Files
@ fe6cdb2443c7
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml - annotation
fe6cdb2443c7
3.8 KiB
text/x-yaml
MAR-19: Simplified the parameters for common role, making a lot of them optional with some sane defaults. Switched to using an actual list for additional groups.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 9fa438ee34c0 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 981584549895 | ---
- set_fact:
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Create directory for storing socket file
file: path="/var/run/wsgi/{{ fqdn }}" state="directory"
owner="{{ user }}" group="www-data" mode="750"
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: packages
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
sudo_user: "{{ admin }}"
command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
- name: Create directory where virtualenvs will be symlinked to
sudo_user: "{{ admin }}"
file: path="~/.virtualenvs" state=directory mode=750
- name: Create convenience symlink for Python virtual environment wrapper utility
sudo_user: "{{ admin }}"
file: src="{{ home }}/virtualenv" dest="~/.virtualenvs/{{ fqdn }}" state=link
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="750"
- name: Install Gunicorn in Python virtual environment
sudo_user: "{{ admin }}"
pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv"
- name: Install additional packages in Python virtual environment
sudo_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: virtualenv_packages
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
|