build: remove old Ansible roles

2026-03-03 11:27:09 +00:00 · 2022-03-16 15:13:59 +00:00
parent a5a954ee7d
commit ba6701ee67
9 changed files with 0 additions and 425 deletions
--- a/roles/database/tasks/main.yml
+++ b/roles/database/tasks/main.yml
@@ -1,37 +0,0 @@
---
- name: Update system packages
-  yum:
-    name: '*'
-    state: latest
-
- name: Install system prerequisites
-  yum:
-    name: '{{ packages }}'
-    state: latest
-  vars:
-    packages:
-      - mariadb
-      - mariadb-devel
-      - mariadb-server
-      - python
-      # For Ansible - not used at runtime
-      - MySQL-python
-
- name: Restart database server
-  service:
-    name: mariadb
-    state: restarted
-    enabled: yes
-    daemon_reload: yes
-
- name: Create database
-  mysql_db:
-    name: '{{ db_name }}'
-    state: present
-
- name: Create database user
-  mysql_user:
-    name: '{{ db_user }}'
-    password: '{{ db_pass }}'
-    state: present
-    priv: '{{ db_name }}.*:ALL'
--- a/roles/defaults/main.yml
+++ b/roles/defaults/main.yml
@@ -1,4 +0,0 @@
---
-db_name: 'breccia'
-db_user: 'breccia'
-db_pass: 'breccia'
--- a/roles/webserver/defaults/main.yml
+++ b/roles/webserver/defaults/main.yml
@@ -1,22 +0,0 @@
---
-deploy_mode_dict:
-  1: Production
-  2: Staging
-  3: Development
-deploy_mode: 3
-
-secret_key: '{{ lookup("password", "/dev/null") }}'
-
-parent_project_name: 'BRECcIA'
-project_name: 'breccia-mapper'
-project_full_name: 'breccia_mapper'
-project_dir: '/var/www/{{ project_name }}'
-venv_dir: '{{ project_dir }}/venv'
-web_user: nginx
-web_group: nginx
-db_name: '{{ project_name }}'
-db_user: 'breccia'
-db_pass: 'breccia'
-
-display_short_name: 'BRECcIA'
-display_long_name: 'BRECcIA Mapper'
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -1,255 +0,0 @@
---
- name: Test connection
-  ping:
-
- name: Enable EPEL
-  yum:
-    name: epel-release
-    state: latest
-
- name: Update system packages
-  yum:
-    name: '*'
-    state: latest
-
- name: Enable RedHat Software Collections - RHEL
-  rhsm_repository:
-    name: rhel-server-rhscl-7-rpms
-  when: ansible_distribution == "RedHat"
-
- name: Enable RedHat Software Collections - CentOS
-  yum:
-    name: centos-release-scl
-    state: latest
-  when: ansible_distribution == "CentOS"
-
- name: Install system prerequisites
-  yum:
-    name: '{{ packages }}'
-    state: latest
-  vars:
-    packages:
-      - gcc
-      - git
-      - rh-nginx114
-      - rh-python36
-      - policycoreutils-python
-      - python
-      - python-setuptools
-      - python2-cryptography
-
- name: (Vagrant only) Clone / update from local repo
-  git:
-    repo: '/vagrant'
-    dest: '{{ project_dir }}'
-  when: vagrant_dir.stat.exists == True
-
- name: (Vagrant only) Copy local settings file
-  copy:
-    src: '{{ settings_file | default("settings.ini") }}'
-    dest: '{{ project_dir }}/settings.ini'
-    owner: '{{ web_user }}'
-    group: '{{ web_group }}'
-    mode: 0600
-  when: vagrant_dir.stat.exists == True
-
- name: (Vagrant only) Add DB to settings file
-  ini_file:
-    path: '{{ project_dir }}/settings.ini'
-    section: settings
-    option: DATABASE_URL
-    value: 'mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}'
-  when: vagrant_dir.stat.exists == True
-
- name: Copy deploy key
-  copy:
-    src: '{{ deployment_keyfile }}'
-    dest: '/tmp/deployment-key'
-    mode: 0600
-  when: vagrant_dir.stat.exists == False and deployment_keyfile is defined
-
- name: Clone / update from source repo
-  git:
-    repo: 'git@github.com:Southampton-RSG/breccia-mapper.git'
-    dest: '{{ project_dir }}'
-    key_file: '{{ "/tmp/deployment-key" if deployment_keyfile is defined else None }}'
-    version: '{{ branch | default ("master") }}'
-    accept_hostkey: yes
-  when: vagrant_dir.stat.exists == False
-
- name: Copy customisation deploy key
-  copy:
-    src: '{{ customisation_repo_keyfile }}'
