- name: route53 setup hosts: 127.0.0.1 vars: aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}" aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" target: '{{vname}}' dev_ssh_host: "{{ hostvars[target]['ansible_ssh_host'] }}" tasks: - name: print dev_ssh_host debug: msg="dev_ssh_host {{hostname}}" - name: get DNS record for dev route53: command: get zone: unglue.it record: "{{hostname}}" type: A aws_access_key: "{{aws_access_key}}" aws_secret_key: "{{aws_secret_key}}" when: "{{setdns | default('false')}}" - name: set DNS record for dev route53: command: create zone: unglue.it record: "{{hostname}}" type: A ttl: 60 value: "{{dev_ssh_host}}" overwrite: yes aws_access_key: "{{aws_access_key}}" aws_secret_key: "{{aws_secret_key}}" when: "{{setdns | default('false')}}" - name: dev setup hosts: '{{vname}}' vars: user: "{{ ansible_ssh_user }}" aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}" aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" target: '{{vname}}' migrate: "{{do_migrate | default('true')}}" sudo: yes pre_tasks: - name: check apt last update stat: path=/var/cache/apt register: apt_cache_stat - name: update apt if needed apt: update_cache=yes when: ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > 60*60*12 tasks: # add repo to get latest version of python 2.7 - name: add-apt-repository ppa:fkrull/deadsnakes-python2.7 apt_repository: repo='ppa:fkrull/deadsnakes-python2.7' state=present update_cache=true when: class in ['please', 'just', 'prod'] - name: do apt-get update --fix-missing command: apt-get update --fix-missing - name: installing dependencies apt: pkg={{ item }} update_cache=yes state=present with_items: - python2.7 - git-core - apache2 - cronolog - libapache2-mod-wsgi - mysql-client - python-virtualenv - python-mysqldb - redis-server - python-lxml - python-dev - libjpeg-dev - libmysqlclient-dev - libxml2-dev - libxslt1-dev - python-setuptools - python-dev - postfix - mailutils - libffi-dev - build-essential - libssl-dev tags: install - name: make {{user}} group group: name={{user}} - name: make {{user}} user user: name={{user}} shell=/bin/bash group={{user}} generate_ssh_key=yes # create celery user and group # also put {{user}} into celery group - name: make celery group group: name=celery - name: create celery user user: > name=celery createhome=no group=celery generate_ssh_key=no - name: add {{user}} to celery, www-data groups user: name={{user}} groups=celery,www-data append=yes # - name: add www-data to {{user}} group # user: name=www-data groups={{user}} append=yes - name: install some python modules to use #pip: name={{item}} virtualenv=/home/{{user}}/venv pip: name={{item}} with_items: - PyGithub - name: create /opt/regluit file: path=/opt/regluit state=directory owner={{user}} group={{user}} mode=0745 - name: git config command: "{{item}}" with_items: - git config --global user.name "Raymond Yee" - git config --global user.email "rdhyee@gluejar.com" - name: ssh-keygen #command: pwd command: ssh-keygen -b 2048 -t rsa -f /home/{{user}}/.ssh/id_rsa -P "" sudo: no args: creates: /home/{{user}}/.ssh/id_rsa - name: create deploy key for repo action: github_deploy_key sudo: no args: github_auth_key: "{{github_auth_key}}" repo_name: Gluejar/regluit key_name: "{{hostname}} {{ ansible_date_time.iso8601 }}" key_path: /home/{{user}}/.ssh/id_rsa.pub - name: postfix install raw: DEBIAN_FRONTEND='noninteractive' apt-get install -y -q --force-yes postfix - name: clone the regluit git repo into /opt/regluit sudo: no git: repo=ssh://git@github.com/Gluejar/regluit.git dest=/opt/regluit accept_hostkey=True force=yes version={{branch | default("master")}} # installing mysql # https://github.com/bennojoy/mysql --> probably the right way # how do you make use of other people's playbooks in the right way? # https://stackoverflow.com/a/7740571/7782 - name: mysql setup raw: debconf-set-selections <<< 'mysql-server-5.5 mysql-server/root_password password {{mysql_root_pw}}' args: executable: /bin/bash when: class == 'please' - raw: debconf-set-selections <<< 'mysql-server-5.5 mysql-server/root_password_again password {{mysql_root_pw}}' args: executable: /bin/bash when: class == 'please' - raw: apt-get -y install mysql-server when: class == 'please' - name: Create regluit database mysql_db: db=regluit state=present encoding=utf8 collation=utf8_bin login_user=root login_password={{mysql_root_pw}} when: class == 'please' # GRANT ALL PRIVILEGES ON regluit.* TO 'regluit'@'localhost' WITH GRANT OPTION; (covered?) - name: Create database user mysql_user: > user={{SECRET_KEYS.DATABASE_USER}} password={{SECRET_KEYS.DATABASE_PASSWORD}} host={{SECRET_KEYS.DATABASE_HOST}} priv=*.