diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000000000000000000000000000000000000..348d9f519bbbe3e2d264f412d78be9bd684641dc --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,13 @@ +# JASS ansible playbooks + +This repository contains the playbooks to manage a JASS instance with ansible + +- `system.yaml`: install system requirements +- `deploy.yaml`: download/update JASS and perform required procedures to migrate and restart + +## how to use these ? + +``` +ansible-playbook -v -i ./hosts_system system.yaml --ask-become-pass --extra-vars "deploy_user_name=jass repo_api_token=XXXXXX" +ansible-playbook -v -i ./hosts_deploy deploy.yaml --ask-become-pass --extra-vars "deploy_user_name=jass repo_api_token=XXXXXX" +``` diff --git a/ansible/deploy.retry b/ansible/deploy.retry new file mode 100644 index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0 --- /dev/null +++ b/ansible/deploy.retry @@ -0,0 +1 @@ +jass.pasteur.fr diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml new file mode 100644 index 0000000000000000000000000000000000000000..721a5d9f8ed420b98210b6590475020fb581a003 --- /dev/null +++ b/ansible/deploy.yaml @@ -0,0 +1,77 @@ +--- +- hosts: all + become: yes + gather_facts: yes + tasks: + # + # Install basic non-virtualenv requirements + # + - name: install git + yum: name=git state=present + become: true + - name: Add repository + become: true + yum_repository: + name: epel + description: EPEL YUM repo + gpgcheck: no + baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ + - name: install python3 + yum: name=python34 state=present update_cache=yes + become: true + - name: install python3 development package + yum: name=python34-devel state=present update_cache=yes + become: true + - name: install setuptools + yum: name=python34-setuptools state=present update_cache=yes + become: true + - name: install pip + shell: "easy_install-3.4 pip" + become: true + - name: install graphviz + yum: name=graphviz state=present update_cache=yes + become: true + - name: install httpd + yum: name=httpd state=present update_cache=yes + become: true + - name: install httpd-devel + yum: name=httpd-devel state=present update_cache=yes + become: true + - name: install mod_wsgi + pip: name=mod_wsgi extra_args=--upgrade executable=pip3 + become: true + - name: install the 'Development tools' package group + yum: + name: "@Development tools" + state: present + become: true + # + # Stop web server(s) + # + - name: stop "generic" httpd service if relevant + systemd: state=stopped name=httpd + - name: stop iPPIDB service if relevant + systemd: state=stopped name=jass-web + # + # Fetch/Update code and prep django app for publication + # + - name: pull branch master + become_user: "{{ deploy_user_name }}" + git: + repo=git@gitlab.pasteur.fr:statistical-genetics/jass.git + dest=/home/{{ deploy_user_name }}/jass + accept_hostkey=yes + - name: install python requirements + pip: requirements=/home/{{ deploy_user_name }}/jass/requirements.txt extra_args=--upgrade executable=pip3 +# - name: copy systemd service file for IPPIDB-web +# copy: +# remote_src: true +# src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service +# dest: /lib/systemd/system/ippidb-web.service +# owner: root +# group: root + # + # Start web server + # +# - name: start iPPIDB service if relevant +# systemd: state=started name=ippidb-web enabled=true diff --git a/ansible/hosts_deploy b/ansible/hosts_deploy new file mode 100644 index 0000000000000000000000000000000000000000..0bae0ecbd67d31c10537f84ca4bbe2cd0c3ad096 --- /dev/null +++ b/ansible/hosts_deploy @@ -0,0 +1 @@ +jass.pasteur.fr ansible_user=jass diff --git a/ansible/hosts_system b/ansible/hosts_system new file mode 100644 index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0 --- /dev/null +++ b/ansible/hosts_system @@ -0,0 +1 @@ +jass.pasteur.fr diff --git a/ansible/ippidb-web.service b/ansible/ippidb-web.service new file mode 100644 index 0000000000000000000000000000000000000000..a731fa72e3ee913946131160987aca238c030395 --- /dev/null +++ b/ansible/ippidb-web.service @@ -0,0 +1,12 @@ +[Unit] +Description=IPPIDB Web Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/etc/ippidb-80/apachectl start +ExecStop=/etc/ippidb-80/apachectl stop + +[Install] +WantedBy=multi-user.target diff --git a/ansible/ssh_key.json.j2 b/ansible/ssh_key.json.j2 new file mode 100644 index 0000000000000000000000000000000000000000..e1d0a32a3e9b64cd091ddc8b776e6e49969f7c02 --- /dev/null +++ b/ansible/ssh_key.json.j2 @@ -0,0 +1 @@ +{"id": "Statistical-Genetics/jass","title" : "jass_deploy_key","key": "{{ key_value.stdout }}"} diff --git a/ansible/system.retry b/ansible/system.retry new file mode 100644 index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0 --- /dev/null +++ b/ansible/system.retry @@ -0,0 +1 @@ +jass.pasteur.fr diff --git a/ansible/system.yaml b/ansible/system.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f8e2bec88a41c30aa9789ffa4e8df333e3f90cda --- /dev/null +++ b/ansible/system.yaml @@ -0,0 +1,52 @@ +--- +- hosts: all + gather_facts: no + tasks: + # + # User and Group configuration + # + # application user ({{deploy_user_name}}) is created + # in the wheel group, which has to be passwordless sudo + # and upload the key as a deploy key to gitlab + - name: Make sure we have a 'wheel' group + become: true + group: + name: wheel + state: present + - name: Allow 'wheel' group to have passwordless sudo + become: true + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD: ALL' + - name: Create {{ deploy_user_name }} user + user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa + become: true + - name: Cat deployer's user public key + shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub" + register: key_value + become: true + - name: Create ssh_key json + template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes + become: true + - name: Cat deployer's user public key + shell: "cat /home/{{ deploy_user_name }}/ssh_key.json" + become: true + - name: Upload deploy keys to gitlab + shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/251/keys" + become: true + # + # Security configuration + # + # disable SELinux, and open firewall to incoming http + - name: disable SELinux + become: true + selinux: + state: disabled + - name: Open firewall to HTTP traffic + firewalld: + service: http + permanent: true + state: enabled + become: true