|
@@ -0,0 +1,127 @@
|
|
|
+- hosts: si-demo-server
|
|
|
+ sudo: yes
|
|
|
+ vars:
|
|
|
+ # public host name users will use to access Coin
|
|
|
+ public_fqdn: "coin.example.org"
|
|
|
+ # directory where configuration templates are stored
|
|
|
+ custom_coin_files_directory: "coin-customizations"
|
|
|
+ # unix user who will run app server
|
|
|
+ user_name: "coin"
|
|
|
+ # PostgreSQL database name
|
|
|
+ db_name: "illyse_coin"
|
|
|
+ # PostgreSQL user name
|
|
|
+ db_user: "illyse_coin"
|
|
|
+ # PostgreSQL password
|
|
|
+ db_password: "illyse_coin_change_me"
|
|
|
+ # PostgreSQL address
|
|
|
+ db_host: "localhost"
|
|
|
+ # PostgreSQL port
|
|
|
+ db_port: "5432"
|
|
|
+ # Gunicorn server binding address (address on which the process will listen)
|
|
|
+ gunicorn_binding_address: "127.0.0.1"
|
|
|
+ # Gunicorn server listening port
|
|
|
+ gunicorn_port: "3036"
|
|
|
+ # Path of the directory where statics assets will be stored (and served by web server)
|
|
|
+ www_static_assets_directory: "/var/www/coin/static"
|
|
|
+ # Enable or disable configuration of lighttpd as reverse proxy
|
|
|
+ lighttpd_enabled: "true"
|
|
|
+ user_home: "/home/{{user_name}}"
|
|
|
+ user_logs_dir: "{{ user_home }}/logs"
|
|
|
+ working_directory: "{{user_home}}/coin"
|
|
|
+ virtualenv_directory: "{{user_home}}/venv"
|
|
|
+ supervisor_tasks_conf_directory: "/etc/supervisor/conf.d/"
|
|
|
+ lighttpd_log_file: "/var/log/lighttpd/si-coin-django.log"
|
|
|
+ www_user: "www-data"
|
|
|
+ tasks:
|
|
|
+ # Setup: prerequisites
|
|
|
+ # note: we put postgresql as needed, but Coin can work with other backends supported by Coin.
|
|
|
+ # as an example, SQLite is known to work
|
|
|
+ - name: prerequisites are installed
|
|
|
+ apt: pkg=git-core,python-dev,python-pip,libldap2-dev,libpq-dev,libsasl2-dev,python-virtualenv,postgresql,postgresql-server-dev-9.1,python-psycopg2,supervisor
|
|
|
+ state=installed
|
|
|
+
|
|
|
+ # Setup: PostgreSQL
|
|
|
+ - name: create postgres user "{{ db_user }}"
|
|
|
+ postgresql_user: name={{ db_user }} password={{ db_password }}
|
|
|
+ sudo_user: postgres
|
|
|
+ - name: create postgres db "{{ db_name }}"
|
|
|
+ postgresql_db: name={{ db_name }} encoding="UTF-8" lc_collate='fr_FR.UTF-8' lc_ctype='fr_FR.UTF-8' template=template0
|
|
|
+ sudo_user: postgres
|
|
|
+ - name: local socket authentication via password is allowed
|
|
|
+ lineinfile: dest=/etc/postgresql/9.1/main/pg_hba.conf line="local {{ db_name }} {{ db_user }} password"
|
|
|
+ insertafter="^local\s+all\s+postgres\s+peer"
|
|
|
+ notify: restart_postgres
|
|
|
+ - meta: flush_handlers
|
|
|
+ - name: grant all to {{ db_user }} on {{ db_name }}
|
|
|
+ postgresql_privs: db={{ db_name }} privs=ALL type=database role={{ db_user }}
|
|
|
+ sudo_user: postgres
|
|
|
+ # Setup: Coin
|
|
|
+ - name: create user {{ user_name }}
|
|
|
+ user: name={{ user_name }} state=present shell=/bin/false createhome=yes
|
|
|
+ - name: git, get Coin code
|
|
|
+ git: repo=git://git.illyse.org/coin.git dest={{ working_directory }} version=HEAD accept_hostkey=yes
|
|
|
+ sudo_user: "{{ user_name }}"
|
|
|
+ - name: install Coin python requirements
|
|
|
+ pip: requirements={{ working_directory }}/requirements.txt virtualenv={{ virtualenv_directory }}
