From 107d41b4598d6317d2486941376798ed40a833aa Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Sun, 18 Nov 2018 18:33:40 +0100 Subject: [PATCH] Finish up the Ansible deployment. --- ansible/README.md | 10 --- ansible/ansible.cfg | 2 +- ansible/inventory | 2 +- ansible/plays/main.yml | 9 ++- ansible/roles/git/tasks/main.yml | 14 ++++ ansible/roles/nginx/handlers/main.yml | 7 ++ ansible/roles/nginx/tasks/main.yml | 9 +++ .../nginx/templates/books.vvvvvvaria.org.j2 | 27 +++++++ ansible/roles/perms/tasks/main.yml | 32 ++++++++ ansible/roles/pipenv/tasks/main.yml | 23 ++++++ ansible/roles/supervisor/handlers/main.yml | 7 ++ ansible/roles/supervisor/tasks/main.yml | 28 +++++++ .../roles/supervisor/templates/xppl.conf.j2 | 13 ++++ ansible/roles/xppl/.yamllint | 13 ---- ansible/roles/xppl/README.md | 53 ------------- ansible/roles/xppl/defaults/main.yml | 1 - ansible/roles/xppl/handlers/main.yml | 1 - ansible/roles/xppl/meta/main.yml | 10 --- .../roles/xppl/molecule/default/Dockerfile.j2 | 9 --- .../roles/xppl/molecule/default/molecule.yml | 26 ------- .../roles/xppl/molecule/default/playbook.yml | 6 -- ansible/roles/xppl/tasks/main.yml | 77 ------------------- ansible/roles/xppl/vars/main.yml | 1 - 23 files changed, 169 insertions(+), 211 deletions(-) create mode 100644 ansible/roles/git/tasks/main.yml create mode 100644 ansible/roles/nginx/handlers/main.yml create mode 100644 ansible/roles/nginx/tasks/main.yml create mode 100644 ansible/roles/nginx/templates/books.vvvvvvaria.org.j2 create mode 100644 ansible/roles/perms/tasks/main.yml create mode 100644 ansible/roles/pipenv/tasks/main.yml create mode 100644 ansible/roles/supervisor/handlers/main.yml create mode 100644 ansible/roles/supervisor/tasks/main.yml create mode 100644 ansible/roles/supervisor/templates/xppl.conf.j2 delete mode 100644 ansible/roles/xppl/.yamllint delete mode 100644 ansible/roles/xppl/README.md delete mode 100644 ansible/roles/xppl/defaults/main.yml delete mode 100644 ansible/roles/xppl/handlers/main.yml delete mode 100644 ansible/roles/xppl/meta/main.yml delete mode 100644 ansible/roles/xppl/molecule/default/Dockerfile.j2 delete mode 100644 ansible/roles/xppl/molecule/default/molecule.yml delete mode 100644 ansible/roles/xppl/molecule/default/playbook.yml delete mode 100644 ansible/roles/xppl/tasks/main.yml delete mode 100644 ansible/roles/xppl/vars/main.yml diff --git a/ansible/README.md b/ansible/README.md index 9791245..dd5b9a4 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -12,13 +12,3 @@ $ ansible-playbook --ask-become-pass plays/main.yml ``` [varia.zone]: https://varia.zone/ - -## What Does It Do? - -* Clone the Python application into `/var/xppl/`. -* Get the RQLite database running managed under [Supervisord]. -* Run the [Gunicorn] WSGI server to server the Python application. -* Proxy the WSGI server with an NGINX configuration. - -[Gunicorn]: https://gunicorn.org/ -[Supervisord]: http://supervisord.org/introduction.html#features diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 88413c5..afc5dc1 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -2,7 +2,7 @@ forks=10 internal_poll_interval=0.004 inventory=inventory -retry_files=false +retry_files_enabled=false roles_path=roles [privilege_escalation] diff --git a/ansible/inventory b/ansible/inventory index 2394f85..555b403 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,2 +1,2 @@ -[prod] +[varia-zone] varia.zone ansible_ssh_port=12345 diff --git a/ansible/plays/main.yml b/ansible/plays/main.yml index 12eb2ef..7505884 100644 --- a/ansible/plays/main.yml +++ b/ansible/plays/main.yml @@ -1,5 +1,10 @@ --- -- hosts: prod +- hosts: varia-zone roles: - - role: xppl + - role: perms # Setup users and groups + - role: git # Clone the project source + - role: pipenv # Install Python dependencies + - role: rqlite # Install RQLite + - role: supervisor # Setup managed proccesses + - role: nginx # Setup Nginx configuration diff --git a/ansible/roles/git/tasks/main.yml b/ansible/roles/git/tasks/main.yml new file mode 100644 index 0000000..717f748 --- /dev/null +++ b/ansible/roles/git/tasks/main.yml @@ -0,0 +1,14 @@ +--- + +- name: Ensure the Git package is installed. + become: true + yum: + name: git + state: present + +- name: Clone the latest project source. + become: true + git: + repo: https://git.vvvvvvaria.org/decentral1se/xppl.git + dest: /var/xppl/ + version: master diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..70a2ce8 --- /dev/null +++ b/ansible/roles/nginx/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Reload