majic-ansible-roles Changeset

Changeset - 2a96a48ae680

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 5 years ago 2018-10-21 17:52:35
branko@majic.rs

MAR-132: Updated usage instructions for Debian Stretch:

- Switch to Debian Stretch for showing role usage.
- Updated TBG deployment to use the latest version.
- Fixed a bunch of sample task definitions to use full expanded (YAML)
syntax.
- Updated commands used for backup client/server (invocation of GnuPG).

1 file changed with 126 insertions and 70 deletions:

docs/usage.rst

126

0 comments (0 inline, 0 general)

docs/usage.rst

➞

Show inline comments

@@ @@ -34,14 +34,15 @@ Pre-requisites @@
 For the set-up outlined in this usage guide you'll need the following:
 * One server where Ansible will be installed at. Debian Jessie will be installed
   on top of this server. The server will be set-up manually (this is currently
   out of scope for the *Majic Ansible Roles* automated set-up).
 * One server where Ansible will be installed at. Debian Stretch will
   be installed on top of this server. The server will be set-up
   manually (this is currently out of scope for the *Majic Ansible
   Roles* automated set-up).
 * Three servers where the services will be set-up. All servers must be able to
   communicate over network with each-other, the Ansible servers, and with
-  Internet. Debian Jessie will be installed on top of this server as part of the
+  Internet. Debian Stretch will be installed on top of this server as part of the
   usage instructions.
-* Debian Jessie network install CD.
+* Debian Stretch network install CD.
 * All servers should be on the same network.
 * IP addresses for all servers should be known.
 * Netmask for all servers should be known.
@@ @@ -145,7 +146,7 @@ Ansible Roles: @@
 . Clone the git repository::
-     git clone http://code.majic.rs/majic-ansible-roles ~/majic-ansible-roles
+     git clone https://code.majic.rs/majic-ansible-roles ~/majic-ansible-roles
 . Checkout the correct version of the roles::
@@ @@ -307,10 +308,11 @@ So, let's set this up for start: @@
 Installing the servers with preseed files
 -----------------------------------------
 You have your preseed files now, so you can go ahead and install the servers
 ``comms.example.com``, ``www.example.com``, and ``bak.example.com`` using
 them with network install CD. Have a look at `Debian
 <https://www.debian.org/releases/jessie/amd64/apbs02.html.en>`_ instructions for
 You have your preseed files now, so you can go ahead and install the
 servers ``comms.example.com``, ``www.example.com``, and
 ``bak.example.com`` using them with network install CD. Have a look at
 `Debian instructions
 <https://www.debian.org/releases/stretch/amd64/apbs02.html.en>`_ for
 more details.
 If you need to, you can easily serve the preseed files from the Ansible server
@@ @@ -461,7 +463,7 @@ Let's take care of this common configuration right away: @@
           password: "{{ 'admin' | password_hash('sha512') }}"
       common_packages:
-        - emacs24-nox
+        - emacs25-nox
    .. note::
       The ``common`` role comes with ability to set-up time
@@ @@ -1240,6 +1242,11 @@ server. @@
 . Now let's configure the role. This is rather simplistic, since we only need
    to set the database server root (admin) password.
    .. note::
       Default MariaDB server configuration on Debian Stretch enables
       the ``root`` OS user to login via Unix socket without providing
       password as well.
    :file:`~/mysite/group_vars/web.yml`
    ::
 * Static content (non-PHP) is served directly by *Nginx*.
 * Each web application gets distinct sub-directory under ``/var/www``, named
   after the FQDN. All sub-directories created under there are created with
-  ``2750`` permissions, with ownership set to admin user, and group set to the
+  ``02750`` permissions, with ownership set to admin user, and group set to the
   application's group. In other words, all directories will have ``SGID`` bit
   set, allowing you to create files/directories that will have their group
   automatically set to the group of the parent directory.
            fqdn: tbg.example.com
            # Some additional packages are required in order to deploy and use TBG.
            packages:
               - php5-gd
               - php5-curl
               - php-gd
               - php-curl
               - php-mbstring
               - php-xml
               - git
-              - php5-mysql
+              - php-mysql
               - expect
            # Set-up URL rewriting. This is based on public/.htaccess file from
            # TBG.
       ---
       - name: Define TBG version
         set_fact: tbg_version=4.1.0
         set_fact:
           tbg_version: "4.2.0"
           tbg_archive_checksum: "ca3a8b9d8090ec5f75580803abf699c5e67bdea0ec043dd782e525a774cf0936"
       - name: Download the TBG archive
         get_url: url=https://github.com/thebuggenie/thebuggenie/archive/v{{ tbg_version }}.tar.gz
                  dest="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}.tar.gz"
                  sha256sum=0fd0a680ba281adc97d5d2c720e63b995225c99716a36eca6a198b8a5ebf8057
         get_url:
           url: "https://github.com/thebuggenie/thebuggenie/archive/v{{ tbg_version }}.tar.gz"
           dest: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}.tar.gz"
           sha256sum: "{{ tbg_archive_checksum }}"
         become: yes
         become_user: admin-tbg_example_com
       - name: Download Composer
         get_url: url=https://getcomposer.org/download/1.0.0-alpha10/composer.phar
                  dest="/usr/local/bin/composer"
                  sha256sum=9f2c7d0364bc743bcde9cfe1fe84749e5ac38c46d47cf42966ce499135fd4628
                  owner=root group=root mode=755
         get_url:
           url: "https://getcomposer.org/download/1.7.2/composer.phar"
           dest: "/usr/local/bin/composer"
           sha256sum: "ec3428d049ae8877f7d102c2ee050dbd51a160fc2dde323f3e126a3b3846750e"
           owner: root
           group: root
           mode: 0755
       - name: Unpack TBG
         unarchive: src="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}.tar.gz"
                    dest="/var/www/tbg.example.com/" copy=no
                    creates="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
         unarchive:
           src: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}.tar.gz"
           dest: "/var/www/tbg.example.com/"
           copy: no
           creates: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
         become: yes
         become_user: admin-tbg_example_com
       - name: Create TBG cache directory
         file: path="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/cache" state=directory mode=2770
         file:
           path: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/cache"
           state: directory
           mode: 02770
         become: yes
         become_user: admin-tbg_example_com
       - name: Set-up the necessary write permissions for TBG directories
         file: path="{{ item }}" mode=g+w
         file:
           path: "{{ item }}"
           mode: g+w
         with_items:
            - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/
            - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/public/
            - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/core/config/
           - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/
           - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/public/
           - /var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/core/config/
       - name: Create symbolic link to TBG application
         file: src="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/public"
               path="/var/www/tbg.example.com/htdocs"
               state=link
               owner="admin-tbg_example_com" group="web-tbg_example_com" mode=2750
         file:
           src: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/public"
           path: "/var/www/tbg.example.com/htdocs"
           state: link
           owner: "admin-tbg_example_com"
           group: "web-tbg_example_com"
           mode: 02750
         become: yes
         become_user: admin-tbg_example_com
       - name: Install TBG dependencies
         composer: command=install working_dir="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
         composer:
           command: install
           working_dir: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
         become: yes
         become_user: admin-tbg_example_com
       - name: Deploy database configuration file for TBG
         copy: src="b2db.yml" dest="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/core/config/b2db.yml"
               mode=640 owner=admin-tbg_example_com group=web-tbg_example_com
         copy:
           src: "b2db.yml"
           dest: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/core/config/b2db.yml"
           mode: 0640
           owner: admin-tbg_example_com
           group: web-tbg_example_com
       - name: Install pexpect package
         apt: name=python-pexpect state=installed
         apt:
           name: python-pexpect
           state: present
       - name: Deploy expect script for installing TBG
         copy: src="tbg_expect_install" dest="/var/www/tbg.example.com/tbg_expect_install" mode=750
         become: yes
         become_user: admin-tbg_example_com
         copy:
           src: "tbg_expect_install"
           dest: "/var/www/tbg.example.com/tbg_expect_install"
           mode: 0750
           owner: admin-tbg_example_com
           group: web-tbg_example_com
       - name: Run TBG installer via expect script
         command: /var/www/tbg.example.com/tbg_expect_install
                  chdir="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
                  creates="/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/installed"
         args:
           chdir: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}"
           creates: "/var/www/tbg.example.com/thebuggenie-{{ tbg_version }}/installed"
         become: yes
         become_user: admin-tbg_example_com
 . Set-up the files that are deployed by our role.
    :file:`~/mysite/roles/tbg/files/b2db.yml`
           install_process.sendline(u'')
           # Wait for application to finish.
           install_process.expect(pexpect.EOF)
+          install_process.expect(pexpect.EOF, timeout=60)
       except pexpect.EOF as e:
           pass
@@ @@ -1639,7 +1677,7 @@ on the safe side: @@
               - libfreetype6-dev
               - liblcms2-dev
               - libwebp-dev
-              - libopenjpeg-dev
+              - libopenjp2-7-dev
               - libmariadb-client-lgpl-dev
               - libmariadb-client-lgpl-dev-compat
            # Here we specify that anything accessing our website with "/static/"
@@ @@ -1698,48 +1736,62 @@ on the safe side: @@
       ---
       - name: Create Django project directory
         file: dest="/var/www/wiki.example.com/code" state=directory
               owner=admin-wiki_example_com group=web-wiki_example_com
               mode=2750
         file:
           dest: "/var/www/wiki.example.com/code"
           state: directory
           owner: admin-wiki_example_com
           group: web-wiki_example_com
           mode: 02750
       - name: Start Django project for the Wiki website
         command: /var/www/wiki.example.com/virtualenv/bin/exec django-admin.py startproject wiki_example_com /var/www/wiki.example.com/code
                  chdir=/var/www/wiki.example.com
                  creates=/var/www/wiki.example.com/code/wiki_example_com
         command: "/var/www/wiki.example.com/virtualenv/bin/exec django-admin.py startproject wiki_example_com /var/www/wiki.example.com/code"
         args:
           chdir: "/var/www/wiki.example.com"
           creates: "/var/www/wiki.example.com/code/wiki_example_com"
         become: yes
         become_user: admin-wiki_example_com
       - name: Deploy settings for wiki website
         copy: src="{{ item }}" dest="/var/www/wiki.example.com/code/wiki_example_com/{{ item }}"
               mode=640 owner=admin group=web-wiki_example_com
         copy:
           src: "{{ item }}"
           dest: "/var/www/wiki.example.com/code/wiki_example_com/{{ item }}"
           mode: 0640
           owner: admin
           group: web-wiki_example_com
         with_items:
            - settings.py
            - urls.py
           - settings.py
           - urls.py
         notify:
-           - Restart wiki
           - Restart wiki
       - name: Deploy project database and deploy static files
         django_manage: command="{{ item }}"
                        app_path="/var/www/wiki.example.com/code/"
                        virtualenv="/var/www/wiki.example.com/virtualenv/"
         django_manage:
           command: "{{ item }}"
           app_path: "/var/www/wiki.example.com/code/"
           virtualenv: "/var/www/wiki.example.com/virtualenv/"
         become: yes
         become_user: admin-wiki_example_com
         with_items:
            - syncdb
            - migrate
            - collectstatic
           - syncdb
           - migrate
           - collectstatic
       - name: Deploy the superadmin creation script
         copy: src="create_superadmin.py" dest="/var/www/wiki.example.com/code/create_superadmin.py"
               owner=admin-wiki_example_com group=web-wiki_example_com mode=750
         copy:
           src: "create_superadmin.py"
           dest: "/var/www/wiki.example.com/code/create_superadmin.py"
           owner: admin-wiki_example_com
           group: web-wiki_example_com
           mode: 0750
       - name: Create initial superuser
         command: /var/www/wiki.example.com/virtualenv/bin/exec ./create_superadmin.py
                  chdir=/var/www/wiki.example.com/code/
         command: "/var/www/wiki.example.com/virtualenv/bin/exec ./create_superadmin.py"
         args:
           chdir: "/var/www/wiki.example.com/code/"
         become: yes
         become_user: admin-wiki_example_com
         register: wiki_superuser
-        changed_when: wiki_superuser.stdout == "Created superuser."
+        changed_when: "wiki_superuser.stdout ==  'Created superuser.'"
    :file:`~/mysite/roles/wiki/handlers/main.yml`
    ::
@@ @@ -2081,7 +2133,7 @@ So, back to the business: @@
    ::
       enable_backup: yes
-      backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir ~/mysite/gnupg/ --armour --export-secret-keys ' + ansible_fqdn ) }}"
+      backup_encryption_key: "{{ lookup('pipe', 'gpg --homedir ~/mysite/gnupg/ --armour --export-secret-keys ' + ansible_fqdn ) }}"
       backup_server: bak.example.com
       backup_server_host_ssh_public_keys:
         - "{{ lookup('file', inventory_dir + '/ssh/bak_dsa_key.pub') }}"
@@ @@ -2113,23 +2165,27 @@ So, back to the business: @@
    ::
      chmod 700 ~/mysite/gnupg
      cat << EOF | gpg2 --homedir ~/mysite/gnupg --batch --gen-key
      pkill gpg-agent
      gpg --homedir ~/mysite/gnupg --batch --generate-key << EOF
      Key-Type:RSA
      Key-Length:1024
      Name-Real:comms.example.com
      Expire-Date:0
      %no-protection
      %commit
      Key-Type:RSA
      Key-Length:1024
      Name-Real:www.example.com
      Expire-Date:0
      %no-protection
      %commit
      Key-Type:RSA
      Key-Length:1024
      Name-Real:bak.example.com
      Expire-Date:0
      %no-protection
      %commit
      EOF

0 comments (0 inline, 0 general)