readme.yml
│ │ │ ├── tasks
│ │ │ │ ├── config.yml
│ │ │ │ └── main.yml
│ │ │ └── tests
│ │ │ │ └── main.yml
│ │ ├── geerlingguy.apache
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── handlers
│ │ │ │ └── main.yml
│ │ │ ├── meta
│ │ │ │ ├── .galaxy_install_info
│ │ │ │ └── main.yml
│ │ │ ├── tasks
│ │ │ │ ├── configure-Debian.yml
│ │ │ │ ├── configure-RedHat.yml
│ │ │ │ ├── configure-Solaris.yml
│ │ │ │ ├── configure-Suse.yml
│ │ │ │ ├── main.yml
│ │ │ │ ├── setup-Debian.yml
│ │ │ │ ├── setup-RedHat.yml
│ │ │ │ ├── setup-Solaris.yml
│ │ │ │ └── setup-Suse.yml
│ │ │ ├── templates
│ │ │ │ └── vhosts.conf.j2
│ │ │ ├── tests
│ │ │ │ ├── README.md
│ │ │ │ └── test.yml
│ │ │ └── vars
│ │ │ │ ├── AmazonLinux.yml
│ │ │ │ ├── Debian.yml
│ │ │ │ ├── RedHat.yml
│ │ │ │ ├── Solaris.yml
│ │ │ │ ├── Suse.yml
│ │ │ │ ├── apache-22.yml
│ │ │ │ └── apache-24.yml
│ │ ├── geerlingguy.mysql
│ │ │ ├── .ansible-lint
│ │ │ ├── .github
│ │ │ │ ├── FUNDING.yml
│ │ │ │ └── stale.yml
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── .yamllint
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── handlers
│ │ │ │ └── main.yml
│ │ │ ├── meta
│ │ │ │ ├── .galaxy_install_info
│ │ │ │ └── main.yml
│ │ │ ├── molecule
│ │ │ │ └── default
│ │ │ │ │ ├── converge.yml
│ │ │ │ │ └── molecule.yml
│ │ │ ├── tasks
│ │ │ │ ├── configure.yml
│ │ │ │ ├── databases.yml
│ │ │ │ ├── main.yml
│ │ │ │ ├── replication.yml
│ │ │ │ ├── secure-installation.yml
│ │ │ │ ├── setup-Archlinux.yml
│ │ │ │ ├── setup-Debian.yml
│ │ │ │ ├── setup-RedHat.yml
│ │ │ │ ├── users.yml
│ │ │ │ └── variables.yml
│ │ │ ├── templates
│ │ │ │ ├── my.cnf.j2
│ │ │ │ ├── root-my.cnf.j2
│ │ │ │ └── user-my.cnf.j2
│ │ │ └── vars
│ │ │ │ ├── Archlinux.yml
│ │ │ │ ├── Debian-10.yml
│ │ │ │ ├── Debian.yml
│ │ │ │ ├── RedHat-6.yml
│ │ │ │ ├── RedHat-7.yml
│ │ │ │ └── RedHat-8.yml
│ │ ├── geerlingguy.php
│ │ │ ├── .ansible-lint
│ │ │ ├── .github
│ │ │ │ ├── FUNDING.yml
│ │ │ │ └── stale.yml
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── .yamllint
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── handlers
│ │ │ │ └── main.yml
│ │ │ ├── meta
│ │ │ │ ├── .galaxy_install_info
│ │ │ │ └── main.yml
│ │ │ ├── molecule
│ │ │ │ └── default
│ │ │ │ │ ├── converge.yml
│ │ │ │ │ ├── molecule.yml
│ │ │ │ │ ├── playbook-source.yml
│ │ │ │ │ └── requirements.yml
│ │ │ ├── tasks
│ │ │ │ ├── configure-apcu.yml
│ │ │ │ ├── configure-fpm.yml
│ │ │ │ ├── configure-opcache.yml
│ │ │ │ ├── configure.yml
│ │ │ │ ├── install-from-source.yml
│ │ │ │ ├── main.yml
│ │ │ │ ├── setup-Debian.yml
│ │ │ │ └── setup-RedHat.yml
│ │ │ ├── templates
│ │ │ │ ├── apc.ini.j2
│ │ │ │ ├── fpm-init.j2
│ │ │ │ ├── opcache.ini.j2
│ │ │ │ ├── php-fpm.conf.j2
│ │ │ │ ├── php.ini.j2
│ │ │ │ └── www.conf.j2
│ │ │ └── vars
│ │ │ │ ├── Debian.yml
│ │ │ │ └── RedHat.yml
│ │ ├── geerlingguy.pip
│ │ │ ├── .gitignore
│ │ │ ├── .travis.yml
│ │ │ ├── LICENSE
│ │ │ ├── README.md
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── meta
│ │ │ │ ├── .galaxy_install_info
│ │ │ │ └── main.yml
│ │ │ ├── molecule
│ │ │ │ └── default
│ │ │ │ │ ├── molecule.yml
│ │ │ │ │ ├── playbook.yml
│ │ │ │ │ ├── tests
│ │ │ │ │ └── test_default.py
│ │ │ │ │ └── yaml-lint.yml
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ └── webserver.utils
│ │ │ ├── tasks
│ │ │ ├── create_webroots.yml
│ │ │ ├── install_codedeploy.yml
│ │ │ └── main.yml
│ │ │ └── templates
│ │ │ ├── http_foreground.sh.j2
│ │ │ ├── localdomains.crt.j2
│ │ │ └── localdomains.key.j2
│ ├── vars
│ │ ├── database_server_vars.yml
│ │ ├── web_server_vars.yml
│ │ ├── web_server_vhosts_common.yml
│ │ ├── web_server_vhosts_dev.yml
│ │ └── web_server_vhosts_prod.yml
│ └── web_server.yml
├── packer
│ ├── create_docker_image_dbserver.json
│ └── create_docker_image_webserver.json
└── terraform
│ ├── main.tf
│ ├── modules
│ ├── ci-cd
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── ec2
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ └── network
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── outputs.tf
│ ├── terraform.tf
│ ├── terraform.tfvars.example
│ └── variables.tf
├── bin
├── console
└── phpunit
├── build-scripts
├── after-install-root.sh
└── before-install-root.sh
├── composer.json
├── composer.lock
├── composer.phar
├── config
├── bundles.php
├── packages
│ ├── cache.yaml
│ ├── dev
│ │ ├── debug.yaml
│ │ ├── monolog.yaml
│ │ └── web_profiler.yaml
│ ├── doctrine.yaml
│ ├── doctrine_migrations.yaml
│ ├── framework.yaml
│ ├── mailer.yaml
│ ├── notifier.yaml
│ ├── prod
│ │ ├── deprecations.yaml
│ │ ├── doctrine.yaml
│ │ ├── monolog.yaml
│ │ └── routing.yaml
│ ├── routing.yaml
│ ├── security.yaml
│ ├── sensio_framework_extra.yaml
│ ├── test
│ │ ├── framework.yaml
│ │ ├── monolog.yaml
│ │ ├── twig.yaml
│ │ ├── validator.yaml
│ │ └── web_profiler.yaml
│ ├── translation.yaml
│ ├── twig.yaml
│ └── validator.yaml
├── routes.yaml
├── routes
│ ├── annotations.yaml
│ └── dev
│ │ ├── framework.yaml
│ │ └── web_profiler.yaml
└── services.yaml
├── docker-compose.yml
├── migrations
└── .gitignore
├── phpunit.xml.dist
├── public
├── .htaccess
└── index.php
├── src
├── Controller
│ ├── .gitignore
│ └── MainController.php
├── Entity
│ └── .gitignore
├── Kernel.php
└── Repository
│ └── .gitignore
├── symfony.lock
├── templates
└── base.html.twig
├── tests
└── bootstrap.php
└── translations
└── .gitignore
/.env.dist:
--------------------------------------------------------------------------------
1 | # In all environments, the following files are loaded if they exist,
2 | # the latter taking precedence over the former:
3 | #
4 | # * .env contains default values for the environment variables needed by the app
5 | # * .env.local uncommitted file with local overrides
6 | # * .env.$APP_ENV committed environment-specific defaults
7 | # * .env.$APP_ENV.local uncommitted environment-specific overrides
8 | #
9 | # Real environment variables win over .env files.
10 | #
11 | # DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
12 | #
13 | # Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
14 | # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
15 |
16 | ###> symfony/framework-bundle ###
17 | APP_ENV=prod
18 | APP_SECRET=eca38df71fa4402078f6d6255b16d75c
19 | #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
20 | #TRUSTED_HOSTS='^(localhost|example\.com)$'
21 | ###< symfony/framework-bundle ###
22 |
23 | ###> symfony/mailer ###
24 | # MAILER_DSN=smtp://localhost
25 | ###< symfony/mailer ###
26 |
27 | ###> doctrine/doctrine-bundle ###
28 | # Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
29 | # For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
30 | # For a PostgreSQL database, use: "postgresql://db_user:db_password@127.0.0.1:5432/db_name?serverVersion=11&charset=utf8"
31 | # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
32 | DATABASE_URL=mysql://db_user:db_password@127.0.0.1:3306/db_name?serverVersion=5.7
33 | ###< doctrine/doctrine-bundle ###
34 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 | - OS: [e.g. iOS]
28 | - Tools and version [e.g. ansible, terraform, packer, docker]
29 |
30 | **Additional context**
31 | Add any other context about the problem here.
32 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: enhancement
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.github/workflows/ci-cd.yml:
--------------------------------------------------------------------------------
1 | # Make sure to configure the secrets in your repository before running this
2 | # action:
3 | #
4 | # AWS_ACCESS_KEY_ID
5 | # AWS_SECRET_ACCESS_KEY
6 | # AWS_REGION
7 | # APPLICATION_NAME (the same you've configured in terraform.tfvars)
8 | # AWS_S3_DEPLOYMENT_BUCKET (the same you've configured in terraform.tfvars)
9 | #
10 | ###############################################################################
11 | name: CI/CD
12 | # Change workflow_dispatch for push if you want continuous deployment
13 | # on: [push, workflow_dispatch]
14 | on: workflow_dispatch
15 | jobs:
16 | production-deploy:
17 | runs-on: ubuntu-latest
18 | if: github.ref == 'refs/heads/master'
19 | steps:
20 | - uses: actions/checkout@v2
21 | - name: AWS Deploy push
22 | uses: ItsKarma/aws-cli@v1.70.0
23 | env:
24 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
25 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
26 | AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
27 | with:
28 | args: >-
29 | deploy push
30 | --application-name "symfony_project_kickstart_${{ secrets.APPLICATION_NAME }}"
31 | --description "New automatic deployment for ${{ secrets.APPLICATION_NAME }}"
32 | --s3-location s3://${{ secrets.AWS_S3_DEPLOYMENT_BUCKET }}/production.zip
33 | --source .
34 | - name: AWS Create Deploy
35 | uses: ItsKarma/aws-cli@v1.70.0
36 | env:
37 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
38 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
39 | AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
40 | with:
41 | args: >-
42 | deploy create-deployment
43 | --application-name "symfony_project_kickstart_${{ secrets.APPLICATION_NAME }}"
44 | --deployment-config-name CodeDeployDefault.OneAtATime
45 | --deployment-group-name SPK_Deployment_Group_Webservers
46 | --file-exists-behavior OVERWRITE
47 | --s3-location bucket=${{ secrets.AWS_S3_DEPLOYMENT_BUCKET }},key=production.zip,bundleType=zip
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | ###> symfony/framework-bundle ###
3 | /.env.local
4 | /.env.local.php
5 | /.env.*.local
6 | /config/secrets/prod/prod.decrypt.private.php
7 | /public/bundles/
8 | /var/
9 | /vendor/
10 | ###< symfony/framework-bundle ###
11 |
12 | ###> symfony/phpunit-bridge ###
13 | .phpunit
14 | .phpunit.result.cache
15 | /phpunit.xml
16 | ###< symfony/phpunit-bridge ###
17 | /.env
18 |
19 | ### Terraform template
20 | # Local .terraform directories
21 | **/.terraform/*
22 |
23 | # .tfstate files
24 | *.tfstate
25 | *.tfstate.*
26 |
27 | # Crash log files
28 | crash.log
29 |
30 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
31 | # .tfvars files are managed as part of configuration and so should be included in
32 | # version control.
33 | #
34 | # example.tfvars
35 |
36 | # Ignore override files as they are usually used to override resources locally and so
37 | # are not checked in
38 | override.tf
39 | override.tf.json
40 | *_override.tf
41 | *_override.tf.json
42 |
43 | # Include override files you do wish to add to version control using negated pattern
44 | #
45 | # !example_override.tf
46 |
47 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
48 | # example: *tfplan*
49 |
50 | # Ignore CLI configuration files
51 | .terraformrc
52 | terraform.rc
53 | /automation/terraform/.terraform
54 | /automation/terraform/terraform.tfvars
55 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as
6 | contributors and maintainers pledge to making participation in our project and
7 | our community a harassment-free experience for everyone, regardless of age, body
8 | size, disability, ethnicity, sex characteristics, gender identity and expression,
9 | level of experience, education, socio-economic status, nationality, personal
10 | appearance, race, religion, or sexual identity and orientation.
11 |
12 | ## Our Standards
13 |
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 |
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 |
23 | Examples of unacceptable behavior by participants include:
24 |
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 | address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 | professional setting
33 |
34 | ## Our Responsibilities
35 |
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 |
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 |
46 | ## Scope
47 |
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 |
55 | ## Enforcement
56 |
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at nino@dafonte.dev. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 |
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 |
68 | ## Attribution
69 |
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
72 |
73 | [homepage]: https://www.contributor-covenant.org
74 |
75 | For answers to common questions about this code of conduct, see
76 | https://www.contributor-covenant.org/faq
77 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 Nino Dafonte
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/Symfony-LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) Fabien Potencier
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is furnished
8 | to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
20 |
--------------------------------------------------------------------------------
/appspec.yml:
--------------------------------------------------------------------------------
1 | version: 0.0
2 | os: linux
3 | files:
4 | - source: /
5 | destination: /var/www/symfony-project-kickstart
6 | permissions:
7 | - object: /var/www/symfony-project-kickstart
8 | pattern: "**"
9 | owner: www-data
10 | group: www-data
11 | type:
12 | - directory
13 | - file
14 | hooks:
15 | BeforeInstall:
16 | - location: build-scripts/before-install-root.sh
17 | timeout: 300
18 | runas: root
19 | AfterInstall:
20 | - location: build-scripts/after-install-root.sh
21 | timeout: 300
22 | runas: root
--------------------------------------------------------------------------------
/automation/ansible/database_server.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 | become: True
4 | gather_facts: False
5 |
6 | pre_tasks:
7 | - raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
8 | - setup: # aka gather_facts
9 |
10 | vars_files:
11 | - "./vars/database_server_vars.yml"
12 |
13 | roles:
14 | - { role: common }
15 | - { role: geerlingguy.pip }
16 | - { role: dbutils }
17 | - { role: geerlingguy.mysql }
18 |
--------------------------------------------------------------------------------
/automation/ansible/roles/common/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update repositories cache
3 | apt:
4 | update_cache: yes
5 | become: True
6 |
7 | - name: Update all packages to the latest version
8 | apt:
9 | upgrade: dist
10 | become: True
11 |
12 | - name: Ensure NTP is installed
13 | apt:
14 | name: ntp
15 | state: present
16 | update_cache: yes
17 | become: True
18 |
19 | - name: Ensure the NTP service is running and enabled
20 | service:
21 | name: ntp
22 | state: started
23 | enabled: True
24 | become: True
25 |
26 | - name: Ensure the MOTD file is present and updated
27 | template:
28 | src: motd
29 | dest: /etc/motd
30 | owner: root
31 | group: root
32 | mode: 0644
33 | become: True
34 |
35 | - name: install tool and utility packages for general use (git, curl, wget, vim, awscli, etc.)
36 | apt:
37 | name: ['language-pack-en', 'vim', 'htop', 'git', 'curl', 'wget', 'awscli']
38 | update_cache: yes
39 | state: latest
40 | become: True
--------------------------------------------------------------------------------
/automation/ansible/roles/common/templates/motd:
--------------------------------------------------------------------------------
1 | This system is managed by Terraform and Ansible
2 | Any change done on this system could be overwritten by Ansible
3 |
4 | OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
5 | Hostname: {{ inventory_hostname }}
6 |
7 | All connections are monitored and recorded
8 | Disconnect IMMEDIATELY if you are not an authorized user
9 |
10 |
11 |
--------------------------------------------------------------------------------
/automation/ansible/roles/dbutils/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Make sure pymysql is present
3 | pip:
4 | name: pymysql
5 | state: present
6 | become: True
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/.clog.toml:
--------------------------------------------------------------------------------
1 | [clog]
2 | changelog = "CHANGELOG.md"
3 | repository = "https://github.com/weareinteractive/ansible-environment"
4 | from-latest-tag = true
5 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/.editorconfig:
--------------------------------------------------------------------------------
1 | # EditorConfig helps developers define and maintain consistent
2 | # coding styles between different editors and IDEs
3 | # editorconfig.org
4 |
5 | root = true
6 |
7 | [*]
8 | # Change these settings to your own preference
9 | indent_size = 2
10 | indent_style = space
11 |
12 | # We recommend you to keep these unchanged
13 | charset = utf-8
14 | end_of_line = lf
15 | insert_final_newline = true
16 | trim_trailing_whitespace = true
17 |
18 | [Makefile]
19 | indent_style = tab
20 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .vagrant
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: phyton
3 | python: "2.7"
4 |
5 | sudo: required
6 |
7 | services:
8 | - docker
9 |
10 | before_install:
11 | - docker pull williamyeh/ansible:ubuntu14.04
12 |
13 | script:
14 | - make test
15 |
16 | notifications:
17 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
18 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/CHANGELOG.md:
--------------------------------------------------------------------------------
1 |
2 | ## 1.3.0 (2017-10-25)
3 |
4 |
5 | #### Features
6 |
7 | * make role > 2.4 conform ([a35b8cbc](https://github.com/weareinteractive/ansible-environment/commit/a35b8cbc222fccf6b59753a6892b06c228a4d66a))
8 | * change regex to match full key when removing it ([51772aa4](https://github.com/weareinteractive/ansible-environment/commit/51772aa4394ffb72965859cf4ebcc33741a8a64e))
9 |
10 |
11 |
12 |
13 | ### 1.2.4 (2017-09-26)
14 |
15 |
16 | #### Features
17 |
18 | * set default environment config as a dict ([cd52980b](https://github.com/weareinteractive/ansible-environment/commit/cd52980b9ad9576d891f2af417f98fa305c48f48))
19 |
20 |
21 |
22 |
23 | ### 1.2.3 (2017-03-09)
24 |
25 |
26 | #### Features
27 |
28 | * remove enforcement for upper key-names ([0fb9b167](https://github.com/weareinteractive/ansible-environment/commit/0fb9b16797f9c47ced17ebe4cadd8f2d59fddd3d))
29 |
30 |
31 |
32 |
33 | ### 1.2.2 (2017-02-07)
34 |
35 |
36 | #### Features
37 |
38 | * ensure file exists only changes when file is created ([41cbbbc6](https://github.com/weareinteractive/ansible-environment/commit/41cbbbc626a702574d25da3cc07b24feed36d00e))
39 |
40 |
41 |
42 |
43 | ## 1.2.0 (2016-07-25)
44 |
45 |
46 | #### Features
47 |
48 | * use ansible-role docgen to generate documentions ([857dc0f6](https://github.com/weareinteractive/ansible-environment/commit/857dc0f68c89a86bef35b407f73ca775afa77cce))
49 | * add .editorconfig ([35798f5b](https://github.com/weareinteractive/ansible-environment/commit/35798f5bfc49ace1f9fdbfee5013725665a8c282))
50 | * add CHANGELOG ([44b96586](https://github.com/weareinteractive/ansible-environment/commit/44b96586ecf38c20faf19f3466b0e5a0a690f0db))
51 | * add environment file user and group vars ([d626b7bf](https://github.com/weareinteractive/ansible-environment/commit/d626b7bfaf515bfe123f2d6d66207d0af1bb498e))
52 | * add environment_file var to allow writing alternative files ([df721dba](https://github.com/weareinteractive/ansible-environment/commit/df721dbab4511da678f05eba9a18fda2088a405a))
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) We Are Interactive
2 |
3 | Permission is hereby granted, free of charge, to any person
4 | obtaining a copy of this software and associated documentation
5 | files (the "Software"), to deal in the Software without
6 | restriction, including without limitation the rights to use,
7 | copy, modify, merge, publish, distribute, sublicense, and/or sell
8 | copies of the Software, and to permit persons to whom the
9 | Software is furnished to do so, subject to the following
10 | conditions:
11 |
12 | The above copyright notice and this permission notice shall be
13 | included in all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17 | OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/Makefile:
--------------------------------------------------------------------------------
1 | PWD=$(shell pwd)
2 | ROLE_NAME=franklinkim.environment
3 | ROLE_PATH=/etc/ansible/roles/$(ROLE_NAME)
4 | TEST_VERSION=ansible --version
5 | TEST_SYNTAX=ansible-playbook -vv -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml --syntax-check
6 | TEST_PLAYBOOK=ansible-playbook -vv -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml
7 | TEST_CMD=$(TEST_VERSION); $(TEST_SYNTAX); $(TEST_PLAYBOOK)
8 |
9 | .PHONY: test
10 | test:
11 | docker run -it --rm -e "ROLE_NAME=$(ROLE_NAME)" -v $(PWD):$(ROLE_PATH) williamyeh/ansible:ubuntu14.04 /bin/bash -c "$(TEST_CMD)"
12 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/README.md:
--------------------------------------------------------------------------------
1 | # Ansible franklinkim.environment role
2 |
3 | [](https://travis-ci.org/weareinteractive/ansible-environment)
4 | [](https://galaxy.ansible.com/weareinteractive/environment)
5 | [](https://github.com/weareinteractive/ansible-environment)
6 | [](https://github.com/weareinteractive/ansible-environment)
7 |
8 | > `franklinkim.environment` is an [Ansible](http://www.ansible.com) role which:
9 | >
10 | > * adds `/etc/environment` variables
11 |
12 | ## Installation
13 |
14 | Using `ansible-galaxy`:
15 |
16 | ```shell
17 | $ ansible-galaxy install franklinkim.environment
18 | ```
19 |
20 | Using `requirements.yml`:
21 |
22 | ```yaml
23 | - src: franklinkim.environment
24 | ```
25 |
26 | Using `git`:
27 |
28 | ```shell
29 | $ git clone https://github.com/weareinteractive/ansible-environment.git franklinkim.environment
30 | ```
31 |
32 | ## Dependencies
33 |
34 | * Ansible >= 2.4
35 |
36 | ## Variables
37 |
38 | Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`.
