debops.fcgiwrap role will by default disable the system-wide
instance. In its place you will be able to create per-user
instances, each with their own socket, running as an unprivileged user.
Each instance will make sure that specified user account and group exist, you can specify additional configurtion to create accounts wich specific shell or home directory. By default system accounts (UID/GID < 1000) are used.
This role requires
debops.core role to configure local fact which provides
the name of the init system used by the host (it does not need to be included
in the role dependencies, it's enough that it is run once at the beginning of
fcgiwrap on a host by hand, you need to add that host to
[debops_service_fcgiwrap] host group in Ansible inventory. You will also
need to specify an instance to create. Example inventory:
# inventory/hosts [debops_service_fcgiwrap] hostname # inventory/host_vars/hostname/fcgiwrap.yml fcgiwrap__instances: - name: 'webapp' user: 'webapp' group: 'webapp' home: '/srv/www/webapp' shell: '/bin/false'
This configuration will ensure that specified user account exists and will
fcgiwrap on that account using system service script. The socket used
by this instance will be created as
debops.fcgiwrap is designed to be used from a playbook or a role as role
dependency. Here's an example configuration:
--- - name: Set up web application hosts: [ 'debops_service_fcgiwrap' ] become: True roles: - role: debops.fcgiwrap tags: [ 'role::fcgiwrap' ] fcgiwrap__instances: - name: 'webapp' user: 'webapp' group: 'webapp'