From dc5ce0509429059e2a667a654b51beb4419b9c91 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 12 Nov 2022 14:43:59 +0100 Subject: [PATCH 01/10] deploy web wip --- ansible.cfg | 5 ----- hosts | 2 -- inventory/host_vars/vps-host | 12 ++++++++++++ inventory/hosts | 1 + roles/deploy-web/tasks/main.yml | 32 ++++++++++++++++++-------------- 5 files changed, 31 insertions(+), 21 deletions(-) delete mode 100644 ansible.cfg delete mode 100644 hosts create mode 100644 inventory/host_vars/vps-host create mode 100644 inventory/hosts diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index c57b7bd..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,5 +0,0 @@ -[defaults] -remote_user = admloc -private_key_file = /home/provisioner/.ssh/id_rsa_toolbox -inventory = hosts - diff --git a/hosts b/hosts deleted file mode 100644 index 3f15b41..0000000 --- a/hosts +++ /dev/null @@ -1,2 +0,0 @@ -centos-test ansible_connection=ssh ansible_host=1.1.110.25 - diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host new file mode 100644 index 0000000..3284deb --- /dev/null +++ b/inventory/host_vars/vps-host @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.1;AES256 +39343765633561393532373365313435383266313661663666643731356262633063643761633662 +3732306165616334373164303133336565343939643939330a353635613432313230356237306330 +39653132363064323961396162383563303334323930396338303566656632663666626337303662 +3338323062366239650a366338346462363565343735643930663338376537343962656534393732 +36363331353832626261656461636636613332643964336634353963313332356366663739363238 +65356661333639313666383931323363306165643038653164313939376637386666303661363737 +63386466373961623736656635633433333461353435646336323738636334353337313535333663 +30356236363561613630666465663464383965376162653164613431616336336466316330376430 +61396238626364656461666163623234316533663234613931623138376564303236633163626337 +66303734346561613636353239646461626439303537393265353532323233656536663362636164 +656534363934393039623035656335353839 diff --git a/inventory/hosts b/inventory/hosts new file mode 100644 index 0000000..f217535 --- /dev/null +++ b/inventory/hosts @@ -0,0 +1 @@ +vps-host ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index c22b340..9acb1a8 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -1,25 +1,29 @@ --- # tasks file for deploy-web -- name: debug local + +- name: git archive {{ item }} local_action: module: git - repo: "git@gitlab.secu.pcc:descartes/isr-inventory.git" - dest: "/home/provisioner/src/isr-inventory" - archive: "/tmp/isr-inventory.tar.gz" + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ item }}.tar.gz" force: yes - track_submodules: yes update: yes - key_file: "/home/provisioner/.ssh/id_rsa_toolbox" - run_once: True - become: yes - become_user: provisioner + with_items: "{{ project_name }}" + when: "project_name is defined" -- name: Create directory + +- name: Create directory {{ item }} file: - path: "/home/admloc/isr-inventory" + path: "/var/www/{{ item }}" state: directory + with_items: "{{ project_name }}" + when: "project_name is defined" -- name: Extract repo isr + +- name: Extract repo {{ item }} unarchive: - src: "/tmp/isr-inventory.tar.gz" - dest: "/home/admloc/isr-inventory" + src: "/tmp/{{ item }}.tar.gz" + dest: "/var/www/{{ item }}" + with_items: "{{ project_name }}" + when: "project_name is defined" From 7509c69283220b8313cc0935cb973030bf2243be Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 12 Nov 2022 15:25:20 +0100 Subject: [PATCH 02/10] finish unarchive git project --- roles/deploy-web/tasks/main.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index 9acb1a8..36922af 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -4,7 +4,7 @@ - name: git archive {{ item }} local_action: module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item }}.git" dest: "/home/valentin/src/" archive: "/tmp/{{ item }}.tar.gz" force: yes @@ -17,13 +17,27 @@ file: path: "/var/www/{{ item }}" state: directory + owner: www-data + group: www-data + mode: '500' with_items: "{{ project_name }}" when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" - name: Extract repo {{ item }} unarchive: src: "/tmp/{{ item }}.tar.gz" dest: "/var/www/{{ item }}" + owner: www-data + group: www-data + mode: '500' with_items: "{{ project_name }}" when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" From 11d49e0ccbf2a377df9fb0a5e8000391d6c036e7 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 12 Nov 2022 15:26:32 +0100 Subject: [PATCH 03/10] change name playbook --- deploy.yml => playbook.