New phpMyAdmin role.
This commit is contained in:
parent
4ab2140e6c
commit
0afde0cd70
37
README.md
37
README.md
|
@ -1,3 +1,36 @@
|
|||
# ansible-role-phpmyadmin
|
||||
Role Name
|
||||
=========
|
||||
|
||||
Install the phpMyAdmin service
|
||||
Role that installs phpMyAdmin. Optionally depends on apache/nginx and php-fpm. I do not force the dependency because it could be installed together with other PHP applications.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Some PHP package dependencies are listed in the documentation at <https://docs.phpmyadmin.net/en/latest/require.html#php>.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
No Galaxy dependecies right now
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: phpMyAdmin }
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
EUPL 1.2
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
http_port: 80
|
||||
https_port: 443
|
||||
phpmyadmin_shared_installation: True
|
||||
phpmyadmin_behind_nginx: True
|
||||
phpmyadmin_behind_apache: False
|
||||
phpmyadmin_version: 5.0.2
|
||||
phpmyadmin_app: 'phpMyAdmin-{{ phpmyadmin_version }}-all-languages'
|
||||
phpmyadmin_download_link: 'https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_app }}.zip'
|
||||
|
||||
phpmyadmin_local_nginx: True
|
||||
phpmyadmin_local_nginx_virtualhost: '{{ wordpress_local_nginx }}'
|
||||
phpmyadmin_servername: '{{ ansible_fqdn }}'
|
||||
phpmyadmin_install_dir: /srv/phpmyadmin
|
||||
phpmyadmin_phpfpm_pool_name: phpmyadmin
|
||||
phpmyadmin_phpfpm_pool_user: phpmyadmin
|
||||
phpmyadmin_phpfpm_doc_root: '{{ phpmyadmin_install_dir }}/phpmyadmin'
|
||||
phpmyadmin_phpfpm_app_context: '/phpmyadmin'
|
||||
phpmyadmin_phpfpm_pm_max_children: "6"
|
||||
phpmyadmin_phpfpm_pm_start_servers: 2
|
||||
phpmyadmin_phpfpm_pm_min_spare_servers: 2
|
||||
phpmyadmin_phpfpm_pm_max_spare_servers: 3
|
||||
phpmyadmin_phpfpm_virthost: '{{ ansible_fqdn }}'
|
||||
phpmyadmin_default_lang: 'en'
|
||||
phpmyadmin_phpfpm_listen_on_socket: True
|
||||
phpmyadmin_php_listen: '{{ php_run_dir }}/phpmyadmin.sock'
|
||||
# https://phpsolved.com/phpmyadmin-blowfish-secret-generator/
|
||||
#phpmyadmin_blowfish_secret: 'generate it'
|
||||
|
||||
phpmyadmin_target_servers:
|
||||
- { description: 'local mysql server', host: 'localhost', port: 3306, socket: '', ssl: 'true', auth_type: 'cookie', user: '', password: '', only_db: "'db1', 'db2'", allowroot: 'false' }
|
||||
|
||||
php_global_settings: '{{ phpmyadmin_php_global_settings }}'
|
||||
phpfpm_pools: '{{ phpmyadmin_phpfpm_pool }}'
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# handlers file for phpMyAdmin
|
|
@ -0,0 +1,46 @@
|
|||
galaxy_info:
|
||||
author: Andrea Dell'Amico
|
||||
description: IT architect
|
||||
company: ISTI-CNR
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Some suggested licenses:
|
||||
# - BSD (default)
|
||||
# - MIT
|
||||
# - GPLv2
|
||||
# - GPLv3
|
||||
# - Apache
|
||||
# - CC-BY
|
||||
license: EUPL 1.2
|
||||
|
||||
min_ansible_version: 2.7
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies:
|
||||
- { role: '../../library/roles/php-fpm', when: not phpmyadmin_shared_installation | bool }
|
||||
- { role: '../../library/roles/nginx', when: not phpmyadmin_shared_installation | bool and phpmyadmin_behind_nginx | bool }
|
||||
- { role: '../../library/roles/apache', when: not phpmyadmin_shared_installation | bool and phpmyadmin_behind_apache | bool }
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- import_tasks: phpmyadmin_install.yml
|
||||
- import_tasks: phpmyadmin_nginx.yml
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the phpMyAdmin php prerequisites
|
||||
apt: name={{ item }} state=present cache_valid_time=1800
|
||||
with_items: '{{ phpmyadmin_php_packages }}'
|
||||
|
||||
tags: [ 'phpMyadmin', 'phpmyadmin' ]
|
||||
|
||||
- name: Install and configure phpMyAdmin
|
||||
block:
|
||||
- name: Create the phpmyadmin download directory
|
||||
file: dest={{ phpmyadmin_install_dir }} state=directory
|
||||
|
||||
