Enable Drupal deployment to be limited to a single jail

026b8478 · jurgenhaas · 2017b2e7 · 026b8478 · 026b8478
Commit 026b8478 authored 8 years ago by jurgenhaas
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -20,174 +20,179 @@
  - set_fact: relativeRoot='{{ drupal.relativeRoot|default(drupal_links_relative_root) }}'
  tags: always

- name: "Configure Apache"
-  include: apache.yml
-
- name: "Ensure Drupal Root Directory"
-  file:
-    path='{{ docRoot }}'
-    state='directory'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode=775
-
- name: "File Modes and Ownership"
-  file:
-    path='{{ docRoot }}'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='g+w'
-    recurse=yes
-  tags: 'deploy'
-
- name: "Check Installation Requirement"
-  shell: ls {{ drupalRoot }}/index.php
-  register: drupal_available
-  failed_when: false
-
- set_fact:
-    drupal_available:
-      stdout: ''
-  tags: 'deploy'
-
- include: install.{{ installSource.mode|default("none") }}.yml
-  when: drupal_install_drupal and drupal_available is defined and drupal_available.stdout != '{{ drupalRoot }}/index.php'
-
- include: install.{{ drupal.version|default("d7") }}.yml
-  when: drupal_install_drupal and drupal_available is defined and drupal_available.stdout != '{{ drupalRoot }}/index.php'
-
- name: "Ensure links"
-  file:
-    src: '{{ webRoot }}{{ item.src }}'
-    dest: '{{ drupalRoot }}{{ item.dest }}'
-    state: 'link'
-  with_items: '{{ drupal.links|default([]) }}'
-  tags: 'deploy'
-
- include: users.{{ installSource.mode|default("none") }}.yml
-  when: drupal_install_drupal and drupal.src.name is defined
-  tags: 'SetPermissions'
-
- name: "Configuration file"
-  template:
-    src='{{ item.src }}'
-    dest='{{ drupalRoot }}{{ item.dest }}'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='664'
-  with_items: '{{ drupal.templates|default([]) }}'
-
- name: "Ensure Settings Directory"
-  file:
-    dest='{{ webRoot }}/settings/{{ item.shortname|default("default") }}'
-    state='directory'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='755'
-  with_items: '{{ drupal.domains }}'
-
- name: "Ensure File Directories"
-  file:
-    dest='{{ webRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
-    state='directory'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='755'
-  with_nested:
-    - '{{ drupal.domains }}'
-    - ['files', 'private']
-
- name: "Ensure Site Directories"
-  file:
-    dest='{{ drupalRoot }}/sites/{{ item.shortname|default("default") }}'
-    state='directory'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='755'
-  with_items: '{{ drupal.domains }}'
-
- name: "Link Site Directory to File Directory"
-  file:
-    src='{{ relativeRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
-    dest='{{ drupalRoot }}/sites/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
-    state='link'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='755'
-  with_nested:
-    - '{{ drupal.domains }}'
-    - ['files', 'private']
-
- name: "Ensure .htaccess"
-  template:
-    src='.htaccess'
-    dest='{{ webRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}/.htaccess'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='444'
-  with_nested:
-    - '{{ drupal.domains }}'
-    - ['files', 'private']
-
- name: "Create symbolic links"
-  file:
-    src='{{ item.shortname|default("default") }}'
-    path='{{ drupalRoot }}/sites/{{ item.1 }}'
-    state='link'
-    force=yes
-  with_subelements:
-    - '{{ drupal.domains }}'
