hobo, combo, authentic install
This commit is contained in:
parent
ce9cc30a2a
commit
5da32b9072
|
@ -0,0 +1 @@
|
||||||
|
*.retry
|
82
README.rst
82
README.rst
|
@ -1,27 +1,75 @@
|
||||||
Dev install of publik
|
Dev install of publik
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
Description
|
Ansible playbook that install and setup a multitenant publik instance using sources.
|
||||||
+++++++++++
|
|
||||||
|
|
||||||
This will install a publik instance on localhost using sources (git) and pip.
|
|
||||||
|
|
||||||
|
|
||||||
Dependencies
|
Setup
|
||||||
++++++++++++
|
=====
|
||||||
|
|
||||||
python-lasso, git, ansible.
|
Install dependencies
|
||||||
Tested on debian testing.
|
++++++++++++++++++++
|
||||||
|
|
||||||
|
|
||||||
Usage
|
|
||||||
+++++
|
|
||||||
|
|
||||||
Fill the varibles i the 'local' file :
|
|
||||||
pipexe: path of the pip executable to use (it can be the pip of a virtualenv)
|
|
||||||
srcdir: path of the directory where the sources are going to be cloned
|
|
||||||
|
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
ansible-playbook -i local -K main.yml
|
pip install --user -r requirements.txt
|
||||||
|
|
||||||
|
|
||||||
|
System requirements
|
||||||
|
+++++++++++++++++++
|
||||||
|
|
||||||
|
* postgresql server must be installed
|
||||||
|
* the system user used to run ansible must be a sudoer
|
||||||
|
* the system user used to run ansible must to be able to connect to the postgres server withpout authentication and must be authorized to create databases
|
||||||
|
* you need to have a valid SSL certificate ('ssl_certificate' and 'ssl_certificate_key' in configuration file)
|
||||||
|
|
||||||
|
|
||||||
|
Description
|
||||||
|
===========
|
||||||
|
|
||||||
|
The configuration file ('inventory' in ansible language) is inventory.yml, change it to suite your needs.
|
||||||
|
|
||||||
|
Important configuration variables :
|
||||||
|
|
||||||
|
* 'user' : must be the name of the system user used to run the playbook (DRY I know, but tell ansible about it)
|
||||||
|
* the 'ssl_certificate' used must be valid for the patterns delared in 'apps.host_pattern' and app.nginx_host_pattern
|
||||||
|
* 'apps.host_pattern' is used in the app server settings
|
||||||
|
* 'apps.nginx_host_pattern' is used in the nginx app settings
|
||||||
|
|
||||||
|
The playbook will first :
|
||||||
|
|
||||||
|
* install some system packages (see roles/base)
|
||||||
|
* create a virtualenv ('venv' variable)
|
||||||
|
|
||||||
|
Then for each 'app' registered in the 'apps' section of the configuration file, the following events will occur:
|
||||||
|
|
||||||
|
* git clone of the repository in 'src_dir' dir and install from sources
|
||||||
|
* create one configuration file for the app and one for its hobo agent (in 'venv_conf' directory)
|
||||||
|
* create app-manage, app-server and app-agent scripts in 'venv_bin' directory
|
||||||
|
* create app-server and app-agent supervisord configuration
|
||||||
|
* create /var/lib/app and /var/log/app directories
|
||||||
|
* create a nginx configuration for server-app
|
||||||
|
* create a database for the app and create its schema
|
||||||
|
|
||||||
|
|
||||||
|
Usage
|
||||||
|
=====
|
||||||
|
|
||||||
|
Install publik
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
ansible-playbook -i inventory.yml -K install.yml
|
||||||
|
|
||||||
|
|
||||||
|
Send publik to the cemetery
