build: remove old Ansible roles

2026-03-03 03:17:07 +00:00 · 2022-03-16 15:13:59 +00:00
parent a5a954ee7d
commit ba6701ee67
9 changed files with 0 additions and 425 deletions
--- a/roles/database/tasks/main.yml
+++ b/roles/database/tasks/main.yml
@@ -1,37 +0,0 @@
 ---
 - name: Update system packages
  yum:
    name: '*'
    state: latest
 - name: Install system prerequisites
  yum:
    name: '{{ packages }}'
    state: latest
  vars:
    packages:
      - mariadb
      - mariadb-devel
      - mariadb-server
      - python
      # For Ansible - not used at runtime
      - MySQL-python
 - name: Restart database server
  service:
    name: mariadb
    state: restarted
    enabled: yes
    daemon_reload: yes
 - name: Create database
  mysql_db:
    name: '{{ db_name }}'
    state: present
 - name: Create database user
  mysql_user:
    name: '{{ db_user }}'
    password: '{{ db_pass }}'
    state: present
    priv: '{{ db_name }}.*:ALL'
--- a/roles/defaults/main.yml
+++ b/roles/defaults/main.yml
@@ -1,4 +0,0 @@
 ---
 db_name: 'breccia'
 db_user: 'breccia'
 db_pass: 'breccia'
--- a/roles/webserver/defaults/main.yml
+++ b/roles/webserver/defaults/main.yml
@@ -1,22 +0,0 @@
 ---
 deploy_mode_dict:
  1: Production
  2: Staging
  3: Development
 deploy_mode: 3
 secret_key: '{{ lookup("password", "/dev/null") }}'
 parent_project_name: 'BRECcIA'
 project_name: 'breccia-mapper'
 project_full_name: 'breccia_mapper'
 project_dir: '/var/www/{{ project_name }}'
 venv_dir: '{{ project_dir }}/venv'
 web_user: nginx
 web_group: nginx
 db_name: '{{ project_name }}'
 db_user: 'breccia'
 db_pass: 'breccia'
 display_short_name: 'BRECcIA'
 display_long_name: 'BRECcIA Mapper'
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -1,255 +0,0 @@
 ---
 - name: Test connection
  ping:
 - name: Enable EPEL
  yum:
    name: epel-release
    state: latest
 - name: Update system packages
  yum:
    name: '*'
    state: latest
 - name: Enable RedHat Software Collections - RHEL
  rhsm_repository:
    name: rhel-server-rhscl-7-rpms
  when: ansible_distribution == "RedHat"
 - name: Enable RedHat Software Collections - CentOS
  yum:
    name: centos-release-scl
    state: latest
  when: ansible_distribution == "CentOS"
 - name: Install system prerequisites
  yum:
    name: '{{ packages }}'
    state: latest
  vars:
    packages:
      - gcc
      - git
      - rh-nginx114
      - rh-python36
      - policycoreutils-python
      - python
      - python-setuptools
      - python2-cryptography
 - name: (Vagrant only) Clone / update from local repo
  git:
    repo: '/vagrant'
    dest: '{{ project_dir }}'
  when: vagrant_dir.stat.exists == True
 - name: (Vagrant only) Copy local settings file
  copy:
    src: '{{ settings_file | default("settings.ini") }}'
    dest: '{{ project_dir }}/settings.ini'
    owner: '{{ web_user }}'
    group: '{{ web_group }}'
    mode: 0600
  when: vagrant_dir.stat.exists == True
 - name: (Vagrant only) Add DB to settings file
  ini_file:
    path: '{{ project_dir }}/settings.ini'
    section: settings
    option: DATABASE_URL
    value: 'mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}'
  when: vagrant_dir.stat.exists == True
 - name: Copy deploy key
  copy:
    src: '{{ deployment_keyfile }}'
    dest: '/tmp/deployment-key'
    mode: 0600
  when: vagrant_dir.stat.exists == False and deployment_keyfile is defined
 - name: Clone / update from source repo
  git:
    repo: 'git@github.com:Southampton-RSG/breccia-mapper.git'
    dest: '{{ project_dir }}'
    key_file: '{{ "/tmp/deployment-key" if deployment_keyfile is defined else None }}'
    version: '{{ branch | default ("master") }}'
    accept_hostkey: yes
  when: vagrant_dir.stat.exists == False
 - name: Copy customisation deploy key
  copy:
    src: '{{ customisation_repo_keyfile }}'
    dest: '/tmp/deployment-key-customisation'
