parent
c593e48020
commit
0acb3c2aae
52 changed files with 503 additions and 171 deletions
@ -0,0 +1,4 @@ |
||||
--- |
||||
|
||||
dependencies: |
||||
- role: httpd_common |
@ -0,0 +1,25 @@ |
||||
--- |
||||
|
||||
- name: download composer |
||||
get_url: |
||||
url: https://getcomposer.org/installer |
||||
dest: /tmp/installer |
||||
tags: composer |
||||
|
||||
- name: install composer |
||||
shell: cat /tmp/installer | php74 -- --install-dir=/usr/local/bin |
||||
args: |
||||
creates: /usr/local/bin/composer |
||||
tags: composer |
||||
|
||||
- name: rename composer.phar to composer |
||||
shell: mv /usr/local/bin/composer.phar /usr/local/bin/composer |
||||
args: |
||||
creates: /usr/local/bin/composer |
||||
tags: composer |
||||
|
||||
- name: make composer executable |
||||
file: |
||||
path: /usr/local/bin/composer |
||||
mode: 755 |
||||
tags: composer |
@ -0,0 +1,3 @@ |
||||
--- |
||||
|
||||
- include: install.yml |
@ -1,3 +1,5 @@ |
||||
--- |
||||
allow_duplicates: true |
||||
dependencies: |
||||
- role: composer |
||||
... |
||||
|
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
httpd_common_packages: |
||||
- httpd |
||||
- mod_fcgid |
||||
- policycoreutils-python |
||||
- python-passlib |
||||
- mod_authnz_pam |
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
httpd_common_packages: |
||||
- httpd |
||||
- mod_fcgid |
||||
- python3-policycoreutils |
||||
- python3-passlib |
||||
- mod_authnz_pam |
@ -0,0 +1,4 @@ |
||||
--- |
||||
|
||||
httpd_common_packages: |
||||
- httpd |
@ -1,5 +1,5 @@ |
||||
--- |
||||
dependencies: |
||||
- role: httpd_common |
||||
- role: repo_remi_safe |
||||
- role: repo_remi |
||||
... |
||||
|
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
webapps_mysql_packages: |
||||
- MySQL-python |
||||
- mariadb |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
webapps_mysql_packages: |
||||
- python3-mysql |
||||
- mariadb |
||||
|
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
webapps_mysql_packages: |
||||
- python-mysqldb |
||||
- mariadb-client |
@ -0,0 +1,33 @@ |
||||
auth_request_set $headername1 $upstream_http_headername1; |
||||
auth_request_set $headervalue1 $upstream_http_headervalue1; |
||||
auth_request_set $headername2 $upstream_http_headername2; |
||||
auth_request_set $headervalue2 $upstream_http_headervalue2; |
||||
auth_request_set $headername3 $upstream_http_headername3; |
||||
auth_request_set $headervalue3 $upstream_http_headervalue3; |
||||
auth_request_set $headername4 $upstream_http_headername4; |
||||
auth_request_set $headervalue4 $upstream_http_headervalue4; |
||||
auth_request_set $headername5 $upstream_http_headername5; |
||||
auth_request_set $headervalue5 $upstream_http_headervalue5; |
||||
auth_request_set $headername6 $upstream_http_headername6; |
||||
auth_request_set $headervalue6 $upstream_http_headervalue6; |
||||
auth_request_set $headername7 $upstream_http_headername7; |
||||
auth_request_set $headervalue7 $upstream_http_headervalue7; |
||||
auth_request_set $headername8 $upstream_http_headername8; |
||||
auth_request_set $headervalue8 $upstream_http_headervalue8; |
||||
auth_request_set $headername9 $upstream_http_headername9; |
||||
auth_request_set $headervalue9 $upstream_http_headervalue9; |
||||
auth_request_set $headername10 $upstream_http_headername10; |
||||
auth_request_set $headervalue10 $upstream_http_headervalue10; |
||||
auth_request_set $lmcookie $upstream_http_cookie; |
