Repository: lasselehtinen/barn
Branch: master
Commit: 664b22102515
Files: 67
Total size: 112.6 KB
Directory structure:
gitextract_r4eqp2u9/
├── .gitignore
├── LICENSE.md
├── README.md
├── Vagrantfile
├── dotenv_templates/
│ ├── centos7-test.blog.j2
│ └── ubuntu-test.blog.j2
├── elasticsearchservers.yml
├── host_vars/
│ ├── .gitignore
│ ├── centos7-test
│ ├── localhost
│ └── ubuntu-test
├── inventory/
│ ├── .gitignore
│ ├── development
│ └── testing
├── mysqlservers.yml
├── queueservers.yml
├── roles/
│ ├── common/
│ │ ├── handlers/
│ │ │ └── main.yml
│ │ └── tasks/
│ │ ├── cron-apt.yml
│ │ ├── main.yml
│ │ ├── ntp.yml
│ │ ├── remi.yml
│ │ ├── selinux.yml
│ │ ├── swap.yml
│ │ └── yum-cron.yml
│ ├── custom/
│ │ ├── files/
│ │ │ └── .gitignore
│ │ ├── handlers/
│ │ │ └── .gitignore
│ │ ├── tasks/
│ │ │ └── main.yml
│ │ └── templates/
│ │ └── .gitignore
│ ├── elasticsearchtier/
│ │ └── tasks/
│ │ ├── elasticsearch-apt-repo.yml
│ │ ├── elasticsearch-yum-repo.yml
│ │ ├── elasticsearch.yml
│ │ ├── java.yml
│ │ └── main.yml
│ ├── mysqltier/
│ │ ├── handlers/
│ │ │ └── main.yml
│ │ ├── tasks/
│ │ │ ├── firewalld.yml
│ │ │ ├── main.yml
│ │ │ └── mysql.yml
│ │ └── templates/
│ │ ├── my-credentials.cnf.j2
│ │ └── my.cnf.j2
│ ├── queuetier/
│ │ ├── handlers/
│ │ │ └── main.yml
│ │ ├── tasks/
│ │ │ ├── beanstalk.yml
│ │ │ ├── main.yml
│ │ │ ├── redis.yml
│ │ │ └── supervisor.yml
│ │ └── templates/
│ │ ├── supervisor-horizon.conf.j2
│ │ └── supervisor.conf.j2
│ └── webtier/
│ ├── handlers/
│ │ └── main.yml
│ ├── tasks/
│ │ ├── composer.yml
│ │ ├── cron.yml
│ │ ├── dotenv.yml
│ │ ├── firewalld.yml
│ │ ├── letsencrypt.yml
│ │ ├── main.yml
│ │ ├── nginx.yml
│ │ ├── ondrej.yml
│ │ ├── php-fpm.yml
│ │ ├── php.yml
│ │ ├── redis.yml
│ │ ├── remi.yml
│ │ └── selinux.yml
│ └── templates/
│ ├── nginx-ssl-virtualhost.conf.j2
│ ├── nginx-virtualhost.conf.j2
│ ├── nginx.conf.j2
│ ├── php-fpm.conf.j2
│ └── php.ini.j2
├── site.yml
└── webservers.yml
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
*.retry
.vagrant
================================================
FILE: LICENSE.md
================================================
# The MIT License (MIT)
Copyright (c) Lasse Lehtinen <lasse.lehtinen@iki.fi>
> Permission is hereby granted, free of charge, to any person obtaining a copy
> of this software and associated documentation files (the "Software"), to deal
> in the Software without restriction, including without limitation the rights
> to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> copies of the Software, and to permit persons to whom the Software is
> furnished to do so, subject to the following conditions:
>
> The above copyright notice and this permission notice shall be included in
> all copies or substantial portions of the Software.
>
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
> AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> THE SOFTWARE.
================================================
FILE: README.md
================================================
# Barn - Ansible playbooks for Laravel applications
This repository provides Ansible playbook targeted spesifically for Laravel applications. If you are not familiar with Ansible, it is an open-source tool that is most commonly used for provisioning, configuration management and deployment. Together with Ansible and these playbooks you can automate provisioning of your servers and development environment. Please note that Barn is not the designed to handle the actual deployment of the Laravel application. For deployment tools I suggest you checkout [Envoyer](https://envoyer.io/), [Deployer](https://deployer.org) or [Capistrano](http://capistranorb.com/) to name a few. Barn can automatically configures the following:
* PHP
* nginx + php-fpm with multiple virtual hosts
* SSL certificates and renewal with Let's Encrypt
* composer
* redis
* MySQL
* Beanstalk
* elasticsearch
* Crontab entries for queue workers and scheduled tasks
* Laravel Horizon
Barn also tries to apply some additional security by setting SELinux mode to enforcing and enabling automatic package updates.
## Getting started
### Supported distributions
* CentOS 7
* RedHat (Not tested)
* Ubuntu Trusty
* Debian (Not tested)
Other versions of the distributions listed above might work, but no guarantees given. See testing if you want to try running the distribution of your choice in virtual machines.
### Installing Ansible
You can install Ansible by following the [official installation documentation](http://docs.ansible.com/ansible/intro_installation.html). For Windows 10 users, you can use the instructions for Ubuntu after [installing the Linux subsystem](https://msdn.microsoft.com/en-us/commandline/wsl/install_guide). For older Windows version, please [check this tutorial on running Ansible on cygwin](https://www.jeffgeerling.com/blog/running-ansible-within-windows).
### Clone the repository
```shell
git clone https://github.com/lasselehtinen/barn.git
```
### Configure your inventory files
The inventory files are located in the inventory directory. Check the example for development and read the [Ansible documentation](http://docs.ansible.com/ansible/intro_inventory.html).
### Configure your host variables
Host variables control some of the aspects how the machine is configured. Store the host variable file with the same name as the hostname in the inventory file. Below is an example for the local development machine.
```yaml
# Let's Encrypt settings
enable_ssl: false
letsencrypt_email: somebody@somewhere.com
# Extra PHP packages
php_extra_packages:
- php-intl
# PHP memory limit
php_memory_limit: "512M"
# A list of virtual hosts
virtualhosts:
blog:
servernames:
- blog.development
- someother.development
run_queue_worker: true
run_horizon: false
has_scheduled_jobs: true
someothersite:
servernames:
- someothersite.development
# MySQL root password
mysql_root_password: somesecret
# List of MySQL databases
mysql_databases:
blog:
mysql_user: blog
mysql_password: table_password
someothersite:
mysql_user: otherdbuser
mysql_password: table_password
```
### Create .env templates
Create .env file templates in the dotenv_templates folder with the name `{{hostname}}.{{virtualhost}}.j2`. For example host centos7-test has a virtualhost called blog so the template should be named `centos7-test.blog.j2`. This is completely optional.
### Securing your host variables
Since you storing highly confidential information like production database passwords in the host variables and .env templates it is highly recommend that encrypt them with a symmetric AES key. Luckily Ansible has built-in tool for this called Vault. Please [read the Vault documentation](http://docs.ansible.com/ansible/playbooks_vault.html) on how to set it up.
#### Supported variables
| Name | Description | Required |
|----------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------|
| enable_ssl | Controls whether the Playbook configures Let's Encrypt certificates on all the virtual hosts. | No |
| letsencrypt_email | Email address for sending the expiry notices for the certificates. | No |
| php_extra_packages | List of extra php-packages you want to install | No |
| php_memory_limit | Sets the memory_limit in php.ini | No |
| virtualhosts.name | Shortname used for folders like /var/www/name/public | Yes |
| virtualhosts.name.servernames | List of hostnames for the virtual host. Must be a valid FQDN if you set enable_ssl to true. | Yes |
| virtualhosts.name.run_queue_worker | Sets whether we should run artisan queue:work on this virtualhost | No |
| virtualhosts.name.run_horizon | Sets whether Horizon should be running on this virtual host. Do not set both run_queue_worker and run_horizon to true | No |
| virtualhosts.name.queue_worker_timeout | Sets the timeout for the queue worker, default is 60 seconds | No |
| virtualhosts.name.has_scheduled_jobs | Sets whether we should run artisan schedule:run every minute on this virtualhost | No |
| mysql_root_password | Root password for MySQL | Yes |
| mysql_databases.name | Name of MySQL database that will generated | Yes |
| mysql_databases.name.mysql_user | Name of normal MySQL user for that database. Place this in your .env file. | Yes |
| mysql_databases.name.mysql_password | Password for the MySQL user. Place this in your .env file. | Yes | | Yes | |
## Running Barn
### Checking SSH access
After you have done with the configuration make sure you have SSH access to the servers that listed on the inventory file. You can test this by using the ping module. Troubleshooting the SSH connection is the out of scope of this repository. Please note that you can set the SSH user and port in the inventory file, see the development for example.
```shell
ansible -i inventory/development webservers -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
```
### Running the Playbook
You can run the playbook on all hosts with the following command:
```shell
ansible-playbook -i inventory site.yml
```
Provisioning takes a while for the first time so go grab a coffee. If there were no problems, you should have readily provisioned machine and you can deploy your Laravel application to the /var/www/`virtualhosts.name` folder.
### Running custom playbooks
Sometimes you have something specific which Barn does not cover. In that case you can create your custom playbooks. Store the playbooks to `roles/custom/files` with the .yml extension and they will be executed on all roles.
## Contributing
Pull requests are welcome. Repository provides a Vagrant file that spins up virtual machines on the supported distributions. Please make sure that running the command below completes without any failures. If you want to add support for a new distribution, add a new base box to the Vagrant file and add the host to the inventory/testing file. Remember also to copy the existing host_vars file for the new distribution.
```shell
ansible-playbook -i inventory/testing site.yml
```
## Issues
If you have problems or suggestions, please [open a new issue in GitHub](https://github.com/lasselehtinen/barn/issues).
## License
The MIT License (MIT). Please see [License File](LICENSE.md) for more information.
================================================
FILE: Vagrantfile
================================================
Vagrant.configure("2") do |config|
# List of servers
servers=[
{
:hostname => "barn-centos7",
:box => "centos/7",
:ip => "192.168.56.101",
:ssh_port => '2210'
},
{
:hostname => "barn-ubuntu",
:box => "ubuntu/trusty64",
:ip => "192.168.56.102",
:ssh_port => '2211'
}
]
servers.each do |machine|
config.vm.define machine[:hostname] do |node|
node.vm.box = machine[:box]
node.vm.hostname = machine[:hostname]
node.vm.network :private_network, ip: machine[:ip]
node.vm.network "forwarded_port", guest: 22, host: machine[:ssh_port], id: "ssh"
node.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--memory", 512]
v.customize ["modifyvm", :id, "--name", machine[:hostname]]
end
end
end
# Inject your public SSH key
id_rsa_key_pub = File.read(File.join(Dir.home, ".ssh", "id_rsa.pub"))
config.vm.provision :shell,
:inline => "echo 'appending SSH public key to ~vagrant/.ssh/authorized_keys' && echo '#{id_rsa_key_pub }' >> /home/vagrant/.ssh/authorized_keys && chmod 600 /home/vagrant/.ssh/authorized_keys"
config.ssh.insert_key = false
#config.vm.provision "ansible" do |ansible|
#ansible.playbook = "site.yml"
#end
end
================================================
FILE: dotenv_templates/centos7-test.blog.j2
================================================
APP_NAME=Laravel
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_LOG_LEVEL=debug
APP_URL=http://blog.development
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=blog
DB_USERNAME=blog
DB_PASSWORD=table_password
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
================================================
FILE: dotenv_templates/ubuntu-test.blog.j2
================================================
APP_NAME=Laravel
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_LOG_LEVEL=debug
APP_URL=http://blog.development
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=blog
DB_USERNAME=blog
DB_PASSWORD=table_password
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
================================================
FILE: elasticsearchservers.yml
================================================
# file: elasticsearchservers.yml
- hosts: elasticsearchservers
become: true
become_user: root
roles:
- common
- elasticsearchtier
- custom
================================================
FILE: host_vars/.gitignore
================================================
*
!.gitignore
!centos7-test
!localhost
!ubuntu-test
================================================
FILE: host_vars/centos7-test
================================================
# Let's Encrypt settings
enable_ssl: false
letsencrypt_email: somebody@somewhere.com
# Extra PHP packages
php_extra_packages:
- php-soap
- php-intl
# PHP memory limit
php_memory_limit: "512M"
# A list of virtual hosts
virtualhosts:
blog:
servernames:
- blog.development
- someother.development
run_queue_worker: true
queue_worker_timeout: 60
has_scheduled_jobs: true
cms:
servernames:
- cms.development
run_queue_worker: false
run_horizon: true
queue_worker_timeout: 60
has_scheduled_jobs: true
# MySQL root password
mysql_root_password: somesecret
# List of MySQL databases
mysql_databases:
blog:
mysql_user: blog
mysql_password: table_password
================================================
FILE: host_vars/localhost
================================================
# Let's Encrypt settings
enable_ssl: false
letsencrypt_email: somebody@somewhere.com
# Extra PHP packages
php_extra_packages:
- php-intl
# A list of virtual hosts
virtualhosts:
blog:
servernames:
- blog.development
- someother.development
run_queue_worker: true
has_scheduled_jobs: true
someothersite:
servernames:
- someothersite.development
# MySQL root password
mysql_root_password: somesecret
# List of MySQL databases
mysql_databases:
blog:
mysql_user: blog
mysql_password: table_password
someothersite:
mysql_user: otherdbuser
mysql_password: table_password
================================================
FILE: host_vars/ubuntu-test
================================================
# Let's Encrypt settings
enable_ssl: false
letsencrypt_email: somebody@somewhere.com
# Extra PHP packages
php_extra_packages:
- php7.2-soap
- php7.2-intl
# PHP memory limit
php_memory_limit: "512M"
# A list of virtual hosts
virtualhosts:
blog:
servernames:
- blog.development
- someother.development
run_queue_worker: true
queue_worker_timeout: 60
has_scheduled_jobs: true
cms:
servernames:
- cms.development
run_queue_worker: false
run_horizon: true
queue_worker_timeout: 60
has_scheduled_jobs: true
# MySQL root password
mysql_root_password: somesecret
# List of MySQL databases
mysql_databases:
blog:
mysql_user: blog
mysql_password: table_password
================================================
FILE: inventory/.gitignore
================================================
*
!.gitignore
!development
!testing
================================================
FILE: inventory/development
================================================
# file: development
[webservers]
localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant
[mysqlservers]
localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant
[queueservers]
localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant
[elasticsearchservers]
localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant
================================================
FILE: inventory/testing
================================================
# file: testing
[webservers]
centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant
ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant
[mysqlservers]
centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant
ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant
[queueservers]
centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant
ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant
[elasticsearchservers]
centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant
ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant
================================================
FILE: mysqlservers.yml
================================================
# file: mysqlservers.yml
- hosts: mysqlservers
become: true
become_user: root
roles:
- common
- mysqltier
- custom
================================================
FILE: queueservers.yml
================================================
# file: queueservers.yml
- hosts: queueservers
become: true
become_user: root
roles:
- common
- queuetier
- custom
================================================
FILE: roles/common/handlers/main.yml
================================================
# file: roles/common/handlers/main.yml
- name: Restart server
tags: selinux
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
- name: Wait for server to restart
tags: selinux
local_action: wait_for host={{ inventory_hostname }} port=22 delay=30 timeout=300
become: false
================================================
FILE: roles/common/tasks/cron-apt.yml
================================================
# file: roles/common/tasks/yum-cron.yml
- name: Install cron-apt
tags: cron-apt
apt: name=cron-apt state=installed
================================================
FILE: roles/common/tasks/main.yml
================================================
# file: roles/common/tasks/main.yml
- name: Make sure epel-repository is installed
yum: name=epel-release state=installed
tags: epel
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- include: remi.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure git is installed
tags: git
yum: name=git state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure git is installed
tags: git
apt: name=git state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure unzip is installed
tags: unzip
yum: name=unzip state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure unzip is installed
tags: unzip
apt: name=unzip state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Remove require tty
lineinfile:
dest: /etc/sudoers
line: 'Defaults requiretty'
state: absent
- include: ntp.yml
- include: selinux.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- include: yum-cron.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- include: cron-apt.yml
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- include: swap.yml
================================================
FILE: roles/common/tasks/ntp.yml
================================================
# file: roles/common/tasks/ntp.yml
- name: Install ntp
yum: name=ntp state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install ntp
apt: name=ntp state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure ntpd is running
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure ntpd is started on boot
service: name=ntpd enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure ntpd is running
service: name=ntp state=started
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure ntpd is started on boot
service: name=ntp enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/common/tasks/remi.yml
================================================
# file: roles/common/tasks/remi.yml
- name: Import PGP key for Remi's RPM repository
tags: remi
rpm_key: state=present key=http://rpms.famillecollet.com/RPM-GPG-KEY-remi
- name: Install package for Remi's RPM repository
tags: remi
yum:
name: "http://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm"
state: present
================================================
FILE: roles/common/tasks/selinux.yml
================================================
# file: roles/common/tasks/selinux.yml
- name: Set SELinux to enforcing
tags: selinux
selinux: policy=targeted state=enforcing
register: selinux
notify:
- Restart server
- Wait for server to restart
- name: Make sure SELinux managements tools are installed
tags: selinux
yum: name=policycoreutils-python state=installed
================================================
FILE: roles/common/tasks/swap.yml
================================================
# file: roles/common/tasks/swap.yml
- name: Check if additional swap is needed
tags: swap
when: ansible_memtotal_mb < 1024
set_fact:
needs_extra_swap: true
- name: Check if swap exists
tags: swap
when: needs_extra_swap is defined and needs_extra_swap == true
stat:
path: /swapfile
register: swap_file_check
- name: Generate swapfile
tags: swap
command: dd if=/dev/zero of=/swapfile count=1024 bs=1MiB
register: generate_swapfile
when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false
- name: Set permissions on swapfile
tags: swap
file: path=/swapfile mode=0600
when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == true
- name: Create swapfile
tags: swap
command: mkswap /swapfile
when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false
- name: Enable swapfile
tags: swap
command: swapon /swapfile
when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false
- name: Add swapfile to /etc/fstab
tags: swap
lineinfile: dest=/etc/fstab line="/swapfile swap swap sw 0 0" state=present
when: needs_extra_swap is defined and needs_extra_swap == true
- name: Set swapfile permissions
tags: swap
file: path=/swapfile mode=0600
when: needs_extra_swap is defined and needs_extra_swap == true
- name: Configure vm.swappiness
tags: swap
sysctl:
name: vm.swappiness
value: "1"
when: needs_extra_swap is defined and needs_extra_swap == true
- name: Configure vm.vfs_cache_pressure
tags: swap
sysctl:
name: vm.vfs_cache_pressure
value: "50"
when: needs_extra_swap is defined and needs_extra_swap == true
================================================
FILE: roles/common/tasks/yum-cron.yml
================================================
# file: roles/common/tasks/yum-cron.yml
- name: Update yum
yum: name=yum state=present
- name: Install deltarpm
yum: name=deltarpm state=installed
- name: Install yum-cron
tags: yum-cron
yum: name=yum-cron state=installed
- name: Make sure yum-cron is running and started on boot
tags: yum-cron
service: name=yum-cron state=started enabled=yes
- name: Enable automatic updates for yum-cron
tags: yum-cron
ini_file:
dest: /etc/yum/yum-cron.conf
section: commands
option: apply_updates
value: 'yes'
================================================
FILE: roles/custom/files/.gitignore
================================================
*.yml
================================================
FILE: roles/custom/handlers/.gitignore
================================================
*
!.gitignore
================================================
FILE: roles/custom/tasks/main.yml
================================================
# file: roles/custom/tasks/main.yml
- include: "{{ item }}"
tags: custom
with_fileglob:
- '*.yml'
================================================
FILE: roles/custom/templates/.gitignore
================================================
*
!.gitignore
================================================
FILE: roles/elasticsearchtier/tasks/elasticsearch-apt-repo.yml
================================================
# file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml
- name: Import PGP key for elasticsearch APT repository
tags: elasticsearch
apt_key: state=present url=http://packages.elastic.co/GPG-KEY-elasticsearch
- name: Enable elasticsearch APT repository permanently
tags: elasticsearch
apt_repository:
repo: deb http://packages.elastic.co/elasticsearch/5.x/debian stable main
state: present
================================================
FILE: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml
================================================
# file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml
- name: Import PGP key for elasticsearch RPM repository
tags: elasticsearch
rpm_key: state=present key=http://packages.elastic.co/GPG-KEY-elasticsearch
- name: Enable elasticsearch RPM repository permanently
tags: elasticsearch
yum_repository:
name: elasticsearch
description: Elasticsearch repository for 5.x packages
baseurl: https://artifacts.elastic.co/packages/5.x/yum
enabled: 1
gpgcheck: 1
gpgkey: file:///etc/pki/rpm-gpg/GPG-KEY-elasticsearch
================================================
FILE: roles/elasticsearchtier/tasks/elasticsearch.yml
================================================
# file: roles/elasticsearchtier/tasks/elasticsearch.yml
- name: Install elasticsearch
tags: elasticsearch
yum: name=elasticsearch state=installed enablerepo=elasticsearch
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install elasticsearch
tags: elasticsearch
apt: name=elasticsearch update_cache=yes state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure elasticsearch is running and is started on boot
tags: elasticsearch
service: name=elasticsearch state=started enabled=yes
