103 lines
2.4 KiB
YAML
103 lines
2.4 KiB
YAML
- name: Install MariaDB Server
|
|
ansible.builtin.dnf:
|
|
name: mariadb-server
|
|
state: present
|
|
|
|
- name: Change the bind-address to allow Docker
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/my.cnf.d/mariadb-server.cnf
|
|
regex: "^bind-address"
|
|
line: "bind-address = 0.0.0.0"
|
|
notify: restart_mariadb
|
|
|
|
- name: Start and enable MariaDB service
|
|
ansible.builtin.systemd:
|
|
name: mariadb
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Install MySQL Support for Python 3
|
|
ansible.builtin.dnf:
|
|
name: python3-PyMySQL
|
|
state: present
|
|
|
|
- name: Create MariaDB databases
|
|
community.mysql.mysql_db:
|
|
name: "{{ item.name }}"
|
|
state: present
|
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
|
loop: "{{ databases }}"
|
|
no_log: true
|
|
|
|
- name: Create MariaDB users
|
|
community.mysql.mysql_user:
|
|
name: "{{ item.name }}"
|
|
password: "{{ item.pass }}"
|
|
host: "%"
|
|
state: present
|
|
priv: "{{ item.name }}.*:ALL"
|
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
|
loop: "{{ databases }}"
|
|
no_log: true
|
|
|
|
- name: Create webserver stack directory
|
|
ansible.builtin.file:
|
|
path: /home/oci/webserver
|
|
state: directory
|
|
mode: "700"
|
|
owner: oci
|
|
group: oci
|
|
|
|
- name: Install webserver compose file
|
|
ansible.builtin.copy:
|
|
src: docker-compose.yml
|
|
dest: /home/oci/webserver/compose.yml
|
|
mode: "600"
|
|
owner: oci
|
|
group: oci
|
|
notify: Start podman compose project
|
|
|
|
- name: Generate webserver environment configuration
|
|
ansible.builtin.template:
|
|
src: compose-env.j2
|
|
dest: /home/oci/webserver/.env
|
|
mode: "644"
|
|
owner: oci
|
|
group: oci
|
|
notify: Start podman compose project
|
|
|
|
- name: Enable IP forwarding
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: "1"
|
|
state: present
|
|
reload: true
|
|
|
|
- name: Allow port 80 in firewall
|
|
ansible.posix.firewalld:
|
|
port: 80/tcp
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|
|
|
|
- name: Forward port 80 to 8080
|
|
ansible.posix.firewalld:
|
|
rich_rule: 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|
|
|
|
- name: Allow port 443 in firewall
|
|
ansible.posix.firewalld:
|
|
port: 443/tcp
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|
|
|
|
- name: Forward port 443 to 8443
|
|
ansible.posix.firewalld:
|
|
rich_rule: 'rule family="ipv4" forward-port port="443" protocol="tcp" to-port="8443"'
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|