39 |
40 | ```yaml
41 | ---
42 |
43 | # Path to the environment file
44 | environment_file: /etc/environment
45 | # The environment file owner
46 | environment_file_owner: root
47 | # The environment file group
48 | environment_file_group: root
49 | # A dictionary of config parameters i.e
50 | #
51 | # environment_config:
52 | # LC_ALL: en_US.UTF-8
53 | environment_config: {}
54 |
55 | ```
56 |
57 |
58 | ## Usage
59 |
60 | This is an example playbook:
61 |
62 | ```yaml
63 | ---
64 |
65 | - hosts: all
66 | roles:
67 | - franklinkim.environment
68 | vars:
69 | environment_config:
70 | LC_ALL: C
71 |
72 | ```
73 |
74 |
75 | ## Testing
76 |
77 | ```shell
78 | $ git clone https://github.com/weareinteractive/ansible-environment.git
79 | $ cd ansible-environment
80 | $ make test
81 | ```
82 |
83 | ## Contributing
84 | In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
85 |
86 | 1. Fork it
87 | 2. Create your feature branch (`git checkout -b my-new-feature`)
88 | 3. Commit your changes (`git commit -am 'Add some feature'`)
89 | 4. Push to the branch (`git push origin my-new-feature`)
90 | 5. Create new Pull Request
91 |
92 | *Note: To update the `README.md` file please install and run `ansible-role`:*
93 |
94 | ```shell
95 | $ gem install ansible-role
96 | $ ansible-role docgen
97 | ```
98 |
99 | ## License
100 | Copyright (c) We Are Interactive under the MIT license.
101 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/Vagrantfile:
--------------------------------------------------------------------------------
1 | # -*- mode: ruby -*-
2 | # vi: set ft=ruby :
3 |
4 | Vagrant.configure("2") do |config|
5 | config.vbguest.no_remote = true
6 | config.vbguest.auto_update = false
7 |
8 | config.vm.define 'trusty' do |instance|
9 | instance.vm.box = 'ubuntu/trusty64'
10 | end
11 |
12 | # View the documentation for the provider you're using for more
13 | # information on available options.
14 | config.vm.provision "ansible" do |ansible|
15 | ansible.playbook = "tests/main.yml"
16 | ansible.verbose = 'vv'
17 | ansible.sudo = true
18 | end
19 | end
20 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # Path to the environment file
4 | environment_file: /etc/environment
5 | # The environment file owner
6 | environment_file_owner: root
7 | # The environment file group
8 | environment_file_group: root
9 | # A dictionary of config parameters i.e
10 | #
11 | # environment_config:
12 | # LC_ALL: en_US.UTF-8
13 | environment_config: {}
14 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Mon Apr 30 15:15:51 2018', version: 1.3.0}
2 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: franklin
4 | company: We Are Interactive
5 | description: Adds /etc/environment variables
6 | min_ansible_version: 2.4
7 | license: MIT
8 | # Optionally specify the branch Galaxy will use when accessing the GitHub
9 | # repo for this role. During role install, if no tags are available,
10 | # Galaxy will use this branch. During import Galaxy will access files on
11 | # this branch. If travis integration is cofigured, only notification for this
12 | # branch will be accepted. Otherwise, in all cases, the repo's default branch
13 | # (usually master) will be used.
14 | github_branch: master
15 | #
16 | # Below are all platforms currently available. Just uncomment
17 | # the ones that apply to your role. If you don't see your
18 | # platform on this list, let us know and we'll get it added!
19 | #
20 | platforms:
21 | #- name: EL
22 | # versions:
23 | # - all
24 | # - 5
25 | # - 6
26 | # - 7
27 | #- name: GenericUNIX
28 | # versions:
29 | # - all
30 | # - any
31 | #- name: Solaris
32 | # versions:
33 | # - all
34 | # - 10
35 | # - 11.0
36 | # - 11.1
37 | # - 11.2
38 | # - 11.3
39 | #- name: Fedora
40 | # versions:
41 | # - all
42 | # - 16
43 | # - 17
44 | # - 18
45 | # - 19
46 | # - 20
47 | # - 21
48 | # - 22
49 | # - 23
50 | #- name: Windows
51 | # versions:
52 | # - all
53 | # - 2012R2
54 | #- name: SmartOS
55 | # versions:
56 | # - all
57 | # - any
58 | #- name: opensuse
59 | # versions:
60 | # - all
61 | # - 12.1
62 | # - 12.2
63 | # - 12.3
64 | # - 13.1
65 | # - 13.2
66 | #- name: Amazon
67 | # versions:
68 | # - all
69 | # - 2013.03
70 | # - 2013.09
71 | #- name: GenericBSD
72 | # versions:
73 | # - all
74 | # - any
75 | #- name: FreeBSD
76 | # versions:
77 | # - all
78 | # - 10.0
79 | # - 10.1
80 | # - 10.2
81 | # - 8.0
82 | # - 8.1
83 | # - 8.2
84 | # - 8.3
85 | # - 8.4
86 | # - 9.0
87 | # - 9.1
88 | # - 9.1
89 | # - 9.2
90 | # - 9.3
91 | - name: Ubuntu
92 | versions:
93 | - all
94 | # - lucid
95 | # - maverick
96 | # - natty
97 | # - oneiric
98 | # - precise
99 | # - quantal
100 | # - raring
101 | # - saucy
102 | # - trusty
103 | # - utopic
104 | # - vivid
105 | # - wily
106 | #- name: SLES
107 | # versions:
108 | # - all
109 | # - 10SP3
110 | # - 10SP4
111 | # - 11
112 | # - 11SP1
113 | # - 11SP2
114 | # - 11SP3
115 | #- name: GenericLinux
116 | # versions:
117 | # - all
118 | # - any
119 | - name: Debian
120 | versions:
121 | - all
122 | # - etch
123 | # - jessie
124 | # - lenny
125 | # - squeeze
126 | # - wheezy categories:
127 | #
128 | # List tags for your role here, one per line. A tag is
129 | # a keyword that describes and categorizes the role.
130 | # Users find roles by searching for tags. Be sure to
131 | # remove the '[]' above if you add tags to this list.
132 | #
133 | # NOTE: A tag is limited to a single word comprised of
134 | # alphanumeric characters. Maximum 20 tags per role.
135 | galaxy_tags:
136 | - system
137 | - environment
138 | - env
139 | # List your role dependencies here, one per line. Only
140 | # dependencies available via galaxy should be listed here.
141 | # Be sure to remove the '[]' above if you add dependencies
142 | # to this list.
143 | dependencies: []
144 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/meta/readme.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_name: franklinkim.environment
3 | github_user: weareinteractive
4 | github_name: ansible-environment
5 | badges: |
6 | [](https://travis-ci.org/weareinteractive/ansible-environment)
7 | [](https://galaxy.ansible.com/weareinteractive/environment)
8 | [](https://github.com/weareinteractive/ansible-environment)
9 | [](https://github.com/weareinteractive/ansible-environment)
10 | description: |
11 | > * adds `/etc/environment` variables
12 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/tasks/config.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Ensure file exists
4 | file:
5 | path: "{{ environment_file }}"
6 | owner: "{{ environment_file_owner }}"
7 | group: "{{ environment_file_group }}"
8 | state: touch
9 | register: environment_file_result
10 | changed_when: environment_file_result.diff.before.state != "file"
11 |
12 | - name: Remove previous values
13 | lineinfile:
14 | dest: "{{ environment_file }}"
15 | regexp: '^{{ item.key }}\ ?='
16 | state: absent
17 | with_dict: "{{ environment_config }}"
18 |
19 | - name: Configuring environment
20 | lineinfile:
21 | dest: "{{ environment_file }}"
22 | line: "{{ item.key }}='{{ item.value }}'"
23 | with_dict: "{{ environment_config }}"
24 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - import_tasks: config.yml
4 | tags:
5 | - system
6 | - environment
7 | - config
8 | - environment-config
9 |
--------------------------------------------------------------------------------
/automation/ansible/roles/franklinkim.environment/tests/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: all
4 | roles:
5 | - franklinkim.environment
6 | vars:
7 | environment_config:
8 | LC_ALL: C
9 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | tests/test.sh
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | services: docker
3 |
4 | env:
5 | - distro: centos7
6 | - distro: centos6
7 | - distro: ubuntu1804
8 | - distro: ubuntu1604
9 | - distro: ubuntu1404
10 | - distro: debian9
11 | - distro: debian8
12 |
13 | script:
14 | # Download test shim.
15 | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
16 | - chmod +x ${PWD}/tests/test.sh
17 |
18 | # Run tests.
19 | - ${PWD}/tests/test.sh
20 |
21 | notifications:
22 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
23 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2017 Jeff Geerling
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_enablerepo: ""
3 |
4 | apache_listen_ip: "*"
5 | apache_listen_port: 80
6 | apache_listen_port_ssl: 443
7 |
8 | apache_create_vhosts: true
9 | apache_vhosts_filename: "vhosts.conf"
10 | apache_vhosts_template: "vhosts.conf.j2"
11 |
12 | # On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
13 | # Set this to `true` to remove that default.
14 | apache_remove_default_vhost: false
15 |
16 | apache_global_vhost_settings: |
17 | DirectoryIndex index.php index.html
18 |
19 | apache_vhosts:
20 | # Additional properties:
21 | # 'serveradmin, serveralias, allow_override, options, extra_parameters'.
22 | - servername: "local.dev"
23 | documentroot: "/var/www/html"
24 |
25 | apache_allow_override: "All"
26 | apache_options: "-Indexes +FollowSymLinks"
27 |
28 | apache_vhosts_ssl: []
29 | # Additional properties:
30 | # 'serveradmin, serveralias, allow_override, options, extra_parameters'.
31 | # - servername: "local.dev",
32 | # documentroot: "/var/www/html",
33 | # certificate_file: "/path/to/certificate.crt",
34 | # certificate_key_file: "/path/to/certificate.key",
35 | # # Optional.
36 | # certificate_chain_file: "/path/to/certificate_chain.crt"
37 |
38 | apache_ignore_missing_ssl_certificate: true
39 |
40 | apache_ssl_protocol: "All -SSLv2 -SSLv3"
41 | apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
42 |
43 | # Only used on Debian/Ubuntu.
44 | apache_mods_enabled:
45 | - rewrite.load
46 | - ssl.load
47 | apache_mods_disabled: []
48 |
49 | # Set initial apache state. Recommended values: `started` or `stopped`
50 | apache_state: started
51 |
52 | # Set apache state when configuration changes are made. Recommended values:
53 | # `restarted` or `reloaded`
54 | apache_restart_state: restarted
55 |
56 | # Apache package state; use `present` to make sure it's installed, or `latest`
57 | # if you want to upgrade or switch versions using a new repo.
58 | apache_packages_state: present
59 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart apache
3 | service:
4 | name: "{{ apache_service }}"
5 | state: "{{ apache_restart_state }}"
6 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Sun Apr 29 12:07:28 2018', version: 3.0.0}
2 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | author: geerlingguy
6 | description: Apache 2.x for Linux.
7 | company: "Midwestern Mac, LLC"
8 | license: "license (BSD, MIT)"
9 | min_ansible_version: 2.4
10 | platforms:
11 | - name: EL
12 | versions:
13 | - all
14 | - name: Amazon
15 | versions:
16 | - all
17 | - name: Debian
18 | versions:
19 | - all
20 | - name: Ubuntu
21 | versions:
22 | - trusty
23 | - xenial
24 | - bionic
25 | - name: Suse
26 | versions:
27 | - all
28 | - name: Solaris
29 | versions:
30 | - 11.3
31 | galaxy_tags:
32 | - web
33 | - apache
34 | - webserver
35 | - html
36 |
37 | allow_duplicates: yes
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure Apache.
3 | lineinfile:
4 | dest: "{{ apache_server_root }}/ports.conf"
5 | regexp: "{{ item.regexp }}"
6 | line: "{{ item.line }}"
7 | state: present
8 | with_items: "{{ apache_ports_configuration_items }}"
9 | notify: restart apache
10 |
11 | - name: Enable Apache mods.
12 | file:
13 | src: "{{ apache_server_root }}/mods-available/{{ item }}"
14 | dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
15 | state: link
16 | with_items: "{{ apache_mods_enabled }}"
17 | notify: restart apache
18 |
19 | - name: Disable Apache mods.
20 | file:
21 | path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
22 | state: absent
23 | with_items: "{{ apache_mods_disabled }}"
24 | notify: restart apache
25 |
26 | - name: Check whether certificates defined in vhosts exist.
27 | stat: "path={{ item.certificate_file }}"
28 | register: apache_ssl_certificates
29 | with_items: "{{ apache_vhosts_ssl }}"
30 |
31 | - name: Add apache vhosts configuration.
32 | template:
33 | src: "{{ apache_vhosts_template }}"
34 | dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
35 | owner: root
36 | group: root
37 | mode: 0644
38 | notify: restart apache
39 | when: apache_create_vhosts
40 |
41 | - name: Add vhost symlink in sites-enabled.
42 | file:
43 | src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
44 | dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
45 | state: link
46 | notify: restart apache
47 | when: apache_create_vhosts
48 |
49 | - name: Remove default vhost in sites-enabled.
50 | file:
51 | path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
52 | state: absent
53 | notify: restart apache
54 | when: apache_remove_default_vhost
55 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure Apache.
3 | lineinfile:
4 | dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
5 | regexp: "{{ item.regexp }}"
6 | line: "{{ item.line }}"
7 | state: present
8 | with_items: "{{ apache_ports_configuration_items }}"
9 | notify: restart apache
10 |
11 | - name: Check whether certificates defined in vhosts exist.
12 | stat: path={{ item.certificate_file }}
13 | register: apache_ssl_certificates
14 | with_items: "{{ apache_vhosts_ssl }}"
15 |
16 | - name: Add apache vhosts configuration.
17 | template:
18 | src: "{{ apache_vhosts_template }}"
19 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
20 | owner: root
21 | group: root
22 | mode: 0644
23 | notify: restart apache
24 | when: apache_create_vhosts
25 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure Apache.
3 | lineinfile:
4 | dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
5 | regexp: "{{ item.regexp }}"
6 | line: "{{ item.line }}"
7 | state: present
8 | with_items: "{{ apache_ports_configuration_items }}"
9 | notify: restart apache
10 |
11 | - name: Add apache vhosts configuration.
12 | template:
13 | src: "{{ apache_vhosts_template }}"
14 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
15 | owner: root
16 | group: root
17 | mode: 0644
18 | notify: restart apache
19 | when: apache_create_vhosts
20 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure Apache.
3 | lineinfile:
4 | dest: "{{ apache_server_root }}/listen.conf"
5 | regexp: "{{ item.regexp }}"
6 | line: "{{ item.line }}"
7 | state: present
8 | with_items: "{{ apache_ports_configuration_items }}"
9 | notify: restart apache
10 |
11 | - name: Check whether certificates defined in vhosts exist.
12 | stat: path={{ item.certificate_file }}
13 | register: apache_ssl_certificates
14 | with_items: "{{ apache_vhosts_ssl }}"
15 |
16 | - name: Add apache vhosts configuration.
17 | template:
18 | src: "{{ apache_vhosts_template }}"
19 | dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
20 | owner: root
21 | group: root
22 | mode: 0644
23 | notify: restart apache
24 | when: apache_create_vhosts
25 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Include variables and define needed variables.
3 | - name: Include OS-specific variables.
4 | include_vars: "{{ ansible_os_family }}.yml"
5 |
6 | - name: Include variables for Amazon Linux.
7 | include_vars: "AmazonLinux.yml"
8 | when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
9 |
10 | - name: Define apache_packages.
11 | set_fact:
12 | apache_packages: "{{ __apache_packages | list }}"
13 | when: apache_packages is not defined
14 |
15 | # Setup/install tasks.
16 | - include_tasks: "setup-{{ ansible_os_family }}.yml"
17 |
18 | # Figure out what version of Apache is installed.
19 | - name: Get installed version of Apache.
20 | shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
21 | changed_when: false
22 | check_mode: no
23 | register: _apache_version
24 |
25 | - name: Create apache_version variable.
26 | set_fact:
27 | apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
28 |
29 | - include_vars: apache-22.yml
30 | when: "apache_version.split('.')[1] == '2'"
31 |
32 | - include_vars: apache-24.yml
33 | when: "apache_version.split('.')[1] == '4'"
34 |
35 | # Configure Apache.
36 | - include_tasks: "configure-{{ ansible_os_family }}.yml"
37 |
38 | - name: Ensure Apache has selected state and enabled on boot.
39 | service:
40 | name: "{{ apache_service }}"
41 | state: "{{ apache_state }}"
42 | enabled: yes
43 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/setup-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update apt cache.
3 | apt: update_cache=yes cache_valid_time=3600
4 |
5 | - name: Ensure Apache is installed on Debian.
6 | apt: "name={{ item }} state={{ apache_packages_state }}"
7 | with_items: "{{ apache_packages }}"
8 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/setup-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Apache is installed on RHEL.
3 | yum:
4 | name: "{{ item }}"
5 | state: "{{ apache_packages_state }}"
6 | enablerepo: "{{ apache_enablerepo }}"
7 | with_items: "{{ apache_packages }}"
8 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/setup-Solaris.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Apache is installed on Solaris.
3 | pkg5:
4 | name: "{{ item }}"
5 | state: "{{ apache_packages_state }}"
6 | with_items: "{{ apache_packages }}"
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tasks/setup-Suse.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Apache is installed on Suse.
3 | zypper:
4 | name: "{{ item }}"
5 | state: "{{ apache_packages_state }}"
6 | with_items: "{{ apache_packages }}"
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/templates/vhosts.conf.j2:
--------------------------------------------------------------------------------
1 | {{ apache_global_vhost_settings }}
2 |
3 | {# Set up VirtualHosts #}
4 | {% for vhost in apache_vhosts %}
5 |
6 | ServerName {{ vhost.servername }}
7 | {% if vhost.serveralias is defined %}
8 | ServerAlias {{ vhost.serveralias }}
9 | {% endif %}
10 | {% if vhost.documentroot is defined %}
11 | DocumentRoot "{{ vhost.documentroot }}"
12 | {% endif %}
13 |
14 | {% if vhost.serveradmin is defined %}
15 | ServerAdmin {{ vhost.serveradmin }}
16 | {% endif %}
17 | {% if vhost.documentroot is defined %}
18 |
19 | AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
20 | Options {{ vhost.options | default(apache_options) }}
21 | {% if apache_vhosts_version == "2.2" %}
22 | Order allow,deny
23 | Allow from all
24 | {% else %}
25 | Require all granted
26 | {% endif %}
27 |
28 | {% endif %}
29 | {% if vhost.extra_parameters is defined %}
30 | {{ vhost.extra_parameters }}
31 | {% endif %}
32 |
33 |
34 | {% endfor %}
35 |
36 | {# Set up SSL VirtualHosts #}
37 | {% for vhost in apache_vhosts_ssl %}
38 | {% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
39 |
40 | ServerName {{ vhost.servername }}
41 | {% if vhost.serveralias is defined %}
42 | ServerAlias {{ vhost.serveralias }}
43 | {% endif %}
44 | {% if vhost.documentroot is defined %}
45 | DocumentRoot "{{ vhost.documentroot }}"
46 | {% endif %}
47 |
48 | SSLEngine on
49 | SSLCipherSuite {{ apache_ssl_cipher_suite }}
50 | SSLProtocol {{ apache_ssl_protocol }}
51 | SSLHonorCipherOrder On
52 | {% if apache_vhosts_version == "2.4" %}
53 | SSLCompression off
54 | {% endif %}
55 | SSLCertificateFile {{ vhost.certificate_file }}
56 | SSLCertificateKeyFile {{ vhost.certificate_key_file }}
57 | {% if vhost.certificate_chain_file is defined %}
58 | SSLCertificateChainFile {{ vhost.certificate_chain_file }}
59 | {% endif %}
60 |
61 | {% if vhost.serveradmin is defined %}
62 | ServerAdmin {{ vhost.serveradmin }}
63 | {% endif %}
64 | {% if vhost.documentroot is defined %}
65 |
66 | AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
67 | Options {{ vhost.options | default(apache_options) }}
68 | {% if apache_vhosts_version == "2.2" %}
69 | Order allow,deny
70 | Allow from all
71 | {% else %}
72 | Require all granted
73 | {% endif %}
74 |
75 | {% endif %}
76 | {% if vhost.extra_parameters is defined %}
77 | {{ vhost.extra_parameters }}
78 | {% endif %}
79 |
80 |
81 | {% endif %}
82 | {% endfor %}
83 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tests/README.md:
--------------------------------------------------------------------------------
1 | # Ansible Role tests
2 |
3 | To run the test playbook(s) in this directory:
4 |
5 | 1. Install and start Docker.
6 | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`:
7 | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/`
8 | 1. Make the test shim executable: `chmod +x tests/test.sh`.
