Files
@ 1b05bae8e440
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml
1b05bae8e440
4.0 KiB
text/x-yaml
MAR-56: Added LDIF templates to docs for relevant roles. Added warning about freshclam/clamav service restart during initial install (need to be restarted). Switched some TLS truststore vars to use concerete values. Introduced option for specifying additional Nginx config options. Added docs for some params. Assmeble Duplicity include pattern when needed. Don't set passwords for existing system users. Fix permissions for database users to be more restrictive. Fixed a couple of default param definitions (mainly tls cert/key stuff). Updated URL for downloading Prosody LDAP plugin. Updated testsite configs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | ---
- set_fact:
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create WSGI website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create home directory for the user (avoid populating with skeleton)
file: path="{{ home }}" state=directory
owner="{{ admin }}" group="{{ user }}" mode=2750
- name: Create WSGI website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"
system=yes createhome=no state=present
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
- name: Add admin to website group
user: name="{{ admin }}" groups="{{ user }}" append="yes"
- name: Install extra packages for website
apt: name="{{ item }}" state=present
with_items: packages
- name: Create directory for storing the Python virtual environment
file: path="{{ home }}/virtualenv" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Create Python virtual environment
sudo_user: "{{ admin }}"
command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
- name: Configure project directory for the Python virtual environment
template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
owner="{{ admin }}" group="{{ user }}" mode="640"
- name: Create directory where virtualenvs will be symlinked to
sudo_user: "{{ admin }}"
file: path="~/.virtualenvs" state=directory mode=750
- name: Create convenience symlink for Python virtual environment wrapper utility
sudo_user: "{{ admin }}"
file: src="{{ home }}/virtualenv" dest="~/.virtualenvs/{{ fqdn }}" state=link
- name: Deploy virtualenv wrapper
template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
owner="{{ admin }}" group="{{ user }}" mode="750"
- name: Install Gunicorn in Python virtual environment
sudo_user: "{{ admin }}"
pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv"
- name: Install additional packages in Python virtual environment
sudo_user: "{{ admin }}"
pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
with_items: virtualenv_packages
- name: Deploy systemd socket configuration for website
template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Deploy systemd service configuration for website
template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
owner=root group=root mode=644
notify:
- Reload systemd
- "Restart website {{ fqdn }}"
- name: Enable the website service
service: name="{{ fqdn }}" enabled=yes state=started
- name: Create directory where static files can be served from
file: path="{{ home }}/htdocs/" state=directory
owner="{{ admin }}" group="{{ user }}" mode="2750"
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable nginx website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|