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
ansible-playbook -i inventory.yml -K clean.yml
|
||||||
|
|
||||||
|
Next
|
||||||
|
====
|
||||||
|
|
||||||
|
Help yourself with your DNS settings and create a tenant using cook
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
---
|
||||||
|
- hosts: local
|
||||||
|
tasks:
|
||||||
|
- name: delete venv
|
||||||
|
file:
|
||||||
|
path: "{{venv}}"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: delete app /var/lib directory
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{item.value.project_name}}"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete server /var/log directory
|
||||||
|
file:
|
||||||
|
path: "/var/log/{{item.value.project_name}}-server"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete agent /var/log directory
|
||||||
|
file:
|
||||||
|
path: "/var/log/{{item.value.project_name}}-agent"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete supervisor server conf
|
||||||
|
file:
|
||||||
|
path: "/etc/supervisor/conf.d/{{item.value.project_name}}-server.conf"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete supervisor agent conf
|
||||||
|
file:
|
||||||
|
path: "/etc/supervisor/conf.d/{{item.value.project_name}}-agent.conf"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: reload supervisor
|
||||||
|
systemd:
|
||||||
|
name: supervisor
|
||||||
|
state: reloaded
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete nginx app server link conf
|
||||||
|
file:
|
||||||
|
path: "/etc/nginx/sites-enabled/{{item.value.project_name}}"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete nginx app server conf
|
||||||
|
file:
|
||||||
|
path: "/etc/nginx/sites-available/{{item.value.project_name}}"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
systemd:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: delete db
|
||||||
|
postgresql_db:
|
||||||
|
name: "{{item.value.db_name}}"
|
||||||
|
state: absent
|
||||||
|
with_dict: "{{apps}}"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: publik multitenant install
|
||||||
|
hosts: local
|
||||||
|
roles:
|
||||||
|
- base
|
||||||
|
- hobo
|
||||||
|
- authentic
|
||||||
|
- combo
|
||||||
|
- end
|
|
@ -0,0 +1,47 @@
|
||||||
|
|
||||||
|
local:
|
||||||
|
hosts:
|
||||||
|
localhost:
|
||||||
|
ansible_connection: local
|
||||||
|
vars:
|
||||||
|
user: cazino
|
||||||
|
django_version: 1.8.18
|
||||||
|
src_dir: "/home/{{user}}/src"
|
||||||
|
ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
|
||||||
|
ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
|
||||||
|
venv: "/home/{{user}}/envs/publik-env"
|
||||||
|
venv_bin: "{{venv}}/bin"
|
||||||
|
venv_conf: "{{venv}}/conf"
|
||||||
|
venv_pip: "{{venv_bin}}/pip"
|
||||||
|
venv_python: "{{venv_bin}}/python"
|
||||||
|
apps:
|
||||||
|
authentic:
|
||||||
|
name: authentic
|
||||||
|
db_name: authentic_multitenant
|
||||||
|
hobo_app: "hobo.agent.authentic2"
|
||||||
|
host_pattern: "*-authentic.local.publik"
|
||||||
|
manage_cmd: "{{venv_bin}}/authentic2-ctl"
|
||||||
|
nginx_host_pattern: '~^(.*)\-authentic\.local\.publik$'
|
||||||
|
project_name: authentic-multitenant
|
||||||
|
server_port: 8000
|
||||||
|
settings_env_var: AUTHENTIC2_SETTINGS_FILE
|
||||||
|
combo:
|
||||||
|
name: combo
|
||||||
|
db_name: combo_multitenant
|
||||||
|
hobo_app: "hobo.agent.combo"
|
||||||
|
host_pattern: "*-combo.local.publik"
|
||||||
|