9 | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh`
10 |
11 | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)`
12 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |
4 | vars:
5 | apache_listen_port_ssl: 443
6 | apache_create_vhosts: true
7 | apache_vhosts_filename: "vhosts.conf"
8 | apache_vhosts:
9 | - servername: "example.com"
10 | documentroot: "/var/www/vhosts/example_com"
11 |
12 | roles:
13 | - role_under_test
14 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/AmazonLinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_service: httpd
3 | apache_daemon: httpd
4 | apache_daemon_path: /usr/sbin/
5 | apache_server_root: /etc/httpd
6 | apache_conf_path: /etc/httpd/conf.d
7 |
8 | apache_vhosts_version: "2.4"
9 |
10 | __apache_packages:
11 | - httpd24
12 | - httpd24-devel
13 | - mod24_ssl
14 | - openssh
15 |
16 | apache_ports_configuration_items:
17 | - regexp: "^Listen "
18 | line: "Listen {{ apache_listen_port }}"
19 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_service: apache2
3 | apache_daemon: apache2
4 | apache_daemon_path: /usr/sbin/
5 | apache_server_root: /etc/apache2
6 | apache_conf_path: /etc/apache2
7 |
8 | __apache_packages:
9 | - apache2
10 | - apache2-utils
11 |
12 | apache_ports_configuration_items:
13 | - regexp: "^Listen "
14 | line: "Listen {{ apache_listen_port }}"
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_service: httpd
3 | apache_daemon: httpd
4 | apache_daemon_path: /usr/sbin/
5 | apache_server_root: /etc/httpd
6 | apache_conf_path: /etc/httpd/conf.d
7 |
8 | apache_vhosts_version: "2.2"
9 |
10 | __apache_packages:
11 | - httpd
12 | - httpd-devel
13 | - mod_ssl
14 | - openssh
15 |
16 | apache_ports_configuration_items:
17 | - regexp: "^Listen "
18 | line: "Listen {{ apache_listen_port }}"
19 | - regexp: "^#?NameVirtualHost "
20 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/Solaris.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_service: apache24
3 | apache_daemon: httpd
4 | apache_daemon_path: /usr/apache2/2.4/bin/
5 | apache_server_root: /etc/apache2/2.4/
6 | apache_conf_path: /etc/apache2/2.4/conf.d
7 |
8 | apache_vhosts_version: "2.2"
9 |
10 | __apache_packages:
11 | - web/server/apache-24
12 | - web/server/apache-24/module/apache-ssl
13 | - web/server/apache-24/module/apache-security
14 |
15 | apache_ports_configuration_items:
16 | - regexp: "^Listen "
17 | line: "Listen {{ apache_listen_port }}"
18 | - regexp: "^#?NameVirtualHost "
19 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
20 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_service: apache2
3 | apache_daemon: httpd2
4 | apache_daemon_path: /usr/sbin/
5 | apache_server_root: /etc/apache2
6 | apache_conf_path: /etc/apache2/conf.d
7 |
8 | apache_vhosts_version: "2.2"
9 |
10 | __apache_packages:
11 | - apache2
12 | - openssh
13 |
14 | apache_ports_configuration_items:
15 | - regexp: "^Listen "
16 | line: "Listen {{ apache_listen_port }}"
17 | - regexp: "^#?NameVirtualHost "
18 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
19 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/apache-22.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_vhosts_version: "2.2"
3 | apache_default_vhost_filename: 000-default
4 | apache_ports_configuration_items:
5 | - {
6 | regexp: "^Listen ",
7 | line: "Listen {{ apache_listen_port }}"
8 | }
9 | - {
10 | regexp: "^#?NameVirtualHost ",
11 | line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
12 | }
13 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.apache/vars/apache-24.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_vhosts_version: "2.4"
3 | apache_default_vhost_filename: 000-default.conf
4 | apache_ports_configuration_items:
5 | - {
6 | regexp: "^Listen ",
7 | line: "Listen {{ apache_listen_port }}"
8 | }
9 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.ansible-lint:
--------------------------------------------------------------------------------
1 | skip_list:
2 | - '204'
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 | ---
3 | github: geerlingguy
4 | patreon: geerlingguy
5 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.github/stale.yml:
--------------------------------------------------------------------------------
1 | # Configuration for probot-stale - https://github.com/probot/stale
2 |
3 | # Number of days of inactivity before an Issue or Pull Request becomes stale
4 | daysUntilStale: 90
5 |
6 | # Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
7 | # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
8 | daysUntilClose: 30
9 |
10 | # Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
11 | onlyLabels: []
12 |
13 | # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
14 | exemptLabels:
15 | - pinned
16 | - security
17 | - planned
18 |
19 | # Set to true to ignore issues in a project (defaults to false)
20 | exemptProjects: false
21 |
22 | # Set to true to ignore issues in a milestone (defaults to false)
23 | exemptMilestones: false
24 |
25 | # Set to true to ignore issues with an assignee (defaults to false)
26 | exemptAssignees: false
27 |
28 | # Label to use when marking as stale
29 | staleLabel: stale
30 |
31 | # Limit the number of actions per hour, from 1-30. Default is 30
32 | limitPerRun: 30
33 |
34 | pulls:
35 | markComment: |-
36 | This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
37 |
38 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
39 |
40 | unmarkComment: >-
41 | This pull request is no longer marked for closure.
42 |
43 | closeComment: >-
44 | This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
45 |
46 | issues:
47 | markComment: |-
48 | This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
49 |
50 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
51 |
52 | unmarkComment: >-
53 | This issue is no longer marked for closure.
54 |
55 | closeComment: >-
56 | This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
57 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | */__pycache__
3 | *.pyc
4 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: python
3 | services: docker
4 |
5 | env:
6 | global:
7 | - ROLE_NAME: mysql
8 | matrix:
9 | - MOLECULE_DISTRO: centos8
10 | - MOLECULE_DISTRO: centos7
11 | - MOLECULE_DISTRO: centos6
12 | - MOLECULE_DISTRO: ubuntu1804
13 | - MOLECULE_DISTRO: ubuntu1604
14 | - MOLECULE_DISTRO: debian10
15 |
16 | install:
17 | # Install test dependencies.
18 | - pip install molecule yamllint ansible-lint docker
19 |
20 | before_script:
21 | # Use actual Ansible Galaxy role name for the project directory.
22 | - cd ../
23 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
24 | - cd geerlingguy.$ROLE_NAME
25 |
26 | script:
27 | # Run tests.
28 | - molecule test
29 |
30 | notifications:
31 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
32 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 | extends: default
3 | rules:
4 | line-length:
5 | max: 160
6 | level: warning
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2017 Jeff Geerling
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Set this to the user ansible is logging in as - should have root
3 | # or sudo access
4 | mysql_user_home: /root
5 | mysql_user_name: root
6 | mysql_user_password: root
7 |
8 | # The default root user installed by mysql - almost always root
9 | mysql_root_home: /root
10 | mysql_root_username: root
11 | mysql_root_password: root
12 |
13 | # Set this to `true` to forcibly update the root password.
14 | mysql_root_password_update: false
15 | mysql_user_password_update: false
16 |
17 | mysql_enabled_on_startup: true
18 |
19 | # Whether my.cnf should be updated on every run.
20 | overwrite_global_mycnf: true
21 |
22 | # The following variables have a default value depending on operating system.
23 | # mysql_config_file: /etc/my.cnf
24 | # mysql_config_include_dir: /etc/my.cnf.d
25 |
26 | # Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
27 | # for RedHat systems (and derivatives).
28 | mysql_enablerepo: ""
29 |
30 | # Define a custom list of packages to install; if none provided, the default
31 | # package list from vars/[OS-family].yml will be used.
32 | # mysql_packages:
33 | # - mysql
34 | # - mysql-server
35 | # - MySQL-python
36 |
37 | # MySQL connection settings.
38 | mysql_port: "3306"
39 | mysql_bind_address: '0.0.0.0'
40 | mysql_skip_name_resolve: false
41 | mysql_datadir: /var/lib/mysql
42 | mysql_sql_mode: ''
43 | # The following variables have a default value depending on operating system.
44 | # mysql_pid_file: /var/run/mysqld/mysqld.pid
45 | # mysql_socket: /var/lib/mysql/mysql.sock
46 |
47 | # Log file settings.
48 | mysql_log_file_group: mysql
49 |
50 | # Slow query log settings.
51 | mysql_slow_query_log_enabled: false
52 | mysql_slow_query_time: "2"
53 | # The following variable has a default value depending on operating system.
54 | # mysql_slow_query_log_file: /var/log/mysql-slow.log
55 |
56 | # Memory settings (default values optimized ~512MB RAM).
57 | mysql_key_buffer_size: "256M"
58 | mysql_max_allowed_packet: "64M"
59 | mysql_table_open_cache: "256"
60 | mysql_sort_buffer_size: "1M"
61 | mysql_read_buffer_size: "1M"
62 | mysql_read_rnd_buffer_size: "4M"
63 | mysql_myisam_sort_buffer_size: "64M"
64 | mysql_thread_cache_size: "8"
65 | mysql_query_cache_type: "0"
66 | mysql_query_cache_size: "16M"
67 | mysql_query_cache_limit: "1M"
68 | mysql_max_connections: "151"
69 | mysql_tmp_table_size: "16M"
70 | mysql_max_heap_table_size: "16M"
71 | mysql_group_concat_max_len: "1024"
72 | mysql_join_buffer_size: "262144"
73 |
74 | # Other settings.
75 | mysql_lower_case_table_names: "0"
76 | mysql_wait_timeout: "28800"
77 | mysql_event_scheduler_state: "OFF"
78 |
79 | # InnoDB settings.
80 | mysql_innodb_file_per_table: "1"
81 | # Set .._buffer_pool_size up to 80% of RAM but beware of setting too high.
82 | mysql_innodb_buffer_pool_size: "256M"
83 | # Set .._log_file_size to 25% of buffer pool size.
84 | mysql_innodb_log_file_size: "64M"
85 | mysql_innodb_log_buffer_size: "8M"
86 | mysql_innodb_flush_log_at_trx_commit: "1"
87 | mysql_innodb_lock_wait_timeout: "50"
88 |
89 | # These settings require MySQL > 5.5.
90 | mysql_innodb_large_prefix: "1"
91 | mysql_innodb_file_format: "barracuda"
92 |
93 | # mysqldump settings.
94 | mysql_mysqldump_max_allowed_packet: "64M"
95 |
96 | # Logging settings.
97 | mysql_log: ""
98 | # The following variables have a default value depending on operating system.
99 | # mysql_log_error: /var/log/mysql/mysql.err
100 | # mysql_syslog_tag: mysql
101 |
102 | mysql_config_include_files: []
103 | # - src: path/relative/to/playbook/file.cnf
104 | # - { src: path/relative/to/playbook/anotherfile.cnf, force: yes }
105 |
106 | # Databases.
107 | mysql_databases: []
108 | # - name: example
109 | # collation: utf8_general_ci
110 | # encoding: utf8
111 | # replicate: 1
112 |
113 | # Users.
114 | mysql_users: []
115 | # - name: example
116 | # host: 127.0.0.1
117 | # password: secret
118 | # priv: *.*:USAGE
119 |
120 | # Replication settings (replication is only enabled if master/user have values).
121 | mysql_server_id: "1"
122 | mysql_max_binlog_size: "100M"
123 | mysql_binlog_format: "ROW"
124 | mysql_expire_logs_days: "10"
125 | mysql_replication_role: ''
126 | mysql_replication_master: ''
127 | # Same keys as `mysql_users` above.
128 | mysql_replication_user: []
129 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart mysql
3 | service: "name={{ mysql_daemon }} state=restarted sleep=5"
4 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | install_date: Tue Jul 21 15:49:02 2020
2 | version: 3.1.0
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | author: geerlingguy
6 | description: MySQL server for RHEL/CentOS and Debian/Ubuntu.
7 | company: "Midwestern Mac, LLC"
8 | license: "license (BSD, MIT)"
9 | min_ansible_version: 2.4
10 | platforms:
11 | - name: EL
12 | versions:
13 | - 6
14 | - 7
15 | - 8
16 | - name: Ubuntu
17 | versions:
18 | - all
19 | - name: Debian
20 | versions:
21 | - all
22 | - name: Archlinux
23 | versions:
24 | - all
25 | galaxy_tags:
26 | - database
27 | - mysql
28 | - mariadb
29 | - db
30 | - sql
31 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 | hosts: all
4 | become: true
5 |
6 | vars:
7 | mysql_python_package_debian: python3-mysqldb
8 |
9 | roles:
10 | - role: geerlingguy.mysql
11 |
12 | post_tasks:
13 | - name: Make sure we can connect to MySQL via Unix socket.
14 | command: "mysql -u root -proot -e 'show databases;'"
15 | changed_when: false
16 |
17 | - name: Make sure we can connect to MySQL via TCP.
18 | command: "mysql -u root -proot -h 127.0.0.1 -e 'show databases;'"
19 | changed_when: false
20 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependency:
3 | name: galaxy
4 | driver:
5 | name: docker
6 | lint: |
7 | set -e
8 | yamllint .
9 | ansible-lint
10 | platforms:
11 | - name: instance
12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
13 | command: ${MOLECULE_DOCKER_COMMAND:-""}
14 | volumes:
15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro
16 | privileged: true
17 | pre_build_image: true
18 | provisioner:
19 | name: ansible
20 | playbooks:
21 | converge: ${MOLECULE_PLAYBOOK:-converge.yml}
22 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/configure.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Get MySQL version.
3 | command: 'mysql --version'
4 | register: mysql_cli_version
5 | changed_when: false
6 | check_mode: false
7 |
8 | - name: Copy my.cnf global MySQL configuration.
9 | template:
10 | src: my.cnf.j2
11 | dest: "{{ mysql_config_file }}"
12 | owner: root
13 | group: root
14 | mode: 0644
15 | force: "{{ overwrite_global_mycnf }}"
16 | notify: restart mysql
17 |
18 | - name: Verify mysql include directory exists.
19 | file:
20 | path: "{{ mysql_config_include_dir }}"
21 | state: directory
22 | owner: root
23 | group: root
24 | mode: 0755
25 | when: mysql_config_include_files | length
26 |
27 | - name: Copy my.cnf override files into include directory.
28 | template:
29 | src: "{{ item.src }}"
30 | dest: "{{ mysql_config_include_dir }}/{{ item.src | basename }}"
31 | owner: root
32 | group: root
33 | mode: 0644
34 | force: "{{ item.force | default(False) }}"
35 | with_items: "{{ mysql_config_include_files }}"
36 | notify: restart mysql
37 |
38 | - name: Create slow query log file (if configured).
39 | command: "touch {{ mysql_slow_query_log_file }}"
40 | args:
41 | creates: "{{ mysql_slow_query_log_file }}"
42 | warn: false
43 | when: mysql_slow_query_log_enabled
44 |
45 | - name: Create datadir if it does not exist
46 | file:
47 | path: "{{ mysql_datadir }}"
48 | state: directory
49 | owner: mysql
50 | group: mysql
51 | mode: 0755
52 | setype: mysqld_db_t
53 |
54 | - name: Set ownership on slow query log file (if configured).
55 | file:
56 | path: "{{ mysql_slow_query_log_file }}"
57 | state: file
58 | owner: mysql
59 | group: "{{ mysql_log_file_group }}"
60 | mode: 0640
61 | when: mysql_slow_query_log_enabled
62 |
63 | - name: Create error log file (if configured).
64 | command: "touch {{ mysql_log_error }}"
65 | args:
66 | creates: "{{ mysql_log_error }}"
67 | warn: false
68 | when:
69 | - mysql_log | default(true)
70 | - mysql_log_error | default(false)
71 | tags: ['skip_ansible_galaxy']
72 |
73 | - name: Set ownership on error log file (if configured).
74 | file:
75 | path: "{{ mysql_log_error }}"
76 | state: file
77 | owner: mysql
78 | group: "{{ mysql_log_file_group }}"
79 | mode: 0640
80 | when:
81 | - mysql_log | default(true)
82 | - mysql_log_error | default(false)
83 | tags: ['skip_ansible_galaxy']
84 |
85 | - name: Ensure MySQL is started and enabled on boot.
86 | service: "name={{ mysql_daemon }} state=started enabled={{ mysql_enabled_on_startup }}"
87 | register: mysql_service_configuration
88 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/databases.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure MySQL databases are present.
3 | mysql_db:
4 | name: "{{ item.name }}"
5 | collation: "{{ item.collation | default('utf8_general_ci') }}"
6 | encoding: "{{ item.encoding | default('utf8') }}"
7 | state: "{{ item.state | default('present') }}"
8 | with_items: "{{ mysql_databases }}"
9 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Variable configuration.
3 | - include_tasks: variables.yml
4 |
5 | # Setup/install tasks.
6 | - include_tasks: setup-RedHat.yml
7 | when: ansible_os_family == 'RedHat'
8 |
9 | - include_tasks: setup-Debian.yml
10 | when: ansible_os_family == 'Debian'
11 |
12 | - include_tasks: setup-Archlinux.yml
13 | when: ansible_os_family == 'Archlinux'
14 |
15 | - name: Check if MySQL packages were installed.
16 | set_fact:
17 | mysql_install_packages: "{{ (rh_mysql_install_packages is defined and rh_mysql_install_packages.changed)
18 | or (deb_mysql_install_packages is defined and deb_mysql_install_packages.changed)
19 | or (arch_mysql_install_packages is defined and arch_mysql_install_packages.changed) }}"
20 |
21 | # Configure MySQL.
22 | - include_tasks: configure.yml
23 | - include_tasks: secure-installation.yml
24 | - include_tasks: databases.yml
25 | - include_tasks: users.yml
26 | - include_tasks: replication.yml
27 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/replication.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure replication user exists on master.
3 | mysql_user:
4 | name: "{{ mysql_replication_user.name }}"
5 | host: "{{ mysql_replication_user.host | default('%') }}"
6 | password: "{{ mysql_replication_user.password }}"
7 | priv: "{{ mysql_replication_user.priv | default('*.*:REPLICATION SLAVE,REPLICATION CLIENT') }}"
8 | state: present
9 | when:
10 | - mysql_replication_role == 'master'
11 | - mysql_replication_user.name is defined
12 | - mysql_replication_master | default(false)
13 | tags: ['skip_ansible_galaxy']
14 |
15 | - name: Check slave replication status.
16 | mysql_replication:
17 | mode: getslave
18 | login_user: "{{ mysql_replication_user.name }}"
19 | login_password: "{{ mysql_replication_user.password }}"
20 | ignore_errors: true
21 | register: slave
22 | when:
23 | - mysql_replication_role == 'slave'
24 | - mysql_replication_master | default(false)
25 | tags: ['skip_ansible_galaxy']
26 |
27 | - name: Check master replication status.
28 | mysql_replication: mode=getmaster
29 | delegate_to: "{{ mysql_replication_master }}"
30 | register: master
31 | when:
32 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed)
33 | - mysql_replication_role == 'slave'
34 | - mysql_replication_master | default(false)
35 | tags: ['skip_ansible_galaxy']
36 |
37 | - name: Configure replication on the slave.
38 | mysql_replication:
39 | mode: changemaster
40 | master_host: "{{ mysql_replication_master }}"
41 | master_user: "{{ mysql_replication_user.name }}"
42 | master_password: "{{ mysql_replication_user.password }}"
43 | master_log_file: "{{ master.File }}"
44 | master_log_pos: "{{ master.Position }}"
45 | ignore_errors: true
46 | when:
47 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed)
48 | - mysql_replication_role == 'slave'
49 | - mysql_replication_user.name is defined
50 | - mysql_replication_master | default(false)
51 |
52 | - name: Start replication.
53 | mysql_replication: mode=startslave
54 | when:
55 | - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed)
56 | - mysql_replication_role == 'slave'
57 | - mysql_replication_master | default(false)
58 | tags: ['skip_ansible_galaxy']
59 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure default user is present.
3 | mysql_user:
4 | name: "{{ mysql_user_name }}"
5 | host: 'localhost'
6 | password: "{{ mysql_user_password }}"
7 | priv: '*.*:ALL,GRANT'
8 | state: present
9 | when: mysql_user_name != mysql_root_username
10 |
11 | # Has to be after the password assignment, for idempotency.
12 | - name: Copy user-my.cnf file with password credentials.
13 | template:
14 | src: "user-my.cnf.j2"
15 | dest: "{{ mysql_user_home }}/.my.cnf"
16 | owner: "{{ mysql_user_name }}"
17 | mode: 0600
18 | when: >
19 | mysql_user_name != mysql_root_username
20 | and (mysql_install_packages | bool or mysql_user_password_update)
21 |
22 | - name: Disallow root login remotely
23 | command: 'mysql -NBe "{{ item }}"'
24 | with_items:
25 | - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
26 | changed_when: false
27 |
28 | - name: Get list of hosts for the root user.
29 | command: mysql -NBe
30 | "SELECT Host
31 | FROM mysql.user
32 | WHERE User = '{{ mysql_root_username }}'
33 | ORDER BY (Host='localhost') ASC"
34 | register: mysql_root_hosts
35 | changed_when: false
36 | check_mode: false
37 | when: mysql_install_packages | bool or mysql_root_password_update
38 |
39 | # Note: We do not use mysql_user for this operation, as it doesn't always update
40 | # the root password correctly. See: https://goo.gl/MSOejW
41 | # Set root password for MySQL >= 5.7.x.
42 | - name: Update MySQL root password for localhost root account (5.7.x).
43 | shell: >
44 | mysql -u root -NBe
45 | 'ALTER USER "{{ mysql_root_username }}"@"{{ item }}"
46 | IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";'
47 | with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
48 | when: >
49 | ((mysql_install_packages | bool) or mysql_root_password_update)
50 | and ('5.7.' in mysql_cli_version.stdout or '8.0.' in mysql_cli_version.stdout)
51 |
52 | # Set root password for MySQL < 5.7.x.
53 | - name: Update MySQL root password for localhost root account (< 5.7.x).
54 | shell: >
55 | mysql -NBe
56 | 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
57 | with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
58 | when: >
59 | ((mysql_install_packages | bool) or mysql_root_password_update)
60 | and ('5.7.' not in mysql_cli_version.stdout and '8.0.' not in mysql_cli_version.stdout)
61 |
62 | # Has to be after the root password assignment, for idempotency.
63 | - name: Copy .my.cnf file with root password credentials.
64 | template:
65 | src: "root-my.cnf.j2"
66 | dest: "{{ mysql_root_home }}/.my.cnf"
67 | owner: root
68 | group: root
69 | mode: 0600
70 | when: mysql_install_packages | bool or mysql_root_password_update
71 |
72 | - name: Get list of hosts for the anonymous user.
73 | command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
74 | register: mysql_anonymous_hosts
75 | changed_when: false
76 | check_mode: false
77 |
78 | - name: Remove anonymous MySQL users.
