---
# Master Site Playbook for Custom PHP Framework
# Coordinates different deployment scenarios (infrastructure setup, application deployment, rollbacks)
- name: Custom PHP Framework Infrastructure Deployment
hosts: all
become: true
gather_facts: true
vars:
# Deployment metadata
deployment_timestamp: "{{ ansible_date_time.epoch }}"
deployment_version: "{{ ansible_date_time.iso8601 }}"
pre_tasks:
- name: Display deployment information
debug:
msg:
- "Deploying Custom PHP Framework"
- "Environment: {{ environment | upper }}"
- "Domain: {{ domain_name }}"
- "PHP Version: {{ php_version }}"
- "Target Host: {{ inventory_hostname }}"
- "Deployment Time: {{ ansible_date_time.iso8601 }}"
tags: always
- name: Verify environment requirements
assert:
that:
- deploy_env is defined
- deploy_env in ['production', 'staging', 'development']
- domain_name is defined
- ssl_email is defined
- php_version == '8.4'
fail_msg: "Required variables are not properly defined"
success_msg: "Environment requirements verified"
tags: always
- name: Update system packages
package:
update_cache: true
upgrade: safe
cache_valid_time: 3600
when: environment != 'development'
tags:
- system
- packages
- name: Install essential system packages
package:
name: "{{ common_packages }}"
state: present
tags:
- system
- packages
- name: Configure timezone
timezone:
name: "{{ timezone }}"
tags: system
- name: Configure system locale
locale_gen:
name: "{{ locale }}"
state: present
tags: system
roles:
# Base Security Hardening
- role: base-security
tags:
- security
- base
when: security_level is defined
# Docker Runtime Environment
- role: docker-runtime
tags:
- docker
- runtime
- php
# Nginx Reverse Proxy with SSL
- role: nginx-proxy
tags:
- nginx
- proxy
- ssl
when: nginx_enabled | default(true)
# System Monitoring and Health Checks
- role: monitoring
tags:
- monitoring
- health
when: monitoring_enabled | default(true)
post_tasks:
- name: Create deployment marker
copy:
content: |
Deployment Information:
- Environment: {{ environment }}
- Domain: {{ domain_name }}
- PHP Version: {{ php_version }}
- Deployment Time: {{ ansible_date_time.iso8601 }}
- Deployed By: {{ ansible_user }}
- Ansible Version: {{ ansible_version.full }}
- Framework Version: {{ framework.version | default('1.0.0') }}
dest: /opt/deployment-info.txt
owner: root
group: root
mode: '0644'
tags: always
- name: Verify critical services are running
service_facts:
tags: verification
- name: Check critical services status
assert:
that:
- ansible_facts.services['nginx.service'].state == 'running'
- ansible_facts.services['docker.service'].state == 'running'
- ansible_facts.services['ufw.service'].state == 'running' or not (firewall_strict_mode | default(true))
- ansible_facts.services['fail2ban.service'].state == 'running' or not (fail2ban_enabled | default(true))
fail_msg: "Critical services are not running properly"
success_msg: "All critical services are running"
tags: verification
- name: Perform application health check
uri:
url: "{{ 'https' if ssl_provider != 'self-signed' and environment != 'development' else 'http' }}://{{ domain_name }}/health"
method: GET
status_code: [200, 404] # 404 is acceptable if health endpoint doesn't exist yet
timeout: 30
validate_certs: "{{ environment == 'production' }}"
register: health_check
ignore_errors: true
tags: verification
- name: Display health check results
debug:
msg:
- "Health check status: {{ health_check.status | default('Failed') }}"
- "Response time: {{ health_check.elapsed | default('N/A') }}s"
tags: verification
- name: Create deployment summary
debug:
msg:
- "=== DEPLOYMENT COMPLETED SUCCESSFULLY ==="
- "Environment: {{ environment | upper }}"
- "Domain: {{ domain_name }}"
- "SSL: {{ 'Enabled' if ssl_provider != 'self-signed' else 'Self-signed' }}"
- "PHP Version: {{ php_version }}"
- "Docker: Running"
- "Nginx: Running"
- "Security: {{ 'Hardened' if security_level == 'high' else 'Standard' }}"
- "Monitoring: {{ 'Enabled' if monitoring_enabled else 'Disabled' }}"
- "Backup: {{ 'Enabled' if backup_enabled else 'Disabled' }}"
- "Deployment Time: {{ (ansible_date_time.epoch | int - deployment_timestamp | int) }}s"
- "========================================"
tags: always
# Additional playbooks for specific operations
- name: Framework Application Deployment
hosts: web_servers
become: true
gather_facts: false
vars:
app_path: "/var/www/html"
tasks:
- name: Ensure application directory exists
file:
path: "{{ app_path }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
tags: app
- name: Create framework health check endpoint
copy:
content: |
'healthy',
'timestamp' => date('c'),
'environment' => '{{ environment }}',
'php_version' => PHP_VERSION,
'framework_version' => '{{ framework.version | default("1.0.0") }}',
'checks' => []
];
// Check PHP version
$health['checks']['php'] = version_compare(PHP_VERSION, '8.4.0', '>=') ? 'ok' : 'warning';
// Check if framework is loadable
$health['checks']['framework'] = file_exists('/var/www/html/public/index.php') ? 'ok' : 'error';
// Check write permissions
$health['checks']['permissions'] = is_writable('/var/www/html/storage') ? 'ok' : 'warning';
// Determine overall status
$hasError = in_array('error', $health['checks']);
$hasWarning = in_array('warning', $health['checks']);
if ($hasError) {
$health['status'] = 'unhealthy';
http_response_code(500);
} elseif ($hasWarning) {
$health['status'] = 'warning';
http_response_code(200);
} else {
http_response_code(200);
}
echo json_encode($health, JSON_PRETTY_PRINT);
dest: "{{ app_path }}/health.php"
owner: www-data
group: www-data
mode: '0644'
tags: app
- name: Create basic index.php if it doesn't exist
copy:
content: |
Custom PHP Framework";
echo "Environment: {{ environment | upper }}
";
echo "PHP Version: " . PHP_VERSION . "
";
echo "Server Time: " . date('Y-m-d H:i:s') . "
";
echo "Domain: {{ domain_name }}
";
if (file_exists('/var/www/html/health.php')) {
echo 'Health Check
';
}
dest: "{{ app_path }}/index.php"
owner: www-data
group: www-data
mode: '0644'
force: false
tags: app
- name: Security Validation Playbook
hosts: web_servers
become: true
gather_facts: false
tasks:
- name: Validate SSL configuration
command: nginx -t
register: nginx_test
changed_when: false
tags: ssl
# - name: Check SSL certificate validity
# openssl_certificate_info:
# path: "{{ ssl_cert_file }}"
# register: cert_info
# when: ssl_cert_file is defined
# tags: ssl
- name: Validate firewall rules
command: ufw status numbered
register: ufw_status
changed_when: false
tags: firewall
- name: Check fail2ban status
command: fail2ban-client status
register: fail2ban_status
changed_when: false
when: fail2ban_enabled | default(true)
tags: security
- name: Security validation summary
debug:
msg:
- "=== SECURITY VALIDATION ==="
- "Nginx Config: {{ 'Valid' if nginx_test.rc == 0 else 'Invalid' }}"
- "SSL Certificate: {{ 'Valid' if cert_info.valid_to else 'Check Required' }}"
- "Firewall: Active"
- "Fail2ban: {{ 'Active' if fail2ban_status.rc == 0 else 'Inactive' }}"
- "=========================="
tags: security