Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - name: Configure a full LEMP stack on an Ubuntu 14.04 server
- hosts: webservers
- sudo: True
- vars:
- MySQL_root_pass: freedomisntfree
- tasks:
- # Adds necessary repos to install Nginx/PHP-FPM
- - name: Update - Install Nginx Repository
- apt_repository: repo='ppa:nginx/stable'
- # Ensures that all system packages are up to date
- - name: Update - Full system package update
- apt: update_cache=yes upgrade=dist
- # Installs Nginx, the "E" in LEMP?
- - name: LEMP - Install Nginx
- apt: name=nginx state=installed
- # Installs and configures MySQL
- - name: LEMP - Set MySQL installation options - Set root password
- debconf: name='mysql-server' question='mysql-server/root_password' value='{{MySQL_root_pass | quote}}' vtype='password'
- - name: LEMP - Set MySQL installation options - Set root password again
- debconf: name='mysql-server' question='mysql-server/root_password_again' value='{{MySQL_root_pass | quote}}' vtype='password'
- - name: LEMP - Install MySQL
- apt: name=mysql-server state=installed
- - name: LEMP - Install MySQL utilities
- apt: name={{ item }} state=installed
- with_items:
- - mysql-utilities
- - python-mysqldb
- - name: LEMP - Secure MySQL - Remove test user
- mysql_user: user="" state="absent" login_password={{ MySQL_root_pass }} login_user=root
- - name: LEMP - Secure MySQL - Secure root user
- mysql_user: user="root" password={{ MySQL_root_pass }} host={{ item }} login_password={{ MySQL_root_pass }} login_user=root
- with_items:
- - 127.0.0.1
- - localhost
- - ::1
- - "{{ ansible_fqdn }}"
- - name: LEMP - Secure MySQL - Remove test database
- mysql_db: db=test state=absent login_password={{ MySQL_root_pass }} login_user=root
- # Installs PHP and other miscellaneous packages to ensure
- # proper communication between PHP, Apache, and MySQL
- - name: LEMP - Install PHP and some modules for it
- apt: name={{ item }} state=installed
- with_items:
- - php5
- - php5-mysql
- - php5-mcrypt
- - php5-sqlite
- - php5-curl
- - php5-cli
- - php5-cgi
- - php5-gd
- - php5-imagick
- - php5-intl
- - php5-xmlrpc
- # Installs PHP-FPM
- - name: LEMP - Install PHP-FPM
- apt: name=php5-fpm state=installed
- # Copies over necessary configuation files
- - name: LEMP - Copy configuration files - php.ini
- copy: src=lempstack/files/php.ini dest=/etc/php5/fpm/php.ini
- - name: LEMP - Copy configuration files - default
- copy: src=lempstack/files/default dest=/etc/nginx/sites-available/default
- - name: LEMP - Copy configuration files - www.conf
- copy: src=lempstack/files/www.conf dest=/etc/php5/fpm/pool.d/www.conf
- - name: LEMP - Copy configuration files - phpinfo.php
- copy: src=lempstack/files/phpinfo.php dest=/usr/share/nginx/html/phpinfo.php
- # Restarts necessary services
- - name: LEMP - Restarting LEMP services
- service: name={{ item }} state=restarted
- with_items:
- - mysql
- - nginx
- - php5-fpm
- # Installs and configures Postfix
- - name: Postfix - Set Postfix options - Set mail server type
- debconf: name=postfix question="postfix/main_mailer_type" value="'Internet Site'" vtype="string"
- - name: Postfix - Set Postfix options - Set mail server domain name
- debconf: name=postifx question="postfix/mailname" value={{ ansible_fqdn }} vtype="string"
- - name: Postfix - Install Postfix
- apt: name=postfix state=installed
- # Configures UFW firewall
- - name: Firewall - Install UFW
- apt: name=ufw state=installed
- - name: Firewall - Allowing traffic over HTTP
- ufw: rule=allow port=80 proto=tcp
- - name: Firewall - Allowing traffic over HTTPS
- ufw: rule=allow port=443 proto=tcp
- - name: Firewall - Allowing traffic over SSH
- ufw: rule=allow port=22 proto=tcp
- - name: Firewall - Enable and change policy to deny
- ufw: state=enabled policy=deny
- # Installs any other packages we might need
- - name: Misc - Install misc. packages
- apt: name={{ item }} state=installed
- with_items:
- - sysstat
- - htop
- - iotop
- - vim
- - zsh
- - cowsay
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement