Files
@ b68d19ad38a3
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml - annotation
b68d19ad38a3
5.7 KiB
text/x-yaml
MAR-33: Added initial scaffolding for wsgi_website tests:
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | 981584549895 981584549895 b68d19ad38a3 b68d19ad38a3 3af07319e2f3 981584549895 981584549895 981584549895 981584549895 ed37f9854bfb 981584549895 3af07319e2f3 3af07319e2f3 e15b53d59517 3af07319e2f3 e15b53d59517 e15b53d59517 b68d19ad38a3 e15b53d59517 e15b53d59517 e15b53d59517 b68d19ad38a3 981584549895 b757d690af42 b757d690af42 b68d19ad38a3 b757d690af42 981584549895 a40cf7a468ea 4a3c8915f967 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 b68d19ad38a3 4a3c8915f967 981584549895 981584549895 922cda0a1834 9f9dbcb79909 9f9dbcb79909 981584549895 db91799cc8fa db91799cc8fa db91799cc8fa db91799cc8fa 981584549895 981584549895 981584549895 981584549895 981584549895 b68d19ad38a3 922cda0a1834 5a15eda01800 b68d19ad38a3 b68d19ad38a3 b68d19ad38a3 b68d19ad38a3 b68d19ad38a3 981584549895 a77fff9fcd91 a77fff9fcd91 b68d19ad38a3 a77fff9fcd91 981584549895 981584549895 b68d19ad38a3 981584549895 d9ba7498c212 b68d19ad38a3 922cda0a1834 d9ba7498c212 d9ba7498c212 d9ba7498c212 d9ba7498c212 d9ba7498c212 d9ba7498c212 d9ba7498c212 9f9dbcb79909 9f9dbcb79909 5a15eda01800 d9ba7498c212 d9ba7498c212 981584549895 981584549895 b68d19ad38a3 922cda0a1834 981584549895 922cda0a1834 9f9dbcb79909 9f9dbcb79909 981584549895 981584549895 981584549895 b68d19ad38a3 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 b68d19ad38a3 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 d26fe0368a4b 18cd76ec050d b68d19ad38a3 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d b68d19ad38a3 d26fe0368a4b d26fe0368a4b d26fe0368a4b aa2802e42d9d aa2802e42d9d b68d19ad38a3 aa2802e42d9d 981584549895 981584549895 b68d19ad38a3 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- name: Calculate username and home
set_fact:
admin: "admin-{{ fqdn | replace('.', '_') }}"
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create WSGI website admin user
user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
shell=/bin/bash createhome=yes home="{{ home }}" state=present
- name: Set-up directory for storing user profile configuration files
file: path="{{ home }}/.profile.d" state=directory
owner="{{ admin }}" group="{{ user }}" mode=0750
- name: Deploy profile configuration file for auto-activating the virtual environment
copy: src="profile_virtualenv.sh" dest="{{ home }}/.profile.d/virtualenv.sh"
owner="root" group="{{ user }}" mode="0640"
- name: Deploy profile configuration file for setting environment variables
template: src="environment.sh.j2" dest="{{ home }}/.profile.d/environment.sh"
owner="root" group="{{ user }}" mode=0640
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
system=yes createhome=no state=present home="{{ home }}"
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template: src="forward.j2" dest="{{ home }}/.forward"
owner="root" group="{{ user }}" mode=0640
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: "{{ packages }}"
notify:
- "Restart website {{ fqdn }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
file: src="/usr/bin/mariadb_config" dest="/usr/bin/mysql_config" state=link
when: "'libmariadb-client-lgpl-dev-compat' in packages"
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
become: yes
become_user: "{{ admin }}"
command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
tags:
# [ANSIBLE0012] Commands should not change things if nothing needs doing
# This task will not fire if the virtual environment has already bene
# created (thanks to 'creates' parameter).
- skip_ansible_lint
- name: Configure project directory for the Python virtual environment
template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
owner="{{ admin }}" group="{{ user }}" mode="0640"
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="0750"
- name: Install WSGI server
become: yes
become_user: "{{ admin }}"
pip: name="{{ item.package }}" version="{{ item.version }}" state=present virtualenv="{{ home }}/virtualenv"
with_items:
- package: gunicorn
version: "{{ gunicorn_version }}"
- package: futures
version: "{{ futures_version }}"
when: "not wsgi_requirements"
notify:
- "Restart website {{ fqdn }}"
- include: requirements.yml
when: "wsgi_requirements"
- name: Install additional packages in Python virtual environment
become: yes
become_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: "{{ virtualenv_packages }}"
notify:
- "Restart website {{ fqdn }}"
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=0644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=0644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=0640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=0644 owner=root group=root
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy: content="/etc/ssl/certs/{{ fqdn }}_https.pem" dest="/etc/check_certificate/{{ fqdn }}_https.conf"
owner=root group=root mode=0644
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=0640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|