Files @ 1bb9f7ac1072
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/tasks/main.yml

1bb9f7ac1072 5.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-112: Added alternate SMTP port:

- Updated mail_server role to deploy firewall rules that include redirection
from TCP port 27 to TCP port 25.
- Updated documentation to include references to the additional port.
- Updated tests to cover the new functionality.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
---

- name: Calculate username and home
  set_fact:
    admin: "admin-{{ fqdn | replace('.', '_') }}"
    user: "web-{{ fqdn | replace('.', '_') }}"
    home: "/var/www/{{ fqdn }}"

- name: Create WSGI website group
  group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present

- name: Create WSGI website admin user
  user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
        shell=/bin/bash createhome=yes home="{{ home }}" state=present

- name: Set-up directory for storing user profile configuration files
  file: path="{{ home }}/.profile.d" state=directory
        owner="{{ admin }}" group="{{ user }}" mode=0750

- name: Deploy profile configuration file for auto-activating the virtual environment
  copy: src="profile_virtualenv.sh" dest="{{ home }}/.profile.d/virtualenv.sh"
        owner="root" group="{{ user }}" mode="0640"

- name: Deploy profile configuration file for setting environment variables
  template: src="environment.sh.j2" dest="{{ home }}/.profile.d/environment.sh"
            owner="root" group="{{ user }}" mode=0640

- name: Create WSGI website user
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
        system=yes createhome=no state=present home="{{ home }}"

- name: Add nginx user to website group
  user: name="www-data" groups="{{ user }}" append="yes"
  notify:
    - Restart nginx

# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
  template: src="forward.j2" dest="{{ home }}/.forward"
            owner="root" group="{{ user }}" mode=0640

- name: Install extra packages for website
  apt: name="{{ item }}" state=present
  with_items: "{{ packages }}"
  notify:
    - "Restart website {{ fqdn }}"

- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
  file: src="/usr/bin/mariadb_config" dest="/usr/bin/mysql_config" state=link
  when: "'libmariadb-client-lgpl-dev-compat' in packages"

- name: Create directory for storing the Python virtual environment
  file: path="{{ home }}/virtualenv" state=directory
        owner="{{ admin }}" group="{{ user }}" mode="02750"

- name: Create Python virtual environment
  become: yes
  become_user: "{{ admin }}"
  command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate"
  tags:
    # [ANSIBLE0012] Commands should not change things if nothing needs doing
    #   This task will not fire if the virtual environment has already bene
    #   created (thanks to 'creates' parameter).
    - skip_ansible_lint

- name: Configure project directory for the Python virtual environment
  template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project"
            owner="{{ admin }}" group="{{ user }}" mode="0640"

- name: Deploy virtualenv wrapper
  template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec"
            owner="{{ admin }}" group="{{ user }}" mode="0750"

- name: Install WSGI server
  become: yes
  become_user: "{{ admin }}"
  pip: name="{{ item.package }}" version="{{ item.version }}" state=present virtualenv="{{ home }}/virtualenv"
  with_items:
    - package: gunicorn
      version: "{{ gunicorn_version }}"
    - package: futures
      version: "{{ futures_version }}"
  when: "not wsgi_requirements"
  notify:
    - "Restart website {{ fqdn }}"

- include: requirements.yml
  when: "wsgi_requirements"

- name: Install additional packages in Python virtual environment
  become: yes
  become_user: "{{ admin }}"
  pip: name="{{ item }}" state=present virtualenv="{{ home }}/virtualenv"
  with_items: "{{ virtualenv_packages }}"
  notify:
    - "Restart website {{ fqdn }}"

- name: Deploy systemd socket configuration for website
  template: src="systemd_wsgi_website.socket.j2" dest="/etc/systemd/system/{{ fqdn }}.socket"
            owner=root group=root mode=0644
  notify:
    - Reload systemd
    - "Restart website {{ fqdn }}"

- name: Deploy systemd service configuration for website
  template: src="systemd_wsgi_website.service.j2" dest="/etc/systemd/system/{{ fqdn }}.service"
            owner=root group=root mode=0644
  notify:
    - Reload systemd
    - "Restart website {{ fqdn }}"

- name: Enable the website service
  service: name="{{ fqdn }}" enabled=yes state=started

- name: Create directory where static files can be served from
  file: path="{{ home }}/htdocs/" state=directory
        owner="{{ admin }}" group="{{ user }}" mode="02750"

- name: Deploy nginx TLS private key for website
  copy:
    dest: "/etc/ssl/private/{{ fqdn }}_https.key"
    content: "{{ https_tls_key }}"
    mode: 0640
    owner: root
    group: root
  notify:
    - Restart nginx

- name: Deploy nginx TLS certificate for website
  copy:
    dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
    content: "{{ https_tls_certificate }}"
    mode: 0644
    owner: root
    group: root
  notify:
    - Restart nginx

- name: Deploy configuration file for checking certificate validity via cron
  copy: content="/etc/ssl/certs/{{ fqdn }}_https.pem" dest="/etc/check_certificate/{{ fqdn }}_https.conf"
        owner=root group=root mode=0644

- name: Deploy nginx configuration file for website
  template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
            owner=root group=root mode=0640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
  notify:
    - Restart nginx

- name: Enable nginx website
  file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
        state=link
  notify:
    - Restart nginx

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.