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deploy.yml => playbook.yml (100%) diff --git a/deploy.yml b/playbook.yml similarity index 100% rename from deploy.yml rename to playbook.yml From a647946652f3167462e93739f578d005d5e97d26 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 12 Nov 2022 15:30:59 +0100 Subject: [PATCH 04/10] add stages --- roles/deploy-web/tasks/deploy.yml | 43 +++++++++++++++++++++++++++++ roles/deploy-web/tasks/main.yml | 46 ++----------------------------- 2 files changed, 46 insertions(+), 43 deletions(-) create mode 100644 roles/deploy-web/tasks/deploy.yml diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml new file mode 100644 index 0000000..36922af --- /dev/null +++ b/roles/deploy-web/tasks/deploy.yml @@ -0,0 +1,43 @@ +--- +# tasks file for deploy-web + +- name: git archive {{ item }} + local_action: + module: git + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ item }}.tar.gz" + force: yes + update: yes + with_items: "{{ project_name }}" + when: "project_name is defined" + + +- name: Create directory {{ item }} + file: + path: "/var/www/{{ item }}" + state: directory + owner: www-data + group: www-data + mode: '500' + with_items: "{{ project_name }}" + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: Extract repo {{ item }} + unarchive: + src: "/tmp/{{ item }}.tar.gz" + dest: "/var/www/{{ item }}" + owner: www-data + group: www-data + mode: '500' + with_items: "{{ project_name }}" + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index 36922af..d90f8d8 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -1,43 +1,3 @@ ---- -# tasks file for deploy-web - -- name: git archive {{ item }} - local_action: - module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item }}.git" - dest: "/home/valentin/src/" - archive: "/tmp/{{ item }}.tar.gz" - force: yes - update: yes - with_items: "{{ project_name }}" - when: "project_name is defined" - - -- name: Create directory {{ item }} - file: - path: "/var/www/{{ item }}" - state: directory - owner: www-data - group: www-data - mode: '500' - with_items: "{{ project_name }}" - when: "project_name is defined" - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - - -- name: Extract repo {{ item }} - unarchive: - src: "/tmp/{{ item }}.tar.gz" - dest: "/var/www/{{ item }}" - owner: www-data - group: www-data - mode: '500' - with_items: "{{ project_name }}" - when: "project_name is defined" - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" +- name: Deploy project_name + import_tasks: deploy.yml + tags: ["deploy"] \ No newline at end of file From 1996945eb480eba15e9e96ff3abc5faedfe36c7c Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 12 Nov 2022 20:45:00 +0100 Subject: [PATCH 05/10] add destroy web project --- roles/deploy-web/tasks/deploy.yml | 16 +++++++++------- roles/deploy-web/tasks/destroy.yml | 21 +++++++++++++++++++++ roles/deploy-web/tasks/main.yml | 9 +++++++-- 3 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 roles/deploy-web/tasks/destroy.yml diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml index 36922af..cee6220 100644 --- a/roles/deploy-web/tasks/deploy.yml +++ b/roles/deploy-web/tasks/deploy.yml @@ -1,7 +1,6 @@ ---- # tasks file for deploy-web -- name: git archive {{ item }} +- name: "git archive {{ item }}" local_action: module: git repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item }}.git" @@ -9,18 +8,20 @@ archive: "/tmp/{{ item }}.tar.gz" force: yes update: yes - with_items: "{{ project_name }}" + with_items: + - "{{ project_name }}" when: "project_name is defined" -- name: Create directory {{ item }} +- name: "Create directory {{ item }}" file: path: "/var/www/{{ item }}" state: directory owner: www-data group: www-data mode: '500' - with_items: "{{ project_name }}" + with_items: + - "{{ project_name }}" when: "project_name is defined" vars: ansible_become: yes @@ -28,14 +29,15 @@ ansible_become_password: "{{ sudo_password }}" -- name: Extract repo {{ item }} +- name: "Extract repo {{ item }}" unarchive: src: "/tmp/{{ item }}.tar.gz" dest: "/var/www/{{ item }}" owner: www-data group: www-data mode: '500' - with_items: "{{ project_name }}" + with_items: + - "{{ project_name }}" when: "project_name is defined" vars: ansible_become: yes diff --git a/roles/deploy-web/tasks/destroy.yml b/roles/deploy-web/tasks/destroy.yml new file mode 100644 index 0000000..1479bfa --- /dev/null +++ b/roles/deploy-web/tasks/destroy.yml @@ -0,0 +1,21 @@ +- name: "Remove all directories" + file: + path: "/var/www/{{ item }}" + state: absent + with_items: + - "{{ project_name }}" + when: "project_name is defined and project is not defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "Remove single directory" + file: + path: "/var/www/{{ project }}" + state: absent + when: "project is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index d90f8d8..22d0e52 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -1,3 +1,8 @@ -- name: Deploy project_name +- name: Deploy project web import_tasks: deploy.yml - tags: ["deploy"] \ No newline at end of file + tags: ["deploy"] + + +- name: Destrpy project web + import_tasks: destroy.yml + tags: ["destroy"] \ No newline at end of file From 1e3e08b555af07ee4bf08b24d7b616143cf55a72 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 19 Dec 2022 23:46:55 +0100 Subject: [PATCH 06/10] change variable --- inventory/host_vars/vps-host | 23 ++++++++++++----------- roles/deploy-web/tasks/deploy.yml | 27 ++++++++++++++------------- roles/deploy-web/tasks/destroy.yml | 10 +++++----- 3 files changed, 31 insertions(+), 29 deletions(-) diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index 3284deb..bd6ad10 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,12 +1,13 @@ $ANSIBLE_VAULT;1.1;AES256 -39343765633561393532373365313435383266313661663666643731356262633063643761633662 -3732306165616334373164303133336565343939643939330a353635613432313230356237306330 -39653132363064323961396162383563303334323930396338303566656632663666626337303662 -3338323062366239650a366338346462363565343735643930663338376537343962656534393732 -36363331353832626261656461636636613332643964336634353963313332356366663739363238 -65356661333639313666383931323363306165643038653164313939376637386666303661363737 -63386466373961623736656635633433333461353435646336323738636334353337313535333663 -30356236363561613630666465663464383965376162653164613431616336336466316330376430 -61396238626364656461666163623234316533663234613931623138376564303236633163626337 -66303734346561613636353239646461626439303537393265353532323233656536663362636164 -656534363934393039623035656335353839 +31613733363838323034373330363534363737373764653261366361376236333563646233336163 +3465613439303661373361663964343338376261323566640a373837646263383965343831306438 +62643130316366653865643438343630306439326431396339623635363630343164366530373464 +3736333430616261320a376138643533393365326330316634393437393763363566373239626532 +61323331633030316438313563616164366335643331393536666134653339363639393033633935 +34616439383165633035373764386439653336383837653933356439363866373432303364353864 +65653439353538376633653666643765333730363634383361346137623432343939346266383362 +34373638356462353066623930653766353331353936656133636230613264353933616161643139 +64626639343863373933633963633861333739396361323636303535376336663832326261383535 +64623266653562393664323330366564643437383532663163386535643835653362346339653236 +35656339396633356530333266666439373561356133343164643138353230353334373731323861 +33393432363632653333 diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml index cee6220..3cafaa2 100644 --- a/roles/deploy-web/tasks/deploy.yml +++ b/roles/deploy-web/tasks/deploy.yml @@ -3,42 +3,43 @@ - name: "git archive {{ item }}" local_action: module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item }}.git" + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item.name }}.git" dest: "/home/valentin/src/" - archive: "/tmp/{{ item }}.tar.gz" + archive: "/tmp/{{ item.name }}.tar.gz" force: yes update: yes + when: "item.name is