Pushing further changes, still not complete

2020-04-20 18:49:41 -04:00 · 2020-04-20 18:49:41 -04:00 · 9906ac0691
parent 7c4498d3fb
commit 9906ac0691
4 changed files with 39 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -32,7 +32,7 @@ $ ansible-playbook -i hosts refresh-frontend-cert.yml --key-file="/path/to/key/o
 ```

 ### TODO
-1. Complete todos from setup-frontend-prod.yml
-2. Complete refresh-frontend-cert.yml
+1. Fix error in update-frontend-prod where playbook fails if Flask app isn't already running
+2. Complete setup-frontend-prod.yml
 3. Automate installation of Python 3.7 and pip3
 4. Setup Ansible Vault to handle keys
--- a/group_vars/production/vars.yml
+++ b/group_vars/production/vars.yml
@ -4,4 +4,9 @@
 frontend_project_path: "~/cce-search-prototype"
 frontend_user_name: "ubuntu"
 frontend_git_repo: "https://github.com/EbookFoundation/cce-search-prototype"
-frontend_git_branch: "master"
+frontend_git_branch: "master"
+certbot_create_if_missing: false
+certbot_create_method: standalone
+certbot_admin_email: support@ebookfoundation.org
+frontend_hostnames:
+    - {servername: "cce.ebookfoundation.org"}
--- a/refresh-frontend-cert.yml
+++ b/refresh-frontend-cert.yml
@ -1,6 +1,27 @@
 - hosts: cce_frontend_prod
  tasks:
-  - name: 'Refresh cert'
+  # Source: https://medium.com/@khandelwal12nidhi/automate-letsencrypt-ssl-installation-with-ansible-for-multiple-domains-8453f2c3212d
+  - name: Check if cert already exists
    become: true
-    # Configure HTTPS cert w/ Certbot
-    command: "certbot --nginx" # Does this command halt for [y/n] input?
+    stat:
+      path: /etc/letsencrypt/live/{{ item.servername}}/cert.pem
+    register: letsencrypt_cert
+    with_items: "{{ frontend_hostnames }}"
+
+  # TODO: Stop Nginx from hanging
+  - name: Stop nginx to allow certbot to generate a cert
+    become: true
+    service:
+      name: nginx
+      state: stopped
+
+  - name: Generate new cert if one doesn't exist
+    shell: "certbot certonly --standalone --noninteractive --agree-tos --email {{ certbot_admin_email }} -d {{ item.item.servername}}"
+    with_items: "{{ letsencrypt_cert.results }}"
+    when: item.stat.exists == False
+
+  - name: Start ngnix after cert has been generated
+    become: true
+    service:
+      name: nginx
+      state: started
--- a/update-frontend-prod.yml
+++ b/update-frontend-prod.yml
@ -1,8 +1,14 @@
 - hosts: cce_frontend_prod
  tasks:

-  - name: Bring down current instance
+  - name: Check if app is running
+    shell: "ps -few | grep 'flask run' | wc -l"
+    register: num_matches
+
+  # TODO: This command ignores the conditional
+  - name: Bring down current instance if running
    command: "killall flask"
+    when: num_matches.stdout != "1"

  - name: Pull from GitHub
    git: