mirror of
https://github.com/Websoft9/websoft9.git
synced 2024-09-30 00:31:17 +00:00
create common roles
This commit is contained in:
parent
2b192ca87a
commit
42efce6479
13
apps/roles/role_cloud/CHANGELOG
Normal file
13
apps/roles/role_cloud/CHANGELOG
Normal file
|
@ -0,0 +1,13 @@
|
|||
# CHANGELOG
|
||||
|
||||
## To do
|
||||
|
||||
1. 增加腾讯云的判断
|
||||
2. Cloud Agent 实际上没有起到作用
|
||||
|
||||
## Logs
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
### Features
|
||||
|
169
apps/roles/role_cloud/License.md
Normal file
169
apps/roles/role_cloud/License.md
Normal file
|
@ -0,0 +1,169 @@
|
|||
This program is released under LGPL-3.0 and with the additional Terms:
|
||||
It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
|
||||
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
1
apps/roles/role_cloud/Notes.md
Normal file
1
apps/roles/role_cloud/Notes.md
Normal file
|
@ -0,0 +1 @@
|
|||
|
47
apps/roles/role_cloud/README.md
Normal file
47
apps/roles/role_cloud/README.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
Ansible Role: Cloud
|
||||
=========
|
||||
|
||||
在CentOS或者Ubuntu服务器处理云厂家异同,以及设置交换分区.
|
||||
|
||||
## Requirements
|
||||
|
||||
运行本 Role,请确认符合如下的必要条件:
|
||||
|
||||
| **Items** | **Details** |
|
||||
| ------------------| ------------------|
|
||||
| Operating system | CentOS7.x Ubuntu18.04 |
|
||||
| Python 版本 | Python2 |
|
||||
| Python 组件 | |
|
||||
| Runtime | 阿里云, 华为云, Azure, AWS |
|
||||
|
||||
|
||||
## Related roles
|
||||
|
||||
本 Role 不依赖其他 roles,只用来处理不同云平台的服务器差异。
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
本 Role 主要变量以及使用方法如下:
|
||||
|
||||
| **Items** | **Details** | **Format** | **是否初始化** |
|
||||
| ------------------| ------------------|-----|-----|
|
||||
| cloud_agent | Fasle,True ] | 布尔 | 否 |
|
||||
|
||||
|
||||
## Example
|
||||
|
||||
```
|
||||
- name: LAMP
|
||||
hosts: all
|
||||
become: yes
|
||||
become_method: sudo
|
||||
vars_files:
|
||||
- vars/main.yml
|
||||
|
||||
roles:
|
||||
- { role: role_common }
|
||||
- { role: role_cloud }
|
||||
```
|
||||
|
||||
## FAQ
|
2
apps/roles/role_cloud/defaults/main.yml
Normal file
2
apps/roles/role_cloud/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
# install Cloud Agent, default is false
|
||||
cloud_agent: False
|
19
apps/roles/role_cloud/meta/main.yml
Normal file
19
apps/roles/role_cloud/meta/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
author:
|
||||
description:
|
||||
company:
|
||||
license:
|
||||
min_ansible_version:
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 18.04
|
||||
|
||||
galaxy_tags:
|
||||
|
109
apps/roles/role_cloud/tasks/main.yml
Normal file
109
apps/roles/role_cloud/tasks/main.yml
Normal file
|
@ -0,0 +1,109 @@
|
|||
##
|
||||
- name: Check Cloud
|
||||
shell : |
|
||||
if [ -f "/etc/waagent.conf" ];then echo "azure";fi
|
||||
if [ -d "/usr/local/aegis" ];then echo "alicloud";fi
|
||||
if [ -f "/snap/bin/amazon-ssm-agent.ssm-cli" ];then echo "aws";fi
|
||||
if [ -f "/usr/bin/amazon-ssm-agent" ];then echo "aws";fi
|
||||
if [ -d "/CloudrResetPwdAgent" ];then echo "huaiwei";fi
|
||||
register: cloud
|
||||
|
||||
- debug:
|
||||
msg: "Cloud platform is {{ cloud.stdout}}"
|
||||
|
||||
- block:
|
||||
- name: Create swap Space
|
||||
command: dd if=/dev/zero of=/mnt/swap bs=256M count=8
|
||||
|
||||
- name: Make swap
|
||||
command: mkswap /mnt/swap
|
||||
|
||||
- name: Action swap
|
||||
command: swapon /mnt/swap
|
||||
|
||||
- name: Add to fstab
|
||||
lineinfile:
|
||||
dest: /etc/fstab
|
||||
regexp: '/mnt/swap'
|
||||
line: "/mnt/swap swap swap defaults 0 0"
|
||||
state: present
|
||||
|
||||
when: (ansible_swaptotal_mb == 0) and (cloud.stdout != 'azure')
|
||||
|
||||
- block:
|
||||
- name: Change ubuntu service name
|
||||
shell: |
|
||||
ln -sf /usr/lib/systemd/system/walinuxagent.service /usr/lib/systemd/system/waagent.service
|
||||
systemctl daemon-reload
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: ResourceDisk EnableSwap
|
||||
lineinfile:
|
||||
dest: /etc/waagent.conf
|
||||
regexp: 'ResourceDisk.Format=n'
|
||||
line: "ResourceDisk.Format=y"
|
||||
state: present
|
||||
|
||||
- name: ResourceDisk EnableSwap
|
||||
lineinfile:
|
||||
dest: /etc/waagent.conf
|
||||
regexp: 'ResourceDisk.EnableSwap=n'
|
||||
line: "ResourceDisk.EnableSwap=y"
|
||||
state: present
|
||||
|
||||
- name: ResourceDisk SwapSizeMB
|
||||
lineinfile:
|
||||
dest: /etc/waagent.conf
|
||||
regexp: 'ResourceDisk.SwapSizeMB=0'
|
||||
line: "ResourceDisk.SwapSizeMB=4096"
|
||||
state: present
|
||||
|
||||
- name: Restart waagnet
|
||||
service:
|
||||
name: waagent
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
when: cloud.stdout == 'azure'
|
||||
|
||||
- block:
|
||||
- name: AWS Configure
|
||||
apt:
|
||||
name: ec2-instance-connect
|
||||
update_cache: yes
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: AWS Configure
|
||||
yum:
|
||||
name: ec2-instance-connect
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Start ec2-instance-connect
|
||||
service:
|
||||
name: ec2-instance-connect
|
||||
state: started
|
||||
enabled: yes
|
||||
failed_when: False
|
||||
|
||||
when: cloud.stdout == 'aws'
|
||||
|
||||
# install cloud agent
|
||||
- block:
|
||||
- name: Install Aliyun Aqs and aliyun_assist
|
||||
shell: |
|
||||
wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall_64.sh" && chmod +x AliAqsInstall_64.sh && ./AliAqsInstall_64.sh sJmepE
|
||||
wget "https://aliyun-client-assist.oss-accelerate.aliyuncs.com/linux/aliyun_assist_latest.rpm"
|
||||
rpm -ivh --force aliyun_assist_latest.rpm
|
||||
#wget "https://aliyun-client-assist.oss-accelerate.aliyuncs.com/linux/aliyun_assist_latest.deb"
|
||||
#dpkg -r aliyun-assist
|
||||
systemctl restart aliyun.service
|
||||
when: cloud.stdout == 'alicloud'
|
||||
|
||||
|
||||
|
||||
- name: Install HUAWEICLOUD Agent
|
||||
shell: wget https://telescope-ap-southeast-1.obs.ap-southeast-1.myhuaweicloud.com/scripts/agentBatchPackage.sh && chmod 755 agentBatchPackage.sh && ./agentBatchPackage.sh
|
||||
args:
|
||||
chdir: /usr/local
|
||||
when: cloud.stdout == 'huawei'
|
||||
when: cloud_agent
|
1
apps/roles/role_cloud/tests/inventory
Normal file
1
apps/roles/role_cloud/tests/inventory
Normal file
|
@ -0,0 +1 @@
|
|||
localhost
|
5
apps/roles/role_cloud/tests/test.yml
Normal file
5
apps/roles/role_cloud/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- role_cloud
|
16
apps/roles/role_cloud/vars/cloud_download_url.yml
Normal file
16
apps/roles/role_cloud/vars/cloud_download_url.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
# 本文件存放中国大陆地区的下载地址,用于阿里云、华为云等云上的镜像制作。
|
||||
|
||||
apache_ius_url: https://repo.ius.io/ius-release-el7.rpm
|
||||
#apache_ius_url: https://libs.websoft9.com/apps/apache/ius-release-el7.rpm
|
||||
|
||||
php_getcomposer_url: "https://getcomposer.org/composer.phar"
|
||||
#php_getcomposer_url: https://libs.websoft9.com/apps/composer/composer.phar
|
||||
|
||||
redis_download_url: http://download.redis.io/releases
|
||||
#redis_download_url: https://libs.websoft9.com/apps/redis
|
||||
|
||||
phpmyadmin_download_url:
|
||||
"old": "https://files.phpmyadmin.net/phpMyAdmin/4.0.10.20/phpMyAdmin-4.0.10.20-all-languages.zip"
|
||||
#"old": "https://libs.websoft9.com/apps/phpmyadmin/phpMyAdmin-4.0.10.20-all-languages.zip"
|
||||
"new": "https://files.phpmyadmin.net/phpMyAdmin/4.9.4/phpMyAdmin-4.9.4-all-languages.zip"
|
||||
#"new": "https://libs.websoft9.com/apps/phpmyadmin/phpMyAdmin-4.9.4-all-languages.zip"
|
28
apps/roles/role_common/CHANGELOG.md
Normal file
28
apps/roles/role_common/CHANGELOG.md
Normal file
|
@ -0,0 +1,28 @@
|
|||
# CHANGELOG
|
||||
|
||||
## To do
|
||||
|
||||
1. 服务器最低配置判断
|
||||
2. OracleLinux 支持 CentOS7-base.repo
|
||||
3. Centos snapd install waiting for rhel official(snapd-selinux-2.47.1-1.el7.noarch.rpm) update repo
|
||||
|
||||
## Logs
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 2020-08-14 add CentOS7_base.repo for AmazonLinux2
|
||||
* 2020-06-20 add Check OS support in main.yml
|
||||
* 2020-02-25 去掉pip install requests, 此模块不是python核心模块
|
||||
* 2020-11-11 use yumdownloader and rpm install requires package,waiting for rhel official update repo
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* 2020-08-22 add install apps_cockpit.yml
|
||||
* 2020-07-25 add intall centos-release-scl for CentOS
|
||||
* 2020-07-02 add `apt install acl`
|
||||
* 2020-05-31 add locate for search
|
||||
* 2020-05-20 Don't update when init=0
|
||||
* 2020-03-20 增加两个安装变量common_install_python_modules,common_install_components用于控制组件的安装
|
||||
* 2020-02-24 将main.yml按照os_family拆分
|
||||
* 2020-02-21 增加中国地区DNS地址
|
169
apps/roles/role_common/License.md
Normal file
169
apps/roles/role_common/License.md
Normal file
|
@ -0,0 +1,169 @@
|
|||
This program is released under LGPL-3.0 and with the additional Terms:
|
||||
It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
|
||||
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
44
apps/roles/role_common/Notes.md
Normal file
44
apps/roles/role_common/Notes.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
|
||||
## Ansible facts for OS distribution
|
||||
```
|
||||
# AmazonLinux2
|
||||
"ansible_distribution": "Amazon",
|
||||
"ansible_distribution_file_parsed": true,
|
||||
"ansible_distribution_file_path": "/etc/system-release",
|
||||
"ansible_distribution_file_variety": "Amazon",
|
||||
"ansible_distribution_major_version": "2",
|
||||
"ansible_distribution_release": "NA",
|
||||
"ansible_distribution_version": "2",
|
||||
|
||||
# Ubuntu
|
||||
"ansible_distribution": "Ubuntu",
|
||||
"ansible_distribution_file_parsed": true,
|
||||
"ansible_distribution_file_path": "/etc/os-release",
|
||||
"ansible_distribution_file_variety": "Debian",
|
||||
"ansible_distribution_major_version": "18",
|
||||
"ansible_distribution_release": "bionic",
|
||||
"ansible_distribution_version": "18.04",
|
||||
|
||||
# CentOS
|
||||
"ansible_distribution": "CentOS",
|
||||
"ansible_distribution_file_parsed": true,
|
||||
"ansible_distribution_file_path": "/etc/redhat-release",
|
||||
"ansible_distribution_file_variety": "RedHat",
|
||||
"ansible_distribution_major_version": "7",
|
||||
"ansible_distribution_release": "core",
|
||||
"ansible_distribution_version": "7.6"
|
||||
|
||||
# OracleLinux
|
||||
"ansible_distribution": "OracleLinux",
|
||||
"ansible_distribution_file_parsed": true,
|
||||
"ansible_distribution_file_path": "/etc/oracle-release",
|
||||
"ansible_distribution_file_search_string": "Oracle Linux",
|
||||
"ansible_distribution_file_variety": "OracleLinux",
|
||||
"ansible_distribution_major_version": "7",
|
||||
"ansible_distribution_release": "NA",
|
||||
"ansible_distribution_version": "7.7",
