569 lines
18 KiB
YAML
569 lines
18 KiB
YAML
- name: route53 setup
|
|
hosts: 127.0.0.1
|
|
vars:
|
|
aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
|
|
aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
|
|
target: '{{vname}}'
|
|
dev_ssh_host: "{{ hostvars[target]['ansible_ssh_host'] }}"
|
|
tasks:
|
|
|
|
- name: print dev_ssh_host
|
|
debug: msg="dev_ssh_host {{hostname}}"
|
|
|
|
- name: get DNS record for dev
|
|
route53:
|
|
command: get
|
|
zone: unglue.it
|
|
record: "{{hostname}}"
|
|
type: A
|
|
aws_access_key: "{{aws_access_key}}"
|
|
aws_secret_key: "{{aws_secret_key}}"
|
|
when: "{{setdns | default('false')}}"
|
|
|
|
- name: set DNS record for dev
|
|
route53:
|
|
command: create
|
|
zone: unglue.it
|
|
record: "{{hostname}}"
|
|
type: A
|
|
ttl: 60
|
|
value: "{{dev_ssh_host}}"
|
|
overwrite: yes
|
|
aws_access_key: "{{aws_access_key}}"
|
|
aws_secret_key: "{{aws_secret_key}}"
|
|
when: "{{setdns | default('false')}}"
|
|
|
|
|
|
- name: dev setup
|
|
hosts: '{{vname}}'
|
|
vars:
|
|
user: "{{ ansible_ssh_user }}"
|
|
aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
|
|
aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
|
|
target: '{{vname}}'
|
|
migrate: "{{do_migrate | default('true')}}"
|
|
sudo: yes
|
|
|
|
pre_tasks:
|
|
- name: check apt last update
|
|
stat: path=/var/cache/apt
|
|
register: apt_cache_stat
|
|
- name: update apt if needed
|
|
apt: update_cache=yes
|
|
when: ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > 60*60*12
|
|
|
|
tasks:
|
|
|
|
# add repo to get latest version of python 2.7
|
|
- name: add-apt-repository ppa:fkrull/deadsnakes-python2.7
|
|
apt_repository: repo='ppa:fkrull/deadsnakes-python2.7' state=present update_cache=true
|
|
when: class in ['please', 'just', 'prod']
|
|
|
|
- name: do apt-get update --fix-missing
|
|
command: apt-get update --fix-missing
|
|
|
|
- name: installing dependencies
|
|
apt: pkg={{ item }} update_cache=yes state=present
|
|
with_items:
|
|
- python2.7
|
|
- git-core
|
|
- apache2
|
|
- cronolog
|
|
- libapache2-mod-wsgi
|
|
- mysql-client
|
|
- python-virtualenv
|
|
- python-mysqldb
|
|
- redis-server
|
|
- python-lxml
|
|
- python-dev
|
|
- libjpeg-dev
|
|
- libmysqlclient-dev
|
|
- libxml2-dev
|
|
- libxslt1-dev
|
|
- python-setuptools
|
|
- python-dev
|
|
- postfix
|
|
- mailutils
|
|
- libffi-dev
|
|
- build-essential
|
|
- libssl-dev
|
|
tags: install
|
|
|
|
- name: make {{user}} group
|
|
group: name={{user}}
|
|
|
|
- name: make {{user}} user
|
|
user: name={{user}} shell=/bin/bash group={{user}} generate_ssh_key=yes
|
|
|
|
# create celery user and group
|
|
# also put {{user}} into celery group
|
|
|
|
- name: make celery group
|
|
group: name=celery
|
|
|
|
- name: create celery user
|
|
user: >
|
|
name=celery
|
|
createhome=no
|
|
group=celery
|
|
generate_ssh_key=no
|
|
|
|
- name: add {{user}} to celery, www-data groups
|
|
user: name={{user}} groups=celery,www-data append=yes
|
|
|
|
# - name: add www-data to {{user}} group
|
|
# user: name=www-data groups={{user}} append=yes
|
|
|
|
- name: install some python modules to use
|
|
#pip: name={{item}} virtualenv=/home/{{user}}/venv
|
|
pip: name={{item}}
|
|
with_items:
|
|
- PyGithub
|
|
|
|
- name: create /opt/regluit
|
|
file: path=/opt/regluit state=directory owner={{user}} group={{user}} mode=0745
|
|
|
|
- name: git config
|
|
command: "{{item}}"
|
|
with_items:
|
|
- git config --global user.name "Raymond Yee"
|
|
- git config --global user.email "rdhyee@gluejar.com"
|
|
|
|
- name: ssh-keygen
|
|
#command: pwd
|
|
command: ssh-keygen -b 2048 -t rsa -f /home/{{user}}/.ssh/id_rsa -P ""
|
|
sudo: no
|
|
args:
|
|
creates: /home/{{user}}/.ssh/id_rsa
|
|
|
|
- name: create deploy key for repo
|
|
action: github_deploy_key
|
|
sudo: no
|
|
args:
|
|
github_auth_key: "{{github_auth_key}}"
|
|
repo_name: Gluejar/regluit
|
|
key_name: "{{hostname}} {{ ansible_date_time.iso8601 }}"
|
|
key_path: /home/{{user}}/.ssh/id_rsa.pub
|
|
|
|
- name: postfix install
|
|
raw: DEBIAN_FRONTEND='noninteractive' apt-get install -y -q --force-yes postfix
|
|
|
|
- name: clone the regluit git repo into /opt/regluit
|
|
sudo: no
|
|
git: repo=ssh://git@github.com/Gluejar/regluit.git dest=/opt/regluit accept_hostkey=True force=yes version={{branch | default("master")}}
|
|
|
|
|
|
# installing mysql
|
|
# https://github.com/bennojoy/mysql --> probably the right way
|
|
# how do you make use of other people's playbooks in the right way?
|
|
# http://stackoverflow.com/a/7740571/7782
|
|
|
|
- name: mysql setup
|
|
raw: debconf-set-selections <<< 'mysql-server-5.5 mysql-server/root_password password {{mysql_root_pw}}'
|
|
args:
|
|
executable: /bin/bash
|
|
when: class == 'please'
|
|
|
|
- raw: debconf-set-selections <<< 'mysql-server-5.5 mysql-server/root_password_again password {{mysql_root_pw}}'
|
|
args:
|
|
executable: /bin/bash
|
|
when: class == 'please'
|
|
|
|
- raw: apt-get -y install mysql-server
|
|
when: class == 'please'
|
|
|
|
- name: Create regluit database
|
|
mysql_db: db=regluit state=present encoding=utf8 collation=utf8_bin login_user=root login_password={{mysql_root_pw}}
|
|
when: class == 'please'
|
|
|
|
# GRANT ALL PRIVILEGES ON regluit.* TO 'regluit'@'localhost' WITH GRANT OPTION; (covered?)
|
|
- name: Create database user
|
|
mysql_user: >
|
|
user={{SECRET_KEYS.DATABASE_USER}}
|
|
password={{SECRET_KEYS.DATABASE_PASSWORD}}
|
|
host={{SECRET_KEYS.DATABASE_HOST}}
|
|
priv=*.*:ALL
|
|
state=present
|
|
login_user=root
|
|
login_password={{mysql_root_pw}}
|
|
when: class == 'please'
|
|
|
|
|
|
# running stuff within a virtualenv
|
|
# http://stackoverflow.com/a/20572360
|
|
# http://stackoverflow.com/questions/20575084/best-way-to-always-run-ansible-inside-a-virtualenv-on-remote-machines?rq=1
|
|
|
|
|
|
#sudo("ln -s /opt/regluit/deploy/please.conf /etc/apache2/sites-available/please")
|
|
|
|
- name: create apache conf for sites-available from template
|
|
template: src=templates/apache.conf.j2 dest="/etc/apache2/sites-available/{{class}}.conf" owner={{user}} group={{user}} mode=0664
|
|
|
|
#run('pip install -r requirements_versioned.pip')
|
|
|
|
- name: upgrade pip
|
|
pip: >
|
|
name={{item}}
|
|
virtualenv=/opt/regluit/ENV
|
|
virtualenv_command=virtualenv
|
|
extra_args="--upgrade"
|
|
with_items:
|
|
- pip
|
|
sudo: no
|
|
|
|
- name: pip requirements
|
|
pip: >
|
|
requirements=/opt/regluit/requirements_versioned.pip
|
|
virtualenv=/opt/regluit/ENV
|
|
virtualenv_command=virtualenv
|
|
virtualenv_site_packages=yes
|
|
sudo: no
|
|
|
|
|
|
#run('echo "/opt/regluit/" > ENV/lib/python2.7/site-packages/regluit.pth')
|
|
#run('echo "/opt/" > ENV/lib/python2.7/site-packages/opt.pth')
|
|
|
|
- name: establish regluit.pth
|
|
lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/regluit/"
|
|
sudo: no
|
|
|
|
- name: establish opt.pth
|
|
lineinfile: create=yes dest=/opt/regluit/ENV/lib/python2.7/site-packages/regluit.pth line="/opt/"
|
|
sudo: no
|
|
|
|
#sudo('mkdir /var/www/static')
|
|
#sudo('chown ubuntu:ubuntu /var/www/static')
|
|
|
|
- name: create /var/www/static
|
|
file: path=/var/www/static state=directory owner={{user}} group={{user}} mode=0755
|
|
|
|
#
|
|
#run('django-admin.py syncdb --migrate --noinput --settings regluit.settings.please')
|
|
|
|
# provide a directory for django log file
|
|
- name: make /var/log/regluit
|
|
file: path=/var/log/regluit state=directory owner={{user}} group=www-data mode=2775
|
|
|
|
|
|
# create the wsgi script from the appropriate template
|
|
- name: create the wsgi script from the appropriate template
|
|
template: src=templates/{{class}}.wsgi.j2 dest=/opt/regluit/deploy/{{class}}.wsgi owner={{user}} group={{user}} mode=0664
|
|
when: class in ['please', 'just', 'prod']
|
|
|
|
- name: restart_here
|
|
debug: msg="provision restart here"
|
|
|
|
- name: Create /settings/keys/
|
|
file: path=/opt/regluit/settings/keys/ state=directory mode=0755
|
|
|
|
# create settings/keys/common.py
|
|
- name: create settings/keys/common.py
|
|
template: src=templates/common.py.j2 dest=/opt/regluit/settings/keys/common.py owner={{user}} group={{user}} mode=0755
|
|
|
|
# create settings/keys/host.py
|
|
- name: create settings/keys/host.py
|
|
template: src=templates/host.py.j2 dest=/opt/regluit/settings/keys/host.py owner={{user}} group={{user}} mode=0755
|
|
when: class in ['please', 'just', 'prod']
|
|
|
|
- name: create empty settings/keys/__init__.py
|
|
copy:
|
|
content: ""
|
|
dest: /opt/regluit/settings/keys/__init__.py
|
|
force: no
|
|
group: "{{user}}"
|
|
owner: "{{user}}"
|
|
mode: 0755
|
|
|
|
#Run syncdb on the application
|
|
# TO DO: syncdb might be deprecated
|
|
# http://stackoverflow.com/a/29683785
|
|
|
|
- name: django syncdb
|
|
django_manage: >
|
|
command=syncdb
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{class}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
when: migrate
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: django migrations
|
|
django_manage: >
|
|
command=migrate
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{class}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
when: migrate
|
|
notify:
|
|
- restart apache2
|
|
|
|
#run('django-admin.py collectstatic --noinput --settings regluit.settings.please')
|
|
|
|
- name: django collectstatic
|
|
django_manage: >
|
|
command=collectstatic
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{class}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: copy STAR_unglue_it.crt
|
|
copy: >
|
|
src=files/ssl_cert/STAR_unglue_it.crt
|
|
dest=/etc/ssl/certs/server.crt
|
|
owner={{user}}
|
|
group={{user}}
|
|
mode=0644
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: copy server.key
|
|
copy: >
|
|
src=files/ssl_cert/server.key
|
|
dest=/etc/ssl/private/server.key
|
|
owner={{user}}
|
|
group={{user}}
|
|
mode=0600
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: copy STAR_unglue_it.ca-bundle
|
|
copy: >
|
|
src=files/ssl_cert/STAR_unglue_it.ca-bundle
|
|
dest=/etc/ssl/certs/STAR_unglue_it.ca-bundle
|
|
owner={{user}}
|
|
group={{user}}
|
|
mode=0600
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: remove /etc/logrotate.d/apache2
|
|
file: path=/etc/logrotate.d/apache2 state=absent
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: a2dissite 000-default
|
|
command: a2dissite 000-default
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: a2ensite dev
|
|
command: a2ensite "{{class}}"
|
|
notify:
|
|
- restart apache2
|
|
|
|
- name: a2enmod ssl rewrite headers
|
|
command: a2enmod ssl rewrite headers
|
|
notify:
|
|
- restart apache2
|
|
|
|
# - name: show django_secret_key
|
|
# debug: msg="{{django_secret_key}}"
|
|
|
|
# out-dated: no more injecting secret key into local.py
|
|
#- name: insert SECRET_KEY into /opt/regluit/settings/local.py
|
|
# lineinfile: create=yes dest=/opt/regluit/settings/local.py line="SECRET_KEY=u'{{django_secret_key}}'"
|
|
# notify:
|
|
# - restart apache2
|
|
# sudo: no
|
|
|
|
#
|
|
#sudo ("/etc/init.d/apache2 restart")
|
|
#
|
|
|
|
- name: turn on ports 22, 80, 443
|
|
ufw: rule=allow port={{ item }} proto=tcp
|
|
with_items:
|
|
- 22
|
|
- 80
|
|
- 443
|
|
|
|
- name: enable ufw
|
|
ufw: state=enabled
|
|
|
|
# create directories for celery
|
|
# /var/log/celery and /var/run/celery
|
|
|
|
- name: create /var/log/celery
|
|
file: path=/var/log/celery state=directory owner=celery group=celery mode=0775
|
|
|
|
- name: create /var/run/celery
|
|
file: path=/var/run/celery state=directory owner=celery group=celery mode=0775
|
|
|
|
# set up celeryd
|
|
|
|
- name: set up /etc/init.d/celeryd (from deploy/celeryd)
|
|
command: cp /opt/regluit/deploy/celeryd /etc/init.d/celeryd
|
|
|
|
# still need?
|
|
- name: set mode on /etc/init.d/celeryd
|
|
file: path=/etc/init.d/celeryd mode=0755
|
|
|
|
- name: copy deploy/celeryd.conf
|
|
command: cp "/opt/regluit/deploy/celeryd_{{class}}.conf" /etc/default/celeryd
|
|
|
|
- name: set mode on /etc/default/celeryd
|
|
file: path=/etc/default/celeryd mode=0644
|
|
|
|
# - name: just before launching celeryd
|
|
# pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort'
|
|
|
|
# start up celeryd
|
|
|
|
# sudo ("/etc/init.d/celeryd start")
|
|
# old way with root
|
|
# - name: start celeryd
|
|
# command: /etc/init.d/celeryd start
|
|
|
|
# - name: start celery queue with celery multi
|
|
# command: /opt/regluit/ENV/bin/django-admin.py celeryd_multi restart w1
|
|
# sudo: no
|
|
|
|
- name: celeryd_multi
|
|
django_manage: >
|
|
command="celeryd_multi restart w1"
|
|
app_path=/opt/regluit/
|
|
settings="regluit.settings.{{class}}"
|
|
virtualenv=/opt/regluit/ENV
|
|
sudo: no
|
|
|
|
# - name: just after attempt to launch celeryd
|
|
# pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort'
|
|
|
|
# sudo ("cp deploy/celerybeat /etc/init.d/celerybeat")
|
|
# sudo ("chmod 755 /etc/init.d/celerybeat")
|
|
# https://stackoverflow.com/questions/24162996/how-to-move-rename-a-file-using-an-ansible-task-on-a-remote-system
|
|
|
|
|
|
# set up celerybeat
|
|
|
|
- name: copy deploy/celerybeat
|
|
command: cp /opt/regluit/deploy/celerybeat /etc/init.d/celerybeat
|
|
|
|
- name: set mode on /etc/init.d/celerybeat
|
|
file: path=/etc/init.d/celerybeat mode=0775
|
|
|
|
- name: copy deploy/celerybeat,conf to /etc/default/celerybeat
|
|
command: cp "/opt/regluit/deploy/celerybeat_{{class}}.conf" /etc/default/celerybeat
|
|
|
|
- name: set mode on /etc/default/celerybeat
|
|
file: path=/etc/default/celerybeat mode=0775
|
|
|
|
- name: create /var/log/celerybeat
|
|
file: path=/var/log/celerybeat state=directory owner=celery group=celery mode=0775
|
|
|
|
# - name: just before launching celerybeat
|
|
# pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort'
|
|
|
|
- name: start celerybeat
|
|
command: /etc/init.d/celerybeat start
|
|
sudo: no
|
|
|
|
# - name: just after attempt to launch celerybloeat
|
|
# pause: prompt='Press return to continue. Press Ctrl+c and then "a" to abort'
|
|
|
|
# run data loading script
|
|
- name: run data loading script
|
|
script: "load_data_{{class}}.sh"
|
|
when: class in ['please']
|
|
|
|
# set up crontab
|
|
- name: crontab
|
|
command: crontab "/opt/regluit/deploy/crontab_{{class}}.txt"
|
|
sudo: no
|
|
|
|
- name: add ssh keys from /opt/regluit/deploy/public_keys/
|
|
authorized_key: user="{{user}}" key={{ lookup('file', item) }} state=present
|
|
with_fileglob:
|
|
- "../deploy/public_keys/*.pub"
|
|
sudo: no
|
|
|
|
- name: add ssh keys from public_key directory
|
|
authorized_key: user="{{user}}" key="{{item}}" state=present
|
|
with_items:
|
|
- https://github.com/rdhyee.keys
|
|
- https://github.com/eshellman.keys
|
|
sudo: no
|
|
|
|
- name: add public key from jenkins
|
|
authorized_key: >
|
|
user={{user}}
|
|
key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r"
|
|
state=present
|
|
when: class in ['just']
|
|
|
|
- name: set up script file to load environment for interactive use
|
|
command: cp "/opt/regluit/deploy/setup-{{class}}.sh" /home/{{user}}/setup.sh
|
|
sudo: no
|
|
|
|
- name: set up script to dump database
|
|
command: cp "/opt/regluit/deploy/dump_db_{{class}}.sh" "/home/{{user}}/dump.sh"
|
|
when: class in ['prod']
|
|
sudo: no
|
|
|
|
- name: chmod +x dump.sh
|
|
file: path="/home/{{user}}/dump.sh" state=file owner="{{user}}" group="{{user}}" mode=0745
|
|
when: class in ['prod']
|
|
|
|
- name: put an empty file in main dir to help identify this instance
|
|
command: touch "/home/{{user}}/{{class}}_{{ ansible_date_time.iso8601 }}"
|
|
sudo: no
|
|
|
|
- name: apply upgrade
|
|
command: sudo unattended-upgrade
|
|
|
|
- name: check whether reboot needed
|
|
stat: path=/var/run/reboot-required
|
|
register: reboot_required
|
|
|
|
- name: restart machine
|
|
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
|
async: 1
|
|
poll: 0
|
|
sudo: true
|
|
ignore_errors: true
|
|
when: reboot_required
|
|
|
|
- name: waiting for server to come back
|
|
local_action: wait_for host="{{ inventory_hostname }}" state=started delay=30 timeout=300
|
|
sudo: false
|
|
when: reboot_required
|
|
|
|
|
|
handlers:
|
|
- name: restart apache2
|
|
service: name=apache2 state=restarted
|
|
|
|
|
|
- name: fix known_hosts on jenkins to match new just
|
|
hosts: jenkins
|
|
sudo: yes
|
|
sudo_user: jenkins
|
|
|
|
# to run the part of the playbook for jenkins
|
|
# PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --private-key=/Users/raymondyee/.ssh/id_rsa --user=ubuntu --connection=ssh --inventory-file=/Users/raymondyee/C/src/Gluejar/regluit/vagrant/.vagrant/provisioners/ansible/inventory --limit='jenkins' just.yml
|
|
|
|
tasks:
|
|
|
|
#equivalent to
|
|
#
|
|
#ssh -tt jenkins << EOF
|
|
# sudo -i -u jenkins
|
|
# ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts
|
|
# exit
|
|
#exit
|
|
#EOF
|
|
|
|
- name: make new known_hosts with key from just.unglue.it
|
|
raw: ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts
|
|
when: class in ['just']
|
|
|
|
- name: add key from github
|
|
raw: ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts
|
|
when: class in ['just']
|