Nginx. + become: true + service: + name: nginx + state: reloaded diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..fb9c2fb --- /dev/null +++ b/ansible/roles/nginx/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- name: Copy over the Nginx configuration. + become: true + template: + src: books.vvvvvvaria.org.j2 + dest: /etc/nginx/sites-available/ + mode: 0644 + notify: Reload Nginx. diff --git a/ansible/roles/nginx/templates/books.vvvvvvaria.org.j2 b/ansible/roles/nginx/templates/books.vvvvvvaria.org.j2 new file mode 100644 index 0000000..ec1562b --- /dev/null +++ b/ansible/roles/nginx/templates/books.vvvvvvaria.org.j2 @@ -0,0 +1,27 @@ +server { + listen 80; + server_name books.vvvvvvaria.org; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name books.vvvvvvaria.org; + + ssl_certificate /etc/letsencrypt/live/vvvvvvaria.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/vvvvvvaria.org/privkey.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + access_log /var/log/nginx/books.vvvvvvaria.org.log; + error_log /var/log/nginx/books.vvvvvvaria.org.log; + + location / { + proxy_bind $server_addr; + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + } +} diff --git a/ansible/roles/perms/tasks/main.yml b/ansible/roles/perms/tasks/main.yml new file mode 100644 index 0000000..4246618 --- /dev/null +++ b/ansible/roles/perms/tasks/main.yml @@ -0,0 +1,32 @@ +--- + +- name: Ensure the XPPL group exists. + become: true + group: + name: xppl + system: true + state: present + +- name: Ensure the XPPL user exists. + become: true + user: + name: xppl + system: true + groups: xppl + create_home: false + +- name: Add the XPPL user to the XPPL group. + become: true + user: + name: xppl + groups: xppl + append: true + +- name: Ensure the XPPL root directory is created. + become: true + file: + path: /var/xppl/ + state: directory + owner: xppl + group: xppl + mode: 0755 diff --git a/ansible/roles/pipenv/tasks/main.yml b/ansible/roles/pipenv/tasks/main.yml new file mode 100644 index 0000000..d8fd150 --- /dev/null +++ b/ansible/roles/pipenv/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- name: Ensure python3-pip package is installed. + become: true + apt: + name: python3-pip + state: present + +- name: Ensure Pipenv is installed. + become: true + pip: + name: pipenv + executable: pip3 + +- name: Run a Pipenv package sync. + become: true + become_user: xppl + environment: + LANG: C.UTF-8 + LC_ALL: C.UTF-8 + command: pipenv sync + args: + chdir: /var/xppl/ diff --git a/ansible/roles/supervisor/handlers/main.yml b/ansible/roles/supervisor/handlers/main.yml new file mode 100644 index 0000000..632d8f9 --- /dev/null +++ b/ansible/roles/supervisor/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Restart Supervisor. + become: true + service: + name: supervisor + state: restarted diff --git a/ansible/roles/supervisor/tasks/main.yml b/ansible/roles/supervisor/tasks/main.yml new file mode 100644 index 0000000..c0ec6fc --- /dev/null +++ b/ansible/roles/supervisor/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: Ensure Supervisor is installed. + become: true + yum: + name: supervisor + state: present + +- name: Ensure the Supervisor configuration directory exists. + become: true + file: + path: /etc/supervisor/conf.d + state: directory + +- name: Copy over the Supervisor configuration. + become: true + template: + src: xppl.conf.j2 + dest: /etc/supervisor/conf.d/xppl.conf + mode: 0644 + notify: Restart Supervisor. + +- name: Ensure Supervisor is running and enabled. + become: true + service: + name: supervisor + state: started + enabled: true diff --git a/ansible/roles/supervisor/templates/xppl.conf.j2 b/ansible/roles/supervisor/templates/xppl.conf.j2 new file mode 100644 index 0000000..82a0cd9 --- /dev/null +++ b/ansible/roles/supervisor/templates/xppl.conf.j2 @@ -0,0 +1,13 @@ +[group:xppl] +programs=xppl-rqlite,xppl-flask + +[program:xppl-flask] +user = xppl +directory = /var/xppl +command = pipenv run gunicorn --worker-class eventlet -w 1 wsgi:app +priority = 999 + +[program:xppl-rqlite] +user = xppl +command = /var/xppl/rqlite/rqlite-v4.3.0-linux-amd64/rqlited /var/xppl/rqlite/node.1 +priority = 888 diff --git a/ansible/roles/xppl/.yamllint b/ansible/roles/xppl/.yamllint deleted file mode 100644 index 3a2255e..0000000 --- a/ansible/roles/xppl/.yamllint +++ /dev/null @@ -1,13 +0,0 @@ -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - # NOTE(retr0h): Templates no longer fail this lint rule. - # Uncomment if running old Molecule templates. - # truthy: disable diff --git