|
||||
```
|
||||
|
||||
## Cockpit
|
||||
|
||||
Cockpit 建议采用 `yum install cockpit*` 这种批量安装方式,确保安装所有与之相关的包
|
45
apps/roles/role_common/README.md
Normal file
45
apps/roles/role_common/README.md
Normal file
|
@ -0,0 +1,45 @@
|
|||
Ansible Role: common
|
||||
=========
|
||||
|
||||
本 Role 用于在CentOS或者Ubuntu服务器上安装常见工具和配置系统自动更新
|
||||
|
||||
## Requirements
|
||||
|
||||
运行本 Role,请确认符合如下的必要条件:
|
||||
|
||||
| **Items** | **Details** |
|
||||
| ------------------| ------------------|
|
||||
| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux|
|
||||
| Python 版本 | Python2 |
|
||||
| Python 组件 | |
|
||||
| Runtime | Linux |
|
||||
|
||||
|
||||
## Related roles
|
||||
|
||||
本 Role 在其他 roles 之前运行。
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
本 Role 主要变量以及使用方法如下:
|
||||
|
||||
| **Items** | **Details** | **Format** | **是否初始化** |
|
||||
| ------------------| ------------------|-----|-----|
|
||||
| common_install_python_modules | 布尔类型,默认 True| 字符串 |否|
|
||||
| common_install_components |布尔类型,默认 True| 字符串 |否|
|
||||
| common_os_support |["CentOS", "Ubuntu", "Amazon", "OracleLinux"]| 队列 |否|
|
||||
| common_install_tools |- cockpit| 队列 |否|
|
||||
|
||||
|
||||
## Example
|
||||
|
||||
```
|
||||
common_os_support: ["CentOS", "Ubuntu", "Amazon", "OracLinux"]
|
||||
common_install_tools
|
||||
- cockpit
|
||||
```
|
||||
|
||||
## FAQ
|
||||
|
||||
|
26
apps/roles/role_common/defaults/main.yml
Normal file
26
apps/roles/role_common/defaults/main.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
region: "0"
|
||||
init: "0"
|
||||
|
||||
#Control installation more components
|
||||
common_install_python_modules: True
|
||||
common_install_components: True
|
||||
common_set_rclocal: False
|
||||
|
||||
common_os_support: ["CentOS", "Ubuntu", "Amazon", "OracleLinux", "Debian", "RedHat"]
|
||||
|
||||
# Useful tools, list var type, e.g:
|
||||
# common_install_tools:
|
||||
# - cockpit
|
||||
|
||||
common_install_tools:
|
||||
|
||||
# when init=1, need upgrade system
|
||||
common_system_upgrade: True
|
||||
common_docker_addnetwork: "apps"
|
||||
common_install_docker: False
|
||||
common_compose_version: "v2.6.0"
|
||||
common_repository_url: "https://download.docker.com/linux/centos/docker-ce.repo"
|
||||
|
||||
common_packages_redhat_extra: []
|
||||
|
||||
common_packages_debian_extra: []
|
2
apps/roles/role_common/files/20auto-upgrades
Normal file
2
apps/roles/role_common/files/20auto-upgrades
Normal file
|
@ -0,0 +1,2 @@
|
|||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
35
apps/roles/role_common/files/CentOS7-Base.repo
Normal file
35
apps/roles/role_common/files/CentOS7-Base.repo
Normal file
|
@ -0,0 +1,35 @@
|
|||
# CentOS-Base.repo
|
||||
# The mirror system uses the connecting IP address of the client and the
|
||||
# update status of each mirror to pick mirrors that are updated to and
|
||||
# geographically close to the client. You should use this for CentOS updates
|
||||
# unless you are manually picking other mirrors.
|
||||
# If the mirrorlist= does not work for you, as a fall back you can try the
|
||||
# remarked out baseurl= line instead.
|
||||
|
||||
[base]
|
||||
name=CentOS-$releasever - Base
|
||||
baseurl=http://mirror.centos.org/centos/7/os/$basearch/
|
||||
gpgcheck=0
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||
|
||||
#released updates
|
||||
[updates]
|
||||
name=CentOS-$releasever - Updates
|
||||
baseurl=http://mirror.centos.org/centos/7/updates/$basearch/
|
||||
gpgcheck=0
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||
|
||||
#additional packages that may be useful
|
||||
[extras]
|
||||
name=CentOS-$releasever - Extras
|
||||
baseurl=http://mirror.centos.org/centos/7/extras/$basearch/
|
||||
gpgcheck=0
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||
|
||||
#additional packages that extend functionality of existing packages
|
||||
[centosplus]
|
||||
name=CentOS-$releasever - Plus
|
||||
baseurl=http://mirror.centos.org/centos/7/centosplus/$basearch/
|
||||
gpgcheck=0
|
||||
enabled=0
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
20
apps/roles/role_common/meta/main.yml
Normal file
20
apps/roles/role_common/meta/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
dependencies:
|
||||
|
||||
galaxy_info:
|
||||
role_name: common
|
||||
author:
|
||||
description:
|
||||
company:
|
||||
license:
|
||||
min_ansible_version:
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 8
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 18.04
|
||||
|
||||
galaxy_tags:
|
||||
|
65
apps/roles/role_common/tasks/Debian.yml
Normal file
65
apps/roles/role_common/tasks/Debian.yml
Normal file
|
@ -0,0 +1,65 @@
|
|||
- set_fact:
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
- name: Update apt repository list cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: Upgrade all packages to the latest version for production
|
||||
apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
only_upgrade: yes
|
||||
register: result
|
||||
until: result.msg.find("Could not get lock /var/lib/dpkg") == -1
|
||||
retries: 50
|
||||
delay: 10
|
||||
failed_when: "'FAILED' in result.stdout"
|
||||
when: common_system_upgrade and (init == '1' or init == 1)
|
||||
|
||||
- block:
|
||||
- name: Install Common Software
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
force_apt_get: True
|
||||
allow_unauthenticated: yes
|
||||
update_cache: yes
|
||||
failed_when: False
|
||||
register: common_install_result
|
||||
loop: "{{ common_packages_debian }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ common_install_result | json_query('results[*].results[*]') }}"
|
||||
|
||||
- block:
|
||||
- name: Install extra Software
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
force_apt_get: True
|
||||
allow_unauthenticated: yes
|
||||
update_cache: yes
|
||||
failed_when: False
|
||||
register: extra_install_result
|
||||
loop: "{{ common_packages_debian_extra }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ extra_install_result | json_query('results[*].results[*]') }}"
|
||||
when: common_packages_debian_extra is defined and common_packages_debian_extra is not none and common_packages_debian_extra != ""
|
||||
|
||||
when: common_install_components
|
||||
|
||||
- block:
|
||||
- name: Setting rc.local
|
||||
file:
|
||||
path: /etc/rc.local
|
||||
state: touch
|
||||
mode: 0750
|
||||
|
||||
- name: Write rc.local
|
||||
shell: echo "#!/bin/bash" > /etc/rc.local
|
||||
|
||||
- name: restart rc.local
|
||||
service: name=rc.local state=restarted enabled=yes
|
||||
when: common_set_rclocal
|
106
apps/roles/role_common/tasks/RedHat.yml
Normal file
106
apps/roles/role_common/tasks/RedHat.yml
Normal file
|
@ -0,0 +1,106 @@
|
|||
- block:
|
||||
- debug:
|
||||
msg: "Wait 200s for install pip and python"
|
||||
|
||||
- name: Sleep wait for Oracle linux install pip and python which is very slowly
|
||||
shell: sleep 200s
|
||||
when: ansible_distribution == "OracleLinux"
|
||||
|
||||
- name: System Upgrade
|
||||
yum: name=* state=latest
|
||||
when: common_system_upgrade and (init == '1' or init == 1)
|
||||
|
||||
- name: OracleLinux8 create pip softlink
|
||||
shell: |
|
||||
ln -sf /usr/bin/pip-3 /usr/bin/pip3
|
||||
when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == "8"
|
||||
|
||||
- name: Install Extra Packages for Enterprise Linux on {{ansible_distribution}}, exclude Amazon because scl will cause yum update error
|
||||
yum:
|
||||
name: [epel-release,centos-release-scl]
|
||||
update_cache: yes
|
||||
state: latest
|
||||
failed_when: False
|
||||
when: ansible_distribution != 'Amazon' and ansible_distribution != 'OracleLinux'
|
||||
|
||||
- block:
|
||||
- name: Install epel repo for OracleLinux
|
||||
yum:
|
||||
name: oracle-epel-release-el{{ansible_distribution_major_version}}
|
||||
|
||||
- name: Install scl repo for OracleLinux
|
||||
yum:
|
||||
name: scl-utils
|
||||
when: ansible_distribution == 'OracleLinux'
|
||||
|
||||
- block:
|
||||
- name: Set swapiness
|
||||
sysctl:
|
||||
name: vm.swappiness
|
||||
value: "10"
|
||||
|
||||
- name: Fix No space left on device
|
||||
sysctl:
|
||||
name: fs.inotify.max_user_watches
|
||||
value: "8192000"
|
||||
when: ansible_distribution != 'OracleLinux'
|
||||
|
||||
- block:
|
||||
- name: Install Extra Packages for Enterprise Linux on {{ansible_distribution}},there is [releaseserver] in the linux repo,so download from websoft9 self repo
|
||||
shell: |
|
||||
amazon-linux-extras install epel -y
|
||||
wget -O /etc/yum.repos.d/CentOS7-Base.repo https://raw.githubusercontent.com/websoft9/role_common/master/files/CentOS7-Base.repo
|
||||
|
||||
- name: delete amazon repo priority
|
||||
lineinfile:
|
||||
dest: "{{item}}"
|
||||
regexp: "^priority"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/yum.repos.d/amzn2-extras.repo
|
||||
- /etc/yum.repos.d/amzn2-core.repo
|
||||
when: ansible_distribution == 'Amazon'
|
||||
|
||||
- block:
|
||||
- name: Install Common Software
|
||||
yum:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
register: common_install_result
|
||||
failed_when: False
|
||||
loop: "{{ common_packages_redhat }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ common_install_result | json_query('results[*].results[*]') }}"
|
||||
|
||||
- block:
|
||||
- name: Install extra Software
|
||||
yum:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
register: extra_install_result
|
||||
failed_when: False
|
||||
loop: "{{ common_packages_redhat_extra }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ extra_install_result | json_query('results[*].results[*]') }}"
|
||||
when: common_packages_redhat_extra is defined and common_packages_redhat_extra is not none and common_packages_redhat_extra != ""
|
||||
|
||||
when: common_install_components
|
||||
|
||||
- name: Setting rc.d 0750
|
||||
file:
|
||||
path: /etc/rc.d/rc.local
|
||||
mode: 0750
|
||||
when: common_set_rclocal
|
||||
|
||||
- block:
|
||||
- name: Disable SELinux temporarily(have not SELinux on Debian )
|
||||
shell: sudo setenforce 0
|
||||
|
||||
- name: Disable SELinux ermanently
|
||||
selinux:
|
||||
state: disabled
|
||||
when: ansible_selinux.status != "disabled"
|
112
apps/roles/role_common/tasks/main.yml
Normal file
112
apps/roles/role_common/tasks/main.yml
Normal file
|
@ -0,0 +1,112 @@
|
|||
#0 Common install by OS
|
||||
- debug:
|
||||
msg: "Will install components on ansible_os_family:{{ansible_os_family}},ansible_distribution:{{ ansible_distribution }}, ansible_distribution_major_version: {{ ansible_distribution_major_version }}"
|
||||
|
||||
- name: Check OS support, if not support, exit ansible
|
||||
fail: msg="OS not supported,exit!"