79 | mysql_user:
80 | name: ""
81 | host: "{{ item }}"
82 | state: absent
83 | with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}"
84 |
85 | - name: Remove MySQL test database.
86 | mysql_db: "name='test' state=absent"
87 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/setup-Archlinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure MySQL Python libraries are installed.
3 | pacman: "name=mysql-python state=present"
4 |
5 | - name: Ensure MySQL packages are installed.
6 | pacman: "name={{ mysql_packages }} state=present"
7 | register: arch_mysql_install_packages
8 |
9 | - name: Run mysql_install_db if MySQL packages were changed.
10 | command: mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
11 | when: arch_mysql_install_packages.changed
12 | tags: ['skip_ansible_lint']
13 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Check if MySQL is already installed.
3 | stat: path=/etc/init.d/mysql
4 | register: mysql_installed
5 |
6 | - name: Update apt cache if MySQL is not yet installed.
7 | apt: update_cache=yes
8 | when: not mysql_installed.stat.exists
9 |
10 | - name: Determine required MySQL Python libraries.
11 | set_fact:
12 | mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter|default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
13 | when: mysql_python_package_debian is not defined
14 |
15 | - name: Ensure MySQL Python libraries are installed.
16 | apt:
17 | name: "{{ mysql_python_package_debian }}"
18 | state: present
19 |
20 | - name: Ensure MySQL packages are installed.
21 | apt:
22 | name: "{{ mysql_packages }}"
23 | state: present
24 | register: deb_mysql_install_packages
25 |
26 | # Because Ubuntu starts MySQL as part of the install process, we need to stop
27 | # mysql and remove the logfiles in case the user set a custom log file size.
28 | - name: Ensure MySQL is stopped after initial install.
29 | service: "name={{ mysql_daemon }} state=stopped"
30 | when: not mysql_installed.stat.exists
31 |
32 | - name: Delete innodb log files created by apt package after initial install.
33 | file: path={{ mysql_datadir }}/{{ item }} state=absent
34 | with_items:
35 | - ib_logfile0
36 | - ib_logfile1
37 | when: not mysql_installed.stat.exists
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure MySQL packages are installed.
3 | yum:
4 | name: "{{ mysql_packages }}"
5 | state: present
6 | enablerepo: "{{ mysql_enablerepo | default(omit, true) }}"
7 | register: rh_mysql_install_packages
8 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/users.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure MySQL users are present.
3 | mysql_user:
4 | name: "{{ item.name }}"
5 | host: "{{ item.host | default('localhost') }}"
6 | password: "{{ item.password }}"
7 | priv: "{{ item.priv | default('*.*:USAGE') }}"
8 | state: "{{ item.state | default('present') }}"
9 | append_privs: "{{ item.append_privs | default('no') }}"
10 | encrypted: "{{ item.encrypted | default('no') }}"
11 | with_items: "{{ mysql_users }}"
12 | no_log: true
13 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/tasks/variables.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Variable configuration.
3 | - name: Include OS-specific variables.
4 | include_vars: "{{ item }}"
5 | with_first_found:
6 | - files:
7 | - "vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
8 | - "vars/{{ ansible_os_family }}.yml"
9 | skip: true
10 |
11 | - name: Define mysql_packages.
12 | set_fact:
13 | mysql_packages: "{{ __mysql_packages | list }}"
14 | when: mysql_packages is not defined
15 |
16 | - name: Define mysql_daemon.
17 | set_fact:
18 | mysql_daemon: "{{ __mysql_daemon }}"
19 | when: mysql_daemon is not defined
20 |
21 | - name: Define mysql_slow_query_log_file.
22 | set_fact:
23 | mysql_slow_query_log_file: "{{ __mysql_slow_query_log_file }}"
24 | when: mysql_slow_query_log_file is not defined
25 |
26 | - name: Define mysql_log_error.
27 | set_fact:
28 | mysql_log_error: "{{ __mysql_log_error }}"
29 | when: mysql_log_error is not defined
30 |
31 | - name: Define mysql_syslog_tag.
32 | set_fact:
33 | mysql_syslog_tag: "{{ __mysql_syslog_tag }}"
34 | when: mysql_syslog_tag is not defined
35 |
36 | - name: Define mysql_pid_file.
37 | set_fact:
38 | mysql_pid_file: "{{ __mysql_pid_file }}"
39 | when: mysql_pid_file is not defined
40 |
41 | - name: Define mysql_config_file.
42 | set_fact:
43 | mysql_config_file: "{{ __mysql_config_file }}"
44 | when: mysql_config_file is not defined
45 |
46 | - name: Define mysql_config_include_dir.
47 | set_fact:
48 | mysql_config_include_dir: "{{ __mysql_config_include_dir }}"
49 | when: mysql_config_include_dir is not defined
50 |
51 | - name: Define mysql_socket.
52 | set_fact:
53 | mysql_socket: "{{ __mysql_socket }}"
54 | when: mysql_socket is not defined
55 |
56 | - name: Define mysql_supports_innodb_large_prefix.
57 | set_fact:
58 | mysql_supports_innodb_large_prefix: "{{ __mysql_supports_innodb_large_prefix }}"
59 | when: mysql_supports_innodb_large_prefix is not defined
60 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2:
--------------------------------------------------------------------------------
1 | {{ ansible_managed | comment }}
2 |
3 | [client]
4 | #password = your_password
5 | port = {{ mysql_port }}
6 | socket = {{ mysql_socket }}
7 |
8 | [mysqld]
9 | port = {{ mysql_port }}
10 | bind-address = {{ mysql_bind_address }}
11 | datadir = {{ mysql_datadir }}
12 | socket = {{ mysql_socket }}
13 | pid-file = {{ mysql_pid_file }}
14 | {% if mysql_skip_name_resolve %}
15 | skip-name-resolve
16 | {% endif %}
17 | {% if mysql_sql_mode %}
18 | sql_mode = {{ mysql_sql_mode }}
19 | {% endif %}
20 |
21 | # Logging configuration.
22 | {% if mysql_log_error == 'syslog' or mysql_log == 'syslog' %}
23 | syslog
24 | syslog-tag = {{ mysql_syslog_tag }}
25 | {% else %}
26 | {% if mysql_log %}
27 | log = {{ mysql_log }}
28 | {% endif %}
29 | log-error = {{ mysql_log_error }}
30 | {% endif %}
31 |
32 | {% if mysql_slow_query_log_enabled %}
33 | # Slow query log configuration.
34 | slow_query_log = 1
35 | slow_query_log_file = {{ mysql_slow_query_log_file }}
36 | long_query_time = {{ mysql_slow_query_time }}
37 | {% endif %}
38 |
39 | {% if mysql_replication_master %}
40 | # Replication
41 | server-id = {{ mysql_server_id }}
42 |
43 | {% if mysql_replication_role == 'master' %}
44 | log_bin = mysql-bin
45 | log-bin-index = mysql-bin.index
46 | expire_logs_days = {{ mysql_expire_logs_days }}
47 | max_binlog_size = {{ mysql_max_binlog_size }}
48 | binlog_format = {{mysql_binlog_format}}
49 |
50 | {% for db in mysql_databases %}
51 | {% if db.replicate|default(1) %}
52 | binlog_do_db = {{ db.name }}
53 | {% else %}
54 | binlog_ignore_db = {{ db.name }}
55 | {% endif %}
56 | {% endfor %}
57 | {% endif %}
58 |
59 | {% if mysql_replication_role == 'slave' %}
60 | read_only
61 | relay-log = relay-bin
62 | relay-log-index = relay-bin.index
63 | {% endif %}
64 | {% endif %}
65 |
66 | # Disabling symbolic-links is recommended to prevent assorted security risks
67 | symbolic-links = 0
68 |
69 | # User is ignored when systemd is used (fedora >= 15).
70 | user = mysql
71 |
72 | # http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
73 | ;performance_schema
74 |
75 | # Memory settings.
76 | key_buffer_size = {{ mysql_key_buffer_size }}
77 | max_allowed_packet = {{ mysql_max_allowed_packet }}
78 | table_open_cache = {{ mysql_table_open_cache }}
79 | sort_buffer_size = {{ mysql_sort_buffer_size }}
80 | read_buffer_size = {{ mysql_read_buffer_size }}
81 | read_rnd_buffer_size = {{ mysql_read_rnd_buffer_size }}
82 | myisam_sort_buffer_size = {{ mysql_myisam_sort_buffer_size }}
83 | thread_cache_size = {{ mysql_thread_cache_size }}
84 | {% if '8.0.' not in mysql_cli_version.stdout %}
85 | query_cache_type = {{ mysql_query_cache_type }}
86 | query_cache_size = {{ mysql_query_cache_size }}
87 | query_cache_limit = {{ mysql_query_cache_limit }}
88 | {% endif %}
89 | max_connections = {{ mysql_max_connections }}
90 | tmp_table_size = {{ mysql_tmp_table_size }}
91 | max_heap_table_size = {{ mysql_max_heap_table_size }}
92 | group_concat_max_len = {{ mysql_group_concat_max_len }}
93 | join_buffer_size = {{ mysql_join_buffer_size }}
94 |
95 | # Other settings.
96 | wait_timeout = {{ mysql_wait_timeout }}
97 | lower_case_table_names = {{ mysql_lower_case_table_names }}
98 | event_scheduler = {{ mysql_event_scheduler_state }}
99 |
100 | # InnoDB settings.
101 | {% if mysql_supports_innodb_large_prefix and '8.0.' not in mysql_cli_version.stdout %}
102 | innodb_large_prefix = {{ mysql_innodb_large_prefix }}
103 | innodb_file_format = {{ mysql_innodb_file_format }}
104 | {% endif %}
105 | innodb_file_per_table = {{ mysql_innodb_file_per_table }}
106 | innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
107 | innodb_log_file_size = {{ mysql_innodb_log_file_size }}
108 | innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }}
109 | innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }}
110 | innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }}
111 |
112 | [mysqldump]
113 | quick
114 | max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }}
115 |
116 | [mysqld_safe]
117 | pid-file = {{ mysql_pid_file }}
118 |
119 | {% if mysql_config_include_files | length %}
120 | # * IMPORTANT: Additional settings that can override those from this file!
121 | # The files must end with '.cnf', otherwise they'll be ignored.
122 | #
123 | !includedir {{ mysql_config_include_dir }}
124 | {% endif %}
125 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2:
--------------------------------------------------------------------------------
1 | {{ ansible_managed | comment }}
2 |
3 | [client]
4 | user="{{ mysql_root_username }}"
5 | password="{{ mysql_root_password }}"
6 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2:
--------------------------------------------------------------------------------
1 | {{ ansible_managed | comment }}
2 |
3 | [client]
4 | user="{{ mysql_user_name }}"
5 | password="{{ mysql_user_password }}"
6 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/Archlinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mariadb
3 | __mysql_packages:
4 | - mariadb
5 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log
6 | __mysql_log_error: /var/log/mysql.err
7 | __mysql_syslog_tag: mysql
8 | __mysql_pid_file: /run/mysqld/mysqld.pid
9 | __mysql_config_file: /etc/mysql/my.cnf
10 | __mysql_config_include_dir: /etc/mysql/conf.d
11 | __mysql_socket: /run/mysqld/mysqld.sock
12 | __mysql_supports_innodb_large_prefix: true
13 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mariadb
3 | __mysql_packages:
4 | - default-mysql-server
5 | mysql_log_file_group: adm
6 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log
7 | __mysql_log_error: /var/log/mysql/mysql.log
8 | __mysql_syslog_tag: mariadb
9 | __mysql_pid_file: /run/mysqld/mysqld.pid
10 | __mysql_config_file: /etc/mysql/my.cnf
11 | __mysql_config_include_dir: /etc/mysql/conf.d
12 | __mysql_socket: /run/mysqld/mysqld.sock
13 | __mysql_supports_innodb_large_prefix: true
14 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mysql
3 | __mysql_packages:
4 | - mysql-common
5 | - mysql-server
6 | mysql_log_file_group: adm
7 | __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log
8 | __mysql_log_error: /var/log/mysql/mysql.err
9 | __mysql_syslog_tag: mysql
10 | __mysql_pid_file: /var/run/mysqld/mysqld.pid
11 | __mysql_config_file: /etc/mysql/my.cnf
12 | __mysql_config_include_dir: /etc/mysql/conf.d
13 | __mysql_socket: /var/run/mysqld/mysqld.sock
14 | __mysql_supports_innodb_large_prefix: true
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/RedHat-6.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mysqld
3 | __mysql_packages:
4 | - mysql
5 | - mysql-server
6 | - MySQL-python
7 | __mysql_slow_query_log_file: /var/log/mysql-slow.log
8 | __mysql_log_error: /var/log/mysql.err
9 | __mysql_syslog_tag: mysql
10 | __mysql_pid_file: /var/run/mysqld/mysqld.pid
11 | __mysql_config_file: /etc/my.cnf
12 | __mysql_config_include_dir: /etc/my.cnf.d
13 | __mysql_socket: /var/lib/mysql/mysql.sock
14 | __mysql_supports_innodb_large_prefix: false
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/RedHat-7.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mariadb
3 | __mysql_packages:
4 | - mariadb
5 | - mariadb-server
6 | - mariadb-libs
7 | - MySQL-python
8 | - perl-DBD-MySQL
9 | __mysql_slow_query_log_file: /var/log/mysql-slow.log
10 | __mysql_log_error: /var/log/mariadb/mariadb.log
11 | __mysql_syslog_tag: mariadb
12 | __mysql_pid_file: /var/run/mariadb/mariadb.pid
13 | __mysql_config_file: /etc/my.cnf
14 | __mysql_config_include_dir: /etc/my.cnf.d
15 | __mysql_socket: /var/lib/mysql/mysql.sock
16 | __mysql_supports_innodb_large_prefix: true
17 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.mysql/vars/RedHat-8.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __mysql_daemon: mariadb
3 | __mysql_packages:
4 | - mariadb
5 | - mariadb-server
6 | - mariadb-connector-c
7 | - python3-PyMySQL
8 | - perl-DBD-MySQL
9 | __mysql_slow_query_log_file: /var/log/mysql-slow.log
10 | __mysql_log_error: /var/log/mariadb/mariadb.log
11 | __mysql_syslog_tag: mariadb
12 | __mysql_pid_file: /var/run/mariadb/mariadb.pid
13 | __mysql_config_file: /etc/my.cnf
14 | __mysql_config_include_dir: /etc/my.cnf.d
15 | __mysql_socket: /var/lib/mysql/mysql.sock
16 | # The entries controlled by this value should not be used with MariaDB >= 10.2.2
17 | # See https://github.com/frappe/bench/issues/681#issuecomment-398984706
18 | __mysql_supports_innodb_large_prefix: false
19 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.ansible-lint:
--------------------------------------------------------------------------------
1 | skip_list:
2 | - '306'
3 | - '405'
4 | - '503'
5 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 | ---
3 | github: geerlingguy
4 | patreon: geerlingguy
5 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.github/stale.yml:
--------------------------------------------------------------------------------
1 | # Configuration for probot-stale - https://github.com/probot/stale
2 |
3 | # Number of days of inactivity before an Issue or Pull Request becomes stale
4 | daysUntilStale: 90
5 |
6 | # Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
7 | # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
8 | daysUntilClose: 30
9 |
10 | # Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
11 | onlyLabels: []
12 |
13 | # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
14 | exemptLabels:
15 | - pinned
16 | - security
17 | - planned
18 |
19 | # Set to true to ignore issues in a project (defaults to false)
20 | exemptProjects: false
21 |
22 | # Set to true to ignore issues in a milestone (defaults to false)
23 | exemptMilestones: false
24 |
25 | # Set to true to ignore issues with an assignee (defaults to false)
26 | exemptAssignees: false
27 |
28 | # Label to use when marking as stale
29 | staleLabel: stale
30 |
31 | # Limit the number of actions per hour, from 1-30. Default is 30
32 | limitPerRun: 30
33 |
34 | pulls:
35 | markComment: |-
36 | This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
37 |
38 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
39 |
40 | unmarkComment: >-
41 | This pull request is no longer marked for closure.
42 |
43 | closeComment: >-
44 | This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
45 |
46 | issues:
47 | markComment: |-
48 | This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
49 |
50 | Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
51 |
52 | unmarkComment: >-
53 | This issue is no longer marked for closure.
54 |
55 | closeComment: >-
56 | This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
57 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | */__pycache__
3 | *.pyc
4 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: python
3 | services: docker
4 |
5 | env:
6 | global:
7 | - ROLE_NAME: php
8 | matrix:
9 | - MOLECULE_DISTRO: centos8
10 | - MOLECULE_DISTRO: centos7
11 | - MOLECULE_DISTRO: ubuntu1804
12 | - MOLECULE_DISTRO: ubuntu1604
13 | - MOLECULE_DISTRO: debian9
14 |
15 | - MOLECULE_DISTRO: centos7
16 | MOLECULE_PLAYBOOK: playbook-source.yml
17 |
18 | install:
19 | # Install test dependencies.
20 | - pip install molecule yamllint ansible-lint docker
21 |
22 | before_script:
23 | # Use actual Ansible Galaxy role name for the project directory.
24 | - cd ../
25 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
26 | - cd geerlingguy.$ROLE_NAME
27 |
28 | script:
29 | # Run tests.
30 | - molecule test
31 |
32 | notifications:
33 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
34 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 | extends: default
3 | rules:
4 | line-length:
5 | max: 120
6 | level: warning
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2017 Jeff Geerling
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
3 | # for RHEL/CentOS.
4 | php_enablerepo: ""
5 |
6 | # Extra packages to install (in addition to distro-specific default lists).
7 | php_packages_extra: []
8 |
9 | # Default PHP version to install on Debian-based OSes.
10 | php_default_version_debian: "7.0"
11 |
12 | # PHP package state; use 'present' to make sure it's installed, or 'latest' if
13 | # you want to upgrade or switch versions using a new repo.
14 | php_packages_state: present
15 |
16 | # Whether to install recommended packages. Used only for Debian/Ubuntu.
17 | php_install_recommends: true
18 |
19 | # Set this to false if you're not using PHP with Apache/Nginx/etc.
20 | php_enable_webserver: true
21 |
22 | # PHP-FPM configuration.
23 | php_enable_php_fpm: false
24 | php_fpm_state: started
25 | php_fpm_handler_state: restarted
26 | php_fpm_enabled_on_boot: true
27 | php_fpm_listen: "127.0.0.1:9000"
28 | php_fpm_listen_allowed_clients: "127.0.0.1"
29 | php_fpm_pm_max_children: 50
30 | php_fpm_pm_start_servers: 5
31 | php_fpm_pm_min_spare_servers: 5
32 | php_fpm_pm_max_spare_servers: 5
33 |
34 | # The executable to run when calling PHP from the command line.
35 | php_executable: "php"
36 |
37 | # OpCache settings.
38 | php_opcache_zend_extension: "opcache.so"
39 | php_opcache_enable: "1"
40 | php_opcache_enable_cli: "0"
41 | php_opcache_memory_consumption: "96"
42 | php_opcache_interned_strings_buffer: "16"
43 | php_opcache_max_accelerated_files: "4096"
44 | php_opcache_max_wasted_percentage: "5"
45 | php_opcache_validate_timestamps: "1"
46 | php_opcache_revalidate_path: "0"
47 | php_opcache_revalidate_freq: "2"
48 | php_opcache_max_file_size: "0"
49 | php_opcache_blacklist_filename: ""
50 |
51 | # APCu settings.
52 | php_enable_apc: true
53 | php_apc_shm_size: "96M"
54 | php_apc_enable_cli: "0"
55 |
56 | # If this is set to false, none of the following options will have any effect.
57 | # Any and all changes to /etc/php.ini will be your responsibility.
58 | php_use_managed_ini: true
59 |
60 | php_expose_php: "On"
61 | php_memory_limit: "256M"
62 | php_max_execution_time: "60"
63 | php_max_input_time: "60"
64 | php_max_input_vars: "1000"
65 | php_realpath_cache_size: "32K"
66 |
67 | php_file_uploads: "On"
68 | php_upload_max_filesize: "64M"
69 | php_max_file_uploads: "20"
70 |
71 | php_post_max_size: "32M"
72 | php_date_timezone: "America/Chicago"
73 | php_allow_url_fopen: "On"
74 |
75 | php_sendmail_path: "/usr/sbin/sendmail -t -i"
76 | php_output_buffering: "4096"
77 | php_short_open_tag: "Off"
78 | php_disable_functions: []
79 | php_precision: 14
80 | php_serialize_precision: "-1"
81 |
82 | php_session_cookie_lifetime: 0
83 | php_session_gc_probability: 1
84 | php_session_gc_divisor: 1000
85 | php_session_gc_maxlifetime: 1440
86 | php_session_save_handler: files
87 | php_session_save_path: ''
88 |
89 | php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT"
90 | php_display_errors: "Off"
91 | php_display_startup_errors: "Off"
92 |
93 | # Install PHP from source (instead of using a package manager) with these vars.
94 | php_install_from_source: false
95 | php_source_repo: "https://git.php.net/repository/php-src.git"
96 | php_source_version: "master"
97 | php_source_clone_dir: "~/php-src"
98 | php_source_clone_depth: 1
99 | php_source_install_path: "/opt/php"
100 | php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h"
101 | # For faster compile time: "make --jobs=X" where X is # of cores present.
