Created
September 25, 2014 13:20
-
-
Save AV4TAr/d351da36a088005e4653 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # firewall | |
| - name: iptables rules in place | |
| when: not dev_instance | bool | |
| copy: src=iptables dest=/etc/sysconfig/iptables owner=root group=root mode=0644 | |
| notify: iptables is restarted | |
| - name: iptables service disabled and stopped | |
| when: dev_instance | bool | |
| service: name=iptables state=stopped enabled=no | |
| # httpd | |
| - name: httpd enabled on boot | |
| service: name=httpd enabled=yes | |
| - name: check if certificates already installed, if not copy fakes | |
| command: /usr/bin/test -e /etc/httpd/certs/{{ sitename }}.crt | |
| register: certs_in_place | |
| ignore_errors: True | |
| - file: path=/etc/httpd/certs state=directory owner=apache group=apache mode=0644 | |
| when: certs_in_place|failed | |
| - name: copy fake certificate key | |
| command: cp -f /etc/pki/tls/private/localhost.key /etc/httpd/certs/{{ sitename }}.key | |
| when: certs_in_place|failed | |
| notify: httpd is restarted | |
| - name: copy fake certificate | |
| command: cp -f /etc/pki/tls/certs/localhost.crt /etc/httpd/certs/{{ sitename }}.crt | |
| when: certs_in_place|failed | |
| notify: httpd is restarted | |
| - name: copy fake CA bundle | |
| command: cp -f /etc/pki/tls/certs/ca-bundle.crt /etc/httpd/certs/gd_bundle.crt | |
| when: certs_in_place|failed | |
| notify: httpd is restarted | |
| - name: php timezone is set | |
| lineinfile: dest=/etc/php.ini regexp="^;*date.timezone =" line="date.timezone = America/New_York" | |
| notify: httpd is restarted | |
| - name: ssl configuration in place | |
| template: src=ssl.conf.j2 dest=/etc/httpd/conf.d/ssl.conf owner=apache group=apache mode=0644 | |
| notify: httpd is restarted | |
| - name: vhost in place | |
| template: src=site.conf.j2 dest=/etc/httpd/conf.d/{{ sitename }}.conf owner=apache group=apache mode=0644 | |
| notify: httpd is restarted | |
| # database | |
| - name: mysql daemon is started and enabled on boot | |
| service: name=mysql state=started enabled=yes | |
| - name: database {{ systemuser }} is available | |
| mysql_db: name={{ mysql_database }} state=present | |
| - name: database {{ systemuser }} grants are in place | |
| mysql_user: name={{ mysql_user }} password={{ mysql_password }} priv={{ systemuser }}.*:ALL state=present | |
| # users | |
| - name: system user {{ systemuser }} is present | |
| user: name={{ systemuser }} comment="{{ systemuser }} website account" state=present home={{ basedir }} generate_ssh_key=yes | |
| #- name: system user {{ systemuser }} has private key in place | |
| # copy: src=deploy.key dest={{ basedir }}/.ssh/id_rsa owner={{ systemuser}} group={{ systemuser }} mode=0600 | |
| #- name: system user {{ systemuser }} has pub key in place | |
| # copy: src=deploy.pub dest={{ basedir }}/.ssh/id_rsa.pub owner={{ systemuser}} group={{ systemuser }} mode=0664 | |
| # app home | |
| - name: site home directory in place and has correct permissions | |
| file: path={{ basedir }} state=directory mode=0755 owner={{ systemuser }} group={{ systemuser }} | |
| - name: site releases directory in place and has correct permissions | |
| file: path={{ basedir }}/releases state=directory mode=0755 owner={{ systemuser }} group={{ systemuser }} | |
| - name: site log directory in place and has correct permissions | |
| file: path={{ basedir }}/log state=directory mode=0755 owner=apache group=apache | |
| - name: site shared directory in place and has correct permissions | |