nginx_host_pattern: '~^(.*)\-combo\.local\.publik$'
|
||||||
|
project_name: combo-multitenant
|
||||||
|
server_port: 8004
|
||||||
|
settings_env_var: COMBO_SETTINGS_FILE
|
||||||
|
hobo:
|
||||||
|
name: hobo
|
||||||
|
db_name: hobo_multitenant
|
||||||
|
hobo_app: "hobo.agent.hobo"
|
||||||
|
host_pattern: "*-hobo.local.publik"
|
||||||
|
nginx_host_pattern: '~^(.*)\-hobo\.local\.publik$'
|
||||||
|
project_name: hobo-multitenant
|
||||||
|
server_port: 8016
|
||||||
|
settings_env_var: HOBO_SETTINGS_FILE
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
# Ugly hack to perform a simple 'pip install -e /some/source/dir'
|
||||||
|
- name: pip install source
|
||||||
|
pip:
|
||||||
|
name: django
|
||||||
|
version: "{{ django_version}}"
|
||||||
|
extra_args: "-e {{ source }}"
|
||||||
|
virtualenv: "{{venv}}"
|
|
@ -0,0 +1 @@
|
||||||
|
ansible>2.4.0
|
|
@ -0,0 +1,30 @@
|
||||||
|
- name: set ansible agent variables
|
||||||
|
set_fact:
|
||||||
|
agent_dash_name: "{{app['project_name']}}-agent"
|
||||||
|
agent_dot_name: "{{app['project_name']}}.agent"
|
||||||
|
agent_settings: "{{venv_conf}}/{{app['db_name']}}_agent_settings.py"
|
||||||
|
|
||||||
|
- name: create hobo agent log directory
|
||||||
|
file:
|
||||||
|
path: "/var/log/{{agent_dash_name}}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{user}}"
|
||||||
|
group: "{{user}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: hobo agent settings file
|
||||||
|
template:
|
||||||
|
src: hobo-agent-settings.j2
|
||||||
|
dest: "{{agent_settings}}"
|
||||||
|
|
||||||
|
- name: agent script
|
||||||
|
template:
|
||||||
|
src: hobo-agent.j2
|
||||||
|
dest: "{{venv_bin}}/{{agent_dash_name}}"
|
||||||
|
mode: "u=rwx,g=rx,o=rx"
|
||||||
|
|
||||||
|
- name: hobo agent supervisor configuration
|
||||||
|
template:
|
||||||
|
src: hobo-agent-supervisor.j2
|
||||||
|
dest: "/etc/supervisor/conf.d/{{agent_dash_name}}.conf"
|
||||||
|
become: yes
|
|
@ -0,0 +1,9 @@
|
||||||
|
BROKER_URL = 'amqp://'
|
||||||
|
|
||||||
|
|
||||||
|
AGENT_HOST_PATTERNS = {
|
||||||
|
"{{app['name']}}": ["{{app['host_pattern']}}"],
|
||||||
|
}
|
||||||
|
|
||||||
|
{% filter upper %}{{app['name']}}{% endfilter %}_MANAGE_COMMAND = "{{venv_bin}}/{{app['project_name']}}-manage"
|
||||||
|
{% filter upper %}{{app['name']}}{% endfilter %}_MANAGE_TRY_COMMAND = {% filter upper %}{{app['name']}}{% endfilter %}_MANAGE_COMMAND
|
|
@ -0,0 +1,26 @@
|
||||||
|
[program:{{agent_dash_name}}]
|
||||||
|
; Concurrency set to 1 because there is no lock around calls to hobo_notify
|
||||||
|
command={{venv_bin}}/celery worker --hostname={{agent_dot_name}}.%%h --app=hobo.agent.worker --loglevel=INFO --concurrency=1
|
||||||
|
environment=HOBO_AGENT_SETTINGS_FILE="{{agent_settings}}"
|
||||||
|
process_name={{agent_dash_name}}
|
||||||
|
user={{user}}
|
||||||
|
numprocs=1
|
||||||
|
stdout_logfile=/var/log/{{agent_dash_name}}/stdout.log
|
||||||
|
stderr_logfile=/var/log/{{agent_dash_name}}/stderr.log
|
||||||
|
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startsecs=10
|
||||||
|
; Need to wait for currently executing tasks to finish at shutdown.
|
||||||
|
; Increase this if you have very long running tasks.
|
||||||
|
stopwaitsecs = 600
|
||||||
|
|
||||||
|
; When resorting to send SIGKILL to the program to terminate it
|
||||||
|
; send SIGKILL to its whole process group instead,
|
||||||
|
; taking care of its children as well.
|
||||||
|
killasgroup=true
|
||||||
|
|
||||||
|
; if rabbitmq is supervised, set its priority higher
|
||||||
|
; so it starts first
|
||||||
|
priority=998
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
HOBO_AGENT_SETTINGS_FILE="{{agent_settings}}" {{venv_bin}}/celery worker --hostname={{agent_dot_name}}.%%h --app=hobo.agent.worker --loglevel=INFO --concurrency=1
|
|
@ -0,0 +1,71 @@
|
||||||
|
- name: set ansible server variables
|
||||||
|
set_fact:
|
||||||
|
app_settings: "{{venv_conf}}/{{app['db_name']}}_settings.py"
|
||||||
|
manage_app_name: "{{app['project_name']}}-manage"
|
||||||
|
server_app_name: "{{app['project_name']}}-server"
|
||||||
|
|
||||||
|
- name: create db
|
||||||
|
postgresql_db:
|
||||||
|
name: "{{app['db_name']}}"
|
||||||
|
owner: "{{user}}"
|
||||||
|
|
||||||
|
- name: conf directory
|
||||||
|
file:
|
||||||
|
path: "{{venv_conf}}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{user}}"
|
||||||
|
group: "{{user}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: app /var/lib directory
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{app['project_name']}}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{user}}"
|
||||||
|
group: "{{user}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: app /var/lib tenants directory
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{app['project_name']}}/tenants"
|
||||||
|
state: directory
|
||||||
|
owner: "{{user}}"
|
||||||
|
group: "{{user}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: app settings file
|
||||||
|
template:
|
||||||
|
src: app-settings.j2
|
||||||
|
dest: "{{app_settings}}"
|
||||||
|
|
||||||
|
- name: manage script
|
||||||
|
template:
|
||||||
|
src: app-manage.j2
|
||||||
|
dest: "{{venv_bin}}/{{manage_app_name}}"
|
||||||
|
mode: "u=rwx,g=rx,o=rx"
|
||||||
|
|
||||||
|
- name: migrate schemas
|
||||||
|
command: "{{venv_bin}}/{{manage_app_name}} migrate_schemas"
|
||||||
|
|
||||||
|
- name: collect statics
|
||||||
|
shell: "echo yes | {{venv_bin}}/{{manage_app_name}} collectstatic"
|
||||||
|
|
||||||
|
- name: server script
|
||||||
|
template:
|
||||||
|
src: app-server.j2
|
||||||
|
dest: "{{venv_bin}}/{{server_app_name}}"
|
||||||
|
mode: "u=rwx,g=rx,o=rx"
|
||||||
|
|
||||||
|
- name: server log directory
|
||||||
|
file:
|
||||||
|
path: "/var/log/{{server_app_name}}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{user}}"
|
||||||
|
group: "{{user}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: server supervisor configuration
|
||||||
|
template:
|
||||||
|
src: server-supervisor.j2
|
||||||
|
dest: "/etc/supervisor/conf.d/{{server_app_name}}.conf"
|
||||||
|
become: yes
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{{app['settings_env_var']}}={{app_settings}} {% if 'manage_cmd' in app %}{{app['manage_cmd']}}{% else %}{{venv_python}} {{src_dir}}/{{app['name']}}/manage.py{% endif%} "$@"
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{{venv_bin}}/{{manage_app_name}} runserver {{app['server_port']}}
|
|
@ -0,0 +1,20 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
PROJECT_NAME = '{{app['project_name']}}'
|
||||||
|
execfile('{{src_dir}}/hobo/debian/debian_config_common.py')
|
||||||
|
|
||||||
|
# hobo don't use multitenant mellon adapter: IdP is detected in the local
|
||||||
|
# environnment
|
||||||
|
MELLON_ADAPTER = ('hobo.utils.MellonAdapter',)
|
||||||
|
|
||||||
|
LOGGING['loggers']['']['handlers'] = ['syslog']
|
||||||
|
|
||||||
|
{% if 'hobo_app' in app %}
|
||||||
|
INSTALLED_APPS = ('{{app['hobo_app']}}', ) + INSTALLED_APPS
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
os.environ['REQUESTS_CA_BUNDLE'] = '{{ssl_certificate}}'
|
||||||
|
|
||||||
|
ALLOWED_HOSTS = ['*']
|
||||||
|
|
||||||
|
DEBUG = True
|
|
@ -0,0 +1,28 @@
|
||||||
|
[program:{{server_app_name}}]
|
||||||
|
; Concurrency set to 1 because there is no lock around calls to hobo_notify
|
||||||
|
command={% if 'manage_cmd' in app %}{{app['manage_cmd']}}{% else %}{{venv_python}} {{src_dir}}/{{app['name']}}/manage.py{% endif%} runserver {{app['server_port']}}
|
||||||
|
environment={{app['settings_env_var']}}="{{app_settings}}"
|
||||||
|
process_name={{server_app_name}}
|
||||||
|
user={{user}}
|
||||||
|
numprocs=1
|
||||||
|
stdout_logfile=/var/log/{{server_app_name}}/stdout.log
|
||||||
|
stderr_logfile=/var/log/{{server_app_name}}/stderr.log
|
||||||
|
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startsecs=10
|
||||||
|
; Need to wait for currently executing tasks to finish at shutdown.