    mode: 0600
  when: customisation_repo_keyfile is defined
 - name: Clone / update from customisation repo
  git:
    repo: '{{ customisation_repo }}'
    dest: '{{ project_dir }}/custom'
    key_file: '{{ "/tmp/deployment-key-customisation" if customisation_repo_keyfile is defined else None }}'
    version: '{{ branch | default ("master") }}'
    accept_hostkey: yes
  when: customisation_repo is defined
 - name: Copy and populate settings template
  template:
    src: 'settings.j2'
    dest: '{{ project_dir }}/settings.ini'
    owner: '{{ web_user }}'
    group: '{{ web_group }}'
    mode: 0600
  when: vagrant_dir.stat.exists == False
 - name: Set ownership of source directory
  file:
    path: '{{ project_dir }}'
    owner: '{{ web_user }}'
    group: '{{ web_group }}'
    recurse: yes
 - name: Create venv
  shell: |
    source scl_source enable rh-python36
    python3 -m venv {{ venv_dir }}
 - name: Install pip requirements
  pip:
    requirements: '{{ project_dir }}/requirements.txt'
    virtualenv: '{{ venv_dir }}'
 - name: Create static directory
  file:
    path: '{{ project_dir }}/static'
    state: directory
    owner: '{{ web_user }}'
    group: '{{ web_group }}'
    mode: 0755
 - name: Run Django setup stages
  django_manage:
    command: '{{ item }}'
    app_path: '{{ project_dir }}'
    virtualenv: '{{ venv_dir }}'
  become_user: '{{ web_user }}'
  with_items:
    - dbbackup
    - migrate
    - collectstatic
 - name: Apply SELinux type
  file:
    path: '{{ project_dir }}/static'
    state: directory
    setype: httpd_sys_content_t
 - name: (Not production) Set SELinux permissive mode
  selinux_permissive:
    name: httpd_t
    permissive: yes
  when: deploy_mode > 1
 - name: Install uWSGI
  shell: |
    source scl_source enable rh-python36
    pip3 install uwsgi
 - name: Setup uWSGI config
  file:
    path: /etc/uwsgi/sites
    state: directory
    mode: 0755
 - name: Setup uWSGI service
  template:
    src: uwsgi-service.j2
    dest: /etc/systemd/system/uwsgi.service
 - name: Ensure uWSGI running
  service:
    name: uwsgi
    state: started
    enabled: yes
    daemon_reload: yes
 - name: Copy web config files
  template:
    src: uwsgi-site.j2
    dest: '/etc/uwsgi/sites/{{ project_name }}.ini'
 - name: Generate self-signed SSL certificate
  block:
    - name: Create directories
      file:
        path: "{{ item }}"
        state: directory
      with_items:
        - /etc/ssl
        - /etc/ssl/crt
        - /etc/ssl/private
        - /etc/ssl/csr
    - name: Create keys
      openssl_privatekey:
        path: /etc/ssl/private/{{ inventory_hostname }}.pem
        owner: '{{ web_user }}'
        group: '{{ web_user }}'
    - name: Create Certificate Signing Request (CSR)
      openssl_csr:
        path: /etc/ssl/csr/{{ inventory_hostname }}.csr
        privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
        common_name: "{{ inventory_hostname }}"
        owner: '{{ web_user }}'
        group: '{{ web_user }}'
    - name: Generate certificate
      openssl_certificate:
        path: /etc/ssl/crt/{{ inventory_hostname }}.crt
        privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
        csr_path: /etc/ssl/csr/{{ inventory_hostname }}.csr
        provider: selfsigned
        owner: '{{ web_user }}'
        group: '{{ web_user }}'
    - name: Copy Nginx site
      template:
        src: nginx-site-ssl.j2
        dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}-ssl.conf'
        owner: '{{ web_user }}'
        group: '{{ web_group }}'
  when: deploy_mode > 1
 - name: Copy Nginx site
  template:
    src: nginx-site.j2
    dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}.conf'
    owner: '{{ web_user }}'
    group: '{{ web_group }}'
 - name: Restart uWSGI and Nginx
  service:
    name: "{{ item }}"