102 | php_source_make_command: "make"
103 | php_source_configure_command: >
104 | ./configure
105 | --prefix={{ php_source_install_path }}
106 | --with-config-file-path={{ php_conf_paths | first }}
107 | --enable-mbstring
108 | --enable-zip
109 | --enable-bcmath
110 | --enable-pcntl
111 | --enable-ftp
112 | --enable-exif
113 | --enable-calendar
114 | --enable-opcache
115 | --enable-pdo
116 | --enable-sysvmsg
117 | --enable-sysvsem
118 | --enable-sysvshm
119 | --enable-wddx
120 | --with-curl
121 | --with-mcrypt
122 | --with-iconv
123 | --with-gmp
124 | --with-pspell
125 | --with-gd
126 | --with-jpeg-dir=/usr
127 | --with-png-dir=/usr
128 | --with-zlib-dir=/usr
129 | --with-xpm-dir=/usr
130 | --with-freetype-dir=/usr
131 | --enable-gd-native-ttf
132 | --enable-gd-jis-conv
133 | --with-openssl
134 | --with-pdo-mysql=/usr
135 | --with-gettext=/usr
136 | --with-zlib=/usr
137 | --with-bz2=/usr
138 | --with-recode=/usr
139 | --with-mysqli=/usr/bin/mysql_config
140 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart webserver
3 | service:
4 | name: "{{ php_webserver_daemon }}"
5 | state: restarted
6 | notify: restart php-fpm
7 | when: php_enable_webserver
8 |
9 | - name: restart php-fpm
10 | service:
11 | name: "{{ php_fpm_daemon }}"
12 | state: "{{ php_fpm_handler_state }}"
13 | when:
14 | - php_enable_php_fpm
15 | - php_fpm_state == 'started'
16 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | install_date: Tue Jul 14 22:46:14 2020
2 | version: 4.3.1
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | role_name: php
6 | author: geerlingguy
7 | description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu.
8 | company: "Midwestern Mac, LLC"
9 | license: "license (BSD, MIT)"
10 | min_ansible_version: 2.8
11 | platforms:
12 | - name: EL
13 | versions:
14 | - 6
15 | - 7
16 | - 8
17 | - name: Fedora
18 | versions:
19 | - all
20 | - name: Debian
21 | versions:
22 | - all
23 | - name: Ubuntu
24 | versions:
25 | - trusty
26 | - xenial
27 | - bionic
28 | galaxy_tags:
29 | - development
30 | - web
31 | - php
32 | - language
33 | - fpm
34 | - drupal
35 | - wordpress
36 | - joomla
37 | - magento
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 | hosts: all
4 | become: true
5 |
6 | vars:
7 | php_enable_webserver: false
8 | php_enable_php_fpm: true
9 | php_memory_limit: "192M"
10 | php_enablerepo: "remi,remi-php70"
11 | php_install_recommends: false
12 |
13 | handlers:
14 | - name: update apt cache
15 | apt: update_cache=true
16 | when: ansible_os_family == 'Debian'
17 |
18 | pre_tasks:
19 | - name: Update apt cache.
20 | apt: update_cache=true cache_valid_time=600
21 | when: ansible_os_family == 'Debian'
22 | changed_when: false
23 |
24 | # Ubuntu-specific tasks.
25 | - name: Ensure dirmngr is installed (gnupg dependency).
26 | apt:
27 | name: dirmngr
28 | state: present
29 | when: ansible_distribution == 'Ubuntu'
30 |
31 | - name: Add repository for PHP 7.
32 | apt_repository: repo='ppa:ondrej/php'
33 | when: ansible_distribution == 'Ubuntu'
34 |
35 | # Debian-specific tasks.
36 | - name: Add dependencies for PHP versions (Debian).
37 | apt:
38 | name:
39 | - apt-transport-https
40 | - ca-certificates
41 | state: present
42 | when: ansible_distribution == "Debian"
43 |
44 | - name: Add Ondrej Sury's apt key (Debian).
45 | apt_key:
46 | url: https://packages.sury.org/php/apt.gpg
47 | state: present
48 | when: ansible_distribution == "Debian"
49 |
50 | - name: Add Ondrej Sury's repo (Debian).
51 | apt_repository:
52 | repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
53 | state: present
54 | when: ansible_distribution == "Debian"
55 | notify: update apt cache
56 |
57 | - meta: flush_handlers
58 |
59 | roles:
60 | - role: geerlingguy.repo-remi
61 | when:
62 | - ansible_os_family == 'RedHat'
63 | - ansible_distribution != 'Fedora'
64 | - role: geerlingguy.php
65 |
66 | post_tasks:
67 | - name: Confirm PHP configuration is correct.
68 | shell: php -i | grep 'memory_limit.*192'
69 | changed_when: false
70 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependency:
3 | name: galaxy
4 | driver:
5 | name: docker
6 | lint: |
7 | set -e
8 | yamllint .
9 | ansible-lint
10 | platforms:
11 | - name: instance
12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
13 | command: ${MOLECULE_DOCKER_COMMAND:-""}
14 | volumes:
15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro
16 | privileged: true
17 | pre_build_image: true
18 | provisioner:
19 | name: ansible
20 | playbooks:
21 | converge: ${MOLECULE_PLAYBOOK:-converge.yml}
22 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/molecule/default/playbook-source.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 | hosts: all
4 | become: true
5 |
6 | vars:
7 | php_enable_webserver: false
8 | php_install_from_source: true
9 | php_source_clone_dir: /root/php-src
10 | php_source_make_command: "make --jobs=2"
11 | php_version: "7.1.17"
12 | php_source_version: "php-{{ php_version }}"
13 | php_memory_limit: "192M"
14 |
15 | pre_tasks:
16 | - name: Update apt cache.
17 | apt: update_cache=true cache_valid_time=600
18 | when: ansible_os_family == 'Debian'
19 | changed_when: false
20 |
21 | roles:
22 | - role: geerlingguy.git
23 | - role: geerlingguy.php
24 |
25 | post_tasks:
26 | - name: Confirm PHP configuration is correct.
27 | shell: php -i | grep 'memory_limit.*192'
28 | changed_when: false
29 |
30 | - name: Check the installed PHP version.
31 | shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"'
32 | changed_when: false
33 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/molecule/default/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: geerlingguy.repo-remi
3 | - src: geerlingguy.git
4 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/configure-apcu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Check for existing APCu config files.
3 | find:
4 | paths: "{{ item }}"
5 | contains: 'extension(\s+)?=(\s+)?apc[u]?\.so'
6 | register: php_installed_apc_confs
7 | with_items: "{{ php_extension_conf_paths }}"
8 |
9 | - name: Remove any non-role-supplied APCu config files.
10 | file:
11 | path: "{{ item.1.path }}"
12 | state: absent
13 | when: php_apc_conf_filename != (item.1.path.split('/') | last)
14 | with_subelements:
15 | - "{{ php_installed_apc_confs.results }}"
16 | - files
17 | notify: restart webserver
18 |
19 | - name: Ensure APCu config file is present.
20 | template:
21 | src: apc.ini.j2
22 | dest: "{{ item }}/{{ php_apc_conf_filename }}"
23 | owner: root
24 | group: root
25 | force: true
26 | mode: 0644
27 | with_items: "{{ php_extension_conf_paths }}"
28 | when: php_enable_apc
29 | notify: restart webserver
30 |
31 | - name: Remove APCu config file if APC is disabled.
32 | file:
33 | path: "{{ item }}/{{ php_apc_conf_filename }}"
34 | state: absent
35 | with_items: "{{ php_extension_conf_paths }}"
36 | when: not php_enable_apc
37 | notify: restart webserver
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Define php_fpm_daemon.
3 | set_fact:
4 | php_fpm_daemon: "{{ __php_fpm_daemon }}"
5 | when: php_fpm_daemon is not defined
6 |
7 | - name: Define php_fpm_pool_conf_path.
8 | set_fact:
9 | php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}"
10 | when: php_fpm_pool_conf_path is not defined
11 |
12 | - name: Define php_fpm_pool_user.
13 | set_fact:
14 | php_fpm_pool_user: "{{ __php_fpm_pool_user }}"
15 | when: php_fpm_pool_user is not defined
16 |
17 | - name: Define php_fpm_pool_group.
18 | set_fact:
19 | php_fpm_pool_group: "{{ __php_fpm_pool_group }}"
20 | when: php_fpm_pool_group is not defined
21 |
22 | - name: Stat php_fpm_pool_conf_path
23 | stat:
24 | path: "{{ php_fpm_pool_conf_path | dirname }}"
25 | register: php_fpm_pool_conf_path_dir_stat
26 |
27 | - name: Ensure the default pool directory exists.
28 | file:
29 | path: "{{ php_fpm_pool_conf_path | dirname }}"
30 | state: directory
31 | owner: root
32 | group: root
33 | mode: 0755
34 | when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined
35 |
36 | - name: Ensure the default pool exists.
37 | template:
38 | src: www.conf.j2
39 | dest: "{{ php_fpm_pool_conf_path }}"
40 | owner: root
41 | group: root
42 | mode: 0644
43 | force: false
44 | when: php_enable_php_fpm
45 |
46 | - name: Configure php-fpm pool (if enabled).
47 | lineinfile:
48 | dest: "{{ php_fpm_pool_conf_path }}"
49 | regexp: "{{ item.regexp }}"
50 | line: "{{ item.line }}"
51 | state: present
52 | with_items:
53 | - regexp: "^user.?=.+$"
54 | line: "user = {{ php_fpm_pool_user }}"
55 | - regexp: "^group.?=.+$"
56 | line: "group = {{ php_fpm_pool_group }}"
57 | - regexp: "^listen.?=.+$"
58 | line: "listen = {{ php_fpm_listen }}"
59 | - regexp: '^listen\.allowed_clients.?=.+$'
60 | line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}"
61 | - regexp: '^pm\.max_children.?=.+$'
62 | line: "pm.max_children = {{ php_fpm_pm_max_children }}"
63 | - regexp: '^pm\.start_servers.?=.+$'
64 | line: "pm.start_servers = {{ php_fpm_pm_start_servers }}"
65 | - regexp: '^pm\.min_spare_servers.?=.+$'
66 | line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}"
67 | - regexp: '^pm\.max_spare_servers.?=.+$'
68 | line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}"
69 | when: php_enable_php_fpm
70 | notify: restart php-fpm
71 |
72 | - name: Ensure php-fpm is started and enabled at boot (if configured).
73 | service:
74 | name: "{{ php_fpm_daemon }}"
75 | state: "{{ php_fpm_state }}"
76 | enabled: "{{ php_fpm_enabled_on_boot }}"
77 | when: php_enable_php_fpm and ansible_distribution != "Debian"
78 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Check for existing OpCache config files.
3 | find:
4 | paths: "{{ item }}"
5 | contains: 'zend_extension(\s+)?=(\s+)?opcache\.so'
6 | register: php_installed_opcache_confs
7 | with_items: "{{ php_extension_conf_paths }}"
8 |
9 | - name: Remove any non-role-supplied OpCache config files.
10 | file:
11 | path: "{{ item.1.path }}"
12 | state: absent
13 | when: php_opcache_conf_filename != (item.1.path.split('/') | last)
14 | with_subelements:
15 | - "{{ php_installed_opcache_confs.results }}"
16 | - files
17 | notify: restart webserver
18 |
19 | - name: Ensure OpCache config file is present.
20 | template:
21 | src: opcache.ini.j2
22 | dest: "{{ item }}/{{ php_opcache_conf_filename }}"
23 | owner: root
24 | group: root
25 | force: true
26 | mode: 0644
27 | with_items: "{{ php_extension_conf_paths }}"
28 | when: php_opcache_enable | bool
29 | notify: restart webserver
30 |
31 | - name: Remove OpCache config file if OpCache is disabled.
32 | file:
33 | path: "{{ item }}/{{ php_opcache_conf_filename }}"
34 | state: absent
35 | with_items: "{{ php_extension_conf_paths }}"
36 | when: not php_opcache_enable | bool
37 | notify: restart webserver
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/configure.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure configuration directories exist.
3 | file:
4 | path: "{{ item }}"
5 | state: directory
6 | follow: true
7 | with_flattened:
8 | - "{{ php_conf_paths }}"
9 | - "{{ php_extension_conf_paths }}"
10 |
11 | - name: Place PHP configuration file in place.
12 | template:
13 | src: php.ini.j2
14 | dest: "{{ item }}/php.ini"
15 | owner: root
16 | group: root
17 | mode: 0644
18 | with_items: "{{ php_conf_paths }}"
19 | notify: restart webserver
20 | when: php_use_managed_ini
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/install-from-source.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure dependencies for building from source are installed (RedHat).
3 | package:
4 | name:
5 | - autoconf
6 | - automake
7 | - libtool
8 | - bison
9 | - make
10 | - curl-devel
11 | - recode-devel
12 | - aspell-devel
13 | - libxml2-devel
14 | - pkgconfig
15 | - libmcrypt-devel
16 | - t1lib-devel
17 | - libXpm-devel
18 | - libpng-devel
19 | - libjpeg-turbo-devel
20 | - bzip2-devel
21 | - openssl-devel
22 | - freetype-devel
23 | - libicu-devel
24 | - mariadb-devel
25 | - gmp-devel
26 | state: present
27 | when: ansible_os_family == 'RedHat'
28 |
29 | - name: Update apt cache (Debian).
30 | apt: update_cache=yes cache_valid_time=86400
31 | when: ansible_os_family == 'Debian'
32 |
33 | - name: Ensure dependencies for building from source are installed (Debian).
34 | apt:
35 | name:
36 | - build-essential
37 | - autoconf
38 | - automake
39 | - libtool
40 | - bison
41 | - pkg-config
42 | - re2c
43 | - libxml2-dev
44 | - libcurl4-openssl-dev
45 | - libbz2-dev
46 | - libjpeg-dev
47 | - libpng-dev
48 | - libxpm-dev
49 | - libfreetype6-dev
50 | - libgmp3-dev
51 | - libmcrypt-dev
52 | - libmysqlclient-dev
53 | - libpspell-dev
54 | - librecode-dev
55 | - libssl-dev
56 | state: present
57 | when: ansible_os_family == 'Debian'
58 |
59 | - name: Define php_fpm_daemon (if not defined already).
60 | set_fact:
61 | php_fpm_daemon: "php-fpm"
62 | when: php_fpm_daemon is not defined
63 |
64 | - name: Check if gmp.h is already in a location accessible to gcc.
65 | stat: path=/usr/include/gmp.h
66 | register: gmp_file
67 |
68 | - name: Ensure gmp.h is symlinked into a location accessible to gcc.
69 | file:
70 | src: "{{ php_source_install_gmp_path }}"
71 | dest: /usr/include/gmp.h
72 | state: link
73 | when: not gmp_file.stat.exists
74 |
75 | - name: Check if PHP is installed.
76 | command: which php
77 | changed_when: false
78 | failed_when: false
79 | register: php_installed
80 |
81 | - name: Clone the PHP repository.
82 | git:
83 | repo: "{{ php_source_repo }}"
84 | dest: "{{ php_source_clone_dir }}"
85 | version: "{{ php_source_version }}"
86 | accept_hostkey: true
87 | depth: "{{ php_source_clone_depth }}"
88 | when: php_installed.rc != 0
89 |
90 | - name: Ensure PHP installation path exists.
91 | file:
92 | path: "{{ php_source_install_path }}"
93 | state: directory
94 | mode: 0755
95 | when: php_installed.rc != 0
96 |
97 | - name: Build configure script.
98 | command: >
99 | ./buildconf --force
100 | chdir={{ php_source_clone_dir }}
101 | when: php_installed.rc != 0
102 |
103 | - name: Run configure script.
104 | command: >
105 | {{ php_source_configure_command }}
106 | chdir={{ php_source_clone_dir }}
107 | when: php_installed.rc != 0
108 |
109 | - name: Make and install PHP.
110 | command: >
111 | {{ item }}
112 | chdir={{ php_source_clone_dir }}
113 | with_items:
114 | - "{{ php_source_make_command }}"
115 | - make install
116 | when: php_installed.rc != 0
117 |
118 | - name: Ensure php executable is symlinked into a standard path.
119 | file:
120 | src: "{{ php_source_install_path }}/bin/php"
121 | dest: /usr/bin/php
122 | state: link
123 |
124 | # PHP FPM configuration.
125 | - name: Ensure php-fpm executable is symlinked into a standard path.
126 | file:
127 | src: "{{ php_source_install_path }}/sbin/php-fpm"
128 | dest: "/usr/sbin/{{ php_fpm_daemon }}"
129 | state: link
130 | when: "'--enable-fpm' in php_source_configure_command"
131 |
132 | - name: Ensure php-fpm init script is installed.
133 | template:
134 | src: fpm-init.j2
135 | dest: "/etc/init.d/{{ php_fpm_daemon }}"
136 | mode: 0755
137 | when: "'--enable-fpm' in php_source_configure_command"
138 | notify: restart php-fpm
139 |
140 | - name: Ensure php-fpm config directory exists.
141 | file:
142 | path: "{{ php_fpm_conf_path }}"
143 | state: directory
144 | when: "'--enable-fpm' in php_source_configure_command"
145 |
146 | - name: Ensure php-fpm config file is installed.
147 | template:
148 | src: php-fpm.conf.j2
149 | dest: "{{ php_fpm_conf_path }}/php-fpm.conf"
150 | mode: 0644
151 | when: "'--enable-fpm' in php_source_configure_command"
152 | notify: restart php-fpm
153 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Variable setup.
3 | - name: Include OS-specific variables.
4 | include_vars: "{{ ansible_os_family }}.yml"
5 |
6 | - name: Define php_packages.
7 | set_fact:
8 | php_packages: "{{ __php_packages | list }}"
9 | when: php_packages is not defined
10 |
11 | - name: Define php_webserver_daemon.
12 | set_fact:
13 | php_webserver_daemon: "{{ __php_webserver_daemon }}"
14 | when: php_webserver_daemon is not defined
15 |
16 | - name: Define php_conf_paths.
17 | set_fact:
18 | php_conf_paths: "{{ __php_conf_paths }}"
19 | when: php_conf_paths is not defined
20 |
21 | - name: Define php_extension_conf_paths.
22 | set_fact:
23 | php_extension_conf_paths: "{{ __php_extension_conf_paths }}"
24 | when: php_extension_conf_paths is not defined
25 |
26 | - name: Define php_apc_conf_filename.
27 | set_fact:
28 | php_apc_conf_filename: "{{ __php_apc_conf_filename }}"
29 | when: php_apc_conf_filename is not defined
30 |
31 | - name: Define php_opcache_conf_filename (Ubuntu 16.04).
32 | set_fact:
33 | php_opcache_conf_filename: "10-opcache.ini"
34 | when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04"
35 |
36 | - name: Define php_opcache_conf_filename.
37 | set_fact:
38 | php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}"
39 | when: php_opcache_conf_filename is not defined
40 |
41 | - name: Define php_fpm_conf_path.
42 | set_fact:
43 | php_fpm_conf_path: "{{ __php_fpm_conf_path }}"
44 | when: php_fpm_conf_path is not defined
45 |
46 | # Setup/install tasks.
47 | - include_tasks: setup-RedHat.yml
48 | when:
49 | - not php_install_from_source
50 | - ansible_os_family == 'RedHat'
51 |
52 | - include_tasks: setup-Debian.yml
53 | when:
54 | - not php_install_from_source
55 | - ansible_os_family == 'Debian'
56 |
57 | # Install PHP from source when php_install_from_source is true.
58 | - include_tasks: install-from-source.yml
59 | when: php_install_from_source
60 |
61 | # Configure PHP.
62 | - include_tasks: configure.yml
63 | - include_tasks: configure-apcu.yml
64 | - include_tasks: configure-opcache.yml
65 | - include_tasks: configure-fpm.yml
66 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update apt cache.
3 | apt: update_cache=yes cache_valid_time=86400
4 |
5 | - name: Ensure PHP packages are installed.
6 | apt:
7 | name: "{{ php_packages + php_packages_extra }}"
8 | state: "{{ php_packages_state }}"
9 | install_recommends: "{{ php_install_recommends }}"
10 | register: php_package_install
11 | notify: restart webserver
12 |
13 | - name: Delete APCu configuration file if this role will provide one.
14 | file:
15 | path: "{{ item }}/{{ php_apc_conf_filename }}"
16 | state: absent
17 | with_items: "{{ php_extension_conf_paths }}"
18 | when: php_enable_apc and php_package_install.changed
19 | notify: restart webserver
20 |
21 | - name: Delete OpCache configuration file if this role will provide one.
22 | file:
23 | path: "{{ item }}/{{ php_opcache_conf_filename }}"
24 | state: absent
25 | with_items: "{{ php_extension_conf_paths }}"
26 | when: php_opcache_enable | bool and php_package_install.changed
27 | notify: restart webserver
28 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure PHP packages are installed.
3 | package:
4 | name: "{{ php_packages + php_packages_extra }}"
5 | state: "{{ php_packages_state }}"
6 | enablerepo: "{{ php_enablerepo | default(omit, true) }}"
7 | notify: restart webserver
8 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/apc.ini.j2:
--------------------------------------------------------------------------------
1 | extension=apcu.so
2 | apc.shm_size={{ php_apc_shm_size }}
3 | apc.enable_cli={{ php_apc_enable_cli }}
4 | apc.rfc1867=1
5 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/fpm-init.j2:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ### BEGIN INIT INFO
3 | # Provides: php-fpm {{ php_fpm_daemon }}
4 | # Required-Start: $remote_fs $network
5 | # Required-Stop: $remote_fs $network
6 | # Default-Start: 2 3 4 5
7 | # Default-Stop: 0 1 6
8 | # Short-Description: starts {{ php_fpm_daemon }}
9 | # Description: Starts The PHP FastCGI Process Manager Daemon
10 | ### END INIT INFO
11 |
12 | # Author: Ondrej Sury
13 |
14 | PATH=/sbin:/usr/sbin:/bin:/usr/bin
15 | DESC="PHP FastCGI Process Manager"
16 | NAME={{ php_fpm_daemon }}
17 | DAEMON=/usr/sbin/$NAME
18 | DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf"
19 | PIDFILE=/var/run/{{ php_fpm_daemon }}.pid
20 | TIMEOUT=2
21 | SCRIPTNAME=/etc/init.d/$NAME
22 |
23 | # Exit if the package is not installed
24 | [ -x "$DAEMON" ] || exit 0
25 |
26 | # Read configuration variable file if it is present
27 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME
28 |
29 | # Load the VERBOSE setting and other rcS variables
30 | . /lib/init/vars.sh
31 |
32 | # Define LSB log_* functions.
