Getting started

Initial configuration

debops.fcgiwrap role will by default disable the system-wide fcgiwrap instance. In its place you will be able to create per-user fcgiwrap instances, each with their own socket, running as an unprivileged user.

Each instance will make sure that specified user account and group exists, you can specify additional configuration to create accounts with a specific shell or home directory. By default system accounts (UID/GID < 1000) are used.

This role requires debops.core role to configure local fact which provides the name of the init system used by the host (it does not need to be included in the role dependencies, it's enough that it is run once at the beginning of the playbook).

Example inventory

To enable fcgiwrap on a host by hand, you need to add that host to [debops_service_fcgiwrap] host group in Ansible inventory. You will also need to specify an instance to create. Example inventory:

# inventory/hosts
[debops_service_fcgiwrap]
hostname

# inventory/host_vars/hostname/fcgiwrap.yml
fcgiwrap__instances:
  - name: 'webapp'
    user: 'webapp'
    group: 'webapp'
    home: '/srv/www/webapp'
    shell: '/bin/false'

This configuration will ensure that specified user account exists and will start fcgiwrap on that account using system service script. The socket used by this instance will be created as /run/fcgiwrap-webapp.socket.

Example playbook

debops.fcgiwrap is designed to be used from a playbook or a role as role dependency. Here's an example configuration:

---
- name: Set up web application
  hosts: [ 'debops_service_fcgiwrap' ]
  become: True

  roles:

    - role: debops.fcgiwrap
      tags: [ 'role::fcgiwrap' ]
      fcgiwrap__instances:
        - name: 'webapp'
          user: 'webapp'
          group: 'webapp'