253 lines
8.4 KiB
YAML
253 lines
8.4 KiB
YAML
# Fichier: install_php_83_symfony_pgsql.yml
|
|
|
|
- name: Deploy application
|
|
hosts: webservers
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
db_name: "ludikevent"
|
|
db_user: "ludikevent"
|
|
db_password: "ludikevent"
|
|
redis_password: "ludikevent"
|
|
redis_port: "20110"
|
|
# path: /var/www/mainframe/app (à définir dans l'inventaire)
|
|
|
|
tasks:
|
|
- name: Exécuter 'composer install' dans le répertoire de l'application
|
|
ansible.builtin.command: php8.4 /usr/local/bin/composer install --no-dev --optimize-autoloader
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Send a message to the Discord channel
|
|
community.general.discord:
|
|
webhook_id: "1419573620602044518"
|
|
webhook_token: "ikAdxWxsrrTqMTb5Gh_8ylcoJHlOnq7aJZvR5udoS_fCK56Jk3qpEnJHVKdD8fwuNJF3"
|
|
content: "Mise à jour du intranet ludikevent https://intranet.ludikevent.fr"
|
|
|
|
- name: Installer le support ACL pour corriger les permissions
|
|
ansible.builtin.apt:
|
|
name: acl
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation des dépendances PostgreSQL pour Ansible
|
|
ansible.builtin.apt:
|
|
name: python3-psycopg2
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation de PHP 8.4 et dépendances
|
|
ansible.builtin.apt:
|
|
name:
|
|
- php8.4
|
|
- php8.4-fpm
|
|
- php8.4-cli
|
|
- php8.4-common
|
|
- php8.4-mysql
|
|
- php8.4-pgsql
|
|
- php8.4-xml
|
|
- php8.4-mbstring
|
|
- php8.4-zip
|
|
- php8.4-intl
|
|
- php8.4-gd
|
|
- php8.4-curl
|
|
- php8.4-pdo
|
|
- php8.4-opcache
|
|
- php8.4-bcmath
|
|
- php8.4-redis
|
|
- php8.4-imagick
|
|
- ffmpeg
|
|
state: present
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Démarrage de PHP 8.4-FPM
|
|
ansible.builtin.systemd:
|
|
name: php8.4-fpm
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Créer le fichier .env.local
|
|
ansible.builtin.copy:
|
|
content: |
|
|
APP_ENV=prod
|
|
APP_DEBUG=false
|
|
VITE_LOAD=1
|
|
DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8"
|
|
REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages"
|
|
APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f
|
|
REAL_MAIL=1
|
|
VAULT_ADDR=http://127.0.0.1:8200
|
|
VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz
|
|
MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3
|
|
PATH_URL=https://intranet.ludikevent.fr
|
|
STRIPE_BASEURL=https://payment.ludikevent.fr
|
|
SIGN_URL=https://signature.ludikevent.fr
|
|
DEFAULT_URI=https://reservation.ludikevent.fr
|
|
INTRANET_LOCK=false
|
|
STRIPE_PK=pk_test_51SUA22173W4aeFB1nO6oFfDZ12HOTffDKtCshhZ8rkUg6kUO2ZaQC0tK72rhE79Tr8treeHX9KMcZtvcQZ0X8VSm00Q6GQ365V
|
|
STRIPE_SK=sk_test_51SUA22173W4aeFB16EB2LxGI0hNvNJzFshDI98zRImWBIhSfzqOGAz5TlPxSpUWbj3x4COm6kmSsaal9FpQR1A7M0022DvjbbR
|
|
dest: "{{ path }}/.env.local"
|
|
|
|
- name: Configuration des dossiers de base
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0775'
|
|
state: directory
|
|
loop:
|
|
- "{{ path }}/var"
|
|
- "{{ path }}/var/log"
|
|
- "{{ path }}/public/media"
|
|
- "{{ path }}/public/images"
|
|
- "{{ path }}/public/pdf"
|
|
- "{{ path }}/public/seo"
|
|
- "{{ path }}/public/tmp-sign"
|
|
- "{{ path }}/sauvegarde"
|
|
|
|
- name: ACL pour Symfony (www-data rwx)
|
|
ansible.builtin.acl:
|
|
path: "{{ item }}"
|
|
entity: www-data
|
|