================================================
FILE: roles/elasticsearchtier/tasks/java.yml
================================================
# file: roles/elasticsearchtier/tasks/java.yml
- name: Install Java
tags: elasticsearch
yum: name=java-1.8.0-openjdk state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Enable Oracle Java repository permanently
tags: elasticsearch
apt_repository:
repo: ppa:webupd8team/java
state: present
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: accept oracle license
tags: elasticsearch
debconf: name='oracle-java8-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: install jdk
tags: elasticsearch
apt: name=oracle-java8-installer state=present
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
#- name: Accept Oracle license
# tags: elasticsearch
# debconf:
# name: oracle-java8-installer
# question: shared/accepted-oracle-license-v1-1
# value: true
# vtype: select
# when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
#
#- name: Install Java
# tags: elasticsearch
# apt: name=oracle-java8-installer update_cache=yes state=installed
# when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/elasticsearchtier/tasks/main.yml
================================================
# file: roles/elasticsearchtier/tasks/main.yml
- include: java.yml
- include: elasticsearch-yum-repo.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- include: elasticsearch-apt-repo.yml
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- include: elasticsearch.yml
================================================
FILE: roles/mysqltier/handlers/main.yml
================================================
# file: roles/dbtier/handlers/main.yml
- name: Restart MySQL
service: name=mysqld state=restarted
================================================
FILE: roles/mysqltier/tasks/firewalld.yml
================================================
# file: roles/db/tasks/firewalld.yml
- name: Install firewalld
yum: name=firewalld state=installed
- name: Make sure firewalld is running
service: name=firewalld state=started
- name: Make sure firewalld is started on boot
service: name=firewalld enabled=yes
- name: Enable firewall to enable incoming connections to MySQL
firewalld: service=mysql permanent=true state=enabled zone=public immediate=true
================================================
FILE: roles/mysqltier/tasks/main.yml
================================================
# file: roles/dbtier/tasks/main.yml
- include: mysql.yml
#- include: firewalld.yml
================================================
FILE: roles/mysqltier/tasks/mysql.yml
================================================
# file: roles/dbtier/tasks/mysql.yml
- name: Install package for MySQL community edition repository
tags: mysql
yum:
name: "http://repo.mysql.com/mysql-community-release-el{{ ansible_distribution_major_version }}-5.noarch.rpm"
state: present
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install MySQL
tags: mysql
yum: name=mysql-server state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install MySQL
tags: mysql
apt: name=mysql-server state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure MySQL is running and started on boot
tags: mysql
service: name=mysqld state=started enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure MySQL is running and started on boot
tags: mysql
service: name=mysql state=started enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Install MySQL-python
tags: mysql
yum: name=MySQL-python state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install MySQL-python
tags: mysql
apt: name=python-mysqldb state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Copy .my.cnf file with root password credentials
tags: mysql
template: src=my-credentials.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
- name: Update mysql root password for all root accounts
tags: mysql
mysql_user: check_implicit_admin=yes name=root host=localhost password={{ mysql_root_password }}
- name: Create MySQL databases
tags: mysql
mysql_db: name={{ item.key }} state=present
with_dict: "{{ mysql_databases }}"
- name: Create application database user
tags: mysql
mysql_user: name={{ item.value.mysql_user }} host=localhost password={{ item.value.mysql_password }} priv={{ item.key }}.*:ALL
with_dict: "{{ mysql_databases }}"
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
tags: mysql
action: mysql_user user="" host="{{ ansible_hostname }}" state="absent"
- name: Delete anonymous MySQL server user for localhost
tags: mysql
action: mysql_user user="" state="absent"
- name: Remove the MySQL test database
tags: mysql
action: mysql_db db=test state=absent
================================================
FILE: roles/mysqltier/templates/my-credentials.cnf.j2
================================================
[client]
user=root
password="{{ mysql_root_password }}"
================================================
FILE: roles/mysqltier/templates/my.cnf.j2
================================================
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
bind-address=0.0.0.0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
================================================
FILE: roles/queuetier/handlers/main.yml
================================================
# file: roles/queuetier/handlers/main.yml
- name: Reload supervisord config
shell: supervisorctl update
changed_when: False
- name: Reload supervisord config (Debian)
shell: supervisorctl update
changed_when: False
================================================
FILE: roles/queuetier/tasks/beanstalk.yml
================================================
# file: roles/queuetier/tasks/beanstalk.yml
- name: Install beanstalk
tags: beanstalk
yum: name=beanstalkd state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install beanstalk
tags: beanstalk
apt: name=beanstalkd state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure beanstalk is running and started on boot
tags: beanstalk
service: name=beanstalkd state=started enabled=yes
================================================
FILE: roles/queuetier/tasks/main.yml
================================================
# file: roles/queuetier/tasks/main.yml
- include: beanstalk.yml
- include: redis.yml
- include: supervisor.yml
================================================
FILE: roles/queuetier/tasks/redis.yml
================================================
# file: roles/queuetier/tasks/redis.yml
- name: Install redis
tags: redis
yum: name=redis state=installed enablerepo=remi
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install redis
tags: redis
apt: name=redis-server state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure redis is running and started on boot
tags: redis
service: name=redis state=started enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure redis is running and started on boot
tags: redis
service: name=redis-server state=started enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/queuetier/tasks/supervisor.yml
================================================
# file: roles/beanstalktier/tasks/supervisor.yml
- name: Install supervisor
tags: supervisor
yum: name=supervisor state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install supervisor
tags: supervisor
apt: name=supervisor state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure supervisor is running and started on boot
tags: supervisor
systemd: daemon_reload=yes state=started name=supervisord enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure supervisor is running and started on boot
tags: supervisor
service: name=supervisor state=started enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure supervisor job is configured
tags: supervisor
template: src=supervisor.conf.j2 dest=/etc/supervisord.d/{{ item.key }}-worker.ini
with_dict: "{{ virtualhosts }}"
when: item.value.run_queue_worker|default(false)|bool == true and ansible_distribution == 'CentOS'
vars:
user: nginx
notify:
- Reload supervisord config
- name: Make sure supervisor job is configured
tags: supervisor
template: src=supervisor.conf.j2 dest=/etc/supervisor/conf.d/{{ item.key }}-worker.conf
with_dict: "{{ virtualhosts }}"
when: item.value.run_queue_worker|default(false)|bool == true and ansible_distribution == 'Ubuntu'
vars:
user: www-data
notify:
- Reload supervisord config (Debian)
- name: Make sure supervisor job is configured for Horizon
tags: supervisor
template: src=supervisor-horizon.conf.j2 dest=/etc/supervisord.d/{{ item.key }}-horizon.ini
with_dict: "{{ virtualhosts }}"
when: item.value.run_horizon|default(false)|bool == true and ansible_distribution == 'CentOS'
vars:
user: nginx
notify:
- Reload supervisord config
- name: Make sure supervisor job is configured for Horizon
tags: supervisor
template: src=supervisor-horizon.conf.j2 dest=/etc/supervisor/conf.d/{{ item.key }}-horizon.conf
with_dict: "{{ virtualhosts }}"
when: item.value.run_horizon|default(false)|bool == true and ansible_distribution == 'Ubuntu'
vars:
user: www-data
notify:
- Reload supervisord config (Debian)
================================================
FILE: roles/queuetier/templates/supervisor-horizon.conf.j2
================================================
[program:{{ item.key }}-horizon]
process_name=%(program_name)s
command=php /var/www/{{ item.key }}/artisan horizon
autostart=true
autorestart=true
user=nginx
redirect_stderr=true
stdout_logfile=/var/log/{{ item.key }}-horizon.log
================================================
FILE: roles/queuetier/templates/supervisor.conf.j2
================================================
[program:{{ item.key }}-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/{{ item.key }}/artisan queue:work --sleep=3 --tries=3 --queue={{ item.key }} --timeout={{ item.value.queue_worker_timeout|default(60) }} --daemon
autostart=true
autorestart=true
user=nginx
numprocs=4
redirect_stderr=true
stdout_logfile=/var/log/{{ item.key }}-worker.log
================================================
FILE: roles/webtier/handlers/main.yml
================================================
# file: roles/webtier/handlers/main.yml
- name: Restart nginx
service: name=nginx state=restarted
- name: Restart php-fpm
service: name=php-fpm state=restarted
- name: Restart php-fpm (Debian)
service: name=php7.2-fpm state=restarted
================================================
FILE: roles/webtier/tasks/composer.yml
================================================
# file: roles/common/tasks/composer.yml
- name: Check if composer is installed
tags: composer
stat:
path: /usr/bin/composer
register: composer_binary
- name: Download Composer installer
tags: composer
when: composer_binary.stat.exists == false
get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-setup.php
- name: Install composer
tags: composer
command: php /tmp/composer-setup.php --install-dir=/usr/bin --filename=composer
when: composer_binary.stat.exists == false
- name: Update to latest composer version
tags: composer
command: composer selfupdate
when: composer_binary.stat.exists == true
changed_when: false
================================================
FILE: roles/webtier/tasks/cron.yml
================================================
# file: roles/webtier/tasks/cron.yml
- name: Add crontab entry for Laravel scheduler
tags: cron
cron: name="Run Laravel scheduler for {{ item.key }}" job="php /var/www/{{ item.key }}/artisan schedule:run >> /dev/null 2>&1"
with_dict: "{{ virtualhosts }}"
when: item.value.has_scheduled_jobs|default(false)|bool == true
================================================
FILE: roles/webtier/tasks/dotenv.yml
================================================
# file: roles/webtier/tasks/dotenv.yml
- name: Check if .env template exists
tags: dotenv
local_action: stat path=dotenv_templates/{{ inventory_hostname }}.{{ item.key }}.j2
vars:
ansible_become: no
with_dict: "{{ virtualhosts }}"
register: dotenv_file
- name: Create node spesific .env file
tags: dotenv
template: src={{ item.stat.path }} dest=/var/www/{{ item.item.key }}/.env
with_items: "{{ dotenv_file.results }}"
when: item.stat.exists == True
================================================
FILE: roles/webtier/tasks/firewalld.yml
================================================
# file: roles/webtier/tasks/firewalld.yml
- name: Install firewalld
tags: firewalld
yum: name=firewalld state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install firewalld
tags: firewalld
apt: name=firewalld state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure firewalld is running and is started on boot
tags: firewalld
service: name=firewalld state=started enabled=yes
- name: Enable firewall to enable incoming HTTP
tags: firewalld
firewalld: service=http permanent=true state=enabled zone=public immediate=true
- name: Enable firewall to enable incoming HTTPS
tags: firewalld
firewalld: service=https permanent=true state=enabled zone=public immediate=true
================================================
FILE: roles/webtier/tasks/letsencrypt.yml
================================================
# file: roles/webtier/tasks/letsencrypt.yml
- name: Install certbot
tags: letsencrypt
yum: name=certbot state=installed
- name: Check if Diffie-Hellman group exists
tags: letsencrypt2
stat:
path: /etc/ssl/certs/dhparam.pem
register: group_exists
- name: Generate a strong 2048 bit Diffie-Hellman group
tags: letsencrypt2
shell: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
when: group_exists.stat.exists == false
- name: Install / renew certificates
tags: letsencrypt
shell: certbot certonly --noninteractive --webroot --email {{ letsencrypt_email }} --agree-tos --renew-by-default -w /var/www/{{ item.key }}/public -d {{ item.value.servername }}
with_dict: "{{ virtualhosts }}"
notify:
- Restart nginx
- name: Add auto renewal for certificates to crontab
tags: letsencrypt
cron:
name: "Weekly check for certificates"
special_time: weekly
job: /usr/bin/certbot renew --post-hook "service nginx restart"
================================================
FILE: roles/webtier/tasks/main.yml
================================================
# file: roles/webtier/tasks/main.yml
- include: remi.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- include: ondrej.yml
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- include: php.yml
- include: php-fpm.yml
- include: composer.yml
- include: nginx.yml
- include: dotenv.yml
- include: cron.yml
- include: letsencrypt.yml
when: enable_ssl|default(false)|bool == true
- include: firewalld.yml
- include: redis.yml
- include: selinux.yml
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
================================================
FILE: roles/webtier/tasks/nginx.yml
================================================
# file: roles/webtier/tasks/nginx.yml
- name: Install nginx
tags: nginx
yum: name=nginx state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure apache related packages are removed
tags: nginx
apt: name="{{ packages }}" state=absent purge=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
vars:
packages:
- apache2
- apache2-utils
- name: Install nginx
tags: nginx
apt: name=nginx state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure nginx user exists
tags: nginx
user:
name: nginx
comment: nginx user
createhome: false
generate_ssh_key: false
shell: /bin/false
system: yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure nginx is running and is started on boot
tags: nginx
service: name=nginx state=started enabled=yes
- name: Make sure nginx is configured
tags: nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify:
- Restart nginx
- name: Make sure nginx virtual hosts are configured
tags: nginx
template: src=nginx-virtualhost.conf.j2 dest=/etc/nginx/conf.d/{{ item.key }}.conf
with_dict: "{{ virtualhosts }}"
when: enable_ssl|default(false)|bool == false
notify:
- Restart nginx
- name: Make sure SSL nginx virtual hosts are configured
tags: nginx
template: src=nginx-ssl-virtualhost.conf.j2 dest=/etc/nginx/conf.d/{{ item.key }}.conf
with_dict: "{{ virtualhosts }}"
when: enable_ssl|default(false)|bool == true
notify:
- Restart nginx
- name: Create public directory
tags: nginx
file: path=/var/www/{{ item.key }}/public state=directory owner=nginx group=nginx mode=0775
with_dict: "{{ virtualhosts }}"
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Create public directory
tags: nginx
file: path=/var/www/{{ item.key }}/public state=directory owner=www-data group=www-data mode=0775
with_dict: "{{ virtualhosts }}"
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/webtier/tasks/ondrej.yml
================================================
# file: roles/webtier/tasks/ondrej.yml
- name: Enable ondrejs PHP repository permanently
tags: ondrej
apt_repository:
repo: ppa:ondrej/php
state: present
================================================
FILE: roles/webtier/tasks/php-fpm.yml
================================================
# file: roles/webtier/tasks/php-fpm.yml
- name: Install php-fpm
tags: php-fpm
yum: name=php-fpm state=installed
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install php-fpm
tags: php-fpm
apt: name=php7.2-fpm state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure php-fpm is running
tags: php-fpm
service: name=php-fpm state=started enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure php-fpm is running
tags: php-fpm
service: name=php7.2-fpm state=started enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure php-fpm is configured
tags: php-fpm
template: src=php-fpm.conf.j2 dest=/etc/php-fpm.d/www.conf
notify:
- Restart php-fpm
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure php-fpm is configured
tags: php-fpm
template: src=php-fpm.conf.j2 dest=/etc/php/7.2/fpm/pool.d/www.conf
notify:
- Restart php-fpm (Debian)
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/webtier/tasks/php.yml
================================================
# file: roles/webtier/tasks/php.yml
- name: Install PHP and extensions
yum: name={{ item }} state=installed enablerepo=epel,remi,remi-php72
tags: php
with_items:
- php
- php-zip
- php-openssl
- php-pdo
- php-mbstring
- php-tokenizer
- php-xml
- php-mysqlnd
- php-opcache
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install PHP and extensions
apt: name={{ item }} state=installed update_cache=yes
tags: php
with_items:
- php7.2
- php7.2-zip
- php7.2-pdo
- php7.2-mbstring
- php7.2-tokenizer
- php7.2-xml
- php7.2-mysqlnd
- php7.2-opcache
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Install extra PHP packages
yum: name={{ item }} state=installed enablerepo=epel,remi,remi-php72
tags: php-extra
with_items: "{{ php_extra_packages }}"
when: php_extra_packages is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')
notify:
- Restart php-fpm
- name: Install extra PHP packages
apt: name={{ item }} state=installed update_cache=yes
tags: php-extra
with_items: "{{ php_extra_packages }}"
when: php_extra_packages is defined and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
notify:
- Restart php-fpm (Debian)
- name: Set PHP memory limit in php.ini
tags: php
ini_file:
dest: /etc/php.ini
section: "PHP"
option: memory_limit
value: "{{ php_memory_limit }}"
when: php_memory_limit is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')
notify:
- Restart php-fpm
- name: Set PHP memory limit in php.ini
tags: php
ini_file:
dest: "{{ item }}"
section: "PHP"
option: memory_limit
value: "{{ php_memory_limit }}"
with_items:
- /etc/php/7.2/apache2/php.ini
- /etc/php/7.2/fpm/php.ini
- /etc/php/7.2/cli/php.ini
when: php_memory_limit is defined and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
notify:
- Restart php-fpm (Debian)
================================================
FILE: roles/webtier/tasks/redis.yml
================================================
# file: roles/webtier/tasks/redis.yml
- name: Install redis
tags: redis
yum: name=redis state=installed enablerepo=remi
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Install redis
tags: redis
apt: name=redis-server state=installed
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Make sure redis is running and started on boot
tags: redis
service: name=redis state=started enabled=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Make sure redis is running and started on boot
tags: redis
service: name=redis-server state=started enabled=yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
================================================
FILE: roles/webtier/tasks/remi.yml
================================================
# file: roles/webtier/tasks/remi.yml
- name: Enable Remi's PHP 7.2 repository permanently
tags: remi
yum_repository:
name: remi-php72
description: Remi's PHP 7.2 RPM repository for Enterprise Linux 7
mirrorlist: http://rpms.remirepo.net/enterprise/7/php72/mirror
enabled: 1
gpgcheck: 1
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
================================================
FILE: roles/webtier/tasks/selinux.yml
================================================
# file: roles/webtier/tasks/selinux.yml
- name: Enable nginx to have access to the deployment folder
tags: selinux
shell: chcon -R -t httpd_sys_rw_content_t /var/www/{{ item.key }}
with_dict: "{{ virtualhosts }}"
changed_when: False
- name: Allow nginx to make TCP connections ie. to redis/beanstalk
tags: selinux
seboolean: name=httpd_can_network_connect state=yes persistent=yes
================================================
FILE: roles/webtier/templates/nginx-ssl-virtualhost.conf.j2
================================================
server {
listen 80;
listen 443 http2 ssl;
server_name {{ item.value.servernames | join(" ") }} {{ ansible_default_ipv4["address"] }} localhost;
root /var/www/{{ item.key }}/public;
index index.php;
access_log /var/log/nginx/{{ item.value.servername }}-access.log;
error_log /var/log/nginx/{{ item.value.servername }}-error.log error;
ssl_certificate /etc/letsencrypt/live/{{ item.value.servername }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.value.servername }}/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1200;
include fastcgi_params;
}
}
================================================
FILE: roles/webtier/templates/nginx-virtualhost.conf.j2
================================================
server {
listen 80;
server_name {{ item.value.servernames | join(" ") }} {{ ansible_default_ipv4["address"] }} localhost;
root /var/www/{{ item.key }}/public;
index index.php;
access_log /var/log/nginx/{{ item.value.servernames[0] }}-access.log;
error_log /var/log/nginx/{{ item.value.servernames[0] }}-error.log error;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1200;
include fastcgi_params;
}
}
================================================
FILE: roles/webtier/templates/nginx.conf.j2
================================================
user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_processes {{ ansible_processor_cores }};
events {
worker_connections 1024;
multi_accept off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
client_max_body_size 64m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main buffer=16k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
================================================
FILE: roles/webtier/templates/php-fpm.conf.j2
================================================
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
================================================
FILE: roles/webtier/templates/php.ini.j2
================================================
[PHP]
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
; PHP's initialization file, generally called php.ini, is responsible for
; configuring many of the aspects of PHP's behavior.
; PHP attempts to find and load this configuration from a number of locations.
; The following is a summary of its search order:
; 1. SAPI module specific location.
; 2. The PHPRC environment variable. (As of PHP 5.2.0)
; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
; 4. Current working directory (except CLI)
; 5. The web server's directory (for SAPI modules), or directory of PHP
; (otherwise in Windows)
; 6. The directory from the --with-config-file-path compile time option, or the
; Windows directory (C:\windows or C:\winnt)
; See the PHP docs for more specific information.
; http://php.net/configuration.file
; The syntax of the file is extremely simple. Whitespace and lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; Directives are variables used to configure PHP or PHP extensions.
; There is no name validation. If PHP can't find an expected
; directive because it is not set or is mistyped, a default value will be used.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
; previously set variable or directive (e.g. ${foo})
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; ^ bitwise XOR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
; foo = ; sets foo to an empty string
; foo = None ; sets foo to an empty string
; foo = "None" ; sets foo to the string 'None'
; If you use constants in your value, and these constants belong to a
; dynamically loaded extension (either a PHP extension or a Zend extension),
; you may only use these constants *after* the line that loads the extension.
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; PHP comes packaged with two INI files. One that is recommended to be used
; in production environments and one that is recommended to be used in
; development environments.
; php.ini-production contains settings which hold security, performance and
; best practices at its core. But please be aware, these settings may break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing environments.
; php.ini-development is very similar to its production variant, except it is
; much more verbose when it comes to errors. We recommend using the
; development version only in development environments, as errors shown to
; application users can inadvertently leak otherwise secure information.
; This is php.ini-production INI file.
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
;;;;;;;;;;;;;;;;;;;
; The following are all the settings which are different in either the productio n
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to wh y
; we recommend these changes in PHP's behavior.
; display_errors
; Default Value: On
; Development Value: On
; Production Value: Off
; display_startup_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; error_reporting
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; html_errors
; Default Value: On
; Development Value: On
; Production value: On
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
; max_input_time
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; output_buffering
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; register_argc_argv
; Default Value: On
; Development Value: Off
; Production Value: Off
; request_order
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; session.gc_divisor
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
; short_open_tag
; Default Value: On
; Development Value: Off
; Production Value: Off
; track_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; url_rewriter.tags
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; variables_order
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS"
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 s econds (5 minutes)
;user_ini.cache_ttl = 300
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
; http://php.net/engine
engine = On
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It is
; generally recommended that <?php and ?> should be used and that this feature
; should be disabled, as enabling it may result in issues when generating XML
; documents, however this remains supported for backward compatibility reasons.
; Note that this directive does not control the <?= shorthand tag, which can be
; used regardless of this directive.
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/short-open-tag
short_open_tag = Off
; The number of significant digits displayed in floating point numbers.
; http://php.net/precision
precision = 14
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
; will send that data in chunks of roughly the size you specify.
; Turning on this setting and managing its maximum buffer size can yield some
; interesting side-effects depending on your application and web server.
; You may be able to send headers and cookies after you've already sent output
; through print or echo. You also may see performance benefits if your server is
; emitting less packets due to buffered output versus PHP streaming the output
; as it gets it. On production servers, 4096 bytes is a good setting for perform ance
; reasons.
; Note: Output buffering can also be controlled via Output Buffering Control
; functions.
; Possible Values:
; On = Enabled and buffer is unlimited. (Use with caution)
; Off = Disabled
; Integer = Enables the buffer and sets its maximum size in bytes.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; http://php.net/output-buffering
output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
; example, if you set output_handler to "mb_output_handler", character
; encoding will be transparently converted to the specified encoding.
; Setting any output handler automatically turns on output buffering.
; Note: People who wrote portable scripts should not depend on this ini
; directive. Instead, explicitly set the output handler using ob_start().
; Using this ini directive may cause problems unless you know what script
; is doing.
; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
; Note: output_handler must be empty if this is set 'On' !!!!
; Instead you must use zlib.output_handler.
; http://php.net/output-handler
;output_handler =
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
; outputs chunks that are few hundreds bytes each as a result of
; compression. If you prefer a larger chunk size for better
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
; http://php.net/zlib.output-compression
zlib.output_compression = Off
; http://php.net/zlib.output-compression-level
;zlib.output_compression_level = -1
; You cannot specify additional output handlers if zlib.output_compression
; is activated here. This setting does the same as output_handler but in
; a different order.
; http://php.net/zlib.output-handler
;zlib.output_handler =
; Implicit flush tells PHP to tell the output layer to flush itself
; automatically after every output block. This is equivalent to calling the
; PHP function flush() after each and every call to print() or echo() and each
; and every HTML block. Turning this option on has serious performance
; implications and is generally recommended for debugging purposes only.
; http://php.net/implicit-flush
; Note: This directive is hardcoded to On for the CLI SAPI
implicit_flush = Off
; The unserialize callback function will be called (with the undefined class'
; name as parameter), if the unserializer finds an undefined class
; which should be instantiated. A warning appears if the specified function is
; not defined, or if the function doesn't include/implement the missing class.
; So only set this entry, if you really want to implement such a
; callback-function.
unserialize_callback_func =
; When floats & doubles are serialized store serialize_precision significant
; digits after the floating point. The default value ensures that when floats
; are decoded with unserialize, the data will remain the same.
serialize_precision = 17
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; http://php.net/open-basedir
;open_basedir =
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions =
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names.
; http://php.net/disable-classes
disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
; http://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.default = #0000BB
;highlight.html = #000000
; If enabled, the request will be allowed to complete even if the user aborts
; the request. Consider enabling it if executing long requests, which may end up
; being interrupted by the user or a browser timing out. PHP's default behavior
; is to disable this feature.
; http://php.net/ignore-user-abort
;ignore_user_abort = On
; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
; http://php.net/realpath-cache-size
;realpath_cache_size = 16k
; Duration of time, in seconds for which to cache realpath information for a giv en
; file or directory. For systems with rarely changing files, consider increasing this
; value.
; http://php.net/realpath-cache-ttl
;realpath_cache_ttl = 120
; Enables or disables the circular reference collector.
; http://php.net/zend.enable-gc
zend.enable_gc = On
; If enabled, scripts may be written in encodings that are incompatible with
; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
; encodings. To use this feature, mbstring extension must be enabled.
; Default: Off
;zend.multibyte = Off
; Allows to set the default encoding for the scripts. This value will be used
; unless "declare(encoding=...)" directive appears at the top of the script.
; Only affects if zend.multibyte is set.
; Default: ""
;zend.script_encoding =
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
; http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 240
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpecte dly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; http://php.net/max-input-time
max_input_time = 60
; Maximum input variable nesting level
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
; max_input_vars = 1000
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 2048M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This directive informs PHP of which errors, warnings and notices you would lik e
; it to take action for. The recommended way of setting values for this
; directive is through the use of the error level constants and bitwise
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCE PT
; those related to E_NOTICE and E_STRICT, which together cover best practices an d
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
; development servers and development settings are for.
; Note: The php.ini-development file has this setting as E_ALL. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0 )
; E_ERROR - fatal run-time errors
; E_RECOVERABLE_ERROR - almost fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings which often result
; from a bug in your code, but it's possible that it was
; intentional (e.g., using an uninitialized variable and
; relying on the fact it is automatically initialized to an
; empty string)
; E_STRICT - run-time notices, enable to have PHP suggest changes
; to your code which will ensure the best interoperability
; and forward compatibility of your code
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
; initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
; E_DEPRECATED - warn about code that will not work in future versions
; of PHP
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and codi ng standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; For production environments, we recommend logging errors rather than
; sending them to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. We strongly recommend you
; set this to 'off' for production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/display-startup-errors
display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
; server-specific log, STDERR, or a location specified by the error_log
; directive found below. While errors should not be displayed on productions
; servers they should still be monitored and logging is a great way to do that.
; Default Value: Off
; Development Value: On
; Production Value: On
; http://php.net/log-errors
log_errors = On
; Set maximum length of log_errors. In error_log information about the source is
; added. The default is 1024 and 0 allows to not apply any maximum length at all .
; http://php.net/log-errors-max-len
log_errors_max_len = 1024
; Do not log repeated messages. Repeated errors must occur in same file on same
; line unless ignore_repeated_source is set true.
; http://php.net/ignore-repeated-errors
ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting
; is On you will not log errors with repeated messages from different files or
; source lines.
; http://php.net/ignore-repeated-source
ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on
; stdout or in the log). This has only effect in a debug compile, and if
; error reporting includes E_WARNING in the allowed list
; http://php.net/report-memleaks
report_memleaks = On
; This setting is on by default.
;report_zend_debug = 0
; Store the last error/warning message in $php_errormsg (boolean). Setting this value
; to On can assist in debugging and is appropriate for development servers. It s hould
; however be disabled on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/track-errors
track_errors = Off
; Turn off normal error reporting and emit XML-RPC error XML
; http://php.net/xmlrpc-errors
;xmlrpc_errors = 0
; An XML-RPC faultCode
;xmlrpc_error_number = 0
; When PHP displays or logs an error, it has the capability of formatting the
; error message as HTML for easier reading. This directive controls whether
; the error message is formatted as HTML or not.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: On
; Development Value: On
; Production value: On
; http://php.net/html-errors
html_errors = On
; If html_errors is set to On *and* docref_root is not empty, then PHP
; produces clickable error messages that direct to a page describing the error
; or function causing the error in detail.
; You can download a copy of the PHP manual from http://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
; the dot. PHP's default behavior is to leave these settings empty, in which
; case no links to documentation are generated.
; Note: Never use this feature for production boxes.
; http://php.net/docref-root
; Examples
;docref_root = "/phpmanual/"
; http://php.net/docref-ext
;docref_ext = .html
; String to output before an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-prepend-string
; Example:
;error_prepend_string = "<span style='color: #ff0000'>"
; String to output after an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-append-string
; Example:
;error_append_string = "</span>"
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; http://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog.
;error_log = syslog
;windows.show_crt_warning
; Default value: 0
; Development value: 0
; Production value: 0
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; The separator used in PHP generated URLs to separate arguments.
; PHP's default setting is "&".
; http://php.net/arg-separator.output
; Example:
;arg_separator.output = "&"
; List of separator(s) used by PHP to parse input URLs into variables.
; PHP's default setting is "&".
; NOTE: Every character in this directive is considered as separator!
; http://php.net/arg-separator.input
; Example:
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. G,P,C,E & S are abbreviations for the following respective super
; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
; paid for the registration of these arrays and because ENV is not as commonly
; used as the others, ENV is not recommended on productions servers. You
; can still get access to the environment variables through getenv() should you
; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/variables-order
variables_order = "GPCS"
; This directive determines which super global data (G,P & C) should be
; registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive
; are specified in the same manner as the variables_order directive,
; EXCEPT one. Leaving this value empty will cause PHP to use the value set
; in the variables_order directive. It does not mean it will leave the super
; globals array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
request_order = "GP"
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; that were passed when the script was invoked. These arrays are extremely
; useful when running scripts from the command line. When this directive is
; enabled, registering these variables consumes CPU cycles and memory each time
; a script is executed. For performance reasons, this feature should be disabled
; on production servers.
; Note: This directive is hardcoded to On for the CLI SAPI
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/register-argc-argv
register_argc_argv = Off
; When enabled, the ENV, REQUEST and SERVER variables are created when they're
; first used (Just In Time) instead of when the script starts. If these
; variables are not used within a script, having this directive on will result
; in a performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
; Whether PHP will read the POST data.
; This option is enabled by default.
; Most likely, you won't want to disable this option globally. It causes $_POST
; and $_FILES to always be empty; the only way you will be able to read the
; POST data will be through the php://input stream wrapper. This can be useful
; to proxy requests or to process the POST data in a memory efficient fashion.
; http://php.net/enable-post-data-reading
;enable_post_data_reading = Off
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 8M
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file =
; Automatically add files after PHP document.
; http://php.net/auto-append-file
auto_append_file =
; By default, PHP will output a character encoding using
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
;
; PHP's built-in default is text/html
; http://php.net/default-mimetype
default_mimetype = "text/html"
; PHP's default character set is set to UTF-8.
; http://php.net/default-charset
default_charset = "UTF-8"
; PHP internal character encoding is set to empty.
; If empty, default_charset is used.
; http://php.net/internal-encoding
;internal_encoding =
; PHP input character encoding is set to empty.
; If empty, default_charset is used.
; http://php.net/input-encoding
;input_encoding =
; PHP output character encoding is set to empty.
; If empty, default_charset is used.
; mbstring or iconv output handler is used.
; See also output_buffer.
; http://php.net/output-encoding
;output_encoding =
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
;include_path = ".:/php/includes"
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
; http://php.net/include-path
; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
; http://php.net/doc-root
doc_root =
; The directory under which PHP opens the script using /~username used only
; if nonempty.
; http://php.net/user-dir
user_dir =
; Directory in which the loadable extensions (modules) reside.
; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"
; Directory where the temporary files should be placed.
; Defaults to the system default (see sys_get_temp_dir)
; sys_temp_dir = "/tmp"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
; http://php.net/enable-dl
enable_dl = Off
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; http://php.net/cgi.force-redirect
;cgi.force_redirect = 1
; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
; every request. PHP's default behavior is to disable this feature.
;cgi.nph = 1
; if cgi.force_redirect is turned on, and you are not running under Apache or Ne tscape
; (iPlanet) web servers, you MAY need to set an environment variable name that P HP
; will look for to know it is OK to continue execution. Setting this variable M AY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
; http://php.net/cgi.redirect-status-env
;cgi.redirect_status_env =
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. P HP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not g rok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Set ting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setti ng
; of zero causes PHP to behave as before. Default is 1. You should fix your sc ripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
; http://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1
; Disable logging through FastCGI connection. PHP's default behavior is to enabl e
; this feature.
;fastcgi.logging = 0
; cgi.rfc2616_headers configuration option tells PHP what type of headers to
; use when sending HTTP response code. If set to 0, PHP sends Status: header tha t
; is supported by Apache. When this option is set to 1, PHP will send
; RFC2616 compliant header.
; Default is zero.
; http://php.net/cgi.rfc2616-headers
;cgi.rfc2616_headers = 0
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as file s.
; http://php.net/allow-url-include
allow_url_include = Off
; Define the anonymous ftp password (your email address). PHP's default setting
; for this is empty.
; http://php.net/from
;from="john@doe.com"
; Define the User-Agent string. PHP's default setting for this is empty.
; http://php.net/user-agent
;user_agent="PHP"
; Default timeout for socket based streams (seconds)
; http://php.net/default-socket-timeout
default_socket_timeout = 60
; If your scripts have to deal with files from Macintosh systems,
; or you are running on a Mac and need to deal with files from
; unix or win32 systems, setting this flag will cause PHP to
; automatically detect the EOL character in those files so that
; fgets() and file() will work regardless of the source of the file.
; http://php.net/auto-detect-line-endings
;auto_detect_line_endings = Off
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; If you wish to have an extension loaded automatically, use the following
; syntax:
;
; extension=modulename.extension
;
; For example, on Windows:
;
; extension=msql.dll
;
; ... or under UNIX:
;
; extension=msql.so
;
; ... or with a path:
;
; extension=/path/to/extension/msql.so
;
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
;;;;
; Note: packaged extension modules are now loaded via the .ini files
; found in the directory /etc/php.d; these are loaded by default.
;;;;
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
date.timezone = Europe/Helsinki
; http://php.net/date.default-latitude
;date.default_latitude = 31.7667
; http://php.net/date.default-longitude
;date.default_longitude = 35.2333
; http://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.583333
; http://php.net/date.sunset-zenith
;date.sunset_zenith = 90.583333
[filter]
; http://php.net/filter.default
;filter.default = unsafe_raw
; http://php.net/filter.default-flags
;filter.default_flags =
[iconv]
; Use of this INI entry is deprecated, use global input_encoding instead.
; If empty, default_charset or input_encoding or iconv.input_encoding is used.
; The precedence is: default_charset < intput_encoding < iconv.input_encoding
;iconv.input_encoding =
; Use of this INI entry is deprecated, use global internal_encoding instead.
; If empty, default_charset or internal_encoding or iconv.internal_encoding is u sed.
; The precedence is: default_charset < internal_encoding < iconv.internal_encodi ng
;iconv.internal_encoding =
; Use of this INI entry is deprecated, use global output_encoding instead.
; If empty, default_charset or output_encoding or iconv.output_encoding is used.
; The precedence is: default_charset < output_encoding < iconv.output_encoding
; To use an output encoding conversion, iconv's output handler must be set
; otherwise output encoding conversion cannot be performed.
;iconv.output_encoding =
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error
; happens within intl functions. The value is the level of the error produced.
; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING
[sqlite]
; http://php.net/sqlite.assoc-case
;sqlite.assoc_case = 0
[sqlite3]
;sqlite3.extension_dir =
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
;pcre.backtrack_limit=100000
;PCRE library recursion limit.
;Please note that if you set this value to a high number you may consume all
;the available process stack and eventually crash PHP (due to reaching the
;stack size limit imposed by the Operating System).
; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
;Enables or disables JIT compilation of patterns. This requires the PCRE
;library to be compiled with JIT support.
pcre.jit=0
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling
;pdo_odbc.connection_pooling=strict
;pdo_odbc.db2_instance_name
[Pdo_mysql]
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/pdo_mysql.cache_size
pdo_mysql.cache_size = 2000
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/pdo_mysql.default-socket
pdo_mysql.default_socket=
[Phar]
; http://php.net/phar.readonly
;phar.readonly = On
; http://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list =
[mail function]
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
sendmail_path = /usr/sbin/sendmail -t -i
; Force the addition of the specified parameters to be passed as extra parameter s
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail().
;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = On
; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
; Log mail to syslog;
;mail.log = syslog
[SQL]
; http://php.net/sql.safe-mode
sql.safe_mode = Off
[ODBC]
; http://php.net/odbc.default-db
;odbc.default_db = Not yet implemented
; http://php.net/odbc.default-user
;odbc.default_user = Not yet implemented
; http://php.net/odbc.default-pw
;odbc.default_pw = Not yet implemented
; Controls the ODBC cursor model.
; Default: SQL_CURSOR_STATIC (default).
;odbc.default_cursortype
; Allow or prevent persistent links.
; http://php.net/odbc.allow-persistent
odbc.allow_persistent = On
; Check that a connection is still valid before reuse.
; http://php.net/odbc.check-persistent
odbc.check_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/odbc.max-persistent
odbc.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/odbc.max-links
odbc.max_links = -1
; Handling of LONG fields. Returns number of bytes to variables. 0 means
; passthru.
; http://php.net/odbc.defaultlrl
odbc.defaultlrl = 4096
; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
; of odbc.defaultlrl and odbc.defaultbinmode
; http://php.net/odbc.defaultbinmode
odbc.defaultbinmode = 1
;birdstep.max_links = -1
[Interbase]
; Allow or prevent persistent links.
ibase.allow_persistent = 1
; Maximum number of persistent links. -1 means no limit.
ibase.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
ibase.max_links = -1
; Default database name for ibase_connect().
;ibase.default_db =
; Default username for ibase_connect().
;ibase.default_user =
; Default password for ibase_connect().
;ibase.default_password =
; Default charset for ibase_connect().
;ibase.default_charset =
; Default timestamp format.
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
; Default date format.
ibase.dateformat = "%Y-%m-%d"
; Default time format.
ibase.timeformat = "%H:%M:%S"
[MySQLi]
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysqli.max-persistent
mysqli.max_persistent = -1
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysqli.allow_local_infile
;mysqli.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysqli.allow-persistent
mysqli.allow_persistent = On
; Maximum number of links. -1 means no limit.
; http://php.net/mysqli.max-links
mysqli.max_links = -1
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysqli.cache_size
mysqli.cache_size = 2000
; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysqli.default-port
mysqli.default_port = 3306
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysqli.default-socket
mysqli.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-host
mysqli.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-user
mysqli.default_user =
; Default password for mysqli_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysqli.default-pw
mysqli.default_pw =
; Allow or prevent reconnect
mysqli.reconnect = Off
[mysqlnd]
; Enable / Disable collection of general statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_statistics
mysqlnd.collect_statistics = On
; Enable / Disable collection of memory usage statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_memory_statistics
mysqlnd.collect_memory_statistics = Off
; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
; http://php.net/mysqlnd.net_cmd_buffer_size
;mysqlnd.net_cmd_buffer_size = 2048
; Size of a pre-allocated buffer used for reading data sent by the server in
; bytes.
; http://php.net/mysqlnd.net_read_buffer_size
;mysqlnd.net_read_buffer_size = 32768
[PostgreSQL]
; Allow or prevent persistent links.
; http://php.net/pgsql.allow-persistent
pgsql.allow_persistent = On
; Detect broken persistent links always with pg_pconnect().
; Auto reset feature requires a little overheads.
; http://php.net/pgsql.auto-reset-persistent
pgsql.auto_reset_persistent = Off
; Maximum number of persistent links. -1 means no limit.
; http://php.net/pgsql.max-persistent
pgsql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
; http://php.net/pgsql.max-links
pgsql.max_links = -1
; Ignore PostgreSQL backends Notice message or not.
; Notice message logging require a little overheads.
; http://php.net/pgsql.ignore-notice
pgsql.ignore_notice = 0
; Log PostgreSQL backends Notice message or not.
; Unless pgsql.ignore_notice=0, module cannot log notice message.
; http://php.net/pgsql.log-notice
pgsql.log_notice = 0
[bcmath]
; Number of decimal digits for all bcmath functions.
; http://php.net/bcmath.scale
bcmath.scale = 0
[browscap]
; http://php.net/browscap
;browscap = extra/browscap.ini
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; The path can be defined as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if
; your OS has problems with many files in one directory, and is
; a more efficient layout for servers that handle many sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
; RPM note : session directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
; for php-fpm, see /etc/php-fpm.d/*conf
;session.save_path = "/tmp"
; Whether to use strict session mode.
; Strict session mode does not accept uninitialized session ID and regenerate
; session ID if browser sends uninitialized session ID. Strict mode protects
; applications from session fixation via session adoption vulnerability. It is
; disabled by default for maximum compatibility, but enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
session.use_strict_mode = 0
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
; http://php.net/session.cookie-secure
;session.cookie_secure =
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the be-all and end-all of session hijacking defense, but it's a good start .
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it inaccess ible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly =
; Handler used to serialize data. php is the standard serializer of PHP.
; http://php.net/session.serialize-handler
session.serialize_handler = php
; Defines the probability that the 'garbage collection' process is started
; on every session initialization. The probability is calculated by using
; gc_probability/gc_divisor. Where session.gc_probability is the numerator
; and gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chan ce
; the gc will run on any give request.
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.gc-probability
session.gc_probability = 1
; Defines the probability that the 'garbage collection' process is started on ev ery
; session initialization. The probability is calculated by using the following e quation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chan ce
; the gc will run on any give request. Increasing this value to 1000 will give y ou
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 1440
; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; find /path/to/sessions -cmin +24 -type f | xargs rm
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
; http://php.net/session.referer-check
session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
; Defaults to /dev/urandom
; On systems that don't have /dev/urandom but do have /dev/arandom, this will de fault to /dev/arandom
; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
session.cache_limiter = nocache
; Document expires after n minutes.
; http://php.net/session.cache-expire
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users' security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publicly accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
; http://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
session.hash_function = 0
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; http://php.net/session.hash-bits-per-character
session.hash_bits_per_character = 5
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://php.net/url-rewriter.tags
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
; Enable upload progress tracking in $_SESSION
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.enabled
;session.upload_progress.enabled = On
; Cleanup the progress information as soon as all POST data has been read
; (i.e. upload completed).
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.cleanup
;session.upload_progress.cleanup = On
; A prefix used for the upload progress key in $_SESSION
; Default Value: "upload_progress_"
; Development Value: "upload_progress_"
; Production Value: "upload_progress_"
; http://php.net/session.upload-progress.prefix
;session.upload_progress.prefix = "upload_progress_"
; The index name (concatenated with the prefix) in $_SESSION
; containing the upload progress information
; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
; http://php.net/session.upload-progress.name
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
; How frequently the upload progress should be updated.
; Given either in percentages (per-file), or in bytes
; Default Value: "1%"
; Development Value: "1%"
; Production Value: "1%"
; http://php.net/session.upload-progress.freq
;session.upload_progress.freq = "1%"
; The minimum delay between updates, in seconds
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1"
[Assertion]
; Switch whether to compile assertions at all (to have no overhead at run-time)
; -1: Do not compile at all
; 0: Jump over assertion at run-time
; 1: Execute assertions
; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
; Default Value: 1
; Development Value: 1
; Production Value: -1
; http://php.net/zend.assertions
zend.assertions = -1
; Assert(expr); active by default.
; http://php.net/assert.active
;assert.active = On
; Throw an AssertationException on failed assertions
; http://php.net/assert.exception
;assert.exception = On
; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
; http://php.net/assert.warning
;assert.warning = On
; Don't bail out by default.
; http://php.net/assert.bail
;assert.bail = Off
; User-function to be called if an assertion fails.
; http://php.net/assert.callback
;assert.callback = 0
; Eval the expression with current error_reporting(). Set to true if you want
; error_reporting(0) around the eval().
; http://php.net/assert.quiet-eval
;assert.quiet_eval = 0
[mbstring]
; language for internal character representation.
; This affects mb_send_mail() and mbstring.detect_order.
; http://php.net/mbstring.language
;mbstring.language = Japanese
; Use of this INI entry is deprecated, use global internal_encoding instead.
; internal/script encoding.
; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
; If empty, default_charset or internal_encoding or iconv.internal_encoding is u sed.
; The precedence is: default_charset < internal_encoding < iconv.internal_encodi ng
;mbstring.internal_encoding =
; Use of this INI entry is deprecated, use global input_encoding instead.
; http input encoding.
; mbstring.encoding_traslation = On is needed to use this setting.
; If empty, default_charset or input_encoding or mbstring.input is used.
; The precedence is: default_charset < intput_encoding < mbsting.http_input
; http://php.net/mbstring.http-input
;mbstring.http_input =
; Use of this INI entry is deprecated, use global output_encoding instead.
; http output encoding.
; mb_output_handler must be registered as output buffer to function.
; If empty, default_charset or output_encoding or mbstring.http_output is used.
; The precedence is: default_charset < output_encoding < mbstring.http_output
; To use an output encoding conversion, mbstring's output handler must be set
; otherwise output encoding conversion cannot be performed.
; http://php.net/mbstring.http-output
;mbstring.http_output =
; enable automatic encoding translation according to
; mbstring.internal_encoding setting. Input chars are
; converted to internal encoding by setting this to On.
; Note: Do _not_ use automatic encoding translation for
; portable libs/applications.
; http://php.net/mbstring.encoding-translation
;mbstring.encoding_translation = Off
; automatic encoding detection order.
; "auto" detect order is changed according to mbstring.language
; http://php.net/mbstring.detect-order
;mbstring.detect_order = auto
; substitute_character used when character cannot be converted
; one from another
; http://php.net/mbstring.substitute-character
;mbstring.substitute_character = none
; overload(replace) single byte functions by mbstring functions.
; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
; etc. Possible values are 0,1,2,4 or combination of them.
; For example, 7 for overload everything.
; 0: No overload
; 1: Overload mail() function
; 2: Overload str*() functions
; 4: Overload ereg*() functions
; http://php.net/mbstring.func-overload
;mbstring.func_overload = 0
; enable strict encoding detection.
; Default: Off
;mbstring.strict_detection = On
; This directive specifies the regex pattern of content types for which mb_outpu t_handler()
; is activated.
; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
;mbstring.http_output_conv_mimetype=
[gd]
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
; disabled by default
; http://php.net/gd.jpeg-ignore-warning
;gd.jpeg_ignore_warning = 0
[exif]
; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
; With mbstring support this will automatically be converted into the encoding
; given by corresponding encode setting. When empty mbstring.internal_encoding
; is used. For the decode settings you can distinguish between motorola and
; intel byte order. A decode setting cannot be empty.
; http://php.net/exif.encode-unicode
;exif.encode_unicode = ISO-8859-15
; http://php.net/exif.decode-unicode-motorola
;exif.decode_unicode_motorola = UCS-2BE
; http://php.net/exif.decode-unicode-intel
;exif.decode_unicode_intel = UCS-2LE
; http://php.net/exif.encode-jis
;exif.encode_jis =
; http://php.net/exif.decode-jis-motorola
;exif.decode_jis_motorola = JIS
; http://php.net/exif.decode-jis-intel
;exif.decode_jis_intel = JIS
[Tidy]
; The path to a default tidy configuration file to use when using tidy
; http://php.net/tidy.default-config
;tidy.default_config = /usr/local/lib/php/default.tcfg
; Should tidy clean and repair output automatically?
; WARNING: Do not use this option if you are generating non-html content
; such as dynamic images
; http://php.net/tidy.clean-output
tidy.clean_output = Off
[soap]
; Enables or disables WSDL caching feature.
; http://php.net/soap.wsdl-cache-enabled
soap.wsdl_cache_enabled=1
; Sets the directory name where SOAP extension will put cache files.
; http://php.net/soap.wsdl-cache-dir
; RPM note : cache directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
; for php-fpm, see /etc/php-fpm.d/*conf
soap.wsdl_cache_dir="/tmp"
; (time to live) Sets the number of second while cached file will be used
; instead of original one.
; http://php.net/soap.wsdl-cache-ttl
soap.wsdl_cache_ttl=86400
; Sets the size of the cache limit. (Max. number of WSDL files to cache)
soap.wsdl_cache_limit = 5
[sysvshm]
; A default size of the shared memory segment
;sysvshm.init_mem = 10000
[ldap]
; Sets the maximum number of open links or -1 for unlimited.
ldap.max_links = -1
[mcrypt]
; For more information about mcrypt settings see http://php.net/mcrypt-module-op en
; Directory where to load mcrypt algorithms
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.algorithms_dir=
; Directory where to load mcrypt modes
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.modes_dir=
[dba]
;dba.default_handler=
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
;curl.cainfo =
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=
; Local Variables:
; tab-width: 4
; End:
================================================
FILE: site.yml
================================================
# file: site.yml
- include: webservers.yml
- include: mysqlservers.yml
- include: queueservers.yml
- include: elasticsearchservers.yml
================================================
FILE: webservers.yml
================================================
# file: webservers.yml
- hosts: webservers
become: true
become_user: root
roles:
- common
- webtier
- custom
gitextract_r4eqp2u9/ ├── .gitignore ├── LICENSE.md ├── README.md ├── Vagrantfile ├── dotenv_templates/ │ ├── centos7-test.blog.j2 │ └── ubuntu-test.blog.j2 ├── elasticsearchservers.yml ├── host_vars/ │ ├── .gitignore │ ├── centos7-test │ ├── localhost │ └── ubuntu-test ├── inventory/ │ ├── .gitignore │ ├── development │ └── testing ├── mysqlservers.yml ├── queueservers.yml ├── roles/ │ ├── common/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ └── tasks/ │ │ ├── cron-apt.yml │ │ ├── main.yml │ │ ├── ntp.yml │ │ ├── remi.yml │ │ ├── selinux.yml │ │ ├── swap.yml │ │ └── yum-cron.yml │ ├── custom/ │ │ ├── files/ │ │ │ └── .gitignore │ │ ├── handlers/ │ │ │ └── .gitignore │ │ ├── tasks/ │ │ │ └── main.yml │ │ └── templates/ │ │ └── .gitignore │ ├── elasticsearchtier/ │ │ └── tasks/ │ │ ├── elasticsearch-apt-repo.yml │ │ ├── elasticsearch-yum-repo.yml │ │ ├── elasticsearch.yml │ │ ├── java.yml │ │ └── main.yml │ ├── mysqltier/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ ├── tasks/ │ │ │ ├── firewalld.yml │ │ │ ├── main.yml │ │ │ └── mysql.yml │ │ └── templates/ │ │ ├── my-credentials.cnf.j2 │ │ └── my.cnf.j2 │ ├── queuetier/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ ├── tasks/ │ │ │ ├── beanstalk.yml │ │ │ ├── main.yml │ │ │ ├── redis.yml │ │ │ └── supervisor.yml │ │ └── templates/ │ │ ├── supervisor-horizon.conf.j2 │ │ └── supervisor.conf.j2 │ └── webtier/ │ ├── handlers/ │ │ └── main.yml │ ├── tasks/ │ │ ├── composer.yml │ │ ├── cron.yml │ │ ├── dotenv.yml │ │ ├── firewalld.yml │ │ ├── letsencrypt.yml │ │ ├── main.yml │ │ ├── nginx.yml │ │ ├── ondrej.yml │ │ ├── php-fpm.yml │ │ ├── php.yml │ │ ├── redis.yml │ │ ├── remi.yml │ │ └── selinux.yml │ └── templates/ │ ├── nginx-ssl-virtualhost.conf.j2 │ ├── nginx-virtualhost.conf.j2 │ ├── nginx.conf.j2 │ ├── php-fpm.conf.j2 │ └── php.ini.j2 ├── site.yml └── webservers.yml
Condensed preview — 67 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (123K chars).
[
{
"path": ".gitignore",
"chars": 16,
"preview": "*.retry\n.vagrant"
},
{
"path": "LICENSE.md",
"chars": 1133,
"preview": "# The MIT License (MIT)\n\nCopyright (c) Lasse Lehtinen <lasse.lehtinen@iki.fi>\n\n> Permission is hereby granted, free of c"
},
{
"path": "README.md",
"chars": 8584,
"preview": "# Barn - Ansible playbooks for Laravel applications\nThis repository provides Ansible playbook targeted spesifically for "
},
{
"path": "Vagrantfile",
"chars": 1298,
"preview": "Vagrant.configure(\"2\") do |config|\n # List of servers\n servers=[\n {\n :hostname => \"barn-centos7\",\n :box ="
},
{
"path": "dotenv_templates/centos7-test.blog.j2",
"chars": 525,
"preview": "APP_NAME=Laravel\nAPP_ENV=local\nAPP_KEY=\nAPP_DEBUG=true\nAPP_LOG_LEVEL=debug\nAPP_URL=http://blog.development\n\nDB_CONNECTIO"
},
{
"path": "dotenv_templates/ubuntu-test.blog.j2",
"chars": 525,
"preview": "APP_NAME=Laravel\nAPP_ENV=local\nAPP_KEY=\nAPP_DEBUG=true\nAPP_LOG_LEVEL=debug\nAPP_URL=http://blog.development\n\nDB_CONNECTIO"
},
{
"path": "elasticsearchservers.yml",
"chars": 157,
"preview": "# file: elasticsearchservers.yml\n- hosts: elasticsearchservers\n become: true\n become_user: root\n roles:\n - common\n"
},
{
"path": "host_vars/.gitignore",
"chars": 51,
"preview": "*\n!.gitignore\n!centos7-test\n!localhost\n!ubuntu-test"
},
{
"path": "host_vars/centos7-test",
"chars": 722,
"preview": "# Let's Encrypt settings\nenable_ssl: false\nletsencrypt_email: somebody@somewhere.com\n\n# Extra PHP packages\nphp_extra_pac"
},
{
"path": "host_vars/localhost",
"chars": 635,
"preview": "# Let's Encrypt settings\nenable_ssl: false\nletsencrypt_email: somebody@somewhere.com\n\n# Extra PHP packages\nphp_extra_pac"
},
{
"path": "host_vars/ubuntu-test",
"chars": 732,
"preview": "# Let's Encrypt settings\nenable_ssl: false\nletsencrypt_email: somebody@somewhere.com\n\n# Extra PHP packages\nphp_extra_pac"
},
{
"path": "inventory/.gitignore",
"chars": 36,
"preview": "*\n!.gitignore\n!development\n!testing\n"
},
{
"path": "inventory/development",
"chars": 425,
"preview": "# file: development\n\n[webservers]\nlocalhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant\n\n["
},
{
"path": "inventory/testing",
"chars": 777,
"preview": "# file: testing\n\n[webservers]\ncentos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant\nubu"
},
{
"path": "mysqlservers.yml",
"chars": 133,
"preview": "# file: mysqlservers.yml\n- hosts: mysqlservers\n become: true\n become_user: root\n roles:\n - common\n - mysqltier\n"
},
{
"path": "queueservers.yml",
"chars": 132,
"preview": "# file: queueservers.yml\n- hosts: queueservers\n become: true\n become_user: root\n roles:\n - common\n - queuetier\n"
},
{
"path": "roles/common/handlers/main.yml",
"chars": 336,