|
||||
when: ansible_distribution not in common_os_support
|
||||
|
||||
- include: "{{ansible_os_family}}.yml"
|
||||
|
||||
- name: Updatedb for mlocate
|
||||
shell: updatedb
|
||||
|
||||
#2 Pip install
|
||||
- block:
|
||||
- name: pip upgrade(python2 support latest pip version is 20.3.4)
|
||||
shell: python{{ansible_python.version.major}} -m pip install -U "pip < 21.0"
|
||||
failed_when: False
|
||||
|
||||
- name: Install PyMySQL on pip2
|
||||
pip:
|
||||
name: PyMySQL
|
||||
version: 0.10.1
|
||||
extra_args: "-U"
|
||||
executable: pip2
|
||||
when: ansible_os_family == "RedHat" and (ansible_distribution_major_version == '7' or ansible_distribution_major_version == '2')
|
||||
|
||||
- name: Install pex requirements module
|
||||
pip:
|
||||
name: pexpect
|
||||
extra_args: "-U"
|
||||
register: pex_install_result
|
||||
failed_when: False
|
||||
|
||||
- name: Install pymysql requirements module
|
||||
pip:
|
||||
name: PyMySQL
|
||||
extra_args: "-U"
|
||||
register: mysql_install_result
|
||||
failed_when: False
|
||||
when: common_install_python_modules
|
||||
|
||||
- debug:
|
||||
msg: "{% if pex_install_result.msg is defined %} {{pex_install_result.msg}} {% endif %}"
|
||||
|
||||
- debug:
|
||||
msg: "{% if mysql_install_result.msg is defined %} {{mysql_install_result.msg}} {% endif %}"
|
||||
|
||||
#3 Tool install
|
||||
- name: Install tools
|
||||
include_tasks: tools_{{item}}.yml
|
||||
with_items: "{{common_install_tools}}"
|
||||
when: common_install_tools is defined and common_install_tools is not none and common_install_tools != "" and common_install_tools[0]!= ""
|
||||
|
||||
#4 Configure
|
||||
- name: Create common folder
|
||||
file:
|
||||
path: '/data/{{item}}'
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- logs
|
||||
- config
|
||||
- cert
|
||||
- apps
|
||||
failed_when: False
|
||||
|
||||
- name: Create /data/wwwroot softlink to /data/apps
|
||||
shell: ln -sf /data/apps /data/wwwroot
|
||||
|
||||
- block:
|
||||
- name: set a regular hostname, remove "."
|
||||
shell: get_hostname=$(hostname);echo ${get_hostname%%.*}
|
||||
register: common_get_hostname
|
||||
- hostname:
|
||||
name: "{{common_get_hostname.stdout}}"
|
||||
|
||||
# Install docker
|
||||
|
||||
- name: Install Docker on {{ansible_distribution}}
|
||||
shell: |
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
|
||||
when: ansible_distribution != 'Amazon'
|
||||
|
||||
- block:
|
||||
- name: Add Docker repository and replace $releasever
|
||||
shell: |
|
||||
wget -O /etc/yum.repos.d/docker-ce.repo "https://download.docker.com/linux/centos/docker-ce.repo"
|
||||
sudo sed -i "s/\$releasever/7/g" /etc/yum.repos.d/docker-ce.repo
|
||||
|
||||
- name: Install all required packages of Docker on {{ansible_distribution}}
|
||||
yum:
|
||||
name: [device-mapper-persistent-data,lvm2,docker-ce,docker-ce-cli,containerd.io,docker-compose-plugin,docker-scan-plugin,docker-ce-rootless-extras]
|
||||
update_cache: yes
|
||||
state: latest
|
||||
when: ansible_distribution == 'Amazon'
|
||||
|
||||
- name: Add permanently alias for docker compose
|
||||
shell: |
|
||||
alias docker-compose='docker compose'
|
||||
echo "alias docker-compose='docker compose'" >> /etc/profile.d/docker-compose.sh
|
||||
source /etc/profile.d/docker-compose.sh
|
||||
|
||||
- name: Started and enable Docker
|
||||
service:
|
||||
name: docker
|
||||
enabled: yes
|
||||
state: restarted
|
||||
|
||||
- name: Check Docker Version
|
||||
shell: sudo sh -c "docker -v 1>> /data/logs/install_version.txt"
|
53
apps/roles/role_common/tasks/tools_cockpit.yml
Normal file
53
apps/roles/role_common/tasks/tools_cockpit.yml
Normal file
|
@ -0,0 +1,53 @@
|
|||
#1 Prepare
|
||||
- set_fact:
|
||||
common_cockpit_port: "9099"
|
||||
|
||||
#2 Install cockpit
|
||||
- name: Install cockpit
|
||||
apt:
|
||||
name: [cockpit*]
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Install cockpit
|
||||
yum:
|
||||
name: [cockpit*]
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
|
||||
#3 Configure
|
||||
- name: Change cockpit port
|
||||
lineinfile:
|
||||
dest: /lib/systemd/system/cockpit.socket
|
||||
regexp: "ListenStream=9090"
|
||||
line: "ListenStream={{common_cockpit_port}}"
|
||||
backrefs: yes
|
||||
|
||||
- name: Create /etc/cockpit/cockpit.conf
|
||||
file:
|
||||
path: /etc/cockpit/cockpit.conf
|
||||
owner: cockpit-ws
|
||||
group: cockpit-ws
|
||||
mode: '0640'
|
||||
state: touch
|
||||
|
||||
- name: Insert configuration items in cockpit.conf
|
||||
blockinfile:
|
||||
path: /etc/cockpit/cockpit.conf
|
||||
block: |
|
||||
# allow http connection, Otherwise, it redirects all HTTP connections to HTTPS
|
||||
[WebService]
|
||||
AllowUnencrypted = true
|
||||
- name: Start & Enable cockpit
|
||||
shell: |
|
||||
systemctl restart cockpit
|
||||
systemctl daemon-reload
|
||||
systemctl restart cockpit.socket
|
||||
systemctl enable --now cockpit.socket
|
||||
|
||||
#4 Check
|
||||
- name: Check cockpit Service
|
||||
shell: systemctl status cockpit | grep Active*
|
||||
register: check_cockpit_service
|
||||
notify: check_cockpit_service
|
1
apps/roles/role_common/tests/inventory
Normal file
1
apps/roles/role_common/tests/inventory
Normal file
|
@ -0,0 +1 @@
|
|||
localhost
|
5
apps/roles/role_common/tests/test.yml
Normal file
5
apps/roles/role_common/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- role_common
|
49
apps/roles/role_common/vars/main.yml
Normal file
49
apps/roles/role_common/vars/main.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
common_packages_redhat:
|
||||
- mosh
|
||||
- wget
|
||||
- openssl
|
||||
- unzip
|
||||
- bzip2
|
||||
- expect
|
||||
- at
|
||||
- tree
|
||||
- vim
|
||||
- screen
|
||||
- pwgen
|
||||
- git
|
||||
- htop
|
||||
- ImageMagick
|
||||
- inotify-tools
|
||||
- libselinux-python
|
||||
- libselinux-python3
|
||||
- yum-utils
|
||||
- gcc
|
||||
- jq
|
||||
- telnet
|
||||
- mlocate
|
||||
|
||||
common_packages_debian:
|
||||
- acl
|
||||
- mosh
|
||||
- curl
|
||||
- gnupg2
|
||||
- ca-certificates
|
||||
- lsb-release
|
||||
- wget
|
||||
- openssl
|
||||
- unzip
|
||||
- bzip2
|
||||
- expect
|
||||
- at
|
||||
- tree
|
||||
- vim
|
||||
- screen
|
||||
- pwgen
|
||||
- git
|
||||
- htop
|
||||
- imagemagick
|
||||
- goaccess
|
||||
- jq
|
||||
- net-tools
|
||||
- mlocate
|
||||
- chrony
|
17
apps/roles/role_end/CHANGELOG.md
Normal file
17
apps/roles/role_end/CHANGELOG.md
Normal file
|
@ -0,0 +1,17 @@
|
|||
# CHANGELOG
|
||||
|
||||
## To do
|
||||
|
||||
1.