||||
access_by_lua ' |
||||
i = 1 |
||||
ngx.req.set_header("Cookie",ngx.var.lmcookie) |
||||
while true do |
||||
if ngx.var["headername"..i] ~= nil then |
||||
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) |
||||
else |
||||
break |
||||
end |
||||
i = i +1 |
||||
end |
||||
'; |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
mysql_server_packages: |
||||
- mariadb-server |
||||
- mariadb |
||||
- MySQL-python |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
mysql_server_packages: |
||||
- mariadb-server |
||||
- mariadb |
||||
- python3-mysql |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
mysql_server_packages: |
||||
- mariadb-server |
||||
- mariadb |
||||
- MySQL-python |
@ -1,5 +1,6 @@ |
||||
--- |
||||
|
||||
dependencies: |
||||
- role: repo_nginx |
||||
- role: repo_openresty |
||||
when: nginx_openresty |
||||
- role: mkdir |
||||
|
@ -1,7 +1,8 @@ |
||||
--- |
||||
- name: Install packages |
||||
yum: |
||||
name: |
||||
- nginx |
||||
- nginx-mod-http-lua |
||||
tags: web |
||||
|
||||
- include: install_openresty.yml |
||||
when: nginx_openresty |
||||
|
||||
- include: install_nginx.yml |
||||
when: not nginx_openresty |
||||
|
||||
|
@ -0,0 +1,15 @@ |
||||
--- |
||||
|
||||
- name: Remove openresty |
||||
yum: |
||||
name: |
||||
- openresty |
||||
state: absent |
||||
tags: web |
||||
|
||||
- name: Install nginx |
||||
yum: |
||||
name: |
||||
- nginx |
||||
tags: web |
||||
|
@ -0,0 +1,69 @@ |
||||
--- |
||||
|
||||
- name: Check if nginx is installed |
||||
stat: path=/lib/systemd/system/nginx.service |
||||
register: nginx_nginx_service |
||||
tags: web |
||||
|
||||
- name: Stop nginx |
||||
service: name=nginx state=stopped |
||||
when: nginx_nginx_service.stat.exists |
||||
tags: web |
||||
|
||||
- name: Create the nginx user account |
||||
user: |
||||
name: nginx |
||||
system: True |
||||
shell: /sbin/nologin |
||||
home: /var/lib/nginx |
||||
tags: web |
||||
|
||||
- name: Prepare directories |
||||
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||
loop: |
||||
- dir: /var/lib/nginx/tmp |
||||
owner: nginx |
||||
group: nginx |
||||
mode: '700' |
||||
- dir: /var/cache/nginx |
||||
owner: nginx |
||||
group: nginx |
||||
mode: '700' |
||||
- dir: /var/log/nginx |
||||
owner: nginx |
||||
group: nginx |
||||
mode: '700' |
||||
- dir: /usr/share/nginx |
||||
- dir: /etc/nginx |
||||
- dir: /usr/local/openresty/nginx |
||||
tags: web |
||||
|
||||
# Create links so openresty uses nginx compatible paths |
||||
- name: Prepare links |
||||
file: src={{ item.src }} dest={{ item.dest }} state=link |
||||
loop: |
||||
- src: /etc/nginx |
||||
dest: /usr/local/openresty/nginx/conf |
||||
- src: /var/log/nginx |
||||
dest: /usr/local/openresty/nginx/logs |
||||
- src: /usr/share/nginx |
||||
dest: /usr/local/openresty/nginx/html |
||||
tags: web |
||||
|
||||
- name: Remove nginx |
||||
yum: |
||||
name: |
||||
- nginx |
||||
state: absent |
||||
tags: web |
||||
|
||||
- name: Install packages |
||||
yum: |
||||
name: |
||||
- openresty |
||||
tags: web |
||||
|
||||
- name: Add a link to nginx in /sbin |
||||
file: src=/usr/local/openresty/nginx/sbin/nginx dest=/sbin/nginx state=link |
||||
tags: web |
||||
|
@ -0,0 +1,12 @@ |
||||
/var/log/nginx/*log { |
||||
create 0644 nginx nginx |
||||
daily |
||||
rotate 10 |
||||
missingok |
||||
notifempty |
||||
compress |
||||
sharedscripts |
||||
