| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 |
- - hosts: si-demo-server
- sudo: yes
- vars:
- # public host name users will use to access Coin
- public_fqdn: "coin.example.org"
- # directory where configuration templates are stored
- custom_coin_files_directory: "coin-customizations"
- # unix user who will run app server
- user_name: "coin"
- # PostgreSQL database name
- db_name: "illyse_coin"
- # PostgreSQL user name
- db_user: "illyse_coin"
- # PostgreSQL password
- db_password: "illyse_coin_change_me"
- # PostgreSQL address
- db_host: "localhost"
- # PostgreSQL port
- db_port: "5432"
- # Gunicorn server binding address (address on which the process will listen)
- gunicorn_binding_address: "127.0.0.1"
- # Gunicorn server listening port
- gunicorn_port: "3036"
- # Path of the directory where statics assets will be stored (and served by web server)
- www_static_assets_directory: "/var/www/coin/static"
- # Enable or disable configuration of lighttpd as reverse proxy
- lighttpd_enabled: "true"
- user_home: "/home/{{user_name}}"
- user_logs_dir: "{{ user_home }}/logs"
- working_directory: "{{user_home}}/coin"
- virtualenv_directory: "{{user_home}}/venv"
- supervisor_tasks_conf_directory: "/etc/supervisor/conf.d/"
- lighttpd_log_file: "/var/log/lighttpd/si-coin-django.log"
- www_user: "www-data"
- tasks:
- # Setup: prerequisites
- # note: we put postgresql as needed, but Coin can work with other backends supported by Coin.
- # as an example, SQLite is known to work
- - name: prerequisites are installed
- apt: pkg=git-core,python-dev,python-pip,libldap2-dev,libpq-dev,libsasl2-dev,python-virtualenv,postgresql,postgresql-server-dev-9.1,python-psycopg2,supervisor
- state=installed
- # Setup: PostgreSQL
- - name: create postgres user "{{ db_user }}"
- postgresql_user: name={{ db_user }} password={{ db_password }}
- sudo_user: postgres
- - name: create postgres db "{{ db_name }}"
- postgresql_db: name={{ db_name }} encoding="UTF-8" lc_collate='fr_FR.UTF-8' lc_ctype='fr_FR.UTF-8' template=template0
- sudo_user: postgres
- - name: local socket authentication via password is allowed
- lineinfile: dest=/etc/postgresql/9.1/main/pg_hba.conf line="local {{ db_name }} {{ db_user }} password"
- insertafter="^local\s+all\s+postgres\s+peer"
- notify: restart_postgres
- - meta: flush_handlers
- - name: grant all to {{ db_user }} on {{ db_name }}
- postgresql_privs: db={{ db_name }} privs=ALL type=database role={{ db_user }}
- sudo_user: postgres
- # Setup: Coin
- - name: create user {{ user_name }}
- user: name={{ user_name }} state=present shell=/bin/false createhome=yes
- - name: git, get Coin code
- git: repo=git://git.illyse.org/coin.git dest={{ working_directory }} version=HEAD accept_hostkey=yes
- sudo_user: "{{ user_name }}"
- - name: install Coin python requirements
- pip: requirements={{ working_directory }}/requirements.txt virtualenv={{ virtualenv_directory }}
- sudo_user: "{{ user_name }}"
- - name: copy custom Coin settings file
- template: src={{ custom_coin_files_directory }}/django_local_settings.py.j2 dest={{ working_directory }}/coin/settings_local.py
- owner={{ user_name }} group={{ user_name }}
- - name: django migrations are applied
- command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py migrate"
- sudo_user: "{{ user_name }}"
- - name: gunicorn is installed
- pip: name=gunicorn virtualenv={{ virtualenv_directory }}
- sudo_user: "{{ user_name }}"
- - name: log directory is present in user's home
- file: path={{ user_logs_dir }} state=directory owner={{ user_name }} group={{ user_name }}
- - name: wsgi.py is present
- template: src={{ custom_coin_files_directory }}/wsgi.py.j2 dest={{ working_directory }}/wsgi.py
- owner={{ user_name }} group={{ user_name }}
- - name: supervisord config file is present
- template: src={{ custom_coin_files_directory }}/supervisor-coin.conf.j2 dest={{ supervisor_tasks_conf_directory }}/supervisor-coin.conf
- notify:
- - reread_supervisor_config
- - restart_coin_supervisor_task
- - name: static assets directory exists
- file: path={{ www_static_assets_directory }} state=directory
- owner={{ www_user }} group={{ user_name }} mode=0774
- - name: django collect static assets files
- command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py collectstatic --noinput"
- sudo_user: "{{ user_name }}"
- # Configure lighttpd as reverse proxy (only if lighttpd_enabled var is "true")
- - name: lighttpd is installed
- apt: pkg=lighttpd state=installed
- when: lighttpd_enabled == "true"
- - name: lighttpd mod proxy is enabled
- file: src=/etc/lighttpd/conf-available/10-proxy.conf
- dest=/etc/lighttpd/conf-enabled/10-proxy.conf
- state=link
- notify: restart_lighttpd
- when: lighttpd_enabled == "true"
- - name: lighttpd mod accesslog is enabled
- file: src=/etc/lighttpd/conf-available/10-accesslog.conf
- dest=/etc/lighttpd/conf-enabled/10-accesslog.conf
- state=link
- notify: restart_lighttpd
- when: lighttpd_enabled == "true"
- - name: lighttpd config file for {{ public_fqdn }} is present
- template: src={{ custom_coin_files_directory }}/lighttpd-coin.conf.j2 dest=/etc/lighttpd/conf-available/20-coin.conf
- notify: restart_lighttpd
- when: lighttpd_enabled == "true"
- - name: lighttpd config file for {{ public_fqdn }} is enabled
- file: src=/etc/lighttpd/conf-available/20-coin.conf
- dest=/etc/lighttpd/conf-enabled/20-coin.conf
- state=link
- notify: restart_lighttpd
- when: lighttpd_enabled == "true"
- handlers:
- - name: restart_postgres
- service: name=postgresql state=reloaded
- - name: reread_supervisor_config
- supervisorctl: name=coin-si-gunicorn state=present
- - name: restart_coin_supervisor_task
- supervisorctl: name=coin-si-gunicorn state=restarted
- - name: restart_lighttpd
- service: name=lighttpd state=restarted
|
