diff --git a/mediawiki/defaults/main.yml b/mediawiki/defaults/main.yml index 1a9db94e9d8e9bc8b3003045811e16877514d8b9..9c04cacfb90edae6130d401b2a1ad1c5ff878fce 100644 --- a/mediawiki/defaults/main.yml +++ b/mediawiki/defaults/main.yml @@ -13,3 +13,5 @@ mediawiki_dbhost: localhost mediawiki_dbname: "{{ mediawiki_name }}" mediawiki_dbuser: "{{ mediawiki_name }}" mediawiki_dbpassword: + +mediawiki_use_ldap: yes diff --git a/mediawiki/meta/main.yml b/mediawiki/meta/main.yml index f206fd05ad15f394321af07b9f7525cdbc038a86..8c99dfce25159796ead9633182a9326f9238bb19 100644 --- a/mediawiki/meta/main.yml +++ b/mediawiki/meta/main.yml @@ -1,5 +1,5 @@ --- # file: roles/mediawiki/meta/main.yml dependencies: - - { role: uwsgi-php } + - { role: php-fpm, fpm_pool: "{{mediawiki_name}}", fpm_user: "{{mediawiki_user}}", fpm_group: "{{mediawiki_group}}", fpm_socket_user: "{{mediawiki_user}}", fpm_socket_group: www-data } - { role: postgres } diff --git a/mediawiki/tasks/ldap.yml b/mediawiki/tasks/ldap.yml new file mode 100644 index 0000000000000000000000000000000000000000..f1998a474068c168e77ec34e84615441c6eac53b --- /dev/null +++ b/mediawiki/tasks/ldap.yml @@ -0,0 +1,11 @@ +--- +# file: roles/mediawiki/tasks/ldap.yml + +- name: ensure we have the auth extension + git: + repo: https://git.fsmpi.rwth-aachen.de/robin/mediawiki-remoteuser.git + dest: "/var/lib/mediawiki/extensions/AuthRemoteuser" + tags: + - git + - packages + - mediawiki diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml index 005b59e4153a52876d4a99ba0c6ae7d9fb587c39..6d4e48b072db359d8404b0fff82eb643ef1c6a02 100644 --- a/mediawiki/tasks/main.yml +++ b/mediawiki/tasks/main.yml @@ -1,11 +1,21 @@ --- # file: roles/mediawiki/tasks/main.yml -- name: ensure packages for mediawiki are installed +- name: ensure packages for mediawiki are installed on jessie apt: name={{ item }} state=latest install_recommends=no with_items: - mediawiki - mediawiki-extensions + when: debian_version == "jessie" + tags: + - packages + - mediawiki + +- name: ensure packages for mediawiki are installed on stretch + apt: name={{ item }} state=present + with_items: + - mediawiki + when: debian_version == "stretch" tags: - packages - mediawiki @@ -69,60 +79,36 @@ src: "/usr/share/mediawiki/{{ item }}" dest: "{{ mediawiki_web_root }}/{{ mediawiki_name }}/{{ item }}" force: yes - with_items: mediawiki_other_files.stdout_lines + with_items: "{{mediawiki_other_files.stdout_lines}}" tags: - config - mediawiki -- name: "ensure the library mediawiki uses for diffs is enabled" - file: - state: link - src: "../../mods-available/wikidiff2.ini" - dest: "/etc/php5/embed/conf.d/wikidiff2.ini" - tags: - - config - - mediawiki - - php - -- name: "ensure temporary directories for {{ mediawiki_name }} exist" - lineinfile: - dest: "/etc/tmpfiles.d/10-mediawiki-{{ mediawiki_name }}.conf" - line: "d /run/uwsgi/app/mediawiki-{{ mediawiki_name }} 0775 {{ mediawiki_user }} {{mediawiki_group }} - -" - create: yes - notify: - - create tmpfiles - tags: - - config - - mediawiki +#- name: "ensure the library mediawiki uses for diffs is enabled" +# file: +# state: link +# src: "../../mods-available/wikidiff2.ini" +# dest: "/etc/php5/embed/conf.d/wikidiff2.ini" +# tags: +# - config +# - mediawiki +# - php - include: postgres.yml when: mediawiki_dbtype == "postgres" -- name: "ensure the uwsgi.ini for {{ mediawiki_name }} exists" - template: - src: mediawiki.ini.j2 - dest: "/etc/uwsgi/apps-available/mediawiki-{{ mediawiki_name }}.ini" - notify: - - "restart uwsgi for {{ mediawiki_name }}" - tags: - - config - - mediawiki - -- name: "ensure the unit file for {{ mediawiki_name }} exists" - template: - src: mediawiki.service.j2 - dest: "/etc/systemd/system/mediawiki-{{ mediawiki_name }}.service" - notify: - - reload systemd service files - - "restart uwsgi for {{ mediawiki_name }}" - tags: - - config - - mediawiki +- include: ldap.yml + when: mediawiki_use_ldap -- name: "ensure the service for {{ mediawiki_name }} is enabled" - service: - name: "mediawiki-{{ mediawiki_name }}" - enabled: yes +- name: ensure