commit 072709cad533ad8992874b2bdabe6a33643e4018 Author: eric Date: Mon Jun 11 11:46:29 2018 -0400 moved from regluit diff --git a/README.md b/README.md new file mode 100644 index 0000000..72aff03 --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# Deploying Regluit to Production + +The current provisioning setup uses [Ansible](https://www.ansible.com/resources/get-started) to deploy code to production servers. + +## Pre-requisites +Before attempting to deploy, ensure you have done the following: +1. Install `ansible` on your local machine +1. Obtain the `ansible-vault` password and save it to a file +1. Set the path to the `ansible-vault` file via environment variable e.g. `export NSIBLE_VAULT_PASSWORD_FILE=[path]` +1. Create/obtain the secret key needed to SSH into the server +1. (optional) Add the secret key to your ssh agent + ``` + $ ssh-agent bash + $ ssh-add /path/to/secret.pem + ``` + + +## Deploy +Deploying is as simple as running the `setup-prod` ansible playbook. +Navigate to the `provisioning/` directory and run the following: +``` +$ ansible-playbook -i hosts setup-prod.yml +``` +If you successfully completed all the pre-requisite steps, the playbook should begin running through deploy tasks and finally restart apache. + + +## Additional Configuration + +### Variables and Secrets +The necessary variables are pulled from `provisioning/group_vars/production/vars.yml` which in turn pulls certain secret values from `vault.yml`. +The variables are split into two files to still allow for searching references in playbook tasks. +To add or view secret values, you must decrypt the file first: `$ ansible-vault decrypt vault.yml` however **always remember to encrypt secret files before pushing to git**. This is done in a similar manner: `$ ansible-vault encrypt vault.yml`. + +Ansible also allows for overriding variables from the command line when running playbooks. +This is useful for ad-hoc playbook runs without editing var files. +For example, deploying code from another branch can be done as so: +`$ ansible-playbook -i hosts setup-prod.yml -e git_branch=mybranch` + +### Inventory and Groups +Currently we are using a static inventory file `hosts` to define target server hosts and groups. +This means that the `hosts` file must be manually updated to reflect things such as DNS changes or additional hosts being added. +In the future, the static inventory file may be replaced with a dynamic inventory solution, such as ansible's [ec2 inventory script](http://docs.ansible.com/ansible/latest/user_guide/intro_dynamic_inventory.html#example-aws-ec2-external-inventory-script) + +One important aspect of the `hosts` file is that it defines the groups which a host or hosts are a part of. +Currently, there is one prod host called `regluit-prod` which is a member of the `production` group, and another called `regluit-ondeck` in the `ondeck` group intended to be a build target that can be swapped in to production. +These designations are important, as the `setup-prod` playbook specifically targets the `regluit-prod` host, and only that host will inherit the variables in `group_vars/production/`. diff --git a/group_vars/batterup/vars.yml b/group_vars/batterup/vars.yml new file mode 100644 index 0000000..96a79a8 --- /dev/null +++ b/group_vars/batterup/vars.yml @@ -0,0 +1,58 @@ +--- +### Variables for Regluit Production Server ### +### Sensitive vars are references to actual values in vault.yml ### +### Use ansible-vault view vault.yml to see the secret values ### + +project_path: "/opt/regluit" +django_settings_module: "regluit.settings.prod" +virtualenv_name: "venv" +user_name: "ubuntu" +server_name: "unglue.it" +wsgi_home: "/opt/regluit/venv" +wsgi_python_path: "/opt/regluit/venv/bin/python" +git_repo: "https://github.com/Gluejar/regluit.git" +git_branch: "master" + +### Variables in settings.prod.py ### +mysql_db_name: "{{ vault_mysql_db_name }}" +mysql_db_user: "{{ vault_mysql_db_user }}" +mysql_db_pass: "{{ vault_mysql_db_pass }}" +mysql_db_host: "{{ vault_mysql_db_host }}" +mysql_db_port: "" +email_host: "{{ vault_email_host }}" +email_port: 465 +default_from_email: "notices@gluejar.com" +broker_transport: "redis" +broker_host: "127.0.0.1" +broker_port: 6379 +broker_vhost: "0" + +### Variables in common.py ### +common_keys: + booxtream_api_key: "{{ vault_booxtream_api_key }}" + booxtream_api_user: "{{ vault_booxtream_api_user }}" + dropbox_key: "{{ vault_dropbox_key }}" + github_public_token: "{{ vault_github_public_token }}" + mailchimp_api_key: "{{ vault_mailchimp_api_key }}" + mailchimp_news_id: "{{ vault_mailchimp_news_id }}" + mobigen_url: "{{ vault_mobigen_url }}" + mobigen_user_id: "{{ vault_mobigen_user_id }}" + mobigen_password: "{{ vault_mobigen_password }}" + +### Variables in host.py ### +host_keys: + secret_key: '{{ vault_secret_key }}' + google_books_api_key: "{{ vault_google_books_api_key }}" + goodreads_api_key: "{{ vault_goodreads_api_key }}" + goodreads_api_secret: "{{ vault_goodreads_api_secret }}" + email_host_user: '{{ vault_email_host_user }}' + email_host_password: '{{ vault_email_host_password }}' + social_auth_twitter_key: '{{ vault_social_auth_twitter_key }}' + social_auth_twitter_secret: '{{ vault_social_auth_twitter_secret }}' + social_auth_facebook_key: '{{ vault_social_auth_facebook_key }}' + social_auth_facebook_secret: '{{ vault_social_auth_facebook_secret }}' + social_auth_google_oauth2_key: '{{ vault_social_auth_google_oauth2_key }}' + social_auth_google_oauth2_secret: '{{ vault_social_auth_google_oauth2_secret }}' + aws_access_key_id: '{{ vault_aws_access_key_id }}' + aws_secret_access_key: '{{ vault_aws_secret_access_key }}' + aws_storage_bucket_name: '{{ vault_aws_storage_bucket_name }}' \ No newline at end of file diff --git a/group_vars/batterup/vault.yml b/group_vars/batterup/vault.yml new file mode 100644 index 0000000..6ed3629 --- /dev/null +++ b/group_vars/batterup/vault.yml @@ -0,0 +1,90 @@ +$ANSIBLE_VAULT;1.1;AES256 +33623035343761633033653064613431623765616339383533623161656566623231636236616364 +6666323364653839393761616262363838313135633336660a666530373537653638336565616565 +34373436666264326366633937636338323265326361323363306131666337386236303636313039 +3261363033623661610a653530653063383061373139396463353464613036646134656666323865 +36376366626637336665353937323533353835633634313135323163663965303562353239643463 +34333136653162353465636163626135333364323566633332636133346330353933663062363537 +39326437363635376331643132346239643735633862363138303962363838306364316638636330 +35326366333230313933383763323862616235306336363037306137366636313838313264656332 +38326665353633356532633135326136363837623266626366396437363262666166316239343063 +31366232623030326361623030343338333761643861386130646665663531363238323639383662 +30646463616236623063373961376232383935336637646165363232353861346164343966656663 +63366330623230333364383764306361653362623966373339656235653566383431313464396637 +65383662323038333936613366346663613333343764326339396331353633396237616531623231 +34366532623865393531353736666137643535386337386431663937636431373834363032663235 +62326365633966336436346632353033376639633537366562383561303436363431626465306233 +65623366336362336632383466366335663236343230306337313362376437343462326337636432 +34653136623632653431326432303536373265656266393364623134316461616261383963363531 +65323761306232323939623566356231366532626530343933643138343863616564353439616264 +35353965303036626230376566616531613861653233336133363830366563313366326333343830 +64613536643361316433353035363235633933303132396461666132643539353263626230383662 +66333039316439636263646566383637653234613663333133643634386661393331323934636432 +33626333613261643230643066333961613039366133306365323139356638663032643532386135 +39393665653239623233336432313636643232363239366335393933653936386261343836303661 +39616432613261616130336563363564383232656564313230323364336464353963353735373537 +33636430343136626136313764653435373235633261313366353162663834643634616636376434 +61386335313539613634363462326537366136643331346263303261613332356161323564343265 +30376466373464306433336564313830613539303364376537323731313162323732326565313039 +32653232666237386334666330313035393366613733356335373230623735333637333464313431 +65303037303565376335383764393932646465366230613331323233633536383866323232343931 +35343165356539666431653333383563316430353166386130633633653664653130653338366664 +38343636393963663264363330326530363131373566663665343165366666306433623238623732 +35303935306133356134643133616363616432303130613837363161333530613637656638643533 +64366431313630313835373538663436326462353764333163393363383239386365363736663664 +36383264626332303630316162356239343063623133666133303934316262366134343465353164 +31326461393131643932386132376434613536373166353936353335373138346633373465383664 +32346135316161373063356236643664323063323564666635343664366461623936313934663664 +32356231336330663962643937663963363036643737313634643032343731306230636466383666 +35356234666363343062386661376163363666356235666534646230316464376366613239656532 +61363365646265323832336133653065313139636361326335646437356138653632383361306439 +63373330306431333135366536326461353634623836353862623962633535636439656265366538 +31616637616336366138363637653664356161343130616239646463386431346535666266346565 +34383038373239393366303966623238346638616166343030643661376431303639643763633864 +64383137363031333532383338653035336432303531306531303432663939613434613831393264 +37396333623630383336633631373666373539346239303361333536666365383263383261363437 +38653331666634643031386334373966356264396139316137383965333162323634623932363731 +63366363623166613966666638316162306561373066633561343961383163306639353936666335 +36663936373233356231313730653263613033656464613464646636633833323765323266666665 +32303439323430633466623564366332376265343365633730623864376161393266323765306337 +35633738316433356335363961353030336464636163363765343536663035363165373562306439 +37653433316638376632626663626331356462636561386437313831373031636637303263616336 +39623066333166363738616335356536326535633734353064666635633035666637326330393633 +33316364633437363564316333393732373637646333353330656530656135366639396361393830 +32333238636365343436613630393136666434343763306465646665316262343366633738343837 +36346333636261653437623437613437646230613662343465343836646335653434663535613435 +65316432333831616263363965646631333565636632363863383366373037623835376631363538 +31336130306531656634383365656338313761346563323533366664376635323361613962313738 +61346133353435633662363737333737323934626362373031626238383333383962356332623564 +39383262643237336535316438663533663062363738393530643331393161656562656431656231 +65616133653632353130393961363331663363343564653164303230636561653536346465663535 +64383262636266386163323934386533396263393862333234363133366134663861636666306161 +35316233613462303866646531306437326532303161383334623633653362343330613965356363 +39343832366163363434356639346263393131303763303465373662356262363137633761396637 +66336165643866646362353862326533633835666438636130623633323265333733636231636238 +65663862306665643739353136313939373531343539613462636237373431356165346561316234 +39323132653466313161396130666539386462643230333933346264326664343265373263633138 +66366132656561616337333237346531646563633064613634383437353465633637326536393035 +38323331613936646530373266616235656466333261396634303834653532383965616465363964 +63363139303736376262333063623835363935323637623263313337323231623834626361623663 +63363738626535326663363164376134366532323736363737376361306262626131663763373339 +61643633363839633865323864616630343838636366313936303539633433363865623863306461 +35643764613664356237303539363437643363623831306165333936373437663039613433393865 +39633761336338643962313261656436373766353966343737393639373838326630316436623631 +38333665356239623663383734323064613062643433383833333063623530633262376163353462 +30653530373939656131393337303566356138623434326239356461613765366539373631633663 +32373366343438346365643062656632393731376334623765356334323236323232663737393931 +64626538343133353461343632303934313634653639326134643362643966366237653239636666 +61373831346162363764353536303962363861383563303435343161623131366330383437366338 +32623839656337326130666163343536353863656266666134653163333033326666663464663663 +35653035633437303532356330393065656332333464373763643336323965383538653137333261 +32636439366435633765343939313965303138643735613031313866366264323739623366323338 +35353738623762363437336466313335323661643164323066373533303638646562343232306464 +61663330653464386535303339353935393664656434646337633366356135616232616539353736 +63383032643565373362623036396335363132613634386335626462363863346465363765626461 +39306330656635306131336338346630316437623933653832333034636361643836383932313366 +32396133316132363034613036336461326266306462353033366238643235643834653131323964 +34353537646561313531366661663436666330313336303161623636303763363561666365363039 +39306462383261383864356137653164316538653931376539316261343732306366353439343066 +66326661376134396335313535313432353262353035376133383761393664333337393437313562 +62323137663239323162303831313566336166363734656565303861656332303534 diff --git a/group_vars/ondeck/vars.yml b/group_vars/ondeck/vars.yml new file mode 100644 index 0000000..b9acd80 --- /dev/null +++ b/group_vars/ondeck/vars.yml @@ -0,0 +1,58 @@ +--- +### Variables for Regluit Production Server ### +### Sensitive vars are references to actual values in vault.yml ### +### Use ansible-vault view vault.yml to see the secret values ### + +project_path: "/opt/regluit" +django_settings_module: "regluit.settings.prod" +virtualenv_name: "venv" +user_name: "ubuntu" +server_name: "ondeck.unglue.it" +wsgi_home: "/opt/regluit/venv" +wsgi_python_path: "/opt/regluit/venv/bin/python" +git_repo: "https://github.com/Gluejar/regluit.git" +git_branch: "master" + +### Variables in settings.prod.py ### +mysql_db_name: "{{ vault_mysql_db_name }}" +mysql_db_user: "{{ vault_mysql_db_user }}" +mysql_db_pass: "{{ vault_mysql_db_pass }}" +mysql_db_host: "{{ vault_mysql_db_host }}" +mysql_db_port: "" +email_host: "{{ vault_email_host }}" +email_port: 465 +default_from_email: "notices@gluejar.com" +broker_transport: "redis" +broker_host: "127.0.0.1" +broker_port: 6379 +broker_vhost: "0" + +### Variables in common.py ### +common_keys: + booxtream_api_key: "{{ vault_booxtream_api_key }}" + booxtream_api_user: "{{ vault_booxtream_api_user }}" + dropbox_key: "{{ vault_dropbox_key }}" + github_public_token: "{{ vault_github_public_token }}" + mailchimp_api_key: "{{ vault_mailchimp_api_key }}" + mailchimp_news_id: "{{ vault_mailchimp_news_id }}" + mobigen_url: "{{ vault_mobigen_url }}" + mobigen_user_id: "{{ vault_mobigen_user_id }}" + mobigen_password: "{{ vault_mobigen_password }}" + +### Variables in host.py ### +host_keys: + secret_key: '{{ vault_secret_key }}' + google_books_api_key: "{{ vault_google_books_api_key }}" + goodreads_api_key: "{{ vault_goodreads_api_key }}" + goodreads_api_secret: "{{ vault_goodreads_api_secret }}" + email_host_user: '{{ vault_email_host_user }}' + email_host_password: '{{ vault_email_host_password }}' + social_auth_twitter_key: '{{ vault_social_auth_twitter_key }}' + social_auth_twitter_secret: '{{ vault_social_auth_twitter_secret }}' + social_auth_facebook_key: '{{ vault_social_auth_facebook_key }}' + social_auth_facebook_secret: '{{ vault_social_auth_facebook_secret }}' + social_auth_google_oauth2_key: '{{ vault_social_auth_google_oauth2_key }}' + social_auth_google_oauth2_secret: '{{ vault_social_auth_google_oauth2_secret }}' + aws_access_key_id: '{{ vault_aws_access_key_id }}' + aws_secret_access_key: '{{ vault_aws_secret_access_key }}' + aws_storage_bucket_name: '{{ vault_aws_storage_bucket_name }}' \ No newline at end of file diff --git a/group_vars/ondeck/vault.yml b/group_vars/ondeck/vault.yml new file mode 100644 index 0000000..6ed3629 --- /dev/null +++ b/group_vars/ondeck/vault.yml @@ -0,0 +1,90 @@ +$ANSIBLE_VAULT;1.1;AES256 +33623035343761633033653064613431623765616339383533623161656566623231636236616364 +6666323364653839393761616262363838313135633336660a666530373537653638336565616565 +34373436666264326366633937636338323265326361323363306131666337386236303636313039 +3261363033623661610a653530653063383061373139396463353464613036646134656666323865 +36376366626637336665353937323533353835633634313135323163663965303562353239643463 +34333136653162353465636163626135333364323566633332636133346330353933663062363537 +39326437363635376331643132346239643735633862363138303962363838306364316638636330 +35326366333230313933383763323862616235306336363037306137366636313838313264656332 +38326665353633356532633135326136363837623266626366396437363262666166316239343063 +31366232623030326361623030343338333761643861386130646665663531363238323639383662 +30646463616236623063373961376232383935336637646165363232353861346164343966656663 +63366330623230333364383764306361653362623966373339656235653566383431313464396637 +65383662323038333936613366346663613333343764326339396331353633396237616531623231 +34366532623865393531353736666137643535386337386431663937636431373834363032663235 +62326365633966336436346632353033376639633537366562383561303436363431626465306233 +65623366336362336632383466366335663236343230306337313362376437343462326337636432 +34653136623632653431326432303536373265656266393364623134316461616261383963363531 +65323761306232323939623566356231366532626530343933643138343863616564353439616264 +35353965303036626230376566616531613861653233336133363830366563313366326333343830 +64613536643361316433353035363235633933303132396461666132643539353263626230383662 +66333039316439636263646566383637653234613663333133643634386661393331323934636432 +33626333613261643230643066333961613039366133306365323139356638663032643532386135 +39393665653239623233336432313636643232363239366335393933653936386261343836303661 +39616432613261616130336563363564383232656564313230323364336464353963353735373537 +33636430343136626136313764653435373235633261313366353162663834643634616636376434 +61386335313539613634363462326537366136643331346263303261613332356161323564343265 +30376466373464306433336564313830613539303364376537323731313162323732326565313039 +32653232666237386334666330313035393366613733356335373230623735333637333464313431 +65303037303565376335383764393932646465366230613331323233633536383866323232343931 +35343165356539666431653333383563316430353166386130633633653664653130653338366664 +38343636393963663264363330326530363131373566663665343165366666306433623238623732 +35303935306133356134643133616363616432303130613837363161333530613637656638643533 +64366431313630313835373538663436326462353764333163393363383239386365363736663664 +36383264626332303630316162356239343063623133666133303934316262366134343465353164 +31326461393131643932386132376434613536373166353936353335373138346633373465383664 +32346135316161373063356236643664323063323564666635343664366461623936313934663664 +32356231336330663962643937663963363036643737313634643032343731306230636466383666 +35356234666363343062386661376163363666356235666534646230316464376366613239656532 +61363365646265323832336133653065313139636361326335646437356138653632383361306439 +63373330306431333135366536326461353634623836353862623962633535636439656265366538 +31616637616336366138363637653664356161343130616239646463386431346535666266346565 +34383038373239393366303966623238346638616166343030643661376431303639643763633864 +64383137363031333532383338653035336432303531306531303432663939613434613831393264 +37396333623630383336633631373666373539346239303361333536666365383263383261363437 +38653331666634643031386334373966356264396139316137383965333162323634623932363731 +63366363623166613966666638316162306561373066633561343961383163306639353936666335 +36663936373233356231313730653263613033656464613464646636633833323765323266666665 +32303439323430633466623564366332376265343365633730623864376161393266323765306337 +35633738316433356335363961353030336464636163363765343536663035363165373562306439 +37653433316638376632626663626331356462636561386437313831373031636637303263616336 +39623066333166363738616335356536326535633734353064666635633035666637326330393633 +33316364633437363564316333393732373637646333353330656530656135366639396361393830 +32333238636365343436613630393136666434343763306465646665316262343366633738343837 +36346333636261653437623437613437646230613662343465343836646335653434663535613435 +65316432333831616263363965646631333565636632363863383366373037623835376631363538 +31336130306531656634383365656338313761346563323533366664376635323361613962313738 +61346133353435633662363737333737323934626362373031626238383333383962356332623564 +39383262643237336535316438663533663062363738393530643331393161656562656431656231 +65616133653632353130393961363331663363343564653164303230636561653536346465663535 +64383262636266386163323934386533396263393862333234363133366134663861636666306161 +35316233613462303866646531306437326532303161383334623633653362343330613965356363 +39343832366163363434356639346263393131303763303465373662356262363137633761396637 +66336165643866646362353862326533633835666438636130623633323265333733636231636238 +65663862306665643739353136313939373531343539613462636237373431356165346561316234 +39323132653466313161396130666539386462643230333933346264326664343265373263633138 +66366132656561616337333237346531646563633064613634383437353465633637326536393035 +38323331613936646530373266616235656466333261396634303834653532383965616465363964 +63363139303736376262333063623835363935323637623263313337323231623834626361623663 +63363738626535326663363164376134366532323736363737376361306262626131663763373339 +61643633363839633865323864616630343838636366313936303539633433363865623863306461 +35643764613664356237303539363437643363623831306165333936373437663039613433393865 +39633761336338643962313261656436373766353966343737393639373838326630316436623631 +38333665356239623663383734323064613062643433383833333063623530633262376163353462 +30653530373939656131393337303566356138623434326239356461613765366539373631633663 +32373366343438346365643062656632393731376334623765356334323236323232663737393931 +64626538343133353461343632303934313634653639326134643362643966366237653239636666 +61373831346162363764353536303962363861383563303435343161623131366330383437366338 +32623839656337326130666163343536353863656266666134653163333033326666663464663663 +35653035633437303532356330393065656332333464373763643336323965383538653137333261 +32636439366435633765343939313965303138643735613031313866366264323739623366323338 +35353738623762363437336466313335323661643164323066373533303638646562343232306464 +61663330653464386535303339353935393664656434646337633366356135616232616539353736 +63383032643565373362623036396335363132613634386335626462363863346465363765626461 +39306330656635306131336338346630316437623933653832333034636361643836383932313366 +32396133316132363034613036336461326266306462353033366238643235643834653131323964 +34353537646561313531366661663436666330313336303161623636303763363561666365363039 +39306462383261383864356137653164316538653931376539316261343732306366353439343066 +66326661376134396335313535313432353262353035376133383761393664333337393437313562 +62323137663239323162303831313566336166363734656565303861656332303534 diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml new file mode 100644 index 0000000..cfe57d4 --- /dev/null +++ b/group_vars/production/vars.yml @@ -0,0 +1,58 @@ +--- +### Variables for Regluit Production Server ### +### Sensitive vars are references to actual values in vault.yml ### +### Use ansible-vault view vault.yml to see the secret values ### + +project_path: "/opt/regluit" +django_settings_module: "regluit.settings.prod" +virtualenv_name: "venv" +user_name: "ubuntu" +server_name: "unglue.it" +wsgi_home: "/opt/regluit/venv" +wsgi_python_path: "/opt/regluit/venv/bin/python" +git_repo: "https://github.com/Gluejar/regluit.git" +git_branch: "production" + +### Variables in settings.prod.py ### +mysql_db_name: "{{ vault_mysql_db_name }}" +mysql_db_user: "{{ vault_mysql_db_user }}" +mysql_db_pass: "{{ vault_mysql_db_pass }}" +mysql_db_host: "{{ vault_mysql_db_host }}" +mysql_db_port: "" +email_host: "{{ vault_email_host }}" +email_port: 465 +default_from_email: "notices@gluejar.com" +broker_transport: "redis" +broker_host: "127.0.0.1" +broker_port: 6379 +broker_vhost: "0" + +### Variables in common.py ### +common_keys: + booxtream_api_key: "{{ vault_booxtream_api_key }}" + booxtream_api_user: "{{ vault_booxtream_api_user }}" + dropbox_key: "{{ vault_dropbox_key }}" + github_public_token: "{{ vault_github_public_token }}" + mailchimp_api_key: "{{ vault_mailchimp_api_key }}" + mailchimp_news_id: "{{ vault_mailchimp_news_id }}" + mobigen_url: "{{ vault_mobigen_url }}" + mobigen_user_id: "{{ vault_mobigen_user_id }}" + mobigen_password: "{{ vault_mobigen_password }}" + +### Variables in host.py ### +host_keys: + secret_key: '{{ vault_secret_key }}' + google_books_api_key: "{{ vault_google_books_api_key }}" + goodreads_api_key: "{{ vault_goodreads_api_key }}" + goodreads_api_secret: "{{ vault_goodreads_api_secret }}" + email_host_user: '{{ vault_email_host_user }}' + email_host_password: '{{ vault_email_host_password }}' + social_auth_twitter_key: '{{ vault_social_auth_twitter_key }}' + social_auth_twitter_secret: '{{ vault_social_auth_twitter_secret }}' + social_auth_facebook_key: '{{ vault_social_auth_facebook_key }}' + social_auth_facebook_secret: '{{ vault_social_auth_facebook_secret }}' + social_auth_google_oauth2_key: '{{ vault_social_auth_google_oauth2_key }}' + social_auth_google_oauth2_secret: '{{ vault_social_auth_google_oauth2_secret }}' + aws_access_key_id: '{{ vault_aws_access_key_id }}' + aws_secret_access_key: '{{ vault_aws_secret_access_key }}' + aws_storage_bucket_name: '{{ vault_aws_storage_bucket_name }}' \ No newline at end of file diff --git a/group_vars/production/vault.yml b/group_vars/production/vault.yml new file mode 100644 index 0000000..6ed3629 --- /dev/null +++ b/group_vars/production/vault.yml @@ -0,0 +1,90 @@ +$ANSIBLE_VAULT;1.1;AES256 +33623035343761633033653064613431623765616339383533623161656566623231636236616364 +6666323364653839393761616262363838313135633336660a666530373537653638336565616565 +34373436666264326366633937636338323265326361323363306131666337386236303636313039 +3261363033623661610a653530653063383061373139396463353464613036646134656666323865 +36376366626637336665353937323533353835633634313135323163663965303562353239643463 +34333136653162353465636163626135333364323566633332636133346330353933663062363537 +39326437363635376331643132346239643735633862363138303962363838306364316638636330 +35326366333230313933383763323862616235306336363037306137366636313838313264656332 +38326665353633356532633135326136363837623266626366396437363262666166316239343063 +31366232623030326361623030343338333761643861386130646665663531363238323639383662 +30646463616236623063373961376232383935336637646165363232353861346164343966656663 +63366330623230333364383764306361653362623966373339656235653566383431313464396637 +65383662323038333936613366346663613333343764326339396331353633396237616531623231 +34366532623865393531353736666137643535386337386431663937636431373834363032663235 +62326365633966336436346632353033376639633537366562383561303436363431626465306233 +65623366336362336632383466366335663236343230306337313362376437343462326337636432 +34653136623632653431326432303536373265656266393364623134316461616261383963363531 +65323761306232323939623566356231366532626530343933643138343863616564353439616264 +35353965303036626230376566616531613861653233336133363830366563313366326333343830 +64613536643361316433353035363235633933303132396461666132643539353263626230383662 +66333039316439636263646566383637653234613663333133643634386661393331323934636432 +33626333613261643230643066333961613039366133306365323139356638663032643532386135 +39393665653239623233336432313636643232363239366335393933653936386261343836303661 +39616432613261616130336563363564383232656564313230323364336464353963353735373537 +33636430343136626136313764653435373235633261313366353162663834643634616636376434 +61386335313539613634363462326537366136643331346263303261613332356161323564343265 +30376466373464306433336564313830613539303364376537323731313162323732326565313039 +32653232666237386334666330313035393366613733356335373230623735333637333464313431 +65303037303565376335383764393932646465366230613331323233633536383866323232343931 +35343165356539666431653333383563316430353166386130633633653664653130653338366664 +38343636393963663264363330326530363131373566663665343165366666306433623238623732 +35303935306133356134643133616363616432303130613837363161333530613637656638643533 +64366431313630313835373538663436326462353764333163393363383239386365363736663664 +36383264626332303630316162356239343063623133666133303934316262366134343465353164 +31326461393131643932386132376434613536373166353936353335373138346633373465383664 +32346135316161373063356236643664323063323564666635343664366461623936313934663664 +32356231336330663962643937663963363036643737313634643032343731306230636466383666 +35356234666363343062386661376163363666356235666534646230316464376366613239656532 +61363365646265323832336133653065313139636361326335646437356138653632383361306439 +63373330306431333135366536326461353634623836353862623962633535636439656265366538 +31616637616336366138363637653664356161343130616239646463386431346535666266346565 +34383038373239393366303966623238346638616166343030643661376431303639643763633864 +64383137363031333532383338653035336432303531306531303432663939613434613831393264 +37396333623630383336633631373666373539346239303361333536666365383263383261363437 +38653331666634643031386334373966356264396139316137383965333162323634623932363731 +63366363623166613966666638316162306561373066633561343961383163306639353936666335 +36663936373233356231313730653263613033656464613464646636633833323765323266666665 +32303439323430633466623564366332376265343365633730623864376161393266323765306337 +35633738316433356335363961353030336464636163363765343536663035363165373562306439 +37653433316638376632626663626331356462636561386437313831373031636637303263616336 +39623066333166363738616335356536326535633734353064666635633035666637326330393633 +33316364633437363564316333393732373637646333353330656530656135366639396361393830 +32333238636365343436613630393136666434343763306465646665316262343366633738343837 +36346333636261653437623437613437646230613662343465343836646335653434663535613435 +65316432333831616263363965646631333565636632363863383366373037623835376631363538 +31336130306531656634383365656338313761346563323533366664376635323361613962313738 +61346133353435633662363737333737323934626362373031626238383333383962356332623564 +39383262643237336535316438663533663062363738393530643331393161656562656431656231 +65616133653632353130393961363331663363343564653164303230636561653536346465663535 +64383262636266386163323934386533396263393862333234363133366134663861636666306161 +35316233613462303866646531306437326532303161383334623633653362343330613965356363 +39343832366163363434356639346263393131303763303465373662356262363137633761396637 +66336165643866646362353862326533633835666438636130623633323265333733636231636238 +65663862306665643739353136313939373531343539613462636237373431356165346561316234 +39323132653466313161396130666539386462643230333933346264326664343265373263633138 +66366132656561616337333237346531646563633064613634383437353465633637326536393035 +38323331613936646530373266616235656466333261396634303834653532383965616465363964 +63363139303736376262333063623835363935323637623263313337323231623834626361623663 +63363738626535326663363164376134366532323736363737376361306262626131663763373339 +61643633363839633865323864616630343838636366313936303539633433363865623863306461 +35643764613664356237303539363437643363623831306165333936373437663039613433393865 +39633761336338643962313261656436373766353966343737393639373838326630316436623631 +38333665356239623663383734323064613062643433383833333063623530633262376163353462 +30653530373939656131393337303566356138623434326239356461613765366539373631633663 +32373366343438346365643062656632393731376334623765356334323236323232663737393931 +64626538343133353461343632303934313634653639326134643362643966366237653239636666 +61373831346162363764353536303962363861383563303435343161623131366330383437366338 +32623839656337326130666163343536353863656266666134653163333033326666663464663663 +35653035633437303532356330393065656332333464373763643336323965383538653137333261 +32636439366435633765343939313965303138643735613031313866366264323739623366323338 +35353738623762363437336466313335323661643164323066373533303638646562343232306464 +61663330653464386535303339353935393664656434646337633366356135616232616539353736 +63383032643565373362623036396335363132613634386335626462363863346465363765626461 +39306330656635306131336338346630316437623933653832333034636361643836383932313366 +32396133316132363034613036336461326266306462353033366238643235643834653131323964 +34353537646561313531366661663436666330313336303161623636303763363561666365363039 +39306462383261383864356137653164316538653931376539316261343732306366353439343066 +66326661376134396335313535313432353262353035376133383761393664333337393437313562 +62323137663239323162303831313566336166363734656565303861656332303534 diff --git a/hosts b/hosts new file mode 100644 index 0000000..8d59758 --- /dev/null +++ b/hosts @@ -0,0 +1,4 @@ +[production] +regluit-prod ansible_host=m.unglue.it ansible_user=ubuntu +[ondeck] +regluit-ondeck ansible_host=ondeck.unglue.it ansible_user=ubuntu \ No newline at end of file diff --git a/roles/regluit_common/defaults/main.yml b/roles/regluit_common/defaults/main.yml new file mode 100644 index 0000000..a1f9926 --- /dev/null +++ b/roles/regluit_common/defaults/main.yml @@ -0,0 +1,21 @@ +project_path: "/opt/regluit" +django_settings_module: "regluit.settings.me" +virtualenv_name: "venv" + +# MySQL +mysql_db_name: "regluit" +mysql_db_user: "regluit" +mysql_db_pass: "password123" +mysql_db_host: "localhost" +mysql_db_port: 3306 + +# Task Broker +broker_transport: "redis" +broker_host: "localhost" +broker_port: 6379 +broker_vhost: "0" + +# Common.py defaults +boxstream_api_key: "012345678901234567890123456789" +boxstream_api_user: "user" +dropbox_key: "012345678901234" diff --git a/roles/regluit_common/files/celerybeat b/roles/regluit_common/files/celerybeat new file mode 100644 index 0000000..40ab643 --- /dev/null +++ b/roles/regluit_common/files/celerybeat @@ -0,0 +1,154 @@ +#!/bin/bash +# ========================================================= +# celerybeat - Starts the Celery periodic task scheduler. +# ========================================================= +# +# :Usage: /etc/init.d/celerybeat {start|stop|force-reload|restart|try-restart|status} +# :Configuration file: /etc/default/celerybeat or /etc/default/celeryd +# +# See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celerybeat +# This file is copied from https://github.com/ask/celery/blob/2.4/contrib/generic-init.d/celerybeat + +### BEGIN INIT INFO +# Provides: celerybeat +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: celery periodic task scheduler +### END INIT INFO + +# Cannot use set -e/bash -e since the kill -0 command will abort +# abnormally in the absence of a valid process ID. +#set -e + +DEFAULT_PID_FILE="/var/run/celerybeat.pid" +DEFAULT_LOG_FILE="/var/log/celerybeat.log" +DEFAULT_LOG_LEVEL="INFO" +DEFAULT_CELERYBEAT="celerybeat" + +# /etc/init.d/ssh: start and stop the celery task worker daemon. + +if test -f /etc/default/celeryd; then + . /etc/default/celeryd +fi + +if test -f /etc/default/celerybeat; then + . /etc/default/celerybeat +fi + +CELERYBEAT=${CELERYBEAT:-$DEFAULT_CELERYBEAT} +CELERYBEAT_PID_FILE=${CELERYBEAT_PID_FILE:-${CELERYBEAT_PIDFILE:-$DEFAULT_PID_FILE}} +CELERYBEAT_LOG_FILE=${CELERYBEAT_LOG_FILE:-${CELERYBEAT_LOGFILE:-$DEFAULT_LOG_FILE}} +CELERYBEAT_LOG_LEVEL=${CELERYBEAT_LOG_LEVEL:-${CELERYBEAT_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} + +export CELERY_LOADER + +CELERYBEAT_OPTS="$CELERYBEAT_OPTS -f $CELERYBEAT_LOG_FILE -l $CELERYBEAT_LOG_LEVEL" + +if [ -n "$2" ]; then + CELERYBEAT_OPTS="$CELERYBEAT_OPTS $2" +fi + +CELERYBEAT_LOG_DIR=`dirname $CELERYBEAT_LOG_FILE` +CELERYBEAT_PID_DIR=`dirname $CELERYBEAT_PID_FILE` +if [ ! -d "$CELERYBEAT_LOG_DIR" ]; then + mkdir -p $CELERYBEAT_LOG_DIR +fi +if [ ! -d "$CELERYBEAT_PID_DIR" ]; then + mkdir -p $CELERYBEAT_PID_DIR +fi + +# Extra start-stop-daemon options, like user/group. +if [ -n "$CELERYBEAT_USER" ]; then + DAEMON_OPTS="$DAEMON_OPTS --uid $CELERYBEAT_USER" + chown "$CELERYBEAT_USER" $CELERYBEAT_LOG_DIR $CELERYBEAT_PID_DIR +fi +if [ -n "$CELERYBEAT_GROUP" ]; then + DAEMON_OPTS="$DAEMON_OPTS --gid $CELERYBEAT_GROUP" + chgrp "$CELERYBEAT_GROUP" $CELERYBEAT_LOG_DIR $CELERYBEAT_PID_DIR +fi + +CELERYBEAT_CHDIR=${CELERYBEAT_CHDIR:-$CELERYD_CHDIR} +if [ -n "$CELERYBEAT_CHDIR" ]; then + DAEMON_OPTS="$DAEMON_OPTS --workdir $CELERYBEAT_CHDIR" +fi + + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +check_dev_null() { + if [ ! -c /dev/null ]; then + echo "/dev/null is not a character device!" + exit 1 + fi +} + +wait_pid () { + pid=$1 + forever=1 + i=0 + while [ $forever -gt 0 ]; do + kill -0 $pid 1>/dev/null 2>&1 + if [ $? -eq 1 ]; then + echo "OK" + forever=0 + else + kill -TERM "$pid" + i=$((i + 1)) + if [ $i -gt 60 ]; then + echo "ERROR" + echo "Timed out while stopping (30s)" + forever=0 + else + sleep 0.5 + fi + fi + done +} + + +stop_beat () { + echo -n "Stopping celerybeat... " + if [ -f "$CELERYBEAT_PID_FILE" ]; then + wait_pid $(cat "$CELERYBEAT_PID_FILE") + else + echo "NOT RUNNING" + fi +} + +start_beat () { + echo "Starting celerybeat..." + if [ -n "$VIRTUALvenv" ]; then + source $VIRTUALvenv/bin/activate + fi + $CELERYBEAT $CELERYBEAT_OPTS $DAEMON_OPTS --detach \ + --pidfile="$CELERYBEAT_PID_FILE" +} + + + +case "$1" in + start) + check_dev_null + start_beat + ;; + stop) + stop_beat + ;; + reload|force-reload) + echo "Use start+stop" + ;; + restart) + echo "Restarting celery periodic task scheduler" + stop_beat + check_dev_null + start_beat + ;; + + *) + echo "Usage: /etc/init.d/celerybeat {start|stop|restart}" + exit 1 +esac + +exit 0 \ No newline at end of file diff --git a/roles/regluit_common/files/celeryd b/roles/regluit_common/files/celeryd new file mode 100644 index 0000000..033c7ae --- /dev/null +++ b/roles/regluit_common/files/celeryd @@ -0,0 +1,217 @@ +#!/bin/bash +# ============================================ +# celeryd - Starts the Celery worker daemon. +# ============================================ +# +# :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status} +# +# :Configuration file: /etc/default/celeryd +# +# To configure celeryd you probably need to tell it where to chdir. +# +# EXAMPLE CONFIGURATION +# ===================== +# +# this is an example configuration for a Python project: +# +# /etc/default/celeryd: +# +# # List of nodes to start +# CELERYD_NODES="worker1 worker2 worker3"k +# # ... can also be a number of workers +# CELERYD_NODES=3 +# +# # Where to chdir at start. +# CELERYD_CHDIR="/opt/Myproject/" +# +# # Extra arguments to celeryd +# CELERYD_OPTS="--time-limit=300" +# +# # Name of the celery config module.# +# CELERY_CONFIG_MODULE="celeryconfig" +# +# EXAMPLE DJANGO CONFIGURATION +# ============================ +# +# # Where the Django project is. +# CELERYD_CHDIR="/opt/Project/" +# +# # Name of the projects settings module. +# export DJANGO_SETTINGS_MODULE="settings" +# +# # Path to celeryd +# CELERYD="/opt/Project/manage.py celeryd" +# +# AVAILABLE OPTIONS +# ================= +# +# * CELERYD_NODES +# +# A space separated list of nodes, or a number describing the number of +# nodes, to start +# +# * CELERYD_OPTS +# Additional arguments to celeryd-multi, see `celeryd-multi --help` +# and `celeryd --help` for help. +# +# * CELERYD_CHDIR +# Path to chdir at start. Default is to stay in the current directory. +# +# * CELERYD_PIDFILE +# Full path to the pidfile. Default is /var/run/celeryd.pid. +# +# * CELERYD_LOGFILE +# Full path to the celeryd logfile. Default is /var/log/celeryd.log +# +# * CELERYD_LOG_LEVEL +# Log level to use for celeryd. Default is INFO. +# +# * CELERYD +# Path to the celeryd program. Default is `celeryd`. +# You can point this to an virtualenv, or even use manage.py for django. +# +# * CELERYD_USER +# User to run celeryd as. Default is current user. +# +# * CELERYD_GROUP +# Group to run celeryd as. Default is current user. + +# VARIABLE EXPANSION +# ================== +# +# The following abbreviations will be expanded +# +# * %n -> node name +# * %h -> host name + + +### BEGIN INIT INFO +# Provides: celeryd +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: celery task worker daemon +### END INIT INFO + +#set -e + +DEFAULT_PID_FILE="/var/run/celeryd@%n.pid" +DEFAULT_LOG_FILE="/var/log/celeryd@%n.log" +DEFAULT_LOG_LEVEL="INFO" +DEFAULT_NODES="celery" +DEFAULT_CELERYD="-m celery.bin.celeryd_detach" + +# /etc/init.d/celeryd: start and stop the celery task worker daemon. + +CELERY_DEFAULTS=${CELERY_DEFAULTS:-"/etc/default/celeryd"} + +test -f "$CELERY_DEFAULTS" && . "$CELERY_DEFAULTS" +if [ -f "/etc/default/celeryd" ]; then + . /etc/default/celeryd +fi + +if [ -f $VIRTUALvenv_ACTIVATE ]; then + echo "activating virtualenv $VIRTUALvenv_ACTIVATE" + source "$VIRTUALvenv_ACTIVATE" +fi + +CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}} +CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}} +CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} +CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"} +CELERYD=${CELERYD:-$DEFAULT_CELERYD} +CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES} + +export CELERY_LOADER + +if [ -n "$2" ]; then + CELERYD_OPTS="$CELERYD_OPTS $2" +fi + +# Extra start-stop-daemon options, like user/group. +if [ -n "$CELERYD_USER" ]; then + DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER" +fi +if [ -n "$CELERYD_GROUP" ]; then + DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP" +fi + +if [ -n "$CELERYD_CHDIR" ]; then + DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\"" +fi + + +check_dev_null() { + if [ ! -c /dev/null ]; then + echo "/dev/null is not a character device!" + exit 1 + fi +} + + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + + +stop_workers () { + $CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE" +} + + +start_workers () { + $CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS \ + --pidfile="$CELERYD_PID_FILE" \ + --logfile="$CELERYD_LOG_FILE" \ + --loglevel="$CELERYD_LOG_LEVEL" \ + --cmd="$CELERYD" \ + $CELERYD_OPTS +} + + +restart_workers () { + $CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS \ + --pidfile="$CELERYD_PID_FILE" \ + --logfile="$CELERYD_LOG_FILE" \ + --loglevel="$CELERYD_LOG_LEVEL" \ + --cmd="$CELERYD" \ + $CELERYD_OPTS +} + + + +case "$1" in + start) + check_dev_null + start_workers + ;; + + stop) + check_dev_null + stop_workers + ;; + + reload|force-reload) + echo "Use restart" + ;; + + status) + celeryctl status + ;; + + restart) + check_dev_null + restart_workers + ;; + + try-restart) + check_dev_null + restart_workers + ;; + + *) + echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}" + exit 1 + ;; +esac + +exit 0 diff --git a/roles/regluit_common/tasks/celery.yml b/roles/regluit_common/tasks/celery.yml new file mode 100644 index 0000000..c2f5203 --- /dev/null +++ b/roles/regluit_common/tasks/celery.yml @@ -0,0 +1,37 @@ +--- +# Tasks for Celeryd and Celerybeat processes +- name: Create /var/log/celery + become: true + file: + path: "/var/log/celery" + state: directory + #owner: celery + #group: celery + mode: 0775 + +- name: Create /var/run/celery + become: true + file: + path: "/var/run/celery" + state: directory + #owner: celery + #group: celery + mode: 0775 + +- name: Copy celery init.d scripts + become: true + copy: + src: "{{ item }}" + dest: "/etc/init.d/{{ item }}" + with_items: + - 'celeryd' + - 'celerybeat' + +- name: Copy celery config files + become: true + template: + src: "celery/{{ item }}.j2" + dest: "/etc/default/{{ item }}" + with_items: + - 'celeryd' + - 'celerybeat' diff --git a/roles/regluit_common/tasks/main.yml b/roles/regluit_common/tasks/main.yml new file mode 100644 index 0000000..8435048 --- /dev/null +++ b/roles/regluit_common/tasks/main.yml @@ -0,0 +1,85 @@ +--- +# Need to install python2.7 and pip first so Ansible will function +# This is due to Ubuntu 16 shipping with Python3 by default +- name: Install python2.7 and pip + become: true + raw: bash -c "apt -qqy update && apt install -qqy python2.7-dev python-pip" + register: output + changed_when: output.stdout != "" + +- name: Gathering Facts + setup: + +- name: Install base regluit dependencies + become: true + apt: + name: "{{ item }}" + update_cache: true + state: present + with_items: + - 'git' + - 'python-setuptools' + - 'python-lxml' + - 'build-essential' + - 'libssl-dev' + - 'libffi-dev' + - 'libxml2-dev' + - 'libxslt-dev' + - 'mysql-server' + - 'mysql-client' + - 'libmysqlclient-dev' + - 'python-mysqldb' + +- name: Install virtualenv + pip: + name: "virtualenv" + state: present + +- name: Install python packages to virtualenv + pip: + requirements: "{{ project_path }}/requirements_versioned.pip" + state: present + virtualenv: "{{ project_path }}/venv" + +- name: Add project to PYTHONPATH of virtualenv + template: + src: "{{ item }}.j2" + dest: "{{ project_path }}/venv/lib/python2.7/site-packages/{{ item }}" + with_items: + - 'regluit.pth' + - 'opt.pth' + +- name: Create keys directory + file: + path: "{{ project_path}}/settings/keys" + state: directory + +- name: Copy keys files + copy: + src: "{{ project_path }}/settings/dummy/__init__.py" + dest: "{{ project_path }}/settings/keys/__init__.py" + remote_src: yes + +- name: Copy django settings template + template: + src: me.py.j2 + dest: "{{ project_path }}/settings/me.py" + +- name: Copy key templates to keys directory + template: + src: "{{ item }}.j2" + dest: "{{ project_path }}/settings/keys/{{ item }}" + with_items: + - 'common.py' + - 'host.py' + +- name: MySQL setup + become: true + import_tasks: mysql.yml + +- name: Redis setup + become: true + import_tasks: redis.yml + +# - name: Celery setup +# import_tasks: celery.yml diff --git a/roles/regluit_common/tasks/mysql.yml b/roles/regluit_common/tasks/mysql.yml new file mode 100644 index 0000000..ca5f617 --- /dev/null +++ b/roles/regluit_common/tasks/mysql.yml @@ -0,0 +1,12 @@ +--- +- name: Create MySQL database + mysql_db: + name: "{{ mysql_db_name }}" + state: present + +- name: Create MySQL user + mysql_user: + name: "{{ mysql_db_user }}" + password: "{{ mysql_db_pass }}" + priv: '*.*:ALL' + state: present diff --git a/roles/regluit_common/tasks/redis.yml b/roles/regluit_common/tasks/redis.yml new file mode 100644 index 0000000..ca64684 --- /dev/null +++ b/roles/regluit_common/tasks/redis.yml @@ -0,0 +1,13 @@ +--- +- name: Install Redis server + become: yes + apt: + name: "redis-server" + state: present + +- name: Ensure Redis is started + become: yes + service: + name: "redis-server" + state: started + enabled: yes diff --git a/roles/regluit_common/templates/celery/celerybeat.j2 b/roles/regluit_common/templates/celery/celerybeat.j2 new file mode 100644 index 0000000..44c43c7 --- /dev/null +++ b/roles/regluit_common/templates/celery/celerybeat.j2 @@ -0,0 +1,35 @@ +# http://docs.celeryproject.org/en/latest/cookbook/daemonizing.html#generic-initd-celerybeat-example +# to be placed at /etc/defaults/celerybeat + +# Where to chdir at start. +CELERYBEAT_CHDIR="{{ project_path }}t/" + +# Extra arguments to celerybeat +#CELERYBEAT_OPTS="--schedule=/var/run/celerybeat-schedule" + +# Name of the celery config module.# +CELERY_CONFIG_MODULE="celeryconfig" + +# Name of the projects settings module. +export DJANGO_SETTINGS_MODULE="{{ django_settings_module }}" + +# Path to celerybeat +CELERYBEAT="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celerybeat" + +# virtualenv to use +VIRTUALvenv="{{ project_path }}/{{ virtualenv_name }}" + +#Full path to the PID file. Default is /var/run/celeryd.pid +CELERYBEAT_PIDFILE="/var/log/celerybeat/celerybeat.pid" + +#Full path to the celeryd log file. Default is /var/log/celeryd.log +CELERYBEAT_LOGFILE="/var/log/celerybeat/celerybeat.log" + +#Log level to use for celeryd. Default is INFO. +CELERYBEAT_LOG_LEVEL="INFO" + +#User to run celeryd as. Default is current user. +#CELERYBEAT_USER + +#Group to run celeryd as. Default is current user. +#CELERYBEAT_GROUP diff --git a/roles/regluit_common/templates/celery/celeryd.j2 b/roles/regluit_common/templates/celery/celeryd.j2 new file mode 100644 index 0000000..07671ff --- /dev/null +++ b/roles/regluit_common/templates/celery/celeryd.j2 @@ -0,0 +1,9 @@ +CELERYD_NODES="w1" +CELERYD_CHDIR="{{ project_path }}/" +CELERYD_LOG_FILE="/var/log/celery/%n.log" +CELERYD_PID_FILE="/var/log/celery/%n.pid" +CELERYD="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celeryd" +CELERYD_MULTI="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celeryd_multi" + +VIRTUALvenv_ACTIVATE="{{ project_path }}/{{ virtualenv_name }}/bin/activate" +export DJANGO_SETTINGS_MODULE="{{ django_settings_module }}" diff --git a/roles/regluit_common/templates/common.py.j2 b/roles/regluit_common/templates/common.py.j2 new file mode 100644 index 0000000..d835f1c --- /dev/null +++ b/roles/regluit_common/templates/common.py.j2 @@ -0,0 +1,13 @@ +import os + +# all the COMMON_KEYS +# copy this file to settings/keys/ and replace the dummy values with real ones +BOOXTREAM_API_KEY = os.environ.get('BOOXTREAM_API_KEY', '{{ boxstream_api_key }}') +BOOXTREAM_API_USER = os.environ.get('BOOXTREAM_API_USER', '{{ boxstream_api_user }}') +DROPBOX_KEY = os.environ.get('DROPBOX_KEY', '{{ dropbox_key }}') +GITHUB_PUBLIC_TOKEN = os.environ.get('GITHUB_PUBLIC_TOKEN', None) # 40 chars; null has lower limit +MAILCHIMP_API_KEY = os.environ.get('MAILCHIMP_API_KEY', '-us2') # [32chars]-xx# +MAILCHIMP_NEWS_ID = os.environ.get('MAILCHIMP_NEWS_ID', '0123456789') +MOBIGEN_PASSWORD = os.environ.get('MOBIGEN_PASSWORD', '012345678901234') +MOBIGEN_URL = os.environ.get('MOBIGEN_URL', '') # https://host/mobigen +MOBIGEN_USER_ID = os.environ.get('MOBIGEN_USER_ID', 'user') diff --git a/roles/regluit_common/templates/host.py.j2 b/roles/regluit_common/templates/host.py.j2 new file mode 100644 index 0000000..9819dc7 --- /dev/null +++ b/roles/regluit_common/templates/host.py.j2 @@ -0,0 +1,47 @@ +# host.py +# copy this file to settings/keys/ and replace the dummy values with real ones +# or generate it from the ansible vault +import os + +# you can use this to generate a key: http://www.miniwebtool.com/django-secret-key-generator/ +SECRET_KEY = os.environ.get("SECRET_KEY", '01234567890123456789012345678901234567890123456789') + +# you'll need to register a GoogleBooks API key +# https://code.google.com/apis/console +GOOGLE_BOOKS_API_KEY = os.environ.get("GOOGLE_BOOKS_API_KEY", "012345678901234567890123456789012345678") + +# +GOODREADS_API_KEY = os.environ.get("GOODREADS_API_KEY", "01234567890123456789") +GOODREADS_API_SECRET = os.environ.get("GOODREADS_API_SECRET", None) #43 chars + +# Amazon SES +# create with https://console.aws.amazon.com/ses/home?region=us-east-1#smtp-settings: +EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", '01234567890123456789') +EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", '01234567890123456789012345678901234567890123') + +# twitter auth +# you'll need to create a new Twitter application to fill in these blanks +# https://dev.twitter.com/apps/new +SOCIAL_AUTH_TWITTER_KEY = os.environ.get("SOCIAL_AUTH_TWITTER_KEY", '0123456789012345678901234') +SOCIAL_AUTH_TWITTER_SECRET = os.environ.get("SOCIAL_AUTH_TWITTER_SECRET", '01234567890123456789012345678901234567890123456789') + +# support@icontact.nl +BOOXTREAM_API_KEY = os.environ.get("BOOXTREAM_API_KEY", None) # 30 chars +BOOXTREAM_API_USER = os.environ.get("BOOXTREAM_API_USER", 'user') + +# you'll need to create a new Facebook application to fill in these blanks +# https://developers.facebook.com/apps/ +SOCIAL_AUTH_FACEBOOK_KEY = os.environ.get("SOCIAL_AUTH_FACEBOOK_KEY", '012345678901234') +SOCIAL_AUTH_FACEBOOK_SECRET = os.environ.get("SOCIAL_AUTH_FACEBOOK_SECRET", '01234567890123456789012345678901') + +# https://console.developers.google.com/apis/credentials/oauthclient/ +# unglue.it (prod) SOCIAL_AUTH_GOOGLE_OAUTH2_KEY #2 +SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.environ.get("_KEY", '012345678901-01234567890123456789012345678901.apps.googleusercontent.com') +SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.environ.get("_SECRET", '012345678901234567890123') + +AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", '01234567890123456789') +AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY", '') # 40 chars + +DATABASE_USER = os.environ.get("DATABASE_USER", 'root') +DATABASE_PASSWORD = os.environ.get("DATABASE_PASSWORD", '') +DATABASE_HOST = os.environ.get("DATABASE_HOST", '') diff --git a/roles/regluit_common/templates/me.py.j2 b/roles/regluit_common/templates/me.py.j2 new file mode 100644 index 0000000..b82ede1 --- /dev/null +++ b/roles/regluit_common/templates/me.py.j2 @@ -0,0 +1,90 @@ +# coding=utf-8 +from .common import * +try: + from .keys.host import * +except ImportError: + from .dummy.host import * + +DEBUG = True +TEMPLATES[0]['OPTIONS']['debug'] = DEBUG + +# if you're doing development work, you'll want this to be zero +IS_PREVIEW = False + +# SITE_ID for your particular site -- must be configured in /core/fixtures/initial_data.json +SITE_ID = 3 + +ADMINS = ( + ('Raymond Yee', 'rdhyee+ungluebugs@gluejar.com'), + ('Eric Hellman', 'eric@gluejar.com'), +) + +MANAGERS = ADMINS + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', + 'NAME': '{{ mysql_db_name }}', + 'USER': '{{ mysql_db_user }}', + 'PASSWORD': '{{ mysql_db_pass }}', + 'HOST': '{{ mysql_db_host }}', + 'PORT': '{{ mysql_db_port }} ', + 'TEST_CHARSET': 'utf8', + } +} + +STATIC_ROOT = '/var/www/static' +CKEDITOR_UPLOAD_PATH = '/var/www/static/media/' + + +TIME_ZONE = 'America/New_York' + +# settings for outbout email +# if you have a gmail account you can use your email address and password + +EMAIL_USE_TLS = True +EMAIL_HOST = 'smtp.gmail.com' +# EMAIL_HOST_USER is in keys/host +# EMAIL_HOST_PASSWORD is in keys/host +EMAIL_PORT = 587 +DEFAULT_FROM_EMAIL = 'info@ebookfoundation.org' + +# for use with test google account only +GOOGLE_DISPLAY_NAME = 'Unglue.It' +REDIRECT_IS_HTTPS = False + + +#BASE_URL = 'http://0.0.0.0' +BASE_URL_SECURE = 'https://0.0.0.0' + +# use redis as queuing service +BROKER_TRANSPORT = "{{ broker_transport }}" +BROKER_HOST = "{{ broker_host }}" +BROKER_PORT = {{ broker_port }} +BROKER_VHOST = "{{ broker_vhost }}" + +# send celery log to Python logging +CELERYD_HIJACK_ROOT_LOGGER = False + +# a debug_toolbar setting +INTERNAL_IPS = ('127.0.0.1',) + +CELERYD_LOG_LEVEL = "INFO" + +# decide which of the period tasks to add to the schedule +#CELERYBEAT_SCHEDULE['send_test_email'] = SEND_TEST_EMAIL_JOB +#CELERYBEAT_SCHEDULE['refresh_acqs'] = REFRESH_ACQS_JOB + +# if you're doing development work, you'll want this to be zero +IS_PREVIEW = False + +# username, password to pass to LIVE_SERVER_TEST_URL + +UNGLUEIT_TEST_USER = None +UNGLUEIT_TEST_PASSWORD = None + +# local settings for maintenance mode +MAINTENANCE_MODE = False + +# assume that CSS will get generated on dev +SASS_OUTPUT_STYLE = 'compressed' diff --git a/roles/regluit_common/templates/opt.pth.j2 b/roles/regluit_common/templates/opt.pth.j2 new file mode 100644 index 0000000..27d47a4 --- /dev/null +++ b/roles/regluit_common/templates/opt.pth.j2 @@ -0,0 +1 @@ +/opt/ diff --git a/roles/regluit_common/templates/regluit.pth.j2 b/roles/regluit_common/templates/regluit.pth.j2 new file mode 100644 index 0000000..8964ac8 --- /dev/null +++ b/roles/regluit_common/templates/regluit.pth.j2 @@ -0,0 +1 @@ +{{ project_path }}/ diff --git a/roles/regluit_dev/defaults/main.yml b/roles/regluit_dev/defaults/main.yml new file mode 100644 index 0000000..3194c5f --- /dev/null +++ b/roles/regluit_dev/defaults/main.yml @@ -0,0 +1,5 @@ +django_settings_module: "regluit.settings.me" +project_path: "/opt/regluit" +virtualenv_name: "venv" +django_server_ip: "0.0.0.0" +django_server_port: 8000 diff --git a/roles/regluit_dev/tasks/main.yml b/roles/regluit_dev/tasks/main.yml new file mode 100644 index 0000000..a702d77 --- /dev/null +++ b/roles/regluit_dev/tasks/main.yml @@ -0,0 +1,69 @@ +--- + +- name: Install dev dependencies + become: true + apt: + name: "{{ item }}" + update_cache: true + state: present + with_items: + - 'git' + - 'python-setuptools' + - 'python-lxml' + - 'build-essential' + - 'libssl-dev' + - 'libffi-dev' + - 'libxml2-dev' + - 'libxslt-dev' + - 'mysql-server' + - 'mysql-client' + - 'libmysqlclient-dev' + - 'python-mysqldb' + +- name: Migrate databse + django_manage: + app_path: "{{ project_path }}" + command: "migrate --noinput" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + +- name: Import fixtures + django_manage: + app_path: "{{ project_path }}" + command: "loaddata" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + fixtures: "core/fixtures/initial_data.json core/fixtures/bookloader.json" + +- name: Start Celery Worker + django_manage: + app_path: "{{ project_path }}" + command: "celery worker --detach --loglevel=INFO" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + +- name: Start Celery Beat + django_manage: + app_path: "{{ project_path }}" + command: "celery beat --detach --loglevel=INFO" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + +- name: Copy activation script + template: + src: "activate_venv.sh.j2" + dest: "/home/{{ ansible_user }}/activate_venv.sh" + owner: "{{ ansible_user }}" + mode: "u=rx,g=rx,o=rwx" + +- name: Source activation script in bash profile + blockinfile: + path: "/home/{{ ansible_user }}/.profile" + block: | + if [ -f ~/activate_venv.sh ]; then + source ~/activate_venv.sh + fi + marker: "# {mark} SOURCE REGLUIT ACTIVATION SCRIPT ON LOGIN" + +- debug: + msg: "Successfully provisioned regluit development environment." diff --git a/roles/regluit_dev/templates/activate_venv.sh.j2 b/roles/regluit_dev/templates/activate_venv.sh.j2 new file mode 100644 index 0000000..75fb360 --- /dev/null +++ b/roles/regluit_dev/templates/activate_venv.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/bash +cd {{ project_path }} +source {{ virtualenv_name }}/bin/activate +echo Local setup of Regluit complete! +echo To start the django development server, run: +echo ./manage.py runserver {{ django_server_ip }}:{{ django_server_port }} +echo Then leave this session running and access the site on your host machine at http://127.0.0.1:{{ django_server_port }} diff --git a/roles/regluit_prod/files/celerybeat b/roles/regluit_prod/files/celerybeat new file mode 100644 index 0000000..40ab643 --- /dev/null +++ b/roles/regluit_prod/files/celerybeat @@ -0,0 +1,154 @@ +#!/bin/bash +# ========================================================= +# celerybeat - Starts the Celery periodic task scheduler. +# ========================================================= +# +# :Usage: /etc/init.d/celerybeat {start|stop|force-reload|restart|try-restart|status} +# :Configuration file: /etc/default/celerybeat or /etc/default/celeryd +# +# See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celerybeat +# This file is copied from https://github.com/ask/celery/blob/2.4/contrib/generic-init.d/celerybeat + +### BEGIN INIT INFO +# Provides: celerybeat +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: celery periodic task scheduler +### END INIT INFO + +# Cannot use set -e/bash -e since the kill -0 command will abort +# abnormally in the absence of a valid process ID. +#set -e + +DEFAULT_PID_FILE="/var/run/celerybeat.pid" +DEFAULT_LOG_FILE="/var/log/celerybeat.log" +DEFAULT_LOG_LEVEL="INFO" +DEFAULT_CELERYBEAT="celerybeat" + +# /etc/init.d/ssh: start and stop the celery task worker daemon. + +if test -f /etc/default/celeryd; then + . /etc/default/celeryd +fi + +if test -f /etc/default/celerybeat; then + . /etc/default/celerybeat +fi + +CELERYBEAT=${CELERYBEAT:-$DEFAULT_CELERYBEAT} +CELERYBEAT_PID_FILE=${CELERYBEAT_PID_FILE:-${CELERYBEAT_PIDFILE:-$DEFAULT_PID_FILE}} +CELERYBEAT_LOG_FILE=${CELERYBEAT_LOG_FILE:-${CELERYBEAT_LOGFILE:-$DEFAULT_LOG_FILE}} +CELERYBEAT_LOG_LEVEL=${CELERYBEAT_LOG_LEVEL:-${CELERYBEAT_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} + +export CELERY_LOADER + +CELERYBEAT_OPTS="$CELERYBEAT_OPTS -f $CELERYBEAT_LOG_FILE -l $CELERYBEAT_LOG_LEVEL" + +if [ -n "$2" ]; then + CELERYBEAT_OPTS="$CELERYBEAT_OPTS $2" +fi + +CELERYBEAT_LOG_DIR=`dirname $CELERYBEAT_LOG_FILE` +CELERYBEAT_PID_DIR=`dirname $CELERYBEAT_PID_FILE` +if [ ! -d "$CELERYBEAT_LOG_DIR" ]; then + mkdir -p $CELERYBEAT_LOG_DIR +fi +if [ ! -d "$CELERYBEAT_PID_DIR" ]; then + mkdir -p $CELERYBEAT_PID_DIR +fi + +# Extra start-stop-daemon options, like user/group. +if [ -n "$CELERYBEAT_USER" ]; then + DAEMON_OPTS="$DAEMON_OPTS --uid $CELERYBEAT_USER" + chown "$CELERYBEAT_USER" $CELERYBEAT_LOG_DIR $CELERYBEAT_PID_DIR +fi +if [ -n "$CELERYBEAT_GROUP" ]; then + DAEMON_OPTS="$DAEMON_OPTS --gid $CELERYBEAT_GROUP" + chgrp "$CELERYBEAT_GROUP" $CELERYBEAT_LOG_DIR $CELERYBEAT_PID_DIR +fi + +CELERYBEAT_CHDIR=${CELERYBEAT_CHDIR:-$CELERYD_CHDIR} +if [ -n "$CELERYBEAT_CHDIR" ]; then + DAEMON_OPTS="$DAEMON_OPTS --workdir $CELERYBEAT_CHDIR" +fi + + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +check_dev_null() { + if [ ! -c /dev/null ]; then + echo "/dev/null is not a character device!" + exit 1 + fi +} + +wait_pid () { + pid=$1 + forever=1 + i=0 + while [ $forever -gt 0 ]; do + kill -0 $pid 1>/dev/null 2>&1 + if [ $? -eq 1 ]; then + echo "OK" + forever=0 + else + kill -TERM "$pid" + i=$((i + 1)) + if [ $i -gt 60 ]; then + echo "ERROR" + echo "Timed out while stopping (30s)" + forever=0 + else + sleep 0.5 + fi + fi + done +} + + +stop_beat () { + echo -n "Stopping celerybeat... " + if [ -f "$CELERYBEAT_PID_FILE" ]; then + wait_pid $(cat "$CELERYBEAT_PID_FILE") + else + echo "NOT RUNNING" + fi +} + +start_beat () { + echo "Starting celerybeat..." + if [ -n "$VIRTUALvenv" ]; then + source $VIRTUALvenv/bin/activate + fi + $CELERYBEAT $CELERYBEAT_OPTS $DAEMON_OPTS --detach \ + --pidfile="$CELERYBEAT_PID_FILE" +} + + + +case "$1" in + start) + check_dev_null + start_beat + ;; + stop) + stop_beat + ;; + reload|force-reload) + echo "Use start+stop" + ;; + restart) + echo "Restarting celery periodic task scheduler" + stop_beat + check_dev_null + start_beat + ;; + + *) + echo "Usage: /etc/init.d/celerybeat {start|stop|restart}" + exit 1 +esac + +exit 0 \ No newline at end of file diff --git a/roles/regluit_prod/files/celeryd b/roles/regluit_prod/files/celeryd new file mode 100644 index 0000000..033c7ae --- /dev/null +++ b/roles/regluit_prod/files/celeryd @@ -0,0 +1,217 @@ +#!/bin/bash +# ============================================ +# celeryd - Starts the Celery worker daemon. +# ============================================ +# +# :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status} +# +# :Configuration file: /etc/default/celeryd +# +# To configure celeryd you probably need to tell it where to chdir. +# +# EXAMPLE CONFIGURATION +# ===================== +# +# this is an example configuration for a Python project: +# +# /etc/default/celeryd: +# +# # List of nodes to start +# CELERYD_NODES="worker1 worker2 worker3"k +# # ... can also be a number of workers +# CELERYD_NODES=3 +# +# # Where to chdir at start. +# CELERYD_CHDIR="/opt/Myproject/" +# +# # Extra arguments to celeryd +# CELERYD_OPTS="--time-limit=300" +# +# # Name of the celery config module.# +# CELERY_CONFIG_MODULE="celeryconfig" +# +# EXAMPLE DJANGO CONFIGURATION +# ============================ +# +# # Where the Django project is. +# CELERYD_CHDIR="/opt/Project/" +# +# # Name of the projects settings module. +# export DJANGO_SETTINGS_MODULE="settings" +# +# # Path to celeryd +# CELERYD="/opt/Project/manage.py celeryd" +# +# AVAILABLE OPTIONS +# ================= +# +# * CELERYD_NODES +# +# A space separated list of nodes, or a number describing the number of +# nodes, to start +# +# * CELERYD_OPTS +# Additional arguments to celeryd-multi, see `celeryd-multi --help` +# and `celeryd --help` for help. +# +# * CELERYD_CHDIR +# Path to chdir at start. Default is to stay in the current directory. +# +# * CELERYD_PIDFILE +# Full path to the pidfile. Default is /var/run/celeryd.pid. +# +# * CELERYD_LOGFILE +# Full path to the celeryd logfile. Default is /var/log/celeryd.log +# +# * CELERYD_LOG_LEVEL +# Log level to use for celeryd. Default is INFO. +# +# * CELERYD +# Path to the celeryd program. Default is `celeryd`. +# You can point this to an virtualenv, or even use manage.py for django. +# +# * CELERYD_USER +# User to run celeryd as. Default is current user. +# +# * CELERYD_GROUP +# Group to run celeryd as. Default is current user. + +# VARIABLE EXPANSION +# ================== +# +# The following abbreviations will be expanded +# +# * %n -> node name +# * %h -> host name + + +### BEGIN INIT INFO +# Provides: celeryd +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: celery task worker daemon +### END INIT INFO + +#set -e + +DEFAULT_PID_FILE="/var/run/celeryd@%n.pid" +DEFAULT_LOG_FILE="/var/log/celeryd@%n.log" +DEFAULT_LOG_LEVEL="INFO" +DEFAULT_NODES="celery" +DEFAULT_CELERYD="-m celery.bin.celeryd_detach" + +# /etc/init.d/celeryd: start and stop the celery task worker daemon. + +CELERY_DEFAULTS=${CELERY_DEFAULTS:-"/etc/default/celeryd"} + +test -f "$CELERY_DEFAULTS" && . "$CELERY_DEFAULTS" +if [ -f "/etc/default/celeryd" ]; then + . /etc/default/celeryd +fi + +if [ -f $VIRTUALvenv_ACTIVATE ]; then + echo "activating virtualenv $VIRTUALvenv_ACTIVATE" + source "$VIRTUALvenv_ACTIVATE" +fi + +CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}} +CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}} +CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} +CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"} +CELERYD=${CELERYD:-$DEFAULT_CELERYD} +CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES} + +export CELERY_LOADER + +if [ -n "$2" ]; then + CELERYD_OPTS="$CELERYD_OPTS $2" +fi + +# Extra start-stop-daemon options, like user/group. +if [ -n "$CELERYD_USER" ]; then + DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER" +fi +if [ -n "$CELERYD_GROUP" ]; then + DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP" +fi + +if [ -n "$CELERYD_CHDIR" ]; then + DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\"" +fi + + +check_dev_null() { + if [ ! -c /dev/null ]; then + echo "/dev/null is not a character device!" + exit 1 + fi +} + + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + + +stop_workers () { + $CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE" +} + + +start_workers () { + $CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS \ + --pidfile="$CELERYD_PID_FILE" \ + --logfile="$CELERYD_LOG_FILE" \ + --loglevel="$CELERYD_LOG_LEVEL" \ + --cmd="$CELERYD" \ + $CELERYD_OPTS +} + + +restart_workers () { + $CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS \ + --pidfile="$CELERYD_PID_FILE" \ + --logfile="$CELERYD_LOG_FILE" \ + --loglevel="$CELERYD_LOG_LEVEL" \ + --cmd="$CELERYD" \ + $CELERYD_OPTS +} + + + +case "$1" in + start) + check_dev_null + start_workers + ;; + + stop) + check_dev_null + stop_workers + ;; + + reload|force-reload) + echo "Use restart" + ;; + + status) + celeryctl status + ;; + + restart) + check_dev_null + restart_workers + ;; + + try-restart) + check_dev_null + restart_workers + ;; + + *) + echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}" + exit 1 + ;; +esac + +exit 0 diff --git a/roles/regluit_prod/files/certs/STAR_unglue_it.ca-bundle b/roles/regluit_prod/files/certs/STAR_unglue_it.ca-bundle new file mode 100644 index 0000000..9258132 --- /dev/null +++ b/roles/regluit_prod/files/certs/STAR_unglue_it.ca-bundle @@ -0,0 +1,210 @@ +$ANSIBLE_VAULT;1.1;AES256 +30636262636630653738383536613136363733643931316362326266656433376333386239373962 +6635343138326335313430623566656130663136393531310a343562653666623235336539316561 +31386163663632383436343735376266356134386335363637383536613531323231626535313236 +6163326630306530360a663636393463303062316331623630353235383137333831333239393134 +64353830366463376130633831633835313034643930636166396436373063623039316465613964 +61333538656264353735613034356533353331313735393965363164616331306538383231303932 +31373838363862343931643034643863313738636238376634363430613365356136323237613530 +34323339323337383539363462303863663163373465373262636161346662333738663532316363 +65313464333363643461353539306662353364643663373032346531633362373230653061646436 +34393462326137336163316361363937323738663632386662643338626433626433633235323838 +65653036643961626131383264393138316263366534656663386264376638393639636164323661 +61646166376637396131356339313162343762636234643236316363643063326638366536656534 +31616164313164373336666634356639653831623966333739356462656137363161663635353136 +30653665353334646165663333643863643539373331613263386561353030363862666264353933 +64643439336236386631393934623839626163373463653134656539376262316233626130363663 +65636534303431616631633534643030346534633635393563366266356138383938636264383632 +33616365333863393733646565643236613064616462633661303630613963666236663265636361 +61376336346262346632313833633735356364636239366439393265613866316439643732326330 +38396332363666656636646164646262303162656331636661393738626263383563646261323036 +63363634616362323965616639373961333966303366363937333233356631393938383339613262 +39393461316563383131666539333938313437336462376233353464303739356463323265366665 +64316161333431353264336236373466613230363237316633386661303538666536366462323666 +32373164626330313665653133356563383436663765666437636138343163663533646331346631 +31643638373537653533353036653766663935663636663561343239383666333661343830353133 +34363363333466393761643863393436386231626134663236326335336438633338313963646363 +30623262386437313733353038353231353163326133643139633963303864633739383935363664 +61336265656666643037316139306534323135333763383230633261336139636362396539643539 +34303937656634653862383665356530643064383832363163343331383538623236366535393061 +38373738393064376539343837356335326132363135323935333964383635383965656462383636 +63663661626632396663383838353633663839303936646537363266346661373033663064326435 +62646130376163623363346232346530376638613934623831303636366365313331613436626337 +61346262333933363366653166326330663638643230373364653161333263323035366263623330 +66636532616234636263323366626432363337326564663531323663356166303930653661313030 +32363133313162313331623138356432653630663263623935303739663363323130646133613735 +66333933393266663265333036616465353338656664313230643761303439363035663566393930 +31303633396665316330623962643439313132633531656362333630653537393061316663356566 +39376230643830333035316439346336313464623238373739623636313236316162356337313339 +62376533663138613962306331313066383439373039636631633431316232643266326361666134 +64383437636561323964346134663032663466333831663836393039353562663065643337303330 +62356666353662386439353563643735633730613463666263666539323333613130633765393834 +32343439306636306131386537373164363636386330623534373535323631396464626661323361 +38353935623566373834643661616631373333303735393835643737626234643337653130396365 +65666332323665356330396238633866653761346531303439666236653264323661626135353238 +36643562623266636333623831303439336366646133653332313130336436386537653234666435 +31343863376233623335366333363232653966316230363836613231613130613166643864373565 +35356264383335623539643630323534623265313631383130643739306533663330396434653236 +64376166373639363731663437663331346338373539363637353933386239373738373565353030 +64353261366232643061356165323961383537626239623732393936623461393961353837633733 +34356166393938346232396532353166373534623530646335633338633636336636646630356561 +32363061356632313661386535306339636135623834333231303433343037353633613365326333 +37666235323239383661323536353830383833326565346564663631336465313664346533323337 +38613961313233623033386166336235383362393463393832646538373139333533313266303937 +62346532356632316136633533373665373839623336383435353163386531366466646664326565 +30303639393933373361623333326432366332396137396238336464376131323631343637306531 +37343933373139333333623233386334636436356432303764653235353133366566383031633136 +34616133336663623664616432336265323534373163316338386561623864623861343835633062 +34343738616134366164356337663566326462303933386139643734376332313066613230326363 +66623837323238356366333836386662366435626236333835346662623631373636663033623733 +38316639343638313937353636616638396261333561313032383130393538663366636630376539 +63353566613835343964356635303939343764396631393738646432313765666564316363626431 +65346637656137363266346266616666316361383231343666643063353131386163356638346636 +30383932633264373031373935616230323933373863663564363233313232363066326662303165 +63346532313837396365353365636663313334626433303732326164363330303438636333636163 +35656537623165323666633435386465303063633534656630306664343637336164626433373361 +65376530333361303337623634353434373164626133626263613561613436303161626432626239 +37343536313531626233343530633634613166633735613233393962323165623166366161356336 +35386635366631326266343432386161663033323962313763343163663137643631393166333031 +39346564656665343835616464663231333562616661643234326663633563303964386131656363 +63666363356562383830646633396238623537336439326162376135633665653165326536353037 +37313362666531333837633439643165356534383265643637363933366463343839333961376235 +63333063643634623735363233646334633235373132646139313365303336646264633061643131 +32616465633131356130396465643235353530326564373136313133613064313562306333313965 +38396237653430353533353462373130303262663564653361313465353934353864656235653135 +34613639613633633234386639633230653537393965323363623338656465326531346432333637 +64343436373436356535333865643865373539393036626137626538626635653637666362356162 +30313632396539623962346562646563316264613232343730643565386135346664646363333330 +66656661636235633730393063343634636138383264336535326533356231626530613565336161 +35626232343436616535373230653039303065343432343738616363626635383364373266323333 +33376364666638313564366237356635653731623566626661373961663736666638343061646134 +35313438356531383433636565326365313063383834613837666330396331353738323237363333 +63363963666465313137386537356462663636323737306362326362363266343062626130616230 +64363433343738343632636633373330386464396364383031343531663432363563653032336332 +65366364333133386139636165303964366165326336316534323636633462356335633066643165 +34613030323234383965396233373333393336653237613062323530353762633931343333323865 +30663862373132633834353039653032373737313564333638333762303335636265646162313931 +66393662653933363832623061633634626661356437663331373937396631356131333462656666 +32303166396533643261646130306161326561326533626531663038643565376439633339333432 +64333437366566666366303230616539663564333463666631646163356235636333363633663639 +37666332346161376239656137306430623463653466626663636539666532373565373731613165 +62663532383165656432313762376235333331343738646532373265353066363262333261626137 +31396332383963353066336666366133336138653363613863653833653964663164313831333065 +35333738383232656634356564643634346633313137333863363766643433363631333630643731 +65363161303235323830376638303135613630663362653566363965313436323033643366306630 +39303935636639333961666135633962653362666536663333623430356164376262346662643635 +33323663333832316633373035386334623134326536366236636561373635353366386237323933 +62393435363235396262653065656562383063663236323134313833363833396131643533666235 +37386366343933376338336533316239383430343566626434303537653431626261363438336334 +35363961656332336230386535386531363761303766313563333832633033646461393635376339 +39633630336366373663666239623030326331346361323132363565366366616236346230636632 +38376534363933383965386338313835356135663035326536343532643930383466633538316538 +31353038656533336335376265626139333364633537633662653362393666346163386431326261 +35393261353230373034633666663638306134643066643533323761666264326162343630376661 +65613733343866306364333665353639646263323863663562333965636335613966323564373535 +39363939383031393265613035376635663962386530663639356331393830383130626439346666 +31393532316431393666616535363430636637366134366636643730636431343034336539616135 +38633063333063383766386265336363386362383136653536616663376463333935356162343930 +36383831666537313936393033363738666335653739646431363039373939626538343037633631 +39383439373336336561663431626265666434646565356438336530643863656464323034353565 +36366563323836336162373465313938646239373637613066333238323533346338353834636631 +30333262376638336537623466643736653562336336663436333963366464666131303862313335 +61353862656435653939343362393934303633303333366231646431656234656638613033383133 +31353262353231663633633063663537353536383138366132646364353661363135336333323133 +64613231626662666364313232333633386265353935363065333933666165633862393965326637 +63623962616164626237303466623565623032666431383633323233633861326132346263386631 +64386364653633363965356664636434393031383663393137343733343732363239633436663636 +64346237653966363538303632363461663030396237623661356438653562396232313935626164 +64326162363264323831663965383639393937613931663239316663323164306537326363376339 +33333063373464363065336132613230643831303937373163386263646562313361306133306639 +36636264373638326663613236353439383532323032393431373333626330313235623362643137 +30636462643536363638613936383931363663343964363038373834343164633062343265666137 +30373734396232343936326330623362316636616535643136313765356439323934386364643631 +34316630366332366432373739363637623437363132646330326361363366313633343634383132 +34626633343163613136343665373931363065306232313336356461373366623934306563383935 +35373930633334343864306165653034386133393636386662303737303136613432333531313461 +62323065343037386231656335326364363761396532346661343664636637633334383131613833 +34306465643133383239306534383035303363353766613631643464383264656536323866326464 +38666665613166653638633039666261326135363833393832373564333765353134636138343266 +64373536313666353332613535633061363835363839323430333430643863343461643236333937 +62346262396331613536343539653766323561343639643766653535353335383736333464613331 +61336337613737356236636333393236653263663065353431633537666161373638663861363863 +36393364616566343561393364313531356134626431646261346363343939616332313631636331 +31393435373265313836653533323237613336333061306330636665626233613537383932316235 +35646633653664313834376466306335653465613866393939323265316436333062646662656462 +36313861306533326163306266353538396436386365393464613335646432366461326331623664 +35616665666337663163663631393539663731376333393339373065643363326535643563383532 +63656466623939376632636433316661613730386363363930613830386638653837323938373030 +34653565386564333866336337316164663931396630333634336130383465643061633239656638 +66666166303835326365353433636130653038643938653365333431646561306536623037666231 +30333830376637653932613961353931363537336462643030376537386539623636303038363862 +34373036393931303465626563623664663532666166336334653234346561303538313036343565 +61363734333737393131643661326331383036333363653333373536373134306436646139636561 +61386462323832653061313034616532643265343636313366346537356164346461313436373637 +34316663356135636231613330323431316566323361363636633436653864633564366366383339 +61633266343336643430623138326436383361636161326264346365643536343838333138646563 +65383230373361663461383236313832366334303632313935313263646266393030313238613334 +66626631323033383334636561313666653165356135366435613438323662353135633234346662 +33333336646166643862396361383636306431353439333562633533303265303266613662306162 +34383062333166393739656365303738373361373436343064323636336634353232383232356334 +35633561383735316663383333303334633631346339323562353634396533343636653963653462 +61393039303366626563393737306336376437666138393562373933333335633435396632333232 +39666435383832663462626563646162666565393530393164373963386161666436343263316639 +30343064663133616135613164653937366636353062303139366261313165373362643365316663 +33653630633732623466343236646136663730663938333234613163663835393036363161386332 +62383833396164313132633535323530633937626437383462663866346163623234663564306533 +65326362636433333930623663653031313438363930373462663639366434633665656138303866 +35626333336532346663366530303061343835376239643466326361613030613730326130633165 +39333465393466336231333335616662386238346537633164666636333133306266613064343165 +39653963346133333234353266323065656237303233623264376233616334623665323433623632 +63316262306337386535653233336635616438356565343433393662653036663736663663666435 +33333433343566623331333961613662306236386439386135653138333638366566313534383934 +62626261303530306237653637363933393634663330336462393932353230313730336362376134 +35343530363431323366613361643636663961366238636537616237633965666639633265376437 +63363930353064346664323435313136316132373237356332383537623032633831353563326230 +65626166336166363164613130393165356139353439353436666537346362326635386136313464 +34383633336636376137643733313637373535643966376435353339363535653139313739313362 +65343434343364666639306663663665356533323635316534316561313263663662623764326138 +38386434316535653262616530643164663335323436386365313361656430616535346463643765 +64613231623333363835386337643334333039363835343731316165346438363234666134343263 +63663036663566373734656661613432623761393964313166393532396664326230363230303161 +36373364663137373234383134363966633935666365303430343539663461623561383236626137 +66623964333766323534316439643666323666336539393566316331363862666561656634326166 +64383236633638663163666236633531346330643066353566336337646265623361326261373862 +32626538316631303465396436643236376161613232666339373537383438633630316365363065 +31653433326333613431303936333137323632383163323561313636396331376664656365326536 +39323632623861333466333530643864616166623261346237356431326335343431373164633366 +34363932656234613431306135323434353164323461346262656337336137616430386533313933 +65306566373634363933616233316562643930666161643234323864336631343032326462623365 +65363036633061643463343637313933396436636333663861393333353732383736633534303864 +62376339343938383639626237373961623931616264353264353337333133396564623831643338 +39653962623766643239393061643938643066386564613932656565306564303066316165336230 +62363330653137616666343333323636663462643264656364396138626265623964663730636561 +31356339323934366637623165623039323439333434653336623962643734653436376462386232 +64393863353164373734313262383638393961623466653034626666353361393230623933373336 +35323661333330393835363064396564613766626665623866346334643463663865323264386661 +33663561616131616134333564343334343765373061393131376231653536353163643435613564 +32376466363230363930393734663433313133646238396366356361663636343362313237303766 +63613538383836646333366664313637333537303333373537646130393631656636623461383533 +31333661376236323736666136393062643566313131383165663965656637303634366330666539 +61336265356662336236626432643738343038396263393665396337633837303761613332623436 +33313235323938333333666437613731376562376233353664313362356433383938376436373863 +32633131386462333838323536333439323733393266376632386530366363633337323963353437 +37653334626434616433643930363765366439613236373731343339613237633962356531303433 +38333261613062323963366131633738613463363364653531663639626234383263633963336635 +65343330636330353363356134363138333031393838623635343335393462343036316638623861 +30323638373032653331616361383338333761386264623435656561623337303863323536633932 +61613964363538313435363231613834323333336364353962346265646233613935313632343738 +65303732376561643763336162333962353136663136613466666631323063646432323130616266 +65663431626562646537366661393638346538336538666466343261396431383232356238353062 +37653031653766333931393763346366356563393261363438363535303163303962306630306665 +62346633356463653465363965396164323437346132396138316562316237303033396233636336 +30623039326132393534633937623363656666663366643130633161646566386135303939383762 +33356334636565643761323638346162373636323433306436303331336432333830623739643237 +64646432366466326139306663356438613433366534616462383938646239643262373836363032 +61623735666238626435316530363833366135633563663530643631623539333832343561323138 +32383138303464393265373665333736303861646464373861613730653861353463323837383737 +30356437653833376631303636393739636663663936656663393130616637303332393636363431 +38663837393231326536643033376663316138363234306637613135396365616636656236646335 +33633962626135343564633337663936393031316133646334303635653130626131646531396134 +38343631613562393435326139366330373064393839636138323466646533303538 diff --git a/roles/regluit_prod/files/certs/STAR_unglue_it.crt b/roles/regluit_prod/files/certs/STAR_unglue_it.crt new file mode 100644 index 0000000..3dd020d --- /dev/null +++ b/roles/regluit_prod/files/certs/STAR_unglue_it.crt @@ -0,0 +1,100 @@ +$ANSIBLE_VAULT;1.1;AES256 +66366138323934613133623237633539616236326462373461303832393739313466373236323765 +3461353265343631356335643139363335356262346238360a383136303237393662303762393766 +61346362386338663037396631633932373834303265383662356539323766393466656564633465 +3835623862356266390a646463633764653431353537643265363764653934656430646363373335 +32343135303266623365656532633061373564623664616564343638636138623433363964303366 +63323939396365363539366562626135626662336236313963613233633637313731313465363636 +39386237393034383263346164623036646535623463306330663034383632373836333661666435 +61656662353762653266363036373430343333653835646365613835303935396230363032636164 +64613730663339316261313664633636613763313631653839313465336562633663306563633561 +38613661333766366633333463376162306365323330356339613266326331353866316638363237 +33646165313865313431666163613234366133616263396630303362333336323638373131396334 +39656534616331643530646530316335633730323166373830353262366465306631636339316266 +32303162313438373531616439356563303030383136613531353561316234353632646232396433 +38643463333836326435303733373239626562363264653532323334356262346133633361373963 +64396564313630393164323231313937643435613234376436386563623435633666616331643530 +39366536616165303562663638313739353763656134316132616162303161623130616263306366 +65613264623935333134383733353637653336636532383165646338303633353330623231383239 +39343834643038656539623162353561646364393162323839643533333363616437393239313034 +61356134643031356536653262663833336361653632626364336565616163376238326334663661 +35623338393730636237616161383032353762383965633962343330353235643363346633313462 +36653365346263323062653239373132323734626363623337393635373738663931656363383136 +62613836356562363866623436393131323130306636356235343035333534326331343337383431 +38613565383365666632326238363165313631373262336234666434313065363363346636653339 +36363432306639303266366665643934346562663934666665343030396233666534633438396332 +31323662363130616338333233373961316639633436313737353530646135373533613433353034 +62346432623261346334623738663835666639616564373961643439336432316365666665393135 +38623936616361313634333339353133633165663936616332323938396533393235636435376439 +62633537633136386366313934373263383730633334343636373035316638343334356530613530 +63396438343139383439666539383531386437313865303864316437363563663065643266353138 +66323133646463653066323466653662653736306162636565326663386362366332303761653564 +31383133396131663563343339623563363239363763643530383833353263646264363565656535 +64343737663261653530623836356430666462633964353832663964396462363430623336646336 +65356566653938376132663230333033376261376538306266643565613561373636383532616139 +30396564613564333964303262656162313839663435666539393734376639653562643735393037 +34613864353764303661653561383466663730333932663139616164333239633961326632346230 +30316138626562346434643033303333333234396533626633333437316636323062643035623664 +38626434366261326663393839343765363133623339373738313563653736373565336164356435 +37623837343437623833623137373662653934363133633366636436663831653737376631376431 +34363461323535323337343632653430333961343165633864346132343938313361373864363565 +32663734626631323930613638323133396135313562643536343038366233373136653330626239 +65313933636136303365353466646533353236343934356330356161343433643139383764393134 +32356331653831633832376262356238336634353362373837646563653835613634356463653466 +30383361356631616538333565646435656361313839346165376231643633643634313863663137 +61333236313436383464663439366637643663356535613861343831663737623364303339643733 +36373461323130333639613235373961313736303436666361613134323265386165616237393164 +34366530363034376437393866333861646636396434636631343033633565396164663833623331 +32666161636163333266393361383838653333326437303235326565306663356366613430303237 +65343937653439353334343834303234643136656565366461393838653739336233613234616437 +62643065356462306565363964663332663564313734336239633833306135613662633535666662 +36616639323332353864383733393561666464313466393535373961613831313463306461663266 +37653230663732393061616365656638623830346536373932636461663532343532366566343436 +63376365643061623839393139333661643439376363396564363237346461393264663131616162 +32396464363231613231363561373334646362636536343732396364653132663664366434313538 +39396262333232383934396335653461346338316564303563626363646136633266393937343434 +34396234363362336232653136666639613466663833303062356264633461643932613162303031 +33663539366332643538353632336433393564366565323034393531626236353432623531383033 +64613435623761623562363563323364396166353265363039663932626431666339376632353539 +63656330626438653366396635353236663762666439613237623638663731306331313564333239 +37363663366134303037376433323735366266613831356635663932626162343639306366386439 +61643831336139303133336366366165303934646362303665643135386462353565303932383930 +33393334353235306534366339613066633434393038636331366265336163306334323638393264 +64313538316632373430656532623532313063613337626165353365303832373566316131666336 +62353062343565633836306235343134323433303633346130363362633263343564616535396263 +65666666646231336636616364646565303538343361653932356135393161316335343333653439 +61373266633033653931623631643430613137393633393063353833306463663630333434616462 +33653230613639616531666335336131373636323065616239313733323664623138313964303930 +35366665626362303161396562306639613435396331366363616138613735383030366362396337 +66356666643131393433343237346533383335376462383566643035616438396366633737393133 +66323630656539363237646663363764363536373266383036636166333834366663613863663533 +62393235666666653433613665376431306439616138633533656362323436613231303264303764 +30336665336661393866343935313465626264303139353632356137663439373232326339393136 +64306365353639626565653965666133346364613538333135653831663032613135653263353965 +63373532323062653630646363323063383065646562313539373637623463313333313535323866 +32363631613035653637663935313535626333333433623735663439383239373231613037303736 +39633436383361356633373037333362363861346263313038373131653938663930666538306432 +34386163316163623064376132653062333535396631393363393265303964356431663439636234 +64636138333031656364656565346163663533353333353666373466373734633263626439316230 +65313031396564613163333364376637303539343563613133613133376239623066303139393866 +32623135396134396439653061386561666433613536336566613530656530333433343537623866 +31333364636631336264636531343365633264633433643661353164653831343836323763343033 +37386131306563626437343034333330623932303639646631613239303331646364323465616562 +62353030633765393237653161636165363465336136333264373832616537356531313066643263 +38346331383061373133353132646562313630643335376565396662653830656538356165356137 +31396232326666613236313961636334383962373533613566333930313866373334613064376561 +65313565303630326531613131316463386636623830346131656532363632613032303466623334 +33353633663730306638623566326533363065663363373537353130393938313936383763663966 +34336535663565633162313732376237336463343833303939353965653665356563326534643033 +34343638666463363462363235343731346461336235306264643866366235663961363461373930 +63326334323363656263616531373861633936636339623835323936373661373364336233316631 +66366462643663316162383438376162663065633333353138363836353331343162396636623130 +62383461626534386664633166323764303631373731366133633930643232303934666535393237 +35373462313561353561643866623761313839316662373134363431373562373062313430613462 +37333635313037656433656363313864653037313732656232323639383838326263323564643263 +38373337353635353836366136326334343661393064316139373431313330653966323763306337 +62333066323961623535336232303234636138306630313732373364613363663434633734346231 +64663930633162313937343130343961356437353366306338663636366631326366663938363531 +63353863306137653237656330656237356563346337343262363664313339323863616438373537 +63643235306137363264383238316434313331336337356364366261313835656562643566666130 +633536646634326262663866316566376638 diff --git a/roles/regluit_prod/files/certs/server.key b/roles/regluit_prod/files/certs/server.key new file mode 100644 index 0000000..2e3e98f --- /dev/null +++ b/roles/regluit_prod/files/certs/server.key @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +32373237336239343336393066383464393861636235623430343533636365306430323738643234 +3538336532623734333038333832393735343363363566340a643638636634653735656635336338 +39396461646661353061373636313032333065373562373036336232346133313334333862353034 +6337653431323235650a663536386561366531623363303963353539326339393034313961393362 +30306235623461326365646365373835333235303965336635363361366336303236333237383539 +61383438316464336338633163366532323435616563343463623266346632393930353332626137 +34396538653134373433333461373337333639393530383738373764353731363264373835626364 +35393163333462343562303136313264653764333038343838656562653133353934336666643534 +63366264393462643065323865303033636133663164366334313564333262633736626263363338 +39376164343330666332333534313634633137653432343232656464363066356336623166303030 +34653432366563663432343164636665373139346435396135303736653030653930393963663538 +36333636623832633630386235623365363065343936363031613165383534353837353231373164 +37373038363361633330653633396562323738663739316634666137306161313233633561383064 +30323236643635663766393862343363653866303431346535626565356162353433623132363031 +62656332383835386136656534636135346234326561623037396239303034353961396134396334 +35303463366439363336363666623064623564323032646337366332666536373064353962373461 +63306166616535356231396566316433633062376164303434323639376339643731393461393536 +65633363616235343532386435323736313138666661666434643935623266323133336463326532 +33326364346364626165666262396133343736656335353732666362613234343163343465326361 +33383136636364383466363666316131383366623665323561636130343337613539383134646535 +31383131623237636433313133336162633537653533383435336461616439343035336164333363 +31623638333465306538313637636436626132656534313064383663393230653132333938343537 +65343339333037613332316534336133373864666130303166393038373531396266303832383632 +65343531616661303363303966303230353630356437336164383038366563363166363763396464 +37386330653563613063323438363737313565363130353264613236346565323837326631363935 +31346365653938653566646437623333326533646235343966383031656132396539616661393461 +65333235306432666539623964393132616436653430383236353033333366336363323539333636 +64616563376464646534343838616437306232393262313065353936356235373231613561323866 +61383536636361363039656138306131383732326464613931363837376234326433376533643861 +32616434383536373532383238663263643862373738333338343332303735663863346331663037 +35643637356531323639623533313865656132353139323436363661643263323633363161653235 +37636635623865303536353264313263373938366165623364643337313831653161623231343764 +33386162623531396234623937633465653930636637623837653138373365346132323731346130 +64613338386662653833653034313066636566333839306539666161333333616261653537313363 +64656632333462633232396236373666366464623464653434383832333365376532626531313735 +30313335353664643566313437393834393262333665666366326463663761626135326434363931 +36306439376138313838613532343663383938366333316432303930326239646232623633373564 +62316632383131626432333461323330366165366331303735333330363335366265316330663563 +64393231393136626162386335626433336337373765623933346237643532366662616434366163 +37373832303664303836373434343032313731323362353031346438643335323131366538653334 +33643432646339383865386238666134383861616437663238366365663737623663323137613865 +63633965323933366332363131313834653564636336303966656663366361353731316336633233 +32623339343838373639343534326365346135393137303736346634303863333664376332636634 +30303938353536636365353338393932353435383635326435666133353430323464333531356563 +31353733323331656538373932643332316332386437373938373635633832383662316537346132 +35316339343538343462363237666332376461363262623438623738623732383337373738346235 +64333335396336333337643235616436373736623339366236313938653433343661366332646265 +34636530666636363764366533643739653561626134393936616632616264663230616164376132 +30656336633230323535653766636361626562306262326265626166343036643034303730306164 +63356131333739333338353835363430363864333063363238303861323033643534366264623433 +30653639633862376232393065626636396137343635343030316630313863323365363764616630 +38346336663932626430613437656437313462633039393934653532386535323836366465383761 +39323732666339386565653836323461623238316564323333363461396161643338633137646335 +66373461633233333337663332323064373662636535376433613232653137353834373630663366 +61343066303366666362353837343337386631653461646230656533663965626135383131346635 +31623131653264353861353630646662303835643738323565383233336334356264353939373933 +31303964346563636437633532383762383234303130366331313864386330653130653437356466 +38373135333066336139336332643666373932666565303062636465326236623963323337633634 +66646633366532646232326435663065393035386438343030323038663033356639356264663532 +61396130643135666266366664323234353065303031343531366532633532363534646536646235 +62383531393832643137633332353364333230383361663264623564366539323132623639623939 +61323263373866343933653734323661383634636139383833323837303236326364666466386336 +34316465346261366131316535303563623238346530643264326539653432633237656133613532 +30663738313139333461346163626130343535306538623763343134623832346132656666393761 +35316164646635613032326565353163656134616366386364306436303134386339346462653262 +61383961656334653564623262366265316364366538353362313233343239396265383235303534 +33666366323466303534333165653334343437316435613566326338666336326664616133313062 +66333339346335626663323335373939303163623331303133643937653362666430323930623462 +30393239633763666463643066393161353235386461633066306235376261346139363330663235 +31643539616335396331656364383265346333323661333066353732653336616330303931376164 +37643931313337646337333236323939613333303834356662373836633631393736616462363338 +31623064303936306330343361313763336239316362633732326564653566313265616566336135 +61616538653365313666613366313064623232653563383465386535636530643831633735323433 +30353239333166343366643738363834613230316463636339666434633961386335623238353030 +34356536376164613338376534353438383039383930316439653732643339653531316530393534 +35326165666439396537396464656339333366333535366530353064396436663966333465616630 +33666233313537363165333738393362656631386564376365616266393137633931643833343232 +62393663663836303563386235383363623966316635366133353165346635373063383666373833 +35633264666139616463333339653733376431363761653433653138356364383865633937363433 +33313361653536633066656164616331343033373339336334666635353630636532323632323261 +39303937626633613434653835376538356164396631326163346465663337386230656139396237 +36613762346462626135323233393537616539646234663866353433396530383966613333376137 +37373461333561313966303239633834663837656230613830303433353639643431323930633238 +63383161313938663737396539663163303161633732393130363737303732313166623534303339 +65323162386430393639303435653436656239303032663761626462633565626161656632626162 +62386631316434383239303631343536363034626663626430633635353933313533316337613532 +33383335326637626535336664626663376332316236633735663339373131373630643665356133 +31393664663737326638 diff --git a/roles/regluit_prod/files/certs/unglue.it.wildcard.csr b/roles/regluit_prod/files/certs/unglue.it.wildcard.csr new file mode 100644 index 0000000..7328e86 --- /dev/null +++ b/roles/regluit_prod/files/certs/unglue.it.wildcard.csr @@ -0,0 +1,58 @@ +$ANSIBLE_VAULT;1.1;AES256 +65656166313438643163366632316530386139623538636439633638636566383566646239306131 +3938333565313734613639376539323233353932373635640a313831613637383734636539666463 +64306331656564626233383831633862623861346364366632313733623263306464636264363965 +3933326435396164390a646439366537323232633232373339343538616431343137373338326166 +65373365613465616631623463313364396332366539386462333737623737343330393662646533 +62353663306531663935623765353838333138346630313333373066303835323461383630306662 +34316363316661613865616163393133626139663162393336356665373465353766656661633731 +37373563396437366661373134623664393430616532353530303861336238666539306562343662 +32613431393331306234643362323961343261376238353635366132623638663463343730343730 +37323733313739636238376538323264333238643532306439366463626233613237313933383333 +31373064343036616239616562373264653163396265613935656638613662663364633866393638 +62303563363763356433376634626234663234323636366232616431646534383730346233333963 +31616263353462653932343537343863326337643037326265666433623965646264303066316139 +31653864383331626231313736623563316330393563376562303933313237383939396438623231 +65383666336565393236326433646561346635356661356136306165323432383531646264323064 +31353738663861306135636131333261333964663338636637306665333663313164393537396663 +36666663616634323137333835626133383737666632316336313661656434376239616437346636 +62643035376637373031636330646638356562643962313336653964616337643064346562366531 +33613935656630633736386632616162663535366466663637313339323939646136636165656166 +38346562346331323738393934396362316361643538653163333935656139356535363432313532 +38633336646332386661643464666263646432373134306639306561663134373164326632613531 +64313162303263333534666436333634663262623632366631633865336433303564363138353566 +36303862656531343765643965666531613231343035636537373030613932303039623131363830 +37346263666637373639643930303438316430663462333430613335613131396566303533343864 +62373439663236636232353230343433336137613930623133303936323562313061336637306566 +34383336646336663263373334323131316262613136353239616630303264633238383266323464 +37623864646331363735306132393936306162393463313736366166656439343039626434353739 +37613532393830323431393964333437306366313335393434323463346133343237303732343962 +33373164363135363335323435636666386231363463373864663933373430656239366539643164 +30323038323739373965616630336166356362653833303132336230323661373737666232346630 +38393933303736306537383364356162656339613461333262656137636662303532663737636237 +36333661663734643363636661353337616162396666356663393432633361313534333537393161 +66666165363635346162623965333061386563663166643736653134303638613332313637333064 +65333438333661343664303361316631643763323164386330636139353932646635393963656336 +36343362323332336130633533663234343236393639323062663962633336626435653137306539 +63633866616438623764616631663533363233346362336132303861653039386133323965643863 +30633932646132633862666266323761656438343935636332326263653437333366306338636137 +65303538613661373538313437646466393536313665623666396235353962306634386261396337 +61376439636531383631383234313230303731653435393964393835393236653739316634623363 +61363730333632323039326438366633336462656135366164663434383561356337393636353661 +64616435386238316265386565633938623935663332633062316163356337303765366262313534 +61396361326333616136366435666662346637663864326561653634313030303033303132366132 +64353635383932633733303333636137323237393764396136313661353463306137316563303232 +32363063626630343230333065376638626236653532383766363161313862616336396334303764 +38393262613531343134653130313237343036383464393739353631636235343930653537373935 +63306431643132643362656433313061303838306164643236316166303331313636376431326239 +66386635333631653232383664343864383739663364363131373062623835363635393930326639 +33303733353761336638363935316232336533366339396166383539363963373536346232663865 +39613463386138363364316365373161313130316638616635313235363235396166323935353664 +39646163306161323536366532333231373530636234643764366134306164333431336636333533 +32333966393634393135333031356533666531613262313432346366373262373565323962323939 +36343764303866653638336134653263616561396332643030356434383531343166356466646633 +37336564613131633534313064303933633134393131656536383439393633366164376636353634 +34663236663163633338303838303733643262363834633064313532626631646239306564313361 +62616331306330636366306633366430353964376466313032356434346532366362356136376536 +33613962316539376138323033623736366531643261386535653733303465333331383131666530 +38336561353633303639616635656566323130616561656235393135616631356334 diff --git a/roles/regluit_prod/handlers/main.yml b/roles/regluit_prod/handlers/main.yml new file mode 100644 index 0000000..0c67922 --- /dev/null +++ b/roles/regluit_prod/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart apache + become: yes + service: + name: apache2 + state: restarted \ No newline at end of file diff --git a/roles/regluit_prod/tasks/apache.yml b/roles/regluit_prod/tasks/apache.yml new file mode 100644 index 0000000..67a4a7a --- /dev/null +++ b/roles/regluit_prod/tasks/apache.yml @@ -0,0 +1,96 @@ +--- +- name: Install apache + become: yes + apt: + name: "{{ item }}" + state: present + with_items: + - 'apache2' + - 'libapache2-mod-wsgi' + - 'cronolog' + +- name: Ensure apache is running and enabled + become: yes + service: + name: apache2 + state: started + enabled: yes + +- name: Create apache config + become: yes + template: + src: apache.conf.j2 + dest: "/etc/apache2/sites-available/prod.conf" + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0664 + notify: + - restart apache + +- name: Create static directory + become: yes + file: + path: "/var/www/static" + state: directory + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0755 + +- name: Create WSGI Script + template: + src: prod.wsgi.j2 + dest: "{{ project_path }}/deploy/prod.wsgi" + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0664 + +- name: Remove apache2 logrotate file + become: yes + file: + path: /etc/logrotate.d/apache2 + state: absent + notify: + - restart apache + +- name: Disable default site + become: yes + command: a2dissite 000-default + notify: + - restart apache + +- name: Enable prod site + become: yes + command: a2ensite prod + notify: + - restart apache + +- name: Enable SSL rewrite headers + become: yes + command: a2enmod ssl rewrite headers + notify: + - restart apache + +- name: Generate static files + django_manage: + app_path: "{{ project_path }}" + command: "collectstatic" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + notify: + - restart apache + +- name: Migrate databse + django_manage: + app_path: "{{ project_path }}" + command: "migrate --noinput" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + notify: + - restart apache + +- name: Add unglueit log file to www-data group + file: + path: "/var/log/regluit/unglue.it.log" + group: www-data + notify: + - restart apache \ No newline at end of file diff --git a/roles/regluit_prod/tasks/celery.yml b/roles/regluit_prod/tasks/celery.yml new file mode 100644 index 0000000..9d6d1d5 --- /dev/null +++ b/roles/regluit_prod/tasks/celery.yml @@ -0,0 +1,67 @@ +--- +- name: Create celery user + become: yes + user: + create_home: no + name: "celery" + tags: + - celery + +- name: Add current user to celery and www-data groups + become: yes + user: + name: "{{ user_name }}" + groups: + - celery + - www-data + append: yes + tags: + - celery + +- name: Create directories for celery + become: yes + file: + path: "{{ item }}" + state: directory + owner: celery + group: celery + mode: 0775 + with_items: + - '/var/log/celery' + - '/var/run/celery' + tags: + - celery + +- name: Copy celery init.d scripts + become: yes + copy: + src: "{{ item }}" + dest: "/etc/init.d/{{ item }}" + mode: 0755 + with_items: + - 'celeryd' + - 'celerybeat' + tags: + - celery + +- name: Copy celery config files + become: yes + template: + src: "celery/{{ item }}.j2" + dest: "/etc/default/{{ item }}" + mode: 0644 + with_items: + - 'celeryd' + - 'celerybeat' + tags: + - celery + +- name: Start celeryd + django_manage: + app_path: "{{ project_path }}" + command: "celeryd_multi restart w1" + virtualenv: "{{ project_path }}/venv" + settings: "{{ django_settings_module }}" + +- name: Start celerybeat + command: /etc/init.d/celerybeat start \ No newline at end of file diff --git a/roles/regluit_prod/tasks/certs.yml b/roles/regluit_prod/tasks/certs.yml new file mode 100644 index 0000000..0804ace --- /dev/null +++ b/roles/regluit_prod/tasks/certs.yml @@ -0,0 +1,39 @@ +--- +- name: Copy server key + become: yes + copy: + src: certs/server.key + dest: /etc/ssl/private/server.key + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0600 + notify: + - restart apache + tags: + - certs + +- name: Copy STAR_unglue_it.crt + become: yes + copy: + src: certs/STAR_unglue_it.crt + dest: /etc/ssl/certs/server.crt + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0644 + notify: + - restart apache + tags: + - certs + +- name: Copy STAR_unglue_it.ca-bundle + become: yes + copy: + src: certs/STAR_unglue_it.ca-bundle + dest: /etc/ssl/certs/STAR_unglue_it.ca-bundle + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0600 + notify: + - restart apache + tags: + - certs \ No newline at end of file diff --git a/roles/regluit_prod/tasks/main.yml b/roles/regluit_prod/tasks/main.yml new file mode 100644 index 0000000..0a4e6a5 --- /dev/null +++ b/roles/regluit_prod/tasks/main.yml @@ -0,0 +1,120 @@ +--- +- name: Install prod dependencies + become: true + apt: + name: "{{ item }}" + update_cache: true + state: present + with_items: + - 'git' + - 'python-setuptools' + - 'python-lxml' + - 'python-dev' + - 'python-virtualenv' + - 'build-essential' + - 'libssl-dev' + - 'libffi-dev' + - 'libxml2-dev' + - 'libxslt-dev' + - 'mysql-client' + - 'libmysqlclient-dev' + - 'python-mysqldb' + - 'postfix' + - 'libjpeg-dev' + +- name: Create project directory + become: true + file: + path: "{{ project_path }}" + state: directory + owner: "{{ user_name }}" + mode: 0755 + +- name: Checkout regluit repo + git: + accept_hostkey: yes + force: yes + repo: "{{ git_repo }}" + dest: "{{ project_path }}" + version: "{{ git_branch }}" + +- name: Install python packages to virtualenv + pip: + requirements: "{{ project_path }}/requirements_versioned.pip" + state: present + virtualenv: "{{ project_path }}/venv" + +- name: Add project to PYTHONPATH of virtualenv + template: + src: "{{ item }}.j2" + dest: "{{ project_path }}/venv/lib/python2.7/site-packages/{{ item }}" + with_items: + - 'regluit.pth' + - 'opt.pth' + +- name: Create keys directory + file: + path: "{{ project_path}}/settings/keys" + state: directory + owner: "{{ user_name }}" + mode: 0755 + +- name: Copy keys files + copy: + src: "{{ project_path }}/settings/dummy/__init__.py" + dest: "{{ project_path }}/settings/keys/__init__.py" + remote_src: yes + +- name: Copy django settings template + template: + src: prod.py.j2 + dest: "{{ project_path }}/settings/prod.py" + +- name: Copy key templates to keys directory + template: + src: "{{ item }}.j2" + dest: "{{ project_path }}/settings/keys/{{ item }}" + with_items: + - 'common.py' + - 'host.py' + +- name: Create django log directory + become: yes + file: + path: "/var/log/regluit" + state: directory + owner: "{{ user_name }}" + group: "www-data" + mode: 0775 + +- name: Open ports on firewall + become: yes + ufw: + rule: allow + port: "{{ item }}" + proto: tcp + with_items: + - 22 + - 80 + - 443 + +- name: Run redis tasks + import_tasks: redis.yml + +# - name: Run mysql tasks +# import_tasks: mysql.yml + +- name: Run cert tasks + import_tasks: certs.yml + +- name: Run apache tasks + import_tasks: apache.yml + +- name: Run celery tasks + import_tasks: celery.yml + + + + + + diff --git a/roles/regluit_prod/tasks/redis.yml b/roles/regluit_prod/tasks/redis.yml new file mode 100644 index 0000000..ca64684 --- /dev/null +++ b/roles/regluit_prod/tasks/redis.yml @@ -0,0 +1,13 @@ +--- +- name: Install Redis server + become: yes + apt: + name: "redis-server" + state: present + +- name: Ensure Redis is started + become: yes + service: + name: "redis-server" + state: started + enabled: yes diff --git a/roles/regluit_prod/templates/apache.conf.j2 b/roles/regluit_prod/templates/apache.conf.j2 new file mode 100644 index 0000000..874f8db --- /dev/null +++ b/roles/regluit_prod/templates/apache.conf.j2 @@ -0,0 +1,71 @@ +WSGIPythonHome {{ wsgi_home }} +WSGIPythonPath {{ wsgi_python_path }} +WSGISocketPrefix {{ project_path }} + + + + +ServerName {{ server_name }} + +ServerAdmin info@ebookfoundation.org + +Redirect permanent / https://{{ server_name }} + + + + + + +ServerName {{ server_name }}:443 + +ServerAdmin info@ebookfoundation.org + +SSLEngine on +SSLProtocol All -SSLv2 -SSLv3 + +SSLCertificateFile /etc/ssl/certs/server.crt +SSLCertificateKeyFile /etc/ssl/private/server.key +SSLCertificateChainFile /etc/ssl/certs/STAR_unglue_it.ca-bundle + +#SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt + +WSGIDaemonProcess regluit processes=4 threads=4 python-eggs=/tmp/regluit-python-eggs +WSGIScriptAlias / /opt/regluit/deploy/prod.wsgi + +# generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/ +# intermediate mode +# 2015.03.04 (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled) + +SSLProtocol all -SSLv2 -SSLv3 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA +SSLHonorCipherOrder on + +# HSTS (mod_headers is required) (15768000 seconds = 6 months) +Header always add Strict-Transport-Security "max-age=15768000" + + + + Require all granted + + + + + Options Indexes FollowSymLinks + AllowOverride None + + Require all granted + + +Alias /static /var/www/static + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +# MSIE 7 and newer should be able to use keepalive +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + +ErrorLog "|/usr/bin/cronolog /var/log/apache2/%Y%m%d_error.log" +LogLevel warn +CustomLog "|/usr/bin/cronolog /var/log/apache2/%Y%m%d_access.log" combined + + \ No newline at end of file diff --git a/roles/regluit_prod/templates/celery/celerybeat.j2 b/roles/regluit_prod/templates/celery/celerybeat.j2 new file mode 100644 index 0000000..44c43c7 --- /dev/null +++ b/roles/regluit_prod/templates/celery/celerybeat.j2 @@ -0,0 +1,35 @@ +# http://docs.celeryproject.org/en/latest/cookbook/daemonizing.html#generic-initd-celerybeat-example +# to be placed at /etc/defaults/celerybeat + +# Where to chdir at start. +CELERYBEAT_CHDIR="{{ project_path }}t/" + +# Extra arguments to celerybeat +#CELERYBEAT_OPTS="--schedule=/var/run/celerybeat-schedule" + +# Name of the celery config module.# +CELERY_CONFIG_MODULE="celeryconfig" + +# Name of the projects settings module. +export DJANGO_SETTINGS_MODULE="{{ django_settings_module }}" + +# Path to celerybeat +CELERYBEAT="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celerybeat" + +# virtualenv to use +VIRTUALvenv="{{ project_path }}/{{ virtualenv_name }}" + +#Full path to the PID file. Default is /var/run/celeryd.pid +CELERYBEAT_PIDFILE="/var/log/celerybeat/celerybeat.pid" + +#Full path to the celeryd log file. Default is /var/log/celeryd.log +CELERYBEAT_LOGFILE="/var/log/celerybeat/celerybeat.log" + +#Log level to use for celeryd. Default is INFO. +CELERYBEAT_LOG_LEVEL="INFO" + +#User to run celeryd as. Default is current user. +#CELERYBEAT_USER + +#Group to run celeryd as. Default is current user. +#CELERYBEAT_GROUP diff --git a/roles/regluit_prod/templates/celery/celeryd.j2 b/roles/regluit_prod/templates/celery/celeryd.j2 new file mode 100644 index 0000000..07671ff --- /dev/null +++ b/roles/regluit_prod/templates/celery/celeryd.j2 @@ -0,0 +1,9 @@ +CELERYD_NODES="w1" +CELERYD_CHDIR="{{ project_path }}/" +CELERYD_LOG_FILE="/var/log/celery/%n.log" +CELERYD_PID_FILE="/var/log/celery/%n.pid" +CELERYD="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celeryd" +CELERYD_MULTI="{{ project_path }}/{{ virtualenv_name }}/bin/django-admin.py celeryd_multi" + +VIRTUALvenv_ACTIVATE="{{ project_path }}/{{ virtualenv_name }}/bin/activate" +export DJANGO_SETTINGS_MODULE="{{ django_settings_module }}" diff --git a/roles/regluit_prod/templates/common-old.py.j2 b/roles/regluit_prod/templates/common-old.py.j2 new file mode 100644 index 0000000..57e97fe --- /dev/null +++ b/roles/regluit_prod/templates/common-old.py.j2 @@ -0,0 +1,13 @@ +import os + +# all the COMMON_KEYS +# copy this file to settings/keys/ and replace the dummy values with real ones +BOOXTREAM_API_KEY = os.environ.get('BOOXTREAM_API_KEY', '{{ booxtream_api_key }}') +BOOXTREAM_API_USER = os.environ.get('BOOXTREAM_API_USER', '{{ booxtream_api_user }}') +DROPBOX_KEY = os.environ.get('DROPBOX_KEY', '{{ dropbox_key }}') +GITHUB_PUBLIC_TOKEN = os.environ.get('GITHUB_PUBLIC_TOKEN', '{{ github_public_token }}') # 40 chars; null has lower limit +MAILCHIMP_API_KEY = os.environ.get('MAILCHIMP_API_KEY', '{{ mailchimp_api_key }}') # [32chars]-xx# +MAILCHIMP_NEWS_ID = os.environ.get('MAILCHIMP_NEWS_ID', '{{ mailchimp_news_id }}') +MOBIGEN_PASSWORD = os.environ.get('MOBIGEN_PASSWORD', '{{ mobigen_password }}') +MOBIGEN_URL = os.environ.get('MOBIGEN_URL', '{{ mobigen_url }}') # https://host/mobigen +MOBIGEN_USER_ID = os.environ.get('MOBIGEN_USER_ID', '{{ mobigen_user_id }}') diff --git a/roles/regluit_prod/templates/common.py.j2 b/roles/regluit_prod/templates/common.py.j2 new file mode 100644 index 0000000..6e2e938 --- /dev/null +++ b/roles/regluit_prod/templates/common.py.j2 @@ -0,0 +1,5 @@ +import os + +{% for key in common_keys %} +{{ key|upper }} = os.environ.get('{{ key|upper }}', '{{ common_keys[key] }}') +{% endfor %} diff --git a/roles/regluit_prod/templates/host-old.py.j2 b/roles/regluit_prod/templates/host-old.py.j2 new file mode 100644 index 0000000..b036d9c --- /dev/null +++ b/roles/regluit_prod/templates/host-old.py.j2 @@ -0,0 +1,47 @@ +# host.py +# copy this file to settings/keys/ and replace the dummy values with real ones +# or generate it from the ansible vault +import os + +# you can use this to generate a key: http://www.miniwebtool.com/django-secret-key-generator/ +SECRET_KEY = os.environ.get("SECRET_KEY", '{{ secret_key }}') + +# you'll need to register a GoogleBooks API key +# https://code.google.com/apis/console +GOOGLE_BOOKS_API_KEY = os.environ.get("GOOGLE_BOOKS_API_KEY", "{{ google_books_api_key }}") + +# +GOODREADS_API_KEY = os.environ.get("GOODREADS_API_KEY", "{{ goodreads_api_key }}") +GOODREADS_API_SECRET = os.environ.get("GOODREADS_API_SECRET", "{{ goodreads_api_secret }}") #43 chars + +# Amazon SES +# create with https://console.aws.amazon.com/ses/home?region=us-east-1#smtp-settings: +EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", '{{ email_host_user }}') +EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", '{{ email_host_password }}') + +# twitter auth +# you'll need to create a new Twitter application to fill in these blanks +# https://dev.twitter.com/apps/new +SOCIAL_AUTH_TWITTER_KEY = os.environ.get("SOCIAL_AUTH_TWITTER_KEY", '{{ social_auth_twitter_key }}') +SOCIAL_AUTH_TWITTER_SECRET = os.environ.get("SOCIAL_AUTH_TWITTER_SECRET", '{{ social_auth_twitter_secret }}') + +# support@icontact.nl +BOOXTREAM_API_KEY = os.environ.get("BOOXTREAM_API_KEY", "{{ booxtream_api_key }}") # 30 chars +BOOXTREAM_API_USER = os.environ.get("BOOXTREAM_API_USER", '{{ booxtream_api_user }}') + +# you'll need to create a new Facebook application to fill in these blanks +# https://developers.facebook.com/apps/ +SOCIAL_AUTH_FACEBOOK_KEY = os.environ.get("SOCIAL_AUTH_FACEBOOK_KEY", '{{ social_auth_facebook_key }}') +SOCIAL_AUTH_FACEBOOK_SECRET = os.environ.get("SOCIAL_AUTH_FACEBOOK_SECRET", '{{ social_auth_facebook_secret }}') + +# https://console.developers.google.com/apis/credentials/oauthclient/ +# unglue.it (prod) SOCIAL_AUTH_GOOGLE_OAUTH2_KEY #2 +SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = os.environ.get("_KEY", '{{ social_auth_google_oauth2_key }}') +SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = os.environ.get("_SECRET", '{{ social_auth_google_oauth2_secret }}') + +AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", '{{ aws_access_key_id }}') +AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY", '{{ aws_secret_access_key }}') # 40 chars + +DATABASE_USER = os.environ.get("DATABASE_USER", '{{ mysql_db_user }}') +DATABASE_PASSWORD = os.environ.get("DATABASE_PASSWORD", '{{ mysql_db_pass }}') +DATABASE_HOST = os.environ.get("DATABASE_HOST", '{{ mysql_db_host }}') diff --git a/roles/regluit_prod/templates/host.py.j2 b/roles/regluit_prod/templates/host.py.j2 new file mode 100644 index 0000000..845c962 --- /dev/null +++ b/roles/regluit_prod/templates/host.py.j2 @@ -0,0 +1,5 @@ +import os + +{% for key in host_keys %} +{{ key|upper }} = os.environ.get('{{ key|upper }}', '{{ host_keys[key] }}') +{% endfor %} diff --git a/roles/regluit_prod/templates/opt.pth.j2 b/roles/regluit_prod/templates/opt.pth.j2 new file mode 100644 index 0000000..27d47a4 --- /dev/null +++ b/roles/regluit_prod/templates/opt.pth.j2 @@ -0,0 +1 @@ +/opt/ diff --git a/roles/regluit_prod/templates/prod.py.j2 b/roles/regluit_prod/templates/prod.py.j2 new file mode 100644 index 0000000..a46a917 --- /dev/null +++ b/roles/regluit_prod/templates/prod.py.j2 @@ -0,0 +1,135 @@ +from .common import * + +ALLOWED_HOSTS = ['.unglue.it'] +DEBUG = False +TEMPLATES[0]['OPTIONS']['debug'] = DEBUG +# we are launched! +IS_PREVIEW = False + +SITE_ID = 1 + +ADMINS = ( + ('Raymond Yee', 'rdhyee+ungluebugs@gluejar.com'), + ('Eric Hellman', 'eric@gluejar.com'), +) + +MANAGERS = ADMINS + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', + 'NAME': '{{ mysql_db_name }}', + 'USER': '{{ mysql_db_user }}', + 'PASSWORD': '{{ mysql_db_pass }}', + 'HOST': '{{ mysql_db_host }}', + 'PORT': '{{ mysql_db_port }}', + 'TEST_CHARSET': 'utf8', + } +} + +TIME_ZONE = 'America/New_York' + +# settings for outbout email +# if you have a gmail account you can use your email address and password + + +# Amazon SES + +EMAIL_BACKEND = 'django_smtp_ssl.SSLEmailBackend' +MAIL_USE_TLS = True +EMAIL_HOST = '{{ email_host }}' +EMAIL_PORT = '{{ email_port }}' +DEFAULT_FROM_EMAIL = '{{ default_from_email }}' + +# send celery log to Python logging +CELERYD_HIJACK_ROOT_LOGGER = False + +# Next step to try https +#BASE_URL = 'http://{{ server_name }}' +BASE_URL_SECURE = 'https://{{ server_name }}' +IPN_SECURE_URL = False + +# use redis for production queue +BROKER_TRANSPORT = '{{ broker_transport }}' +BROKER_HOST = '{{ broker_host }}' +BROKER_PORT = '{{ broker_port }}' +BROKER_VHOST = '{{ broker_vhost }}' + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': True, + 'formatters': { + 'brief': { + 'format': '%(asctime)s %(levelname)s %(name)s[%(funcName)s]: %(message)s', + }, + }, + 'handlers': { + 'mail_admins': { + 'level': 'ERROR', + 'class': 'django.utils.log.AdminEmailHandler' + }, + 'null': { + 'level': 'DEBUG', + 'class': 'logging.NullHandler', + }, + 'file': { + 'level': 'INFO', + 'class': 'logging.handlers.RotatingFileHandler', + 'filename': join('/var/log/regluit', 'unglue.it.log'), + 'maxBytes': 1024*1024*5, # 5 MB + 'backupCount': 5, + 'formatter': 'brief', + }, + }, + 'loggers': { + 'django.request': { + 'handlers': ['mail_admins'], + 'level': 'ERROR', + 'propagate': True, + }, + 'django.security.DisallowedHost': { + 'handlers': ['null'], + 'propagate': False, + }, + '': { + 'handlers': ['file'], + 'level': 'WARNING', + 'propagate': False, + }, + } +} + +STATIC_ROOT = '/var/www/static' +#CKEDITOR_UPLOAD_PATH = '/var/www/static/media/' +#CKEDITOR_UPLOAD_PREFIX = 'https://unglue.it/static/media/' + +# decide which of the period tasks to add to the schedule +CELERYBEAT_SCHEDULE['send_test_email'] = SEND_TEST_EMAIL_JOB +# update the statuses of campaigns +CELERYBEAT_SCHEDULE['update_active_campaign_statuses'] = UPDATE_ACTIVE_CAMPAIGN_STATUSES +CELERYBEAT_SCHEDULE['report_new_ebooks'] = EBOOK_NOTIFICATIONS_JOB +CELERYBEAT_SCHEDULE['notify_ending_soon'] = NOTIFY_ENDING_SOON_JOB +CELERYBEAT_SCHEDULE['update_account_statuses'] = UPDATE_ACCOUNT_STATUSES +CELERYBEAT_SCHEDULE['notify_expiring_accounts'] = NOTIFY_EXPIRING_ACCOUNTS +CELERYBEAT_SCHEDULE['refresh_acqs'] = REFRESH_ACQS_JOB +CELERYBEAT_SCHEDULE['refresh_acqs'] = NOTIFY_UNCLAIMED_GIFTS + +# set -- sandbox or production Amazon FPS? +#AMAZON_FPS_HOST = "fps.sandbox.amazonaws.com" +AMAZON_FPS_HOST = "fps.amazonaws.com" + +# local settings for maintenance mode +MAINTENANCE_MODE = False + +# Amazon keys to permit S3 access +# https://console.aws.amazon.com/iam/home?region=us-east-1#/users/s3user?section=security_credentials +DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage' + +# we should suppress Google Analytics outside of production +SHOW_GOOGLE_ANALYTICS = True + +# if settings/local.py exists, import those settings -- allows for dynamic generation of parameters such as DATABASES +try: + from regluit.settings.local import * +except ImportError: + pass diff --git a/roles/regluit_prod/templates/prod.wsgi.j2 b/roles/regluit_prod/templates/prod.wsgi.j2 new file mode 100644 index 0000000..096c5f4 --- /dev/null +++ b/roles/regluit_prod/templates/prod.wsgi.j2 @@ -0,0 +1,13 @@ +#!/usr/bin/env python + +import os + +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "regluit.settings.prod") +os.environ['CELERY_LOADER'] = 'django' + +{% for key in host_keys %} +os.environ['{{ key|upper }}'] = '{{ host_keys[key] }}' +{% endfor %} + +from django.core.wsgi import get_wsgi_application +application = get_wsgi_application() \ No newline at end of file diff --git a/roles/regluit_prod/templates/regluit.pth.j2 b/roles/regluit_prod/templates/regluit.pth.j2 new file mode 100644 index 0000000..8964ac8 --- /dev/null +++ b/roles/regluit_prod/templates/regluit.pth.j2 @@ -0,0 +1 @@ +{{ project_path }}/ diff --git a/setup-batterup.yml b/setup-batterup.yml new file mode 100644 index 0000000..c151200 --- /dev/null +++ b/setup-batterup.yml @@ -0,0 +1,19 @@ +# sets "ondeck.unglue.it" to handle "unglue.it" +- hosts: regluit-ondeck + gather_facts: false + tasks: + # Need to install python2.7 and pip first so Ansible will function + # This is due to Ubuntu 16 shipping with Python3 by default + - name: Install python2.7 and pip + become: true + raw: bash -c "apt -qqy update && apt install -qqy python2.7-dev python-pip" + register: output + changed_when: output.stdout != "" + + - name: Gathering Facts + setup: + + - include_role: + name: regluit_prod + + \ No newline at end of file diff --git a/setup-ondeck.retry b/setup-ondeck.retry new file mode 100644 index 0000000..2e62ab3 --- /dev/null +++ b/setup-ondeck.retry @@ -0,0 +1 @@ +regluit-ondeck diff --git a/setup-ondeck.yml b/setup-ondeck.yml new file mode 100644 index 0000000..1a43748 --- /dev/null +++ b/setup-ondeck.yml @@ -0,0 +1,18 @@ +- hosts: regluit-ondeck + gather_facts: false + tasks: + # Need to install python2.7 and pip first so Ansible will function + # This is due to Ubuntu 16 shipping with Python3 by default + - name: Install python2.7 and pip + become: true + raw: bash -c "apt -qqy update && apt install -qqy python2.7-dev python-pip" + register: output + changed_when: output.stdout != "" + + - name: Gathering Facts + setup: + + - include_role: + name: regluit_prod + + \ No newline at end of file diff --git a/setup-prod.retry b/setup-prod.retry new file mode 100644 index 0000000..d3b06b7 --- /dev/null +++ b/setup-prod.retry @@ -0,0 +1 @@ +regluit-prod diff --git a/setup-prod.yml b/setup-prod.yml new file mode 100644 index 0000000..a792de6 --- /dev/null +++ b/setup-prod.yml @@ -0,0 +1,18 @@ +- hosts: regluit-prod + gather_facts: false + tasks: + # Need to install python2.7 and pip first so Ansible will function + # This is due to Ubuntu 16 shipping with Python3 by default + - name: Install python2.7 and pip + become: true + raw: bash -c "apt -qqy update && apt install -qqy python2.7-dev python-pip" + register: output + changed_when: output.stdout != "" + + - name: Gathering Facts + setup: + + - include_role: + name: regluit_prod + + \ No newline at end of file diff --git a/setup-regluit.yml b/setup-regluit.yml new file mode 100644 index 0000000..8bb3776 --- /dev/null +++ b/setup-regluit.yml @@ -0,0 +1,6 @@ +--- +- hosts: regluit-local + gather_facts: false + roles: + - regluit_common + - regluit_dev