Add some Ansible scripts, thanks to Capslock from Faimaison!

See issue #29 on code.ffdn.org

contrib/ansible/coin-customizations/django_local_settings.py.j2

@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+DEBUG = TEMPLATE_DEBUG = False
+
+ADMINS = (
+#      ('admin1', 'admin1@example.org'),
+)
+
+LDAP_ACTIVATE = False
+
+DATABASES = {
+     # Base de donnée du SI
+     'default': {
+         'ENGINE': 'django.db.backends.postgresql_psycopg2',
+         'NAME': '{{ db_name }}',
+         'USER': '{{ db_user }}',
+         'PASSWORD': '{{ db_password }}',
+     },
+}
+
+ALLOWED_HOSTS = ['{{ public_fqdn }}', ]
+SECRET_KEY = 'changeme'
+
+STATIC_ROOT = '{{ www_static_assets_directory }}'
+
+# Configuration for outgoing emails
+#DEFAULT_FROM_EMAIL = "faimaison-si@legeox.net"
+#EMAIL_USE_TLS = True
+#EMAIL_HOST = "localhost"
+
+MEMBER_DEFAULT_COTISATION = 16
+
+FEEDS = (
+          #('isp', 'https://faimaison.net/feeds/all.atom.xml', 3),
+          ('ffdn', 'http://www.ffdn.org/fr/rss.xml', 3)
+        )

contrib/ansible/coin-customizations/lighttpd-coin.conf.j2

@@ -0,0 +1,20 @@
+$HTTP["host"] == "{{ public_fqdn }}" {
+
+  debug.log-request-handling = "enable"
+  accesslog.filename = "{{ lighttpd_log_file }}"
+
+  $HTTP["url"] !~ "^/(media/|static/|favicon.ico$)" {
+
+    proxy.server = ( "" =>
+                      ( 
+                        ( "host" => "{{ gunicorn_binding_address }}",
+                          "port" => {{ gunicorn_port }}
+                        )
+                      )
+                   )
+  }
+
+  alias.url = (
+    "/static/" => "{{ www_static_assets_directory }}/",
+  )
+}

contrib/ansible/coin-customizations/supervisor-coin.conf.j2

@@ -0,0 +1,6 @@
+[program:coin-si-gunicorn]
+directory = {{ working_directory }}
+user = {{ user_name }}
+command = {{ virtualenv_directory }}/bin/python {{ virtualenv_directory }}/bin/gunicorn wsgi:application --user={{ user_name }} --group={{ user_name }} --bind {{ gunicorn_binding_address }}:{{ gunicorn_port }} --log-level=debug --log-file={{ user_logs_dir }}/guni-ilb.log
+stdout_logfile = {{ user_logs_dir }}/gunicorn-std.log
+stderr_logfile = {{ user_logs_dir }}/gunicorn-err.log

contrib/ansible/coin-customizations/wsgi.py.j2

@@ -0,0 +1,32 @@
+"""
+WSGI config for project.
+
+This module contains the WSGI application used by Django's development server
+and any production WSGI deployments. It should expose a module-level variable
+named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
+this application via the ``WSGI_APPLICATION`` setting.
+
+Usually you will have the standard Django WSGI application here, but it also
+might make sense to replace the whole Django WSGI application with a custom one
+that later delegates to the Django one. For example, you could introduce WSGI
+middleware here, or combine a Django application with an application of another
+framework.
+
+"""
+import os
+
+# We defer to a DJANGO_SETTINGS_MODULE already in the environment. This breaks
+# if running multiple sites in the same mod_wsgi process. To fix this, use
+# mod_wsgi daemon mode with each site in its own daemon process, or use
+# os.environ["DJANGO_SETTINGS_MODULE"] = "settings"
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "coin.settings")
+
+# This application object is used by any WSGI server configured to use this
+# file. This includes Django's development server, if the WSGI_APPLICATION
+# setting points here.
+from django.core.wsgi import get_wsgi_application
+application = get_wsgi_application()
+
+# Apply WSGI middleware here.
+# from helloworld.wsgi import HelloWorldApplication
+# application = HelloWorldApplication(application)

contrib/ansible/si.yml

@@ -0,0 +1,127 @@
+- hosts: si-demo-server
+  sudo: yes
+  vars:
+    # public host name users will use to access Coin
+    public_fqdn: "coin.example.org"
+    # directory where configuration templates are stored
+    custom_coin_files_directory: "coin-customizations"
+    # unix user who will run app server
+    user_name: "coin"
+    # PostgreSQL database name
+    db_name: "illyse_coin"
+    # PostgreSQL user name
+    db_user: "illyse_coin"
+    # PostgreSQL password
+    db_password: "illyse_coin_change_me"
+    # PostgreSQL address
+    db_host: "localhost"
+    # PostgreSQL port
+    db_port: "5432"
+    # Gunicorn server binding address (address on which the process will listen)
+    gunicorn_binding_address: "127.0.0.1"
+    # Gunicorn server listening port
+    gunicorn_port: "3036"
+    # Path of the directory where statics assets will be stored (and served by web server)
+    www_static_assets_directory: "/var/www/coin/static"
+    # Enable or disable configuration of lighttpd as reverse proxy
+    lighttpd_enabled: "true"
+    user_home: "/home/{{user_name}}"
+    user_logs_dir: "{{ user_home }}/logs"
+    working_directory: "{{user_home}}/coin"
+    virtualenv_directory: "{{user_home}}/venv"
+    supervisor_tasks_conf_directory: "/etc/supervisor/conf.d/"
+    lighttpd_log_file: "/var/log/lighttpd/si-coin-django.log"
+    www_user: "www-data"
+  tasks:
+    # Setup: prerequisites
+    # note: we put postgresql as needed, but Coin can work with other backends supported by Coin.
+    # as an example, SQLite is known to work
+    - name: prerequisites are installed
+      apt: pkg=git-core,python-dev,python-pip,libldap2-dev,libpq-dev,libsasl2-dev,python-virtualenv,postgresql,postgresql-server-dev-9.1,python-psycopg2,supervisor
+           state=installed
+
+    # Setup: PostgreSQL
+    - name: create postgres user "{{ db_user }}"
+      postgresql_user: name={{ db_user }} password={{ db_password }} 
+      sudo_user: postgres
+    - name: create postgres db "{{ db_name }}"
+      postgresql_db: name={{ db_name }} encoding="UTF-8" lc_collate='fr_FR.UTF-8' lc_ctype='fr_FR.UTF-8' template=template0 
+      sudo_user: postgres
+    - name: local socket authentication via password is allowed
+      lineinfile: dest=/etc/postgresql/9.1/main/pg_hba.conf line="local   {{ db_name }}     {{ db_user }}                             password"
+                  insertafter="^local\s+all\s+postgres\s+peer"
+      notify: restart_postgres
+    - meta: flush_handlers
+    - name: grant all to {{ db_user }} on {{ db_name }}
+      postgresql_privs: db={{ db_name }} privs=ALL type=database role={{ db_user }}
+      sudo_user: postgres
+    # Setup: Coin
+    - name: create user {{ user_name }}
+      user: name={{ user_name }} state=present shell=/bin/false createhome=yes
+    - name: git, get Coin code
+      git: repo=git://git.illyse.org/coin.git dest={{ working_directory }} version=HEAD accept_hostkey=yes
+      sudo_user: "{{ user_name }}"
+    - name: install Coin python requirements
+      pip: requirements={{ working_directory }}/requirements.txt virtualenv={{ virtualenv_directory }}
+      sudo_user: "{{ user_name }}"
+    - name: copy custom Coin settings file
+      template: src={{ custom_coin_files_directory }}/django_local_settings.py.j2 dest={{ working_directory }}/coin/settings_local.py
+                owner={{ user_name }} group={{ user_name }}
+    - name: django migrations are applied
+      command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py migrate"
+      sudo_user: "{{ user_name }}"
+    - name: gunicorn is installed
+      pip: name=gunicorn virtualenv={{ virtualenv_directory }}
+      sudo_user: "{{ user_name }}"
+    - name: log directory is present in user's home
+      file: path={{ user_logs_dir }} state=directory owner={{ user_name }} group={{ user_name }}
+    - name: wsgi.py is present
+      template: src={{ custom_coin_files_directory }}/wsgi.py.j2 dest={{ working_directory }}/wsgi.py
+                owner={{ user_name }} group={{ user_name }}
+    - name: supervisord config file is present
+      template: src={{ custom_coin_files_directory }}/supervisor-coin.conf.j2 dest={{ supervisor_tasks_conf_directory }}/supervisor-coin.conf
+      notify:
+        - reread_supervisor_config
+        - restart_coin_supervisor_task
+    - name: static assets directory exists
+      file: path={{ www_static_assets_directory }} state=directory
+            owner={{ www_user }} group={{ user_name }} mode=0774
+    - name: django collect static assets files
+      command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py collectstatic --noinput"
+      sudo_user: "{{ user_name }}"
+
+    # Configure lighttpd as reverse proxy (only if lighttpd_enabled var is "true")
+    - name: lighttpd is installed
+      apt: pkg=lighttpd state=installed
+      when: lighttpd_enabled == "true"
+    - name: lighttpd mod proxy is enabled
+      file: src=/etc/lighttpd/conf-available/10-proxy.conf
+            dest=/etc/lighttpd/conf-enabled/10-proxy.conf
+            state=link
+      notify: restart_lighttpd
+      when: lighttpd_enabled == "true"
+    - name: lighttpd mod accesslog is enabled
+      file: src=/etc/lighttpd/conf-available/10-accesslog.conf
+            dest=/etc/lighttpd/conf-enabled/10-accesslog.conf
+            state=link
+      notify: restart_lighttpd
+      when: lighttpd_enabled == "true"
+    - name: lighttpd config file for {{ public_fqdn }} is present
+      template: src={{ custom_coin_files_directory }}/lighttpd-coin.conf.j2 dest=/etc/lighttpd/conf-available/20-coin.conf
+      notify: restart_lighttpd
+      when: lighttpd_enabled == "true"
+    - name: lighttpd config file for {{ public_fqdn }} is enabled
+      file: src=/etc/lighttpd/conf-available/20-coin.conf
+            dest=/etc/lighttpd/conf-enabled/20-coin.conf
+            state=link
+      notify: restart_lighttpd
+      when: lighttpd_enabled == "true"
+  handlers:
+    - name: restart_postgres
+      service: name=postgresql state=reloaded
+    - name: reread_supervisor_config
+      supervisorctl: name=coin-si-gunicorn state=present
+    - name: restart_coin_supervisor_task
+      supervisorctl: name=coin-si-gunicorn state=restarted
+    - name: restart_lighttpd
+      service: name=lighttpd state=restarted