|
||||
|
||||
## Logs
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 2020-07-21 ansible reboot module error need Ansible2.7
|
||||
* 2020-07-07 change delete .ssh folder to delete /ssh/*, otherwise OracleLinux can't use key-paris
|
||||
* 2020-06-06 fixed display all versions
|
||||
|
||||
### Features
|
||||
|
||||
* 2020-02-14 Created
|
169
apps/roles/role_end/License.md
Normal file
169
apps/roles/role_end/License.md
Normal file
|
@ -0,0 +1,169 @@
|
|||
This program is released under LGPL-3.0 and with the additional Terms:
|
||||
It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
|
||||
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
1
apps/roles/role_end/Notes.md
Normal file
1
apps/roles/role_end/Notes.md
Normal file
|
@ -0,0 +1 @@
|
|||
|
60
apps/roles/role_end/README.md
Normal file
60
apps/roles/role_end/README.md
Normal file
|
@ -0,0 +1,60 @@
|
|||
Ansible Role: end
|
||||
=========
|
||||
|
||||
本 Role 用于在 CentOS, Ubuntu 和 AmazonLinux 服务器上结束部署后期的任务。
|
||||
|
||||
## Requirements
|
||||
|
||||
运行本 Role,请确认符合如下的必要条件:
|
||||
|
||||
| **Items** | **Details** |
|
||||
| ------------------| ------------------|
|
||||
| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux|
|
||||
| Python 版本 | Python2 |
|
||||
| Python 组件 | |
|
||||
| Runtime | |
|
||||
|
||||
|
||||
## Related roles
|
||||
|
||||
本 Role 在语法上不依赖其他 role 的变量, 且需要放在最后运行。
|
||||
|
||||
```
|
||||
roles:
|
||||
- {role: role_common, tags: "role_common"}
|
||||
- {role: role_cloud, tags: "role_cloud"}
|
||||
- {role: role_postgresql, tags: "role_postgresql"}
|
||||
- {role: role_docker, tags: "role_docker", when: phppgadmin_install_docker}
|
||||
- {role: role_docker_phppgadmin, tags: "role_docker_phppgadmin", when: phppgadmin_install_docker}
|
||||
- {role: role_init_password, tags: "role_init_password"}
|
||||
- {role: role_end, tags: "role_end"}
|
||||
```
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
暂无
|
||||
|
||||
## Example
|
||||
|
||||
```
|
||||
- name: PostgreSQL
|
||||
hosts: all
|
||||
become: yes
|
||||
become_method: sudo
|
||||
vars_files:
|
||||
- vars/main.yml
|
||||
|
||||
roles:
|
||||
- {role: role_common, tags: "role_common"}
|
||||
- {role: role_cloud, tags: "role_cloud"}
|
||||
- {role: role_postgresql, tags: "role_postgresql"}
|
||||
- {role: role_docker, tags: "role_docker", when: phppgadmin_install_docker}
|
||||
- {role: role_docker_phppgadmin, tags: "role_docker_phppgadmin", when: phppgadmin_install_docker}
|
||||
- {role: role_init_password, tags: "role_init_password"}
|
||||
- {role: role_end, tags: "role_end"}
|
||||
```
|
||||
|
||||
## FAQ
|
||||
|
||||
|
1
apps/roles/role_end/defaults/main.yml
Normal file
1
apps/roles/role_end/defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
init: "0"
|
8
apps/roles/role_end/handlers/main.yml
Normal file
8
apps/roles/role_end/handlers/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: end_check_ports
|
||||
debug:
|
||||
var: end_check_ports.stdout_lines
|
||||
|
||||
- name: end_check_versions
|
||||
debug:
|
||||
var: end_check_versions.stdout_lines
|
19
apps/roles/role_end/meta/main.yml
Normal file
19
apps/roles/role_end/meta/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
author:
|
||||
description:
|
||||
company:
|
||||
license:
|
||||
min_ansible_version:
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 18.04
|
||||
|
||||
galaxy_tags:
|
||||
|
45
apps/roles/role_end/tasks/main.yml
Normal file
45
apps/roles/role_end/tasks/main.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
# print ports and version
|
||||
- block:
|
||||
- name: Check all Ports
|
||||
shell: ss -ntlp |awk '{print $4}'
|
||||
register: end_check_ports
|
||||
notify: end_check_ports
|
||||
|
||||
- name: Display all versions
|
||||
shell: sudo sh -c "cat /data/logs/install_version.txt 2>/dev/null" || echo "no version information"
|
||||
register: end_check_versions
|
||||
notify: end_check_versions
|
||||
|
||||
|
||||
- block:
|
||||
- name: Check Cloud
|
||||
shell : |
|
||||
if [ -f "/etc/waagent.conf" ];then echo "azure";fi
|
||||
if [ -d "/usr/local/aegis" ];then echo "alibabacloud";fi
|
||||
if [ -f "/snap/bin/amazon-ssm-agent.ssm-cli" ];then echo "aws";fi
|
||||
if [ -f "/usr/bin/amazon-ssm-agent" ];then echo "aws";fi
|
||||
if [ -d "/CloudrResetPwdAgent" ];then echo "huaiweicloud";fi
|
||||
register: cloud
|
||||
|
||||
- debug:
|
||||
msg: "Cloud platform is {{cloud.stdout}}"
|
||||
|
||||
- name: Remove SSH info
|
||||
shell: sudo rm -rf {{item}}
|
||||
with_items:
|
||||
- /home/*/.ssh/*
|
||||
- /root/.ssh/*
|
||||
- /etc/ssh/ssh_host*
|
||||
|
||||
- name: Init for azure
|
||||
shell: |
|
||||
cloud-init clean
|
||||
waagent -deprovision+user --force
|
||||
when: cloud.stdout == 'azure'
|
||||
|
||||
when: init == '1' or init == 1
|
||||
|
||||
# when ansible running as local, reboot can't use
|
||||
- name: Reboot
|
||||
reboot:
|
||||
when: init == '0' or init == 0
|
1
apps/roles/role_end/tests/inventory
Normal file
1
apps/roles/role_end/tests/inventory
Normal file
|
@ -0,0 +1 @@
|
|||
localhost
|
5
apps/roles/role_end/tests/test.yml
Normal file
5
apps/roles/role_end/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- role_end
|
21
apps/roles/role_init/CHANGELOG.md
Normal file
21
apps/roles/role_init/CHANGELOG.md
Normal file
|
@ -0,0 +1,21 @@
|
|||
# CHANGELOG
|
||||
|
||||
## To do
|
||||
|
||||
1. mongodb init can't connect in service: AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
|
||||
|
||||
## Logs
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 2020-09-17 set User=root, Group=root for init service
|
||||
* 2020-07-09 set TimeoutSec=120s on init-password for adapt some application, e.g canvas init need 50s
|
||||
* 2020-05-20 abandon rc.local, use systemd
|
||||
* 2020-05-15 去掉MongoDB随机密码中等待10s的操作
|
||||
|
||||
### Features
|
||||
|
||||
* 2020-08-03 add compose_commands items in docker init
|
||||
* 2020-06-25 add docker init
|
||||
* 2020-05-29 Optimize data construct, simplify the init_application
|
||||
* 2020-05-20 add init log to: /tmp/init_password.txt
|
169
apps/roles/role_init/License.md
Normal file
169
apps/roles/role_init/License.md
Normal file
|
@ -0,0 +1,169 @@
|
|||
This program is released under LGPL-3.0 and with the additional Terms:
|
||||
It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
|
||||
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
6
apps/roles/role_init/Notes.md
Normal file
6
apps/roles/role_init/Notes.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
|
||||
## Init-Docker
|
||||
|
||||
当前的 command 适用于在 docker compose 之后运行。
|
||||
|
||||
后期如果需要增加修改compose文件的命令,需增加新的键,例如:compose_commands
|
187
apps/roles/role_init/README.md
Normal file
187
apps/roles/role_init/README.md
Normal file
|
@ -0,0 +1,187 @@
|
|||
Ansible Role: init
|
||||
=========
|
||||
|
||||
本 Role 用于在 Cloud Installer 项目的随机密码处理,确保任何用户每一次安装都可以生成随机密码
|
||||
|
||||
## Requirements
|
||||
|
||||
运行本 Role,请确认符合如下的必要条件:
|
||||
|
||||
| **Items** | **Details** |
|
||||
| ------------------| ------------------|
|
||||
| Operating system | CentOS7.x Ubuntu AmazonLinux |
|
||||
| Python 版本 | Python2 |
|
||||
| Python 组件 | |
|
||||
| Runtime | MySQL, MariaDB, PostgreSQL, MongoDB |
|
||||
|
||||
|
||||
## Related roles
|
||||
|
||||
本 Role 在语法上引用了主变量,程序运行时需要确保已经运行: mysql | mariadb | postgresql | mongodb 等 Role。以 mysql 为例:
|
||||
|
||||
```
|
||||
roles:
|
||||
- {role: role_common, tags: "role_common"}
|
||||
- {role: role_cloud, tags: "role_cloud"}
|
||||
- {role: role_mysql, tags: "role_mysql"}
|
||||
- {role: role_docker, tags: "role_docker"}
|
||||
- {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
|
||||
- {role: role_init_password, tags: "role_init_password"}
|
||||
```
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
本 Role 主要变量以及使用方法如下:
|
||||
|
||||
| **Items** | **Details** | **Format** | **是否初始化** |
|
||||
| ------------------| ------------------|-----|-----|
|
||||
| init_db | 参考下方 | 字典 | 否 |
|
||||
| init_application | [...] | 字典 | 否 |
|
||||
|
||||
注意:
|
||||
1. init_db, init_application, init_docker 初始化在项目主变量文件中统一修改。
|
||||
2. 默认数据库管理员密码初始化范例(程序已经自动处理随机密码脚本与其service的先后关系)
|
||||
```
|
||||
init_db:
|
||||
mongodb:
|
||||
admin: root
|
||||
users: ["react"]
|
||||
password: "123456"
|
||||
|
||||
init_db:
|
||||
mysql:
|
||||
admin: root
|
||||
users: ["wordpress","discuz"]
|
||||
password: "123456"
|
||||
|
||||
init_db:
|
||||
postgresql:
|
||||
admin: postgres
|
||||
users: ["wordpress","discuz"]
|
||||
password: "123456"
|
||||
service_before:
|
||||
service_after: php-fpm.service
|
||||
|
||||
init_db:
|
||||
postgresql:
|
||||
admin: postgres
|
||||
users: ["wordpress","discuz"]
|
||||
password: "123456"
|
||||
|
||||
init_db:
|
||||
mysql:
|
||||
admin: root
|
||||
users: ["discuz"]
|
||||
password: "123456"
|
||||
config_paths:
|
||||
- /data/wwwroot/discuz/upload/config/config_global_default.php
|
||||
|
||||
init_db:
|
||||
mysql:
|
||||
admin: root
|
||||
users: ["discuz"]
|
||||
password: "123456"
|
||||
config_paths:
|
||||
- /data/wwwroot/discuz/upload/config/config_global_default.php
|
||||
commands:
|
||||
- sudo wp change -u default_account -p default_password to $new_password
|
||||
- sudo systemctl restart xxxx
|
||||
```
|
||||
3. 默认应用管理员密码初始范例(此方案只适用于修改文件)
|
||||
```
|
||||
init_application:
|
||||
wordpress:
|
||||
username: admin
|
||||
password: "123456"
|
||||
service_before:
|
||||
service_after: php-fpm.service
|
||||
config_paths:
|
||||
- /data/wwwroot/wordpress/wp-config.php
|
||||
- /data/wwwroot/wordpress/wp-config2.php
|
||||
commands:
|
||||
- sudo wp change -u default_account -p default_password to $new_password
|
||||
- sudo systemctl restart xxxx
|
||||
|
||||
discuz:
|
||||
username: admin
|
||||
password: "123456"
|
||||
service_before:
|
||||
service_after: php-fpm.service
|
||||
config_paths:
|
||||
- /data/wwwroot/wordpress/wp-config.php
|
||||
- /data/wwwroot/wordpress/wp-config3.php
|
||||
commands:
|
||||
- sudo wp change -u default_account -p default_password to $new_password
|
||||
- sudo systemctl restart xxxx
|
||||
|
||||
init_application:
|
||||
grafana:
|
||||
username: admin
|
||||
password: "admin"
|
||||
service_before:
|
||||
service_after: grafana-server
|
||||
commands:
|
||||
- sudo grafana-cli admin reset-admin-password $new_password
|
||||
```
|
||||
4. 默认Docker应用管理员密码初始范例(此方案适用于修改Docker相关)
|
||||
```
|
||||
init_docker:
|
||||
pgadmin:
|
||||
admin_username: user@domain.com
|
||||
admin_password: "SuperSecret"
|
||||
service_after: "docker.service"
|
||||
compose_path: "/data/apps/pgadmin/docker-compose.yml"
|
||||
compose_commands:
|
||||
- sudo sed -i "s/SuperSecret/$new_password/g" /data/apps/pgadmin/docker-compose.yml
|
||||
|
||||
init_docker:
|
||||
seafile:
|
||||
admin_username: me@example.com
|
||||
admin_password: "admin123"
|
||||
db: mysql
|
||||
db_name: seafile_db
|
||||
db_username: root
|
||||
db_password: "123456"
|
||||
service_after: "docker.service"
|
||||
compose_path: "/data/docker-compose.yml"
|
||||
compose_commands:
|
||||
- 'sudo sed -i "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=$new_password/g" /data/docker-compose.yml'
|
||||
- 'sudo sed -i "s/DB_ROOT_PASSWD=.*/DB_ROOT_PASSWD=$new_password/g" /data/docker-compose.yml'
|
||||
- 'sudo sed -i "s/SEAFILE_ADMIN_PASSWORD=.*/SEAFILE_ADMIN_PASSWORD=$new_password/g" /data/docker-compose.yml'
|
||||
volumes:
|
||||
- /opt/seafile-mysql
|
||||
- /opt/seafile-data
|
||||
commands:
|
||||
- sudo sudo sh -c "cat /data/config/onlyoffice.conf 1>> /opt/seafile-data/seafile/conf/seahub_settings.py"
|
||||
- sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/seahub_settings.py
|
||||
- sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/ccnet.conf
|
||||
- sudo docker restart seafile
|
||||
```
|
||||
|
||||
## Example
|
||||
|
||||
```
|
||||
- name: MySQL
|
||||
hosts: all
|
||||
become: yes
|
||||
become_method: sudo
|
||||
vars_files:
|
||||
- vars/main.yml
|
||||
|
||||
roles:
