Pushing further changes, still not complete
parent
7c4498d3fb
commit
9906ac0691
|
@ -32,7 +32,7 @@ $ ansible-playbook -i hosts refresh-frontend-cert.yml --key-file="/path/to/key/o
|
|||
```
|
||||
|
||||
### TODO
|
||||
1. Complete todos from setup-frontend-prod.yml
|
||||
2. Complete refresh-frontend-cert.yml
|
||||
1. Fix error in update-frontend-prod where playbook fails if Flask app isn't already running
|
||||
2. Complete setup-frontend-prod.yml
|
||||
3. Automate installation of Python 3.7 and pip3
|
||||
4. Setup Ansible Vault to handle keys
|
|
@ -4,4 +4,9 @@
|
|||
frontend_project_path: "~/cce-search-prototype"
|
||||
frontend_user_name: "ubuntu"
|
||||
frontend_git_repo: "https://github.com/EbookFoundation/cce-search-prototype"
|
||||
frontend_git_branch: "master"
|
||||
frontend_git_branch: "master"
|
||||
certbot_create_if_missing: false
|
||||
certbot_create_method: standalone
|
||||
certbot_admin_email: support@ebookfoundation.org
|
||||
frontend_hostnames:
|
||||
- {servername: "cce.ebookfoundation.org"}
|
|
@ -1,6 +1,27 @@
|
|||
- hosts: cce_frontend_prod
|
||||
tasks:
|
||||
- name: 'Refresh cert'
|
||||
# Source: https://medium.com/@khandelwal12nidhi/automate-letsencrypt-ssl-installation-with-ansible-for-multiple-domains-8453f2c3212d
|
||||
- name: Check if cert already exists
|
||||
become: true
|
||||
# Configure HTTPS cert w/ Certbot
|
||||
command: "certbot --nginx" # Does this command halt for [y/n] input?
|
||||
stat:
|
||||
path: /etc/letsencrypt/live/{{ item.servername}}/cert.pem
|
||||
register: letsencrypt_cert
|
||||
with_items: "{{ frontend_hostnames }}"
|
||||
|
||||
# TODO: Stop Nginx from hanging
|
||||
- name: Stop nginx to allow certbot to generate a cert
|
||||
become: true
|
||||
service:
|
||||
name: nginx
|
||||
state: stopped
|
||||
|
||||
- name: Generate new cert if one doesn't exist
|
||||
shell: "certbot certonly --standalone --noninteractive --agree-tos --email {{ certbot_admin_email }} -d {{ item.item.servername}}"
|
||||
with_items: "{{ letsencrypt_cert.results }}"
|
||||
when: item.stat.exists == False
|
||||
|
||||
- name: Start ngnix after cert has been generated
|
||||
become: true
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
|
@ -1,8 +1,14 @@
|
|||
- hosts: cce_frontend_prod
|
||||
tasks:
|
||||
|
||||
- name: Bring down current instance
|
||||
- name: Check if app is running
|
||||
shell: "ps -few | grep 'flask run' | wc -l"
|
||||
register: num_matches
|
||||
|
||||
# TODO: This command ignores the conditional
|
||||
- name: Bring down current instance if running
|
||||
command: "killall flask"
|
||||
when: num_matches.stdout != "1"
|
||||
|
||||
- name: Pull from GitHub
|
||||
git:
|
||||
|
|
Loading…
Reference in New Issue