refactor ansible code between system and deploy playbooks

On the kind advice of Thomas Menard. Former-commit-id: c0b58e722b07bbcfc7d05fb756e06580a1b5ec11

refactor ansible code between system and deploy playbooks
c5ba09a9 · Hervé MENAGER · 33c2dced · c5ba09a9 · c5ba09a9
Commit c5ba09a9 authored 7 years ago by Hervé MENAGER
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -3,40 +3,93 @@
  become: yes
  gather_facts: no
  tasks:
-  - name: check ansible user
-    command: whoami
-  - name: stop "generic" httpd service if relevant
-    systemd: state=stopped name=httpd
-  - name: stop iPPIDB service if relevant
-    systemd: state=stopped name=ippidb-web
-  - name: pull branch master
-    become_user: "{{ deploy_user_name }}"
-    git:
-      repo=git@gitlab.pasteur.fr:odoppelt/iPPIDB.git
-      dest=/home/{{ deploy_user_name }}/iPPIDB
-      accept_hostkey=yes
-  - name: install python requirements
-    pip: requirements=/home/{{ deploy_user_name }}/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
-  - name: collect static files
-    become_user: "{{ deploy_user_name }}"
-    django_manage:
-      command: "collectstatic"
-      app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
-  - name: create mod_wsgi configuration
-    django_manage:
-      command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
-      app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
-  - name: restrict access to the web server to specific IPs
-    lineinfile: dest=/etc/ippidb-80/httpd.conf 
-                regexp=''
-                insertafter=EOF
-                line='<Location '/'>\nRequire all denied\nRequire ip 10.6.108.60\nRequire ip 157.99\n</Location>\n'
-  - name: copy systemd service file for IPPIDB-web
-    copy: 
-      remote_src: true
-      src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service 
-      dest: /lib/systemd/system/ippidb-web.service
-      owner: root
-      group: root
-  - name: start iPPIDB service if relevant
-    systemd: state=started name=ippidb-web enabled=true
+    #
+    # Install basic non-virtualenv requirements
+    #
+    - name: install git
+      yum: name=git state=present
+      become: true
+    - name: Add repository
+      become: true
+      yum_repository:
+        name: epel
+        description: EPEL YUM repo
+        gpgcheck: no
+        baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
+    - name: install python3
+      yum: name=python34 state=present update_cache=yes
+      become: true
+    - name: install python3 development package
+      yum: name=python34-devel state=present update_cache=yes
+      become: true
+    - name: install setuptools
+      yum: name=python34-setuptools state=present update_cache=yes
+      become: true
+    - name: install pip
+      shell: "easy_install-3.4 pip"
+      become: true
+    - name: install graphviz
+      yum: name=graphviz state=present update_cache=yes
+      become: true
+    - name: install httpd
+      yum: name=httpd state=present update_cache=yes
+      become: true
+    - name: install httpd-devel
+      yum: name=httpd-devel state=present update_cache=yes
+      become: true
+    - name: install mod_wsgi
+      pip: name=mod_wsgi extra_args=--upgrade executable=pip3
+      become: true
+    - name: install graphviz-devel
+      yum: name=graphviz-devel state=present update_cache=yes
+      become: true
+    - name: install the 'Development tools' package group
+      yum:
+        name: "@Development tools"
+        state: present
+      become: true
+    #
+    # Stop web server(s)
+    #
+    - name: stop "generic" httpd service if relevant
+      systemd: state=stopped name=httpd
+    - name: stop iPPIDB service if relevant
+      systemd: state=stopped name=ippidb-web
+    #
+    # Fetch/Update code and prep django app for publication
+    #
+    - name: pull branch master
+      become_user: "{{ deploy_user_name }}"
+      git:
+        repo=git@gitlab.pasteur.fr:odoppelt/iPPIDB.git
+        dest=/home/{{ deploy_user_name }}/iPPIDB
+        accept_hostkey=yes
+    - name: install python requirements
+      pip: requirements=/home/{{ deploy_user_name }}/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
+    - name: collect static files
+      become_user: "{{ deploy_user_name }}"
+      django_manage:
+        command: "collectstatic"
+        app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
+    - name: create mod_wsgi configuration
+      django_manage:
+        command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
+        app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
+    # FIXME: this should obviously be removed before switching to prod. env.
+    - name: restrict access to the web server to specific IPs
+      lineinfile: dest=/etc/ippidb-80/httpd.conf 
+                  regexp=''
+                  insertafter=EOF
+                  line='<Location '/'>\nRequire all denied\nRequire ip 10.6.108.60\nRequire ip 157.99\n</Location>\n'
+    - name: copy systemd service file for IPPIDB-web
+      copy: 
+        remote_src: true
+        src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service 
+        dest: /lib/systemd/system/ippidb-web.service
+        owner: root
+        group: root
+    #
+    # Start web server
+    #
+    - name: start iPPIDB service if relevant
+      systemd: state=started name=ippidb-web enabled=true
--- a/ansible/system.yaml
+++ b/ansible/system.yaml
@@ -50,48 +50,3 @@
        permanent: true
        state: enabled
      become: true
-    #
-    # Install basic non-virtualenv requirements
-    #
-    - name: install git
-      yum: name=git state=present
-      become: true
-    - name: Add repository
-      become: true
-      yum_repository:
-        name: epel
-        description: EPEL YUM repo
-        gpgcheck: no
-        baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
-    - name: install python3
-      yum: name=python34 state=present update_cache=yes
-      become: true
-    - name: install python3 development package
-      yum: name=python34-devel state=present update_cache=yes
-      become: true
-    - name: install setuptools
-      yum: name=python34-setuptools state=present update_cache=yes
-      become: true
-    - name: install pip
-      shell: "easy_install-3.4 pip"
-      become: true
-    - name: install graphviz
-      yum: name=graphviz state=present update_cache=yes
-      become: true
-    - name: install httpd
-      yum: name=httpd state=present update_cache=yes
-      become: true
-    - name: install httpd-devel
-      yum: name=httpd-devel state=present update_cache=yes
-      become: true
-    - name: install mod_wsgi
-      pip: name=mod_wsgi extra_args=--upgrade executable=pip3
-      become: true
-    - name: install graphviz-devel
-      yum: name=graphviz-devel state=present update_cache=yes
-      become: true
-    - name: install the 'Development tools' package group
-      yum:
-        name: "@Development tools"
-        state: present
-      become: true