"preview": "# file: roles/common/handlers/main.yml\n- name: Restart server\n tags: selinux\n shell: sleep 2 && shutdown -r now \"Ansib"
},
{
"path": "roles/common/tasks/cron-apt.yml",
"chars": 119,
"preview": "# file: roles/common/tasks/yum-cron.yml\n- name: Install cron-apt\n tags: cron-apt\n apt: name=cron-apt state=installed\n"
},
{
"path": "roles/common/tasks/main.yml",
"chars": 1412,
"preview": "# file: roles/common/tasks/main.yml\n\n- name: Make sure epel-repository is installed\n yum: name=epel-release state=insta"
},
{
"path": "roles/common/tasks/ntp.yml",
"chars": 892,
"preview": "# file: roles/common/tasks/ntp.yml\n- name: Install ntp\n yum: name=ntp state=installed\n when: ansible_distribution == '"
},
{
"path": "roles/common/tasks/remi.yml",
"chars": 369,
"preview": "# file: roles/common/tasks/remi.yml\n- name: Import PGP key for Remi's RPM repository\n tags: remi\n rpm_key: state=prese"
},
{
"path": "roles/common/tasks/selinux.yml",
"chars": 341,
"preview": "# file: roles/common/tasks/selinux.yml\n- name: Set SELinux to enforcing\n tags: selinux\n selinux: policy=targeted state"
},
{
"path": "roles/common/tasks/swap.yml",
"chars": 1782,
"preview": "# file: roles/common/tasks/swap.yml\n- name: Check if additional swap is needed\n tags: swap\n when: ansible_memtotal_mb "
},
{
"path": "roles/common/tasks/yum-cron.yml",
"chars": 532,
"preview": "# file: roles/common/tasks/yum-cron.yml\n- name: Update yum\n yum: name=yum state=present\n\n- name: Install deltarpm\n yum"
},
{
"path": "roles/custom/files/.gitignore",
"chars": 5,
"preview": "*.yml"
},
{
"path": "roles/custom/handlers/.gitignore",
"chars": 13,
"preview": "*\n!.gitignore"
},
{
"path": "roles/custom/tasks/main.yml",
"chars": 105,
"preview": "# file: roles/custom/tasks/main.yml\n- include: \"{{ item }}\"\n tags: custom\n with_fileglob:\n - '*.yml'"
},
{
"path": "roles/custom/templates/.gitignore",
"chars": 13,
"preview": "*\n!.gitignore"
},
{
"path": "roles/elasticsearchtier/tasks/elasticsearch-apt-repo.yml",
"chars": 414,
"preview": "# file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml\n- name: Import PGP key for elasticsearch APT repository"
},
{
"path": "roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml",
"chars": 548,
"preview": "# file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml\n- name: Import PGP key for elasticsearch RPM repository"
},
{
"path": "roles/elasticsearchtier/tasks/elasticsearch.yml",
"chars": 585,
"preview": "# file: roles/elasticsearchtier/tasks/elasticsearch.yml\n- name: Install elasticsearch\n tags: elasticsearch\n yum: name="
},
{
"path": "roles/elasticsearchtier/tasks/java.yml",
"chars": 1307,
"preview": "# file: roles/elasticsearchtier/tasks/java.yml\n- name: Install Java\n tags: elasticsearch\n yum: name=java-1.8.0-openjdk"
},
{
"path": "roles/elasticsearchtier/tasks/main.yml",
"chars": 327,
"preview": "# file: roles/elasticsearchtier/tasks/main.yml\n- include: java.yml\n- include: elasticsearch-yum-repo.yml\n when: ansible"
},
{
"path": "roles/mysqltier/handlers/main.yml",
"chars": 100,
"preview": "# file: roles/dbtier/handlers/main.yml\n- name: Restart MySQL\n service: name=mysqld state=restarted\n"
},
{
"path": "roles/mysqltier/tasks/firewalld.yml",
"chars": 414,
"preview": "# file: roles/db/tasks/firewalld.yml\n- name: Install firewalld\n yum: name=firewalld state=installed\n\n- name: Make sure "
},
{
"path": "roles/mysqltier/tasks/main.yml",
"chars": 82,
"preview": "# file: roles/dbtier/tasks/main.yml\n- include: mysql.yml\n#- include: firewalld.yml"
},
{
"path": "roles/mysqltier/tasks/mysql.yml",
"chars": 2398,
"preview": "# file: roles/dbtier/tasks/mysql.yml\n- name: Install package for MySQL community edition repository\n tags: mysql\n yum:"
},
{
"path": "roles/mysqltier/templates/my-credentials.cnf.j2",
"chars": 56,
"preview": "[client]\nuser=root\npassword=\"{{ mysql_root_password }}\"\n"
},
{
"path": "roles/mysqltier/templates/my.cnf.j2",
"chars": 1087,
"preview": "# For advice on how to change settings please see\n# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults"
},
{
"path": "roles/queuetier/handlers/main.yml",
"chars": 223,
"preview": "# file: roles/queuetier/handlers/main.yml\n- name: Reload supervisord config\n shell: supervisorctl update\n changed_when"
},
{
"path": "roles/queuetier/tasks/beanstalk.yml",
"chars": 495,
"preview": "# file: roles/queuetier/tasks/beanstalk.yml\n- name: Install beanstalk\n tags: beanstalk\n yum: name=beanstalkd state=ins"
},
{
"path": "roles/queuetier/tasks/main.yml",
"chars": 110,
"preview": "# file: roles/queuetier/tasks/main.yml\n- include: beanstalk.yml\n- include: redis.yml\n- include: supervisor.yml"
},
{
"path": "roles/queuetier/tasks/redis.yml",
"chars": 754,
"preview": "# file: roles/queuetier/tasks/redis.yml\n- name: Install redis\n tags: redis\n yum: name=redis state=installed enablerepo"
},
{
"path": "roles/queuetier/tasks/supervisor.yml",
"chars": 2290,
"preview": "# file: roles/beanstalktier/tasks/supervisor.yml\n- name: Install supervisor\n tags: supervisor\n yum: name=supervisor st"
},
{
"path": "roles/queuetier/templates/supervisor-horizon.conf.j2",
"chars": 229,
"preview": "[program:{{ item.key }}-horizon]\nprocess_name=%(program_name)s\ncommand=php /var/www/{{ item.key }}/artisan horizon\nautos"
},
{
"path": "roles/queuetier/templates/supervisor.conf.j2",
"chars": 371,
"preview": "[program:{{ item.key }}-worker]\nprocess_name=%(program_name)s_%(process_num)02d\ncommand=php /var/www/{{ item.key }}/arti"
},
{
"path": "roles/webtier/handlers/main.yml",
"chars": 241,
"preview": "# file: roles/webtier/handlers/main.yml\n- name: Restart nginx\n service: name=nginx state=restarted\n\n- name: Restart php"
},
{
"path": "roles/webtier/tasks/composer.yml",
"chars": 673,
"preview": "# file: roles/common/tasks/composer.yml\n- name: Check if composer is installed\n tags: composer\n stat:\n path: /usr/b"
},
{
"path": "roles/webtier/tasks/cron.yml",
"chars": 326,
"preview": "# file: roles/webtier/tasks/cron.yml\n- name: Add crontab entry for Laravel scheduler\n tags: cron\n cron: name=\"Run Lara"
},
{
"path": "roles/webtier/tasks/dotenv.yml",
"chars": 478,
"preview": "# file: roles/webtier/tasks/dotenv.yml\n- name: Check if .env template exists\n tags: dotenv\n local_action: stat path=do"
},
{
"path": "roles/webtier/tasks/firewalld.yml",
"chars": 793,
"preview": "# file: roles/webtier/tasks/firewalld.yml\n- name: Install firewalld\n tags: firewalld\n yum: name=firewalld state=instal"
},
{
"path": "roles/webtier/tasks/letsencrypt.yml",
"chars": 962,
"preview": "# file: roles/webtier/tasks/letsencrypt.yml\n- name: Install certbot\n tags: letsencrypt\n yum: name=certbot state=instal"
},
{
"path": "roles/webtier/tasks/main.yml",
"chars": 583,
"preview": "# file: roles/webtier/tasks/main.yml\n- include: remi.yml\n when: ansible_distribution == 'CentOS' or ansible_distributio"
},
{
"path": "roles/webtier/tasks/nginx.yml",
"chars": 2167,
"preview": "# file: roles/webtier/tasks/nginx.yml\n- name: Install nginx\n tags: nginx\n yum: name=nginx state=installed\n when: ansi"
},
{
"path": "roles/webtier/tasks/ondrej.yml",
"chars": 166,
"preview": "# file: roles/webtier/tasks/ondrej.yml\n- name: Enable ondrejs PHP repository permanently\n tags: ondrej\n apt_repository"
},
{
"path": "roles/webtier/tasks/php-fpm.yml",
"chars": 1189,
"preview": "# file: roles/webtier/tasks/php-fpm.yml\n- name: Install php-fpm\n tags: php-fpm\n yum: name=php-fpm state=installed\n wh"
},
{
"path": "roles/webtier/tasks/php.yml",
"chars": 2097,
"preview": "# file: roles/webtier/tasks/php.yml\n- name: Install PHP and extensions\n yum: name={{ item }} state=installed enablerepo"
},
{
"path": "roles/webtier/tasks/redis.yml",
"chars": 752,
"preview": "# file: roles/webtier/tasks/redis.yml\n- name: Install redis\n tags: redis\n yum: name=redis state=installed enablerepo=r"
},
{
"path": "roles/webtier/tasks/remi.yml",
"chars": 362,
"preview": "# file: roles/webtier/tasks/remi.yml\n- name: Enable Remi's PHP 7.2 repository permanently\n tags: remi\n yum_repository:"
},
{
"path": "roles/webtier/tasks/selinux.yml",
"chars": 393,
"preview": "# file: roles/webtier/tasks/selinux.yml\n- name: Enable nginx to have access to the deployment folder\n tags: selinux\n s"
},
{
"path": "roles/webtier/templates/nginx-ssl-virtualhost.conf.j2",
"chars": 1631,
"preview": "server {\n listen 80;\n listen 443 http2 ssl;\n\n server_name {{ item.value.servernames | join(\" \") }}"
},
{
"path": "roles/webtier/templates/nginx-virtualhost.conf.j2",
"chars": 701,
"preview": "server {\n listen 80;\n server_name {{ item.value.servernames | join(\" \") }} {{ ansible_default_ipv4[\"address"
},
{
"path": "roles/webtier/templates/nginx.conf.j2",
"chars": 821,
"preview": "user nginx;\n\nerror_log /var/log/nginx/error.log warn;\npid /var/run/nginx.pid;\n\nworker_processes {{ ansible_proc"
},
{
"path": "roles/webtier/templates/php-fpm.conf.j2",
"chars": 487,
"preview": "[www]\nuser = nginx\ngroup = nginx\n\nlisten = 127.0.0.1:9000\nlisten.allowed_clients = 127.0.0.1\n\npm = dynamic\npm.max_childr"
},
{
"path": "roles/webtier/templates/php.ini.j2",
"chars": 66670,
"preview": "[PHP]\n\n;;;;;;;;;;;;;;;;;;;\n; About php.ini ;\n;;;;;;;;;;;;;;;;;;;\n; PHP's initialization file, generally called php.ini"
},
{
"path": "site.yml",
"chars": 135,
"preview": "# file: site.yml\n- include: webservers.yml\n- include: mysqlservers.yml\n- include: queueservers.yml\n- include: elasticsea"
},
{
"path": "webservers.yml",
"chars": 127,
"preview": "# file: webservers.yml\n- hosts: webservers\n become: true\n become_user: root\n roles:\n - common\n - webtier\n - "
}
]
About this extraction
This page contains the full source code of the lasselehtinen/barn GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 67 files (112.6 KB), approximately 29.6k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.