From: Lorin Hochstein Date: Fri, 6 Feb 2015 02:38:11 +0000 (-0500) Subject: ch06 X-Git-Url: https://git.halfball.org/?a=commitdiff_plain;h=41b82479d80d6aee2b5dffb417d5d1c59c4a8fe2;p=ansiblebook.git ch06 --- diff --git a/.gitignore b/.gitignore index 7ef8945..8a7cdef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .vagrant ch05/venv ch05/myproject +ch06/playbooks/secrets.yml diff --git a/ch06/playbooks/Vagrantfile b/ch06/playbooks/Vagrantfile new file mode 100644 index 0000000..12d9294 --- /dev/null +++ b/ch06/playbooks/Vagrantfile @@ -0,0 +1,71 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "ubuntu/trusty64" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # sudo apt-get update + # sudo apt-get install -y apache2 + # SHELL +end diff --git a/ch06/playbooks/ansible.cfg b/ch06/playbooks/ansible.cfg new file mode 100644 index 0000000..998812f --- /dev/null +++ b/ch06/playbooks/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +hostfile = inventory +remote_user = vagrant +private_key_file = .vagrant/machines/default/virtualbox/private_key +host_key_checking = False diff --git a/ch06/playbooks/inventory b/ch06/playbooks/inventory new file mode 100644 index 0000000..23c16b4 --- /dev/null +++ b/ch06/playbooks/inventory @@ -0,0 +1 @@ +testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 diff --git a/ch06/playbooks/mezzanine.yml b/ch06/playbooks/mezzanine.yml new file mode 100644 index 0000000..28fa283 --- /dev/null +++ b/ch06/playbooks/mezzanine.yml @@ -0,0 +1,145 @@ +--- +- name: Deploy mezzanine + hosts: web + vars: + user: "{{ ansible_ssh_user }}" + proj_name: mezzanine-example + venv_home: "{{ ansible_env.HOME }}" + venv_path: "{{ venv_home }}/{{ proj_name }}" + proj_dirname: project + proj_path: "{{ venv_path }}/{{ proj_dirname }}" + reqs_path: requirements.txt + manage: "{{ python }} {{ proj_path }}/manage.py" + live_hostname: 192.168.33.10.xip.io + domains: + - 192.168.33.10.xip.io + - www.192.168.33.10.xip.io + repo_url: git@github.com:lorin/mezzanine-example.git + gunicorn_port: 8000 + locale: en_US.UTF-8 + # Variables below don't appear in Mezannine's fabfile.py + # but I've added them for convenience + conf_path: /etc/nginx/conf + ssl_enabled: True + python: "{{ venv_path }}/bin/python" + database_name: "{{ proj_name }}" + database_user: "{{ proj_name }}" + database_host: localhost + database_port: 5432 + gunicorn_proc_name: mezzanine + vars_files: + - secrets.yml + tasks: + - name: install apt packages + apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 + sudo: True + with_items: + - git + - libjpeg-dev + - libpq-dev + - memcached + - nginx + - postgresql + - python-dev + - python-pip + - python-psycopg2 + - python-setuptools + - python-virtualenv + - supervisor + - name: check out the repository on the host + git: repo={{ repo_url }} dest={{ proj_path }} accept_hostkey=yes + - name: install required python packages + pip: name={{ item }} virtualenv={{ venv_path }} + with_items: + - gunicorn + - setproctitle + - south + - psycopg2 + - django-compressor + - python-memcached + - name: install requirements.txt + pip: requirements={{ proj_path }}/{{ reqs_path }} virtualenv={{ venv_path }} + - name: create a user + postgresql_user: + name: "{{ database_user }}" + password: "{{ db_pass }}" + sudo: True + sudo_user: postgres + - name: create the database + postgresql_db: + name: "{{ database_name }}" + owner: "{{ database_user }}" + encoding: UTF8 + lc_ctype: "{{ locale }}" + lc_collate: "{{ locale }}" + template: template0 + sudo: True + sudo_user: postgres + - name: generate the settings file + template: src=templates/local_settings.py.j2 dest={{ proj_path }}/local_settings.py + - name: sync the database, apply migrations, collect static content + django_manage: + command: "{{ item }}" + app_path: "{{ proj_path }}" + virtualenv: "{{ venv_path }}" + with_items: + - syncdb + - migrate + - collectstatic + - name: set the site id + script: scripts/setsite.py + environment: + PATH: "{{ venv_path }}/bin" + PROJECT_DIR: "{{ proj_path }}" + WEBSITE_DOMAIN: "{{ live_hostname }}" + - name: set the admin password + script: scripts/setadmin.py + environment: + PATH: "{{ venv_path }}/bin" + PROJECT_DIR: "{{ proj_path }}" + ADMIN_PASSWORD: "{{ admin_pass }}" + - name: set the gunicorn config file + template: src=templates/gunicorn.conf.py.j2 dest={{ proj_path }}/gunicorn.conf.py + - name: set the supervisor config file + template: src=templates/supervisor.conf.j2 dest=/etc/supervisor/conf.d/mezzanine.conf + sudo: True + notify: restart supervisor + - name: set the nginx config file + template: src=templates/nginx.conf.j2 dest=/etc/nginx/sites-available/mezzanine.conf + notify: restart nginx + sudo: True + - name: enable the nginx config file + file: + src: /etc/nginx/sites-available/mezzanine.conf + dest: /etc/nginx/sites-enabled/mezzanine.conf + state: link + notify: restart nginx + sudo: True + - name: remove the default nginx config file + file: path=/etc/nginx/sites-enabled/default state=absent + notify: restart nginx + sudo: True + - name: ensure config path exists + file: path={{ conf_path }} state=directory + sudo: True + when: ssl_enabled + - name: create ssl certificates + command: > + openssl req -new -x509 -nodes -out {{ proj_name }}.crt + -keyout {{ proj_name }}.key -subj '/CN={{ domains[0] }}' -days 3650 + chdir={{ conf_path }} + creates={{ conf_path }}/{{ proj_name }}.crt + sudo: True + when: ssl_enabled + notify: restart nginx + - name: install poll twitter cron job + cron: name="poll twitter" minute="*/5" user={{ user }} job="{{ manage }} poll_twitter" + + handlers: + - name: restart supervisor + supervisorctl: name=gunicorn_mezzanine state=restarted + sudo: True + - name: restart nginx + service: name=nginx state=restarted + sudo: True + diff --git a/ch06/playbooks/secrets.yml.example b/ch06/playbooks/secrets.yml.example new file mode 100644 index 0000000..55bde90 --- /dev/null +++ b/ch06/playbooks/secrets.yml.example @@ -0,0 +1,15 @@ +--- +db_pass: e79c9761d0b54698a83ff3f93769e309 +admin_pass: 46041386be534591ad24902bf72071B +secret_key: b495a05c396843b6b47ac944a72c92ed +nevercache_key: b5d87bb4e17c483093296fa321056bdc +# You need to create a Twitter application at https://dev.twitter.com +# in order to get the credentials required for Mezzanine's +# twitter integration. +# +# See http://mezzanine.jupo.org/docs/twitter-integration.html +# for details on Twitter integration +twitter_access_token_key: 80b557a3a8d14cb7a2b91d60398fb8ce +twitter_access_token_secret: 1974cf8419114bdd9d4ea3db7a210d90 +twitter_consumer_key: 1f1c627530b34bb58701ac81ac3fad51 +twitter_consumer_secret: 36515c2b60ee4ffb9d33d972a7ec350a