added drupal config deployment

ansible/ansible-playbook.yml.bkp

@@ -1,45 +0,0 @@
----
-- hosts: localhost
-  #  ask_pass: yes
-  gather_facts: no
-
-  vars: 
-    # short site name to use as dir/file name
-    site_name: lexperimental
-    site_url: lexperimental.fr
-    docker_image: wordpress:apache
-    docker_volumes: 
-      - "/var/www/lexperimental/wp-content/:/var/www/html/wp-content"
-    mysql_database: lexperimental
-    mysql_username: lexperimental
-    mysql_password: "azlhqsdh"
-    subnet_cidr_address: 172.100.0.0/24
-    subnet_gateway_ip: 172.100.0.1
-    subnet_site_ip: 172.100.0.2
-
-
-
-
-  tasks:
-    - name: "Create target directory {{ site_name }}"
-      file: 
-        name: "{{ site_name }}" 
-        state: directory
-    - name: Generate a docker-compose.yml file for our site
-      template:
-        src: templates/docker-compose.yml.j2
-        dest: "{{ site_name }}/docker-compose.yml"
-    - name: Generate a nginx config file for our site
-      template:
-        src: templates/nginx-site.conf.j2
-        dest: "{{ site_name }}/{{ site_url }}"
-  # - debug: "Do the MySQL users thingy"
-      #- name: Generate a new nginx server config file
-      #- template:
-      #-   src: templates/nginx-site.conf.j2
-      #-   dest: "/etc/nginx/sites-available/{{ site_url }}"
-      #  become: yes
-  # - debug: "Now do `ln -s /etc/nginx/sites-available/{{ site_url }} /etc/nginx/sites-enabled/"
-
-
-

ansible/group_vars/all/vars.yml

@@ -55,22 +55,42 @@ sites:
   #   mysql_username: zinzoscope
   #   mysql_password: "{{ vault_zinzoscope_mysql_password }}"
 
-  - slug: lexperimental # Shorthand name to use as directory/file name
+  # - slug: lexperimental # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: lexperimental.fr
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: no
+  #   # What kind of site is that?
+  #   type: wordpress
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.4.0/24
+  #   subnet_gateway_ip: 172.27.4.1
+  #   subnet_site_ip: 172.27.4.2
+    
+  #   mysql_database: lexperimental
+  #   mysql_username: lexperimental
+  #   mysql_password: "{{ vault_lexperimental_mysql_password }}"
+
+  - slug: mts # Shorthand name to use as directory/file name
     # The site URL (without www)
-    url: lexperimental.fr
+    url: editionsmangetasoupe.fr
     # Ask nginx to redirect url to www
     # Else, we redirect www to url
     redirect_to_www: no
     # What kind of site is that?
-    type: wordpress
+    type: drupal
     # Subnet addresses
-    subnet_cidr_address: 172.27.4.0/24
-    subnet_gateway_ip: 172.27.4.1
-    subnet_site_ip: 172.27.4.2
+    subnet_cidr_address: 172.27.5.0/24
+    subnet_gateway_ip: 172.27.5.1
+    subnet_site_ip: 172.27.5.2
     
-    mysql_database: lexperimental
-    mysql_username: lexperimental
-    mysql_password: "{{ vault_lexperimental_mysql_password }}"
+    # This will allow setting up MySQL
+    # Configuration on Drupal's side must be done by hand:
+    # Edit your <drupal_install>/sites/default/settings.php
+    mysql_database: mts8
+    mysql_username: mts
+    mysql_password: "{{ vault_mts_mysql_password }}"
 
 mysql_root_password: "{{ vault_mysql_root_password }}"
 adrien_serenity_password: "{{ vault_adrien_serenity_password }}"

