ansible – lamp playbook

- name: httpd installation & preparation
  hosts: httpd
  become: true

  tasks:
  - name: httpd installation
    ansible.builtin.dnf:
      name: "{{ item }}"
      state: latest
    with_items:
      - httpd
      - mod_ssl
  - name: firewalld - http service enable
    ansible.builtin.firewalld:
      service: http
      permanent: yes
      immediate: yes
      state: enabled
  - name: firewalld - https service enable
    ansible.builtin.firewalld:
      service: https
      permanent: yes
      immediate: yes
      state: enabled
  - name: sites-available directory create
    ansible.builtin.file:
      path: /etc/httpd/sites-available
      state: directory
      mode: '0755'
  - name: sites-enabled directory create
    ansible.builtin.file:
      path: /etc/httpd/sites-enabled
      state: directory
      mode: '0755'
  - name: sites-enabled add to the httpd configuration
    ansible.builtin.lineinfile:
      dest: /etc/httpd/conf/httpd.conf
      insertafter: EOF
      line: 'Include /etc/httpd/sites-enabled'
      state: present
  - name: httpd service enable
    ansible.builtin.systemd:
      name: httpd
      enabled: true
  - name: httpd service start
    ansible.builtin.systemd:
      name: httpd
      state: started

- name: fail2ban installation & configuration
  hosts: httpd
  become: true

  tasks:
  - name: fail2ban installation
    ansible.builtin.dnf:
      name: fail2ban
      state: latest
  - name: fail2ban configuration
    ansible.builtin.copy:
      src: /etc/ansible/templates/fail2ban/sshd.local
      dest: /etc/fail2ban/jail.d/sshd.local
      owner: root
      group: root
      mode: "0644"
      backup: true
  - name: fail2ban httpd configuration
    ansible.builtin.copy:
      src: /etc/ansible/templates/fail2ban/httpd.local
      dest: /etc/fail2ban/jail.d/httpd.local
      owner: root
      group: root
      mode: "0644"
      backup: true
  - name: fail2ban service enable
    ansible.builtin.systemd:
      name: fail2ban
      enabled: true
  - name: fail2ban service restart
    ansible.builtin.systemd:
      name: fail2ban
      state: restarted

- name: php 8 installation & configuration
  hosts: httpd
  become: true

  tasks:
  - name: php 8 installation
    ansible.builtin.dnf:
      name: 'php'
      state: present
  - name: php required modules installation
    ansible.builtin.dnf:
      name: "{{ item }}"
      state: latest
    with_items:
      - php-cli
      - php-curl
      - php-gd
      - php-imagick
      - php-intl
      - php-json
      - php-ldap
      - php-mbstring
      - php-mysqlnd
      - php-opcache
      - php-pecl-apcu
      - php-process
      - php-redis
      - php-soap
      - php-sodium
      - php-xml
      - php-zip
  - name: php post_max_size 512M set
    ansible.builtin.lineinfile:
      path: /etc/php.ini
      regexp: "^post_max_size ="
      line: "post_max_size = 512M"
      state: present
  - name: php upload_max_filesize 512M set
    ansible.builtin.lineinfile:
      path: /etc/php.ini
      regexp: "^upload_max_filesize ="
      line: "upload_max_filesize = 512M"
      state: present
  - name: php max_input_vars 5000 set
    ansible.builtin.lineinfile:
      path: /etc/php.ini
      regexp: "^;max_input_vars = 1000"
      line: "max_input_vars = 5000"
      state: present
  - name: php memory_limit 1024 set
    ansible.builtin.lineinfile:
      path: /etc/php.ini
      regexp: "^memory_limit"
      line: "memory_limit = 1024"
      state: present
  - name: httpd service restart
    ansible.builtin.systemd:
      name: httpd
      state: restarted

- name: mariadb installation & configuration
  hosts: httpd
  become: true

  tasks:
  - name: mariadb 10.11 repository add
    ansible.builtin.copy:
      src: /etc/ansible/templates/yum.repos.d/mariadb.repo
      dest: /etc/yum.repos.d/mariadb.repo
      owner: root
      group: root
      mode: "0644"
  - name: autoremove unneeded packages installed as dependencies
    ansible.builtin.dnf:
      autoremove: yes
  - name: update packages
    ansible.builtin.dnf:
      name: "*"
      state: latest
  - name: mariadb installation
    ansible.builtin.dnf:
      name: mariadb-server
      state: latest
  - name: python3-PyMySQL installation
    ansible.builtin.dnf:
      name: python3-PyMySQL
      state: present
  - name: mariadb service enable
    ansible.builtin.systemd:
      name: mariadb
      enabled: true
  - name: mariadb service start
    ansible.builtin.systemd:
      name: mariadb
      state: started
...

Leave a Reply

Your email address will not be published. Required fields are marked *