From 0195d26817b5522fb8e834793b4b9174657fcddd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Tue, 11 Jul 2017 23:29:11 +0200
Subject: [PATCH] ansible WIP, adapted from
https://github.com/baxeico/django_ansible.git
Former-commit-id: 8604e2d429d7460cf4228a9ea9c035dbfbf5f762
---
ansible/ansible.sh | 2 ++
ansible/config_files.yaml | 18 ++++++++++++++++
ansible/deploy.yaml | 43 +++++++++++++++++++++++++++++++++++++++
ansible/host_vars/ippidb | 11 ++++++++++
ansible/hosts | 1 +
ansible/packages.yaml | 20 ++++++++++++++++++
ansible/postgresql.yaml | 13 ++++++++++++
ansible/system.yaml | 10 +++++++++
ansible/upgrade.yaml | 10 +++++++++
9 files changed, 128 insertions(+)
create mode 100755 ansible/ansible.sh
create mode 100644 ansible/config_files.yaml
create mode 100644 ansible/deploy.yaml
create mode 100644 ansible/host_vars/ippidb
create mode 100644 ansible/hosts
create mode 100644 ansible/packages.yaml
create mode 100644 ansible/postgresql.yaml
create mode 100644 ansible/system.yaml
create mode 100644 ansible/upgrade.yaml
diff --git a/ansible/ansible.sh b/ansible/ansible.sh
new file mode 100755
index 00000000..3da58cbd
--- /dev/null
+++ b/ansible/ansible.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+ansible-playbook -i ./hosts $1
\ No newline at end of file
diff --git a/ansible/config_files.yaml b/ansible/config_files.yaml
new file mode 100644
index 00000000..4615f84e
--- /dev/null
+++ b/ansible/config_files.yaml
@@ -0,0 +1,18 @@
+---
+- name: Copy configuration files
+ hosts: all
+ gather_facts: no
+
+ tasks:
+ - name: nginx config file
+ template: src=../config/nginx.conf dest=/etc/nginx/sites-enabled/django
+ register: nginx_config
+ - name: nginx restart
+ service: name=nginx state=restarted
+ when: nginx_config.changed
+ - name: uwsgi config file
+ template: src=../config/uwsgi.ini dest=/etc/uwsgi/apps-enabled/django.ini
+ register: uwsgi_config
+ - name: uwsgi restart
+ service: name=uwsgi state=restarted
+ when: uwsgi_config.changed
diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
new file mode 100644
index 00000000..b4b9d2d9
--- /dev/null
+++ b/ansible/deploy.yaml
@@ -0,0 +1,43 @@
+---
+- hosts: all
+ become: yes
+ become_user: ubuntu
+ gather_facts: no
+
+ tasks:
+ - name: pull branch master
+ git:
+ repo={{ repo_url }}/{{ repo }}.git
+ dest={{ repo_dir }}
+ accept_hostkey=yes
+
+- hosts: all
+ gather_facts: no
+ tasks:
+ - name: install python requirements
+ pip: requirements={{ repo_dir }}/requirements.txt extra_args=--upgrade
+
+- hosts: all
+ become: yes
+ become_user: ippidb
+ gather_facts: no
+ #environment:
+ #DJANGO_SETTINGS_MODULE: "{{ django_project }}.settings.production"
+ #DATABASE_URL: postgres://{{ dbuser }}:{{ dbpassword }}@localhost/{{ dbname }}
+ #STATIC_ROOT: "{{ static_dir }}"
+
+ tasks:
+ - name: create static_root dir
+ file: path={{ static_dir }} state=directory mode=0755
+ - name: django collectstatic
+ shell: ./manage.py collectstatic --noinput chdir={{ django_dir }}
+ - name: django migrate
+ shell: ./manage.py migrate --noinput chdir={{ django_dir }}
+ - name: django loaddata
+ shell: ./manage.py loaddata user chdir={{ django_dir }}
+
+- hosts: all
+ gather_facts: no
+ tasks:
+ - name: uwsgi restart
+ service: name=uwsgi state=restarted
diff --git a/ansible/host_vars/ippidb b/ansible/host_vars/ippidb
new file mode 100644
index 00000000..0e2b0412
--- /dev/null
+++ b/ansible/host_vars/ippidb
@@ -0,0 +1,11 @@
+---
+repo_url: ssh://git@bitbucket.org/youruser
+repo: yourproject
+home_dir: /home/ubuntu
+repo_dir: "{{ home_dir }}/{{ repo }}"
+django_dir: "{{ repo_dir }}/django"
+static_dir: "{{ home_dir }}/static"
+django_project: yourproject
+dbname: django
+dbuser: django
+dbpassword: "{{ lookup('password', 'postgresqlpasswd') }}"
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 00000000..525948e7
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1 @@
+ippidb
diff --git a/ansible/packages.yaml b/ansible/packages.yaml
new file mode 100644
index 00000000..5ac686a5
--- /dev/null
+++ b/ansible/packages.yaml
@@ -0,0 +1,20 @@
+---
+- hosts: all
+ gather_facts: no
+ tasks:
+ - name: Running apt update
+ apt: update_cache=yes
+ - name: Installing required packages
+ apt: name={{item}} state=present
+ with_items:
+ - fail2ban
+ - postgresql
+ - postgresql-client
+ - git
+ - python-pip
+ - rdiff-backup
+ - libpq-dev
+ - python-psycopg2
+ - uwsgi
+ - uwsgi-plugin-python
+ - nginx
diff --git a/ansible/postgresql.yaml b/ansible/postgresql.yaml
new file mode 100644
index 00000000..58c90c2b
--- /dev/null
+++ b/ansible/postgresql.yaml
@@ -0,0 +1,13 @@
+---
+- hosts: all
+ become: yes
+ become_user: postgres
+ gather_facts: no
+
+ tasks:
+ - name: ensure database is created
+ postgresql_db: name={{dbname}}
+ - name: ensure user has access to database
+ postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+ - name: ensure user does not have unnecessary privilege
+ postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
diff --git a/ansible/system.yaml b/ansible/system.yaml
new file mode 100644
index 00000000..e578d006
--- /dev/null
+++ b/ansible/system.yaml
@@ -0,0 +1,10 @@
+---
+- hosts: all
+ gather_facts: no
+ tasks:
+ - name: Create ubuntu user
+ user: name=ubuntu generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
+ - name: Read SSH public key
+ slurp: src=/home/ubuntu/.ssh/id_rsa.pub
+ register: public_key
+ - debug: msg="{{ public_key['content'] | b64decode }}"
diff --git a/ansible/upgrade.yaml b/ansible/upgrade.yaml
new file mode 100644
index 00000000..bcfed626
--- /dev/null
+++ b/ansible/upgrade.yaml
@@ -0,0 +1,10 @@
+---
+- hosts: all
+ gather_facts: no
+ tasks:
+ - name: Running update and safe-upgrade
+ apt:
+ update_cache=yes
+ upgrade=safe
+ register: result
+ - debug: var=result.stdout_lines
--
GitLab