33 | # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
34 | . /lib/lsb/init-functions
35 |
36 | # Don't run if we are running upstart
37 | if init_is_upstart; then
38 | exit 1
39 | fi
40 |
41 | #
42 | # Function to check the correctness of the config file
43 | #
44 | do_check()
45 | {
46 | /usr/lib/php5/php5-fpm-checkconf || return 1
47 | return 0
48 | }
49 |
50 | #
51 | # Function that starts the daemon/service
52 | #
53 | do_start()
54 | {
55 | # Return
56 | # 0 if daemon has been started
57 | # 1 if daemon was already running
58 | # 2 if daemon could not be started
59 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
60 | || return 1
61 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
62 | $DAEMON_ARGS 2>/dev/null \
63 | || return 2
64 | # Add code here, if necessary, that waits for the process to be ready
65 | # to handle requests from services started subsequently which depend
66 | # on this one. As a last resort, sleep for some time.
67 | }
68 |
69 | #
70 | # Function that stops the daemon/service
71 | #
72 | do_stop()
73 | {
74 | # Return
75 | # 0 if daemon has been stopped
76 | # 1 if daemon was already stopped
77 | # 2 if daemon could not be stopped
78 | # other if a failure occurred
79 | start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME
80 | RETVAL="$?"
81 | [ "$RETVAL" = 2 ] && return 2
82 | # Wait for children to finish too if this is a daemon that forks
83 | # and if the daemon is only ever run from this initscript.
84 | # If the above conditions are not satisfied then add some other code
85 | # that waits for the process to drop all resources that could be
86 | # needed by services started subsequently. A last resort is to
87 | # sleep for some time.
88 | start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON
89 | [ "$?" = 2 ] && return 2
90 | # Many daemons don't delete their pidfiles when they exit.
91 | rm -f $PIDFILE
92 | return "$RETVAL"
93 | }
94 |
95 | #
96 | # Function that sends a SIGHUP to the daemon/service
97 | #
98 | do_reload() {
99 | #
100 | # If the daemon can reload its configuration without
101 | # restarting (for example, when it is sent a SIGHUP),
102 | # then implement that here.
103 | #
104 | start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME
105 | return 0
106 | }
107 |
108 | case "$1" in
109 | start)
110 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
111 | do_start
112 | case "$?" in
113 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
114 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
115 | esac
116 | ;;
117 | stop)
118 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
119 | do_stop
120 | case "$?" in
121 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
122 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
123 | esac
124 | ;;
125 | status)
126 | status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
127 | ;;
128 | check)
129 | do_check yes
130 | ;;
131 | reload|force-reload)
132 | log_daemon_msg "Reloading $DESC" "$NAME"
133 | do_reload
134 | log_end_msg $?
135 | ;;
136 | reopen-logs)
137 | log_daemon_msg "Reopening $DESC logs" $NAME
138 | if start-stop-daemon --stop --signal USR1 --oknodo --quiet \
139 | --pidfile $PIDFILE --exec $DAEMON
140 | then
141 | log_end_msg 0
142 | else
143 | log_end_msg 1
144 | fi
145 | ;;
146 | restart)
147 | log_daemon_msg "Restarting $DESC" "$NAME"
148 | do_stop
149 | case "$?" in
150 | 0|1)
151 | do_start
152 | case "$?" in
153 | 0) log_end_msg 0 ;;
154 | 1) log_end_msg 1 ;; # Old process is still running
155 | *) log_end_msg 1 ;; # Failed to start
156 | esac
157 | ;;
158 | *)
159 | # Failed to stop
160 | log_end_msg 1
161 | ;;
162 | esac
163 | ;;
164 | *)
165 | echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
166 | exit 1
167 | ;;
168 | esac
169 |
170 | :
171 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/opcache.ini.j2:
--------------------------------------------------------------------------------
1 | zend_extension={{ php_opcache_zend_extension }}
2 | opcache.enable={{ php_opcache_enable }}
3 | opcache.enable_cli={{ php_opcache_enable_cli }}
4 | opcache.memory_consumption={{ php_opcache_memory_consumption }}
5 | opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }}
6 | opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }}
7 | opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }}
8 | opcache.validate_timestamps={{ php_opcache_validate_timestamps }}
9 | opcache.revalidate_path={{ php_opcache_revalidate_path }}
10 | opcache.revalidate_freq={{ php_opcache_revalidate_freq }}
11 | opcache.max_file_size={{ php_opcache_max_file_size }}
12 | {% if php_opcache_blacklist_filename != '' %}
13 | opcache.blacklist_filename={{ php_opcache_blacklist_filename }}
14 | {% endif %}
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/php-fpm.conf.j2:
--------------------------------------------------------------------------------
1 | ;;;;;;;;;;;;;;;;;;;;;
2 | ; FPM Configuration ;
3 | ;;;;;;;;;;;;;;;;;;;;;
4 |
5 | include={{ php_fpm_conf_path }}/pool.d/*.conf
6 |
7 | ;;;;;;;;;;;;;;;;;;
8 | ; Global Options ;
9 | ;;;;;;;;;;;;;;;;;;
10 |
11 | [global]
12 | error_log = /var/log/php-fpm.log
13 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/php.ini.j2:
--------------------------------------------------------------------------------
1 | [PHP]
2 |
3 | ;;;;;;;;;;;;;;;;;;;;
4 | ; Language Options ;
5 | ;;;;;;;;;;;;;;;;;;;;
6 |
7 | engine = On
8 | short_open_tag = {{ php_short_open_tag }}
9 | precision = {{ php_precision }}
10 | output_buffering = {{ php_output_buffering }}
11 |
12 | zlib.output_compression = Off
13 |
14 | implicit_flush = Off
15 | unserialize_callback_func =
16 | serialize_precision = {{ php_serialize_precision }}
17 | disable_functions = {{ php_disable_functions|join(",") }}
18 | disable_classes =
19 |
20 | zend.enable_gc = On
21 |
22 | ;;;;;;;;;;;;;;;;;
23 | ; Miscellaneous ;
24 | ;;;;;;;;;;;;;;;;;
25 |
26 | expose_php = {{ php_expose_php }}
27 |
28 | ;;;;;;;;;;;;;;;;;;;
29 | ; Resource Limits ;
30 | ;;;;;;;;;;;;;;;;;;;
31 |
32 | max_execution_time = {{ php_max_execution_time }}
33 | max_input_time = {{ php_max_input_time }}
34 | max_input_vars = {{ php_max_input_vars }}
35 | memory_limit = {{ php_memory_limit }}
36 |
37 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
38 | ; Error handling and logging ;
39 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
40 |
41 | error_reporting = {{ php_error_reporting }}
42 | display_errors = {{ php_display_errors }}
43 | display_startup_errors = {{ php_display_startup_errors }}
44 | log_errors = On
45 | log_errors_max_len = 1024
46 | ignore_repeated_errors = Off
47 | ignore_repeated_source = Off
48 | report_memleaks = On
49 | track_errors = Off
50 | html_errors = On
51 |
52 | ;;;;;;;;;;;;;;;;;
53 | ; Data Handling ;
54 | ;;;;;;;;;;;;;;;;;
55 |
56 | variables_order = "GPCS"
57 | request_order = "GP"
58 | register_argc_argv = Off
59 | auto_globals_jit = On
60 |
61 | post_max_size = {{ php_post_max_size }}
62 | auto_prepend_file =
63 | auto_append_file =
64 |
65 | default_mimetype = "text/html"
66 |
67 | ;;;;;;;;;;;;;;;;;;;;;;;;;
68 | ; Paths and Directories ;
69 | ;;;;;;;;;;;;;;;;;;;;;;;;;
70 |
71 | doc_root =
72 | user_dir =
73 |
74 | enable_dl = Off
75 |
76 | realpath_cache_size = {{ php_realpath_cache_size }}
77 |
78 | ;;;;;;;;;;;;;;;;
79 | ; File Uploads ;
80 | ;;;;;;;;;;;;;;;;
81 |
82 | file_uploads = {{ php_file_uploads }}
83 | upload_max_filesize = {{ php_upload_max_filesize }}
84 | max_file_uploads = {{ php_max_file_uploads }}
85 |
86 | ;;;;;;;;;;;;;;;;;;
87 | ; Fopen wrappers ;
88 | ;;;;;;;;;;;;;;;;;;
89 |
90 | allow_url_fopen = {{ php_allow_url_fopen }}
91 | allow_url_include = Off
92 |
93 | default_socket_timeout = 60
94 |
95 | ;;;;;;;;;;;;;;;;;;;
96 | ; Module Settings ;
97 | ;;;;;;;;;;;;;;;;;;;
98 |
99 | [CLI Server]
100 | cli_server.color = On
101 |
102 | [Date]
103 | date.timezone = {{ php_date_timezone }}
104 |
105 | [Pdo_mysql]
106 | pdo_mysql.cache_size = 2000
107 | pdo_mysql.default_socket=
108 |
109 | [mail function]
110 | ; For Win32 only.
111 | SMTP = localhost
112 | smtp_port = 25
113 |
114 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
115 | sendmail_path = {{ php_sendmail_path }}
116 |
117 | mail.add_x_header = On
118 |
119 | [SQL]
120 | sql.safe_mode = Off
121 |
122 | [ODBC]
123 | odbc.allow_persistent = On
124 | odbc.check_persistent = On
125 | odbc.max_persistent = -1
126 | odbc.max_links = -1
127 | odbc.defaultlrl = 4096
128 | odbc.defaultbinmode = 1
129 |
130 | [MySQL]
131 | mysql.allow_local_infile = On
132 | mysql.allow_persistent = On
133 | mysql.cache_size = 2000
134 | mysql.max_persistent = -1
135 | mysql.max_links = -1
136 | mysql.default_port =
137 | mysql.default_socket =
138 | mysql.default_host =
139 | mysql.default_user =
140 | mysql.default_password =
141 | mysql.connect_timeout = 60
142 | mysql.trace_mode = Off
143 |
144 | [MySQLi]
145 | mysqli.max_persistent = -1
146 | mysqli.allow_persistent = On
147 | mysqli.max_links = -1
148 | mysqli.cache_size = 2000
149 | mysqli.default_port = 3306
150 | mysqli.default_socket =
151 | mysqli.default_host =
152 | mysqli.default_user =
153 | mysqli.default_pw =
154 | mysqli.reconnect = Off
155 |
156 | [mysqlnd]
157 | mysqlnd.collect_statistics = On
158 | mysqlnd.collect_memory_statistics = Off
159 |
160 | [PostgreSQL]
161 | pgsql.allow_persistent = On
162 | pgsql.auto_reset_persistent = Off
163 | pgsql.max_persistent = -1
164 | pgsql.max_links = -1
165 | pgsql.ignore_notice = 0
166 | pgsql.log_notice = 0
167 |
168 | [bcmath]
169 | bcmath.scale = 0
170 |
171 | [Session]
172 | session.save_handler = {{ php_session_save_handler }}
173 | session.save_path = {{ php_session_save_path }}
174 | session.use_cookies = 1
175 | session.use_only_cookies = 1
176 | session.name = PHPSESSID
177 | session.auto_start = 0
178 |
179 | session.cookie_lifetime = {{ php_session_cookie_lifetime }}
180 | session.cookie_path = /
181 | session.cookie_domain =
182 | session.cookie_httponly =
183 |
184 | session.serialize_handler = php
185 |
186 | session.gc_probability = {{ php_session_gc_probability }}
187 | session.gc_divisor = {{ php_session_gc_divisor }}
188 | session.gc_maxlifetime = {{ php_session_gc_maxlifetime }}
189 |
190 | session.referer_check =
191 |
192 | session.cache_limiter = nocache
193 | session.cache_expire = 180
194 |
195 | session.use_trans_sid = 0
196 |
197 | session.hash_function = 0
198 | session.hash_bits_per_character = 5
199 |
200 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
201 |
202 | [MSSQL]
203 | mssql.allow_persistent = On
204 | mssql.max_persistent = -1
205 | mssql.max_links = -1
206 | mssql.min_error_severity = 10
207 | mssql.min_message_severity = 10
208 | mssql.compatability_mode = Off
209 | mssql.secure_connection = Off
210 |
211 | [Tidy]
212 | tidy.clean_output = Off
213 |
214 | [soap]
215 | soap.wsdl_cache_enabled=1
216 | soap.wsdl_cache_dir="/tmp"
217 | soap.wsdl_cache_ttl=86400
218 | soap.wsdl_cache_limit = 5
219 |
220 | [ldap]
221 | ldap.max_links = -1
222 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/templates/www.conf.j2:
--------------------------------------------------------------------------------
1 | [www]
2 | listen = 127.0.0.1:9000
3 | listen.allowed_clients = 127.0.0.1
4 | user = {{ php_fpm_pool_user }}
5 | group = {{ php_fpm_pool_group }}
6 |
7 | listen.owner = {{ php_fpm_pool_user }}
8 | listen.group = {{ php_fpm_pool_group }}
9 |
10 | pm = dynamic
11 | pm.max_children = 50
12 | pm.start_servers = 5
13 | pm.min_spare_servers = 5
14 | pm.max_spare_servers = 5
15 | pm.max_requests = 500
16 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __php_packages:
3 | - php{{ php_default_version_debian }}-common
4 | - php{{ php_default_version_debian }}-cli
5 | - php{{ php_default_version_debian }}-dev
6 | - php{{ php_default_version_debian }}-fpm
7 | - libpcre3-dev
8 | - php{{ php_default_version_debian }}-gd
9 | - php{{ php_default_version_debian }}-curl
10 | - php{{ php_default_version_debian }}-imap
11 | - php{{ php_default_version_debian }}-json
12 | - php{{ php_default_version_debian }}-opcache
13 | - php{{ php_default_version_debian }}-xml
14 | - php{{ php_default_version_debian }}-mbstring
15 | - php-sqlite3
16 | - php-apcu
17 | __php_webserver_daemon: "apache2"
18 |
19 | # Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode.
20 | __php_conf_paths:
21 | - /etc/php/{{ php_default_version_debian }}/fpm
22 | - /etc/php/{{ php_default_version_debian }}/apache2
23 | - /etc/php/{{ php_default_version_debian }}/cli
24 |
25 | __php_extension_conf_paths:
26 | - /etc/php/{{ php_default_version_debian }}/fpm/conf.d
27 | - /etc/php/{{ php_default_version_debian }}/apache2/conf.d
28 | - /etc/php/{{ php_default_version_debian }}/cli/conf.d
29 |
30 | __php_apc_conf_filename: 20-apcu.ini
31 | __php_opcache_conf_filename: 10-opcache.ini
32 | __php_fpm_daemon: php{{ php_default_version_debian }}-fpm
33 | __php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm"
34 | __php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf"
35 |
36 | __php_fpm_pool_user: www-data
37 | __php_fpm_pool_group: www-data
38 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.php/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | __php_packages:
3 | - php
4 | - php-cli
5 | - php-common
6 | - php-devel
7 | - php-fpm
8 | - php-gd
9 | - php-ldap
10 | - php-mbstring
11 | - php-opcache
12 | - php-pdo
13 | - php-pear
14 | - php-pecl-apcu
15 | - php-xml
16 | - php-xmlrpc
17 | __php_webserver_daemon: "httpd"
18 |
19 | __php_conf_paths:
20 | - /etc
21 |
22 | __php_extension_conf_paths:
23 | - /etc/php.d
24 |
25 | __php_apc_conf_filename: 50-apc.ini
26 | __php_opcache_conf_filename: 10-opcache.ini
27 | __php_fpm_daemon: php-fpm
28 | __php_fpm_conf_path: "/etc/fpm"
29 | __php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf"
30 |
31 | __php_fpm_pool_user: apache
32 | __php_fpm_pool_group: apache
33 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | */__pycache__
3 | *.pyc
4 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: python
3 | services: docker
4 |
5 | env:
6 | global:
7 | - ROLE_NAME: pip
8 | matrix:
9 | - MOLECULE_DISTRO: centos7
10 | - MOLECULE_DISTRO: fedora29
11 | - MOLECULE_DISTRO: ubuntu1804
12 | - MOLECULE_DISTRO: debian9
13 |
14 | install:
15 | # Install test dependencies.
16 | - pip install molecule docker
17 |
18 | before_script:
19 | # Use actual Ansible Galaxy role name for the project directory.
20 | - cd ../
21 | - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
22 | - cd geerlingguy.$ROLE_NAME
23 |
24 | script:
25 | # Run tests.
26 | - molecule test
27 |
28 | notifications:
29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
30 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2017 Jeff Geerling
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/README.md:
--------------------------------------------------------------------------------
1 | # Ansible Role: Pip (for Python)
2 |
3 | [](https://travis-ci.org/geerlingguy/ansible-role-pip)
4 |
5 | An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
6 |
7 | ## Requirements
8 |
9 | On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
10 |
11 | ## Role Variables
12 |
13 | Available variables are listed below, along with default values (see `defaults/main.yml`):
14 |
15 | pip_package: python-pip
16 |
17 | The name of the packge to install to get `pip` on the system. You can set to `python3-pip`, for example, when using Python 3 on Ubuntu.
18 |
19 | pip_executable: pip
20 |
21 | The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
22 |
23 | pip_install_packages: []
24 |
25 | A list of packages to install with pip. Examples below:
26 |
27 | pip_install_packages:
28 | # Specify names and versions.
29 | - name: docker
30 | version: "1.2.3"
31 | - name: awscli
32 | version: "1.11.91"
33 |
34 | # Or specify bare packages to get the latest release.
35 | - docker
36 | - awscli
37 |
38 | # Or uninstall a package.
39 | - name: docker
40 | state: absent
41 |
42 | # Or update a package ot the latest version.
43 | - name: docker
44 | state: latest
45 |
46 | # Or force a reinstall.
47 | - name: docker
48 | state: forcereinstall
49 |
50 | # Or install a package in a particular virtualenv.
51 | - name: docker
52 | virtualenv: /my_app/venv
53 |
54 | ## Dependencies
55 |
56 | None.
57 |
58 | ## Example Playbook
59 |
60 | - hosts: all
61 |
62 | vars:
63 | pip_install_packages:
64 | - name: docker
65 | - name: awscli
66 |
67 | roles:
68 | - geerlingguy.pip
69 |
70 | ## License
71 |
72 | MIT / BSD
73 |
74 | ## Author Information
75 |
76 | This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
77 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # For Python 3, use python3-pip.
3 | pip_package: python-pip
4 | pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
5 |
6 | pip_install_packages: []
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | install_date: Tue Jul 21 12:45:09 2020
2 | version: 1.3.0
3 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | author: geerlingguy
6 | description: Pip (Python package manager) for Linux.
7 | issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
8 | company: "Midwestern Mac, LLC"
9 | license: "license (BSD, MIT)"
10 | min_ansible_version: 2.0
11 | platforms:
12 | - name: EL
13 | versions:
14 | - all
15 | - name: Fedora
16 | versions:
17 | - all
18 | - name: Debian
19 | versions:
20 | - all
21 | - name: Ubuntu
22 | versions:
23 | - all
24 | galaxy_tags:
25 | - system
26 | - server
27 | - packaging
28 | - python
29 | - pip
30 | - tools
31 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependency:
3 | name: galaxy
4 | driver:
5 | name: docker
6 | lint:
7 | name: yamllint
8 | options:
9 | config-file: molecule/default/yaml-lint.yml
10 | platforms:
11 | - name: instance
12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
13 | command: ${MOLECULE_DOCKER_COMMAND:-""}
14 | volumes:
15 | - /sys/fs/cgroup:/sys/fs/cgroup:ro
16 | privileged: true
17 | pre_build_image: true
18 | provisioner:
19 | name: ansible
20 | lint:
21 | name: ansible-lint
22 | playbooks:
23 | converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
24 | scenario:
25 | name: default
26 | verifier:
27 | name: testinfra
28 | lint:
29 | name: flake8
30 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/molecule/default/playbook.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 | hosts: all
4 | become: true
5 |
6 | vars:
7 | pip_install_packages:
8 | # Test installing a specific version of a package.
9 | - name: ipaddress
10 | version: "1.0.18"
11 | # Test installing a package by name.
12 | - colorama
13 |
14 | pre_tasks:
15 | - name: Update apt cache.
16 | apt: update_cache=true cache_valid_time=600
17 | when: ansible_os_family == 'Debian'
18 |
19 | roles:
20 | - role: geerlingguy.pip
21 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/molecule/default/tests/test_default.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | import testinfra.utils.ansible_runner
4 |
5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
7 |
8 |
9 | def test_hosts_file(host):
10 | f = host.file('/etc/hosts')
11 |
12 | assert f.exists
13 | assert f.user == 'root'
14 | assert f.group == 'root'
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/molecule/default/yaml-lint.yml:
--------------------------------------------------------------------------------
1 | ---
2 | extends: default
3 | rules:
4 | line-length:
5 | max: 120
6 | level: warning
7 |
--------------------------------------------------------------------------------
/automation/ansible/roles/geerlingguy.pip/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Pip is installed.
3 | package:
4 | name: "{{ pip_package }}"
5 | state: present
6 |
7 | - name: Ensure pip_install_packages are installed.
8 | pip:
9 | name: "{{ item.name | default(item) }}"
10 | version: "{{ item.version | default(omit) }}"
11 | virtualenv: "{{ item.virtualenv | default(omit) }}"
12 | state: "{{ item.state | default(omit) }}"
13 | executable: "{{ pip_executable }}"
14 | with_items: "{{ pip_install_packages }}"
15 |
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/tasks/create_webroots.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create webroots for sites
3 | file:
4 | path={{ item }}
5 | state=directory
6 | with_items:
7 | - /var/www/symfony-project-kickstart
8 | become: True
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/tasks/install_codedeploy.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Download Code Deploy Agent
3 | get_url:
4 | url=https://aws-codedeploy-eu-west-1.s3.amazonaws.com/latest/install
5 | dest=/tmp
6 |
7 | - name: Make it executable
8 | command: "chmod +x /tmp/install"
9 |
10 | - name: Install agent
11 | command: "/tmp/install auto"
12 | become: True
13 |
14 | - name: Delete installation script
15 | file:
16 | state=absent
17 | path=/tmp/install
18 |
19 | - name: Make sure service is started
20 | service:
21 | name: "codedeploy-agent"
22 | state: started
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure needed packages are installed
3 | apt:
4 | name: ['composer', 'nodejs', 'npm', 'ruby', 'software-properties-common', 'ca-certificates', 'python3-pip']
5 |
6 | - name: set timezone to Europe/Madrid
7 | timezone:
8 | name: Europe/Madrid
9 |
10 | # Add specified repository into sources list.
