Table of contents
Melanjutken kita materi Ansible di Part 2..
Create Roles Database MariaDB
next kita bikin roles install MariaDB, buat folder dengan nama mariadb di folder roles, dan di dalam folder mariadb create folder tasks.
main.yaml
- name: install database mariadb
apt:
name: '{{ item }}'
state: present
loop:
- mariadb-server
- mariadb-client
- python3-mysqldb
- name: database user
mysql_user:
name: '{{ db_user }}'
password: '{{db_password}}'
priv: '*.*:ALL'
state: present
host: '{{db_host}}'
- name: tambah database
mysql_db:
name: '{{ db_name }}'
state: present
- name: change bind address to 0.0.0.0
lineinfile:
path: /etc/mysql/mariadb.conf.d/50-server.cnf
regexp: '^bind-address'
line: bind-address = 0.0.0.0
backup: yes
notify:
- restart mariadb
mariadb-server-playbook.yaml
- name: Install Database Mariadb
hosts: database
become: yes
roles:
- roles/update-os
- role: roles/mariadb
vars:
db_user:
db_password:
db_host: '%'
db_name: 'db_landing_page'
untuk db_user dan db_password kita akan menggunakan ansible-vault karna itu merupakan data sensitif yang tidak mungkin lgsung terlihat. cara nya seperti ini :
~/studi-kasus$ ansible-vault encrypt_string 'mdrdani'
New Vault password: *buat password untuk encrypt/decrypt*
Confirm New Vault password:
!vault |
$ANSIBLE_VAULT;1.1;AES256
39643539643366643331396338383763393063396164646264633130653762623839653431323162
316331663131643065633334663531660a383135366333326237353435336638
37623935396361303432346535343135313066663464613036363732386166336164
3637393964356263310a383561323761666339366464643865376234623263623763383462653365
6566
Copy semua dari !vault| sampai angka terakhir . Lakukan juga untuk password tinggal di rubah string nya.
selanjutnya buat folder dengan nama handlers di dalam folder mariadb. Kegunaan untuk merestart service mariadb.
main.yaml
- name: restart mariadb
service:
name: mariadb
state: restarted
jika sudah semua maka kita jalankan playbook mariadb nya.
~/studi-kasus$ ansible-playbook -i inventory mariadb-server-playbook.yaml --ask-vault-password
Create Roles Web Landing Page
create folder landing-page di dalam folder roles, dan selanjut nya create folder tasks di dalam folder landing-page.
main.yaml
- name: install requirement
apt:
name: '{{ item }}'
state: present
loop:
- php-fpm
- php-mysql
- git
- name: create folder for app code
file:
path: /var/www/landingpage.***.me/html/
state: directory
owner: www-data
group: www-data
recurse: yes
- name: delete default config nginx
file:
path: '{{ item }}'
state: absent
loop:
- /etc/nginx/sites-available/default
- /etc/nginx/sites-enabled/default
- name: copy nginx config
copy:
src: files/default
dest: /etc/nginx/sites-available/default
- name: symbolik link nginx
file:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify:
- reload nginx
- name: git config safe directory
shell: git config --global --add safe.directory /var/www/landingpage.***.me/html
- name: pulling app
git:
repo: https://github.com/mdrdani/sample-php.git
dest: /var/www/landingpage.***.me/html/
update: yes
force: yes
- name: copy database.php ke server
template:
src: templates/database.php.j2
dest: /var/www/landingpage.***.me/html/application/config/database.php
*** diganti sesuai keinginan
pada main.yaml bagian name : copy nginx config kita akan membuat satu file dengan nama default. create folder files di dalam folder landing-page dan letakkan file default di dalamnya.
default
server {
listen 80;
root /var/www/landingpage.***.me/html/;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
next kita akan membuat file handlers untuk mereload ulang web service nginx. buat folder handlers di dalam folder landing-page.
main.yaml
- name: reload nginx
service:
name: nginx
state: reloaded
Selanjutnya kita akan merubah database.php dari framework Codeigniter. buat folder dengan nama templates didalam folder landing-page. setelah itu buat file dengan nama database.php.j2 didalam folder templates.
database.php.j2
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
$active_group = 'default';
$query_builder = TRUE;
$db['default'] = array(
'dsn' => '',
'hostname' => '{{ db_host }}',
'username' => '{{ db_user }}',
'password' => '{{ db_password }}',
'database' => '{{ db_name }}',
'dbdriver' => 'mysqli',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => (ENVIRONMENT !== 'production'),
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);
variable db_host, db_user, db_password, dan db_name akan di simpan di folder vars sebagai salah satu usaha mengamankan credential. Buat folder vars didalam folder landing-page dan buat file di dalam nya.
main.yaml
db_host: 102.108.****
db_user: ****
db_password: ******
db_name: db_landing_page
sesuaikan dengan konfigurasi yang diinginkan. jika sudah kita encrypt
~/vars$ ansible-vault encrypt main.yaml
New Vault password:
Confirm New Vault password:
Encryption successful
sehingga isi nya akan terenkripsi.
$ANSIBLE_VAULT;1.1;AES256
31376261373831303463343839303832333334613938363738656265366534313932356264663966
3032303462633033343532303737656333383434303539340a346131353862633363663431616465
37383630323532636531343231663036623337643437373765316362643535653166333366396133
6432643232666565610a666235613334316165313864343863663832326661653934323762636638
35373134636230643431383631346635653438336663656138346161346534343063646330616362
31633638623431376636346536393663646132636636393963373166393066303965346364373731
33666131386164666138616431343638616162656266643135326330666632636339643063386562
30346264633565623662333638333765316431393032313931643135393838653331333163646662
6435
Tambahkan roles/landing-page pada landing-page-playbook.yaml
- name: setup landing page server
hosts: landing-page
become: yes
roles:
- roles/update-os
- roles/nginx
- roles/landing-page
jika sudah semua maka kita jalankan playbook landing-page nya.
~/studi-kasus$ ansible-playbook -i inventory landing-page-playbook.yaml --ask-vault-password
oke check Web server nya apakah sudah berubah tampilan landing-page nya.