-
-
Save francescor/30a60817c18c7bb2a398 to your computer and use it in GitHub Desktop.
Initialize an eZ Publish demo environment using Ansible and Vagrant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: front | |
| sudo: yes | |
| roles: | |
| #- GMaissa.ezpublish5 | |
| - francescor.ezpublish5 | |
| - kosssi.composer | |
| tasks: | |
| - name: Debian | Disable default vhost | |
| shell: a2dissite default | |
| notify: Restart Apache | |
| when: ansible_os_family == "Debian" | |
| ignore_errors: yes | |
| - name: Install eZ Publish dependencies | |
| #shell: SYMFONY_ENV={{ ezpublish_environment }} composer install -n | |
| shell: SYMFONY_ENV={{ ezpublish_environment }} composer install -n --no-dev | |
| args: | |
| chdir: "{{ ezpublish_apache_vhost.root }}" | |
| - name: Dump eZ Publish assets on none prod environments | |
| shell: php ezpublish/console assetic:dump --env={{ ezpublish_environment }} -n | |
| args: | |
| chdir: "{{ ezpublish_apache_vhost.root }}" | |
| when: ezpublish_environment != 'prod' | |
| - name: Fix permissions on ezpublish dirs | |
| file: path={{ ezpublish_apache_vhost.root }}/{{ item }} | |
| group={{ ezpublish_apache.group }} | |
| state=directory | |
| mode=0775 | |
| recurse=yes | |
| with_items: | |
| - ezpublish/cache | |
| - ezpublish/config | |
| - ezpublish/logs | |
| - ezpublish_legacy/design | |
| - ezpublish_legacy/extension | |
| - ezpublish_legacy/settings | |
| - name: fix permissions on legacy var dir | |
| file: path={{ ezpublish_apache_vhost.root }}/ezpublish_legacy/var | |
| owner={{ ezpublish_apache.user }} | |
| group={{ ezpublish_apache.group }} | |
| state=directory | |
| mode=0775 | |
| recurse=yes | |
| #- name: Set php session save handler | |
| # replace: dest={{ ezpublish_php_apache_ini_path }}/php.ini | |
| # regexp='session.save_handler =.*' | |
| # replace='session.save_handler=memcached' | |
| # notify: Restart Apache | |
| #- name: Set php session save path | |
| # replace: dest={{ ezpublish_php_apache_ini_path }}/php.ini | |
| # regexp=';session.save_path =.*' | |
| # replace='session.save_path="127.0.0.1:11211"' | |
| # notify: Restart Apache | |
| vars: | |
| # eZ Publish configuration | |
| ezpublish_apache_port: 80 | |
| ezpublish_apache_vhost: | |
| filename: ezpublish.conf | |
| enabled: yes | |
| listen: '*:80' | |
| root: /var/www/ezpublish | |
| name: ezpublish.local | |
| aliases: | |
| - bo.ezpublish.local | |
| ezpublish_trusted_proxies: 127.0.0.1 | |
| ezpublish_environment: dev | |
| ezpublish_debug_mode: 1 | |
| ezpublish_download: true | |
| ezpublish_version: v2014.11.1 | |
| # mia aggiunta | |
| ezpublish_php_apache_ini_path: /etc/php5/apache2 | |
| # Composer configuration | |
| #composer_github_oauth: YOUR_GITHUB_TOKEN | |
| - hosts: database | |
| sudo: yes | |
| roles: | |
| - geerlingguy.mysql | |
| vars: | |
| # MySQL configuration | |
| mysql_bind_address: '127.0.0.1' | |
| mysql_server_id: "" | |
| mysql_innodb_log_file_size: "5M" | |
| mysql_databases: | |
| - name: ez_test | |
| encoding: utf8 | |
| collation: latin1_general_ci | |
| collation: utf8_general_ci | |
| mysql_users: | |
| - name: ezpublish | |
| host: "localhost" | |
| password: ezpublish | |
| priv: "ez_test.*:ALL" | |
| #- hosts: reverseproxy | |
| # sudo: yes | |
| # roles: | |
| # - geerlingguy.varnish | |
| # vars: | |
| # # Varnish configuration | |
| # varnish_default_vcl_template_path: varnish-4.vcl.j2 | |
| # varnish_storage: "malloc,256M" | |
| # varnish_backends: | |
| # ezpublish: | |
| # host: 127.0.0.1 | |
| # port: 81 | |
| # | |
| # | |
| #- hosts: cache | |
| # sudo: yes | |
| # roles: | |
| # - GMaissa.common | |
| # vars: | |
| # common_packages: | |
| # - memcached |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: front | |
| sudo: yes | |
| roles: | |
| - GMaissa.ezpublish5 | |
| - kosssi.composer | |
| tasks: | |
| - name: Debian | Disable default vhost | |
| shell: a2dissite default | |
| notify: Restart Apache | |
| when: ansible_os_family == "Debian" | |
| ignore_errors: yes | |
| - name: Install eZ Publish dependencies | |
| shell: SYMFONY_ENV={{ ezpublish_environment }} composer install -n | |
| args: | |
| chdir: "{{ ezpublish_apache_vhost.root }}" | |
| - name: Dump eZ Publish assets on none prod environments | |