11 | - apt_repository:
12 | repo: ppa:ondrej/php
13 |
14 | - apt_repository:
15 | repo: ppa:ondrej/apache2
16 |
17 | - name: Run the equivalent of "apt-get update" as a separate step
18 | apt:
19 | update_cache: yes
20 |
21 | - name: Create a symbolink link to configure tzdata (and avoid problems installing php7.2)
22 | file:
23 | src: "/usr/share/zoneinfo/Europe/Berlin"
24 | dest: "/etc/localtime"
25 | state: link
26 | force: yes
27 |
28 | - name: Install "less" node.js package globally.
29 | npm:
30 | name: less
31 | global: yes
32 |
33 | - name: Ensure aws module dependencies are installed
34 | pip:
35 | name: ['boto3', 'botocore']
36 | executable: "pip3"
37 |
38 | - name: Create self-signed certificates folder if not exists
39 | file:
40 | path=/etc/ssl/crt
41 | state=directory
42 |
43 | - name: Create certificate file for localdomain
44 | template:
45 | src: localdomains.crt.j2
46 | dest: /etc/ssl/crt/localdomains.crt
47 | mode: 0744
48 |
49 | - name: Create key file for localdomain
50 | template:
51 | src: localdomains.key.j2
52 | dest: /etc/ssl/crt/localdomains.key
53 | mode: 0744
54 |
55 | - name: Create startup command for docker image
56 | template:
57 | src: http_foreground.sh.j2
58 | dest: /usr/local/bin/http_foreground.sh
59 | mode: 0744
60 | when: target_environment == "dev"
61 |
62 | # Merge php packages list based on environment:
63 | - name: Merge php packages list when in dev.
64 | set_fact:
65 | php_packages: "{{ php_packages_common }} + {{ php_packages_dev }}"
66 | when: target_environment == "dev"
67 |
68 | - name: Merge php packages list when in prod.
69 | set_fact:
70 | php_packages: "{{ php_packages_common }} + {{ php_packages_prod }}"
71 | when: target_environment == "prod"
72 |
73 | # Merge vhosts definition list based on environment:
74 | - name: Merge vhosts definition list when in DEV.
75 | set_fact:
76 | apache_vhosts: "{{ apache_vhosts_common }} + {{ apache_vhosts_dev }}"
77 | when: target_environment == "dev"
78 |
79 | - name: Merge vhosts definition list when in PROD.
80 | set_fact:
81 | apache_vhosts: "{{ apache_vhosts_common }} + {{ apache_vhosts_prod }}"
82 | when: target_environment == "prod"
83 |
84 | - name: Merge vhosts SSL definition list when in DEV.
85 | set_fact:
86 | apache_vhosts_ssl: "{{ apache_vhosts_ssl_common }} + {{ apache_vhosts_ssl_dev }}"
87 | when: target_environment == "dev"
88 |
89 | - name: Merge vhosts SSL definition list when in PROD.
90 | set_fact:
91 | apache_vhosts_ssl: "{{ apache_vhosts_ssl_common }} + {{ apache_vhosts_ssl_prod }}"
92 | when: target_environment == "prod"
93 |
94 | # Set environment variables for server:
95 | - name: Configure env variables for dev servers
96 | set_fact:
97 | environment_config:
98 | SYMFONY_ENV: 'dev'
99 | when: target_environment == "dev"
100 |
101 | - name: Configure env variables for prod servers
102 | set_fact:
103 | environment_config:
104 | SYMFONY_ENV: 'prod'
105 | when: target_environment == "prod"
106 |
107 | # Create folders for webroots in production servers
108 | - include_tasks: create_webroots.yml
109 | when: target_environment == "prod"
110 |
111 | # Include Code Deploy Agent when building image for AWS (prod)
112 | - include_tasks: install_codedeploy.yml
113 | when: target_environment == "prod"
114 |
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/templates/http_foreground.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # Apache gets grumpy about PID files pre-existing
5 | rm -f $(. /etc/apache2/envvars && echo $APACHE_PID_FILE)
6 |
7 | exec /usr/sbin/apache2ctl -D FOREGROUND
8 |
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/templates/localdomains.crt.j2:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIFizCCA3OgAwIBAgIURA88v4xS12D0wz8z4Y3yp8dZFBowDQYJKoZIhvcNAQEL
3 | BQAwVTELMAkGA1UEBhMCRVMxEzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAcM
4 | BGNpdHkxIjAgBgNVBAoMGVN5bWZvbnkgS2lja3N0YXJ0IFByb2plY3QwHhcNMjAw
5 | NzE0MjIxNTQwWhcNMzAwNzEyMjIxNTQwWjBVMQswCQYDVQQGEwJFUzETMBEGA1UE
6 | CAwKU29tZS1TdGF0ZTENMAsGA1UEBwwEY2l0eTEiMCAGA1UECgwZU3ltZm9ueSBL
7 | aWNrc3RhcnQgUHJvamVjdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
8 | ALSNCyjgiaQYIavDY1nJtu6PjuyQ8ewH+ivUy/IvUsWhEjwBlT5AzhtDzIICTz4y
9 | u30EnwOqZnKPwmv7CqlWmpwY7fgDt7VXE3iGb2y5BPKdHA0cYZvlfqDDKiIa8wly
10 | HvAUj121Ko+33S9SQ+2obsd+NXsVcs0ecN/UxBdiGFZXZvNpYJDn4dftsIPprw/O
11 | ZR0gxiFExm9oJCaX5q8a8qey6ARvw8D06/DhcgZ8l7enswpEHPk9MQexEQxfGq/4
12 | l9Fj9MKVxzJTFWU6rPqvgyss/robZrbO2lJEZEDyraUaranZM3bivp6QIH7bmJpT
13 | 0hKuYjMno4SceTmF/zGJiqMQ4rYOAXZvjC0rmUA8rdUmIOkTd9lRY/KT+zDfNGzE
14 | tcEB1hz2zQ1tywB6182+9nmHd63ccNr5frElhVNJ/HyA+BZeXT4taxoPtJD/sqVk
15 | gQJDlUagj4l1chJlxQdfWoeh6O7GZ4Uebi6TUrW6j6Ft6DI8bB0PXjljv/9r7gzv
16 | KnBQ9WQ3nOCfDRNHd1LtWpnDz9QDq6PCNV02pzzIiwvYRnC4KHMkpQdXG0oXRICz
17 | Tjsqkx8gt/xDscgwAHAEX3kJIY14s3VtMt9t1OJl5zkyVuhVnuHI/g++/IpFb6wk
18 | n0uzqgDxbzoEPJ1/e7U4oq0kxKzaZvOqwhry5H5x33IfAgMBAAGjUzBRMB0GA1Ud
19 | DgQWBBTbLPyLtWkpCxiHw5f5Ymi86d58WjAfBgNVHSMEGDAWgBTbLPyLtWkpCxiH
20 | w5f5Ymi86d58WjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA4
21 | fyBrfQT8UOZDDV25Swk5Zse5eW3pc/YDRBGvI5NBr6wBhEbp12G4zSnBa9L45Ooe
22 | 6G0VHiE9DaHf4rzQ0A+m+FRzeMiwyDzTPEpUxpxwdYirwxn4Xn/jaaLGWKwroPkm
23 | S/WDimwDQs34TWi0EOceY79sqNZiJ80ZS3YnCRu9CnQa5wLaBKg7ftRjbhmRmSg/
24 | hBSBwgFVBNplSQYY6WT+HQo+SvrX8Z+cZh5/HrMfwHktLEWLOJngw66EitpoB53G
25 | gzNVUWusJHuhcC9IDPcPEC4crQJBOlkv3vB5DplzJOZ0Uw9cNKRDbj+rGyowBasQ
26 | Ts05FVVg5Ga0of7a3ixtf7xx42NMs9pLT9RQEfFCDjFW4xfUQMDnNvoPEkn8+7oL
27 | 0NWd4ISxGGW9M5IiClmHZJhaf/K92+V8aMXNsBfg+3L/rVIw1PVZCoXJLXhfFFf2
28 | ZUfcaAP/+aF+ge1OpwJUX9TjL7WmcYjKbJ0EnRxXV1uO+s47lrv72rnvyYnVPUKU
29 | 2vbUsTXU6xV/ACVG4NwLNItUTwu8H9fYNEE36dcmSPpoNVPJksxuDtThlifhb/XW
30 | kt9w5R3JxKlU9b3t0PlCSBl/sIDHsd419W4XAdYYVvJ3ykjPVgN47whWiPD/zXdS
31 | noobe/0iXVsXrbmEMtdsxP0ZJhS4XB58LeBJkWR/bg==
32 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/automation/ansible/roles/webserver.utils/templates/localdomains.key.j2:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0jQso4ImkGCGr
3 | w2NZybbuj47skPHsB/or1MvyL1LFoRI8AZU+QM4bQ8yCAk8+Mrt9BJ8DqmZyj8Jr
4 | +wqpVpqcGO34A7e1VxN4hm9suQTynRwNHGGb5X6gwyoiGvMJch7wFI9dtSqPt90v
5 | UkPtqG7HfjV7FXLNHnDf1MQXYhhWV2bzaWCQ5+HX7bCD6a8PzmUdIMYhRMZvaCQm
6 | l+avGvKnsugEb8PA9Ovw4XIGfJe3p7MKRBz5PTEHsREMXxqv+JfRY/TClccyUxVl
7 | Oqz6r4MrLP66G2a2ztpSRGRA8q2lGq2p2TN24r6ekCB+25iaU9ISrmIzJ6OEnHk5
8 | hf8xiYqjEOK2DgF2b4wtK5lAPK3VJiDpE3fZUWPyk/sw3zRsxLXBAdYc9s0NbcsA
9 | etfNvvZ5h3et3HDa+X6xJYVTSfx8gPgWXl0+LWsaD7SQ/7KlZIECQ5VGoI+JdXIS
10 | ZcUHX1qHoejuxmeFHm4uk1K1uo+hbegyPGwdD145Y7//a+4M7ypwUPVkN5zgnw0T
11 | R3dS7VqZw8/UA6ujwjVdNqc8yIsL2EZwuChzJKUHVxtKF0SAs047KpMfILf8Q7HI
12 | MABwBF95CSGNeLN1bTLfbdTiZec5MlboVZ7hyP4PvvyKRW+sJJ9Ls6oA8W86BDyd
13 | f3u1OKKtJMSs2mbzqsIa8uR+cd9yHwIDAQABAoICACczPEoKvjefeagGSwrSjeIr
14 | zxczvSLG9J0RnZoehjUcbI4UteeHQHiQ9tT/VV8muqhBGZk9JPMYnVi+b6kmgXkE
15 | vJ4NiJRZrIONhKGxZg6a59083UBwylZzKTGwcjYJzgfIHvx0eiIsBFzi2pa97Bdq
16 | IohvtrYsNsuSMWT2Slxsq5CLv4iWn+U22Q067mRbJn71f673dLH5hWfPsSkxi5+3
17 | a0KTVYgOZS+ucwhPgs1AHtJKyZOfooaN/iqWd3/fVG8E6b5ZsJ8PhOSuoaHn+22j
18 | Xkbf7iQgsywLZ0zmo6bmLPBklRTp1AMvPa7tVKulKUYfEHkU0R7YrkU7/5UszKmP
19 | WjBs3un9qsQ8DfgJQ3Ac4Qx9/En9iUduHXcHVr3T5yV+bbkuEx565tTqQBjfK/Vn
20 | 3Woulv9JaxxmNRyjUkBze6Vjki0VwSKyUNJgL9nHrsxo/oraq63p9HfP+4GSs05y
21 | PHRb0SKzj4yEoH+c0VKUf7p8VjbLVKUyuF3bmw+sfp3s/Z7+27BgnHHLlLM21cZT
22 | 1EmXU3lnzAwnbzZg3qAdYUGLjJKsnD7J4u444rhhpmhMYdNZgZwytNEl4RUrjUwB
23 | R/OEDijYJN/iMcZ9uI6AVkgg9tiC3K9yYYW1M6YOGTIG4Mut41ju6m/ICgx/8nxZ
24 | GTbHOmUkCdR5jKG+p85pAoIBAQDkNLrgit2Or5VGXVAMF2452FN8kUG0P1o2wwR1
25 | MUeAJBKDsW7Ef2VzJOIY8da9a5fmFq+tmU5iWk/Zi5NShz0LAbl9e2G6l8m9wfbA
26 | GGoyRzttOl8gQN6GAtG7CMZEH/lEuhwiLKmWSDy4UGczI46u8M9YdeS+XzVWXMdW
27 | HIMYnTTdzcSFyOcdwkuSHe9SSa0Ic6o/wHl22W7UyGgWwt89PSJzV8AzMWXn9kUg
28 | Ll5bunQiCzErR1sTCIaViEeuBDYudZGQuR4+3Kdu8z8VwWZoHepc0AA9X3Iw78wt
29 | bLnGoArFZeKqD3yWwXvwQibP1TJj5NCfWPGCO1BY1dAKzzwTAoIBAQDKinhXxeNM
30 | Zpt6nQAXDJS5M/Wgh7S1iNN1eUgpET9zpzE1RitnB+S3wEysQbNxgZZgG/V+N4kg
31 | 6c2iqsUxwJBos2/fnNoqNUTZ+LUJmyrZso0ttE5xvh00ljVOZcunlP8SDXAiMm2g
32 | rxwmcl78RxNg/dhx/dP36aaGusXgS6QmSNI+NtOpyqIB4UoAePMhttIcl7ULPEaA
33 | AwlTJZgwFOhvncpSvQxgEH2cYU6EdtC1VZmb17C6W1niZe9aILyA2AWMCDYywY+4
34 | +9jo4k8tHhngP38gv+K4V73dxTUBDEwz8lViuk/Z0t7MCYnms8MpCpK1Ha5YNzhb
35 | 0hOIPnF14NtFAoIBAQC1HwC/XJfSOptgmIkCv8n1UTOZ53PdinaghhHQrccQ9hBX
36 | w4ilnnM3eyuUHsWP24hYzuKqBsZGm2VKxVOtKbcSOFEvPbDoNragzAR6nCYVN6H7
37 | 5FtBrxquBCjPqHwr77CYkpnnqckDhNvkcbQmy27gfDIlBJUDX29m1wZC2yhVbdha
38 | vojeogCFBwORuf6LMfyKe7rBFJOS96nWaiTrA8nIwe/I2fmq5+b4vuZIT2UGqqqn
39 | pnhk4CJxrc+beOljPOZ/40IgOjy+KcUd8yO7sZ8EvdGXzmKSU2G/Y2OLHgMomTdT
40 | SrUmwlnhETm8C9TgGVcAH8hQ4Hf2I/t2NmUDX01PAoIBAC+XH7XICqN+DJRf5ZCE
41 | 5UErI1Dn8h8hmkYlDD6SDe234EkbRsF7ylMevSVQfsBx6YqFp0ZT+EWiii3poFIT
42 | ZBsl5miNa3m1cIsi9C7gpc3nNWMC1dfGCwi7LqVQJ+0lhlWQkMOIQ9gYrS2ffBAd
43 | B0GoA76tHKxI21cW9b3BKD3SqIvzyAJCWZTFgeTghohqc65CO0j7jbkwfXVrBPpv
44 | PzpSwiJ0xz6fQVSITLG1VU72YRSMNrtjEZivyPDNdl1z5MHFgC6m6oVVr97wphf8
45 | 1amqYc2pKLWV8Ef2uYCYiiM+kq+TBYYyFSWuLBfoLzgqgtRJuBiESRrSHsLJoVFI
46 | V10CggEBAL80+4NlUExEZp4DCNEcHWXpyw/O+xp0KNbJthgPGiVBC7l1+Najx9ET
47 | xRZK60LLgGAb5PwhHuOn2Vdy4qotyXjiJnBQocq3FvocotPPfKLA9EiPLzZpFXDh
48 | badqxfTtGhJMvHFRqaHyHpcXpukI+42SFozkq723LFgdd7sIlLqejIfnF8IBNVy+
49 | Dtrs+sXK3k2mEIY0gGVm8AmGRCsY69hLyr9iFBpAilNVn9DJK3blQTAc0YEZF4fd
50 | UD3N76YxYWfDERQyBSXO4ED0un9hza7XIbqXwPvnxP8KEzb1iFUMMXAUKJAIJaX4
51 | VCt9M/Npt1OALeZ9gkOXcyYVze++UmM=
52 | -----END PRIVATE KEY-----
--------------------------------------------------------------------------------
/automation/ansible/vars/database_server_vars.yml:
--------------------------------------------------------------------------------
1 | pip_package: python3-pip
2 |
3 | mysql_user_home: /root
4 | mysql_user_name: root
5 | mysql_user_password: root
6 |
7 | mysql_port: "3306"
8 | mysql_bind_address: '0.0.0.0'
9 | mysql_datadir: /var/lib/mysql
10 | mysql_socket: /var/run/mysqld/mysqld.sock
11 | mysql_pid_file: /var/run/mysqld/mysqld.pid
12 |
13 | # Databases
14 | mysql_databases:
15 | - { name: experiment, collation: utf8_general_ci, encoding: utf8 }
16 |
17 | # Users
18 | mysql_users:
19 | - name: experiment
20 | host: '%'
21 | password: "{{ experiment_db_password | default('experiment') }}"
22 | priv: 'experiment.*:ALL'
23 |
24 |
--------------------------------------------------------------------------------
/automation/ansible/vars/web_server_vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ############################################
3 | #
4 | # Apache related variables
5 | #
6 | ############################################
7 | apache_remove_default_vhost: true
8 |
9 | apache_ignore_missing_ssl_certificate: false
10 |
11 | # Only used on Debian/Ubuntu.
12 | apache_mods_enabled:
13 | - rewrite.load
14 | - ssl.load
15 |
16 | # Set initial apache state. Recommended values: `started` or `stopped`
17 | apache_state: started
18 |
19 | # Set apache state when configuration changes are made. Recommended values:
20 | # `restarted` or `reloaded`
21 | apache_restart_state: restarted
22 |
23 | # Apache package state; use `present` to make sure it's installed, or `latest`
24 | # if you want to upgrade or switch versions using a new repo.
