Files
@ 05bbc00281d8
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml - annotation
05bbc00281d8
4.2 KiB
text/x-yaml
MAR-58: Fixed another spot where old version of Ansible was mentioned in docs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 | 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 ed37f9854bfb 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 ed37f9854bfb 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 922cda0a1834 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 922cda0a1834 5a15eda01800 981584549895 a77fff9fcd91 a77fff9fcd91 a77fff9fcd91 a77fff9fcd91 981584549895 922cda0a1834 981584549895 981584549895 981584549895 922cda0a1834 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 5a15eda01800 922cda0a1834 5a15eda01800 5a15eda01800 981584549895 922cda0a1834 5a15eda01800 981584549895 981584549895 922cda0a1834 981584549895 922cda0a1834 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- set_fact:
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: "{{ packages }}"
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
become_user: "{{ admin }}"
command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
- name: Configure project directory for the Python virtual environment
template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
owner="{{ admin }}" group="{{ user }}" mode="640"
- name: Create directory where virtualenvs will be symlinked to
become_user: "{{ admin }}"
file: path="~/.virtualenvs" state=directory mode=750
- name: Create convenience symlink for Python virtual environment wrapper utility
become_user: "{{ admin }}"
file: src="{{ home }}/virtualenv" dest="~/.virtualenvs/{{ fqdn }}" state=link
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="750"
- name: Install futures package for use with Gunicorn thread workers
become_user: "{{ admin }}"
pip: name=futures version="{{ futures_version }}" state=present virtualenv="{{ home }}/virtualenv"
- name: Install Gunicorn in Python virtual environment
become_user: "{{ admin }}"
pip: name=gunicorn version="{{ gunicorn_version }}" state=present virtualenv="{{ home }}/virtualenv"
- name: Install additional packages in Python virtual environment
become_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: "{{ virtualenv_packages }}"
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|