| # |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| --- |
| - name: Create root directory |
| file: path="{{ doc_root_dir }}" state=directory owner="{{user}}" group="{{group}}" |
| become: yes |
| |
| - include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml |
| |
| - name: Git clone php gateway |
| git: |
| repo: "{{ pga_repo }}" |
| dest: "{{ doc_root_dir }}" |
| version: "{{ pga_git_branch }}" |
| update: yes |
| force: yes |
| become: yes |
| become_user: "{{user}}" |
| |
| - name: Create user data dir {{ real_user_data_dir }} |
| file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" mode=0777 |
| become: yes |
| |
| - name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }} |
| file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}" |
| become: yes |
| when: user_data_dir != real_user_data_dir |
| |
| - name: Create experiment data dir {{ experiment_data_dir }} |
| file: path="{{ experiment_data_dir }}" state=directory owner="{{user}}" group="{{group}}" mode=0777 recurse=yes follow=yes |
| become: yes |
| |
| # SELinux configuration |
| - name: set selinux to enforcing |
| selinux: state=enforcing policy=targeted |
| become: yes |
| when: ansible_os_family == "RedHat" |
| |
| - name: set selinux context to allow read on public directory |
| sefcontext: |
| target: "{{ doc_root_dir }}/public(/.*)?" |
| setype: httpd_sys_content_t |
| state: present |
| become: yes |
| notify: |
| - restart httpd |
| when: ansible_os_family == "RedHat" |
| |
| - name: set selinux context to allow read/write on storage directory |
| sefcontext: |
| target: "{{ doc_root_dir }}/app/storage(/.*)?" |
| setype: httpd_sys_rw_content_t |
| state: present |
| become: yes |
| notify: |
| - restart httpd |
| when: ansible_os_family == "RedHat" |
| |
| - name: set selinux context to allow read/write on the user data directory |
| sefcontext: |
| # For SELinux file contexts, the real path without symbolic links must be used |
| target: "{{ real_user_data_dir }}(/.*)?" |
| setype: httpd_sys_rw_content_t |
| state: present |
| become: yes |
| notify: |
| - restart httpd |
| when: ansible_os_family == "RedHat" |
| |
| - name: allow httpd to connect out to the network |
| seboolean: |
| name: httpd_can_network_connect |
| state: yes |
| persistent: yes |
| become: yes |
| notify: |
| - restart httpd |
| when: ansible_os_family == "RedHat" |
| |
| # step 6: Change pga configurations |
| - name: Copy pga config file |
| template: src={{ pga_config_template }} dest="{{ doc_root_dir }}/app/config/pga_config.php" owner="{{user}}" group="{{group}}" |
| become: yes |
| |
| - name: Checkout the portal theme (if a custom theme is defined) |
| git: |
| repo: "{{ portal_theme_repo }}" |
| dest: "{{ doc_root_dir }}/public/themes/{{ portal_theme }}" |
| version: "master" |
| update: yes |
| when: portal_theme != "base" and portal_theme_repo != "" |
| become: yes |
| become_user: "{{user}}" |
| |
| - name: give read permissions to doc root |
| file: path="{{ doc_root_dir }}" state=directory mode=a+rX owner="{{user}}" group="{{group}}" recurse=yes |
| become: yes |
| |
| - name: give write permissions to storage dir |
| file: path="{{ doc_root_dir }}/app/storage" state=directory mode=0777 owner="{{user}}" group="{{group}}" recurse=yes |
| become: yes |
| |
| - name: Run composer install |
| composer: command=install working_dir="{{ doc_root_dir }}" |
| become: yes |
| become_user: "{{user}}" |
| |
| # For SELinux, need to apply file contexts, but I'm not sure why since the contexts were created before the files/directories |
| - name: run restorecon on those directories |
| command: restorecon -R {{ doc_root_dir }} {{ user_data_dir }} |
| become: yes |
| when: ansible_os_family == "RedHat" |
| |
| - name: copy virtual host config file |
| template: src={{ pga_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes |
| become: yes |
| notify: |
| - restart httpd |
| when: not vhost_ssl |
| |
| - name: copy SSL enabled virtual host config file |
| template: src={{ pga_ssl_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes |
| become: yes |
| notify: |
| - restart httpd |
| when: vhost_ssl |
| |
| - name: Enable site in Apache (Debian) |
| command: a2ensite pga-{{ gateway_id }} |
| become: yes |
| notify: |
| - restart httpd |
| when: ansible_os_family == "Debian" |
| |
| - name: copy pga user's SSH key for the gateway data store |
| authorized_key: |
| user: "{{user}}" |
| key: "{{ gateway_data_store_ssh_public_key }}" |
| become: yes |
| when: gateway_data_store_ssh_public_key != "" |