25 | apache_packages_state: present
26 |
27 | ############################################
28 | #
29 | # PHP related variables
30 | #
31 | ############################################
32 | php_memory_limit: "256M"
33 | php_max_execution_time: "90"
34 | php_upload_max_filesize: "256M"
35 | php_max_file_uploads: "20"
36 | php_post_max_size: "150M"
37 | php_date_timezone: "Europe/Madrid"
38 | php_opcache.max_accelerated_files: "20000"
39 | php_realpath_cache_size: "4096K"
40 | php_realpath_cache_ttl: "600"
41 |
42 | php_packages_common:
43 | - php7.4
44 | - php7.4-cli
45 | - php7.4-common
46 | - php7.4-gd
47 | - php7.4-mbstring
48 | - php7.4-pdo
49 | - php7.4-xml
50 | - php7.4-intl
51 | - php7.4-curl
52 | - php7.4-zip
53 | - php7.4-apcu
54 | - php7.4-mysql
55 | - php7.4-mongodb
56 | - php7.4-opcache
57 | - libapache2-mod-php7.4
58 | - php-http
59 |
60 | php_packages_dev:
61 | - php7.4-xdebug
62 | - php-codesniffer
63 | - phpcpd
64 |
65 | php_packages_prod: []
--------------------------------------------------------------------------------
/automation/ansible/vars/web_server_vhosts_common.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ############################################
3 | #
4 | # Apache vhosts
5 | #
6 | ############################################
7 | apache_vhosts_common:
8 | - servername: "www.example.com"
9 | documentroot: "/var/www/symfony-project-kickstart/public"
10 | allow_override: 'All'
11 | option: 'FollowSymLinks MultiViews'
12 | extra_parameters: |
13 | ## Logging
14 | ErrorLog "/var/log/apache2/symfony-project-kickstart_error_ssl.log"
15 | ServerSignature Off
16 | CustomLog "/var/log/apache2/symfony-project-kickstart_access_ssl.log" combined
17 |
18 | ############################################
19 | #
20 | # Apache SSL vhosts
21 | #
22 | ############################################
23 |
24 | apache_vhosts_ssl_common:
25 | - servername: "www.example.com"
26 | documentroot: "/var/www/symfony-project-kickstart/public"
27 | certificate_file: "/etc/ssl/crt/localdomains.crt"
28 | certificate_key_file: "/etc/ssl/crt/localdomains.key"
29 | allow_override: 'All'
30 | option: 'FollowSymLinks MultiViews'
31 | extra_parameters: |
32 | ## Logging
33 | ErrorLog "/var/log/apache2/symfony-project-kickstart_error_ssl.log"
34 | ServerSignature Off
35 | CustomLog "/var/log/apache2/symfony-project-kickstart_access_ssl.log" combined
36 |
37 | ## SSL directives
38 | SSLCACertificatePath "/etc/ssl/crt"
--------------------------------------------------------------------------------
/automation/ansible/vars/web_server_vhosts_dev.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ############################################
3 | #
4 | # Apache vhosts
5 | #
6 | ############################################
7 | apache_vhosts_dev: []
8 |
9 | ############################################
10 | #
11 | # Apache SSL vhosts
12 | #
13 | ############################################
14 | apache_vhosts_ssl_dev: []
15 |
16 |
--------------------------------------------------------------------------------
/automation/ansible/vars/web_server_vhosts_prod.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ############################################
3 | #
4 | # Apache vhosts
5 | #
6 | ############################################
7 | apache_vhosts_prod: []
8 |
9 |
10 | ############################################
11 | #
12 | # Apache SSL vhosts
13 | #
14 | ############################################
15 |
16 | apache_vhosts_ssl_prod: []
17 |
18 |
--------------------------------------------------------------------------------
/automation/ansible/web_server.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 | become: True
4 | gather_facts: False
5 |
6 | pre_tasks:
7 | - raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
8 | - setup: # aka gather_facts
9 |
10 | vars_files:
11 | - "./vars/web_server_vars.yml"
12 | - "./vars/web_server_vhosts_common.yml"
13 | - "./vars/web_server_vhosts_{{ target_environment }}.yml"
14 |
15 | roles:
16 | - { role: common }
17 | - { role: webserver.utils }
18 | - { role: geerlingguy.apache }
19 | - { role: geerlingguy.php }
20 | - { role: franklinkim.environment }
--------------------------------------------------------------------------------
/automation/packer/create_docker_image_dbserver.json:
--------------------------------------------------------------------------------
1 | {
2 | "variables": {
3 | "ansible_host": "default",
4 | "ansible_connection": "docker"
5 | },
6 | "builders": [
7 | {
8 | "type": "docker",
9 | "image": "ubuntu:18.04",
10 | "commit": "true",
11 | "run_command": [
12 | "-d",
13 | "-i",
14 | "-t",
15 | "--name",
16 | "{{user `ansible_host`}}",
17 | "{{.Image}}",
18 | "/bin/bash"
19 | ],
20 | "changes": [
21 | "EXPOSE 3306",
22 | "CMD [\"mysqld\"]",
23 | "LABEL project=sbk"
24 | ]
25 | }
26 | ],
27 | "provisioners": [
28 | {
29 | "type": "shell",
30 | "inline": [
31 | "apt-get update",
32 | "apt-get install sudo -yq"
33 | ]
34 | },
35 | {
36 | "type": "ansible",
37 | "playbook_file": "../ansible/database_server.yml",
38 | "extra_arguments": [
39 | ],
40 | "ansible_env_vars": [
41 | "ANSIBLE_SSH_ARGS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o AddKeysToAgent=no'"
42 | ]
43 | }
44 | ],
45 | "post-processors": [
46 | [
47 | {
48 | "type": "docker-tag",
49 | "repository": "spk_local/dbserver",
50 | "tag": "latest"
51 | }
52 | ]
53 | ]
54 | }
55 |
--------------------------------------------------------------------------------
/automation/packer/create_docker_image_webserver.json:
--------------------------------------------------------------------------------
1 | {
2 | "variables": {
3 | "ansible_host": "default",
4 | "ansible_connection": "docker"
5 | },
6 | "builders": [
7 | {
8 | "type": "docker",
9 | "image": "ubuntu:18.04",
10 | "commit": "true",
11 | "run_command": [
12 | "-d",
13 | "-i",
14 | "-t",
15 | "--name",
16 | "{{user `ansible_host`}}",
17 | "{{.Image}}",
18 | "/bin/bash"
19 | ],
20 | "changes": [
21 | "EXPOSE 80 443",
22 | "CMD [\"/usr/local/bin/http_foreground.sh\"]",
23 | "LABEL project=sbk"
24 | ]
25 | }
26 | ],
27 | "provisioners": [
28 | {
29 | "type": "shell",
30 | "inline": [
31 | "apt-get update",
32 | "apt-get install sudo -yq"
33 | ]
34 | },
35 | {
36 | "type": "ansible",
37 | "playbook_file": "../ansible/web_server.yml",
38 | "extra_arguments": [
39 | "--extra-vars",
40 | "target_environment=dev"
41 | ],
42 | "ansible_env_vars": [
43 | "ANSIBLE_SSH_ARGS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o AddKeysToAgent=no'"
44 | ]
45 | }
46 | ],
47 | "post-processors": [
48 | [
49 | {
50 | "type": "docker-tag",
51 | "repository": "spk_local/webserver",
52 | "tag": "latest"
53 | }
54 | ]
55 | ]
56 | }
57 |
--------------------------------------------------------------------------------
/automation/terraform/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = var.aws_profile
3 | region = var.region
4 | }
5 |
6 | resource "aws_key_pair" "terraform_executor_key" {
7 | key_name = "terraform_executor"
8 | public_key = file(var.public_key)
9 | tags = var.additional_tags
10 | }
11 |
12 | module "network" {
13 | source = "./modules/network"
14 | additional_tags = var.additional_tags
15 | cidr_vpc = var.cidr_vpc
16 | cidr_subnet = var.cidr_subnet
17 | webserver_private_ip = var.webserver_private_ip
18 | dbserver_private_ip = var.dbserver_private_ip
19 | webserver_instance_id = module.ec2.webserver_instance_id
20 | }
21 |
22 | module "ec2" {
23 | source = "./modules/ec2"
24 | additional_tags = var.additional_tags
25 | application_name = var.application_name
26 | ami = var.amis[var.region]
27 | subnet_id = module.network.subnet_id
28 | key_name = aws_key_pair.terraform_executor_key.key_name
29 | private_key = var.private_key
30 | iam_instance_profile = module.ci-cd.aws_iam_instance_profile_name
31 | webserver_private_ip = var.webserver_private_ip
32 | dbserver_private_ip = var.dbserver_private_ip
33 | security_groups_webserver = [
34 | module.network.security_group_web_id,
35 | module.network.security_group_ssh_id,
36 | module.network.security_group_tls_id,
37 | module.network.security_group_icmp_id
38 | ]
39 | security_groups_dbserver = [
40 | module.network.security_group_ssh_id,
41 | module.network.security_group_tls_id,
42 | module.network.security_group_icmp_id,
43 | module.network.security_group_mysql_id
44 | ]
45 | }
46 |
47 | module "ci-cd" {
48 | source = "./modules/ci-cd"
49 | additional_tags = var.additional_tags
50 | application_name = var.application_name
51 | deployment_s3_bucket = var.deployment_s3_bucket
52 | }
53 |
--------------------------------------------------------------------------------
/automation/terraform/modules/ci-cd/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_role" "code_deploy_executor_role" {
2 | name = "code_deploy_executor_role"
3 | tags = var.additional_tags
4 |
5 | assume_role_policy = <getParameterOption(['--env', '-e'], null, true)) {
24 | putenv('APP_ENV='.$_SERVER['APP_ENV'] = $_ENV['APP_ENV'] = $env);
25 | }
26 |
27 | if ($input->hasParameterOption('--no-debug', true)) {
28 | putenv('APP_DEBUG='.$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = '0');
29 | }
30 |
31 | (new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
32 |
33 | if ($_SERVER['APP_DEBUG']) {
34 | umask(0000);
35 |
36 | if (class_exists(Debug::class)) {
37 | Debug::enable();
38 | }
39 | }
40 |
41 | $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
42 | $application = new Application($kernel);
43 | $application->run($input);
44 |
--------------------------------------------------------------------------------
/bin/phpunit:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env php
2 | ['all' => true],
5 | Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
6 | Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
7 | Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true],
8 | Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
9 | Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
10 | Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
11 | Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
12 | Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
13 | Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true, 'test' => true],
14 | Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
15 | ];
16 |
--------------------------------------------------------------------------------
/config/packages/cache.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | cache:
3 | # Unique name of your app: used to compute stable namespaces for cache keys.
4 | #prefix_seed: your_vendor_name/app_name
5 |
6 | # The "app" cache stores to the filesystem by default.
7 | # The data in this cache should persist between deploys.
8 | # Other options include:
9 |
10 | # Redis
11 | #app: cache.adapter.redis
12 | #default_redis_provider: redis://localhost
13 |
14 | # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
15 | #app: cache.adapter.apcu
16 |
17 | # Namespaced pools use the above "app" backend by default
18 | #pools:
19 | #my.dedicated.cache: null
20 |
--------------------------------------------------------------------------------
/config/packages/dev/debug.yaml:
--------------------------------------------------------------------------------
1 | debug:
2 | # Forwards VarDumper Data clones to a centralized server allowing to inspect dumps on CLI or in your browser.
3 | # See the "server:dump" command to start a new server.
4 | dump_destination: "tcp://%env(VAR_DUMPER_SERVER)%"
5 |
--------------------------------------------------------------------------------
/config/packages/dev/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: stream
5 | path: "%kernel.logs_dir%/%kernel.environment%.log"
6 | level: debug
7 | channels: ["!event"]
8 | # uncomment to get logging in your browser
9 | # you may have to allow bigger header sizes in your Web server configuration
10 | #firephp:
11 | # type: firephp
12 | # level: info
13 | #chromephp:
14 | # type: chromephp
15 | # level: info
16 | console:
17 | type: console
18 | process_psr_3_messages: false
19 | channels: ["!event", "!doctrine", "!console"]
20 |
--------------------------------------------------------------------------------
/config/packages/dev/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler:
2 | toolbar: true
3 | intercept_redirects: false
4 |
5 | framework:
6 | profiler: { only_exceptions: false }
7 |
--------------------------------------------------------------------------------
/config/packages/doctrine.yaml:
--------------------------------------------------------------------------------
1 | doctrine:
2 | dbal:
3 | url: '%env(resolve:DATABASE_URL)%'
4 |
5 | # IMPORTANT: You MUST configure your server version,
6 | # either here or in the DATABASE_URL env var (see .env file)
7 | #server_version: '5.7'
8 | orm:
9 | auto_generate_proxy_classes: true
10 | naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
11 | auto_mapping: true
12 | mappings:
13 | App:
14 | is_bundle: false
15 | type: annotation
16 | dir: '%kernel.project_dir%/src/Entity'
17 | prefix: 'App\Entity'
18 | alias: App
19 |
--------------------------------------------------------------------------------
/config/packages/doctrine_migrations.yaml:
--------------------------------------------------------------------------------
1 | doctrine_migrations:
2 | migrations_paths:
3 | # namespace is arbitrary but should be different from App\Migrations
4 | # as migrations classes should NOT be autoloaded
5 | 'DoctrineMigrations': '%kernel.project_dir%/migrations'
6 |
--------------------------------------------------------------------------------
/config/packages/framework.yaml:
--------------------------------------------------------------------------------
1 | # see https://symfony.com/doc/current/reference/configuration/framework.html
2 | framework:
3 | secret: '%env(APP_SECRET)%'
4 | #csrf_protection: true
5 | #http_method_override: true
6 |
7 | # Enables session support. Note that the session will ONLY be started if you read or write from it.
8 | # Remove or comment this section to explicitly disable session support.
9 | session:
10 | handler_id: null
11 | cookie_secure: auto
12 | cookie_samesite: lax
13 |
14 | #esi: true
15 | #fragments: true
16 | php_errors:
17 | log: true
18 |
--------------------------------------------------------------------------------
/config/packages/mailer.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | mailer:
3 | dsn: '%env(MAILER_DSN)%'
4 |
--------------------------------------------------------------------------------
/config/packages/notifier.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | notifier:
3 | #chatter_transports:
4 | # slack: '%env(SLACK_DSN)%'
5 | # telegram: '%env(TELEGRAM_DSN)%'
6 | #texter_transports:
7 | # twilio: '%env(TWILIO_DSN)%'
8 | # nexmo: '%env(NEXMO_DSN)%'
9 | channel_policy:
10 | # use chat/slack, chat/telegram, sms/twilio or sms/nexmo
11 | urgent: ['email']
12 | high: ['email']
13 | medium: ['email']
14 | low: ['email']
15 | admin_recipients:
16 | - { email: admin@example.com }
17 |
--------------------------------------------------------------------------------
/config/packages/prod/deprecations.yaml:
--------------------------------------------------------------------------------
1 | # As of Symfony 5.1, deprecations are logged in the dedicated "deprecation" channel when it exists
2 | #monolog:
3 | # channels: [deprecation]
4 | # handlers:
5 | # deprecation:
6 | # type: stream
7 | # channels: [deprecation]
8 | # path: "%kernel.logs_dir%/%kernel.environment%.deprecations.log"
9 |
--------------------------------------------------------------------------------
/config/packages/prod/doctrine.yaml:
--------------------------------------------------------------------------------
1 | doctrine:
2 | orm:
3 | auto_generate_proxy_classes: false
4 | metadata_cache_driver:
5 | type: pool
6 | pool: doctrine.system_cache_pool
7 | query_cache_driver:
8 | type: pool
9 | pool: doctrine.system_cache_pool
10 | result_cache_driver:
11 | type: pool
12 | pool: doctrine.result_cache_pool
13 |
14 | framework:
15 | cache:
16 | pools:
17 | doctrine.result_cache_pool:
18 | adapter: cache.app
19 | doctrine.system_cache_pool:
20 | adapter: cache.system
21 |
--------------------------------------------------------------------------------
/config/packages/prod/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: fingers_crossed
5 | action_level: error
6 | handler: nested
7 | excluded_http_codes: [404, 405]
8 | buffer_size: 50 # How many messages should be saved? Prevent memory leaks
9 | nested:
10 | type: stream
11 | path: "%kernel.logs_dir%/%kernel.environment%.log"
12 | level: debug
13 | console:
14 | type: console
15 | process_psr_3_messages: false
16 | channels: ["!event", "!doctrine"]
17 |
--------------------------------------------------------------------------------
/config/packages/prod/routing.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | router:
3 | strict_requirements: null
4 |
--------------------------------------------------------------------------------
/config/packages/routing.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | router:
3 | utf8: true
4 |
5 | # Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
6 | # See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
7 | #default_uri: http://localhost
8 |
--------------------------------------------------------------------------------
/config/packages/security.yaml:
--------------------------------------------------------------------------------
1 | security:
2 | # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
3 | providers:
4 | users_in_memory: { memory: null }
5 | firewalls:
6 | dev:
7 | pattern: ^/(_(profiler|wdt)|css|images|js)/
8 | security: false
9 | main:
10 | anonymous: true
11 | lazy: true
12 | provider: users_in_memory
13 |
14 | # activate different ways to authenticate
15 | # https://symfony.com/doc/current/security.html#firewalls-authentication
16 |
17 | # https://symfony.com/doc/current/security/impersonating_user.html
18 | # switch_user: true
19 |
20 | # Easy way to control access for large sections of your site
21 | # Note: Only the *first* access control that matches will be used
22 | access_control:
23 | # - { path: ^/admin, roles: ROLE_ADMIN }
24 | # - { path: ^/profile, roles: ROLE_USER }
25 |
--------------------------------------------------------------------------------
/config/packages/sensio_framework_extra.yaml:
--------------------------------------------------------------------------------
1 | sensio_framework_extra:
2 | router:
3 | annotations: false
4 |
--------------------------------------------------------------------------------
/config/packages/test/framework.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | test: true
3 | session:
4 | storage_id: session.storage.mock_file
5 |
--------------------------------------------------------------------------------
/config/packages/test/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: fingers_crossed
5 | action_level: error
6 | handler: nested
7 | excluded_http_codes: [404, 405]
8 | channels: ["!event"]
9 | nested:
10 | type: stream
11 | path: "%kernel.logs_dir%/%kernel.environment%.log"
12 | level: debug
13 |
--------------------------------------------------------------------------------
/config/packages/test/twig.yaml:
--------------------------------------------------------------------------------
1 | twig:
2 | strict_variables: true
3 |
--------------------------------------------------------------------------------
/config/packages/test/validator.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | validation:
3 | not_compromised_password: false
4 |
--------------------------------------------------------------------------------
/config/packages/test/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler:
2 | toolbar: false
3 | intercept_redirects: false
4 |
5 | framework:
6 | profiler: { collect: false }
7 |
--------------------------------------------------------------------------------
/config/packages/translation.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | default_locale: en
3 | translator:
4 | default_path: '%kernel.project_dir%/translations'
5 | fallbacks:
6 | - en
7 |
--------------------------------------------------------------------------------
/config/packages/twig.yaml:
--------------------------------------------------------------------------------
1 | twig:
2 | default_path: '%kernel.project_dir%/templates'
3 |
--------------------------------------------------------------------------------
/config/packages/validator.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | validation:
3 | email_validation_mode: html5
4 |
5 | # Enables validator auto-mapping support.
6 | # For instance, basic validation constraints will be inferred from Doctrine's metadata.
7 | #auto_mapping:
8 | # App\Entity\: []
9 |
--------------------------------------------------------------------------------
/config/routes.yaml:
--------------------------------------------------------------------------------
1 | #index:
2 | # path: /
3 | # controller: App\Controller\DefaultController::index
4 |
--------------------------------------------------------------------------------
/config/routes/annotations.yaml:
--------------------------------------------------------------------------------
1 | controllers:
2 | resource: ../../src/Controller/
3 | type: annotation
4 |
5 | kernel:
6 | resource: ../../src/Kernel.php
7 | type: annotation
8 |
--------------------------------------------------------------------------------
/config/routes/dev/framework.yaml:
--------------------------------------------------------------------------------
1 | _errors:
2 | resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
3 | prefix: /_error
4 |
--------------------------------------------------------------------------------
/config/routes/dev/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler_wdt:
2 | resource: '@WebProfilerBundle/Resources/config/routing/wdt.xml'
3 | prefix: /_wdt
4 |
5 | web_profiler_profiler:
6 | resource: '@WebProfilerBundle/Resources/config/routing/profiler.xml'
7 | prefix: /_profiler
8 |
--------------------------------------------------------------------------------
/config/services.yaml:
--------------------------------------------------------------------------------
1 | # This file is the entry point to configure your own services.
2 | # Files in the packages/ subdirectory configure your dependencies.
3 |
4 | # Put parameters here that don't need to change on each machine where the app is deployed
5 | # https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
6 | parameters:
7 |
8 | services:
9 | # default configuration for services in *this* file
10 | _defaults:
11 | autowire: true # Automatically injects dependencies in your services.
12 | autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
13 |
14 | # makes classes in src/ available to be used as services
15 | # this creates a service per class whose id is the fully-qualified class name
16 | App\:
17 | resource: '../src/*'
18 | exclude: '../src/{DependencyInjection,Entity,Migrations,Tests,Kernel.php}'
19 |
20 | # controllers are imported separately to make sure services can be injected
21 | # as action arguments even if you don't extend any base controller class
22 | App\Controller\:
23 | resource: '../src/Controller'
24 | tags: ['controller.service_arguments']
25 |
26 | # add more service definitions when explicit configuration is needed
27 | # please note that last definitions always *replace* previous ones
28 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 | web:
4 | image: "spk_local/webserver:latest"
5 | ports:
6 | - "80:80"
7 | - "443:443"
8 | volumes:
9 | - .:/var/www/symfony-project-kickstart:cached
10 | environment:
11 | XDEBUG_CONFIG: "remote_host=host.docker.internal remote_enable=1"
12 | PHP_IDE_CONFIG: "serverName=my.local"
13 | db:
14 | image: "spk_local/dbserver:latest"
15 | ports:
16 | - "127.0.0.1:3306:3306"
17 |
--------------------------------------------------------------------------------
/migrations/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/migrations/.gitignore
--------------------------------------------------------------------------------
/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | tests
21 |
22 |
23 |
24 |
25 |
26 | src
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/public/.htaccess:
--------------------------------------------------------------------------------
1 | # Use the front controller as index file. It serves as a fallback solution when
2 | # every other rewrite/redirect fails (e.g. in an aliased environment without
3 | # mod_rewrite). Additionally, this reduces the matching process for the
4 | # start page (path "/") because otherwise Apache will apply the rewriting rules
5 | # to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
6 | DirectoryIndex index.php
7 |
8 | # By default, Apache does not evaluate symbolic links if you did not enable this
9 | # feature in your server configuration. Uncomment the following line if you
10 | # install assets as symlinks or if you experience problems related to symlinks
11 | # when compiling LESS/Sass/CoffeScript assets.
12 | # Options +FollowSymlinks
13 |
14 | # Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
15 | # to the front controller "/index.php" but be rewritten to "/index.php/index".
16 |
17 | Options -MultiViews
18 |
19 |
20 |
21 | RewriteEngine On
22 |
23 | # Determine the RewriteBase automatically and set it as environment variable.
24 | # If you are using Apache aliases to do mass virtual hosting or installed the
25 | # project in a subdirectory, the base path will be prepended to allow proper
26 | # resolution of the index.php file and to redirect to the correct URI. It will
27 | # work in environments without path prefix as well, providing a safe, one-size
28 | # fits all solution. But as you do not need it in this case, you can comment
29 | # the following 2 lines to eliminate the overhead.
30 | RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
31 | RewriteRule .* - [E=BASE:%1]
32 |
33 | # Sets the HTTP_AUTHORIZATION header removed by Apache
34 | RewriteCond %{HTTP:Authorization} .+
35 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
36 |
37 | # Redirect to URI without front controller to prevent duplicate content
38 | # (with and without `/index.php`). Only do this redirect on the initial
39 | # rewrite by Apache and not on subsequent cycles. Otherwise we would get an
40 | # endless redirect loop (request -> rewrite to front controller ->
41 | # redirect -> request -> ...).
42 | # So in case you get a "too many redirects" error or you always get redirected
43 | # to the start page because your Apache does not expose the REDIRECT_STATUS
44 | # environment variable, you have 2 choices:
45 | # - disable this feature by commenting the following 2 lines or
46 | # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
47 | # following RewriteCond (best solution)
48 | RewriteCond %{ENV:REDIRECT_STATUS} =""
49 | RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
50 |
51 | # If the requested filename exists, simply serve it.
52 | # We only want to let Apache serve files and not directories.
53 | # Rewrite all other queries to the front controller.
54 | RewriteCond %{REQUEST_FILENAME} !-f
55 | RewriteRule ^ %{ENV:BASE}/index.php [L]
56 |
57 |
58 |
59 |
60 | # When mod_rewrite is not available, we instruct a temporary redirect of
61 | # the start page to the front controller explicitly so that the website
62 | # and the generated links can still be used.
63 | RedirectMatch 307 ^/$ /index.php/
64 | # RedirectTemp cannot be used instead
65 |
66 |
67 |
--------------------------------------------------------------------------------
/public/index.php:
--------------------------------------------------------------------------------
1 | bootEnv(dirname(__DIR__).'/.env');
11 |
12 | if ($_SERVER['APP_DEBUG']) {
13 | umask(0000);
14 |
15 | Debug::enable();
16 | }
17 |
18 | if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
19 | Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
20 | }
21 |
22 | if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
23 | Request::setTrustedHosts([$trustedHosts]);
24 | }
25 |
26 | $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
27 | $request = Request::createFromGlobals();
28 | $response = $kernel->handle($request);
29 | $response->send();
30 | $kernel->terminate($request, $response);
31 |
--------------------------------------------------------------------------------
/src/Controller/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ninodafonte/symfony-kickstart-project/276fa35709f8f1126e0f14e20cea3f21e3cac6a4/src/Controller/.gitignore
--------------------------------------------------------------------------------
/src/Controller/MainController.php:
--------------------------------------------------------------------------------
1 | You made it!