Files
@ 884beb9a0e1d
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml - annotation
884beb9a0e1d
3.8 KiB
text/x-yaml
MAR-5: Fixed a typo in docs for test site (wrong filename path for certificate). Added encryption_key option to certtool templates in test site in order to have key encipherment key usage in resulting certificates (otherwise Thunderbird, for example, won't be able to connect to SMTP server).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 | ---
- set_fact:
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Create directory for storing socket file
file: path="/var/run/wsgi/{{ fqdn }}" state="directory"
owner="{{ user }}" group="www-data" mode="750"
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: packages
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
sudo_user: "{{ admin }}"
command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
- name: Create directory where virtualenvs will be symlinked to
sudo_user: "{{ admin }}"
file: path="~/.virtualenvs" state=directory mode=750
- name: Create convenience symlink for Python virtual environment wrapper utility
sudo_user: "{{ admin }}"
file: src="{{ home }}/virtualenv" dest="~/.virtualenvs/{{ fqdn }}" state=link
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="750"
- name: Install Gunicorn in Python virtual environment
sudo_user: "{{ admin }}"
pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv"
- name: Install additional packages in Python virtual environment
sudo_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: virtualenv_packages
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
|