postrotate |
||||
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true |
||||
endscript |
||||
} |
@ -1,11 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Configure MariaDB repository |
||||
yum_repository: |
||||
name: mariadb |
||||
description: MariaDB |
||||
baseurl: http://yum.mariadb.org/{{ mysql_mariadb_version }}/centos$releasever-amd64 |
||||
gpgcheck: True |
||||
gpgkey: https://yum.mariadb.org/RPM-GPG-KEY-MariaDB |
||||
state: "{{ (mysql_mariadb_version != 'default') | ternary('present','absent') }}" |
||||
tags: repo,mysql |
||||
# Here we use a template instead of yum_repository because |
||||
# we might need to set module_hotfixes = true for el8. And yum_repository |
||||
# doesn't support this setting |
||||
- name: Configure MariaDB repo |
||||
template: src=mariadb.repo.j2 dest=/etc/yum.repos.d/mariadb.repo |
||||
tags: mysql,repo |
||||
|
@ -0,0 +1,12 @@ |
||||
{% if mysql_mariadb_version != 'default' %} |
||||
[mariadb] |
||||
baseurl = http://yum.mariadb.org/{{ mysql_mariadb_version }}/centos$releasever-amd64 |
||||
gpgcheck = 1 |
||||
gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB |
||||
name = MariaDB |
||||
{% if ansible_os_family == 'RedHat' and ansible_distribution_major_version is version('8', '>=') %} |
||||
# Workaround a bug in dnf which would make the default module mask |
||||
# packages from the MariaDB repo. See https://jira.mariadb.org/browse/MDEV-20673 |
||||
module_hotfixes = true |
||||
{% endif %} |
||||
{% endif %} |
@ -0,0 +1,10 @@ |
||||
--- |
||||
|
||||
- name: Configure openresty repository |
||||
yum_repository: |
||||
name: openresty |
||||
description: Official OpenResty Open Source Repository for CentOS |
||||
baseurl: https://openresty.org/package/centos/$releasever/$basearch |
||||
gpgcheck: True |
||||
gpgkey: https://openresty.org/package/pubkey.gpg |
||||
tags: repo,web |
@ -0,0 +1,23 @@ |
||||
--- |
||||
|
||||
- include_vars: "{{ item }}" |
||||
with_first_found: |
||||
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml |
||||
- vars/{{ ansible_distribution }}.yml |
||||
- vars/{{ ansible_os_family }}.yml |
||||
- vars/defaults.yml |
||||
tags: repo |
||||
|
||||
- name: Remove remi-release |
||||
yum: name=remi-release state=absent |
||||
tags: repo |
||||
|
||||
- name: Configure Remi Safe repository |
||||
yum_repository: |
||||
name: remi |
||||
description: Remi's RPM repository for Enterprise Linux |
||||
baseurl: http://rpms.remirepo.net/enterprise/$releasever/remi/$basearch/ |
||||
gpgcheck: True |
||||
gpgkey: "{{ repo_remi_gpg_url }}" |
||||
tags: repo |
||||
|
@ -1,16 +1,20 @@ |
||||
module zabbix_server 1.0; |
||||
module zabbix_server 1.2; |
||||
|
||||
require { |
||||
type zabbix_var_run_t; |
||||
type zabbix_t; |
||||
type zabbix_var_lib_t; |
||||
class sock_file { create unlink }; |
||||
type mysqld_db_t; |
||||
class sock_file { create unlink write }; |
||||
class unix_stream_socket connectto; |
||||
class file { execute execute_no_trans }; |
||||
class capability dac_override; |
||||
} |
||||
|
||||
#============= zabbix_t ============== |
||||
allow zabbix_t self:unix_stream_socket connectto; |
||||
allow zabbix_t self:capability dac_override; |
||||
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans }; |
||||
allow zabbix_t zabbix_var_run_t:sock_file { create unlink }; |
||||
allow zabbix_t mysqld_db_t:sock_file write; |
||||
|
||||
|
Loading…
Reference in new issue