varia
/
xppl
12
0
Fork 0
Code Issues 6 Pull Requests Releases Activity
Browse Source

Finish up the Ansible deployment.

ansible-setup-and-deploy
Luke Murphy 6 years ago
parent
14df5f3875
commit
107d41b459
No known key found for this signature in database GPG Key ID: 5E2EF5A63E3718CC
23 changed files with 169 additions and 211 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ansible/README.md
  2. 2
      ansible/ansible.cfg
  3. 2
      ansible/inventory
  4. 9
      ansible/plays/main.yml
  5. 14
      ansible/roles/git/tasks/main.yml
  6. 7
      ansible/roles/nginx/handlers/main.yml
  7. 9
      ansible/roles/nginx/tasks/main.yml
  8. 27
      ansible/roles/nginx/templates/books.vvvvvvaria.org.j2
  9. 32
      ansible/roles/perms/tasks/main.yml
  10. 23
      ansible/roles/pipenv/tasks/main.yml
  11. 7
      ansible/roles/supervisor/handlers/main.yml
  12. 28
      ansible/roles/supervisor/tasks/main.yml
  13. 13
      ansible/roles/supervisor/templates/xppl.conf.j2
  14. 13
      ansible/roles/xppl/.yamllint
  15. 53
      ansible/roles/xppl/README.md
  16. 1
      ansible/roles/xppl/defaults/main.yml
  17. 1
      ansible/roles/xppl/handlers/main.yml
  18. 10
      ansible/roles/xppl/meta/main.yml
  19. 9
      ansible/roles/xppl/molecule/default/Dockerfile.j2
  20. 26
      ansible/roles/xppl/molecule/default/molecule.yml
  21. 6
      ansible/roles/xppl/molecule/default/playbook.yml
  22. 77
      ansible/roles/xppl/tasks/main.yml
  23. 1
      ansible/roles/xppl/vars/main.yml