-    - aliases
-  when: drupal.version|default("d7") == "d6"
-
- name: "Create the settings.php files"
-  template:
-    src='{{ drupal.template_dir|default('') }}{{ drupal.version|default("d7") }}_settings.php'
-    dest='{{ webRoot }}/settings/{{ item.shortname|default("default") }}/settings.php'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='444'
-  with_items: '{{ drupal.domains }}'
-
- name: "Create symbolic links"
-  file:
-    src='{{ relativeRoot }}/settings/{{ item.shortname|default("default") }}/settings.php'
-    path='{{ drupalRoot }}/sites/{{ item.shortname|default("default") }}/settings.php'
-    state='link'
-    force=yes
-  with_items: '{{ drupal.domains }}'
-
- name: "File Modes and Ownership"
-  file:
-    path='{{ item }}'
-    owner='{{ apacheUser }}'
-    group='{{ apacheUser }}'
-    mode='a-w'
-    recurse=yes
-  with_items:
-    - '{{ docRoot }}'
-    - '{{ webRoot }}/settings'
-
- name: "Make site directories writeable"
-  file:
-    path='{{ webRoot }}/files'
-    mode='ug+w'
-    recurse=yes
-
- name: "Setup Crontabs for each domain"
-  cron:
-    name='Drupal {{ item.1.name }}'
-    month='{{ item.1.month|default(omit) }}'
-    day='{{ item.1.day|default(omit) }}'
-    weekday='{{ item.1.weekday|default(omit) }}'
-    hour='{{ item.1.hour|default(omit) }}'
-    minute='{{ item.1.minute|default(omit) }}'
-    job='{{ item.1.job }} >/dev/null 2>&1'
-    user='{{ cronUser }}'
-  with_subelements:
-    - '{{ drupal.domains }}'
-    - crontabs
-  tags: 'cron'
-
- name: "Set Extended Permissions"
-  command: setfacl -dRm u:{{ apacheUser }}:rwX,g:{{ apacheUser }}:rwX,o::rX {{ webRoot }}/files
+- block:
+
+  - name: "Configure Apache"
+    include: apache.yml
+
+  - name: "Ensure Drupal Root Directory"
+    file:
+      path='{{ docRoot }}'
+      state='directory'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode=775
+
+  - name: "File Modes and Ownership"
+    file:
+      path='{{ docRoot }}'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='g+w'
+      recurse=yes
+    tags: 'deploy'
+
+  - name: "Check Installation Requirement"
+    shell: ls {{ drupalRoot }}/index.php
+    register: drupal_available
+    failed_when: false
+
+  # TODO: The following mechanism doesn't work, it clear the variable drupal_available always, not only when the tag is defined.
+  #- set_fact:
+  #    drupal_available:
+  #      stdout: ''
+  #  tags: 'deploy'
+
+  - include: install.{{ installSource.mode|default("none") }}.yml
+    when: drupal_install_drupal and drupal_available is defined and drupal_available.stdout != '{{ drupalRoot }}/index.php'
+
+  - include: install.{{ drupal.version|default("d7") }}.yml
+    when: drupal_install_drupal and drupal_available is defined and drupal_available.stdout != '{{ drupalRoot }}/index.php'
+
+  - name: "Ensure links"
+    file:
+      src: '{{ webRoot }}{{ item.src }}'
+      dest: '{{ drupalRoot }}{{ item.dest }}'
+      state: 'link'
+    with_items: '{{ drupal.links|default([]) }}'
+    tags: 'deploy'
+
+  - include: users.{{ installSource.mode|default("none") }}.yml
+    when: drupal_install_drupal and drupal.src.name is defined
+    tags: 'SetPermissions'
+
+  - name: "Configuration file"
+    template:
+      src='{{ item.src }}'
+      dest='{{ drupalRoot }}{{ item.dest }}'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='664'
+    with_items: '{{ drupal.templates|default([]) }}'
+
+  - name: "Ensure Settings Directory"
+    file:
+      dest='{{ webRoot }}/settings/{{ item.shortname|default("default") }}'
