- Learn Ansible
- Russ McKendrick
- 566字
- 2025-04-04 16:37:53
The stack-config role
A lot of the modules we are using in this role will work fine on both of our target operating systems, so in this role, we are tweaking things like paths to configuration files and so on. Rather than list out the entire content of the roles/stack-config/tasks/main.yml file, I will just highlight the changes that need to be made, starting with the following task that should be right at the top of the file:
- name: include the operating system specific variables
include_vars: "{{ ansible_os_family }}.yml"
This will load in the variables that contain the paths we need to use later in the role; the content of roles/stack-config/vars/RedHat.yml is:
---
php_fpm_path: "/etc/php-fpm.d/www.conf"
php_ini_path: /etc/php.ini
php_service_name: "php-fpm"
And the content of roles/stack-config/vars/Debian.yml is:
php_fpm_path: "/etc/php/7.0/fpm/pool.d/www.conf"
php_ini_path: "/etc/php/7.0/fpm/php.ini"
php_service_name: "php7.0-fpm"
As you can see, most of the changes we need to make are around the location of the PHP configuration files. Before we get those, we need to create the WordPress user back in our roles/stack-config/tasks/main.yml file. Because PHP-FPM runs under a different group by default on Ubuntu, there is no PHP-FPM group created, so let's create one, making sure we add these tasks before the add the wordpress user task:
- name: add the wordpress group
group:
name: "{{ wordpress_system.group }}"
state: "{{ wordpress_system.state }}"
Next up, there is no /var/www/ folder created on Ubuntu, so we will need to create the folder:
- name: create the global directory in /etc/nginx/
file:
dest: "/var/www/"
state: "directory"
mode: "0755"
Both the group and folder are already there on the CentOS box, so these tasks should just say ok. Once they have been created, the user will be created without errors on both boxes with no changes to the add the wordpress user task.
All of the tasks that deploy the NGINX configuration will work without any changes, so we can move on to the PHP configuration:
- name: copy the www.conf to /etc/php-fpm.d/
template:
src: "php-fpmd-www.conf.j2"
dest: "{{ php_fpm_path }}"
notify: "restart php-fpm"
- name: configure php.ini
lineinfile:
dest: "{{ php_ini_path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.replace }}"
backup: "yes"
backrefs: "yes"
with_items: "{{ php.ini }}"
notify: "restart php-fpm"
As you can see, both of these tasks have been updated to include the paths relevant to the operating system the playbook is currently targeting.
The restart php-fpm handler has also been updated as the PHP-FPM service on the two operating systems has a different name; this task should replace the existing one in roles/stack-config/handlers/main.yml:
- name: "restart php-fpm"
service:
name: "{{ php_service_name }}"
state: "restarted"
enabled: "yes"
Likewise, back in roles/stack-config/tasks/main.yml the task that starts PHP-FPM should be updated as per this task:
- name: start php-fpm
service:
name: "{{ php_service_name }}"
state: "started"
The next two changes are to make the following tasks only run on CentOS boxes:
- name: configure the mariadb bind address
lineinfile:
dest: "{{ mariadb.server_config }}"
regexp: "#bind-address=0.0.0.0"
line: "bind-address={{ mariadb.bind }}"
backup: "yes"
backrefs: "yes"
when: ansible_os_family == 'RedHat'
This is because the default configuration on Ubuntu for MariaDB does not contain bind-address, so we are skipping it; the next and final task is as follows:
- name: set the selinux allowing httpd_t to be permissive is required
selinux_permissive:
name: httpd_t
permissive: true
when: selinux.http_permissive == true and ansible_os_family == 'RedHat'
We are skipping this on the Ubuntu box because SELinux is not installed and does not work with Ubuntu.