|
|
|
+ sudo_user: "{{ user_name }}"
|
|
|
+ - name: copy custom Coin settings file
|
|
|
+ template: src={{ custom_coin_files_directory }}/django_local_settings.py.j2 dest={{ working_directory }}/coin/settings_local.py
|
|
|
+ owner={{ user_name }} group={{ user_name }}
|
|
|
+ - name: django migrations are applied
|
|
|
+ command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py migrate"
|
|
|
+ sudo_user: "{{ user_name }}"
|
|
|
+ - name: gunicorn is installed
|
|
|
+ pip: name=gunicorn virtualenv={{ virtualenv_directory }}
|
|
|
+ sudo_user: "{{ user_name }}"
|
|
|
+ - name: log directory is present in user's home
|
|
|
+ file: path={{ user_logs_dir }} state=directory owner={{ user_name }} group={{ user_name }}
|
|
|
+ - name: wsgi.py is present
|
|
|
+ template: src={{ custom_coin_files_directory }}/wsgi.py.j2 dest={{ working_directory }}/wsgi.py
|
|
|
+ owner={{ user_name }} group={{ user_name }}
|
|
|
+ - name: supervisord config file is present
|
|
|
+ template: src={{ custom_coin_files_directory }}/supervisor-coin.conf.j2 dest={{ supervisor_tasks_conf_directory }}/supervisor-coin.conf
|
|
|
+ notify:
|
|
|
+ - reread_supervisor_config
|
|
|
+ - restart_coin_supervisor_task
|
|
|
+ - name: static assets directory exists
|
|
|
+ file: path={{ www_static_assets_directory }} state=directory
|
|
|
+ owner={{ www_user }} group={{ user_name }} mode=0774
|
|
|
+ - name: django collect static assets files
|
|
|
+ command: "{{ virtualenv_directory }}/bin/python {{ working_directory }}/manage.py collectstatic --noinput"
|
|
|
+ sudo_user: "{{ user_name }}"
|
|
|
+
|
|
|
+ # Configure lighttpd as reverse proxy (only if lighttpd_enabled var is "true")
|
|
|
+ - name: lighttpd is installed
|
|
|
+ apt: pkg=lighttpd state=installed
|
|
|
+ when: lighttpd_enabled == "true"
|
|
|
+ - name: lighttpd mod proxy is enabled
|
|
|
+ file: src=/etc/lighttpd/conf-available/10-proxy.conf
|
|
|
+ dest=/etc/lighttpd/conf-enabled/10-proxy.conf
|
|
|
+ state=link
|
|
|
+ notify: restart_lighttpd
|
|
|
+ when: lighttpd_enabled == "true"
|
|
|
+ - name: lighttpd mod accesslog is enabled
|
|
|
+ file: src=/etc/lighttpd/conf-available/10-accesslog.conf
|
|
|
+ dest=/etc/lighttpd/conf-enabled/10-accesslog.conf
|
|
|
+ state=link
|
|
|
+ notify: restart_lighttpd
|
|
|
+ when: lighttpd_enabled == "true"
|
|
|
+ - name: lighttpd config file for {{ public_fqdn }} is present
|
|
|
+ template: src={{ custom_coin_files_directory }}/lighttpd-coin.conf.j2 dest=/etc/lighttpd/conf-available/20-coin.conf
|
|
|
+ notify: restart_lighttpd
|
|
|
+ when: lighttpd_enabled == "true"
|
|
|
+ - name: lighttpd config file for {{ public_fqdn }} is enabled
|
|
|
+ file: src=/etc/lighttpd/conf-available/20-coin.conf
|
|
|
+ dest=/etc/lighttpd/conf-enabled/20-coin.conf
|
|
|
+ state=link
|
|
|
+ notify: restart_lighttpd
|
|
|
+ when: lighttpd_enabled == "true"
|
|
|
+ handlers:
|
|
|
+ - name: restart_postgres
|
|
|
+ service: name=postgresql state=reloaded
|
|
|
+ - name: reread_supervisor_config
|
|
|
+ supervisorctl: name=coin-si-gunicorn state=present
|
|
|
+ - name: restart_coin_supervisor_task
|
|
|
+ supervisorctl: name=coin-si-gunicorn state=restarted
|
|
|
+ - name: restart_lighttpd
|
|
|
+ service: name=lighttpd state=restarted
|