From c5ba09a9db741fa0affde35f318955d3399b9912 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Mon, 7 Aug 2017 15:32:21 +0200
Subject: [PATCH] refactor ansible code between system and deploy playbooks
On the kind advice of Thomas Menard.
Former-commit-id: c0b58e722b07bbcfc7d05fb756e06580a1b5ec11
---
ansible/deploy.yaml | 127 +++++++++++++++++++++++++++++++-------------
ansible/system.yaml | 45 ----------------
2 files changed, 90 insertions(+), 82 deletions(-)
diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index fc31d0e6..3008b6b2 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -3,40 +3,93 @@
become: yes
gather_facts: no
tasks:
- - name: check ansible user
- command: whoami
- - name: stop "generic" httpd service if relevant
- systemd: state=stopped name=httpd
- - name: stop iPPIDB service if relevant
- systemd: state=stopped name=ippidb-web
- - name: pull branch master
- become_user: "{{ deploy_user_name }}"
- git:
- repo=git@gitlab.pasteur.fr:odoppelt/iPPIDB.git
- dest=/home/{{ deploy_user_name }}/iPPIDB
- accept_hostkey=yes
- - name: install python requirements
- pip: requirements=/home/{{ deploy_user_name }}/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
- - name: collect static files
- become_user: "{{ deploy_user_name }}"
- django_manage:
- command: "collectstatic"
- app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
- - name: create mod_wsgi configuration
- django_manage:
- command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
- app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
- - name: restrict access to the web server to specific IPs
- lineinfile: dest=/etc/ippidb-80/httpd.conf
- regexp=''
- insertafter=EOF
- line='<Location '/'>\nRequire all denied\nRequire ip 10.6.108.60\nRequire ip 157.99\n</Location>\n'
- - name: copy systemd service file for IPPIDB-web
- copy:
- remote_src: true
- src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service
- dest: /lib/systemd/system/ippidb-web.service
- owner: root
- group: root
- - name: start iPPIDB service if relevant
- systemd: state=started name=ippidb-web enabled=true
+ #
+ # Install basic non-virtualenv requirements
+ #
+ - name: install git
+ yum: name=git state=present
+ become: true
+ - name: Add repository
+ become: true
+ yum_repository:
+ name: epel
+ description: EPEL YUM repo
+ gpgcheck: no
+ baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
+ - name: install python3
+ yum: name=python34 state=present update_cache=yes
+ become: true
+ - name: install python3 development package
+ yum: name=python34-devel state=present update_cache=yes
+ become: true
+ - name: install setuptools
+ yum: name=python34-setuptools state=present update_cache=yes
+ become: true
+ - name: install pip
+ shell: "easy_install-3.4 pip"
+ become: true
+ - name: install graphviz
+ yum: name=graphviz state=present update_cache=yes
+ become: true
+ - name: install httpd
+ yum: name=httpd state=present update_cache=yes
+ become: true
+ - name: install httpd-devel
+ yum: name=httpd-devel state=present update_cache=yes
+ become: true
+ - name: install mod_wsgi
+ pip: name=mod_wsgi extra_args=--upgrade executable=pip3
+ become: true
+ - name: install graphviz-devel
+ yum: name=graphviz-devel state=present update_cache=yes
+ become: true
+ - name: install the 'Development tools' package group
+ yum:
+ name: "@Development tools"
+ state: present
+ become: true
+ #
+ # Stop web server(s)
+ #
+ - name: stop "generic" httpd service if relevant
+ systemd: state=stopped name=httpd
+ - name: stop iPPIDB service if relevant
+ systemd: state=stopped name=ippidb-web
+ #
+ # Fetch/Update code and prep django app for publication
+ #
+ - name: pull branch master
+ become_user: "{{ deploy_user_name }}"
+ git:
+ repo=git@gitlab.pasteur.fr:odoppelt/iPPIDB.git
+ dest=/home/{{ deploy_user_name }}/iPPIDB
+ accept_hostkey=yes
+ - name: install python requirements
+ pip: requirements=/home/{{ deploy_user_name }}/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
+ - name: collect static files
+ become_user: "{{ deploy_user_name }}"
+ django_manage:
+ command: "collectstatic"
+ app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
+ - name: create mod_wsgi configuration
+ django_manage:
+ command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
+ app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
+ # FIXME: this should obviously be removed before switching to prod. env.
+ - name: restrict access to the web server to specific IPs
+ lineinfile: dest=/etc/ippidb-80/httpd.conf
+ regexp=''
+ insertafter=EOF
+ line='<Location '/'>\nRequire all denied\nRequire ip 10.6.108.60\nRequire ip 157.99\n</Location>\n'
+ - name: copy systemd service file for IPPIDB-web
+ copy:
+ remote_src: true
+ src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service
+ dest: /lib/systemd/system/ippidb-web.service
+ owner: root
+ group: root
+ #
+ # Start web server
+ #
+ - name: start iPPIDB service if relevant
+ systemd: state=started name=ippidb-web enabled=true
diff --git a/ansible/system.yaml b/ansible/system.yaml
index bfc48250..371f051c 100644
--- a/ansible/system.yaml
+++ b/ansible/system.yaml
@@ -50,48 +50,3 @@
permanent: true
state: enabled
become: true
- #
- # Install basic non-virtualenv requirements
- #
- - name: install git
- yum: name=git state=present
- become: true
- - name: Add repository
- become: true
- yum_repository:
- name: epel
- description: EPEL YUM repo
- gpgcheck: no
- baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- - name: install python3
- yum: name=python34 state=present update_cache=yes
- become: true
- - name: install python3 development package
- yum: name=python34-devel state=present update_cache=yes
- become: true
- - name: install setuptools
- yum: name=python34-setuptools state=present update_cache=yes
- become: true
- - name: install pip
- shell: "easy_install-3.4 pip"
- become: true
- - name: install graphviz
- yum: name=graphviz state=present update_cache=yes
- become: true
- - name: install httpd
- yum: name=httpd state=present update_cache=yes
- become: true
- - name: install httpd-devel
- yum: name=httpd-devel state=present update_cache=yes
- become: true
- - name: install mod_wsgi
- pip: name=mod_wsgi extra_args=--upgrade executable=pip3
- become: true
- - name: install graphviz-devel
- yum: name=graphviz-devel state=present update_cache=yes
- become: true
- - name: install the 'Development tools' package group
- yum:
- name: "@Development tools"
- state: present
- become: true
--
GitLab