281 lines
8.8 KiB
YAML
281 lines
8.8 KiB
YAML
- name: localvm setup
|
|
hosts: localvm
|
|
vars:
|
|
user: "{{ ansible_ssh_user }}"
|
|
config_name: localvm
|
|
sudo: yes
|
|
|
|
pre_tasks:
|
|
- name: check apt last update
|
|
stat: path=/var/cache/apt
|
|
register: apt_cache_stat
|
|
- name: update apt if needed
|
|
apt: update_cache=yes
|
|
when: ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > 60*60*12
|
|
|
|
roles:
|
|
|
|
# base setup
|
|
- role: common
|
|
- role: mysql
|
|
|
|
# installing mysql
|
|
# https://github.com/bennojoy/mysql --> probably the right way
|
|
# how do you make use of other people's playbooks in the right way?
|
|
# https://stackoverflow.com/a/7740571/7782
|
|
|
|
post_tasks:
|
|
|
|
# running stuff within a virtualenv
|
|
# https://stackoverflow.com/a/20572360
|
|
# https://stackoverflow.com/questions/20575084/best-way-to-always-run-ansible-inside-a-virtualenv-on-remote-machines?rq=1
|
|
|
|
|
|
## hard coding of {{config_name}}
|
|
#sudo("ln -s /opt/regluit/deploy/{{config_name}}.conf /etc/apache2/sites-available/{{config_name}}")
|
|
|
|
- name: link {{config_name}}.conf into sites-available
|
|
file: src=/opt/regluit/deploy/{{config_name}}.conf dest=/etc/apache2/sites-available/{{config_name}} state=link
|
|
|
|
- name: link {{config_name}}.conf into sites-available (with .conf)
|
|
file: src=/opt/regluit/deploy/{{config_name}}.conf dest=/etc/apache2/sites-available/{{config_name}}.conf state=link
|
|
|
|
|
|
#run('pip install -r requirements_versioned.pip')
|
|
|
|
- name: pip install requests (to see whether in right place)
|
|
pip: >
|
|
executable=/opt/regluit/ENV/bin/pip
|
|
name={{item}}
|
|
virtualenv=/opt/regluit/ENV
|
|
virtualenv_command=virtualenv
|
|
with_items:
|
|
- requests
|
|
- census
|
|
sudo: no
|
|
|
|
|
|
- name: pip requirements
|
|
pip: >
|
|
executable=/opt/regluit/ENV/bin/pip
|
|
requirements=/opt/regluit/requirements_versioned.pip
|
|
virtualenv=/opt/regluit/ENV
|
|
virtualenv_command=virtualenv
|
|
virtualenv_site_packages=yes
|
|
sudo: no
|
|
|
|
|
|
#run('echo "/opt/regluit/" > ENV/lib/python2.7/site-packages/regluit.pth')
|
|
#run('echo "/opt/" > ENV/lib/python2.7/site-packages/opt.pth')
|
|
|
|
- name: establish regluit.pth
|
|
lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/regluit/"
|
|
|
|
- name: establish opt.pth
|
|
lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/"
|
|
|
|
#sudo('mkdir /var/www/static')
|
|
#sudo('chown ubuntu:ubuntu /var/www/static')
|
|
|
|
- name: create /var/www/static
|
|
file: path=/var/www/static state=directory owner={{user}} group={{user}} mode=0755
|
|
|
|
#
|
|
#run('django-admin.py syncdb --migrate --noinput --settings regluit.settings')
|
|
|
|
#Run syncdb on the application
|
|
|
|
- name: django_syncdb
|
|
django_manage: >
|
|
command=syncdb
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{config_name}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
notify:
|
|
- restart apache2
|
|
|
|
|
|
- name: django migrations
|
|
django_manage: >
|
|
command=migrate
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{config_name}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
notify:
|
|
- restart apache2
|
|
|
|
#run('django-admin.py collectstatic --noinput --settings regluit.settings.{{config_name}}')
|
|
|
|
- name: django collectstatic
|
|
django_manage: >
|
|
command=collectstatic
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{config_name}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: create self-signed SSL cert
|
|
command: openssl req -new -nodes -x509 -subj "/C=US/ST=NJ/L=Montclair/O=Gluejar Inc./CN=localhost" -days 365 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt creates=/etc/ssl/certs/server.crt
|
|
sudo: yes
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: set mode on /etc/ssl/certs/server.crt
|
|
file: path=/etc/ssl/certs/server.crt mode=0644
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: set mode on /etc/ssl/private/server.key
|
|
file: path=/etc/ssl/private/server.key mode=0600
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: remove all default enabled sites
|
|
shell: rm /etc/apache2/sites-enabled/*
|
|
sudo: yes
|
|
ignore_errors: yes
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: a2ensite {{config_name}}
|
|
command: a2ensite {{config_name}}
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: a2enmod ssl rewrite headers
|
|
command: a2enmod ssl rewrite headers
|
|
notify:
|
|
- restart apache2
|
|
|
|
#
|
|
#sudo ("/etc/init.d/apache2 restart")
|
|
#
|
|
|
|
- name: turn on ports 22, 80, 443
|
|
ufw: rule=allow port={{ item }} proto=tcp
|
|
with_items:
|
|
- 22
|
|
- 80
|
|
- 443
|
|
|
|
- name: enable ufw
|
|
ufw: state=enabled
|
|
|
|
#with cd("/opt/regluit"):
|
|
#
|
|
# sudo ("yes | adduser --no-create-home celery --disabled-password --disabled-login")
|
|
|
|
- name: make celery group
|
|
group: name=celery
|
|
|
|
- name: create celery user
|
|
user: >
|
|
name=celery
|
|
createhome=no
|
|
group=celery
|
|
generate_ssh_key=no
|
|
|
|
# sudo ("cp deploy/celeryd /etc/init.d/celeryd")
|
|
# sudo ("chmod 755 /etc/init.d/celeryd")
|
|
|
|
- name: copy deploy/celeryd
|
|
command: cp /opt/regluit/deploy/celeryd /etc/init.d/celeryd
|
|
|
|
- name: set mode on /etc/init.d/celeryd
|
|
file: path=/etc/init.d/celeryd mode=0755
|
|
|
|
# sudo ("cp deploy/celeryd.conf /etc/default/celeryd")
|
|
|
|
- name: copy deploy/celeryd_{{config_name}}.conf
|
|
command: cp /opt/regluit/deploy/celeryd_{{config_name}}.conf /etc/default/celeryd
|
|
|
|
- name: set mode on /etc/default/celeryd
|
|
file: path=/etc/default/celeryd mode=0644
|
|
|
|
# sudo ("mkdir /var/log/celery")
|
|
- name: make /var/log/celery
|
|
file: path=/var/log/celery state=directory owner=celery group=celery mode=0755
|
|
|
|
# sudo ("mkdir /var/run/celery")
|
|
# sudo ("chown celery:celery /var/log/celery /var/run/celery")
|
|
|
|
- name: make /var/run/celery
|
|
file: path=/var/run/celery state=directory owner=celery group=celery mode=0755
|
|
|
|
# sudo ("/etc/init.d/celeryd start")
|
|
|
|
- name: start celeryd
|
|
command: /etc/init.d/celeryd start
|
|
|
|
# sudo ("cp deploy/celerybeat /etc/init.d/celerybeat")
|
|
# sudo ("chmod 755 /etc/init.d/celerybeat")
|
|
# https://stackoverflow.com/questions/24162996/how-to-move-rename-a-file-using-an-ansible-task-on-a-remote-system
|
|
|
|
- name: copy deploy/celerybeat
|
|
command: cp /opt/regluit/deploy/celerybeat /etc/init.d/celerybeat
|
|
|
|
- name: set mode on /etc/init.d/celerybeat
|
|
file: path=/etc/init.d/celerybeat mode=0755
|
|
|
|
# sudo ("cp deploy/celerybeat.conf /etc/default/celerybeat")
|
|
|
|
- name: copy deploy/celerybeat_{{config_name}}.conf
|
|
command: cp /opt/regluit/deploy/celerybeat_{{config_name}}.conf /etc/default/celerybeat
|
|
|
|
- name: set mode on /etc/default/celerybeat
|
|
file: path=/etc/default/celerybeat mode=0755
|
|
|
|
# sudo ("mkdir /var/log/celerybeat")
|
|
# sudo ("chown celery:celery /var/log/celerybeat")
|
|
|
|
- name: make /var/log/celerybeat
|
|
file: path=/var/log/celerybeat state=directory owner=celery group=celery mode=0755
|
|
|
|
# sudo ("/etc/init.d/celerybeat start")
|
|
- name: start celerybeat
|
|
command: /etc/init.d/celerybeat start
|
|
|
|
# run data loading script
|
|
- name: run data loading script
|
|
script: load_data_{{config_name}}.sh
|
|
|
|
# add setup_django.sh script to root dir
|
|
|
|
- name: add setup_django.sh script to root dir
|
|
command: cp /opt/regluit/vagrant/setup_django_{{config_name}}.sh /home/{{user}}/setup_django.sh
|
|
sudo: no
|
|
|
|
# set up crontab
|
|
- name: crontab for {{config_name}}
|
|
command: crontab /opt/regluit/deploy/crontab_{{config_name}}.txt
|
|
sudo: no
|
|
|
|
# deal with SSH keys
|
|
|
|
#- name: add RY ssh key
|
|
# authorized_key: user={{user}} key="{{ lookup('file', '/Users/raymondyee/.ssh/id_rsa.pub') }}" state=present
|
|
|
|
#- name: add ssh keys from public_key directory
|
|
# authorized_key: user={{user}} key={{item}} state=present
|
|
# with_fileglob:
|
|
# - /opt/regluit/deploy/public_keys/*
|
|
# sudo: no
|
|
#
|
|
- name: add ssh keys from public_key directory
|
|
authorized_key: user={{user}} key="{{item}}" state=present
|
|
with_items:
|
|
- https://github.com/rdhyee.keys
|
|
- https://github.com/eshellman.keys
|
|
sudo: yes
|
|
|
|
handlers:
|
|
- name: restart apache2
|
|
service: name=apache2 state=restarted
|
|
|
|
|
|
|