we are running maintenance regularly + cron: + name: "mediawiki maintenance" + hour: "0" + minute: "0" + job: "/usr/bin/php {{mediawiki_web_root}}/maintenance/runJobs.php --conf {{mediawiki_web_root}}/LocalSettings.php" + become: yes + become_user: "{{mediawiki_user}}" tags: + - cron - config - mediawiki diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml index 0478adbed9dff8781272a70bef20f432fbcb9c32..af5775e813ac510f16a62da791354026c432e129 100644 --- a/mediawiki/tasks/postgres.yml +++ b/mediawiki/tasks/postgres.yml @@ -1,8 +1,17 @@ --- # file: roles/mediawiki/tasks/postgres.yml -- name: "ensure php can talk with postgres" +- name: "ensure php can talk with postgres on jessie" apt: name=php5-pgsql state=latest + when: debian_version == "jessie" + tags: + - packages + - postgresql + - mediawiki + +- name: "ensure php can talk with postgres on stretch" + apt: name=php-pgsql state=present + when: debian_version == "stretch" tags: - packages - postgresql diff --git a/php-fpm/defaults/main.yml b/php-fpm/defaults/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..ad1acfff87a8e19e6f17457dc59230a169ff86a0 --- /dev/null +++ b/php-fpm/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# file: roles/php-fpm/defaults/mail.yml + +fpm_pool: www +fpm_user: www-data +fpm_group: www-data +fpm_socket_user: www-data +fpm_socket_group: www-data diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..43064fb43001dc25032b2b555242827a458bf7bc --- /dev/null +++ b/php-fpm/tasks/main.yml @@ -0,0 +1,38 @@ +--- +# file: roles/php-fpm/tasks/main.yml + +- name: ensure php-fpm is installed on stretch + apt: name="{{item}}" state=present + with_items: + - php + - php-fpm + when: debian_version == "stretch" + tags: + - packages + - php + - php-fpm + +- name: ensure php-fpm is installed on jessie + apt: name="{{item}}" state=present + with_items: + - php5 + - php5-fpm + when: debian_version == "jessie" + tags: + - packages + - php + - php-fpm + +- name: ensure we have the pool we want + template: + src: pool.conf + dest: "/etc/php/7.0/fpm/pool.d/{{fpm_pool}}.conf" + owner: root + group: root + mode: 0644 + when: debian_version == "stretch" + tags: + - config + - php + - php-fpm + diff --git a/php-fpm/templates/pool.conf b/php-fpm/templates/pool.conf new file mode 100644 index 0000000000000000000000000000000000000000..f7f846fdf4ee68aa43bf7d6a24b97fb951bba3bd --- /dev/null +++ b/php-fpm/templates/pool.conf @@ -0,0 +1,14 @@ +[{{fpm_pool}}] +user = {{fpm_user}} +group = {{fpm_group}} + +listen = /run/php/{{fpm_pool}}-fpm.sock + +listen.owner = {{fpm_socket_user}} +listen.group = {{fpm_socket_group}} + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 diff --git a/webserver/files/nginx.conf b/webserver/files/nginx.conf index af1ef1d4a533c1fc4b531d0ab3667b9e49c5d781..225bf7276f884ddef9a79b4ab9603fbc3d11bd5d 100644 --- a/webserver/files/nginx.conf +++ b/webserver/files/nginx.conf @@ -21,7 +21,7 @@ http { types_hash_max_size 2048; # server_tokens off; - # server_names_hash_bucket_size 64; + server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; diff --git a/webserver/handlers/main.yml b/webserver/handlers/main.yml index 4b82c22fca6db4ccac3e8f608762ef2fbc8c1d07..e58a6acd99ca434391309b227b48723a5483f1f9 100644 --- a/webserver/handlers/main.yml +++ b/webserver/handlers/main.yml @@ -9,3 +9,6 @@ - name: restart nginx-proxy service: name=nginx-proxy state=restarted + +- name: create tmpfiles + command: systemd-tmpfiles --create diff --git a/webserver/tasks/main.yml b/webserver/tasks/main.yml index 2ad44d7c30e737c96895c2a67848ac506d100b0d..67cf47969714c1547ee9d7bf340a96d2ee28188e 100644 --- a/webserver/tasks/main.yml +++ b/webserver/tasks/main.yml @@ -65,6 +65,17 @@ - config - nginx +- name: ensure we have a directory for sockets + lineinfile: + dest: /etc/tmpfiles.d/10-nginx.conf + line: "d /run/nginx 0750 www-data nginx-proxy - -" + create: yes + notify: + - create tmpfiles + tags: + - config + - nginx + - name: ensure the default config is not activated file: path=/etc/nginx/sites-enabled/default state=absent notify: