majic-ansible-roles Changeset

Changeset - 5a15eda01800

Parent rev.

Child rev.

[Not reviewed]

0 14 0

Branko Majic (branko) - 8 years ago 2016-06-07 16:13:25
branko@majic.rs

MAR-56: Wait for freshclam to download the initial ClamAV database in mail_server role. Make it possible to specify Gunicorn version in the wsgi_website role (and also install the required futures package now). Clarify the parameter for wsgi_application in wsgi_website role should be relative to code sub-directory. Simplify how roles are specified as deps in order to avoid reruns of shared roles in Ansible 1.9.x (for the non-parametrised/singleton roles, that is). Set correct prompt for virtual environments created in wsgi_website.

14 files changed with 52 insertions and 22 deletions:

docs/rolereference.rst

roles/backup_server/meta/main.yml

roles/database/meta/main.yml

roles/database_server/meta/main.yml

roles/ldap_server/meta/main.yml

roles/mail_forwarder/meta/main.yml

roles/mail_server/meta/main.yml

roles/mail_server/tasks/main.yml

roles/php_website/meta/main.yml

roles/web_server/meta/main.yml

roles/wsgi_website/defaults/main.yml

roles/wsgi_website/meta/main.yml

roles/wsgi_website/tasks/main.yml

roles/xmpp_server/meta/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -792,10 +792,12 @@ Mail Server @@
 -----------
 .. warning::
    Unfortunately, there are some issues with ``clamav-milter``,
    ``clamav-daemon``, and ``clamav-freshclam`` services on Debian Jessie. Once
    the role has been applied for the first time, wait for ``clamav-freshclam``
    service to update the ClamAV virus database, then restart all three services.
    It may happen that the ``clamav-freshclam`` service hasn't finished
    downloading the virus database before the ``clamav-daemon`` and
    ``clamav-milter`` services are enabled during the initial run. If mail server
    is not operational, you may need to wait for a little while for download to
    finish, and then restart the ``clamav-daemon`` and ``clamav-milter``
    services.
 The ``mail_server`` role can be used for setting-up a complete mail server
 solution, which includes both SMTP and IMAP service, on destination machine.
@@ @@ -1337,6 +1339,8 @@ The role implements the following: @@
   the code and data.
 * Installs additional packages required for running the role (as configured).
 * Sets-up a dedicated Python virtual environment for website.
 * Install ``futures`` package in Python virtual environment (required for
   Gunicorn in combination withg Python 2.7).
 * Install Gunicorn in Python virtual environment.
 * Installs additional packages required for running the role in Python virtual
   environment (as configured).
@@ @@ -1414,6 +1418,14 @@ Parameters @@
   for calculating the user/group name for dedicated website user, as well as
   home directory of the website user (where data/code should be stored at).
 **futures_version** (string, optional, ``3.0.5``)
   Version of ``futures`` package to deploy in virtual environment. Required by
   Gunicorn when using Python 2.7. Default version is tested with the test site.
 **gunicorn_version** (string, optional, ``19.6.0``)
   Version of Gunicorn to deploy in virtual environment for running the WSGI
   application. Default version is tested with the test site.
 **https_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}``)
   X.509 certificate used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.
@@ @@ -1455,7 +1467,9 @@ Parameters @@
   WSGI application that should be started by Gunicorn. The format should be
   conformant to what the ``gunicorn`` command-line tool accepts. If the
   ``use_paste`` option is enabled, the value should be equal to filename of the
   Python Paste ini file, located in the ``code`` sub-directory.
   Python Paste ini file, located in the ``code`` sub-directory. It should be
   noted that in either case the value should be specsified relative to the
   ``code`` sub-directory. I.e. don't use full paths.
 Examples
@@ @@ -1478,6 +1492,8 @@ running a bare Django project): @@
       wsgi_application: django_example_com.wsgi:application
       https_tls_key: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.key') }}"
       https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.pem') }}"
       futures_version: 3.0.5
       gunicorn_version: 19.6.0
       additional_nginx_config:
         - comment: Use custom page for forbidden files.
           value: error_page 403 /static/403.html;

roles/backup_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - role: common
@@ \ No newline at end of file @@
   - common
@@ \ No newline at end of file @@

roles/database/meta/main.yml

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ @@
 allow_duplicates: yes
 dependencies:
-  - role: database_server
   - database_server
   - role: backup_client
     when: enable_backup
     backup_patterns_filename: "database_{{ db_name }}"

roles/database_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - role: common
@@ \ No newline at end of file @@
   - common
@@ \ No newline at end of file @@

roles/ldap_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - role: common
   - role: ldap_client
   - common
   - ldap_client
   - role: backup_client
     when: enable_backup
     backup_patterns_filename: "ldap_server"

roles/mail_forwarder/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - role: common
@@ \ No newline at end of file @@
   - common
@@ \ No newline at end of file @@

roles/mail_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
-  - role: common
   - common
   - role: backup_client
     when: enable_backup
     backup_patterns_filename: "mail_server"

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -134,11 +134,19 @@ @@
     - postfix
     - dovecot
 - name: Enable ClamAV service
 - name: Enable ClamAV database update service (freshclam)
   service: name=clamav-freshclam state=started
 - name: Wait for ClamAV database to be available (up to 10 minutes)
   wait_for: path="{{ item }}" timeout=600
   with_items:
     - "/var/lib/clamav/daily.cvd"
     - "/var/lib/clamav/main.cvd"
 - name: Enable ClamAV daemon and milter services
   service: name="{{ item }}" state=started
   with_items:
     - clamav-daemon
     - clamav-freshclam
     - clamav-milter
 - name: Enable Postfix service

roles/php_website/meta/main.yml

➞

Show inline comments

@@ @@ -3,5 +3,5 @@ @@
 allow_duplicates: yes
 dependencies:
   - role: common
   - role: web_server
@@ \ No newline at end of file @@
   - common
   - web_server
@@ \ No newline at end of file @@

roles/web_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - role: common
@@ \ No newline at end of file @@
   - common
@@ \ No newline at end of file @@

roles/wsgi_website/defaults/main.yml

➞

Show inline comments

@@ @@ -10,3 +10,5 @@ virtualenv_packages: [] @@
 admin: "web-{{ fqdn | replace('.', '_') }}"
 https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
 https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 gunicorn_version: "19.6.0"
 futures_version: "3.0.5"
@@ \ No newline at end of file @@

roles/wsgi_website/meta/main.yml

➞

Show inline comments

@@ @@ -3,5 +3,5 @@ @@
 allow_duplicates: yes
 dependencies:
   - role: common
   - role: web_server
@@ \ No newline at end of file @@
   - common
   - web_server
@@ \ No newline at end of file @@

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -33,7 +33,7 @@ @@
 - name: Create Python virtual environment
   sudo_user: "{{ admin }}"
   command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
+  command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
 - name: Configure project directory for the Python virtual environment
   template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
@@ @@ -51,9 +51,13 @@ @@
   template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
             owner="{{ admin }}" group="{{ user }}" mode="750"
 - name: Install futures package for use with Gunicorn thread workers
   sudo_user: "{{ admin }}"
   pip: name=futures version="{{ futures_version }}" state=present virtualenv="{{ home }}/virtualenv"
 - name: Install Gunicorn in Python virtual environment
   sudo_user: "{{ admin }}"
   pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv"
+  pip: name=gunicorn version="{{ gunicorn_version }}" state=present virtualenv="{{ home }}/virtualenv"
 - name: Install additional packages in Python virtual environment
   sudo_user: "{{ admin }}"

roles/xmpp_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
-  - role: common
   - common
   - role: backup_client
     when: enable_backup
     backup_patterns_filename: "xmpp_server"

0 comments (0 inline, 0 general)