|
||||||
|
; Increase this if you have very long running tasks.
|
||||||
|
stopwaitsecs = 600
|
||||||
|
|
||||||
|
stopsignal=KILL
|
||||||
|
; When resorting to send SIGKILL to the program to terminate it
|
||||||
|
; send SIGKILL to its whole process group instead,
|
||||||
|
; taking care of its children as well.
|
||||||
|
killasgroup=true
|
||||||
|
stopasgroup=true
|
||||||
|
|
||||||
|
; if rabbitmq is supervised, set its priority higher
|
||||||
|
; so it starts first
|
||||||
|
priority=998
|
||||||
|
|
|
@ -1,55 +1,34 @@
|
||||||
- name: Install system depedencies
|
|
||||||
apt:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: installed
|
|
||||||
with_items:
|
|
||||||
- libsasl2-dev
|
|
||||||
- python-dev
|
|
||||||
- libldap2-dev
|
|
||||||
- libssl-dev
|
|
||||||
become: yes
|
|
||||||
|
|
||||||
|
- name: git clone authentic
|
||||||
- name: Git clone django-mellon
|
|
||||||
git:
|
|
||||||
repo: ssh://git@git.entrouvert.org/django-mellon.git
|
|
||||||
dest: "{{ srcdir }}/django-mellon"
|
|
||||||
|
|
||||||
- name: Pip install django
|
|
||||||
pip:
|
|
||||||
name: django
|
|
||||||
version: "{{ djangoversion}}"
|
|
||||||
executable: "{{ pipexe }}"
|
|
||||||
|
|
||||||
- name: Pip install django-mellon
|
|
||||||
pip:
|
|
||||||
name: django
|
|
||||||
version: "{{ djangoversion}}"
|
|
||||||
extra_args: "-e {{ srcdir }}/django-mellon"
|
|
||||||
executable: "{{ pipexe }}"
|
|
||||||
|
|
||||||
- name: Git clone gadjo
|
|
||||||
git:
|
|
||||||
repo: ssh://git@git.entrouvert.org/gadjo.git
|
|
||||||
dest: "{{ srcdir }}/gadjo"
|
|
||||||
|
|
||||||
- name: Pip install gadjo
|
|
||||||
pip:
|
|
||||||
name: django
|
|
||||||
version: "{{ djangoversion}}"
|
|
||||||
extra_args: "-e {{ srcdir }}/gadjo"
|
|
||||||
executable: "{{ pipexe }}"
|
|
||||||
|
|
||||||
|
|
||||||
- name: Git clone authentic
|
|
||||||
git:
|
git:
|
||||||
repo: ssh://git@git.entrouvert.org/authentic.git
|
repo: ssh://git@git.entrouvert.org/authentic.git
|
||||||
dest: "{{ srcdir }}/authentic"
|
dest: "{{ src_dir }}/authentic"
|
||||||
|
|
||||||
- name: Pip install authentic
|
- name: pip install authentic
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/authentic"
|
||||||
|
|
||||||
|
# FIXME: change authentic settings instead ?
|
||||||
|
- name: install python-memcached
|
||||||
pip:
|
pip:
|
||||||
name: django
|
name: python-memcached
|
||||||
version: "{{ djangoversion}}"
|
virtualenv: "{{venv}}"
|
||||||
extra_args: "-e {{ srcdir }}/authentic"
|
|
||||||
executable: "{{ pipexe }}"
|
|
||||||
|
|
||||||
|
- name: authentic app setup
|
||||||
|
import_role:
|
||||||
|
name: app-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['authentic']}}"
|
||||||
|
|
||||||
|
- name: authentic hobo agent
|
||||||
|
import_role:
|
||||||
|
name: agent-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['authentic']}}"
|
||||||
|
|
||||||
|
- name: authentic nginx setup
|
||||||
|
import_role:
|
||||||
|
name: nginx-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['authentic']}}"
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: Install system packages depedencies
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- libldap2-dev
|
||||||
|
- libsasl2-dev
|
||||||
|
- libssl-dev
|
||||||
|
- nginx
|
||||||
|
- python-dev
|
||||||
|
- python-lasso
|
||||||
|
- python-pip
|
||||||
|
- python-virtualenv
|
||||||
|
- rabbitmq-server
|
||||||
|
- supervisor
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: create the virtualenv and install django
|
||||||
|
pip:
|
||||||
|
name: django
|
||||||
|
version: "{{ django_version}}"
|
||||||
|
virtualenv: "{{venv}}"
|
||||||
|
|
||||||
|
# FIXME: needed by XXX, we should change XXX settings instead ?
|
||||||
|
- name: install raven
|
||||||
|
pip:
|
||||||
|
name: raven
|
||||||
|
virtualenv: "{{venv}}"
|
||||||
|
|
||||||
|
- name: create getlasso script
|
||||||
|
template:
|
||||||
|
src: getlasso.j2
|
||||||
|
dest: "{{venv_bin}}/getlasso.sh"
|
||||||
|
mode: "u=rwx,g=rx,o=rx"
|
||||||
|
|
||||||
|
- name: execute getlasso
|
||||||
|
command: "{{venv_bin}}/getlasso.sh"
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Get venv site-packages path
|
||||||
|
DSTDIR=`{{venv_python}} -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())'`
|
||||||
|
|
||||||
|
SRCDIR=`python -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())'`
|
||||||
|
|
||||||
|
# Clean up
|
||||||
|
rm -f $DSTDIR/lasso.*
|
||||||
|
rm -f $DSTDIR/_lasso.*
|
||||||
|
|
||||||
|
# Link
|
||||||
|
ln -sv $SRCDIR/lasso.py $DSTDIR
|
||||||
|
ln -sv $SRCDIR/_lasso.* $DSTDIR
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
|
||||||
|
- name: Git clone combo
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/combo.git
|
||||||
|
dest: "{{ src_dir }}/combo"
|
||||||
|
|
||||||
|
- name: Pip install combo
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/combo"
|
||||||
|
|
||||||
|
- name: Combo app setup
|
||||||
|
import_role:
|
||||||
|
name: app-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['combo']}}"
|
||||||
|
|
||||||
|
- name: Combo hobo agent
|
||||||
|
import_role:
|
||||||
|
name: agent-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['combo']}}"
|
||||||
|
|
||||||
|
- name: combo nginx setup
|
||||||
|
import_role:
|
||||||
|
name: nginx-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['combo']}}"
|
|
@ -0,0 +1,11 @@
|
||||||
|
- name: reload supervisor
|
||||||
|
systemd:
|
||||||
|
name: supervisor
|
||||||
|
state: reloaded
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
systemd:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
become: yes
|
|
@ -0,0 +1,63 @@
|
||||||
|
|
||||||
|
- name: git clone hobo
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/hobo.git
|
||||||
|
dest: "{{ src_dir }}/hobo"
|
||||||
|
|
||||||
|
- name: get lasso
|
||||||
|
command: "bash getlasso.sh"
|
||||||
|
args:
|
||||||
|
chdir: "{{ src_dir }}/hobo/"
|
||||||
|
|
||||||
|
- name: git clone django-mellon
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/django-mellon.git
|
||||||
|
dest: "{{ src_dir }}/django-mellon"
|
||||||
|
|
||||||
|
- name: pip install django-mellon
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/django-mellon"
|
||||||
|
|
||||||
|
- name: git clone gadjo
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/gadjo.git
|
||||||
|
dest: "{{ src_dir }}/gadjo"
|
||||||
|
|
||||||
|
- name: pip install gadjo
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/gadjo"
|
||||||
|
|
||||||
|
- name: git clone django-tenant-schemas
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/debian/django-tenant-schemas.git
|
||||||
|
dest: "{{ src_dir }}/django-tenant-schemas"
|
||||||
|
|
||||||
|
- name: pip install django-tenant-schemas
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/django-tenant-schemas"
|
||||||
|
|
||||||
|
- name: pip install hobo
|
||||||
|
import_tasks: pip_install_source.yml
|
||||||
|
vars:
|
||||||
|
source: "{{src_dir}}/hobo"
|
||||||
|
|
||||||
|
- name: hobo app setup
|
||||||
|
import_role:
|
||||||
|
name: app-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['hobo']}}"
|
||||||
|
|
||||||
|
- name: hobo hobo agent
|
||||||
|
import_role:
|
||||||
|
name: agent-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['hobo']}}"
|
||||||
|
|
||||||
|
- name: hobo nginx setup
|
||||||
|
import_role:
|
||||||
|
name: nginx-setup
|
||||||
|
vars:
|
||||||
|
app: "{{apps['hobo']}}"
|
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
- name: nginx server settings
|
||||||
|
template:
|
||||||
|
src: nginx-server.j2
|
||||||
|
dest: "/etc/nginx/sites-available/{{app['project_name']}}"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: a2ensite nginx server
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/{{app['project_name']}}"
|
||||||
|
path: "/etc/nginx/sites-enabled/{{app['project_name']}}"
|
||||||
|
state: link
|
||||||
|
become: yes
|
|
@ -0,0 +1,41 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name {{app['nginx_host_pattern']}};
|
||||||
|
|
||||||
|
ssl_certificate {{ssl_certificate}};
|
||||||
|
ssl_certificate_key {{ssl_certificate_key}};
|
||||||
|
|
||||||
|
access_log /var/log/nginx/{{app['project_name']}}-access.log combined;
|
||||||
|
error_log /var/log/nginx/{{app['project_name']}}-error.log;
|
||||||
|
|
||||||
|
location ~ ^/static/(.+)$ {
|
||||||
|
root /;
|
||||||
|
try_files /var/lib/{{app['project_name']}}/tenants/$host/static/$1
|
||||||
|
/var/lib/{{app['project_name']}}/collectstatic/$1
|
||||||
|
=404;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/media/(.+)$ {
|
||||||
|
alias /var/lib/{{app['project_name']}}/tenants/$host/media/$1;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:{{app['server_port']}};
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-SSL on;
|
||||||
|
proxy_set_header X-Forwarded-Protocol ssl;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# catchall http → https
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name {{app['nginx_host_pattern']}};
|
||||||
|
access_log /var/log/nginx/{{app['project_name']}}-access.log combined;
|
||||||
|
error_log /var/log/nginx/{{app['project_name']}}-error.log;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
|
||||||
|
- name: Git clone wcs
|
||||||
|
git:
|
||||||
|
repo: ssh://git@git.entrouvert.org/wcs.git
|
||||||
|
dest: "{{ srcdir }}/wcs"
|
||||||
|
|
||||||
|
- name: Pip install wcs
|
||||||
|
pip:
|
||||||
|
name: django
|
||||||
|
version: "{{ djangoversion}}"
|
||||||
|
extra_args: "-e {{ srcdir }}/wcs"
|
||||||
|
|
Loading…
Reference in New Issue