- name: Create the phpmyadmin download, upload and tmp directories
|
||||
file: dest={{ item }} state=directory owner={{ phpmyadmin_phpfpm_pool_user }} mode=0700
|
||||
with_items:
|
||||
- '{{ phpmyadmin_install_dir }}/upload'
|
||||
- '{{ phpmyadmin_install_dir }}/download'
|
||||
- '{{ phpmyadmin_install_dir }}/tmp'
|
||||
|
||||
- name: Download and unarchive the phpMyAdmin distribution
|
||||
unarchive: remote_src=yes src={{ phpmyadmin_download_link }} dest={{ phpmyadmin_install_dir }}
|
||||
args:
|
||||
creates: '{{ phpmyadmin_install_dir }}/{{ phpmyadmin_app }}/index.php'
|
||||
|
||||
- name: Remove the test and setup directories
|
||||
file: dest={{ phpmyadmin_install_dir }}/{{ phpmyadmin_app }}/{{ item }} state=absent
|
||||
with_items:
|
||||
- 'test'
|
||||
- setup
|
||||
|
||||
- name: Set the path to the phpMyAdmin installation
|
||||
file: src={{ phpmyadmin_install_dir }}/{{ phpmyadmin_app }} dest={{ phpmyadmin_phpfpm_doc_root }} state=link
|
||||
|
||||
- name: Install the phpMyAdmin config file
|
||||
template: src=phpmyadmin-config.inc.php.j2 dest={{ phpmyadmin_phpfpm_doc_root }}/config.inc.php owner={{ phpmyadmin_phpfpm_pool_user }} group={{ phpmyadmin_phpfpm_pool_user }} mode=0440
|
||||
|
||||
tags: [ 'phpMyadmin', 'phpmyadmin' ]
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the nginx virtualhost
|
||||
template: src=phpmyadmin_wordpress.conf.j2 dest=/etc/nginx/sites-available/phpmyadmin.conf mode=0444
|
||||
with_items: '{{ phpfpm_pools }}'
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Enable the nginx virtualhost
|
||||
file: src=/etc/nginx/sites-available/phpmyadmin.conf dest=/etc/nginx/sites-enabled/phpmyadmin.conf state=link
|
||||
notify: Reload nginx
|
||||
|
||||
when: phpmyadmin_local_nginx_virtualhost | bool
|
||||
tags: [ 'phpMyadmin', 'phpmyadmin', 'nginx', 'virtualhost' ]
|
|
@ -0,0 +1,142 @@
|
|||
upstream php {
|
||||
{% if phpmyadmin_phpfpm_listen_on_socket %}
|
||||
server unix:{{ item.listen }};
|
||||
{% else %
|
||||
server {{ item.listen }};
|
||||
{% endif %}}
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{ http_port }};
|
||||
## Your website name goes here.
|
||||
server_name {{ item.virthost }};
|
||||
## Your only path reference.
|
||||
root {{ item.doc_root }};
|
||||
|
||||
{% if nginx_block_dotfiles %}
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if letsencrypt_acme_install %}
|
||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||
{% endif %}
|
||||
|
||||
## This should be in your http block and if it is, it's not needed here.
|
||||
index index.php;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# don't send the nginx version number in error pages and Server header
|
||||
server_tokens off;
|
||||
|
||||
{% if nginx_client_body_temp_dir is defined %}
|
||||
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ item.virthost }}$request_uri;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{ https_port }} ssl http2;
|
||||
## Your website name goes here.
|
||||
server_name {{ item.virthost }} {{ item.virthost_aliases }};
|
||||
## Your only path reference.
|
||||
root {{ item.doc_root }};
|
||||
|
||||
{% if letsencrypt_acme_install %}
|
||||
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
||||
{% endif %}
|
||||
|
||||
## This should be in your http block and if it is, it's not needed here.
|
||||
index index.php;
|
||||
|
||||
{% if nginx_block_dotfiles %}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if haproxy_ips is defined %}
|
||||
# We are behind haproxy
|
||||
{% for ip in haproxy_ips %}
|
||||
set_real_ip_from {{ ip }};
|
||||
{% endfor %}
|
||||
real_ip_header X-Forwarded-For;
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if item.max_body is defined %}
|
||||
client_max_body_size {{ item.max_body }};
|
||||
{% else %}
|
||||
client_max_body_size {{ nginx_client_max_body_size }};
|
||||
{% endif %}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# don't send the nginx version number in error pages and Server header
|
||||
server_tokens off;