*:ALL state=present login_user=root login_password={{mysql_root_pw}} when: class == 'please' # running stuff within a virtualenv # https://stackoverflow.com/a/20572360 # https://stackoverflow.com/questions/20575084/best-way-to-always-run-ansible-inside-a-virtualenv-on-remote-machines?rq=1 #sudo("ln -s /opt/regluit/deploy/please.conf /etc/apache2/sites-available/please") - name: create apache conf for sites-available from template template: src=templates/apache.conf.j2 dest="/etc/apache2/sites-available/{{class}}.conf" owner={{user}} group={{user}} mode=0664 #run('pip install -r requirements_versioned.pip') - name: upgrade pip pip: > name={{item}} virtualenv=/opt/regluit/ENV virtualenv_command=virtualenv extra_args="--upgrade" with_items: - pip sudo: no - name: pip requirements pip: > requirements=/opt/regluit/requirements_versioned.pip virtualenv=/opt/regluit/ENV virtualenv_command=virtualenv virtualenv_site_packages=yes sudo: no #run('echo "/opt/regluit/" > ENV/lib/python2.7/site-packages/regluit.pth') #run('echo "/opt/" > ENV/lib/python2.7/site-packages/opt.pth') - name: establish regluit.pth lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/regluit/" sudo: no - name: establish opt.pth lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/" sudo: no #sudo('mkdir /var/www/static') #sudo('chown ubuntu:ubuntu /var/www/static') - name: create /var/www/static file: path=/var/www/static state=directory owner={{user}} group={{user}} mode=0755 # #run('django-admin.py syncdb --migrate --noinput --settings regluit.settings.please') # provide a directory for django log file - name: make /var/log/regluit file: path=/var/log/regluit state=directory owner={{user}} group=www-data mode=2775 # create the wsgi script from the appropriate template - name: create the wsgi script from the appropriate template template: src=templates/{{class}}.wsgi.j2 dest=/opt/regluit/deploy/{{class}}.wsgi owner={{user}} group={{user}} mode=0664 when: class in ['please', 'just', 'prod'] - name: restart_here debug: msg="provision restart here" - name: Create /settings/keys/ file: path=/opt/regluit/settings/keys/ state=directory mode=0755 # create settings/keys/common.py - name: create settings/keys/common.py template: src=templates/common.py.j2 dest=/opt/regluit/settings/keys/common.py owner={{user}} group={{user}} mode=0755 # create settings/keys/host.py - name: create settings/keys/host.py template: src=templates/host.py.j2 dest=/opt/regluit/settings/keys/host.py owner={{user}} group={{user}} mode=0755 when: class in ['please', 'just', 'prod'] - name: create empty settings/keys/__init__.py copy: content: "" dest: /opt/regluit/settings/keys/__init__.py force: no group: "{{user}}" owner: "{{user}}" mode: 0755 #Run syncdb on the application # TO DO: syncdb might be deprecated # https://stackoverflow.com/a/29683785 - name: django syncdb django_manage: > command=syncdb app_path=/opt/regluit/ settings="regluit.settings.{{class}}" virtualenv=/opt/regluit/ENV sudo: no when: migrate notify: - restart apache2 - name: django migrations django_manage: > command=migrate app_path=/opt/regluit/ settings="regluit.settings.{{class}}" virtualenv=/opt/regluit/ENV sudo: no when: migrate notify: - restart apache2 #run('django-admin.py collectstatic --noinput --settings regluit.settings.please') - name: django collectstatic django_manage: > command=collectstatic app_path=/opt/regluit/ settings="regluit.settings.{{class}}" virtualenv=/opt/regluit/ENV sudo: no notify: - restart apache2 - name: copy STAR_unglue_it.crt copy: > src=files/ssl_cert/STAR_unglue_it.crt dest=/etc/ssl/certs/server.crt owner={{user}} group={{user}} mode=0644 notify: - restart apache2 - name: copy server.key copy: > src=files/ssl_cert/server.key dest=/etc/ssl/private/server.key owner={{user}} group={{user}} mode=0600 notify: - restart apache2 - name: copy STAR_unglue_it.ca-bundle copy: > src=files/ssl_cert/STAR_unglue_it.ca-bundle dest=/etc/ssl/certs/STAR_unglue_it.ca-bundle owner={{user}} group={{user}} mode=0600 notify: - restart apache2 - name: remove /etc/logrotate.d/apache2 file: path=/etc/logrotate.d/apache2 state=absent notify: - restart apache2 - name: a2dissite 000-default command: a2dissite 000-default notify: - restart apache2 - name: a2ensite dev command: a2ensite "{{class}}" notify: - restart apache2 - name: a2enmod ssl rewrite headers command: a2enmod ssl rewrite headers notify: - restart apache2 # - name: show django_secret_key # debug: msg="{{django_secret_key}}" # out-dated: no more injecting secret key into local.py #- name: insert SECRET_KEY into /opt/regluit/settings/local.py # lineinfile: create=yes dest=/opt/regluit/settings/local.py line="SECRET_KEY=u'{{django_secret_key}}'" # notify: # - restart apache2 # sudo: no # #sudo ("/etc/init.d/apache2 restart") # - name: turn on ports 22, 80, 443 ufw: rule=allow port={{ item }} proto=tcp with_items: - 22 - 80 - 443 - name: enable ufw ufw: state=enabled # create directories for celery # /var/log/celery and /var/run/celery - name: create /var/log/celery file: path=/var/log/celery state=directory owner=celery group=celery mode=0775 - name: create /var/run/celery file: path=/var/run/celery state=directory owner=celery group=celery mode=0775 # set up celeryd - name: set up /etc/init.d/celeryd (from deploy/celeryd) command: cp /opt/regluit/deploy/celeryd /etc/init.d/celeryd # still need? - name: set mode on /etc/init.d/celeryd file: path=/etc/init.d/celeryd mode=0755 - name: copy deploy/celeryd.conf command: cp "/opt/regluit/deploy/celeryd_{{class}}.conf" /etc/default/celeryd - name: set mode on /etc/default/celeryd file: path=/etc/default/celeryd mode=0644 # - name: just before launching celeryd # pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort' # start up celeryd # sudo ("/etc/init.d/celeryd start") # old way with root # - name: start celeryd # command: /etc/init.d/celeryd start # - name: start celery queue with celery multi # command: /opt/regluit/ENV/bin/django-admin.py celeryd_multi restart w1 # sudo: no - name: celeryd_multi django_manage: > command="celeryd_multi restart w1" app_path=/opt/regluit/ settings="regluit.settings.{{class}}" virtualenv=/opt/regluit/ENV sudo: no # - name: just after attempt to launch celeryd # pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort' # sudo ("cp deploy/celerybeat /etc/init.d/celerybeat") # sudo ("chmod 755 /etc/init.d/celerybeat") # https://stackoverflow.com/questions/24162996/how-to-move-rename-a-file-using-an-ansible-task-on-a-remote-system # set up celerybeat - name: copy deploy/celerybeat command: cp /opt/regluit/deploy/celerybeat /etc/init.d/celerybeat - name: set mode on /etc/init.d/celerybeat file: path=/etc/init.d/celerybeat mode=0775 - name: copy deploy/celerybeat,conf to /etc/default/celerybeat command: cp "/opt/regluit/deploy/celerybeat_{{class}}.conf" /etc/default/celerybeat - name: set mode on /etc/default/celerybeat file: path=/etc/default/celerybeat mode=0775 - name: create /var/log/celerybeat file: path=/var/log/celerybeat state=directory owner=celery group=celery mode=0775 # - name: just before launching celerybeat # pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort' - name: start celerybeat command: /etc/init.d/celerybeat start sudo: no # - name: just after attempt to launch celerybloeat # pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort' # run data loading script - name: run data loading script script: "load_data_{{class}}.sh" when: class in ['please'] # set up crontab - name: crontab command: crontab "/opt/regluit/deploy/crontab_{{class}}.txt" sudo: no - name: add ssh keys from /opt/regluit/deploy/public_keys/ authorized_key: user="{{user}}" key={{ lookup('file', item) }} state=present with_fileglob: - "../deploy/public_keys/*.pub" sudo: no - name: add ssh keys from public_key directory authorized_key: user="{{user}}" key="{{item}}" state=present with_items: - https://github.com/rdhyee.keys - https://github.com/eshellman.keys sudo: no - name: add public key from jenkins authorized_key: > user={{user}} key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r" state=present when: class in ['just'] - name: set up script file to load environment for interactive use command: cp "/opt/regluit/deploy/setup-{{class}}.sh" /home/{{user}}/setup.sh sudo: no - name: set up script to dump database command: cp "/opt/regluit/deploy/dump_db_{{class}}.sh" "/home/{{user}}/dump.sh" when: class in ['prod'] sudo: no - name: chmod +x dump.sh file: path="/home/{{user}}/dump.sh" state=file owner="{{user}}" group="{{user}}" mode=0745 when: class in ['prod'] - name: put an empty file in main dir to help identify this instance command: touch "/home/{{user}}/{{class}}_{{ ansible_date_time.iso8601 }}" sudo: no - name: apply upgrade command: sudo unattended-upgrade - name: check whether reboot needed stat: path=/var/run/reboot-required register: reboot_required - name: restart machine shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 sudo: true ignore_errors: true when: reboot_required - name: waiting for server to come back local_action: wait_for host="{{ inventory_hostname }}" state=started delay=30 timeout=300 sudo: false when: reboot_required handlers: - name: restart apache2 service: name=apache2 state=restarted - name: fix known_hosts on jenkins to match new just hosts: jenkins sudo: yes sudo_user: jenkins # to run the part of the playbook for jenkins # PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --private-key=/Users/raymondyee/.ssh/id_rsa --user=ubuntu --connection=ssh --inventory-file=/Users/raymondyee/C/src/Gluejar/regluit/vagrant/.vagrant/provisioners/ansible/inventory --limit='jenkins' just.yml tasks: #equivalent to # #ssh -tt jenkins << EOF # sudo -i -u jenkins # ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts # exit #exit #EOF - name: make new known_hosts with key from just.unglue.it raw: ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts when: class in ['just'] - name: add key from github raw: ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts when: class in ['just']