From 9906ac0691206d29aa54e59639b6a99f819033ef Mon Sep 17 00:00:00 2001 From: Dylan DiGeronimo Date: Mon, 20 Apr 2020 18:49:41 -0400 Subject: [PATCH] Pushing further changes, still not complete --- README.md | 4 ++-- group_vars/production/vars.yml | 7 ++++++- refresh-frontend-cert.yml | 27 ++++++++++++++++++++++++--- update-frontend-prod.yml | 8 +++++++- 4 files changed, 39 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bc42594..9e6046b 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ $ ansible-playbook -i hosts refresh-frontend-cert.yml --key-file="/path/to/key/o ``` ### TODO -1. Complete todos from setup-frontend-prod.yml -2. Complete refresh-frontend-cert.yml +1. Fix error in update-frontend-prod where playbook fails if Flask app isn't already running +2. Complete setup-frontend-prod.yml 3. Automate installation of Python 3.7 and pip3 4. Setup Ansible Vault to handle keys \ No newline at end of file diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml index 2a02593..a9e3a6a 100644 --- a/group_vars/production/vars.yml +++ b/group_vars/production/vars.yml @@ -4,4 +4,9 @@ frontend_project_path: "~/cce-search-prototype" frontend_user_name: "ubuntu" frontend_git_repo: "https://github.com/EbookFoundation/cce-search-prototype" -frontend_git_branch: "master" \ No newline at end of file +frontend_git_branch: "master" +certbot_create_if_missing: false +certbot_create_method: standalone +certbot_admin_email: support@ebookfoundation.org +frontend_hostnames: + - {servername: "cce.ebookfoundation.org"} \ No newline at end of file diff --git a/refresh-frontend-cert.yml b/refresh-frontend-cert.yml index c4a3a40..a581ce2 100644 --- a/refresh-frontend-cert.yml +++ b/refresh-frontend-cert.yml @@ -1,6 +1,27 @@ - hosts: cce_frontend_prod tasks: - - name: 'Refresh cert' + # Source: https://medium.com/@khandelwal12nidhi/automate-letsencrypt-ssl-installation-with-ansible-for-multiple-domains-8453f2c3212d + - name: Check if cert already exists become: true - # Configure HTTPS cert w/ Certbot - command: "certbot --nginx" # Does this command halt for [y/n] input? \ No newline at end of file + stat: + path: /etc/letsencrypt/live/{{ item.servername}}/cert.pem + register: letsencrypt_cert + with_items: "{{ frontend_hostnames }}" + + # TODO: Stop Nginx from hanging + - name: Stop nginx to allow certbot to generate a cert + become: true + service: + name: nginx + state: stopped + + - name: Generate new cert if one doesn't exist + shell: "certbot certonly --standalone --noninteractive --agree-tos --email {{ certbot_admin_email }} -d {{ item.item.servername}}" + with_items: "{{ letsencrypt_cert.results }}" + when: item.stat.exists == False + + - name: Start ngnix after cert has been generated + become: true + service: + name: nginx + state: started \ No newline at end of file diff --git a/update-frontend-prod.yml b/update-frontend-prod.yml index e25c23b..96242f9 100644 --- a/update-frontend-prod.yml +++ b/update-frontend-prod.yml @@ -1,8 +1,14 @@ - hosts: cce_frontend_prod tasks: - - name: Bring down current instance + - name: Check if app is running + shell: "ps -few | grep 'flask run' | wc -l" + register: num_matches + + # TODO: This command ignores the conditional + - name: Bring down current instance if running command: "killall flask" + when: num_matches.stdout != "1" - name: Pull from GitHub git: