Browse Source
Finish up the Ansible deployment.
ansible-setup-and-deploy
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
23 changed files with
169 additions and
211 deletions
-
ansible/README.md
-
ansible/ansible.cfg
-
ansible/inventory
-
ansible/plays/main.yml
-
ansible/roles/git/tasks/main.yml
-
ansible/roles/nginx/handlers/main.yml
-
ansible/roles/nginx/tasks/main.yml
-
ansible/roles/nginx/templates/books.vvvvvvaria.org.j2
-
ansible/roles/perms/tasks/main.yml
-
ansible/roles/pipenv/tasks/main.yml
-
ansible/roles/supervisor/handlers/main.yml
-
ansible/roles/supervisor/tasks/main.yml
-
ansible/roles/supervisor/templates/xppl.conf.j2
-
ansible/roles/xppl/.yamllint
-
ansible/roles/xppl/README.md
-
ansible/roles/xppl/defaults/main.yml
-
ansible/roles/xppl/handlers/main.yml
-
ansible/roles/xppl/meta/main.yml
-
ansible/roles/xppl/molecule/default/Dockerfile.j2
-
ansible/roles/xppl/molecule/default/molecule.yml
-
ansible/roles/xppl/molecule/default/playbook.yml
-
ansible/roles/xppl/tasks/main.yml
-
ansible/roles/xppl/vars/main.yml
|
@ -12,13 +12,3 @@ $ ansible-playbook --ask-become-pass plays/main.yml |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
[varia.zone]: https://varia.zone/ |
|
|
[varia.zone]: https://varia.zone/ |
|
|
|
|
|
|
|
|
## What Does It Do? |
|
|
|
|
|
|
|
|
|
|
|
* Clone the Python application into `/var/xppl/`. |
|
|
|
|
|
* Get the RQLite database running managed under [Supervisord]. |
|
|
|
|
|
* Run the [Gunicorn] WSGI server to server the Python application. |
|
|
|
|
|
* Proxy the WSGI server with an NGINX configuration. |
|
|
|
|
|
|
|
|
|
|
|
[Gunicorn]: https://gunicorn.org/ |
|
|
|
|
|
[Supervisord]: http://supervisord.org/introduction.html#features |
|
|
|
|
|
|
@ -2,7 +2,7 @@ |
|
|
forks=10 |
|
|
forks=10 |
|
|
internal_poll_interval=0.004 |
|
|
internal_poll_interval=0.004 |
|
|
inventory=inventory |
|
|
inventory=inventory |
|
|
retry_files=false |
|
|
retry_files_enabled=false |
|
|
roles_path=roles |
|
|
roles_path=roles |
|
|
|
|
|
|
|
|
[privilege_escalation] |
|
|
[privilege_escalation] |
|
|
|
@ -1,2 +1,2 @@ |
|
|
[prod] |
|
|
[varia-zone] |
|
|
varia.zone ansible_ssh_port=12345 |
|
|
varia.zone ansible_ssh_port=12345 |
|
|
|
@ -1,5 +1,10 @@ |
|
|
--- |
|
|
--- |
|
|
|
|
|
|
|
|
- hosts: prod |
|
|
- hosts: varia-zone |
|
|
roles: |
|
|
roles: |
|
|
- role: xppl |
|
|
- role: perms # Setup users and groups |
|
|
|
|
|
- role: git # Clone the project source |
|
|
|
|
|
- role: pipenv # Install Python dependencies |
|
|
|
|
|
- role: rqlite # Install RQLite |
|
|
|
|
|
- role: supervisor # Setup managed proccesses |
|
|
|
|
|
- role: nginx # Setup Nginx configuration |
|
|
|
@ -0,0 +1,14 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the Git package is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
yum: |
|
|
|
|
|
name: git |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Clone the latest project source. |
|
|
|
|
|
become: true |
|
|
|
|
|
git: |
|
|
|
|
|
repo: https://git.vvvvvvaria.org/decentral1se/xppl.git |
|
|
|
|
|
dest: /var/xppl/ |
|
|
|
|
|
version: master |
|
@ -0,0 +1,7 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Reload Nginx. |
|
|
|
|
|
become: true |
|
|
|
|
|
service: |
|
|
|
|
|
name: nginx |
|
|
|
|
|
state: reloaded |
|
@ -0,0 +1,9 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Copy over the Nginx configuration. |
|
|
|
|
|
become: true |
|
|
|
|
|
template: |
|
|
|
|
|
src: books.vvvvvvaria.org.j2 |
|
|
|
|
|
dest: /etc/nginx/sites-available/ |
|
|
|
|
|
mode: 0644 |
|
|
|
|
|
notify: Reload Nginx. |
|
@ -0,0 +1,27 @@ |
|
|
|
|
|
server { |
|
|
|
|
|
listen 80; |
|
|
|
|
|
server_name books.vvvvvvaria.org; |
|
|
|
|
|
return 301 https://$server_name$request_uri; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
server { |
|
|
|
|
|
listen 443 ssl; |
|
|
|
|
|
server_name books.vvvvvvaria.org; |
|
|
|
|
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/vvvvvvaria.org/fullchain.pem; |
|
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/vvvvvvaria.org/privkey.pem; |
|
|
|
|
|
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5; |
|
|
|
|
|
|
|
|
|
|
|
access_log /var/log/nginx/books.vvvvvvaria.org.log; |
|
|
|
|
|
error_log /var/log/nginx/books.vvvvvvaria.org.log; |
|
|
|
|
|
|
|
|
|
|
|
location / { |
|
|
|
|
|
proxy_bind $server_addr; |
|
|
|
|
|
proxy_pass http://127.0.0.1:5000; |
|
|
|
|
|
proxy_set_header Host $http_host; |
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
|
|
proxy_set_header X-Scheme $scheme; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
@ -0,0 +1,32 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the XPPL group exists. |
|
|
|
|
|
become: true |
|
|
|
|
|
group: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
system: true |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the XPPL user exists. |
|
|
|
|
|
become: true |
|
|
|
|
|
user: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
system: true |
|
|
|
|
|
groups: xppl |
|
|
|
|
|
create_home: false |
|
|
|
|
|
|
|
|
|
|
|
- name: Add the XPPL user to the XPPL group. |
|
|
|
|
|
become: true |
|
|
|
|
|
user: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
groups: xppl |
|
|
|
|
|
append: true |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the XPPL root directory is created. |
|
|
|
|
|
become: true |
|
|
|
|
|
file: |
|
|
|
|
|
path: /var/xppl/ |
|
|
|
|
|
state: directory |
|
|
|
|
|
owner: xppl |
|
|
|
|
|
group: xppl |
|
|
|
|
|
mode: 0755 |
|
@ -0,0 +1,23 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure python3-pip package is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
apt: |
|
|
|
|
|
name: python3-pip |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure Pipenv is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
pip: |
|
|
|
|
|
name: pipenv |
|
|
|
|
|
executable: pip3 |
|
|
|
|
|
|
|
|
|
|
|
- name: Run a Pipenv package sync. |
|
|
|
|
|
become: true |
|
|
|
|
|
become_user: xppl |
|
|
|
|
|
environment: |
|
|
|
|
|
LANG: C.UTF-8 |
|
|
|
|
|
LC_ALL: C.UTF-8 |
|
|
|
|
|
command: pipenv sync |
|
|
|
|
|
args: |
|
|
|
|
|
chdir: /var/xppl/ |
|
@ -0,0 +1,7 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Restart Supervisor. |
|
|
|
|
|
become: true |
|
|
|
|
|
service: |
|
|
|
|
|
name: supervisor |
|
|
|
|
|
state: restarted |
|
@ -0,0 +1,28 @@ |
|
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure Supervisor is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
yum: |
|
|
|
|
|
name: supervisor |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the Supervisor configuration directory exists. |
|
|
|
|
|
become: true |
|
|
|
|
|
file: |
|
|
|
|
|
path: /etc/supervisor/conf.d |
|
|
|
|
|
state: directory |
|
|
|
|
|
|
|
|
|
|
|
- name: Copy over the Supervisor configuration. |
|
|
|
|
|
become: true |
|
|
|
|
|
template: |
|
|
|
|
|
src: xppl.conf.j2 |
|
|
|
|
|
dest: /etc/supervisor/conf.d/xppl.conf |
|
|
|
|
|
mode: 0644 |
|
|
|
|
|
notify: Restart Supervisor. |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure Supervisor is running and enabled. |
|
|
|
|
|
become: true |
|
|
|
|
|
service: |
|
|
|
|
|
name: supervisor |
|
|
|
|
|
state: started |
|
|
|
|
|
enabled: true |
|
@ -0,0 +1,13 @@ |
|
|
|
|
|
[group:xppl] |
|
|
|
|
|
programs=xppl-rqlite,xppl-flask |
|
|
|
|
|
|
|
|
|
|
|
[program:xppl-flask] |
|
|
|
|
|
user = xppl |
|
|
|
|
|
directory = /var/xppl |
|
|
|
|
|
command = pipenv run gunicorn --worker-class eventlet -w 1 wsgi:app |
|
|
|
|
|
priority = 999 |
|
|
|
|
|
|
|
|
|
|
|
[program:xppl-rqlite] |
|
|
|
|
|
user = xppl |
|
|
|
|
|
command = /var/xppl/rqlite/rqlite-v4.3.0-linux-amd64/rqlited /var/xppl/rqlite/node.1 |
|
|
|
|
|
priority = 888 |
|
@ -1,13 +0,0 @@ |
|
|
extends: default |
|
|
|
|
|
|
|
|
|
|
|
rules: |
|
|
|
|
|
braces: |
|
|
|
|
|
max-spaces-inside: 1 |
|
|
|
|
|
level: error |
|
|
|
|
|
brackets: |
|
|
|
|
|
max-spaces-inside: 1 |
|
|
|
|
|
level: error |
|
|
|
|
|
line-length: disable |
|
|
|
|
|
# NOTE(retr0h): Templates no longer fail this lint rule. |
|
|
|
|
|
# Uncomment if running old Molecule templates. |
|
|
|
|
|
# truthy: disable |
|
|
|
|
@ -1,53 +0,0 @@ |
|
|
# xppl |
|
|
|
|
|
|
|
|
|
|
|
A role to install the XPPL. |
|
|
|
|
|
|
|
|
|
|
|
# Testing |
|
|
|
|
|
|
|
|
|
|
|
We use [Molecule] and the [Docker driver] to automate tests. |
|
|
|
|
|
|
|
|
|
|
|
```bash |
|
|
|
|
|
$ curl -sSL https://get.docker.com/ | sh |
|
|
|
|
|
$ virtualenv --python=$(which python3) .venv |
|
|
|
|
|
$ source .venv/bin/activate |
|
|
|
|
|
$ pip install molecule docker |
|
|
|
|
|
$ molecule test |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
[Molecule]: https://molecule.readthedocs.io/en/latest/ |
|
|
|
|
|
[Docker driver]: https://molecule.readthedocs.io/en/latest/configuration.html#docker |
|
|
|
|
|
|
|
|
|
|
|
# Supported OS |
|
|
|
|
|
|
|
|
|
|
|
* Debian Stretch |
|
|
|
|
|
|
|
|
|
|
|
Others may be supported. However, we only test on Debian. |
|
|
|
|
|
|
|
|
|
|
|
# Requirements |
|
|
|
|
|
|
|
|
|
|
|
None. |
|
|
|
|
|
|
|
|
|
|
|
# Role Variables |
|
|
|
|
|
|
|
|
|
|
|
None. |
|
|
|
|
|
|
|
|
|
|
|
# Dependencies |
|
|
|
|
|
|
|
|
|
|
|
None. |
|
|
|
|
|
|
|
|
|
|
|
# Example Playbook |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```yaml |
|
|
|
|
|
- hosts: servers |
|
|
|
|
|
roles: |
|
|
|
|
|
- { role: xppl } |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
# License |
|
|
|
|
|
|
|
|
|
|
|
* GPLv3 |
|
|
|
|
|
|
|
|
|
|
|
# Author Information |
|
|
|
|
|
|
|
|
|
|
|
* https://git.vvvvvvaria.org/decentral1se |
|
|
|
|
@ -1,10 +0,0 @@ |
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
galaxy_info: |
|
|
|
|
|
author: decentral1se |
|
|
|
|
|
description: Ansible automation for the XPPL. |
|
|
|
|
|
license: GPLv3 |
|
|
|
|
|
min_ansible_version: 2.7.2 |
|
|
|
|
|
galaxy_tags: [] |
|
|
|
|
|
|
|
|
|
|
|
dependencies: [] |
|
|
|
|
@ -1,9 +0,0 @@ |
|
|
# Molecule managed |
|
|
|
|
|
|
|
|
|
|
|
{% if item.registry is defined %} |
|
|
|
|
|
FROM {{ item.registry.url }}/{{ item.image }} |
|
|
|
|
|
{% else %} |
|
|
|
|
|
FROM {{ item.image }} |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
|
|
|
|
|
|
RUN apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean |
|
|
|
|
@ -1,26 +0,0 @@ |
|
|
--- |
|
|
|
|
|
dependency: |
|
|
|
|
|
name: galaxy |
|
|
|
|
|
|
|
|
|
|
|
driver: |
|
|
|
|
|
name: docker |
|
|
|
|
|
|
|
|
|
|
|
lint: |
|
|
|
|
|
name: yamllint |
|
|
|
|
|
|
|
|
|
|
|
platforms: |
|
|
|
|
|
- name: instance |
|
|
|
|
|
image: debian:stretch |
|
|
|
|
|
|
|
|
|
|
|
provisioner: |
|
|
|
|
|
name: ansible |
|
|
|
|
|
lint: |
|
|
|
|
|
name: ansible-lint |
|
|
|
|
|
|
|
|
|
|
|
scenario: |
|
|
|
|
|
name: default |
|
|
|
|
|
|
|
|
|
|
|
verifier: |
|
|
|
|
|
name: testinfra |
|
|
|
|
|
lint: |
|
|
|
|
|
name: flake8 |
|
|
|
|
@ -1,6 +0,0 @@ |
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Converge |
|
|
|
|
|
hosts: all |
|
|
|
|
|
roles: |
|
|
|
|
|
- role: xppl |
|
|
|
|
@ -1,77 +0,0 @@ |
|
|
--- |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the XPPL group exists. |
|
|
|
|
|
become: true |
|
|
|
|
|
group: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
system: true |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the project user exists. |
|
|
|
|
|
become: true |
|
|
|
|
|
user: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
system: true |
|
|
|
|
|
groups: xppl |
|
|
|
|
|
|
|
|
|
|
|
- name: Add the project user to the project group. |
|
|
|
|
|
become: true |
|
|
|
|
|
user: |
|
|
|
|
|
name: xppl |
|
|
|
|
|
groups: xppl |
|
|
|
|
|
append: true |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the project root directory is created. |
|
|
|
|
|
become: true |
|
|
|
|
|
file: |
|
|
|
|
|
path: /var/xppl/ |
|
|
|
|
|
state: directory |
|
|
|
|
|
owner: xppl |
|
|
|
|
|
group: xppl |
|
|
|
|
|
mode: 0755 |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the Git package is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
yum: |
|
|
|
|
|
name: git |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Clone the latest project source. |
|
|
|
|
|
become: true |
|
|
|
|
|
become_user: xppl |
|
|
|
|
|
git: |
|
|
|
|
|
repo: https://git.vvvvvvaria.org/decentral1se/xppl.git |
|
|
|
|
|
dest: /var/xppl/ |
|
|
|
|
|
version: master |
|
|
|
|
|
register: git_clone_result |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure the Make package is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
yum: |
|
|
|
|
|
name: make |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Get RQLite installed into project directory. |
|
|
|
|
|
make: |
|
|
|
|
|
chdir: /var/xppl |
|
|
|
|
|
target: install-rqlite |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure Supervisor is installed. |
|
|
|
|
|
become: true |
|
|
|
|
|
yum: |
|
|
|
|
|
name: supervisord |
|
|
|
|
|
state: present |
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure Supervisor is running and enabled. |
|
|
|
|
|
service: |
|
|
|
|
|
name: supervisord |
|
|
|
|
|
state: started |
|
|
|
|
|
enabled: true |
|
|
|
|
|
tags: |
|
|
|
|
|
- molecule-notest |
|
|
|
|
|
|
|
|
|
|
|
# get the rqlite database setup with supervisor |
|
|
|
|
|
# get the nginx certificate in place |
|
|
|
|
|
# run the gunicorn server |
|
|
|
|
|
# configure the uploads directory with Syncthing |
|
|
|
|
|
# write some documentation |
|
|
|