+      state='directory'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='755'
+    with_items: '{{ drupal.domains }}'
+
+  - name: "Ensure File Directories"
+    file:
+      dest='{{ webRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
+      state='directory'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='755'
+    with_nested:
+      - '{{ drupal.domains }}'
+      - ['files', 'private']
+
+  - name: "Ensure Site Directories"
+    file:
+      dest='{{ drupalRoot }}/sites/{{ item.shortname|default("default") }}'
+      state='directory'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='755'
+    with_items: '{{ drupal.domains }}'
+
+  - name: "Link Site Directory to File Directory"
+    file:
+      src='{{ relativeRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
+      dest='{{ drupalRoot }}/sites/{{ item.0.shortname|default("default") }}/{{ item.1 }}'
+      state='link'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='755'
+    with_nested:
+      - '{{ drupal.domains }}'
+      - ['files', 'private']
+
+  - name: "Ensure .htaccess"
+    template:
+      src='.htaccess'
+      dest='{{ webRoot }}/files/{{ item.0.shortname|default("default") }}/{{ item.1 }}/.htaccess'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='444'
+    with_nested:
+      - '{{ drupal.domains }}'
+      - ['files', 'private']
+
+  - name: "Create symbolic links"
+    file:
+      src='{{ item.shortname|default("default") }}'
+      path='{{ drupalRoot }}/sites/{{ item.1 }}'
+      state='link'
+      force=yes
+    with_subelements:
+      - '{{ drupal.domains }}'
+      - aliases
+    when: drupal.version|default("d7") == "d6"
+
+  - name: "Create the settings.php files"
+    template:
+      src='{{ drupal.template_dir|default('') }}{{ drupal.version|default("d7") }}_settings.php'
+      dest='{{ webRoot }}/settings/{{ item.shortname|default("default") }}/settings.php'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='444'
+    with_items: '{{ drupal.domains }}'
+
+  - name: "Create symbolic links"
+    file:
+      src='{{ relativeRoot }}/settings/{{ item.shortname|default("default") }}/settings.php'
+      path='{{ drupalRoot }}/sites/{{ item.shortname|default("default") }}/settings.php'
+      state='link'
+      force=yes
+    with_items: '{{ drupal.domains }}'
+
+  - name: "File Modes and Ownership"
+    file:
+      path='{{ item }}'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='a-w'
+      recurse=yes
+    with_items:
+      - '{{ docRoot }}'
+      - '{{ webRoot }}/settings'
+
+  - name: "Make site directories writeable"
+    file:
+      path='{{ webRoot }}/files'
+      mode='ug+w'
+      recurse=yes
+
+  - name: "Setup Crontabs for each domain"
+    cron:
+      name='Drupal {{ item.1.name }}'
+      month='{{ item.1.month|default(omit) }}'
+      day='{{ item.1.day|default(omit) }}'
+      weekday='{{ item.1.weekday|default(omit) }}'
+      hour='{{ item.1.hour|default(omit) }}'
+      minute='{{ item.1.minute|default(omit) }}'
+      job='{{ item.1.job }} >/dev/null 2>&1'
+      user='{{ cronUser }}'
+    with_subelements:
+      - '{{ drupal.domains }}'
+      - crontabs
+    tags: 'cron'
+
+  - name: "Set Extended Permissions"
+    command: setfacl -dRm u:{{ apacheUser }}:rwX,g:{{ apacheUser }}:rwX,o::rX {{ webRoot }}/files
+
+  when: limit_jail is not defined or limit_jail == drupal.jail.name
--- a/tasks/mysql.yml
+++ b/tasks/mysql.yml
@@ -2,61 +2,66 @@
 # file: roles/drupal/tasks/mysql.yml