ansible/group_vars/all/vault.yml

@@ -1,27 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-66633138343934393133313432636535393566633962343761623535333534663239306465303932
-3234353334646338653032336438373732373463613738660a353632626633386234646631356330
-62386333366433326630616566396663643733323362393031653833333664633061653463366239
-3232623432326530310a613665306565623337643237323435616134353331633130386164373338
-35656438653730313730303562323239666166383432636332323063633238393936613766353664
-64653231663132343066643936333465376664666330373935323562323934616462386138373434
-31336265636134326233313564303666323639383130653130363539636633323262646663333138
-30396639393732333130363934666661633136623833626136643735373436393430663366386463
-63356330396536323066326435663131373464303135326630333264353632636563303435626237
-35383834663032656237643862383632633838353565356162383061353534303062376236663131
-64616366653663303336386237313737613137366435353030383663613437646261396533353366
-36373331383931383530363663643961623261616138653930623632646135383361393066343732
-30666532383766383535616665303065333065306437363534653166356432373262383136636534
-66343439626366633862363431643161313564326532663933366661396361646137616366306533
-61393062356166613533373363356239663533313032636261303130383634613161666438376465
-34333138646332343139656133356532613065303166356334353036623263343330393134303235
-30373966613838646432353061366134643465346165633638666130383236353664343362376364
-31663164663433613031336161373032303039313565306563646231313162663132316464323035
-35343836313232626238623933353930313064343565333466376630306566616630643632376433
-62373863353932623331303730366238363838376361343763396530326166343137343865323437
-63643835313261656465653937643263663932623138363861626463616438313935313363316430
-63363932353931383330326539353066353162373165653765346262666163356138663062353837
-33643434343637366237646636653331353038653264646237356338386266616262623766633230
-31346334326230356265313438353437393563336133393839633464373831653334356535343136
-62343433373736356130353236653963646532336164366639343963666666363066346133393165
-3136353565303762353234323430666263376661323266373766
+30333835653963663535316564323735303838343861333835313232626632336635623361316534
+3931353931336638626634643133343865363539633266660a646339376138346330336232373139
+65393937643136623530663130626664666466623930376462613237616230343165346163383563
+3639336166373234360a306532306231333363333533373937613763626565353630626237373037
+66613537356339376131653239323330346530323137346430656635613331653261306234636432
+61663539656166613338333336323962623434656532323037356336346439386130313936613864
+39393466306635656532336162326266366361356530393264316437326335346439616136646665
+36356633643434326364346564613562356637663463653935616665373966386335373530323333
+30393138383365646438616265353165613233313039333538393634313330343565633161623266
+35656330383065373966383132323235663866613139613830333435393438333761313438663763
+66366166303462613666393936303966616338393166373539336464366361656530323335333934
+66366462323665326465353731666264383431623637373330343039666538313063396263373066
+38323366393738353763626436373830396462386566346535646663326233636462303164316561
+37646230663131643936376135343462363839336431353564303564373233376132346139326535
+33326165633239333864666233643466376164653835626262616264666434306530346462323464
+37643962656336356436616138626531396665616235353263326265326236383739363130386262
+65356238303437303232396639396563353836333937303836313637376139386239653465333962
+62346236353934396236366535323262643161336366326432363539386664323766633561363232
+30623364323035343830663362326466326433643165356435343965343162303965323063383732
+33373639343038663931646262373164356563366531656432626232343762396661386338386165
+35363666383164383031663532616563373735663565343130643638313739656266653336323339
+61383834653032643335653866653338643035376366373238343435653632383338346566643132
+39663234373637343565623431343366386635666635623838396163396137363465613438353737
+39353561656239636533613161316634633035626338663433626131613461346439353061373765
+65313632346339303164656561303538343937366264376665666364663762656435636166623861
+61346562366235343437636337306163326365666463343038633861333265623135356439313264
+32343036373433313331356566363636643237623835343033616338386336363465356233386431
+38313536323661623165623662616162396363396436613838663864613165653635663638353839
+30343333363633373338626535373034623738336463383266346464646434623731

ansible/roles/build/tasks/drupal.yml

@@ -0,0 +1,45 @@
+- name: "Create folder {{ sites_path }}/{{ item.slug }}"
+  file: 
+    path: "{{ sites_path }}/{{ item.slug }}"
+    state: directory
+    mode: '750'
+
+- name: Render sexy Dockerfile
+  template: 
+    src: drupal/Dockerfile.j2
+    dest: "{{ sites_path }}/{{ item.slug }}/Dockerfile"
+
+- name: Render marvelous docker-compose.yml
+  template:
+    src: drupal/docker-compose.yml.j2
+    dest: "{{ sites_path }}/{{ item.slug }}/docker-compose.yml"
+
+- name: Render swell nginx site config
+  template:
+    src: drupal/nginx.j2
+    dest: "/etc/nginx/sites-available/{{ item.url }}"
+  become: yes
+
+# - name: Create Let's Encrypt certificate
+# This seems hard, see:
+# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
+# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
+# Maybe using shell directly? e.g.
+# certbot certonly --webroot -w /var/www/letsencrypt -d <url>
+
+# MySQL equivalent:
+# create user <user>@<ip> identified by <pass>;
+# grant all on <db>.* to <user>@<ip>;
+- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
+  mysql_user:
+    # Credentials to log in MySQL
+    login_host: localhost
+    login_user: root
+    login_password: "{{ mysql_root_password }}"
+    # Credentials of the new db user
+    host: "{{ item.subnet_site_ip }}"
+    name: "{{ item.mysql_username }}"
+    password: "{{ item.mysql_password }}"
+    # Grants
+    priv: "{{ item.mysql_database }}.*:all"
+    state: present

ansible/roles/build/tasks/main.yml

@@ -6,7 +6,11 @@
   when: item.type == "wordpress"
   tags: wordpress
 
-
+- name: Build Drupal sites
+  include_tasks: drupal.yml  
+  loop: "{{ sites }}"
+  when: item.type == "drupal"
+  tags: drupal
 
 
 # build an image

ansible/roles/build/templates/drupal/Dockerfile.j2

@@ -0,0 +1,13 @@
+FROM drupal:8-apache
+
+RUN apt-get update; \
+	apt-get install -y --no-install-recommends msmtp; \
+	rm -rf /var/lib/apt/lists/*
+
+RUN echo "sendmail_path = /usr/bin/msmtp -t " > /usr/local/etc/php/conf.d/sendmail.ini
+
+RUN echo "\
+account default\n\
+host {{ item.subnet_gateway_ip }}\n\
+port 25\n\
+from php@{{ item.url }}\n" > /etc/msmtprc

ansible/roles/build/templates/drupal/Dockerfile.php.j2

@@ -0,0 +1,84 @@
+FROM php:7.4-apache-buster
+
+# install the PHP extensions we need
+# Code taken from https://github.com/docker-library/drupal
+RUN set -eux; \
+	\
+	if command -v a2enmod; then \
+		a2enmod rewrite; \
+	fi; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	\
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		libfreetype6-dev \
+		libjpeg-dev \
+		libpng-dev \
+		libpq-dev \
+		libzip-dev \
+		msmtp \
+	; \
+	\
+	docker-php-ext-configure gd \
+		--with-freetype-dir=/usr \
+		--with-jpeg-dir=/usr \
+		--with-png-dir=/usr \
+	; \
+	\
+	docker-php-ext-install -j "$(nproc)" \
+		gd \
+		opcache \
+		pdo_mysqli \
+		# pdo_mysql \
+		# pdo_pgsql \
+		zip \
+	; \
+	\
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+	apt-mark auto '.*' > /dev/null; \
+	apt-mark manual $savedAptMark; \
+	ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+		| awk '/=>/ { print $3 }' \
+		| sort -u \
+		| xargs -r dpkg-query -S \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -rt apt-mark manual; \
+	\
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	rm -rf /var/lib/apt/lists/*
+
+# set recommended PHP.ini settings
+# see https://secure.php.net/manual/en/opcache.installation.php
+RUN { \
+		echo 'opcache.memory_consumption=128'; \
+		echo 'opcache.interned_strings_buffer=8'; \
+		echo 'opcache.max_accelerated_files=4000'; \
+		echo 'opcache.revalidate_freq=60'; \
+		echo 'opcache.fast_shutdown=1'; \
+	} > /usr/local/etc/php/conf.d/opcache-recommended.ini
+
+# Configure msmtp
+RUN echo "\
+account default\n\
+host {{ item.subnet_gateway_ip }}\n\
+port 25\n\
+from php@{{ item.url }}\n" > /etc/msmtprc
+
+# Send mails using msmtp
+RUN echo "sendmail_path = /usr/bin/msmtp -t " > /usr/local/etc/php/conf.d/sendmail.ini
+
+
+WORKDIR /var/www/html
+
+# https://www.drupal.org/node/3060/release
+ENV DRUPAL_VERSION 8.8.5
+ENV DRUPAL_MD5 11e595f6aa42fca4ab4423bff0b09c28
+
+RUN set -eux; \
+	curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz; \
+	echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c -; \
+	tar -xz --strip-components=1 -f drupal.tar.gz; \
+	rm drupal.tar.gz; \
+	chown -R www-data:www-data sites modules themes

ansible/roles/build/templates/drupal/docker-compose.yml.j2

@@ -0,0 +1,28 @@
+version: '3'
+
+# Generated by ansible for site {{ item.url }} 
+# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+
+services:
+  drupal: 
+    build: .
+    restart: always
+    volumes:
+      # Unneeded because all modules/profiles are either core or in sites/
+      # - /var/www/html/modules
+      # - /var/www/html/profiles
+      # - /var/www/html/sites
+      # We want a host volume for the themes directory to easily work on theming
+      - "{{ www_path }}/{{ item.slug }}/themes:/var/www/html/themes"
+      - "{{ www_path }}/{{ item.slug }}/sites:/var/www/html/sites"
+    # Fix the container's IP
+    networks:
+      net:
+        ipv4_address: "{{ item.subnet_site_ip }}"
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: "{{ item.subnet_cidr_address }}"

ansible/roles/build/templates/drupal/nginx.j2

@@ -0,0 +1,56 @@
+# Generated by ansible for site {{ item.url }} 
+# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ item.url }} www.{{ item.url }};
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  location / {
+{% if item.redirect_to_www %}
+    return 301 https://www.{{ item.url }}$request_uri;
+{% else %}
+    return 301 https://{{ item.url }}$request_uri;
+{% endif %}
+  }
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name {{ item.url }} www.{{ item.url }};
+
+  access_log  /var/log/nginx/{{ item.slug }}-access.log;
+  error_log   /var/log/nginx/error.log;
+
+{% if item.redirect_to_www %}
+  # Redirect non-www to www
+  if ($host = {{ item.url }}) {
+    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
+  }
+{% else %}
+  # Redirect www to non-www
+  if ($host = www.{{ item.url }}) {
+    rewrite ^ https://{{ item.url }}$request_uri permanent;
+  }
+{% endif %}
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  include snippets/ssl-params.conf;
+  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
+  
+  include snippets/header-params_server.conf;
+  location / {
+    include snippets/header-params_location.conf;
+  
+    proxy_pass http://{{ item.subnet_site_ip }}:80;
+  }
+}
+
+

ansible/roles/deploy/tasks/drupal.yml

@@ -0,0 +1,23 @@
+- name: "Launch the site's containers"
+  docker_compose:
+    project_src: "{{ sites_path }}/{{ item.slug }}"
+    state: present 
+    build: yes
+    restarted: yes
+
+- name: "Symlink nginx configuration to sites-enabled"
+  file:
+    src: "/etc/nginx/sites-available/{{ item.url }}"
+    dest: "/etc/nginx/sites-enabled/{{ item.url }}"
+    state: link
+  become: yes
+
+- name: Verify nginx configuration
+  command: "nginx -t"
+  become: yes
+
+- name: Restart nginx service 
+  service:
+    name: nginx 
+    state: restarted
+  become: yes

ansible/roles/deploy/tasks/main.yml

@@ -5,3 +5,9 @@
   loop: "{{ sites }}"
   when: item.type == "wordpress"
   tags: wordpress
+
+- name: Deploy Drupal sites
+  include_tasks: drupal.yml  
+  loop: "{{ sites }}"
+  when: item.type == "drupal"
+  tags: drupal