a/ansible/roles/xppl/README.md b/ansible/roles/xppl/README.md deleted file mode 100644 index 474e805..0000000 --- a/ansible/roles/xppl/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# xppl - -A role to install the XPPL. - -# Testing - -We use [Molecule] and the [Docker driver] to automate tests. - -```bash -$ curl -sSL https://get.docker.com/ | sh -$ virtualenv --python=$(which python3) .venv -$ source .venv/bin/activate -$ pip install molecule docker -$ molecule test -``` - -[Molecule]: https://molecule.readthedocs.io/en/latest/ -[Docker driver]: https://molecule.readthedocs.io/en/latest/configuration.html#docker - -# Supported OS - -* Debian Stretch - -Others may be supported. However, we only test on Debian. - -# Requirements - -None. - -# Role Variables - -None. - -# Dependencies - -None. - -# Example Playbook - - -```yaml -- hosts: servers - roles: - - { role: xppl } -``` - -# License - -* GPLv3 - -# Author Information - -* https://git.vvvvvvaria.org/decentral1se diff --git a/ansible/roles/xppl/defaults/main.yml b/ansible/roles/xppl/defaults/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/roles/xppl/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/roles/xppl/handlers/main.yml b/ansible/roles/xppl/handlers/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/roles/xppl/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/roles/xppl/meta/main.yml b/ansible/roles/xppl/meta/main.yml deleted file mode 100644 index aab6030..0000000 --- a/ansible/roles/xppl/meta/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -galaxy_info: - author: decentral1se - description: Ansible automation for the XPPL. - license: GPLv3 - min_ansible_version: 2.7.2 - galaxy_tags: [] - -dependencies: [] diff --git a/ansible/roles/xppl/molecule/default/Dockerfile.j2 b/ansible/roles/xppl/molecule/default/Dockerfile.j2 deleted file mode 100644 index 25e1bef..0000000 --- a/ansible/roles/xppl/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean diff --git a/ansible/roles/xppl/molecule/default/molecule.yml b/ansible/roles/xppl/molecule/default/molecule.yml deleted file mode 100644 index 107602d..0000000 --- a/ansible/roles/xppl/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: instance - image: debian:stretch - -provisioner: - name: ansible - lint: - name: ansible-lint - -scenario: - name: default - -verifier: - name: testinfra - lint: - name: flake8 diff --git a/ansible/roles/xppl/molecule/default/playbook.yml b/ansible/roles/xppl/molecule/default/playbook.yml deleted file mode 100644 index 4d193a4..0000000 --- a/ansible/roles/xppl/molecule/default/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: Converge - hosts: all - roles: - - role: xppl diff --git a/ansible/roles/xppl/tasks/main.yml b/ansible/roles/xppl/tasks/main.yml deleted file mode 100644 index b94592f..0000000 --- a/ansible/roles/xppl/tasks/main.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- name: Ensure the XPPL group exists. - become: true - group: - name: xppl - system: true - state: present - -- name: Ensure the project user exists. - become: true - user: - name: xppl - system: true - groups: xppl - -- name: Add the project user to the project group. - become: true - user: - name: xppl - groups: xppl - append: true - -- name: Ensure the project root directory is created. - become: true - file: - path: /var/xppl/ - state: directory - owner: xppl - group: xppl - mode: 0755 - -- name: Ensure the Git package is installed. - become: true - yum: - name: git - state: present - -- name: Clone the latest project source. - become: true - become_user: xppl - git: - repo: https://git.vvvvvvaria.org/decentral1se/xppl.git - dest: /var/xppl/ - version: master - register: git_clone_result - -- name: Ensure the Make package is installed. - become: true - yum: - name: make - state: present - -- name: Get RQLite installed into project directory. - make: - chdir: /var/xppl - target: install-rqlite - -- name: Ensure Supervisor is installed. - become: true - yum: - name: supervisord - state: present - -- name: Ensure Supervisor is running and enabled. - service: - name: supervisord - state: started - enabled: true - tags: - - molecule-notest - -# get the rqlite database setup with supervisor -# get the nginx certificate in place -# run the gunicorn server -# configure the uploads directory with Syncthing -# write some documentation diff --git a/ansible/roles/xppl/vars/main.yml b/ansible/roles/xppl/vars/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/roles/xppl/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ ----