majic-ansible-roles Changeset

Changeset - e15b53d59517

Parent rev.

Child rev.

[Not reviewed]

1 4 2

Branko Majic (branko) - 7 years ago 2016-11-22 21:16:07
branko@majic.rs

MAR-67: Deploy /etc/profile.d/ configuration file that allows reading user-specific profile config files from ~/.profile.d/ directory. Create home directory for web application users in order to get all the fancy colouring etc. Deploy virtual environment activation script inside of wsgi_website role as profile.d script.

6 files changed with 26 insertions and 15 deletions:

docs/rolereference.rst

roles/common/files/user_profile_d.sh

roles/common/tasks/main.yml

roles/php_website/tasks/main.yml

roles/wsgi_website/files/profile_virtualenv.sh

rename

roles/wsgi_website/tasks/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -238,12 +238,14 @@ The role implements the following: @@
 * Configures apt to use caching proxy (if any was specified).
 * Sets-up umask for all logins to ``0027``.
 * Installs sudo.
 * Sets-up uniform bash prompt for all accounts (optionally coloured and with
   identifier). This is useful for distinguishing machines and/or environments.
 * Sets-up ability to have user-specific ``/etc/profile.d/`` entries via
   ``$HOME/.profile.d/``.
 * Installs additional base packages, as configured.
 * Disables ``electric-indent-mode`` in Emacs globally if either the ``emacs24``
   or ``emacs24-nox`` are installed through the role.
 * Creates additional operating system groups, as configured.
 * Creates additional operating system users, as configured.
 * Hardens the SSH server by disabling remote ``root`` logins and password-based

roles/common/files/user_profile_d.sh

➞

Show inline comments

@@ new file 100644 @@
 # Read user-specific profile "configuration" files.
 if [ -d "$HOME/.profile.d" ]; then
     for conf in "$HOME"/.profile.d/*.sh; do
         if [ -r "$conf" ]; then
             . "$conf"
         fi
     done
 fi

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -20,12 +20,16 @@ @@
   lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
 - name: Deploy bash profile configuration for fancier prompts
   template: src="bash_prompt.sh.j2" dest="/etc/profile.d/bash_prompt.sh"
             owner=root group=root mode=644
 - name: Deploy profile configuration that allows for user-specific profile.d files
   copy: src="user_profile_d.sh" dest="/etc/profile.d/z99-user_profile_d.sh"
         owner=root group=root mode=644
 - name: Replace default and skeleton bashrc
   copy: src="{{ item.key }}" dest="{{ item.value }}"
         owner=root group=root mode=644
   with_dict:
     skel_bashrc: "/etc/skel/.bashrc"
     bashrc: "/etc/bash.bashrc"

roles/php_website/tasks/main.yml

➞

Show inline comments

@@ @@ -8,17 +8,17 @@ @@
 - name: Create PHP website group
   group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
 - name: Create PHP website admin user
   user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
-        shell=/bin/bash createhome=no home="{{ home }}" state=present
+        shell=/bin/bash createhome=yes home="{{ home }}" state=present
 - name: Create home directory for the user (avoid populating with skeleton)
   file: path="{{ home }}" state=directory
         owner="{{ admin }}" group="{{ user }}" mode=2750
 - name: Set-up directory for storing user profile configuration files
   file: path="{{ home }}/.profile.d" state=directory
         owner="{{ admin }}" group="{{ user }}" mode=750
 - name: Create PHP website user
   user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
         system=yes createhome=no state=present
 - name: Add nginx user to website group

roles/wsgi_website/files/profile_virtualenv.sh

➞

Show inline comments

file renamed from roles/wsgi_website/files/bashrc to roles/wsgi_website/files/profile_virtualenv.sh

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -7,17 +7,21 @@ @@
 - name: Create WSGI website group
   group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
 - name: Create WSGI website admin user
   user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
-        shell=/bin/bash createhome=no home="{{ home }}" state=present
+        shell=/bin/bash createhome=yes home="{{ home }}" state=present
 - name: Create home directory for the user (avoid populating with skeleton)
   file: path="{{ home }}" state=directory
         owner="{{ admin }}" group="{{ user }}" mode=2750
 - name: Set-up directory for storing user profile configuration files
   file: path="{{ home }}/.profile.d" state=directory
         owner="{{ admin }}" group="{{ user }}" mode=750
 - name: Deploy profile configuration file for auto-activating the virtual environment
   copy: src="profile_virtualenv.sh" dest="{{ home }}/.profile.d/virtualenv.sh"
         owner="root" group="{{ user }}" mode="640"
 - name: Create WSGI website user
   user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
         system=yes createhome=no state=present
 - name: Add nginx user to website group
@@ @@ -44,19 +48,12 @@ @@
             owner="{{ admin }}" group="{{ user }}" mode="640"
 - name: Deploy virtualenv wrapper
   template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
             owner="{{ admin }}" group="{{ user }}" mode="750"
 - name: Deploy minimalistic bashrc for auto-activating the virtual environment
   copy: src="bashrc" dest="{{ item }}"
         owner="root" group="{{ user }}" mode="640"
   with_items:
     - "{{ home }}/.bashrc"
     - "{{ home }}/.profile"
 - name: Install futures package for use with Gunicorn thread workers
   become_user: "{{ admin }}"
   pip: name=futures version="{{ futures_version }}" state=present virtualenv="{{ home }}/virtualenv"
   notify:
     - "Restart website {{ fqdn }}"

0 comments (0 inline, 0 general)