-    dest: '/tmp/deployment-key-customisation'
-    mode: 0600
-  when: customisation_repo_keyfile is defined
-
- name: Clone / update from customisation repo
-  git:
-    repo: '{{ customisation_repo }}'
-    dest: '{{ project_dir }}/custom'
-    key_file: '{{ "/tmp/deployment-key-customisation" if customisation_repo_keyfile is defined else None }}'
-    version: '{{ branch | default ("master") }}'
-    accept_hostkey: yes
-  when: customisation_repo is defined
-
- name: Copy and populate settings template
-  template:
-    src: 'settings.j2'
-    dest: '{{ project_dir }}/settings.ini'
-    owner: '{{ web_user }}'
-    group: '{{ web_group }}'
-    mode: 0600
-  when: vagrant_dir.stat.exists == False
-
- name: Set ownership of source directory
-  file:
-    path: '{{ project_dir }}'
-    owner: '{{ web_user }}'
-    group: '{{ web_group }}'
-    recurse: yes
-
- name: Create venv
-  shell: |
-    source scl_source enable rh-python36
-    python3 -m venv {{ venv_dir }}
-
- name: Install pip requirements
-  pip:
-    requirements: '{{ project_dir }}/requirements.txt'
-    virtualenv: '{{ venv_dir }}'
-
- name: Create static directory
-  file:
-    path: '{{ project_dir }}/static'
-    state: directory
-    owner: '{{ web_user }}'
-    group: '{{ web_group }}'
-    mode: 0755
-
- name: Run Django setup stages
-  django_manage:
-    command: '{{ item }}'
-    app_path: '{{ project_dir }}'
-    virtualenv: '{{ venv_dir }}'
-  become_user: '{{ web_user }}'
-  with_items:
-    - dbbackup
-    - migrate
-    - collectstatic
-
- name: Apply SELinux type
-  file:
-    path: '{{ project_dir }}/static'
-    state: directory
-    setype: httpd_sys_content_t
-
- name: (Not production) Set SELinux permissive mode
-  selinux_permissive:
-    name: httpd_t
-    permissive: yes
-  when: deploy_mode > 1
-
- name: Install uWSGI
-  shell: |
-    source scl_source enable rh-python36
-    pip3 install uwsgi
-
- name: Setup uWSGI config
-  file:
-    path: /etc/uwsgi/sites
-    state: directory
-    mode: 0755
-
- name: Setup uWSGI service
-  template:
-    src: uwsgi-service.j2
-    dest: /etc/systemd/system/uwsgi.service
-
- name: Ensure uWSGI running
-  service:
-    name: uwsgi
-    state: started
-    enabled: yes
-    daemon_reload: yes
-
- name: Copy web config files
-  template:
-    src: uwsgi-site.j2
-    dest: '/etc/uwsgi/sites/{{ project_name }}.ini'
-
- name: Generate self-signed SSL certificate
-  block:
-    - name: Create directories
-      file:
-        path: "{{ item }}"
-        state: directory
-      with_items:
-        - /etc/ssl
-        - /etc/ssl/crt
-        - /etc/ssl/private
-        - /etc/ssl/csr
-
-    - name: Create keys
-      openssl_privatekey:
-        path: /etc/ssl/private/{{ inventory_hostname }}.pem
-        owner: '{{ web_user }}'
-        group: '{{ web_user }}'
-
-    - name: Create Certificate Signing Request (CSR)
-      openssl_csr:
-        path: /etc/ssl/csr/{{ inventory_hostname }}.csr
-        privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
-        common_name: "{{ inventory_hostname }}"
-        owner: '{{ web_user }}'
-        group: '{{ web_user }}'
-
-    - name: Generate certificate
-      openssl_certificate:
-        path: /etc/ssl/crt/{{ inventory_hostname }}.crt
-        privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
-        csr_path: /etc/ssl/csr/{{ inventory_hostname }}.csr
-        provider: selfsigned
-        owner: '{{ web_user }}'
-        group: '{{ web_user }}'
-
-    - name: Copy Nginx site
-      template:
-        src: nginx-site-ssl.j2
-        dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}-ssl.conf'
-        owner: '{{ web_user }}'
-        group: '{{ web_group }}'
-
-  when: deploy_mode > 1
-
- name: Copy Nginx site
-  template:
-    src: nginx-site.j2
-    dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}.conf'
-    owner: '{{ web_user }}'
-    group: '{{ web_group }}'