 - block:
+  - set_fact: drupal='{{ item.0 }}'
  - set_fact: db='{{ item.1.db }}'
  - set_fact: extra={{ db.extra|default([]) }}
  tags: always

- name: "Ensure Database"
-  mysql_db:
-    name='{{ db.name }}'
-    login_user='root'
-    login_password='{{ mysql_root_password|default("root") }}'
-    login_host='127.0.0.1'
-    login_port='{{ db.port|default('3306') }}'
-    state='present'
+- block:
+
+  - name: "Ensure Database"
+    mysql_db:
+      name='{{ db.name }}'
+      login_user='root'
+      login_password='{{ mysql_root_password|default("root") }}'
+      login_host='127.0.0.1'
+      login_port='{{ db.port|default('3306') }}'
+      state='present'
+
+  - name: "Ensure extra Databases"
+    mysql_db:
+      name='{{ item.name }}'
+      login_user='root'
+      login_password='{{ mysql_root_password|default("root") }}'
+      login_host='127.0.0.1'
+      login_port='{{ item.port|default('3306') }}'
+      state='present'
+    with_items: '{{ extra }}'

- name: "Ensure extra Databases"
-  mysql_db:
-    name='{{ item.name }}'
-    login_user='root'
-    login_password='{{ mysql_root_password|default("root") }}'
-    login_host='127.0.0.1'
-    login_port='{{ item.port|default('3306') }}'
-    state='present'
-  with_items: '{{ extra }}'
+  - name: "Create MySQL User"
+    mysql_user:
+      user='{{ db.username|default("root") }}'
+      password='{{ db.password|default(mysql_root_password|default("root")) }}'
+      host='{{ item }}'
+      check_implicit_admin=yes
+      priv='{{ db.name }}.*:ALL'
+      login_user='root'
+      login_password='{{ mysql_root_password|default("root") }}'
+      login_host='127.0.0.1'
+      login_port='{{ db.port|default('3306') }}'
+    with_items:
+      - 'localhost'
+      - '127.0.0.1'
+      - '::1'
+      - '{{ inventory_hostname }}'
+    when: db.username is defined and db.username != 'root'
+    notify: "MySQL | Restart MySQL"

- name: "Create MySQL User"
-  mysql_user:
-    user='{{ db.username|default("root") }}'
-    password='{{ db.password|default(mysql_root_password|default("root")) }}'
-    host='{{ item }}'
-    check_implicit_admin=yes
-    priv='{{ db.name }}.*:ALL'
-    login_user='root'
-    login_password='{{ mysql_root_password|default("root") }}'
-    login_host='127.0.0.1'
-    login_port='{{ db.port|default('3306') }}'
-  with_items:
-    - 'localhost'
-    - '127.0.0.1'
-    - '::1'
-    - '{{ inventory_hostname }}'
-  when: db.username is defined and db.username != 'root'
-  notify: "MySQL | Restart MySQL"
+  - name: "Create MySQL User for extra Databases"
+    mysql_user:
+      user='{{ item.0.username|default("root") }}'
+      password='{{ item.0.password|default(mysql_root_password|default("root")) }}'
+      host='{{ item.1 }}'
+      check_implicit_admin=yes
+      priv='{{ item.0.name }}.*:ALL'
+      login_user='root'
+      login_password='{{ mysql_root_password|default("root") }}'
+      login_host='127.0.0.1'
+      login_port='{{ item.0.port|default('3306') }}'
+    with_nested:
+      - '{{ extra }}'
+      - ['localhost', '127.0.0.1', '::1', '{{ inventory_hostname }}']
+    when: item.0.username is defined and item.0.username != 'root'
+    notify: "MySQL | Restart MySQL"

- name: "Create MySQL User for extra Databases"
-  mysql_user:
-    user='{{ item.0.username|default("root") }}'
-    password='{{ item.0.password|default(mysql_root_password|default("root")) }}'
-    host='{{ item.1 }}'
-    check_implicit_admin=yes
-    priv='{{ item.0.name }}.*:ALL'
-    login_user='root'
-    login_password='{{ mysql_root_password|default("root") }}'
-    login_host='127.0.0.1'
-    login_port='{{ item.0.port|default('3306') }}'
-  with_nested:
-    - '{{ extra }}'
-    - ['localhost', '127.0.0.1', '::1', '{{ inventory_hostname }}']
-  when: item.0.username is defined and item.0.username != 'root'
-  notify: "MySQL | Restart MySQL"
+  when: limit_jail is not defined or limit_jail == drupal.jail.name