etype: group
|
|
permissions: rwx
|
|
state: present
|
|
recursive: yes
|
|
default: yes
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
- name: ACL pour Symfony (www-data rwx)
|
|
ansible.builtin.acl:
|
|
path: "{{ item }}"
|
|
entity: bot
|
|
etype: group
|
|
permissions: rwx
|
|
state: present
|
|
recursive: yes
|
|
default: yes
|
|
loop:
|
|
- "{{ path }}/public/media"
|
|
|
|
- name: Bun install & build
|
|
ansible.builtin.command: "{{ item }}"
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
loop:
|
|
- "bun install"
|
|
- "bun run build"
|
|
|
|
- name: Supervisor config
|
|
ansible.builtin.template:
|
|
src: supervisor.j2
|
|
dest: "/etc/supervisor/conf.d/mainframe.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reload Supervisor
|
|
ansible.builtin.command: "{{ item }}"
|
|
loop:
|
|
- "supervisorctl reread"
|
|
- "supervisorctl update"
|
|
|
|
- name: Purger Redis
|
|
ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL"
|
|
|
|
- name: Caddy config
|
|
ansible.builtin.template:
|
|
src: caddy.j2
|
|
dest: "/etc/caddy/sites/ludikevent.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reload Caddy
|
|
ansible.builtin.systemd:
|
|
name: caddy
|
|
state: reloaded
|
|
|
|
- name: Symfony Tasks (Migrations, Cache, Warmup)
|
|
ansible.builtin.command: "php8.4 bin/console {{ item }} --no-interaction"
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
loop:
|
|
- "doctrine:migrations:migrate"
|
|
- "cache:clear"
|
|
- "app:images:warmup"
|
|
- "pwa:compile"
|
|
- "app:sitemap"
|
|
|
|
- name: S'assurer que le fichier update.json a les bonnes permissions
|
|
ansible.builtin.file:
|
|
path: "{{ path }}/var/update.json"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0664'
|
|
state: file
|
|
ignore_errors: yes
|
|
|
|
# --- CRON TASKS ---
|
|
- name: "Cron Task - Unsigned Contracts (Relance & Annulation)"
|
|
ansible.builtin.cron:
|
|
name: "Intranet Ludikevent - Unsigned Contracts Expired"
|
|
minute: "0"
|
|
hour: "12"
|
|
job: "php8.4 {{ path }}/bin/console app:mail"
|
|
user: root
|
|
state: present
|
|
|
|
- name: "Cron Task Search"
|
|
ansible.builtin.cron:
|
|
name: "Intranet Ludikevent - Search"
|
|
minute: "*/5"
|
|
job: "php8.4 {{ path }}/bin/console app:search"
|
|
user: root
|
|
|
|
- name: "Cron Task Stripe"
|
|
ansible.builtin.cron:
|
|
name: "Intranet Ludikevent - Stripe"
|
|
minute: "0"
|
|
hour: "1"
|
|
job: "php8.4 {{ path }}/bin/console app:stripe:sync"
|
|
user: root
|
|
|
|
- name: "Cron Task Backup"
|
|
ansible.builtin.cron:
|
|
name: "Intranet Ludikevent - Backup"
|
|
minute: "0"
|
|
hour: "*/6"
|
|
job: "php8.4 {{ path }}/bin/console app:backup"
|
|
user: "root"
|
|
|
|
- name: "Cron Task - Clean Data"
|
|
ansible.builtin.cron:
|
|
name: "Intranet Ludikevent - Clean Data"
|
|
minute: "0"
|
|
hour: "20"
|
|
job: "php8.4 {{ path }}/bin/console app:clean"
|
|
user: "root"
|
|
|
|
- name: Final Permissions Fix (0777 pour les dossiers d'upload)
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0777'
|
|
state: directory
|
|
recurse: yes
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
- "{{ path }}/public/media"
|
|
- "{{ path }}/sauvegarde"
|
|
- "{{ path }}/public/images"
|
|
- "{{ path }}/public/media"
|
|
- "{{ path }}/public/pdf"
|
|
- "{{ path }}/public/seo"
|
|
- "{{ path }}/public/tmp-sign" |