-
- name: Restart uWSGI and Nginx
-  service:
-    name: "{{ item }}"
-    state: restarted
-    enabled: yes
-    daemon_reload: yes
-  with_items:
-    - uwsgi
-    - rh-nginx114-nginx
-
- name: Populate service facts
-  service_facts:
-
- name: Open webserver ports on firewall
-  firewalld:
-    service: '{{ item }}'
-    state: enabled
-    permanent: yes
-    immediate: yes
-  loop:
-    - ssh
-    - http
-    - https
-  when: ansible_facts.services['firewalld.service'] is defined and ansible_facts.services['firewalld.service'].state == 'running'
--- a/roles/webserver/templates/nginx-site-ssl.j2
+++ b/roles/webserver/templates/nginx-site-ssl.j2
@@ -1,28 +0,0 @@
-server {
-    # HTTP/2 allows requests to be pipelined within a single connection
-    listen 443 ssl http2;
-    server_name {{ inventory_hostname }} localhost 127.0.0.1;
-
-    ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt;
-    ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem;
-    ssl_protocols TLSv1.2;
-
-    # Cache and tickets improve performance by ~10% on small requests
-    ssl_session_cache shared:SSL:1m;
-    ssl_session_timeout 4h;
-    ssl_session_tickets on;
-
-    location /favicon.ico {
-        alias {{ project_dir }}/static/img/favicon.ico;
-    }
-
-    location /static/ {
-        alias {{ project_dir }}/static/;
-    }
-
-    location / {
-        include     uwsgi_params;
-        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
-        uwsgi_buffers 256 16k;
-    }
-}
--- a/roles/webserver/templates/nginx-site.j2
+++ b/roles/webserver/templates/nginx-site.j2
@@ -1,17 +0,0 @@
-server {
-    listen 80;
-    server_name {{ inventory_hostname }} localhost 127.0.0.1;
-
-    location /favicon.ico {
-        alias {{ project_dir }}/static/img/favicon.ico;
-    }
-
-    location /static/ {
-        alias {{ project_dir }}/static/;
-    }
-
-    location / {
-        include     uwsgi_params;
-        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
-    }
-}
--- a/roles/webserver/templates/settings.j2
+++ b/roles/webserver/templates/settings.j2
@@ -1,30 +0,0 @@
-# Template populated on {{ template_run_date }}
-[settings]
-
-SECRET_KEY={{ secret_key }}
-DEBUG={{ "True" if deploy_mode > 1 else "False" }}
-DATABASE_URL=mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}
-
-{% if allowed_hosts is defined %}
-ALLOWED_HOSTS={% for h in allowed_hosts %}{{ h }},{% endfor %}
-{% else %}
-ALLOWED_HOSTS={{ inventory_hostname }},localhost,127.0.0.1
-{% endif %}
-
-PARENT_PROJECT_NAME={{ parent_project_name }}
-PROJECT_SHORT_NAME={{ display_short_name }}
-PROJECT_LONG_NAME={{ display_long_name }}
-
-{% if email_host is defined %}
-EMAIL_HOST={{ email_host }}
-{% endif %}
-{% if default_from_email is defined %}
-DEFAULT_FROM_EMAIL={{ default_from_email }}
-{% endif %}
-{% if email_port is defined %}
-EMAIL_PORT={{ email_port }}
-{% endif %}
-
-{% if google_maps_api_key is defined %}
-GOOGLE_MAPS_API_KEY={{ google_maps_api_key }}
-{% endif %}
--- a/roles/webserver/templates/uwsgi-service.j2
+++ b/roles/webserver/templates/uwsgi-service.j2
@@ -1,13 +0,0 @@
-[Unit]
-Description=uWSGI Emperor Service
-
-[Service]
-ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown {{ web_user }}:{{ web_group }} /run/uwsgi; source scl_source rh-python36'
-ExecStart=/bin/scl enable rh-python36 "uwsgi --emperor /etc/uwsgi/sites"
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/webserver/templates/uwsgi-site.j2
+++ b/roles/webserver/templates/uwsgi-site.j2
@@ -1,19 +0,0 @@
-[uwsgi]
-project = {{ project_name }}
-uid = {{ web_user }}
-gid = {{ web_group }}
-base = /var/www
-
-chdir = %(base)/%(project)
-home = {{ venv_dir }}
-module = {{ project_full_name }}.wsgi:application
-logto = %(chdir)/%(project).log
-
-master = true
-processes = 2
-listen = 128
-
-socket = /run/uwsgi/%(project).sock
-chown-socket = %(uid):{{ web_group }}
-chmod-socket = 660
-vacuum = true