From ba6701ee67769697feddb39f7c769ad915cbc36a Mon Sep 17 00:00:00 2001 From: James Graham Date: Wed, 16 Mar 2022 15:13:59 +0000 Subject: [PATCH] build: remove old Ansible roles --- roles/database/tasks/main.yml | 37 --- roles/defaults/main.yml | 4 - roles/webserver/defaults/main.yml | 22 -- roles/webserver/tasks/main.yml | 255 -------------------- roles/webserver/templates/nginx-site-ssl.j2 | 28 --- roles/webserver/templates/nginx-site.j2 | 17 -- roles/webserver/templates/settings.j2 | 30 --- roles/webserver/templates/uwsgi-service.j2 | 13 - roles/webserver/templates/uwsgi-site.j2 | 19 -- 9 files changed, 425 deletions(-) delete mode 100644 roles/database/tasks/main.yml delete mode 100644 roles/defaults/main.yml delete mode 100644 roles/webserver/defaults/main.yml delete mode 100644 roles/webserver/tasks/main.yml delete mode 100644 roles/webserver/templates/nginx-site-ssl.j2 delete mode 100644 roles/webserver/templates/nginx-site.j2 delete mode 100644 roles/webserver/templates/settings.j2 delete mode 100644 roles/webserver/templates/uwsgi-service.j2 delete mode 100644 roles/webserver/templates/uwsgi-site.j2 diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml deleted file mode 100644 index 6bc72b9..0000000 --- a/roles/database/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Update system packages - yum: - name: '*' - state: latest - -- name: Install system prerequisites - yum: - name: '{{ packages }}' - state: latest - vars: - packages: - - mariadb - - mariadb-devel - - mariadb-server - - python - # For Ansible - not used at runtime - - MySQL-python - -- name: Restart database server - service: - name: mariadb - state: restarted - enabled: yes - daemon_reload: yes - -- name: Create database - mysql_db: - name: '{{ db_name }}' - state: present - -- name: Create database user - mysql_user: - name: '{{ db_user }}' - password: '{{ db_pass }}' - state: present - priv: '{{ db_name }}.*:ALL' diff --git a/roles/defaults/main.yml b/roles/defaults/main.yml deleted file mode 100644 index bf12883..0000000 --- a/roles/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -db_name: 'breccia' -db_user: 'breccia' -db_pass: 'breccia' diff --git a/roles/webserver/defaults/main.yml b/roles/webserver/defaults/main.yml deleted file mode 100644 index 5608fa8..0000000 --- a/roles/webserver/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -deploy_mode_dict: - 1: Production - 2: Staging - 3: Development -deploy_mode: 3 - -secret_key: '{{ lookup("password", "/dev/null") }}' - -parent_project_name: 'BRECcIA' -project_name: 'breccia-mapper' -project_full_name: 'breccia_mapper' -project_dir: '/var/www/{{ project_name }}' -venv_dir: '{{ project_dir }}/venv' -web_user: nginx -web_group: nginx -db_name: '{{ project_name }}' -db_user: 'breccia' -db_pass: 'breccia' - -display_short_name: 'BRECcIA' -display_long_name: 'BRECcIA Mapper' \ No newline at end of file diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml deleted file mode 100644 index 04103ab..0000000 --- a/roles/webserver/tasks/main.yml +++ /dev/null @@ -1,255 +0,0 @@ ---- -- name: Test connection - ping: - -- name: Enable EPEL - yum: - name: epel-release - state: latest - -- name: Update system packages - yum: - name: '*' - state: latest - -- name: Enable RedHat Software Collections - RHEL - rhsm_repository: - name: rhel-server-rhscl-7-rpms - when: ansible_distribution == "RedHat" - -- name: Enable RedHat Software Collections - CentOS - yum: - name: centos-release-scl - state: latest - when: ansible_distribution == "CentOS" - -- name: Install system prerequisites - yum: - name: '{{ packages }}' - state: latest - vars: - packages: - - gcc - - git - - rh-nginx114 - - rh-python36 - - policycoreutils-python - - python - - python-setuptools - - python2-cryptography - -- name: (Vagrant only) Clone / update from local repo - git: - repo: '/vagrant' - dest: '{{ project_dir }}' - when: vagrant_dir.stat.exists == True - -- name: (Vagrant only) Copy local settings file - copy: - src: '{{ settings_file | default("settings.ini") }}' - dest: '{{ project_dir }}/settings.ini' - owner: '{{ web_user }}' - group: '{{ web_group }}' - mode: 0600 - when: vagrant_dir.stat.exists == True - -- name: (Vagrant only) Add DB to settings file - ini_file: - path: '{{ project_dir }}/settings.ini' - section: settings - option: DATABASE_URL - value: 'mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}' - when: vagrant_dir.stat.exists == True - -- name: Copy deploy key - copy: - src: '{{ deployment_keyfile }}' - dest: '/tmp/deployment-key' - mode: 0600 - when: vagrant_dir.stat.exists == False and deployment_keyfile is defined - -- name: Clone / update from source repo - git: - repo: 'git@github.com:Southampton-RSG/breccia-mapper.git' - dest: '{{ project_dir }}' - key_file: '{{ "/tmp/deployment-key" if deployment_keyfile is defined else None }}' - version: '{{ branch | default ("master") }}' - accept_hostkey: yes - when: vagrant_dir.stat.exists == False - -- name: Copy customisation deploy key - copy: - src: '{{ customisation_repo_keyfile }}' - dest: '/tmp/deployment-key-customisation' - mode: 0600 - when: customisation_repo_keyfile is defined - -- name: Clone / update from customisation repo - git: - repo: '{{ customisation_repo }}' - dest: '{{ project_dir }}/custom' - key_file: '{{ "/tmp/deployment-key-customisation" if customisation_repo_keyfile is defined else None }}' - version: '{{ branch | default ("master") }}' - accept_hostkey: yes - when: customisation_repo is defined - -- name: Copy and populate settings template - template: - src: 'settings.j2' - dest: '{{ project_dir }}/settings.ini' - owner: '{{ web_user }}' - group: '{{ web_group }}' - mode: 0600 - when: vagrant_dir.stat.exists == False - -- name: Set ownership of source directory - file: - path: '{{ project_dir }}' - owner: '{{ web_user }}' - group: '{{ web_group }}' - recurse: yes - -- name: Create venv - shell: | - source scl_source enable rh-python36 - python3 -m venv {{ venv_dir }} - -- name: Install pip requirements - pip: - requirements: '{{ project_dir }}/requirements.txt' - virtualenv: '{{ venv_dir }}' - -- name: Create static directory - file: - path: '{{ project_dir }}/static' - state: directory - owner: '{{ web_user }}' - group: '{{ web_group }}' - mode: 0755 - -- name: Run Django setup stages - django_manage: - command: '{{ item }}' - app_path: '{{ project_dir }}' - virtualenv: '{{ venv_dir }}' - become_user: '{{ web_user }}' - with_items: - - dbbackup - - migrate - - collectstatic - -- name: Apply SELinux type - file: - path: '{{ project_dir }}/static' - state: directory - setype: httpd_sys_content_t - -- name: (Not production) Set SELinux permissive mode - selinux_permissive: - name: httpd_t - permissive: yes - when: deploy_mode > 1 - -- name: Install uWSGI - shell: | - source scl_source enable rh-python36 - pip3 install uwsgi - -- name: Setup uWSGI config - file: - path: /etc/uwsgi/sites - state: directory - mode: 0755 - -- name: Setup uWSGI service - template: - src: uwsgi-service.j2 - dest: /etc/systemd/system/uwsgi.service - -- name: Ensure uWSGI running - service: - name: uwsgi - state: started - enabled: yes - daemon_reload: yes - -- name: Copy web config files - template: - src: uwsgi-site.j2 - dest: '/etc/uwsgi/sites/{{ project_name }}.ini' - -- name: Generate self-signed SSL certificate - block: - - name: Create directories - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/ssl - - /etc/ssl/crt - - /etc/ssl/private - - /etc/ssl/csr - - - name: Create keys - openssl_privatekey: - path: /etc/ssl/private/{{ inventory_hostname }}.pem - owner: '{{ web_user }}' - group: '{{ web_user }}' - - - name: Create Certificate Signing Request (CSR) - openssl_csr: - path: /etc/ssl/csr/{{ inventory_hostname }}.csr - privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem - common_name: "{{ inventory_hostname }}" - owner: '{{ web_user }}' - group: '{{ web_user }}' - - - name: Generate certificate - openssl_certificate: - path: /etc/ssl/crt/{{ inventory_hostname }}.crt - privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem - csr_path: /etc/ssl/csr/{{ inventory_hostname }}.csr - provider: selfsigned - owner: '{{ web_user }}' - group: '{{ web_user }}' - - - name: Copy Nginx site - template: - src: nginx-site-ssl.j2 - dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}-ssl.conf' - owner: '{{ web_user }}' - group: '{{ web_group }}' - - when: deploy_mode > 1 - -- name: Copy Nginx site - template: - src: nginx-site.j2 - dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}.conf' - owner: '{{ web_user }}' - group: '{{ web_group }}' - -- name: Restart uWSGI and Nginx - service: - name: "{{ item }}" - state: restarted - enabled: yes - daemon_reload: yes - with_items: - - uwsgi - - rh-nginx114-nginx - -- name: Populate service facts - service_facts: - -- name: Open webserver ports on firewall - firewalld: - service: '{{ item }}' - state: enabled - permanent: yes - immediate: yes - loop: - - ssh - - http - - https - when: ansible_facts.services['firewalld.service'] is defined and ansible_facts.services['firewalld.service'].state == 'running' diff --git a/roles/webserver/templates/nginx-site-ssl.j2 b/roles/webserver/templates/nginx-site-ssl.j2 deleted file mode 100644 index bc135bc..0000000 --- a/roles/webserver/templates/nginx-site-ssl.j2 +++ /dev/null @@ -1,28 +0,0 @@ -server { - # HTTP/2 allows requests to be pipelined within a single connection - listen 443 ssl http2; - server_name {{ inventory_hostname }} localhost 127.0.0.1; - - ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt; - ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem; - ssl_protocols TLSv1.2; - - # Cache and tickets improve performance by ~10% on small requests - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 4h; - ssl_session_tickets on; - - location /favicon.ico { - alias {{ project_dir }}/static/img/favicon.ico; - } - - location /static/ { - alias {{ project_dir }}/static/; - } - - location / { - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/{{ project_name }}.sock; - uwsgi_buffers 256 16k; - } -} \ No newline at end of file diff --git a/roles/webserver/templates/nginx-site.j2 b/roles/webserver/templates/nginx-site.j2 deleted file mode 100644 index f9f85c1..0000000 --- a/roles/webserver/templates/nginx-site.j2 +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 80; - server_name {{ inventory_hostname }} localhost 127.0.0.1; - - location /favicon.ico { - alias {{ project_dir }}/static/img/favicon.ico; - } - - location /static/ { - alias {{ project_dir }}/static/; - } - - location / { - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/{{ project_name }}.sock; - } -} \ No newline at end of file diff --git a/roles/webserver/templates/settings.j2 b/roles/webserver/templates/settings.j2 deleted file mode 100644 index b270b08..0000000 --- a/roles/webserver/templates/settings.j2 +++ /dev/null @@ -1,30 +0,0 @@ -# Template populated on {{ template_run_date }} -[settings] - -SECRET_KEY={{ secret_key }} -DEBUG={{ "True" if deploy_mode > 1 else "False" }} -DATABASE_URL=mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }} - -{% if allowed_hosts is defined %} -ALLOWED_HOSTS={% for h in allowed_hosts %}{{ h }},{% endfor %} -{% else %} -ALLOWED_HOSTS={{ inventory_hostname }},localhost,127.0.0.1 -{% endif %} - -PARENT_PROJECT_NAME={{ parent_project_name }} -PROJECT_SHORT_NAME={{ display_short_name }} -PROJECT_LONG_NAME={{ display_long_name }} - -{% if email_host is defined %} -EMAIL_HOST={{ email_host }} -{% endif %} -{% if default_from_email is defined %} -DEFAULT_FROM_EMAIL={{ default_from_email }} -{% endif %} -{% if email_port is defined %} -EMAIL_PORT={{ email_port }} -{% endif %} - -{% if google_maps_api_key is defined %} -GOOGLE_MAPS_API_KEY={{ google_maps_api_key }} -{% endif %} diff --git a/roles/webserver/templates/uwsgi-service.j2 b/roles/webserver/templates/uwsgi-service.j2 deleted file mode 100644 index 97f5738..0000000 --- a/roles/webserver/templates/uwsgi-service.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=uWSGI Emperor Service - -[Service] -ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown {{ web_user }}:{{ web_group }} /run/uwsgi; source scl_source rh-python36' -ExecStart=/bin/scl enable rh-python36 "uwsgi --emperor /etc/uwsgi/sites" -Restart=always -KillSignal=SIGQUIT -Type=notify -NotifyAccess=all - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/webserver/templates/uwsgi-site.j2 b/roles/webserver/templates/uwsgi-site.j2 deleted file mode 100644 index 0311bff..0000000 --- a/roles/webserver/templates/uwsgi-site.j2 +++ /dev/null @@ -1,19 +0,0 @@ -[uwsgi] -project = {{ project_name }} -uid = {{ web_user }} -gid = {{ web_group }} -base = /var/www - -chdir = %(base)/%(project) -home = {{ venv_dir }} -module = {{ project_full_name }}.wsgi:application -logto = %(chdir)/%(project).log - -master = true -processes = 2 -listen = 128 - -socket = /run/uwsgi/%(project).sock -chown-socket = %(uid):{{ web_group }} -chmod-socket = 660 -vacuum = true