| file: path={{ basedir }}/shared state=directory mode=0755 owner=apache group=apache | |
| # app deploy | |
| - name: get timestamp | |
| shell: echo $(date +%Y%m%d%H%M%S) | |
| register: timestamp | |
| sudo: no | |
| tags: deploy | |
| - name: source get | |
| git: repo={{ mainrepo }} dest=/tmp/{{ systemuser }}-{{ timestamp.stdout }} accept_hostkey=yes | |
| delegate_to: localhost | |
| sudo: no | |
| tags: deploy | |
| - name: run composer | |
| command: php composer.phar install chdir=/tmp/{{ systemuser }}-{{ timestamp.stdout }} | |
| delegate_to: localhost | |
| sudo: no | |
| tags: deploy | |
| #- name: run assetic | |
| # command: php public/index.php assetic build chdir=/tmp/{{ systemuser }}-{{ timestamp.stdout }} | |
| # delegate_to: localhost | |
| # sudo: no | |
| # tags: deploy | |
| - name: make tarball | |
| command: tar cfz /tmp/{{ systemuser }}-{{ timestamp.stdout }}.tar.gz -C /tmp/ {{ systemuser }}-{{ timestamp.stdout }} | |
| delegate_to: localhost | |
| sudo: no | |
| tags: deploy | |
| - name: transfer tarball | |
| copy: src=/tmp/{{ systemuser }}-{{ timestamp.stdout }}.tar.gz dest={{ basedir }}/releases | |
| tags: deploy | |
| - name: decompress tarball | |
| command: tar xfz {{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }}.tar.gz -C {{ basedir }}/releases | |
| sudo_user: "{{ systemuser }}" | |
| tags: deploy | |
| - name: current symlink to actual deploy dir | |
| file: src={{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }} dest={{ basedir }}/current state=link owner={{ systemuser }} | |
| tags: deploy | |
| - name: check if local.php already installed in shared/ | |
| command: /usr/bin/test -e {{ basedir }}/shared/local.php | |
| register: localphp_in_place | |
| ignore_errors: True | |
| tags: deploy | |
| - name: symlink htpasswd | |
| file: src={{ basedir }}/htpasswd state=link dest={{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }}/data/htpasswd owner={{ systemuser }} force=yes | |
| tags: deploy | |
| - name: copy default local.php (if needed) | |
| command: cp -f {{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }}/config/autoload/local.php.dist {{ basedir }}/shared/local.php | |
| when: localphp_in_place|failed | |
| tags: deploy | |
| - name: symlink shared/config/autoload/local.php to deploy dir | |
| file: src={{ basedir }}/shared/local.php dest={{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }}/config/autoload/local.php state=link owner={{ systemuser }} | |
| tags: deploy | |
| - name: run Doctrine Migrations | |
| command: php public/index.php migrations:migrate -n | |
| args: | |
| chdir: "{{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }}" | |
| tags: deploy | |
| - name: run assetic | |
| command: php public/index.php assetic build chdir={{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }} | |
| sudo_user: "{{ systemuser }}" | |
| tags: deploy | |
| - name: run zf2perms.sh to fix standard ZendFramework2 CLI & Apache writable directories | |
| script: zf2perms.sh {{ systemuser }} {{ basedir }}/releases/{{ systemuser }}-{{ timestamp.stdout }} | |
| tags: deploy | |
| - name: cron generate_view_projects in place | |
| template: src=generate_view_projects_cron.j2 dest=/etc/cron.d/{{ sitename }}_generate_view_projects | |
| tags: deploy | |
| - name: cleanup any old deploy tarball | |
| shell: rm -f {{ basedir }}/releases/{{ systemuser }}-*.tar.gz | |
| tags: deploy | |
| - name: cleanup older deploys | |
| shell: ls -1d {{ basedir }}/releases/{{ systemuser }}-* | head -n -5 | xargs rm -rf | |
| tags: deploy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment