13b25efb41
Ajoute une fonctionnalité de partage de fichiers temporaires avec suppression automatique après 30 minutes et génération de QR codes. Ajoute aussi une tâche cron pour supprimer ces fichiers.
282 lines
11 KiB
YAML
282 lines
11 KiB
YAML
# Fichier: install_php_83_symfony_pgsql.yml
|
|
|
|
- name: Deploy application
|
|
hosts: webservers
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
db_name: "mainframe"
|
|
db_user: "mainframe"
|
|
db_password: "mainframe"
|
|
redis_password: "mainframe"
|
|
redis_port: "20100"
|
|
# Assurez-vous que 'path' est définie dans votre inventaire ou comme extra-var
|
|
# Exemple: path: /var/www/mainframe/app
|
|
|
|
tasks:
|
|
- name: Send a message to the Discord channel
|
|
community.general.discord:
|
|
webhook_id: "1421437443688890500"
|
|
webhook_token: "DPSuS00Ian6O0lQw-1aDQPkVB19so4AA5zaLN_nALs3fDGah1KSLBWys_CYpsc33PGIG"
|
|
content: "Mise à jour du mainframe"
|
|
|
|
- name: Installer le support ACL pour corriger les permissions de 'become_user'
|
|
ansible.builtin.apt:
|
|
name: acl
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation des dépendances pour le module Ansible PostgreSQL
|
|
ansible.builtin.apt:
|
|
name: python3-psycopg2
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances
|
|
ansible.builtin.apt:
|
|
name:
|
|
- php8.3
|
|
- php8.3-fpm
|
|
- php8.3-cli
|
|
- php8.3-common
|
|
- php8.3-mysql
|
|
- php8.3-pgsql
|
|
- php8.3-xml
|
|
- php8.3-mbstring
|
|
- php8.3-zip
|
|
- php8.3-intl
|
|
- php8.3-gd
|
|
- php8.3-curl
|
|
- php8.3-pdo
|
|
- php8.3-opcache
|
|
- php8.3-bcmath
|
|
- php8.3-redis
|
|
- php8.3-imagick
|
|
- ffmpeg
|
|
state: present
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Démarrage et activation du service PHP 8.3 FPM
|
|
ansible.builtin.systemd:
|
|
name: php8.3-fpm
|
|
state: started
|
|
enabled: yes
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Créer le fichier .env.local avec les secrets de production
|
|
ansible.builtin.copy:
|
|
content: |
|
|
APP_ENV=prod
|
|
VITE_LOAD=1
|
|
DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8"
|
|
REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages"
|
|
APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f
|
|
REAL_MAIL=1
|
|
VAULT_ADDR=http://127.0.0.1:8200
|
|
VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz
|
|
APP_DEBUG=true
|
|
MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3
|
|
dest: "{{ path }}/.env.local"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
# --- Initial creation of essential directories with correct ownership ---
|
|
# These directories should exist before composer runs, but composer might create subdirs.
|
|
- name: Ensure app/var and public/media directories exist with correct owner/group
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot # Assuming 'bot' is your deployment user
|
|
group: www-data
|
|
mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute
|
|
state: directory
|
|
recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions
|
|
loop:
|
|
- "{{ path }}/var"
|
|
- "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later
|
|
- "{{ path }}/public/media" # For uploads
|
|
- "{{ path }}/public/storage" # For uploads
|
|
- "{{ path }}/public/tmp-sign" # For uploads
|
|
|
|
- name: Exécuter 'composer install' dans le répertoire de l'application
|
|
ansible.builtin.command: composer install --no-dev --optimize-autoloader
|
|
become: false # Run as the connection user (e.g., 'bot')
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
# --- POST-COMPOSER PERMISSION FIXES ---
|
|
# This is crucial because composer creates var/cache as the `become: false` user
|
|
- name: Set correct permissions for Symfony cache and logs directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0775' # rwx for owner and group, rx for others
