cloud-1/site.yml at main · 42-Course/cloud-1 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
---
# =============================================================================
# Cloud-1: Main Deployment Playbook
# =============================================================================
# This playbook automates the deployment of a WordPress stack (Inception)
# on remote servers using Docker containers.
#
# Requirements:
#   - Ubuntu 20.04 LTS on target server
#   - Python installed on target
#   - SSH access configured
#
# Usage:
#   ansible-playbook site.yml -i inventory/hosts
#   ansible-playbook site.yml -i inventory/hosts --check  # Dry run
# =============================================================================

- name: Deploy WordPress (Inception) on Scaleway
  # Target host group defined in inventory/hosts
  hosts: scaleway-wordpress

  # Run tasks with sudo privileges (required for Docker installation)
  become: true

  # Gather system information (OS, architecture, etc.)
  # Used for conditional tasks and variable substitution
  gather_facts: yes

  vars:
    # Project identifier - used for Docker compose project name
    project_name: "inception"

    # Installation directory on remote server
    # All configuration files and docker-compose.yml will be placed here
    # Using /root since Scaleway provides root user access
    docker_compose_path: "/root/inception"

    # Note: Database credentials and sensitive data should be in .env file
    # or encrypted using ansible-vault, not hardcoded here
    # Example: ansible-vault encrypt files/.env

  roles:
    # =========================================================================
    # Docker Role
    # =========================================================================
    # Installs Docker CE, docker-compose, and configures the Docker daemon
    # See roles/docker/tasks/main.yml for implementation details
    - { role: docker }

  tasks:
    # =========================================================================
    # Task 1: Create Project Directory
    # =========================================================================
    # Creates the main directory where all project files will be stored
    # This includes docker-compose.yml, .env, and any configuration files
    - name: Create project directory
      file:
        path: "{{ docker_compose_path }}"           # Directory path
        state: directory                             # Ensure it's a directory
        owner: root                                  # File owner
        group: root                                  # File group
        mode: '0755'                                 # Permissions: rwxr-xr-x
      tags:
        - directory
        - setup

    # =========================================================================
    # Task 2: Copy Docker Compose Configuration
    # =========================================================================
    # Transfers the docker-compose.yml from local files/ directory to remote
    # This file defines all containers: nginx, wordpress, mariadb, phpmyadmin
    - name: Copy docker-compose.yml
      copy:
        src: "files/docker-compose.yml"              # Local source
        dest: "{{ docker_compose_path }}/docker-compose.yml"  # Remote destination
        owner: root
        group: root
        mode: '0644'                                 # Readable by all, writable by owner
      tags:
        - docker-compose
        - config

    # =========================================================================
    # Task 3: Copy Environment Variables
    # =========================================================================
    # Copies .env file containing sensitive configuration:
    # - Database credentials (MYSQL_ROOT_PASSWORD, MYSQL_USER, etc.)
    # - WordPress configuration (DB_HOST, DB_NAME, etc.)
    # - Domain names
    #
    # Security: Mode 0600 ensures only owner can read/write
    - name: Copy environment file
      copy:
        src: "files/.env"
        dest: "{{ docker_compose_path }}/.env"
        owner: root
        group: root
        mode: '0600'                                 # Restrictive: rw-------
      tags:
        - env
        - config
        - secrets

    # =========================================================================
    # Task 4.5: Copy Requirements Directory (Dockerfiles)
    # =========================================================================
    # Copies the entire requirements directory containing Dockerfiles
    # for nginx, wordpress, and mariadb containers
    - name: Copy requirements directory with Dockerfiles
      copy:
        src: "files/requirements/"
        dest: "{{ docker_compose_path }}/requirements/"
        owner: root
        group: root
        mode: '0755'
      tags:
        - requirements
        - dockerfiles
        - config

    # =========================================================================
    # Task 5: Launch Docker Containers
    # =========================================================================
    # Starts all containers defined in docker-compose.yml
    #
    # Options:
    #   -d: Detached mode (run in background)
    #   --remove-orphans: Remove containers not defined in current compose file
    #
    # This task is idempotent: running multiple times won't create duplicates
    - name: Launch containers with docker compose
      shell: |
        cd {{ docker_compose_path }} && \
        docker compose up -d --build --remove-orphans
      args:
        chdir: "{{ docker_compose_path }}"
      tags:
        - deploy
        - containers

    # =========================================================================
    # Task 6: Verify WordPress Availability
    # =========================================================================
    # Health check: waits for WordPress to respond with HTTP 200
    #
    # Parameters:
    #   retries: 10 - Try up to 10 times
    #   delay: 5    - Wait 5 seconds between attempts
    #   timeout: 50 seconds total
    #
    # This ensures deployment is successful before playbook completes
    - name: Wait for WordPress to become available
      uri:
        url: "http://{{ ansible_host }}"             # Check main website
        return_content: no                           # Don't retrieve page content
        validate_certs: no                           # Allow self-signed certs
      register: check_wp                             # Store result
      until: check_wp.status == 200                  # Retry until success
      retries: 5
      delay: 10
      tags:
        - verify
        - healthcheck

    # =========================================================================
    # Task 7: Enable Auto-Start on Boot
    # =========================================================================
    # Ensures Docker daemon starts automatically when server reboots
    # This guarantees containers will restart after system reboot
    #
    # Requirement: "Your site can restart automatically if the server is rebooted"
    - name: Enable docker service to start on boot
      systemd:
        name: docker
        state: started                               # Ensure service is running
        enabled: yes                                 # Enable on boot
      tags:
        - docker
        - autostart