|
||||
- {role: role_common, tags: "role_common"}
|
||||
- {role: role_cloud, tags: "role_cloud"}
|
||||
- {role: role_mysql, tags: "role_mysql"}
|
||||
- {role: role_docker, tags: "role_docker"}
|
||||
- {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
|
||||
- {role: role_init_password, tags: "role_init_password"}
|
||||
- {role: role_end, tags: "role_end"}
|
||||
```
|
||||
|
||||
## FAQ
|
||||
|
||||
#### 采用哪种方式实现开机运行一次?
|
||||
|
||||
systemd
|
||||
|
38
apps/roles/role_init/defaults/main.yml
Normal file
38
apps/roles/role_init/defaults/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
# dictionary variable for interface
|
||||
init_db:
|
||||
init_application:
|
||||
init_docker:
|
||||
|
||||
# init_db sample for you
|
||||
init_db_example:
|
||||
mysql:
|
||||
admin: root
|
||||
users: ["discuz"]
|
||||
password: "123456"
|
||||
service_before:
|
||||
service_after:
|
||||
config_paths:
|
||||
- /data/wwwroot/discuz/upload/config/config_global_default.php
|
||||
command:
|
||||
- echo "hello world"
|
||||
|
||||
# these meta data ony for inner coding, not for interface
|
||||
init_service_unit:
|
||||
mysql:
|
||||
before:
|
||||
after: mysqld.service
|
||||
mariadb:
|
||||
before:
|
||||
after: mysqld.service
|
||||
mongodb:
|
||||
before:
|
||||
after: mongod.service
|
||||
postgresql:
|
||||
before:
|
||||
after: postgresql.service
|
||||
neo4j:
|
||||
before:
|
||||
after: neo4j.service
|
||||
|
||||
|
||||
|
2
apps/roles/role_init/handlers/main.yml
Normal file
2
apps/roles/role_init/handlers/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# handlers file for initdb
|
19
apps/roles/role_init/meta/main.yml
Normal file
19
apps/roles/role_init/meta/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
author:
|
||||
description:
|
||||
company:
|
||||
license:
|
||||
min_ansible_version:
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 18.04
|
||||
|
||||
galaxy_tags:
|
||||
|
38
apps/roles/role_init/tasks/main.yml
Normal file
38
apps/roles/role_init/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
- block:
|
||||
- name: Create credentials Folder
|
||||
file:
|
||||
path: /credentials
|
||||
state: directory
|
||||
|
||||
- name: Upload Databases Password
|
||||
template:
|
||||
src: password.txt.jinja2
|
||||
dest: /credentials/password.txt
|
||||
mode: 0640
|
||||
|
||||
- name: Copy Init Script
|
||||
template:
|
||||
src: init.sh.jinja2
|
||||
dest: /credentials/init.sh
|
||||
mode: 0750
|
||||
|
||||
- name: Upload init-apps.service
|
||||
template:
|
||||
src: init-apps.service.jinja2
|
||||
dest: /lib/systemd/system/init-apps.service
|
||||
|
||||
- name: Enable service
|
||||
service:
|
||||
name: init-apps
|
||||
enabled: yes
|
||||
|
||||
- block:
|
||||
- name: Check init, if /credentials/* file not exist or no content, stop and exit Ansible
|
||||
shell: |
|
||||
[ -s /credentials/password.txt ] && [ -s /credentials/init.sh ] && init_initpasswd=true || init_initpasswd=false
|
||||
echo $init_initpasswd
|
||||
register: init_check
|
||||
|
||||
- name: Output error when init.sh fail
|
||||
fail: msg="init role is not done,exit!"
|
||||
when: init_check.stdout == "false"
|
53
apps/roles/role_init/templates/init-apps.service.jinja2
Normal file
53
apps/roles/role_init/templates/init-apps.service.jinja2
Normal file
|
@ -0,0 +1,53 @@
|
|||
[Unit]
|
||||
Description=Init image powered by Websoft9
|
||||
After=network.target systemd-networkd-wait-online.service
|
||||
{############## init databases ##############}
|
||||
{% if init_db %}
|
||||
{% for dbs_name, dbs_attr in init_db.items() %}
|
||||
{% if init_service_unit[dbs_name].before is defined and init_service_unit[dbs_name].before is not none %}
|
||||
Before={{init_service_unit[dbs_name].before}}
|
||||
{% endif %}
|
||||
{% if dbs_attr.service_before is defined and dbs_attr.service_before is not none %}
|
||||
Before={{dbs_attr.service_before}}
|
||||
{% endif %}
|
||||
{% if init_service_unit[dbs_name].after is defined and init_service_unit[dbs_name].after is not none %}
|
||||
After={{init_service_unit[dbs_name].after}}
|
||||
{% endif %}
|
||||
{% if dbs_attr.service_after is defined and dbs_attr.service_after is not none %}
|
||||
After={{dbs_attr.service_after}}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{############## init applications ##############}
|
||||
{% if init_application %}
|
||||
{% for app_name,app_attr in init_application.items() %}
|
||||
{% if app_attr.service_before is defined and app_attr.service_before is not none %}
|
||||
Before={{app_attr.service_before}}
|
||||
{% endif %}
|
||||
{% if app_attr.service_after is defined and app_attr.service_after is not none %}
|
||||
After={{app_attr.service_after}}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{############## init docker applications ##############}
|
||||
{% if init_docker %}
|
||||
{% for docker_name,docker_attr in init_docker.items() %}
|
||||
{% if docker_attr.service_before is defined and docker_attr.service_before is not none %}
|
||||
Before={{docker_attr.service_before}}
|
||||
{% endif %}
|
||||
{% if docker_attr.service_after is defined and docker_attr.service_after is not none %}
|
||||
After={{docker_attr.service_after}}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
TimeoutSec=120s
|
||||
ExecStart=-/bin/bash /credentials/init.sh
|
||||
ExecStartPost=/bin/systemctl disable init-apps
|
||||
User=root
|
||||
Group=root
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
199
apps/roles/role_init/templates/init.sh.jinja2
Normal file
199
apps/roles/role_init/templates/init.sh.jinja2
Normal file
|
@ -0,0 +1,199 @@
|
|||
#!/bin/bash
|
||||
# support special char [!"`$%()[]{},.*+-:;<=>?_~/|]
|
||||
new_password=$(pwgen -ncCs 14 1)!
|
||||
sudo sleep 10s
|
||||
sudo sh -c 'echo "init-password started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
|
||||
#1 database password init
|
||||
{% if init_db %}
|
||||
{% for db_names,dbs in init_db.items() %}
|
||||
|
||||
{% if db_names == 'mysql' or db_names == 'mariadb' %}
|
||||
sudo sh -c 'echo "init mysql&mariadb started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h ::1 password $new_password
|
||||
mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h 127.0.0.1 password $new_password
|
||||
mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h localhost password $new_password
|
||||
|
||||
{% if dbs.users is defined and dbs.users is not none %}
|
||||
{% for dbs_app_user in dbs.users %}
|
||||
{% if mysql_version == '8.0' %}
|
||||
echo "
|
||||
SET PASSWORD FOR {{dbs_app_user}} = '$new_password';
|
||||
" |mysql -uroot -p$new_password -h 127.0.0.1
|
||||
|
||||
echo "
|
||||
SET PASSWORD FOR {{dbs_app_user}}@localhost = '$new_password';
|
||||
" |mysql -uroot -p$new_password -h 127.0.0.1
|
||||
{% else %}
|
||||
echo "
|
||||
SET PASSWORD FOR {{dbs_app_user}} = PASSWORD('$new_password');
|
||||
" |mysql -uroot -p$new_password -h 127.0.0.1
|
||||
|
||||
echo "
|
||||
SET PASSWORD FOR {{dbs_app_user}}@localhost = PASSWORD('$new_password');
|
||||
" |mysql -uroot -p$new_password -h 127.0.0.1
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if db_names == 'mongodb' %}
|
||||
sudo sh -c 'echo "init mongodb started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
echo "
|
||||
use admin
|
||||
db.changeUserPassword('{{dbs.admin}}', '${new_password}')
|
||||
exit
|
||||
" | mongo admin -u {{dbs.admin}} -p {{dbs.password}}
|
||||
{% if dbs.users is defined and dbs.users is not none %}
|
||||
{% for dbs_app_user in dbs.users %}
|
||||
echo "
|
||||
use admin
|
||||
db.changeUserPassword('{{dbs_app_user}}', '${new_password}')
|
||||
exit
|
||||
" | mongo admin -u {{dbs_app_user}} -p {{dbs.password}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if db_names == 'rethinkdb' %}
|
||||
sudo sh -c 'echo "init rethinkdb started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
sudo sh -c 'echo "{{dbs.password}}" > /tmp/pw'
|
||||
echo "r.db('rethinkdb').table('users').get('{{dbs.admin}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw
|
||||
{% if dbs.users is defined and dbs.users is not none %}
|
||||
{% for dbs_app_user in dbs.users %}
|
||||
echo "r.db('rethinkdb').table('users').get('{{dbs_app_user}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
|
||||
sudo rm -f /tmp/pw
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if db_names == 'postgresql' %}
|
||||
sudo sh -c 'echo "init postgresql started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
echo "
|
||||
ALTER USER {{dbs.admin}} WITH PASSWORD '${new_password}';
|
||||
" | sudo -u {{dbs.admin}} psql
|
||||
{% if dbs.users is defined and dbs.users is not none %}
|
||||
{% for dbs_app_user in dbs.users %}
|
||||
echo "
|
||||
ALTER USER {{dbs_app_user}} WITH PASSWORD '${new_password}';
|
||||
" | sudo -u {{dbs.admin}} psql
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if db_names == 'neo4j' %}
|
||||
sudo sh -c 'echo "init neo4j started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
|
||||
# wait neo4j service started
|
||||
sleep 60
|
||||
|
||||
while [ $? -eq 0 ]
|
||||
do
|
||||
{% if neo4j_version <= '3.5' %}
|
||||
echo "
|
||||
CALL dbms.changePassword('${new_password}');
|
||||
" | cypher-shell -u {{dbs.admin}} -p {{dbs.password}}
|
||||
{% else %}
|
||||
echo "
|
||||
ALTER CURRENT USER SET PASSWORD FROM '{{dbs.password}}' TO '${new_password}';
|
||||
" | cypher-shell -u {{dbs.admin}} -p {{dbs.password}} -d system
|
||||
{% endif %}
|
||||
echo ":exit" |cypher-shell -u neo4j -p neo4j -d system
|
||||
done
|
||||
|
||||
sudo sed -i "s/neo4j administrator password:{{dbs.password}}/neo4j administrator password:$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if db_names == 'redis' %}
|
||||
sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if dbs.config_paths is defined and dbs.config_paths is not none %}
|
||||
{% for path in dbs.config_paths %}
|
||||
sudo sed -i "s/{{dbs.password}}/$new_password/g" {{path}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if dbs.commands is defined and dbs.commands is not none %}
|
||||
{% for cmd in dbs.commands %}
|
||||
{{cmd}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
#2 application password init
|
||||
{% if init_application %}
|
||||
sudo sh -c 'echo "init application started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
{% for app_name,app_attr in init_application.items() %}
|
||||
|
||||
{% if app_attr.config_paths is defined and app_attr.config_paths is not none %}
|
||||
{% for path in app_attr.config_paths %}
|
||||
sudo sed -i "s/{{app_attr.password}}/$new_password/g" {{path}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.commands is defined and app_attr.commands is not none %}
|
||||
{% for cmd in app_attr.commands %}
|
||||
{{cmd}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
sudo sed -i "s/{{ app_name }} administrator Password:.*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt
|
||||
{% endfor %}
|
||||
sudo sh -c 'echo "init application ended at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
{% endif %}
|
||||
|
||||
#3 docker password init
|
||||
{% if init_docker %}
|
||||
sudo sh -c 'echo "init docker started at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
sudo systemctl restart docker
|
||||
{% for app_name,app_attr in init_docker.items() %}
|
||||
|
||||
{% if app_attr.admin_password is defined and app_attr.admin_password is not none %}
|
||||
sudo sed -i "s/{{ app_name }} administrator Password: .*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.db_password is defined and app_attr.db_password is not none %}
|
||||
sudo sed -i "s/database password:.*/database password:$new_password/g" /credentials/password.txt
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.compose_path is defined and app_attr.compose_path is not none %}
|
||||
{% if app_attr.compose_down is not defined or app_attr.compose_down == True %}
|
||||
sudo docker compose -f {{app_attr.compose_path}} down -v
|
||||
sudo sleep 20s
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.volumes is defined and app_attr.volumes is not none %}
|
||||
{% for volume in app_attr.volumes %}
|
||||
sudo rm -rf {{volume}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.compose_commands is defined and app_attr.compose_commands is not none %}
|
||||
{% for cmd in app_attr.compose_commands %}
|
||||
{{cmd}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
sudo docker compose -f {{app_attr.compose_path}} up -d --no-recreate
|
||||
sudo sleep 20s
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.commands is defined and app_attr.commands is not none %}
|
||||
{% for cmd in app_attr.commands %}
|
||||
{{cmd}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
sudo sh -c 'echo "init docker ended at" $(date -d now) 1>> /tmp/init_debug.txt'
|
||||
{% endif %}
|
50
apps/roles/role_init/templates/password.txt.jinja2
Normal file
50
apps/roles/role_init/templates/password.txt.jinja2
Normal file
|
@ -0,0 +1,50 @@
|
|||
{% if init_db %}
|
||||
{% for db_names,dbs in init_db.items() %}
|
||||
{{db_names}} administrator username:{{dbs.admin}}
|
||||
{{db_names}} administrator password:{{dbs.password}}
|
||||
{% if dbs.users is defined and dbs.users is not none %}
|
||||
{% for dbs_app_user in dbs.users %}
|
||||
|
||||
--- {{db_names}} connections for your {{ dbs_app_user }} installation---
|
||||
database hostname: localhost or 127.0.0.1
|
||||
database name:{{dbs_app_user}}
|
||||
database username:{{dbs_app_user}}
|
||||
database password:{{dbs.password}}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
---
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if init_application %}
|
||||
{% for app_name,app_attr in init_application.items() %}
|
||||
### Username and Password for your {{ app_name }} login ###
|
||||
{% if app_attr.username is defined and app_attr.username is not none %}
|
||||
{{app_name}} administrator Username: {{app_attr.username}}
|
||||
{{app_name}} administrator Password: {{app_attr.password}}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if init_docker %}
|
||||
{% for app_name,app_attr in init_docker.items() %}
|
||||
|
||||
{% if app_attr.admin_password is defined and app_attr.admin_password is not none %}
|
||||
### Username and Password for your {{ app_name }} login ###
|
||||
|
||||
{{app_name}} administrator Username: {{app_attr.admin_username}}
|
||||
{{app_name}} administrator Password: {{app_attr.admin_password}}
|
||||
{% endif %}
|
||||
|
||||
{% if app_attr.db_password is defined and app_attr.db_password is not none %}
|
||||
--- {{app_attr.db}} (Docker) connections for your {{app_name}} installation---
|
||||
database name:{{app_attr.db_name}}
|
||||
database username:{{app_attr.db_username}}
|
||||
database password:{{app_attr.db_password}}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
1
apps/roles/role_init/tests/inventory
Normal file
1
apps/roles/role_init/tests/inventory
Normal file
|
@ -0,0 +1 @@
|
|||
localhost
|
5
apps/roles/role_init/tests/test.yml
Normal file
5
apps/roles/role_init/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- role_init
|
20
apps/roles/role_nginx/CHANGELOG.md
Normal file
20
apps/roles/role_nginx/CHANGELOG.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# CHANGELOG
|
||||
|
||||
## To do
|
||||
|
||||
1. certbot error on CentOS
|
||||
|
||||
## Logs
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 2020-10-07 add proxy_set_header for WebSockets
|
||||
* 2020-07-24 set nginx error log mode crit to error
|
||||
* 2020-05-12 update http://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture i386, suggest:deb [arch=amd64]
|
||||
|
||||
### Features
|
||||
|
||||
* 2020-07-10 Add username and password authority
|
||||
* 2020-07-04 Add certbot installation
|
||||
* 2020-06-02 Add username and password authority
|
||||
* 2020-02-14 repository created
|
169
apps/roles/role_nginx/License.md
Normal file
169
apps/roles/role_nginx/License.md
Normal file
|
@ -0,0 +1,169 @@
|
|||
This program is released under LGPL-3.0 and with the additional Terms:
|
||||
It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
|
||||
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
26
apps/roles/role_nginx/Notes.md
Normal file
26
apps/roles/role_nginx/Notes.md
Normal file
|
@ -0,0 +1,26 @@
|
|||
## set Random Password flow
|
||||
* cd /etc/nginx
|
||||
* echo "" > .htpasswd
|
||||
* sudo sh -c "echo -n 'admin:' >> /etc/nginx/.htpasswd"
|
||||
* sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
|
||||
* systemctl restart nginx
|
||||
|
||||
## NOTICE(human-computer interaction)
|
||||
* Password:
|
||||
* Verifying - Password:
|
||||
* [root@iZj6c5nu6jo58ryap26im7Z nginx]# cat .htpasswd
|
||||
* admin:$apr1$P8N3u5Q9$bt/HjzBaYvHS5PD.qG67q0
|
||||
|
||||
## Nginx settings
|
||||
|
||||
The easiest way to configure a performant, secure, and stable NGINX server.
|
||||
|
||||
https://www.digitalocean.com/community/tools/nginx
|
||||
|
||||
## Nginx support WebSockets
|
||||
```
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
```
|
||||
|
||||
|
67
apps/roles/role_nginx/README.md
Normal file
67
apps/roles/role_nginx/README.md
Normal file
|
@ -0,0 +1,67 @@
|
|||
Ansible Role: Nginx
|
||||
=========
|
||||
|
||||
本 Role 用于在PHP运行环境下安装 [Nginx](http://nginx.org/)。
|
||||
|
||||
## Requirements
|
||||
|
||||
运行本 Role,请确认符合如下的必要条件:
|
||||
|
||||
| **Items** | **Details** |
|
||||
| ------------------| ------------------|
|
||||
| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux |
|
||||
| Python 版本 | Python2 |
|
||||
| Python 组件 | |
|
||||
| Runtime | |
|
||||
|
||||
|
||||
## Related roles
|
||||
|
||||
本 Role 在运行时需要确保已经运行:common。以 LNMP 为例:
|
||||
|
||||
```
|
||||
roles:
|
||||
- {role: role_common, tags: "role_common"}
|
||||
- {role: role_nginx, tags: "role_nginx"}
|
||||
```
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
本 Role 主要变量以及使用方法如下:
|
||||
|
||||
| **Items** | **Details** | **Format** | **是否初始化** |
|
||||
| ------------------| ------------------|-----|-----|
|
||||
| nginx_vhost_mode | default.conf template, selected from [reverse,www,alias] | String | No |
|
||||
| nginx_reverse_proxy_port | when use reverse template, this var must used | String | No |
|
||||
| nginx_listen_port | "80" | String | No |
|
||||
| nginx_htpasswd | True,False | Boolean | No |
|
||||
|
||||
Notes:
|
||||
|
||||
|
||||
## Example
|
||||
|
||||
```
|
||||
- name: LNMP
|
||||
hosts: all
|
||||
become: yes
|
||||
become_method: sudo
|
||||
vars_files:
|
||||
- vars/main.yml
|
||||
|
||||
roles:
|
||||
- { role: role_common }
|
||||
- { role: role_nginx }
|
||||
...
|
||||
```
|
||||
|
||||
## FAQ
|
||||
|
||||
|
||||
#### How to set init for Ngnix password?
|
||||
|
||||
```
|
||||
htpasswd -b /etc/nginx/.htpasswd username password
|
||||
systemctl restart nginx
|
||||
```
|
24
apps/roles/role_nginx/defaults/main.yml
Normal file
24
apps/roles/role_nginx/defaults/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
# wordpress | discuz | joomla , if you use Websoft9's php applicaiton repository, suggest you use the appname in the directory: /etc/nginx/conf.d/rewrite
|
||||
nginx_appname: "example"
|
||||
|
||||
# reverse | alias | www |
|
||||
nginx_vhost_mode: "www"
|
||||
|
||||
# port for java/nodejs... 8080 | 3000, this var must used when [nginx_vhost_mode] is reverse
|
||||
nginx_reverse_proxy_port:
|
||||
|
||||
# app root directory, this var must used when [nginx_vhost_mode] is www
|
||||
# if /data/wwwroot/{{nginx_appname}} in the templates is not suitable for you application,
|
||||
# you should define complete directory, e.g /data/wwwroot/discuz/upload
|
||||
nginx_app_root:
|
||||
|
||||
# default listen port of default.conf
|
||||
nginx_listen_port: "80"
|
||||
|
||||
# nginx username and password swith True|False, default credentials is admin/admin
|
||||
|
||||
#nginx_login_account: ["admin", "123456"]
|
||||
|
||||
nginx_htpasswd: False
|
||||
|
||||
nginx_certbot: True
|
1
apps/roles/role_nginx/files/htpasswd.conf
Normal file
1
apps/roles/role_nginx/files/htpasswd.conf
Normal file
|
@ -0,0 +1 @@
|
|||
admin:$apr1$BLrrqFt0$RSnXB9ezJ50l5BSk5mQNT1
|
52
apps/roles/role_nginx/files/nginx.conf
Normal file
52
apps/roles/role_nginx/files/nginx.conf
Normal file
|
@ -0,0 +1,52 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
pid /var/run/nginx.pid;
|
||||
worker_rlimit_nofile 51200;
|
||||
|
||||
events {
|
||||
use epoll;
|
||||
worker_connections 51200;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
charset UTF-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
error_log /var/log/nginx/error.log error;
|
||||
server_tokens off;
|
||||
client_max_body_size 0;
|
||||
keepalive_timeout 120s;
|
||||
client_header_timeout 120s;
|
||||
client_body_timeout 120s;
|
||||
reset_timedout_connection on;
|
||||
send_timeout 10;
|
||||
limit_conn_zone $binary_remote_addr zone=addr:5m;
|
||||
limit_conn addr 100;
|
||||
server_names_hash_bucket_size 128;
|
||||
client_header_buffer_size 32k;
|
||||
large_client_header_buffers 4 32k;
|
||||
fastcgi_connect_timeout 300;
|
||||
fastcgi_send_timeout 300;
|
||||
fastcgi_read_timeout 300;
|
||||
fastcgi_buffer_size 64k;
|
||||
fastcgi_buffers 4 64k;
|
||||
fastcgi_busy_buffers_size 128k;
|
||||
fastcgi_temp_file_write_size 256k;
|
||||
gzip on;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
gzip_min_length 1k;
|
||||
gzip_buffers 4 16k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 4;
|
||||
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
|
||||
gzip_vary on;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
|
||||
###################### Vhost ################################
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/chanzhi.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/chanzhi.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/cmseasy.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/cmseasy.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/codiad.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/codiad.conf
Normal file
12
apps/roles/role_nginx/files/rewrite/discuz.conf
Normal file
12
apps/roles/role_nginx/files/rewrite/discuz.conf
Normal file
|
@ -0,0 +1,12 @@
|
|||
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
|
||||
rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
|
||||
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
|
||||
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
|
||||
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
|
||||
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
|
||||
rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
|
||||
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
|
||||
rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
|
||||
#if (!-e $request_filename) {
|
||||
# return 404;
|
||||
#}
|
0
apps/roles/role_nginx/files/rewrite/dolibarr.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/dolibarr.conf
Normal file
4
apps/roles/role_nginx/files/rewrite/drupal.conf
Normal file
4
apps/roles/role_nginx/files/rewrite/drupal.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
if (!-e $request_filename) {
|
||||
rewrite ^/update.php(.*)$ /update.php?q=$1 last;
|
||||
rewrite ^/(.*)$ /index.php?q=$1 last;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/dzzoffice.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/dzzoffice.conf
Normal file
31
apps/roles/role_nginx/files/rewrite/ecshop.conf
Normal file
31
apps/roles/role_nginx/files/rewrite/ecshop.conf
Normal file
|
@ -0,0 +1,31 @@
|
|||
if (!-e $request_filename) {
|
||||
rewrite "^/index\.html" /index.php last;
|
||||
rewrite "^/category$" /index.php last;
|
||||
rewrite "^/feed-c([0-9]+)\.xml$" /feed.php?cat=$1 last;
|
||||
rewrite "^/feed-b([0-9]+)\.xml$" /feed.php?brand=$1 last;
|
||||
rewrite "^/feed\.xml$" /feed.php last;
|
||||
rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5&page=$6&sort=$7&order=$8 last;
|
||||
rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5 last;
|
||||
rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3&sort=$4&order=$5 last;
|
||||
rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3 last;
|
||||
rewrite "^/category-([0-9]+)-b([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2 last;
|
||||
rewrite "^/category-([0-9]+)(.*)\.html$" /category.php?id=$1 last;
|
||||
rewrite "^/goods-([0-9]+)(.*)\.html" /goods.php?id=$1 last;
|
||||
rewrite "^/article_cat-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /article_cat.php?id=$1&page=$2&sort=$3&order=$4 last;
|
||||
rewrite "^/article_cat-([0-9]+)-([0-9]+)(.*)\.html$" /article_cat.php?id=$1&page=$2 last;
|
||||
rewrite "^/article_cat-([0-9]+)(.*)\.html$" /article_cat.php?id=$1 last;
|
||||
rewrite "^/article-([0-9]+)(.*)\.html$" /article.php?id=$1 last;
|
||||
rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)\.html" /brand.php?id=$1&cat=$2&page=$3&sort=$4&order=$5 last;
|
||||
rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2&page=$3 last;
|
||||
rewrite "^/brand-([0-9]+)-c([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2 last;
|
||||
rewrite "^/brand-([0-9]+)(.*)\.html" /brand.php?id=$1 last;
|
||||
rewrite "^/tag-(.*)\.html" /search.php?keywords=$1 last;
|
||||
rewrite "^/snatch-([0-9]+)\.html$" /snatch.php?id=$1 last;
|
||||
rewrite "^/group_buy-([0-9]+)\.html$" /group_buy.php?act=view&id=$1 last;
|
||||
rewrite "^/auction-([0-9]+)\.html$" /auction.php?act=view&id=$1 last;
|
||||
rewrite "^/exchange-id([0-9]+)(.*)\.html$" /exchange.php?id=$1&act=view last;
|
||||
rewrite "^/exchange-([0-9]+)-min([0-9]+)-max([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&integral_min=$2&integral_max=$3&page=$4&sort=$5&order=$6 last;
|
||||
rewrite "^/exchange-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2&sort=$3&order=$4 last;
|
||||
rewrite "^/exchange-([0-9]+)-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2 last;
|
||||
rewrite "^/exchange-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1 last;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/empirecms.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/empirecms.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/espocrm.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/espocrm.conf
Normal file
1
apps/roles/role_nginx/files/rewrite/example.conf
Normal file
1
apps/roles/role_nginx/files/rewrite/example.conf
Normal file
|
@ -0,0 +1 @@
|
|||
|
3
apps/roles/role_nginx/files/rewrite/joomla.conf
Normal file
3
apps/roles/role_nginx/files/rewrite/joomla.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/kodcloud.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/kodcloud.conf
Normal file
3
apps/roles/role_nginx/files/rewrite/laravel.conf
Normal file
3
apps/roles/role_nginx/files/rewrite/laravel.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
1
apps/roles/role_nginx/files/rewrite/magento.conf
Normal file
1
apps/roles/role_nginx/files/rewrite/magento.conf
Normal file
|
@ -0,0 +1 @@
|
|||
|
0
apps/roles/role_nginx/files/rewrite/mantisbt.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/mantisbt.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/matomo.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/matomo.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/mediawiki.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/mediawiki.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/moodle.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/moodle.conf
Normal file
82
apps/roles/role_nginx/files/rewrite/nextcloud.conf
Normal file
82
apps/roles/role_nginx/files/rewrite/nextcloud.conf
Normal file
|
@ -0,0 +1,82 @@
|
|||
#(可选)添加如下header主要为了安全
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
#(可选)为了支持user_webfinger app
|
||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
#这儿是为了支持日历和联系人,建议加上
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
#设置上传文件的最大大小(还和php里的那个设置有关)
|
||||
client_max_body_size 512M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
#最主要的,将所有请求转发到index.php上
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
#安全设置,禁止访问部分敏感内容
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
#这部分吧,默认就有,不过有所不同,所以我合并了下,替换原来的就行
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass unix:/dev/shm/php-cgi.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
#安全设置,禁止访问部分敏感内容
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
0
apps/roles/role_nginx/files/rewrite/onethink.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/onethink.conf
Normal file
13
apps/roles/role_nginx/files/rewrite/opencart.conf
Normal file
13
apps/roles/role_nginx/files/rewrite/opencart.conf
Normal file
|
@ -0,0 +1,13 @@
|
|||
location = /sitemap.xml {
|
||||
rewrite ^(.*)$ /index.php?route=feed/google_sitemap break;
|
||||
}
|
||||
location = /googlebase.xml {
|
||||
rewrite ^(.*)$ /index.php?route=feed/google_base break;
|
||||
}
|
||||
location / {
|
||||
# This try_files directive is used to enable SEO-friendly URLs for OpenCart
|
||||
try_files $uri $uri/ @opencart;
|
||||
}
|
||||
location @opencart {
|
||||
rewrite ^/(.+)$ /index.php?_route_=$1 last;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/owncloud.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/owncloud.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/prestashop.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/prestashop.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/pydio.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/pydio.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/ranzhi.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/ranzhi.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/suitecrm.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/suitecrm.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/symfony.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/symfony.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/testlink.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/testlink.conf
Normal file
13
apps/roles/role_nginx/files/rewrite/thinkcmf.conf
Normal file
13
apps/roles/role_nginx/files/rewrite/thinkcmf.conf
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Rewrite rules from : https://www.kancloud.cn/thinkcmf/faq/493494
|
||||
|
||||
location / {
|
||||
index index.php index.html index.htm;
|
||||
#如果请求既不是一个文件,也不是一个目录,则执行一下重写规则
|
||||
if (!-e $request_filename)
|
||||
{
|
||||
#地址作为将参数rewrite到index.php上。
|
||||
rewrite ^/(.*)$ /index.php?s=$1;
|
||||
#若是子目录则使用下面这句,将subdir改成目录名称即可。
|
||||
#rewrite ^/subdir/(.*)$ /subdir/index.php?s=$1;
|
||||
}
|
||||
}
|
6
apps/roles/role_nginx/files/rewrite/thinkphp.conf
Normal file
6
apps/roles/role_nginx/files/rewrite/thinkphp.conf
Normal file
|
@ -0,0 +1,6 @@
|
|||
location / {
|
||||
if (!-e $request_filename) {
|
||||
rewrite ^(.*)$ /index.php?s=$1 last;
|
||||
break;
|
||||
}
|
||||
}
|
3
apps/roles/role_nginx/files/rewrite/typecho.conf
Normal file
3
apps/roles/role_nginx/files/rewrite/typecho.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
if (!-e $request_filename) {
|
||||
rewrite ^(.*)$ /index.php$1 last;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/vanilla.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/vanilla.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/vtigercrm.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/vtigercrm.conf
Normal file
7
apps/roles/role_nginx/files/rewrite/wordpress.conf
Normal file
7
apps/roles/role_nginx/files/rewrite/wordpress.conf
Normal file
|
@ -0,0 +1,7 @@
|
|||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
||||
location ~* ^/wp-content/uploads/.*\.php$ {
|
||||
deny all;
|
||||
}
|
0
apps/roles/role_nginx/files/rewrite/zentao.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/zentao.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/zurmo.conf
Normal file
0
apps/roles/role_nginx/files/rewrite/zurmo.conf
Normal file
3
apps/roles/role_nginx/handlers/main.yml
Normal file
3
apps/roles/role_nginx/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
- name: check_nginx_service
|
||||
debug:
|
||||
var: check_nginx_service.stdout
|
19
apps/roles/role_nginx/meta/main.yml
Normal file
19
apps/roles/role_nginx/meta/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
author:
|
||||
description:
|
||||
company:
|
||||
license:
|
||||
min_ansible_version:
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 18.04
|
||||
|
||||
galaxy_tags:
|
||||
|
45
apps/roles/role_nginx/tasks/Debian.yml
Normal file
45
apps/roles/role_nginx/tasks/Debian.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
#1 install snap tools
|
||||
- block:
|
||||
- name: Install snap tools
|
||||
apt:
|
||||
name: snapd
|
||||
update_cache: yes
|
||||
|
||||
- name: Install and upgrade core
|
||||
shell: |
|
||||
snap install core
|
||||
snap refresh core
|
||||
ln -sf /snap /data
|
||||
failed_when: false
|
||||
when: nginx_certbot
|
||||
|
||||
#2 Install and config Nginx
|
||||
- name: import an official nginx signing key
|
||||
apt_key:
|
||||
url: https://nginx.org/keys/nginx_signing.key
|
||||
state: present
|
||||
|
||||
- name: Import Nginx Official Repo
|
||||
apt_repository:
|
||||
repo: deb [arch=amd64] http://nginx.org/packages/ubuntu {{ansible_distribution_release}} nginx
|
||||
filename: nginx
|
||||
update_cache: yes
|
||||
|
||||
- name: Install Nginx
|
||||
apt:
|
||||
name: nginx
|
||||
|
||||
- name: Install htpassword
|
||||
apt:
|
||||
name: apache2-utils
|
||||
when: nginx_login_account is defined and nginx_login_account != none
|
||||
|
||||
- name: Change Directory Owner
|
||||
file:
|
||||
path: /data/{{item}}
|
||||
state: directory
|
||||
owner: www-data
|
||||
group: www-data
|
||||
with_items:
|
||||
- wwwroot
|
||||
- cert
|
82
apps/roles/role_nginx/tasks/RedHat.yml
Normal file
82
apps/roles/role_nginx/tasks/RedHat.yml
Normal file
|
@ -0,0 +1,82 @@
|
|||
# install snap toos,
|
||||
- block:
|
||||
- name: Install snap tools
|
||||
yum:
|
||||
name: snapd
|
||||
update_cache: yes
|
||||
|
||||
- name: enable and create link for snap
|
||||
shell: |
|
||||
systemctl enable --now snapd.socket
|
||||
ln -sf /var/lib/snapd/snap /snap
|
||||
|
||||
- name: Install and upgrade core
|
||||
shell: |
|
||||
snap install core
|
||||
snap refresh core
|
||||
ln -sf /snap /data
|
||||
failed_when: false
|
||||
when: nginx_certbot
|
||||
|
||||
- block:
|
||||
- name: Import Nginx Official stable Repo
|
||||
yum_repository:
|
||||
name: nginx-stable-repo
|
||||
description: nginx stable repo
|
||||
file: nginx-stable
|
||||
baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
|
||||
gpgcheck: yes
|
||||
enabled: yes
|
||||
gpgkey: https://nginx.org/keys/nginx_signing.key
|
||||
|
||||
- name: Import Nginx Official mainline Repo
|
||||
yum_repository:
|
||||
name: nginx-mainline-repo
|
||||
description: nginx mainline repo
|
||||
file: nginx-mainline
|
||||
baseurl: http://nginx.org/packages/mainline/centos/$releasever/$basearch/
|
||||
gpgcheck: yes
|
||||
enabled: no
|
||||
gpgkey: https://nginx.org/keys/nginx_signing.key
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- block:
|
||||
- name: Import Nginx Official stable Repo
|
||||
yum_repository:
|
||||
name: nginx-stable-repo
|
||||
description: nginx stable repo
|
||||
file: nginx-stable
|
||||
baseurl: http://nginx.org/packages/centos/7/$basearch/
|
||||
gpgcheck: yes
|
||||
enabled: yes
|
||||
gpgkey: https://nginx.org/keys/nginx_signing.key
|
||||
|
||||
- name: Import Nginx Official mainline Repo
|
||||
yum_repository:
|
||||
name: nginx-mainline-repo
|
||||
description: nginx mainline repo
|
||||
file: nginx-mainline
|
||||
baseurl: http://nginx.org/packages/mainline/centos/7/$basearch/
|
||||
gpgcheck: yes
|
||||
enabled: no
|
||||
gpgkey: https://nginx.org/keys/nginx_signing.key
|
||||
when: ansible_distribution == 'Amazon'
|
||||
|
||||
- name: Install Nginx
|
||||
yum:
|
||||
name: nginx
|
||||
|
||||
- name: Install htpassword
|
||||
yum:
|
||||
name: httpd-tools
|
||||
when: nginx_login_account is defined and nginx_login_account != none
|
||||
|
||||
- name: Change Directory Owner
|
||||
file:
|
||||
path: /data/{{item}}
|
||||
state: directory
|
||||
owner: nginx
|
||||
group: nginx
|
||||
with_items:
|
||||
- wwwroot
|
||||
- cert
|
76
apps/roles/role_nginx/tasks/main.yml
Normal file
76
apps/roles/role_nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,76 @@
|
|||
- name: Install this role on {{ansible_os_family}}
|
||||
include: "{{ansible_os_family}}.yml"
|
||||
|
||||
# install Certbot for Nginx
|
||||
- name: Install certbot
|
||||
shell: |
|
||||
snap install --classic certbot
|
||||
ln -sf /snap/bin/certbot /usr/bin/certbot
|
||||
when: nginx_certbot
|
||||
|
||||
- name: Configure Nginx
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/
|
||||
|
||||
- name: Create a Nginx Log symbolic link
|
||||
file:
|
||||
src: '{{item.src}}'
|
||||
dest: '{{item.dest}}'
|
||||
state: link
|
||||
with_items:
|
||||
- {src: /etc/nginx/conf.d,dest: /data/config/nginx}
|
||||
- {src: /var/log/nginx,dest: /data/logs/nginx}
|
||||
|
||||
- name: Set Reverse proxy
|
||||
template:
|
||||
src: default.jinja2
|
||||
dest: /etc/nginx/conf.d/default.conf
|
||||
|
||||
- name: create nginx's Directory
|
||||
file:
|
||||
path: "{{item}}"
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- /etc/nginx/extra
|
||||
|
||||
- block:
|
||||
- name: Copy rewrite file
|
||||
copy:
|
||||
src: rewrite
|
||||
dest: /etc/nginx/conf.d/
|
||||
|
||||
- name: Create nginx_appname.conf in /etc/nginx/conf.d/rewrite
|
||||
shell: if [ ! $( ls | grep "{{nginx_appname}}") ]; then touch {{nginx_appname}}.conf ; fi
|
||||
args:
|
||||
chdir: /etc/nginx/conf.d/rewrite
|
||||
|
||||
# add new user and password on nginx
|
||||
- block:
|
||||
- name: Insert ngnix service password authority segment
|
||||
blockinfile:
|
||||
path: /etc/nginx/conf.d/default.conf
|
||||
insertbefore: "}"
|
||||
block: |
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
- name: Init nginx password
|
||||
shell: |
|
||||
htpasswd -bc /etc/nginx/.htpasswd {{nginx_login_account[0]}} {{nginx_login_account[1]}}
|
||||
when: nginx_login_account is defined and nginx_login_account != none
|
||||
|
||||
- name: Start Nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
# display version and service state of components
|
||||
- name: Get Nginx version
|
||||
shell: sudo sh -c "nginx -v 2>> /data/logs/install_version.txt"
|
||||
|
||||
- name: Check Nginx Service
|
||||
shell: systemctl status nginx | grep Active*
|
||||
register: check_nginx_service
|
||||
notify: check_nginx_service
|
91
apps/roles/role_nginx/templates/default.jinja2
Normal file
91
apps/roles/role_nginx/templates/default.jinja2
Normal file
|
@ -0,0 +1,91 @@
|
|||
{% if nginx_vhost_mode == 'reverse' or nginx_reverse_proxy_port is not none %}
|
||||
server {
|
||||
listen {{ nginx_listen_port }};
|
||||
server_name {{nginx_appname}}.yourdomain.com;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:{{ nginx_reverse_proxy_port }};
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_max_temp_file_size 0;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_send_timeout 90;
|
||||
proxy_read_timeout 90;
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 4 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 64k;
|
||||
}
|
||||
error_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-error.log error;
|
||||
access_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-access.log;
|
||||
|
||||
include extra/*.conf;
|
||||
|
||||
#------------- SSL Start --------------
|
||||
|
||||
#------------- SSL End ---------------
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if nginx_vhost_mode == 'www' and nginx_reverse_proxy_port is none %}
|
||||
server
|
||||
{
|
||||
listen 80;
|
||||
server_name {{nginx_appname}}.yourdomain.com;
|
||||
index index.html index.htm index.php;
|
||||
{% if nginx_app_root is not none %}
|
||||
root {{nginx_app_root}};
|
||||
{% else %}
|
||||
root /data/wwwroot/{{nginx_appname}};
|
||||
{% endif %}
|
||||
error_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-error.log error;
|
||||
access_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-access.log;
|
||||
|
||||
include extra/*.conf;
|
||||
include conf.d/rewrite/{{nginx_appname}}.conf;
|
||||
|
||||
|
||||
#------------- SSL Start --------------
|
||||
|
||||
#------------- SSL End ---------------
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if nginx_vhost_mode == 'alias' %}
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{nginx_appname}}.yourdomain.com;
|
||||
index index.html index.htm index.php;
|
||||
|
||||
location /{{nginx_appname}} {
|
||||
alias /data/apps/{{nginx_appname}};
|
||||
index index.php index.html;
|
||||
location ~ ^/{{nginx_appname}}/.+\.php$ {
|
||||
alias /data/apps/{{nginx_appname}};
|
||||
fastcgi_pass unix:/run/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME /data/apps/$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$
|
||||
{
|
||||
expires 30d;
|
||||
access_log off;
|
||||
}
|
||||
location ~ .*\.(js|css)$
|
||||
{
|
||||
expires 12h;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~* \.(ftpquota|htaccess|htpasswd|asp|aspx|jsp|asa|mdb)?$ {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
}
|
||||
{% endif %}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue