Files @ 1b05bae8e440
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml

1b05bae8e440 4.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-56: Added LDIF templates to docs for relevant roles. Added warning about freshclam/clamav service restart during initial install (need to be restarted). Switched some TLS truststore vars to use concerete values. Introduced option for specifying additional Nginx config options. Added docs for some params. Assmeble Duplicity include pattern when needed. Don't set passwords for existing system users. Fix permissions for database users to be more restrictive. Fixed a couple of default param definitions (mainly tls cert/key stuff). Updated URL for downloading Prosody LDAP plugin. Updated testsite configs.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
---

- set_fact:
    user: "web-{{ fqdn | replace('.', '_') }}"
    home: "/var/www/{{ fqdn }}"

- name: Create WSGI website group
  group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present

- name: Create home directory for the user (avoid populating with skeleton)
  file: path="{{ home }}" state=directory
        owner="{{ admin }}" group="{{ user }}" mode=2750

- name: Create WSGI website user
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"
        system=yes createhome=no state=present

- name: Add nginx user to website group
  user: name="www-data" groups="{{ user }}" append="yes"
  notify:
    - Restart nginx

- name: Add admin to website group
  user: name="{{ admin }}" groups="{{ user }}" append="yes"

- name: Install extra packages for website
  apt: name="{{ item }}" state=present
  with_items: packages

- name: Create directory for storing the Python virtual environment
  file: path="{{ home }}/virtualenv" state=directory
        owner="{{ admin }}" group="{{ user }}" mode="2750"

- name: Create Python virtual environment
  sudo_user: "{{ admin }}"
  command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"

- name: Configure project directory for the Python virtual environment
  template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
            owner="{{ admin }}" group="{{ user }}" mode="640"

- name: Create directory where virtualenvs will be symlinked to
  sudo_user: "{{ admin }}"
  file: path="~/.virtualenvs" state=directory mode=750

- name: Create convenience symlink for Python virtual environment wrapper utility
  sudo_user: "{{ admin }}"
  file: src="{{ home }}/virtualenv" dest="~/.virtualenvs/{{ fqdn }}" state=link

- name: Deploy virtualenv wrapper
  template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
            owner="{{ admin }}" group="{{ user }}" mode="750"

- name: Install Gunicorn in Python virtual environment
  sudo_user: "{{ admin }}"
  pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv"

- name: Install additional packages in Python virtual environment
  sudo_user: "{{ admin }}"
  pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
  with_items: virtualenv_packages

- name: Deploy systemd socket configuration for website
  template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
            owner=root group=root mode=644
  notify:
    - Reload systemd
    - "Restart website {{ fqdn }}"

- name: Deploy systemd service configuration for website
  template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
            owner=root group=root mode=644
  notify:
    - Reload systemd
    - "Restart website {{ fqdn }}"

- name: Enable the website service
  service: name="{{ fqdn }}" enabled=yes state=started

- name: Create directory where static files can be served from
  file: path="{{ home }}/htdocs/" state=directory
        owner="{{ admin }}" group="{{ user }}" mode="2750"

- name: Deploy nginx TLS private key for website
  copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy nginx TLS certificate for website
  copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart nginx

- name: Deploy nginx configuration file for website
  template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
            owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
  notify:
    - Restart nginx

- name: Enable nginx website
  file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
        state=link
  notify:
    - Restart nginx

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.