| shell: php ezpublish/console assetic:dump --env={{ ezpublish_environment }} -n | |
| args: | |
| chdir: "{{ ezpublish_apache_vhost.root }}" | |
| when: ezpublish_environment != 'prod' | |
| - name: Fix permissions on ezpublish dirs | |
| file: path={{ ezpublish_apache_vhost.root }}/{{ item }} | |
| group={{ ezpublish_apache.group }} | |
| state=directory | |
| mode=0775 | |
| recurse=yes | |
| with_items: | |
| - ezpublish/cache | |
| - ezpublish/config | |
| - ezpublish/logs | |
| - ezpublish_legacy/design | |
| - ezpublish_legacy/extension | |
| - ezpublish_legacy/settings | |
| - name: fix permissions on legacy var dir | |
| file: path={{ ezpublish_apache_vhost.root }}/ezpublish_legacy/var | |
| owner={{ ezpublish_apache.user }} | |
| group={{ ezpublish_apache.group }} | |
| state=directory | |
| mode=0775 | |
| recurse=yes | |
| - name: Set php session save handler | |
| replace: dest={{ ezpublish_php_apache_ini_path }}/php.ini | |
| regexp='session.save_handler =.*' | |
| replace='session.save_handler=memcached' | |
| notify: Restart Apache | |
| - name: Set php session save path | |
| replace: dest={{ ezpublish_php_apache_ini_path }}/php.ini | |
| regexp=';session.save_path =.*' | |
| replace='session.save_path="127.0.0.1:11211"' | |
| notify: Restart Apache | |
| vars: | |
| # eZ Publish configuration | |
| ezpublish_apache_port: 81 | |
| ezpublish_apache_vhost: | |
| filename: ezpublish.conf | |
| enabled: yes | |
| listen: '*:81' | |
| root: /var/www/ezpublish | |
| name: ezpublish.local | |
| aliases: | |
| - bo.ezpublish.local | |
| ezpublish_trusted_proxies: 127.0.0.1 | |
| ezpublish_environment: dev | |
| ezpublish_debug_mode: 1 | |
| ezpublish_download: true | |
| ezpublish_version: v2014.11.1 | |
| # Composer configuration | |
| #composer_github_oauth: YOUR_GITHUB_TOKEN | |
| - hosts: database | |
| sudo: yes | |
| roles: | |
| - geerlingguy.mysql | |
| vars: | |
| # MySQL configuration | |
| mysql_bind_address: '127.0.0.1' | |
| mysql_server_id: "" | |
| mysql_innodb_log_file_size: "5M" | |
| mysql_databases: | |
| - name: ez_test | |
| encoding: utf8 | |
| collation: latin1_general_ci | |
| collation: utf8_general_ci | |
| mysql_users: | |
| - name: ezpublish | |
| host: "localhost" | |
| password: ezpublish | |
| priv: "ez_test.*:ALL" | |
| - hosts: reverseproxy | |
| sudo: yes | |
| roles: | |
| - geerlingguy.varnish | |
| vars: | |
| # Varnish configuration | |
| varnish_default_vcl_template_path: varnish-4.vcl.j2 | |
| varnish_storage: "malloc,256M" | |
| varnish_backends: | |
| ezpublish: | |
| host: 127.0.0.1 | |
| port: 81 | |
| - hosts: cache | |
| sudo: yes | |
| roles: | |
| - GMaissa.common | |
| vars: | |
| common_packages: | |
| - memcached |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - src: https://github.com/GMaissa/ansible-role-common | |
| version: master | |
| name: GMaissa.common | |
| #- src: https://github.com/GMaissa/ansible-role-ezpublish5 | |
| - src: https://github.com/francescor/ansible-role-ezpublish5 | |
| version: master | |
| name: francescor.ezpublish5 | |
| - src: kosssi.composer | |
| - src: geerlingguy.varnish | |
| - src: geerlingguy.mysql |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - src: https://github.com/GMaissa/ansible-role-common | |
| version: master | |
| name: GMaissa.common | |
| - src: https://github.com/GMaissa/ansible-role-ezpublish5 | |
| version: master | |
| name: GMaissa.ezpublish5 | |
| - src: kosssi.composer | |
| - src: geerlingguy.varnish | |
| - src: geerlingguy.mysql |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! | |
| VAGRANTFILE_API_VERSION = "2" | |
| Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| | |
| # Debian test box | |
| config.vm.box = "puphpet/debian75-x64" | |
| config.hostmanager.enabled = true | |
| config.hostmanager.manage_host = true | |
| config.hostmanager.ignore_private_ip = false | |
| config.hostmanager.include_offline = true | |
| config.vm.define 'ezpublish' do |ez| | |
| ez.vm.hostname = 'ezpublish.local' | |
| ez.vm.network :private_network, ip: '192.168.56.191' | |
| ez.vm.provision "ansible" do |ansible| | |
| ansible.groups = { | |
| "front" => ["ezpublish"], | |
| "database" => ["ezpublish"], | |
| "reverseproxy" => ["ezpublish"], | |
| "cache" => ["ezpublish"], | |
| } | |
| ansible.playbook = "playbook.yml" | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! | |
| VAGRANTFILE_API_VERSION = "2" | |
| Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| | |
| # Debian test box | |
| config.vm.box = "puphpet/debian75-x64" | |
| config.hostmanager.enabled = true | |
| config.hostmanager.manage_host = true | |
| config.hostmanager.ignore_private_ip = false | |
| config.hostmanager.include_offline = true | |
| config.vm.define 'ezpublish' do |ez| | |
| ez.vm.hostname = 'ezpublish.local' | |
| ez.vm.network :private_network, ip: '192.168.56.191' | |
| ez.vm.provision "ansible" do |ansible| | |
| ansible.groups = { | |
| "front" => ["ezpublish"], | |
| "database" => ["ezpublish"], | |
| "reverseproxy" => ["ezpublish"], | |
| "cache" => ["ezpublish"], | |
| } | |
| ansible.playbook = "playbook.yml" | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Varnish 4 style - eZ 5.4+ / 2014.09+ | |
| // Complete VCL example | |
| vcl 4.0; | |
| // Our Backend - Assuming that web server is listening on port 80 | |
| // Replace the host to fit your setup | |
| {% for key, value in varnish_backends.iteritems() %} | |
| backend {{ key }} { | |
| .host = "{{ value.host }}"; | |
| .port = "{{ value.port }}"; | |
| } | |
| {% endfor %} | |
| // ACL for invalidators IP | |
| acl invalidators { | |
| "127.0.0.1"; | |
| "192.168.56.0"/16; | |
| } | |
| // ACL for debuggers IP | |
| acl debuggers { | |
| "127.0.0.1"; | |
| "192.168.56.0"/16; | |
| } | |
| import directors; | |
| sub vcl_init { | |
| new ezbacks = directors.round_robin(); | |
| {% for key, value in varnish_backends.iteritems() %} | |
| ezbacks.add_backend({{ key }}); | |
| {% endfor%} | |
| } | |
| // Called at the beginning of a request, after the complete request has been received | |
| sub vcl_recv { | |
| // Set the backend | |
| set req.backend_hint = ezbacks.backend(); | |
| // Advertise Symfony for ESI support | |
| set req.http.Surrogate-Capability = "abc=ESI/1.0"; | |
| // Add a unique header containing the client address (only for master request) | |
| // Please note that /_fragment URI can change in Symfony configuration | |
| if (!req.url ~ "^/_fragment") { | |
| if (req.http.x-forwarded-for) { | |
| set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; | |
| } else { | |
| set req.http.X-Forwarded-For = client.ip; | |
| } | |
| } | |
| // Trigger cache purge if needed | |
| call ez_purge; | |
| // Don't cache requests other than GET and HEAD. | |
| if (req.method != "GET" && req.method != "HEAD") { | |
| return (pass); | |
| } | |
| // Normalize the Accept-Encoding headers | |
| if (req.http.Accept-Encoding) { | |
| if (req.http.Accept-Encoding ~ "gzip") { | |
| set req.http.Accept-Encoding = "gzip"; | |
| } elsif (req.http.Accept-Encoding ~ "deflate") { | |
| set req.http.Accept-Encoding = "deflate"; | |
| } else { | |
| unset req.http.Accept-Encoding; | |
| } | |
| } | |
| // Don't cache Authenticate & Authorization | |
| // You may remove this when using REST API with basic auth. | |
| if (req.http.Authenticate || req.http.Authorization) { | |
| if (client.ip ~ debuggers) { | |
| set req.http.X-Debug = "Not Cached according to configuration (Authorization)"; | |
| } | |
| return (hash); | |
| } | |
| // Do a standard lookup on assets | |
| // Note that file extension list below is not extensive, so consider completing it to fit your needs. | |
| if (req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") { | |
| return (hash); | |
| } | |
| // Retrieve client user hash and add it to the forwarded request. | |
| call ez_user_hash; | |
| // If it passes all these tests, do a lookup anyway. | |
| return (hash); | |
| } | |
| // Called when the requested object has been retrieved from the backend | |
| sub vcl_backend_response { | |
| if (bereq.http.accept ~ "application/vnd.fos.user-context-hash" | |
| && beresp.status >= 500 | |
| ) { | |
| return (abandon); | |
| } | |
| // Optimize to only parse the Response contents from Symfony | |
| if (beresp.http.Surrogate-Control ~ "ESI/1.0") { | |
| unset beresp.http.Surrogate-Control; | |
| set beresp.do_esi = true; | |
| } | |
| // Allow stale content, in case the backend goes down or cache is not fresh any more | |
| // make Varnish keep all objects for 1 hours beyond their TTL | |
| set beresp.grace = 1h; | |
| } | |
| // Handle purge | |
| // You may add FOSHttpCacheBundle tagging rules | |
| // See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 | |
| sub ez_purge { | |
| if (req.method == "BAN") { | |
| if (!client.ip ~ invalidators) { | |
| return (synth(405, "Method not allowed")); | |
| } | |
| if (req.http.X-Location-Id) { | |
| ban("obj.http.X-Location-Id ~ " + req.http.X-Location-Id); | |
| if (client.ip ~ debuggers) { | |
| set req.http.X-Debug = "Ban done for content connected to LocationId " + req.http.X-Location-Id; | |
| } | |
| return (synth(200, "Banned")); | |
| } | |
| } | |
| } | |
| // Sub-routine to get client user hash, for context-aware HTTP cache. | |
| sub ez_user_hash { | |
| // Prevent tampering attacks on the hash mechanism | |
| if (req.restarts == 0 | |
| && (req.http.accept ~ "application/vnd.fos.user-context-hash" | |
| || req.http.x-user-hash | |
| ) | |
| ) { | |
| return (synth(400)); | |
| } | |
| if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) { | |
| // Anonymous user => Set a hardcoded anonymous hash | |
| if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { | |
| set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; | |
| } | |
| // Pre-authenticate request to get shared cache, even when authenticated | |
| else { | |
| set req.http.x-fos-original-url = req.url; | |
| set req.http.x-fos-original-accept = req.http.accept; | |
| set req.http.x-fos-original-cookie = req.http.cookie; | |
| // Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. | |
| set req.http.cookie = ";" + req.http.cookie; | |
| set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); | |
| set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); | |
| set req.http.cookie = regsuball(req.http.cookie, ";[^ ][^;]*", ""); | |
| set req.http.cookie = regsuball(req.http.cookie, "^[; ]+|[; ]+$", ""); | |
| set req.http.accept = "application/vnd.fos.user-context-hash"; | |
| set req.url = "/_fos_user_context_hash"; | |
| // Force the lookup, the backend must tell how to cache/vary response containing the user hash | |
| return (hash); | |
| } | |
| } | |
| // Rebuild the original request which now has the hash. | |
| if (req.restarts > 0 | |
| && req.http.accept == "application/vnd.fos.user-context-hash" | |
| ) { | |
| set req.url = req.http.x-fos-original-url; | |
| set req.http.accept = req.http.x-fos-original-accept; | |
| set req.http.cookie = req.http.x-fos-original-cookie; | |
| unset req.http.x-fos-original-url; | |
| unset req.http.x-fos-original-accept; | |
| unset req.http.x-fos-original-cookie; | |
| // Force the lookup, the backend must tell not to cache or vary on the | |
| // user hash to properly separate cached data. | |
| return (hash); | |
| } | |
| } | |
| sub vcl_deliver { | |
| // On receiving the hash response, copy the hash header to the original | |
| // request and restart. | |
| if (req.restarts == 0 | |
| && resp.http.content-type ~ "application/vnd.fos.user-context-hash" | |
| ) { | |
| set req.http.x-user-hash = resp.http.x-user-hash; | |
| return (restart); | |
| } | |
| // If we get here, this is a real response that gets sent to the client. | |
| // Remove the vary on context user hash, this is nothing public. Keep all | |
| // other vary headers. | |
| set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *x-user-hash *", ""); | |
| set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); | |
| if (resp.http.Vary == "") { | |
| unset resp.http.Vary; | |
| } | |
| // Sanity check to prevent ever exposing the hash to a client. | |
| unset resp.http.x-user-hash; | |
| if (client.ip ~ debuggers) { | |
| if (obj.hits > 0) { | |
| set resp.http.X-Cache = "HIT"; | |
| set resp.http.X-Cache-Hits = obj.hits; | |
| } else { | |
| set resp.http.X-Cache = "MISS"; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original from https://gist.github.com/GMaissa/653a5110a6b4a4200d27 and, as stated there:
Be sure to install required roles with the command :
And to configure your github token in the playbook, to complete eZ Publish dependencies installation with composer :
Composer configuration
composer_github_oauth: YOUR_GITHUB_TOKEN