|
|
state: directory
|
|
recurse: yes # Apply to all contents
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
# For web-writable directories created by the app itself (e.g., uploads), you might set ACLs
|
|
# or chown to www-data and then your user gets access via group membership.
|
|
|
|
# Alternative for cache/log permissions using ACLs (more robust for mixed ownership)
|
|
# This requires 'acl' package installed (which you already do).
|
|
# Use this if 'bot' needs to own, but www-data needs to write.
|
|
- name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs)
|
|
ansible.builtin.acl:
|
|
path: "{{ item }}"
|
|
entity: www-data
|
|
etype: group
|
|
permissions: rwx
|
|
state: present
|
|
recursive: yes
|
|
default: yes # Apply default ACLs for new files/dirs within
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
when: ansible_os_family == "Debian" # ACLs are Linux-specific
|
|
|
|
- name: Exécuter bun install dans le répertoire de l application
|
|
ansible.builtin.command: bun install
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Exécuter bun build dans le répertoire de l application
|
|
ansible.builtin.command: bun run build
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Supervisor config
|
|
ansible.builtin.template:
|
|
src: supervisor.j2
|
|
dest: "/etc/supervisor/conf.d/mainframe.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reread Supervisor configuration
|
|
ansible.builtin.command: supervisorctl reread
|
|
changed_when: true # Always mark as changed, as output is not always useful for idempotency
|
|
|
|
- name: Update Supervisor (add/remove updated programs)
|
|
ansible.builtin.command: supervisorctl update
|
|
changed_when: true
|
|
|
|
- name: Purger la base de données Redis
|
|
ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Generate Caddy site configuration
|
|
ansible.builtin.template:
|
|
src: caddy.j2
|
|
dest: "/etc/caddy/sites/mainframe.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reload Caddy to apply new configuration
|
|
ansible.builtin.systemd:
|
|
name: caddy
|
|
state: reloaded
|
|
enabled: yes
|
|
- name: Exécuter doctrine:migration:migrate dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
- name: Exécuter cache:clear dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console cache:clear
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Exécuter liip:imagine:cache:remove dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console liip:imagine:cache:remove
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian" # Added a when condition here, often missed
|
|
- name: "Execute created subcriber link"
|
|
cron:
|
|
name: "Mainframe - subcriber link"
|
|
minute: "0"
|
|
hour: "*"
|
|
job: "sh {{ path }}/script/demande/run.sh"
|
|
user: root
|
|
|
|
- name: "Cron Task purge customer delete"
|
|
cron:
|
|
name: "Mainframe - Purge customer"
|
|
minute: "0"
|
|
hour: "21"
|
|
job: "php {{ path }}/bin/console mainframe:cron:customer"
|
|
user: root
|
|
- name: "Cron Task purge customer delete"
|
|
cron:
|
|
name: "Mainframe - Check Server mail"
|
|
minute: "0"
|
|
hour: "6"
|
|
job: "php {{ path }}/bin/console mainframe:mailserver:check"
|
|
user: root
|
|
- name: "Cron Task purge email delete"
|
|
cron:
|
|
name: "Mainframe - Purge customer"
|
|
minute: "0"
|
|
hour: "21"
|
|
job: "php {{ path }}/bin/console mainframe:cron:email"
|
|
user: root
|
|
|
|
- name: "Cron Task sync"
|
|
ansible.builtin.cron:
|
|
name: "Mainframe - Sync"
|
|
minute: "0"
|
|
hour: "*"
|
|
user: "root"
|
|
job: "php {{ path }}/bin/console mainframe:cron:sync"
|
|
state: present
|
|
- name: "Cron Task sync"
|
|
ansible.builtin.cron:
|
|
name: "Mainframe - Delete tmp"
|
|
minute: "30"
|
|
hour: "*"
|
|
user: "root"
|
|
job: "php {{ path }}/bin/console mainframe:tempfile:delete"
|
|
state: present
|
|
- name: "Mail event today"
|
|
ansible.builtin.cron:
|
|
name: "Mainframe - Event Today"
|
|
minute: "50"
|
|
hour: "23"
|
|
user: "root"
|
|
job: "php {{ path }}/bin/console mainframe:event:today"
|
|
state: present
|
|
- name: "Backup - Mainframe"
|
|
ansible.builtin.cron:
|
|
name: "Mainframe - Event Today"
|
|
minute: "0"
|
|
hour: "7,14,17"
|
|
user: "root"
|
|
job: "php {{ path }}/bin/console mainframe:backup"
|
|
state: present
|
|
- name: Set correct permissions for Symfony cache and logs directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0777' # rwx for owner and group, rx for others
|
|
state: directory
|
|
recurse: yes # Apply to all contents
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
- "{{ path }}/public/media"
|
|
- "{{ path }}/public/storage" # For uploads
|
|
- "{{ path }}/public/tmp-sign" # For uploads
|