defined" with_items: - - "{{ project_name }}" - when: "project_name is defined" + - "{{ project }}" + -- name: "Create directory {{ item }}" +- name: "Create directory " file: - path: "/var/www/{{ item }}" + path: "/var/www/{{ item.name }}" state: directory owner: www-data group: www-data mode: '500' + when: "item.name is defined" with_items: - - "{{ project_name }}" - when: "project_name is defined" + - "{{ project }}" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: "Extract repo {{ item }}" +- name: "Extract repo " unarchive: - src: "/tmp/{{ item }}.tar.gz" - dest: "/var/www/{{ item }}" + src: "/tmp/{{ item.name }}.tar.gz" + dest: "/var/www/{{ item.name }}" owner: www-data group: www-data mode: '500' + when: "item.name is defined" with_items: - - "{{ project_name }}" - when: "project_name is defined" + - "{{ project }}" vars: ansible_become: yes ansible_become_method: sudo diff --git a/roles/deploy-web/tasks/destroy.yml b/roles/deploy-web/tasks/destroy.yml index 1479bfa..6907e6f 100644 --- a/roles/deploy-web/tasks/destroy.yml +++ b/roles/deploy-web/tasks/destroy.yml @@ -1,10 +1,10 @@ - name: "Remove all directories" file: - path: "/var/www/{{ item }}" + path: "/var/www/{{ item.name }}" state: absent + when: "item.name is defined and project_name is not defined" with_items: - - "{{ project_name }}" - when: "project_name is defined and project is not defined" + - "{{ project }}" vars: ansible_become: yes ansible_become_method: sudo @@ -12,9 +12,9 @@ - name: "Remove single directory" file: - path: "/var/www/{{ project }}" + path: "/var/www/{{ project_name }}" state: absent - when: "project is defined" + when: "project_name is defined" vars: ansible_become: yes ansible_become_method: sudo From 61b59c8a201f340602b394ee9e0895556e001e48 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 19 Dec 2022 23:50:57 +0100 Subject: [PATCH 07/10] change name to git_name --- inventory/host_vars/vps-host | 24 ++++++++++++------------ roles/deploy-web/tasks/deploy.yml | 14 +++++++------- roles/deploy-web/tasks/destroy.yml | 4 ++-- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index bd6ad10..abbef62 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,13 +1,13 @@ $ANSIBLE_VAULT;1.1;AES256 -31613733363838323034373330363534363737373764653261366361376236333563646233336163 -3465613439303661373361663964343338376261323566640a373837646263383965343831306438 -62643130316366653865643438343630306439326431396339623635363630343164366530373464 -3736333430616261320a376138643533393365326330316634393437393763363566373239626532 -61323331633030316438313563616164366335643331393536666134653339363639393033633935 -34616439383165633035373764386439653336383837653933356439363866373432303364353864 -65653439353538376633653666643765333730363634383361346137623432343939346266383362 -34373638356462353066623930653766353331353936656133636230613264353933616161643139 -64626639343863373933633963633861333739396361323636303535376336663832326261383535 -64623266653562393664323330366564643437383532663163386535643835653362346339653236 -35656339396633356530333266666439373561356133343164643138353230353334373731323861 -33393432363632653333 +33646437393365646539336536336139353434326631616266313131326363666133326365386135 +3730326363313064353737623638396362373864343539650a323763333831613762313361366261 +63343630306135663463343430396537633665363335646135633030316266366561393436663565 +3034333636353864360a623139646463316465646335623561373234373138346332383735623664 +62663866343963666633643866376137613135373236663134323835636466643530656132323632 +36643964396437313030613436656538623663613663303762656665346162613063373861343334 +32646630366630333339626261363665373461353135386563393632376234366566306466633164 +34306434623263633331623732323266343035323730653039303439333635343234653536306263 +34303765333365623866656164663832393631653063393339646338333261663863313738613137 +36353532616434353333393639636135616165333630303265356438303961363464396532316632 +37636364666130366533363664646531613538313034653662613636323939396461626430363764 +35366165306233303830 diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml index 3cafaa2..29014c8 100644 --- a/roles/deploy-web/tasks/deploy.yml +++ b/roles/deploy-web/tasks/deploy.yml @@ -3,12 +3,12 @@ - name: "git archive {{ item }}" local_action: module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item.name }}.git" + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item.git_name }}.git" dest: "/home/valentin/src/" archive: "/tmp/{{ item.name }}.tar.gz" force: yes update: yes - when: "item.name is defined" + when: "item.git_name is defined" with_items: - "{{ project }}" @@ -16,12 +16,12 @@ - name: "Create directory " file: - path: "/var/www/{{ item.name }}" + path: "/var/www/{{ item.git_name }}" state: directory owner: www-data group: www-data mode: '500' - when: "item.name is defined" + when: "item.git_name is defined" with_items: - "{{ project }}" vars: @@ -32,12 +32,12 @@ - name: "Extract repo " unarchive: - src: "/tmp/{{ item.name }}.tar.gz" - dest: "/var/www/{{ item.name }}" + src: "/tmp/{{ item.git_name }}.tar.gz" + dest: "/var/www/{{ item.git_name }}" owner: www-data group: www-data mode: '500' - when: "item.name is defined" + when: "item.git_name is defined" with_items: - "{{ project }}" vars: diff --git a/roles/deploy-web/tasks/destroy.yml b/roles/deploy-web/tasks/destroy.yml index 6907e6f..9919252 100644 --- a/roles/deploy-web/tasks/destroy.yml +++ b/roles/deploy-web/tasks/destroy.yml @@ -1,8 +1,8 @@ - name: "Remove all directories" file: - path: "/var/www/{{ item.name }}" + path: "/var/www/{{ item.git_name }}" state: absent - when: "item.name is defined and project_name is not defined" + when: "item.git_name is defined and project_name is not defined" with_items: - "{{ project }}" vars: From bb9ca607a04fb3e4bc3b43e34c21daabb8f7b14f Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 20 Dec 2022 00:04:33 +0100 Subject: [PATCH 08/10] add reverse proxy --- inventory/host_vars/vps-host | 25 +++--- roles/deploy-web/files/gouter | 132 ++++++++++++++++++++++++++++++ roles/deploy-web/tasks/deploy.yml | 38 ++++++++- 3 files changed, 181 insertions(+), 14 deletions(-) create mode 100644 roles/deploy-web/files/gouter diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index abbef62..793ffea 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,13 +1,14 @@ $ANSIBLE_VAULT;1.1;AES256 -33646437393365646539336536336139353434326631616266313131326363666133326365386135 -3730326363313064353737623638396362373864343539650a323763333831613762313361366261 -63343630306135663463343430396537633665363335646135633030316266366561393436663565 -3034333636353864360a623139646463316465646335623561373234373138346332383735623664 -62663866343963666633643866376137613135373236663134323835636466643530656132323632 -36643964396437313030613436656538623663613663303762656665346162613063373861343334 -32646630366630333339626261363665373461353135386563393632376234366566306466633164 -34306434623263633331623732323266343035323730653039303439333635343234653536306263 -34303765333365623866656164663832393631653063393339646338333261663863313738613137 -36353532616434353333393639636135616165333630303265356438303961363464396532316632 -37636364666130366533363664646531613538313034653662613636323939396461626430363764 -35366165306233303830 +37656337323032643834333437363330363932363462306332646166616531616265646536373530 +6234313633353137656665653536663964393264303532610a633664613332343333363034396238 +61643465363532383661636238356566616161343034343166656364353538353564333235373663 +3336313930643062370a316439666335626265306338383939306433343439666333646632613366 +65663766326333623033643933613962393163313566636238353964656636633265373936626364 +65313565663265613532623563366533393030643539346363613035656632323762666131643530 +61616338616637336333663363323761653564633137633361333364663232656136353966346134 +38313435653131326161383564386261356333356164393034663538326262633036383438666330 +65393939363338363932653461393234346431653661626338653536353562396664313932346432 +39353035373263633938336337346461306162656662363461306538353436353063363764323631 +30386334356534663238656166666432636233353935623331366130323264393231306265363761 +37323163663561393938366662373963303634636564346663363239346332316336366636636235 +64343466333931353861346164656234393265653034623335636266393262323234 diff --git a/roles/deploy-web/files/gouter b/roles/deploy-web/files/gouter new file mode 100644 index 0000000..e8b8000 --- /dev/null +++ b/roles/deploy-web/files/gouter @@ -0,0 +1,132 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + #root /var/www/html; + + # Add index.php to the list if you are using PHP + #index index.html index.htm index.nginx-debian.html; + #gzip_static off; + server_name gouters.valczeryba.ovh; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + proxy_cache STATIC; + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + #try_files $uri $uri/ =404; + proxy_set_header Accept-Encoding ""; + proxy_pass http://gouters.canalblog.com/; + #proxy_redirect off; + #proxy_set_header Host $host; + #proxy_buffering on; + #proxy_cache STATIC; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 10m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + #proxy_ssl_verify off; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Proto $scheme; + sub_filter 'gouters.canalblog.com' 'gouters.valczeryba.ovh'; + sub_filter_once off; + + + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gouters.valczeryba.ovh/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gouters.valczeryba.ovh/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + +server { + if ($host = gouters.valczeryba.ovh) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name gouters.valczeryba.ovh; + listen 80; + return 404; # managed by Certbot + + +} diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml index 29014c8..48ce25d 100644 --- a/roles/deploy-web/tasks/deploy.yml +++ b/roles/deploy-web/tasks/deploy.yml @@ -5,7 +5,7 @@ module: git repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item.git_name }}.git" dest: "/home/valentin/src/" - archive: "/tmp/{{ item.name }}.tar.gz" + archive: "/tmp/{{ item.git_name }}.tar.gz" force: yes update: yes when: "item.git_name is defined" @@ -13,7 +13,6 @@ - "{{ project }}" - - name: "Create directory " file: path: "/var/www/{{ item.git_name }}" @@ -44,3 +43,38 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" + +- name: "Copy configure nginx" + copy: + src: "{{ item.conf_name }}" + dest: "/etc/nginx/sites-available" + when: "item.conf_name is defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "Create symlink" + file: + src: "/etc/nginx/sites-available/{{ item.conf_name }}" + dest: "/etc/nginx/sites-enabled/{{ item.conf_name }}" + state: link + when: "item.conf_name is defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: restart nginx + service: + name: nginx + state: restarted + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file From 19ecb0bca1d70e036f51fa7c12af34dbf279e9e8 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 20 Dec 2022 00:14:15 +0100 Subject: [PATCH 09/10] add destroy files --- roles/deploy-web/tasks/destroy.yml | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/roles/deploy-web/tasks/destroy.yml b/roles/deploy-web/tasks/destroy.yml index 9919252..f5334ed 100644 --- a/roles/deploy-web/tasks/destroy.yml +++ b/roles/deploy-web/tasks/destroy.yml @@ -15,6 +15,42 @@ path: "/var/www/{{ project_name }}" state: absent when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "Delete symlink" + file: + path: "/etc/nginx/sites-enabled/{{ item.conf_name }}" + state: absent + when: "item.conf_name is defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "remove configure nginx" + file: + path: "/etc/nginx/sites-available/{{ item.conf_name }}" + state: absent + when: "item.conf_name is defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + + + +- name: restart nginx + service: + name: nginx + state: restarted vars: ansible_become: yes ansible_become_method: sudo From ae0655da7c39010324a776f719544bf5e9034eb6 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Wed, 28 Dec 2022 18:08:18 +0100 Subject: [PATCH 10/10] add deploy single project --- roles/deploy-web/tasks/deploy.yml | 82 ++++++++++++++++++++++++++---- roles/deploy-web/tasks/destroy.yml | 32 +++++++++--- 2 files changed, 98 insertions(+), 16 deletions(-) diff --git a/roles/deploy-web/tasks/deploy.yml b/roles/deploy-web/tasks/deploy.yml index 48ce25d..0adb461 100644 --- a/roles/deploy-web/tasks/deploy.yml +++ b/roles/deploy-web/tasks/deploy.yml @@ -1,6 +1,6 @@ # tasks file for deploy-web -- name: "git archive {{ item }}" +- name: "all git archive" local_action: module: git repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ item.git_name }}.git" @@ -8,19 +8,19 @@ archive: "/tmp/{{ item.git_name }}.tar.gz" force: yes update: yes - when: "item.git_name is defined" + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" -- name: "Create directory " +- name: "all create directory " file: path: "/var/www/{{ item.git_name }}" state: directory owner: www-data group: www-data mode: '500' - when: "item.git_name is defined" + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -29,14 +29,14 @@ ansible_become_password: "{{ sudo_password }}" -- name: "Extract repo " +- name: "all extract repo " unarchive: src: "/tmp/{{ item.git_name }}.tar.gz" dest: "/var/www/{{ item.git_name }}" owner: www-data group: www-data mode: '500' - when: "item.git_name is defined" + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -44,11 +44,50 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: "Copy configure nginx" + +- name: "single git archive" + local_action: + module: git + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ project_name }}.tar.gz" + force: yes + update: yes + when: "project_name is defined" + + +- name: "single create directory " + file: + path: "/var/www/{{ project_name }}" + state: directory + owner: www-data + group: www-data + mode: '500' + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single extract repo " + unarchive: + src: "/tmp/{{ project_name }}.tar.gz" + dest: "/var/www/{{ project_name }}" + owner: www-data + group: www-data + mode: '500' + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "all copy configure nginx" copy: src: "{{ item.conf_name }}" dest: "/etc/nginx/sites-available" - when: "item.conf_name is defined" + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -57,12 +96,12 @@ ansible_become_password: "{{ sudo_password }}" -- name: "Create symlink" +- name: "all create symlink" file: src: "/etc/nginx/sites-available/{{ item.conf_name }}" dest: "/etc/nginx/sites-enabled/{{ item.conf_name }}" state: link - when: "item.conf_name is defined" + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -70,6 +109,29 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" + +- name: "single copy configure nginx" + copy: + src: "{{ conf_name }}" + dest: "/etc/nginx/sites-available" + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single create symlink" + file: + src: "/etc/nginx/sites-available/{{ conf_name }}" + dest: "/etc/nginx/sites-enabled/{{ conf_name }}" + state: link + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + - name: restart nginx service: name: nginx diff --git a/roles/deploy-web/tasks/destroy.yml b/roles/deploy-web/tasks/destroy.yml index f5334ed..b8b6a3a 100644 --- a/roles/deploy-web/tasks/destroy.yml +++ b/roles/deploy-web/tasks/destroy.yml @@ -2,7 +2,7 @@ file: path: "/var/www/{{ item.git_name }}" state: absent - when: "item.git_name is defined and project_name is not defined" + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -20,11 +20,11 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: "Delete symlink" +- name: "Delete all symlink" file: path: "/etc/nginx/sites-enabled/{{ item.conf_name }}" state: absent - when: "item.conf_name is defined" + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -32,11 +32,11 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: "remove configure nginx" +- name: "remove all configure nginx" file: path: "/etc/nginx/sites-available/{{ item.conf_name }}" state: absent - when: "item.conf_name is defined" + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" with_items: - "{{ project }}" vars: @@ -46,6 +46,26 @@ +- name: "Delete single symlink" + file: + path: "/etc/nginx/sites-enabled/{{ conf_name }}" + state: absent + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "remove single configure nginx" + file: + path: "/etc/nginx/sites-available/{{ conf_name }}" + state: absent + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + - name: restart nginx service: @@ -54,4 +74,4 @@ vars: ansible_become: yes ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" \ No newline at end of file + ansible_become_password: "{{ sudo_password }}"