|
||||
|
||||
{% if nginx_client_body_temp_dir is defined %}
|
||||
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
# This is cool because no php is touched for static content.
|
||||
# include the "?$args" part so non-default permalinks doesn't break when using query string
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
/* Servers configuration */
|
||||
{% for server in phpmyadmin_target_servers %}
|
||||
/* Server: {{ server.description }} [{{ server.id }}] */
|
||||
$cfg['Servers'][{{ server.id }}]['verbose'] = '{{ server.description }}';
|
||||
$cfg['Servers'][{{ server.id }}]['host'] = '{{ server.host }}';
|
||||
$cfg['Servers'][{{ server.id }}]['port'] = {{ server.port }};
|
||||
$cfg['Servers'][{{ server.id }}]['socket'] = '{{ server.socket }}';
|
||||
$cfg['Servers'][{{ server.id }}]['ssl'] = {{ server.ssl }};
|
||||
$cfg['Servers'][{{ server.id }}]['auth_type'] = '{{ server.auth_type }}';
|
||||
$cfg['Servers'][{{ server.id }}]['user'] = '{{ server.user }}';
|
||||
$cfg['Servers'][{{ server.id }}]['password'] = '{{ server.password }}';
|
||||
$cfg['Servers'][{{ server.id }}]['only_db'] = array({{ server.only_db }});
|
||||
$cfg['Servers'][{{ server.id }}]['AllowRoot'] = {{ server.allowroot }};
|
||||
|
||||
{% endfor %}
|
||||
/* End of servers configuration */
|
||||
|
||||
$cfg['blowfish_secret'] = "{{ phpmyadmin_blowfish_secret }}";
|
||||
$cfg['DefaultLang'] = '{{ phpmyadmin_default_lang }}';
|
||||
$cfg['ServerDefault'] = 1;
|
||||
$cfg['UploadDir'] = '{{ phpmyadmin_install_dir }}/upload';
|
||||
$cfg['SaveDir'] = '{{ phpmyadmin_install_dir}}/download';
|
||||
$cfg['TempDir'] = '{{ phpmyadmin_install_dir}}/tmp';
|
||||
?>
|
|
@ -0,0 +1,2 @@
|
|||
localhost
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- phpMyAdmin
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
phpmyadmin_php_packages:
|
||||
- 'php{{ php_version }}-fpm'
|
||||
- 'php{{ php_version }}-json'
|
||||
- 'php{{ php_version }}-intl'
|
||||
- 'php{{ php_version }}-cli'
|
||||
- 'php{{ php_version }}-mysqlnd'
|
||||
- 'php{{ php_version }}-gd'
|
||||
- 'php{{ php_version }}-json'
|
||||
- 'php{{ php_version }}-curl'
|
||||
- 'php{{ php_version }}-mbstring'
|
||||
- 'php{{ php_version }}-readline'
|
||||
- 'php{{ php_version }}-bz2'
|
||||
- 'php{{ php_version }}-zip'
|
||||
- php-php-gettext
|
||||
- php-phpseclib
|
||||
- php-tcpdf
|
||||
- imagemagick
|
||||
|
||||
phpmyadmin_php_global_settings:
|
||||
- { option: 'always_populate_raw_post_data', value: '-1' }
|
||||
- { option: 'allow_url_fopen', value: 'off' }
|
||||
- { option: 'max_execution_time', value: '300' }
|
||||
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
|
||||
- { option: 'max_input_vars', value: '1400' }
|
||||
- { option: 'post_max_size', value: '64M' }
|
||||
- { option: 'upload_max_filesize', value: '32M' }
|
||||
- { option: 'opcache.enable', value: '1', section: 'opcache' }
|
||||
- { option: 'opcache.enable', value: '1', section: 'opcache' }
|
||||
- { option: 'opcache.save_comments', value: '96', section: 'opcache' }
|
||||
- { option: 'apc.shm_size', value: '32M' }
|
||||
|
||||
phpmyadmin_phpfpm_pool:
|
||||
- { pool_name: '{{ phpmyadmin_phpfpm_pool_name }}', app_context: '{{ phpmyadmin_phpfpm_app_context }}', doc_root: '{{ phpmyadmin_phpfpm_doc_root }}', user: '{{ phpmyadmin_phpfpm_pool_user }}', group: '{{ phpfpm_co_guard_user }}', listen: '{{ phpmyadmin_php_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpmyadmin_phpfpm_pm_max_children }}', pm_start_servers: '{{ phpmyadmin_phpfpm_pm_start_servers }}', pm_min_spare: '{{ phpmyadmin_phpfpm_pm_min_spare_servers }}', pm_max_spare: '{{ phpmyadmin_phpfpm_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', req_term_timeout: '240s', admin_write: True, virthost: '{{ phpmyadmin_phpfpm_virthost }}' }
|
Loading…
Reference in New Issue