10
ansible/README.md
View File

@ -12,13 +12,3 @@ $ ansible-playbook --ask-become-pass plays/main.yml
```
[varia.zone]: https://varia.zone/
## What Does It Do?
* Clone the Python application into `/var/xppl/`.
* Get the RQLite database running managed under [Supervisord].
* Run the [Gunicorn] WSGI server to server the Python application.
* Proxy the WSGI server with an NGINX configuration.
[Gunicorn]: https://gunicorn.org/
[Supervisord]: http://supervisord.org/introduction.html#features

2
ansible/ansible.cfg
View File

@ -2,7 +2,7 @@
forks=10
internal_poll_interval=0.004
inventory=inventory
retry_files=false
retry_files_enabled=false
roles_path=roles
[privilege_escalation]

2
ansible/inventory
View File

@ -1,2 +1,2 @@
[prod]
[varia-zone]
varia.zone ansible_ssh_port=12345

9
ansible/plays/main.yml
View File

@ -1,5 +1,10 @@
---
- hosts: prod
- hosts: varia-zone
roles:
- role: xppl
- role: perms # Setup users and groups
- role: git # Clone the project source
- role: pipenv # Install Python dependencies
- role: rqlite # Install RQLite
- role: supervisor # Setup managed proccesses
- role: nginx # Setup Nginx configuration

14
ansible/roles/git/tasks/main.yml
View File

@ -0,0 +1,14 @@
---
- name: Ensure the Git package is installed.
become: true
yum:
name: git
state: present
- name: Clone the latest project source.
become: true
git:
repo: https://git.vvvvvvaria.org/decentral1se/xppl.git
dest: /var/xppl/
version: master

7
ansible/roles/nginx/handlers/main.yml
View File

@ -0,0 +1,7 @@
---
- name: Reload Nginx.
become: true
service:
name: nginx
state: reloaded

9
ansible/roles/nginx/tasks/main.yml
View File

@ -0,0 +1,9 @@
---
- name: Copy over the Nginx configuration.
become: true
template:
src: books.vvvvvvaria.org.j2
dest: /etc/nginx/sites-available/
mode: 0644
notify: Reload Nginx.

27
ansible/roles/nginx/templates/books.vvvvvvaria.org.j2
View File

@ -0,0 +1,27 @@
server {
listen 80;
server_name books.vvvvvvaria.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name books.vvvvvvaria.org;
ssl_certificate /etc/letsencrypt/live/vvvvvvaria.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vvvvvvaria.org/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/books.vvvvvvaria.org.log;
error_log /var/log/nginx/books.vvvvvvaria.org.log;
location / {
proxy_bind $server_addr;
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
}
}

32
ansible/roles/perms/tasks/main.yml
View File

@ -0,0 +1,32 @@
---
- name: Ensure the XPPL group exists.
become: true
group:
name: xppl
system: true
state: present
- name: Ensure the XPPL user exists.
become: true
user:
name: xppl
system: true
groups: xppl
create_home: false
- name: Add the XPPL user to the XPPL group.
become: true
user:
name: xppl
groups: xppl
append: true
- name: Ensure the XPPL root directory is created.
become: true
file:
path: /var/xppl/
state: directory
owner: xppl
group: xppl
mode: 0755

23
ansible/roles/pipenv/tasks/main.yml
View File

@ -0,0 +1,23 @@
---
- name: Ensure python3-pip package is installed.
become: true
apt:
name: python3-pip
state: present
- name: Ensure Pipenv is installed.
become: true
pip:
name: pipenv
executable: pip3
- name: Run a Pipenv package sync.
become: true
become_user: xppl
environment:
LANG: C.UTF-8
LC_ALL: C.UTF-8
command: pipenv sync
args:
chdir: /var/xppl/

7
ansible/roles/supervisor/handlers/main.yml
View File

@ -0,0 +1,7 @@
---
- name: Restart Supervisor.
become: true
service:
name: supervisor
state: restarted

28
ansible/roles/supervisor/tasks/main.yml
View File

@ -0,0 +1,28 @@
---
- name: Ensure Supervisor is installed.
become: true
yum:
name: supervisor
state: present
- name: Ensure the Supervisor configuration directory exists.
become: true
file:
path: /etc/supervisor/conf.d
state: directory
- name: Copy over the Supervisor configuration.
become: true
template:
src: xppl.conf.j2
dest: /etc/supervisor/conf.d/xppl.conf
mode: 0644
notify: Restart Supervisor.
- name: Ensure Supervisor is running and enabled.
become: true
service:
name: supervisor
state: started
enabled: true

13
ansible/roles/supervisor/templates/xppl.conf.j2
View File

@ -0,0 +1,13 @@
[group:xppl]
programs=xppl-rqlite,xppl-flask
[program:xppl-flask]
user = xppl
directory = /var/xppl
command = pipenv run gunicorn --worker-class eventlet -w 1 wsgi:app
priority = 999
[program:xppl-rqlite]
user = xppl
command = /var/xppl/rqlite/rqlite-v4.3.0-linux-amd64/rqlited /var/xppl/rqlite/node.1
priority = 888

13
ansible/roles/xppl/.yamllint
View File

@ -1,13 +0,0 @@
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
# NOTE(retr0h): Templates no longer fail this lint rule.
# Uncomment if running old Molecule templates.
# truthy: disable

53
ansible/roles/xppl/README.md
View File

@ -1,53 +0,0 @@
# xppl
A role to install the XPPL.
# Testing
We use [Molecule] and the [Docker driver] to automate tests.
```bash
$ curl -sSL https://get.docker.com/ | sh
$ virtualenv --python=$(which python3) .venv
$ source .venv/bin/activate
$ pip install molecule docker
$ molecule test
```
[Molecule]: https://molecule.readthedocs.io/en/latest/
[Docker driver]: https://molecule.readthedocs.io/en/latest/configuration.html#docker
# Supported OS
* Debian Stretch
Others may be supported. However, we only test on Debian.
# Requirements
None.
# Role Variables
None.
# Dependencies
None.
# Example Playbook
```yaml
- hosts: servers
roles:
- { role: xppl }
```
# License
* GPLv3
# Author Information
* https://git.vvvvvvaria.org/decentral1se

1
ansible/roles/xppl/defaults/main.yml
View File

@ -1 +0,0 @@
---

1
ansible/roles/xppl/handlers/main.yml
View File

@ -1 +0,0 @@
---

10
ansible/roles/xppl/meta/main.yml
View File

@ -1,10 +0,0 @@
---
galaxy_info:
author: decentral1se
description: Ansible automation for the XPPL.
license: GPLv3
min_ansible_version: 2.7.2
galaxy_tags: []
dependencies: []

9
ansible/roles/xppl/molecule/default/Dockerfile.j2
View File

@ -1,9 +0,0 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean

26
ansible/roles/xppl/molecule/default/molecule.yml
View File

@ -1,26 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: debian:stretch
provisioner:
name: ansible
lint:
name: ansible-lint
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

6
ansible/roles/xppl/molecule/default/playbook.yml
View File

@ -1,6 +0,0 @@
---
- name: Converge
hosts: all
roles:
- role: xppl

77
ansible/roles/xppl/tasks/main.yml
View File

@ -1,77 +0,0 @@
---
- name: Ensure the XPPL group exists.
become: true
group:
name: xppl
system: true
state: present
- name: Ensure the project user exists.
become: true
user:
name: xppl
system: true
groups: xppl
- name: Add the project user to the project group.
become: true
user:
name: xppl
groups: xppl
append: true
- name: Ensure the project root directory is created.
become: true
file:
path: /var/xppl/
state: directory
owner: xppl
group: xppl
mode: 0755
- name: Ensure the Git package is installed.
become: true
yum:
name: git
state: present
- name: Clone the latest project source.
become: true
become_user: xppl
git:
repo: https://git.vvvvvvaria.org/decentral1se/xppl.git
dest: /var/xppl/
version: master
register: git_clone_result
- name: Ensure the Make package is installed.
become: true
yum:
name: make
state: present
- name: Get RQLite installed into project directory.
make:
chdir: /var/xppl
target: install-rqlite
- name: Ensure Supervisor is installed.
become: true
yum:
name: supervisord
state: present
- name: Ensure Supervisor is running and enabled.
service:
name: supervisord
state: started
enabled: true
tags:
- molecule-notest
# get the rqlite database setup with supervisor
# get the nginx certificate in place
# run the gunicorn server
# configure the uploads directory with Syncthing
# write some documentation

1
ansible/roles/xppl/vars/main.yml
View File

@ -1 +0,0 @@
---
Write Preview
Loading…
Cancel
Save