ungleich-public/public-health-ch
6
1
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity

Ansible scripts revised

Browse source
This commit is contained in:
datalets 2021-02-20 15:00:04 +01:00
parent 127d295cec
commit c7582f61e2
8 changed files with 63 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -77,7 +77,12 @@ Now access the admin panel with the user account you created earlier: http://loc
## Troubleshooting ## Troubleshooting
- Issues with migrating database tables in SQLite during development? Try `./manage.py migrate --fake` Issues with migrating database tables in SQLite during development? Try `./manage.py migrate --fake`
Having trouble installing any packages with npm or yarn? Add IPv6 addresses to your hosts:
2606:4700::6810:1823 registry.npmjs.org
2606:4700::6810:1123 registry.yarnpkg.com
## Production notes ## Production notes
@ -85,14 +90,10 @@ We use [Ansible](https://www.ansible.com) and [Docker Compose](https://docs.dock
To use Docker Compose to manually deploy the site, copy `ansible/roles/web/templates/docker-compose.j2` to `/docker-compose.yml` and fill in all `{{ variables }}`. This can also be done automatically in Ansible. To use Docker Compose to manually deploy the site, copy `ansible/roles/web/templates/docker-compose.j2` to `/docker-compose.yml` and fill in all `{{ variables }}`. This can also be done automatically in Ansible.
Install or update the following roles from [Ansible Galaxy](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html) to use our scripts: To update all roles from [Ansible Galaxy](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html) used in our install scripts:
``` ```
ansible-galaxy install \ ansible-galaxy install `ls ansible/roles -x -I wagtail` --force
dev-sec.nginx-hardening \
dev-sec.ssh-hardening \
dev-sec.os-hardening \
geerlingguy.nodejs
``` ```
To check that the scripts and roles are correctly installed, use this command to do a "dry run": To check that the scripts and roles are correctly installed, use this command to do a "dry run":
@ -123,14 +124,6 @@ You can also use the `gitrepo` parameter to use a different fork of the source c
Once the basic system set up, i.e. you have an `ansible` user in the sudoers and docker group, you are ready to run the playbook. Once the basic system set up, i.e. you have an `ansible` user in the sudoers and docker group, you are ready to run the playbook.
The typical order of deployment is:
- internet.yaml
- docker.yaml
- node.yaml
- web.yaml
- wagtail.yaml
### Production releases ### Production releases
For further deployment and system maintenance we have a `Makefile` which automates Docker Compose tasks. This should be converted to use [Ansible Container](http://docs.ansible.com/ansible-container/getting_started.html). In the meantime, start a release with Ansible, then complete it using `make`, i.e.: For further deployment and system maintenance we have a `Makefile` which automates Docker Compose tasks. This should be converted to use [Ansible Container](http://docs.ansible.com/ansible-container/getting_started.html). In the meantime, start a release with Ansible, then complete it using `make`, i.e.:

3
ansible/internet.yaml → ansible/alpha.yaml
View file

@ -3,13 +3,10 @@
gather_facts: True gather_facts: True
vars: vars:
ssh_server_ports: "{{ vault_ssh_server_ports }}" ssh_server_ports: "{{ vault_ssh_server_ports }}"
nginx_add_header: []
sysctl_overwrite: sysctl_overwrite:
# Enable IPv4 traffic forwarding. # Enable IPv4 traffic forwarding.
net.ipv4.ip_forward: 1 net.ipv4.ip_forward: 1
roles: roles:
- role: dev-sec.os-hardening - role: dev-sec.os-hardening
- role: dev-sec.ssh-hardening - role: dev-sec.ssh-hardening
- role: nginxinc.nginx
- role: dev-sec.nginx-hardening
- role: jnv.unattended-upgrades - role: jnv.unattended-upgrades

8
ansible/nginx.yaml Normal file
View file

@ -0,0 +1,8 @@
- hosts: webservers
become: True
gather_facts: True
vars:
nginx_add_header: []
roles:
- role: nginxinc.nginx
- role: dev-sec.nginx-hardening

