# Fichier: install_php_83_symfony_pgsql.yml - name: Deploy application hosts: webservers become: true gather_facts: true vars: db_name: "e-cosplay" db_user: "e-cosplay" db_password: "e-cosplay" redis_password: "e-cosplay" redis_port: "20101" tasks: - name: Installer le support ACL pour corriger les permissions de 'become_user' ansible.builtin.apt: name: acl state: present update_cache: true when: ansible_os_family == "Debian" - name: Installation des dépendances pour le module Ansible PostgreSQL ansible.builtin.apt: name: python3-psycopg2 state: present update_cache: true when: ansible_os_family == "Debian" - name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances ansible.builtin.apt: name: - php8.3 - php8.3-fpm - php8.3-cli - php8.3-common - php8.3-mysql - php8.3-pgsql - php8.3-xml - php8.3-mbstring - php8.3-zip - php8.3-intl - php8.3-gd - php8.3-curl - php8.3-pdo - php8.3-opcache - php8.3-bcmath - php8.3-redis - php8.3-imagick - ffmpeg state: present when: ansible_os_family == "Debian" - name: Démarrage et activation du service PHP 8.3 FPM ansible.builtin.systemd: name: php8.3-fpm state: started enabled: yes when: ansible_os_family == "Debian" - name: Maintenance mode artemis on ansible.builtin.command: php bin/console mainframe:maintenance artemis true become: false args: chdir: "{{ path }}" - name: Maintenance mode api on ansible.builtin.command: php bin/console mainframe:maintenance api true become: false args: chdir: "{{ path }}" - name: Créer le fichier .env.local avec les secrets de production ansible.builtin.copy: content: | APP_ENV=prod VITE_LOAD=1 DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8" REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}" REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}" MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages" APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f REAL_MAIL=1 VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz APP_DEBUG=true MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3 dest: "{{ path }}/.env.local" when: ansible_os_family == "Debian" # --- Initial creation of essential directories with correct ownership --- # These directories should exist before composer runs, but composer might create subdirs. - name: Ensure app/var and public/media directories exist with correct owner/group ansible.builtin.file: path: "{{ item }}" owner: bot # Assuming 'bot' is your deployment user group: www-data mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute state: directory recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions loop: - "{{ path }}/var" - "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later - "{{ path }}/public/media" # For uploads - name: Exécuter 'composer install' dans le répertoire de l'application ansible.builtin.command: composer install --no-dev --optimize-autoloader become: false # Run as the connection user (e.g., 'bot') args: chdir: "{{ path }}" when: ansible_os_family == "Debian" # --- POST-COMPOSER PERMISSION FIXES --- # This is crucial because composer creates var/cache as the `become: false` user - name: Set correct permissions for Symfony cache and logs directories ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data mode: '0775' # rwx for owner and group, rx for others state: directory recurse: yes # Apply to all contents loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" # For web-writable directories created by the app itself (e.g., uploads), you might set ACLs # or chown to www-data and then your user gets access via group membership. # Alternative for cache/log permissions using ACLs (more robust for mixed ownership) # This requires 'acl' package installed (which you already do). # Use this if 'bot' needs to own, but www-data needs to write. - name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs) ansible.builtin.acl: path: "{{ item }}" entity: www-data etype: group permissions: rwx state: present recursive: yes default: yes # Apply default ACLs for new files/dirs within loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" when: ansible_os_family == "Debian" # ACLs are Linux-specific - name: Exécuter bun install dans le répertoire de l application ansible.builtin.command: bun install become: false args: chdir: "{{ path }}" when: ansible_os_family == "Debian" - name: Exécuter bun build dans le répertoire de l application ansible.builtin.command: bun run build become: false args: chdir: "{{ path }}" when: ansible_os_family == "Debian" - name: Supervisor config ansible.builtin.template: src: supervisor.j2 dest: "/etc/supervisor/conf.d/e-cosplay.conf" mode: '0644' - name: Reread Supervisor configuration ansible.builtin.command: supervisorctl reread changed_when: true # Always mark as changed, as output is not always useful for idempotency - name: Update Supervisor (add/remove updated programs) ansible.builtin.command: supervisorctl update changed_when: true - name: Purger la base de données Redis ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL" when: ansible_os_family == "Debian" - name: Generate Caddy site configuration ansible.builtin.template: src: caddy.j2 dest: "/etc/caddy/sites/e-cosplay.conf" mode: '0644' - name: Reload Caddy to apply new configuration ansible.builtin.systemd: name: caddy state: reloaded enabled: yes - name: Exécuter doctrine:migration:migrate dans le répertoire de l application ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction become: false args: chdir: "{{ path }}" when: ansible_os_family == "Debian" - name: Exécuter cache:clear dans le répertoire de l application ansible.builtin.command: php bin/console cache:clear become: false args: chdir: "{{ path }}" when: ansible_os_family == "Debian" - name: Exécuter liip:imagine:cache:remove dans le répertoire de l application ansible.builtin.command: php bin/console liip:imagine:cache:remove become: false args: chdir: "{{ path }}" - name: Set correct permissions for Symfony cache and logs directories ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data mode: '0777' # rwx for owner and group, rx for others state: directory recurse: yes # Apply to all contents loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" - "{{ path }}/public/media"