--- - name: Create WSGI website group group: name: "{{ user }}" gid: "{{ uid | default(omit) }}" state: present - name: Create WSGI website admin user user: name: "{{ admin }}" uid: "{{ admin_uid | default(omit) }}" group: "{{ user }}" shell: /bin/bash createhome: yes home: "{{ home }}" state: present - name: Set-up directory for storing user profile configuration files file: path: "{{ home }}/.profile.d" state: directory owner: "{{ admin }}" group: "{{ user }}" mode: 0750 - name: Deploy profile configuration file for auto-activating the virtual environment copy: src: "profile_virtualenv.sh" dest: "{{ home }}/.profile.d/virtualenv.sh" owner: root group: "{{ user }}" mode: 0640 - name: Deploy profile configuration file for setting environment variables template: src: "environment.sh.j2" dest: "{{ home }}/.profile.d/environment.sh" owner: root group: "{{ user }}" mode: 0640 - name: Create WSGI website user user: name: "{{ user }}" uid: "{{ uid | default(omit) }}" group: "{{ user }}" comment: "umask=0007" system: yes createhome: no state: present home: "{{ home }}" - name: Add nginx user to website group user: name: www-data groups: "{{ user }}" append: yes notify: - Restart nginx # Ownership set to root so Postfix would not check if correct user owns the # file. - name: Set-up forwarding for mails delivered to local application user/admin template: src: "forward.j2" dest: "{{ home }}/.forward" owner: root group: "{{ user }}" mode: 0640 - name: Install extra packages for website apt: name: "{{ item }}" state: present with_items: "{{ packages }}" notify: - "Restart website {{ fqdn }}" - name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996) file: src: "/usr/bin/mariadb_config" dest: "/usr/bin/mysql_config" state: link when: "'libmariadb-client-lgpl-dev-compat' in packages" - name: Create directory for storing the Python virtual environment file: path: "{{ home }}/virtualenv" state: directory owner: "{{ admin }}" group: "{{ user }}" mode: 02750 - name: Create Python virtual environment command: '/usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv"' args: creates: "{{ home }}/virtualenv/bin/activate" become: yes become_user: "{{ admin }}" tags: # [ANSIBLE0012] Commands should not change things if nothing needs doing # This task will not fire if the virtual environment has already bene # created (thanks to 'creates' parameter). - skip_ansible_lint - name: Configure project directory for the Python virtual environment template: src: "venv_project.j2" dest: "{{ home }}/virtualenv/.project" owner: "{{ admin }}" group: "{{ user }}" mode: 0640 - name: Deploy virtualenv wrapper template: src: "venv_exec.j2" dest: "{{ home }}/virtualenv/bin/exec" owner: "{{ admin }}" group: "{{ user }}" mode: 0750 - name: Install WSGI server become: yes become_user: "{{ admin }}" pip: name: "{{ item.package }}" version: "{{ item.version }}" state: present virtualenv: "{{ home }}/virtualenv" with_items: - package: gunicorn version: "{{ gunicorn_version }}" - package: futures version: "{{ futures_version }}" when: "not wsgi_requirements" notify: - "Restart website {{ fqdn }}" - include: requirements.yml when: "wsgi_requirements" - name: Install additional packages in Python virtual environment become: yes become_user: "{{ admin }}" pip: name: "{{ item }}" state: present virtualenv: "{{ home }}/virtualenv" with_items: "{{ virtualenv_packages }}" notify: - "Restart website {{ fqdn }}" - name: Deploy systemd socket configuration for website template: src: "systemd_wsgi_website.socket.j2" dest: "/etc/systemd/system/{{ fqdn }}.socket" owner: root group: root mode: 0644 notify: - Reload systemd - "Restart website {{ fqdn }}" - name: Deploy systemd service configuration for website template: src: "systemd_wsgi_website.service.j2" dest: "/etc/systemd/system/{{ fqdn }}.service" owner: root group: root mode: 0644 notify: - Reload systemd - "Restart website {{ fqdn }}" - name: Enable the website service service: name: "{{ fqdn }}" enabled: yes state: started - name: Create directory where static files can be served from file: path: "{{ home }}/htdocs/" state: directory owner: "{{ admin }}" group: "{{ user }}" mode: 02750 - name: Deploy nginx TLS private key for website copy: dest: "/etc/ssl/private/{{ fqdn }}_https.key" content: "{{ https_tls_key }}" owner: root group: root mode: 0640 notify: - Restart nginx - name: Deploy nginx TLS certificate for website copy: dest: "/etc/ssl/certs/{{ fqdn }}_https.pem" content: "{{ https_tls_certificate }}" owner: root group: root mode: 0644 notify: - Restart nginx - name: Deploy configuration file for checking certificate validity via cron copy: content: "/etc/ssl/certs/{{ fqdn }}_https.pem" dest: "/etc/check_certificate/{{ fqdn }}_https.conf" owner: root group: root mode: 0644 - name: Deploy nginx configuration file for website template: src: "nginx_site.j2" dest: "/etc/nginx/sites-available/{{ fqdn }}" owner: root group: root mode: 0640 validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s" notify: - Restart nginx - name: Enable nginx website file: src: "/etc/nginx/sites-available/{{ fqdn }}" dest: "/etc/nginx/sites-enabled/{{ fqdn }}" state: link notify: - Restart nginx - name: Explicitly run all handlers include: ../handlers/main.yml when: "handlers | default(False) | bool() == True" tags: - handlers