    state: restarted
    enabled: yes
    daemon_reload: yes
  with_items:
    - uwsgi
    - rh-nginx114-nginx
 - name: Populate service facts
  service_facts:
 - name: Open webserver ports on firewall
  firewalld:
    service: '{{ item }}'
    state: enabled
    permanent: yes
    immediate: yes
  loop:
    - ssh
    - http
    - https
  when: ansible_facts.services['firewalld.service'] is defined and ansible_facts.services['firewalld.service'].state == 'running'
--- a/roles/webserver/templates/nginx-site-ssl.j2
+++ b/roles/webserver/templates/nginx-site-ssl.j2
@@ -1,28 +0,0 @@
 server {
    # HTTP/2 allows requests to be pipelined within a single connection
    listen 443 ssl http2;
    server_name {{ inventory_hostname }} localhost 127.0.0.1;
    ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt;
    ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem;
    ssl_protocols TLSv1.2;
    # Cache and tickets improve performance by ~10% on small requests
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 4h;
    ssl_session_tickets on;
    location /favicon.ico {
        alias {{ project_dir }}/static/img/favicon.ico;
    }
    location /static/ {
        alias {{ project_dir }}/static/;
    }
    location / {
        include     uwsgi_params;
        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
        uwsgi_buffers 256 16k;
    }
 }
--- a/roles/webserver/templates/nginx-site.j2
+++ b/roles/webserver/templates/nginx-site.j2
@@ -1,17 +0,0 @@
 server {
    listen 80;
    server_name {{ inventory_hostname }} localhost 127.0.0.1;
    location /favicon.ico {
        alias {{ project_dir }}/static/img/favicon.ico;
    }
    location /static/ {
        alias {{ project_dir }}/static/;
    }
    location / {
        include     uwsgi_params;
        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
    }
 }
--- a/roles/webserver/templates/settings.j2
+++ b/roles/webserver/templates/settings.j2
@@ -1,30 +0,0 @@
 # Template populated on {{ template_run_date }}
 [settings]
 SECRET_KEY={{ secret_key }}
 DEBUG={{ "True" if deploy_mode > 1 else "False" }}
 DATABASE_URL=mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}
 {% if allowed_hosts is defined %}
 ALLOWED_HOSTS={% for h in allowed_hosts %}{{ h }},{% endfor %}
 {% else %}
 ALLOWED_HOSTS={{ inventory_hostname }},localhost,127.0.0.1
 {% endif %}
 PARENT_PROJECT_NAME={{ parent_project_name }}
 PROJECT_SHORT_NAME={{ display_short_name }}
 PROJECT_LONG_NAME={{ display_long_name }}
 {% if email_host is defined %}
 EMAIL_HOST={{ email_host }}
 {% endif %}
 {% if default_from_email is defined %}
 DEFAULT_FROM_EMAIL={{ default_from_email }}
 {% endif %}
 {% if email_port is defined %}
 EMAIL_PORT={{ email_port }}
 {% endif %}
 {% if google_maps_api_key is defined %}
 GOOGLE_MAPS_API_KEY={{ google_maps_api_key }}
 {% endif %}
--- a/roles/webserver/templates/uwsgi-service.j2
+++ b/roles/webserver/templates/uwsgi-service.j2
@@ -1,13 +0,0 @@
 [Unit]
 Description=uWSGI Emperor Service
 [Service]
 ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown {{ web_user }}:{{ web_group }} /run/uwsgi; source scl_source rh-python36'
 ExecStart=/bin/scl enable rh-python36 "uwsgi --emperor /etc/uwsgi/sites"
 Restart=always
 KillSignal=SIGQUIT
 Type=notify
 NotifyAccess=all
 [Install]
 WantedBy=multi-user.target
--- a/roles/webserver/templates/uwsgi-site.j2
+++ b/roles/webserver/templates/uwsgi-site.j2
@@ -1,19 +0,0 @@
 [uwsgi]
 project = {{ project_name }}
 uid = {{ web_user }}
 gid = {{ web_group }}
 base = /var/www
 chdir = %(base)/%(project)
 home = {{ venv_dir }}
 module = {{ project_full_name }}.wsgi:application
 logto = %(chdir)/%(project).log
 master = true
 processes = 2
 listen = 128
 socket = /run/uwsgi/%(project).sock
 chown-socket = %(uid):{{ web_group }}
 chmod-socket = 660
 vacuum = true