---
- hosts: all
become: yes
gather_facts: yes
vars:
dbname: ippidb
dbuser: ippidb
dbpassword: 'LeroyMerlin'
tasks:
#
# Install basic non-virtualenv requirements
#
- name: install git
yum: name=git state=present
become: true
- name: Add repository
become: true
yum_repository:
name: epel
description: EPEL YUM repo
gpgcheck: no
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: install python3
yum: name=python34 state=present update_cache=yes
become: true
- name: install python3 development package
yum: name=python34-devel state=present update_cache=yes
become: true
- name: install setuptools
yum: name=python34-setuptools state=present update_cache=yes
become: true
- name: install pip
shell: "easy_install-3.4 pip"
become: true
- name: install graphviz
yum: name=graphviz state=present update_cache=yes
become: true
- name: install httpd
yum: name=httpd state=present update_cache=yes
become: true
- name: install httpd-devel
yum: name=httpd-devel state=present update_cache=yes
become: true
- name: install python-psycopg2
yum: name=python-psycopg2 state=present update_cache=yes
become: true
- name: install mod_wsgi
pip: name=mod_wsgi extra_args=--upgrade executable=pip3
become: true
- name: install graphviz-devel
yum: name=graphviz-devel state=present update_cache=yes
become: true
- name: install the 'Development tools' package group
yum:
name: "@Development tools"
state: present
become: true
- name: install PostgreSQL
yum:
name: "postgresql-server"
state: present
become: true
- name: Initiate database
command: service postgresql initdb
args:
creates: /var/lib/pgsql/data/postgresql.conf
- name: Ensure PostgreSQL is listening on all localhost
lineinfile: dest=/var/lib/pgsql/data/postgresql.conf
regexp='^#?listen_addresses\s*='
line="listen_addresses = '*'"
state=present
- name: copy pg_hba.conf file
copy:
remote_src: true
src: /home/{{ deploy_user_name }}/iPPIDB/ansible/pg_hba.conf
dest: /var/lib/pgsql/data/pg_hba.conf
owner: postgres
group: postgres
- name: restart postgresql service
systemd: state=restarted name=postgresql enabled=yes
- postgresql_db:
name: {{ dbname }}
owner: {{ dbuser }}
- name: create db user
become_user: "postgres"
postgresql_user:
name: "{{ dbuser }}"
password: "{{ dbpassword }}"
role_attr_flags: CREATEDB,NOSUPERUSER
#
# Stop web server(s)
#
- name: stop "generic" httpd service if relevant
systemd: state=stopped name=httpd
- name: stop iPPIDB service if relevant
systemd: state=stopped name=ippidb-web
#
# Fetch/Update code and prep django app for publication
#
- name: pull branch master
become_user: "{{ deploy_user_name }}"
git:
repo=git@gitlab.pasteur.fr:hub/iPPIDB.git
dest=/home/{{ deploy_user_name }}/iPPIDB
accept_hostkey=yes
- name: install python requirements
pip: requirements=/home/{{ deploy_user_name }}/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
- name: collect static files
become_user: "{{ deploy_user_name }}"
django_manage:
command: "collectstatic"
app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
settings: "ippisite.{{ ansible_hostname }}_settings"
- name: create mod_wsgi configuration
django_manage:
command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
settings: "ippisite.{{ ansible_hostname }}_settings"
- name: add line in generated WSGI handler script to set DJANGO_SETTINGS_MODULE
blockinfile:
path: /etc/ippidb-80/handler.wsgi
insertbefore: BOF
content: |
# added by ansible deployment script to use the right django settings file
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'ippisite.hub16_settings'
- name: create or update database
become_user: "{{ deploy_user_name }}"
django_manage:
command: "migrate"
app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
settings: "ippisite.{{ ansible_hostname }}_settings"
# FIXME: this should obviously be removed before switching to prod. env.
- name: install passlib for htpasswd in ansible
yum: name=python-passlib state=installed
- file:
path: /etc/ippidb-80/passwdfile
state: absent
- htpasswd:
path: /etc/ippidb-80/passwdfile
name: ippidb
password: 'LeroyMerlin' #FIXME FIXME should be secret
owner: "{{ deploy_user_name }}"
mode: 0640
- name: add httpd conf to use HTTP authentication
lineinfile: dest=/etc/ippidb-80/httpd.conf
regexp=''
insertafter=EOF
line='LoadModule auth_basic_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_auth_basic.so'\nLoadModule authn_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authn_core.so'\nLoadModule authn_file_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authn_file.so'\nLoadModule authz_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_core.so'\nLoadModule authz_user_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_user.so'\n<Location />\nAuthType Basic\nAuthName "Restricted Files"\nAuthUserFile /etc/ippidb-80/passwdfile\nRequire valid-user\n</Location>\n'
- name: copy systemd service file for IPPIDB-web
copy:
remote_src: true
src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service
dest: /lib/systemd/system/ippidb-web.service
owner: root
group: root
#
# Start web server
#
- name: start iPPIDB service if relevant
systemd: state=started name=ippidb-web enabled=true