1
ansible/node.yaml
View file

@ -6,4 +6,5 @@
- role: geerlingguy.nodejs - role: geerlingguy.nodejs
nodejs_install_npm_user: ansible nodejs_install_npm_user: ansible
nodejs_npm_global_packages: nodejs_npm_global_packages:
- name: yarn
- name: grunt-cli - name: grunt-cli

49
ansible/roles/wagtail/tasks/install.yaml
View file

@ -1,9 +1,21 @@
--- ---
- name: Ensure Make is installed
become: true
apt:
pkg: make
- name: Create release directory - name: Create release directory
file: path={{ release_dir }} state=directory owner=ansible group=ansible mode=u=rwX,g=rX,o=rX file: path={{ release_dir }} state=directory owner=ansible group=ansible mode=u=rwX,g=rX,o=rX
become: true become: true
- name: Checkout code branch from git
git:
dest: "{{ release_dir }}"
repo: "{{ gitrepo }}"
version: "{{ gitversion }}"
force: true
- name: Create media directory - name: Create media directory
file: path={{ release_dir }}/media state=directory owner=ansible group=www-data file: path={{ release_dir }}/media state=directory owner=ansible group=www-data
become: true become: true
@ -11,40 +23,3 @@
- name: Set media directory permissions - name: Set media directory permissions
file: dest={{ release_dir }}/media owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes file: dest={{ release_dir }}/media owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes
become: true become: true
- name: Checkout code branch from git
git:
dest: "{{ release_dir }}"
repo: "{{ gitrepo }}"
version: "{{ gitversion }}"
force: false
- name: Copy Docker site configuration
template:
src: docker-compose.j2
dest: "{{ release_dir }}/docker-compose.yml"
- name: Ensure Make is installed
become: true
apt:
pkg: make
- name: Deploy Wagtail site on Docker
shell: make build-cached
args:
chdir: "{{ release_dir }}"
- name: Start Wagtail site
shell: make run
args:
chdir: "{{ release_dir }}"
- name: Prepare compress frontend
shell: make compress
args:
chdir: "{{ release_dir }}"
- name: Finish setup of Wagtail site
shell: make setup EMAIL={{ email_admin }}
args:
chdir: "{{ release_dir }}"

12
ansible/roles/wagtail/tasks/main.yaml
View file

@ -1,13 +1,17 @@
--- ---
- include: frontend.yaml
tags:
- frontend
- include: install.yaml - include: install.yaml
tags: tags:
- install - install
- include: packages.yaml
tags:
- packages
- include: release.yaml - include: release.yaml
tags: tags:
- release - release
- include: setup.yaml
tags:
- setup

26
ansible/roles/wagtail/tasks/frontend.yaml → ansible/roles/wagtail/tasks/packages.yaml
View file

@ -12,32 +12,6 @@
file: dest={{ release_dir }}/static owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes file: dest={{ release_dir }}/static owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes
become: true become: true
- name: Install JavaScript Yarn
become: true
npm:
name: yarn
global: true
- name: Link the Yarn executable
become: true
file:
src: "/usr/local/lib/npm/bin/yarn"
dest: "/usr/local/bin/yarn"
state: link
- name: Install JavaScript Grunt
become: true
yarn:
name: grunt-cli
global: true
- name: Link the Grunt executable
become: true
file:
src: "/usr/local/lib/npm/bin/grunt"
dest: "/usr/local/bin/grunt"
state: link
- name: Install JavaScript packages with Yarn - name: Install JavaScript packages with Yarn
yarn: yarn:
path: "{{ release_dir }}" path: "{{ release_dir }}"

26
ansible/roles/wagtail/tasks/setup.yaml Normal file
View file

@ -0,0 +1,26 @@
---
- name: Copy Docker site configuration
template:
src: docker-compose.j2
dest: "{{ release_dir }}/docker-compose.yml"
- name: Deploy Wagtail site on Docker
shell: make build-cached
args:
chdir: "{{ release_dir }}"
- name: Start Wagtail site
shell: make run
args:
chdir: "{{ release_dir }}"
- name: Prepare compress frontend
shell: make compress
args:
chdir: "{{ release_dir }}"
- name: Finish setup of Wagtail site
shell: make setup EMAIL={{ email_admin }}
args:
chdir: "{{ release_dir }}"