added ansible configuration

Author: onenonlinear

.github/workflows/ansible.yml

@@ -0,0 +1,23 @@
+name: Ansible
+
+on:
+  workflow_dispatch:  
+  push:
+    paths:
+      - ansible/**
+  pull_request:
+    paths:
+      - ansible/**
+
+jobs:
+  lint:
+    name: "Ansible Lint"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Ansible-lint
+        uses: ansible/ansible-lint-action@v6
+        with:
+          target: "./ansible"

README.md

@@ -13,6 +13,17 @@ Status of last event for Terraform workflow: <br>
    - terraform plan
    - terraform apply -auto-approve
 3. check
-   - curl http://localhost:8080/
-   - curl http://localhost:8080/healthz
+   - ```curl http://localhost:8080/```
+   - ```curl http://localhost:8080/healthz```
 
+
+### Ansible
+
+```Testing in ubuntu 20.04```
+
+1. Requirements: installed ansible
+2. ```cd ansible``` and run command:
+   - ```ansible-playbook -i inventory/containers.ini playbooks/site.yml```
+3. check
+   - ```curl http://localhost/```
+   - ```curl http://localhost/healthz```

ansible/inventory/containers.ini

@@ -0,0 +1,2 @@
+[web]
+localhost ansible_connection=local

ansible/playbooks/site.yml

@@ -0,0 +1,7 @@
+---
+- name: Deploy web role
+  hosts: web
+  become: true
+
+  roles:
+    - roles/web

ansible/roles/web/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# defaults file for web
+app_env: "dev"
+apt_php_version: "7.4"
+# ubuntu run nginx user
+php_owner: "nginx"
+php_group: "nginx"

ansible/roles/web/files/index.php

@@ -0,0 +1,7 @@
+<?php
+header('Content-Type: application/json');
+echo json_encode([
+    "status" => "ok",
+    "service" => "php",
+    "env" => getenv('APP_ENV') ?: 'dev'
+]);

ansible/roles/web/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+# handlers file for web
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
+
+- name: restart php-fpm
+  service:
+    name: "php{{ apt_php_version }}-fpm"
+    state: restarted

ansible/roles/web/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: Anatolii
+  description: Configure Nginx + PHP-FPM
+  company: WebIncorp
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license MIT
+
+  min_ansible_version: "2.1"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Ubuntu
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/web/tasks/main.yml

@@ -0,0 +1,94 @@
+---
+# tasks file for web
+- name: Install required packages
+  apt:
+    name:
+      - nginx
+      - "php{{ apt_php_version }}-fpm"
+    state: present
+    update_cache: yes
+
+- name: Deploy nginx config
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/conf.d/website.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart nginx
+
+- name: ensures /var/www/html dir exists
+  file:
+    path: "/var/www/html"
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: 0755
+
+# setting the www.conf .
+- name: Set permissions on socket - owner
+  lineinfile:
+    dest: "/etc/php/{{ apt_php_version }}/fpm/pool.d/www.conf"
+    regexp: '^;?listen.owner'
+    line: "listen.owner = {{ php_owner }}"
+  notify: restart php-fpm
+
+- name: Set permissions on socket - group
+  lineinfile:
+    dest: "/etc/php/{{ apt_php_version }}/fpm/pool.d/www.conf"
+    regexp: '^;?listen.group'
+    line: 'listen.group = {{ php_group }}'
+  notify: restart php-fpm
+
+- name: Set permissions on socket - mode
+  lineinfile:
+    dest: "/etc/php/{{ apt_php_version }}/fpm/pool.d/www.conf"
+    regexp: '^;?listen.mode'
+    line: 'listen.mode = 0660'
+  notify: restart php-fpm
+
+- name: Deploy index.php
+  copy:
+    src: index.php
+    dest: /var/www/html/index.php
+    owner: www-data
+    group: www-data
+    mode: 0644
+  notify:
+    - restart php-fpm
+
+- name: Ensure php-fpm service is enabled and started
+  service:
+    name: php{{ apt_php_version }}-fpm
+    state: started
+    enabled: yes
+
+- name: Ensure nginx service is enabled and started
+  service:
+    name: nginx
+    state: started
+    enabled: yes
+
+- name: Deploy logrotate config for nginx logs
+  copy:
+    content: |
+      /var/log/nginx/*log {
+          daily
+          missingok
+          rotate 14
+          compress
+          delaycompress
+          notifempty
+          create 0640 www-data adm
+          sharedscripts
+          postrotate
+              [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
+          endscript
+      }
+    dest: /etc/logrotate.d/nginx
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart nginx

ansible/roles/web/templates/nginx.conf.j2

@@ -0,0 +1,26 @@
+server {
+   listen 80;
+   server_name localhost;
+   root /var/www/html;
+   index index.php index.html;
+
+   location /healthz {
+       default_type application/json;
+       return 200 '{"status":"ok","service":"nginx","env":"{{ app_env }}"}';
+   }
+
+   location / {
+       try_files $uri $uri/ /index.php?$query_string;
+   }
+
+   location ~ \.php$ {
+       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+       fastcgi_pass unix:/run/php/php-fpm.sock;
+       fastcgi_index index.php;
+       include fastcgi_params;
+       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+   }
+
+   access_log /var/log/nginx/access-web.log;
+   error_log /var/log/nginx/error-web.log warn;
+}