Files
@ 3af07319e2f3
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml - annotation
3af07319e2f3
4.4 KiB
text/x-yaml
MAR-59: Removed ability to specify admin user for php_website and wsgi_website roles. Updated testsite and usage instructions. Updated role reference.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | 981584549895 981584549895 981584549895 3af07319e2f3 981584549895 981584549895 981584549895 981584549895 ed37f9854bfb 981584549895 3af07319e2f3 3af07319e2f3 3af07319e2f3 3af07319e2f3 981584549895 981584549895 981584549895 981584549895 981584549895 ed37f9854bfb 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 922cda0a1834 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 922cda0a1834 5a15eda01800 981584549895 a77fff9fcd91 a77fff9fcd91 a77fff9fcd91 a77fff9fcd91 981584549895 981584549895 981584549895 981584549895 3af07319e2f3 3af07319e2f3 3af07319e2f3 3af07319e2f3 3af07319e2f3 3af07319e2f3 3af07319e2f3 5a15eda01800 922cda0a1834 5a15eda01800 5a15eda01800 981584549895 922cda0a1834 5a15eda01800 981584549895 981584549895 922cda0a1834 981584549895 922cda0a1834 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- set_fact:
admin: "admin-{{ fqdn | replace('.', '_') }}"
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create WSGI website admin user
user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
shell=/bin/bash createhome=no home="{{ home }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: "{{ packages }}"
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
become_user: "{{ admin }}"
command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
- name: Configure project directory for the Python virtual environment
template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
owner="{{ admin }}" group="{{ user }}" mode="640"
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="750"
- name: Deploy minimalistic bashrc for auto-activating the virtual environment
copy: src="bashrc" dest="{{ item }}"
owner="root" group="{{ user }}" mode="640"
with_items:
- "{{ home }}/.bashrc"
- "{{ home }}/.profile"
- name: Install futures package for use with Gunicorn thread workers
become_user: "{{ admin }}"
pip: name=futures version="{{ futures_version }}" state=present virtualenv="{{ home }}/virtualenv"
- name: Install Gunicorn in Python virtual environment
become_user: "{{ admin }}"
pip: name=gunicorn version="{{ gunicorn_version }}" state=present virtualenv="{{ home }}/virtualenv"
- name: Install additional packages in Python virtual environment
become_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: "{{ virtualenv_packages }}"
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|