me/breccia-mapper
1
0
Fork 0
mirror of https://github.com/Southampton-RSG/breccia-mapper.git synced 2026-03-03 11:27:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
567322c0af0cb61a87b4a4f2cbf8e8ab286fe8dc
breccia-mapper/roles/webserver/tasks/main.yml
James Graham 2b0ba8d12e deploy: Add deployment keyfile variables to inventory
2020-04-17 11:38:10 +01:00

256 lines
6.3 KiB
YAML
Raw Blame History

---
- name: Test connection
ping:
- name: Enable EPEL
yum:
name: epel-release
state: latest
- name: Update system packages
yum:
name: '*'
state: latest
- name: Enable RedHat Software Collections - RHEL
rhsm_repository:
name: rhel-server-rhscl-7-rpms
when: ansible_distribution == "RedHat"
- name: Enable RedHat Software Collections - CentOS
yum:
name: centos-release-scl
state: latest
when: ansible_distribution == "CentOS"
- name: Install system prerequisites
yum:
name: '{{ packages }}'
state: latest
vars:
packages:
- gcc
- git
- rh-nginx114
- rh-python36
- policycoreutils-python
- python
- python-setuptools
- python2-cryptography
- name: (Vagrant only) Clone / update from local repo
git:
repo: '/vagrant'
dest: '{{ project_dir }}'
when: vagrant_dir.stat.exists == True
- name: (Vagrant only) Copy local settings file
copy:
src: '{{ settings_file | default("settings.ini") }}'
dest: '{{ project_dir }}/settings.ini'
owner: '{{ web_user }}'
group: '{{ web_group }}'
mode: 0600
when: vagrant_dir.stat.exists == True
- name: (Vagrant only) Add DB to settings file
ini_file:
path: '{{ project_dir }}/settings.ini'
section: settings
option: DATABASE_URL
value: 'mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}'
when: vagrant_dir.stat.exists == True
- name: Copy deploy key
copy:
src: '{{ deployment_keyfile }}'
dest: '/tmp/deployment-key'
mode: 0600
when: vagrant_dir.stat.exists == False and deployment_keyfile is defined
- name: Clone / update from source repo
git:
repo: 'git@github.com:Southampton-RSG/breccia-mapper.git'
dest: '{{ project_dir }}'
key_file: '{{ "/tmp/deployment-key" if deployment_keyfile is defined else None }}'
version: '{{ branch | default ("master") }}'
accept_hostkey: yes
when: vagrant_dir.stat.exists == False
- name: Copy customisation deploy key
copy:
src: '{{ customisation_repo_keyfile }}'
dest: '/tmp/deployment-key-customisation'
mode: 0600
when: customisation_repo_keyfile is defined
- name: Clone / update from customisation repo
git:
repo: '{{ customisation_repo }}'
dest: '{{ project_dir }}/custom'
key_file: '{{ "/tmp/deployment-key-customisation" if customisation_repo_keyfile is defined else None }}'
version: '{{ branch | default ("master") }}'
accept_hostkey: yes
when: customisation_repo is defined
- name: Copy and populate settings template
template:
src: 'settings.j2'
dest: '{{ project_dir }}/settings.ini'
owner: '{{ web_user }}'
group: '{{ web_group }}'
mode: 0600
when: vagrant_dir.stat.exists == False
- name: Set ownership of source directory
file:
path: '{{ project_dir }}'
owner: '{{ web_user }}'
group: '{{ web_group }}'
recurse: yes
- name: Create venv
shell: |
source scl_source enable rh-python36
python3 -m venv {{ venv_dir }}
- name: Install pip requirements
pip:
requirements: '{{ project_dir }}/requirements.txt'
virtualenv: '{{ venv_dir }}'
- name: Create static directory
file:
path: '{{ project_dir }}/static'
state: directory
owner: '{{ web_user }}'
group: '{{ web_group }}'
mode: 0755
- name: Run Django setup stages
django_manage:
command: '{{ item }}'
app_path: '{{ project_dir }}'
virtualenv: '{{ venv_dir }}'
become_user: '{{ web_user }}'
with_items:
- dbbackup
- migrate
- collectstatic
- name: Apply SELinux type
file:
path: '{{ project_dir }}/static'
state: directory
setype: httpd_sys_content_t
- name: (Not production) Set SELinux permissive mode
selinux_permissive:
name: httpd_t
permissive: yes
when: deploy_mode > 1
- name: Install uWSGI
shell: |
source scl_source enable rh-python36
pip3 install uwsgi
- name: Setup uWSGI config
file:
path: /etc/uwsgi/sites
state: directory
mode: 0755
- name: Setup uWSGI service
template:
src: uwsgi-service.j2
dest: /etc/systemd/system/uwsgi.service
- name: Ensure uWSGI running
service:
name: uwsgi
state: started
enabled: yes
daemon_reload: yes
- name: Copy web config files
template:
src: uwsgi-site.j2
dest: '/etc/uwsgi/sites/{{ project_name }}.ini'
- name: Generate self-signed SSL certificate
block:
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- /etc/ssl
- /etc/ssl/crt
- /etc/ssl/private
- /etc/ssl/csr
- name: Create keys
openssl_privatekey:
path: /etc/ssl/private/{{ inventory_hostname }}.pem
owner: '{{ web_user }}'
group: '{{ web_user }}'
- name: Create Certificate Signing Request (CSR)
openssl_csr:
path: /etc/ssl/csr/{{ inventory_hostname }}.csr
privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
common_name: "{{ inventory_hostname }}"
owner: '{{ web_user }}'
group: '{{ web_user }}'
- name: Generate certificate
openssl_certificate:
path: /etc/ssl/crt/{{ inventory_hostname }}.crt
privatekey_path: /etc/ssl/private/{{ inventory_hostname }}.pem
csr_path: /etc/ssl/csr/{{ inventory_hostname }}.csr
provider: selfsigned
owner: '{{ web_user }}'
group: '{{ web_user }}'
- name: Copy Nginx site
template:
src: nginx-site-ssl.j2
dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}-ssl.conf'
owner: '{{ web_user }}'
group: '{{ web_group }}'
when: deploy_mode > 1
- name: Copy Nginx site
template:
src: nginx-site.j2
dest: '/etc/opt/rh/rh-nginx114/nginx/conf.d/{{ project_name }}.conf'
owner: '{{ web_user }}'
group: '{{ web_group }}'
- name: Restart uWSGI and Nginx
service:
name: "{{ item }}"
state: restarted
enabled: yes
daemon_reload: yes
with_items:
- uwsgi
- rh-nginx114-nginx
- name: Populate service facts
service_facts:
- name: Open webserver ports on firewall
firewalld:
service: '{{ item }}'
state: enabled
permanent: yes
immediate: yes
loop:
- ssh
- http
- https
when: ansible_facts.services['firewalld.service'] is defined and ansible_facts.services['firewalld.service'].state == 'running'
Reference in New Issue View Git Blame Copy Permalink