EbookFoundation
/
cce-search-ansible
mirror of https://github.com/EbookFoundation/cce-search-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pushing further changes, still not complete

master
Dylan DiGeronimo 2020-04-20 18:49:41 -04:00
parent 7c4498d3fb
commit 9906ac0691
4 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -32,7 +32,7 @@ $ ansible-playbook -i hosts refresh-frontend-cert.yml --key-file="/path/to/key/o
``` ```
### TODO ### TODO
1. Complete todos from setup-frontend-prod.yml 1. Fix error in update-frontend-prod where playbook fails if Flask app isn't already running
2. Complete refresh-frontend-cert.yml 2. Complete setup-frontend-prod.yml
3. Automate installation of Python 3.7 and pip3 3. Automate installation of Python 3.7 and pip3
4. Setup Ansible Vault to handle keys 4. Setup Ansible Vault to handle keys

7
group_vars/production/vars.yml
View File

@ -4,4 +4,9 @@
frontend_project_path: "~/cce-search-prototype" frontend_project_path: "~/cce-search-prototype"
frontend_user_name: "ubuntu" frontend_user_name: "ubuntu"
frontend_git_repo: "https://github.com/EbookFoundation/cce-search-prototype" frontend_git_repo: "https://github.com/EbookFoundation/cce-search-prototype"
frontend_git_branch: "master" frontend_git_branch: "master"
certbot_create_if_missing: false
certbot_create_method: standalone
certbot_admin_email: support@ebookfoundation.org
frontend_hostnames:
- {servername: "cce.ebookfoundation.org"}

27
refresh-frontend-cert.yml
View File

@ -1,6 +1,27 @@
- hosts: cce_frontend_prod - hosts: cce_frontend_prod
tasks: tasks:
- name: 'Refresh cert' # Source: https://medium.com/@khandelwal12nidhi/automate-letsencrypt-ssl-installation-with-ansible-for-multiple-domains-8453f2c3212d
- name: Check if cert already exists
become: true become: true
# Configure HTTPS cert w/ Certbot stat:
command: "certbot --nginx" # Does this command halt for [y/n] input? path: /etc/letsencrypt/live/{{ item.servername}}/cert.pem
register: letsencrypt_cert
with_items: "{{ frontend_hostnames }}"
# TODO: Stop Nginx from hanging
- name: Stop nginx to allow certbot to generate a cert
become: true
service:
name: nginx
state: stopped
- name: Generate new cert if one doesn't exist
shell: "certbot certonly --standalone --noninteractive --agree-tos --email {{ certbot_admin_email }} -d {{ item.item.servername}}"
with_items: "{{ letsencrypt_cert.results }}"
when: item.stat.exists == False
- name: Start ngnix after cert has been generated
become: true
service:
name: nginx
state: started

8
update-frontend-prod.yml
View File

@ -1,8 +1,14 @@
- hosts: cce_frontend_prod - hosts: cce_frontend_prod
tasks: tasks:
- name: Bring down current instance - name: Check if app is running
shell: "ps -few | grep 'flask run' | wc -l"
register: num_matches
# TODO: This command ignores the conditional
- name: Bring down current instance if running
command: "killall flask" command: "killall flask"
when: num_matches.stdout != "1"
- name: Pull from GitHub - name: Pull from GitHub
git: git: