amélioration de l'install de CHexpire

4 years ago · 6018d9b0b1
parent a59531dc4f
commit 6018d9b0b1
14 changed files with 253 additions and 40 deletions
--- a/2
+++ b/2
@ -25,7 +25,7 @@ Vagrant.configure("2") do |config|
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
-  # config.vm.network "forwarded_port", guest: 80, host: 8080
+  config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
--- a/config.yml
+++ b/config.yml
@ -8,10 +8,11 @@
    - vars/main.yml

  roles:
-    # - { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "2.6.4" }
-    # - { role: nodejs, nodejs_install_yarn: yes }
-    # - apache-vhost
+    - { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "{{ ruby_version }}" }
+    - { role: nodejs, nodejs_install_yarn: yes }
    - chexpire-admin-init
+    - apache-vhost
+    - puma-systemd

  post_tasks:
    - include_role:
@ -29,3 +30,10 @@

  roles:
    - { role: chexpire-user-init, username: "{{ ansible_user }}" }
+
+  tasks:
+    - name: Puma systemd unit is started
+      systemd:
+        name: puma-chexpire
+        state: started
+      become: yes
--- a/evolinux.yml
+++ b/evolinux.yml
@ -1,3 +1,4 @@
+# /vagrant-ansible-playbook evolinux.yml
 ---

 - hosts: all
@ -8,7 +9,7 @@
    - vars/main.yml

  roles:
-    # - evolinux-base
+    - evolinux-base
    - apache
    - mysql

--- a/roles/apache-vhost/handlers/main.yml
+++ b/roles/apache-vhost/handlers/main.yml
@ -0,0 +1,6 @@
+---
+
+- name: reload apache2
+  systemd:
+    name: apache2
+    state: reloaded
--- a/roles/apache-vhost/tasks/main.yml
+++ b/roles/apache-vhost/tasks/main.yml
@ -1 +1,34 @@
 ---
+
+- name: log directory is present
+  file:
+    dest: /home/vagrant/log
+    mode: "0750"
+    owner: vagrant
+    group: vagrant
+    state: directory
+
+- name: Chexpire VHost is present
+  template:
+    src: chexpire.conf.j2
+    dest: /etc/apache2/sites-available/chexpire.conf
+    force: yes
+  notify: reload apache2
+
+- name: Chexpire VHost is enabled
+  command: a2ensite chexpire
+  args:
+    creates: /etc/apache2/sites-enabled/chexpire.conf
+  notify: reload apache2
+
+- name: Default VHost is disabled
+  command: a2dissite 000-default
+  args:
+    removes: /etc/apache2/sites-enabled/000-default.conf
+  notify: reload apache2
+
+- name: Proxy modules are enabled
+  command: a2enmod proxy_http
+  args:
+    creates: /etc/apache2/mods-enabled/proxy_http.load
+  notify: reload apache2
--- a/roles/apache-vhost/templates/chexpire.conf.j2
+++ b/roles/apache-vhost/templates/chexpire.conf.j2
@ -1,16 +1,16 @@
 <VirtualHost *:80 *:443>

    # FQDN principal
-    # ServerName chexpire.evolix.org
+    ServerName chexpire.evolix.org
    #ServerAlias chexpire.evolix.org

    # Repertoire principal
-    DocumentRoot /home/vagrant/www/current/public
+    DocumentRoot /home/vagrant/www/public

    # Include /etc/apache2/ssl/chexpire.conf

    # Propriete du repertoire
-    <Directory /home/vagrant/www/current/public/>
+    <Directory /home/vagrant/www/public/>
        #Options +Indexes +SymLinksIfOwnerMatch
        Options +SymLinksIfOwnerMatch
        AllowOverride AuthConfig Limit FileInfo
@ -32,8 +32,8 @@
        </Location>

        ProxyPreserveHost On
-        ProxyPass / http://127.0.0.1:3000/
-        ProxyPassReverse / http://127.0.0.1:3000/
+        ProxyPass / http://127.0.0.1:{{ puma_port }}/
+        ProxyPassReverse / http://127.0.0.1:{{ puma_port }}/

        RequestHeader set X-Forwarded-Proto https

@ -63,8 +63,8 @@
    # RewriteCond %{HTTP_HOST} !^chexpire.evolix.org$
    # RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R]

-    # no PHP
-    php_admin_flag engine off
-    AddType text/html .html
+    # # no PHP
+    # php_admin_flag engine off
+    # AddType text/html .html

 </VirtualHost>
--- a/roles/chexpire-admin-init/tasks/main.yml
+++ b/roles/chexpire-admin-init/tasks/main.yml
@ -6,3 +6,52 @@
  with_items:
    - libsodium-dev
    - default-libmysqlclient-dev
+
+- name: MySQL database is present
+  mysql_db:
+    name: "{{ mysql_chexpire_db }}"
+    state: present
+
+- name: Is there a .my.cnf file
+  stat:
+    path: /home/vagrant/.my.cnf
+  register: my_cnf_file
+
+- name: create a password for mysql
+  command: "apg -n 1 -m 16 -M lcN"
+  register: _result
+  changed_when: False
+  check_mode: no
+  when: not my_cnf_file.stat.exists
+
+- name: Chexpire .my.cnf file is present
+  ini_file:
+    dest: /home/vagrant/.my.cnf
+    mode: "0600"
+    owner: vagrant
+    group: vagrant
+    section: client
+    option: '{{ item.option }}'
+    value: '{{ item.value }}'
+    create: yes
+  with_items:
+    - { option: 'user',     value: '{{ mysql_chexpire_username }}' }
+    - { option: 'password', value: '{{ _result.stdout }}' }
+  when: not my_cnf_file.stat.exists
+
+- name: read .my.cnf file for password
+  shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs
+  changed_when: False
+  register: _result
+
+- set_fact:
+    mysql_chexpire_password: "{{ _result.stdout }}"
+
+- name: MySQL user is present
+  mysql_user:
+    name: "{{ mysql_chexpire_username }}"
+    password: "{{ mysql_chexpire_password }}"
+    priv: '{{ mysql_chexpire_db }}.*:ALL'
+    host: localhost
+    state: present
+  register: mysql_chexpire_user
--- a/roles/chexpire-user-init/defaults/main.yml
+++ b/roles/chexpire-user-init/defaults/main.yml
@ -1,5 +1 @@
 ---
-
-chexpire_app_directory: "www"
-chexpire_config__mailer_default_from: "from@example.org"
-chexpire_config__host: "chexpire.local"
--- a/roles/chexpire-user-init/tasks/main.yml
+++ b/roles/chexpire-user-init/tasks/main.yml
@ -1,22 +1,48 @@
 ---


-# - name: Repository is checked-out
-#   git:
-#     repo: 'https://github.com/Evolix/chexpire.git'
-#     dest: "{{ chexpire_app_directory }}"
-#
-# - name: Bundle dependencies are installed
-#   bundler:
-#     executable: ~/.rbenv/shims/bundle
-#     chdir: "{{ chexpire_app_directory }}"
-#     state: present
-#     deployment_mode: yes
-#
-# - name: Yarn dependencies are installed
-#   command: "yarn install --check-files"
-#   args:
-#     chdir: "{{ chexpire_app_directory }}"
+- name: Repository is checked-out
+  git:
+    repo: 'https://github.com/Evolix/chexpire.git'
+    dest: "{{ chexpire_app_directory }}"
+    update: no
+
+- name: Bundle dependencies are installed
+  bundler:
+    executable: ~/.rbenv/shims/bundle
+    chdir: "{{ chexpire_app_directory }}"
+    state: present
+    deployment_mode: yes
+
+- name: Yarn dependencies are installed
+  command: "yarn install --check-files"
+  args:
+    chdir: "{{ chexpire_app_directory }}"
+
+- name: read .my.cnf file for password
+  shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs
+  changed_when: False
+  register: _result
+
+- set_fact:
+    mysql_chexpire_password: "{{ _result.stdout }}"
+
+- name: .rbenv-vars file is initialized
+  lineinfile:
+    dest: "{{ chexpire_app_directory }}/.rbenv-vars"
+    line: "{{ item.key }}={{ item.value }}"
+    regexp: "^{{ item.key }}="
+    create: True
+  with_items:
+    - { key: "WEB_CONCURRENCY", value: "1" }
+    - { key: "DATABASE_URL", value: "mysql2://{{ mysql_chexpire_username }}:{{ mysql_chexpire_password }}@127.0.0.1/{{ mysql_chexpire_db }}" }
+    - { key: "PORT", value: "{{ puma_port }}" }
+
+- name: .ruby-version file is initialized
+  copy:
+    dest: "{{ chexpire_app_directory }}/.ruby-version"
+    content: "{{ ruby_version }}"
+    force: yes

 - name: Chexpire config file is present
  template:
@ -24,20 +50,50 @@
    src: chexpire.yml.j2
    force: no

- name: Database config file is copied
-  command: "cp {{ chexpire_app_directory }}/config/database.example.yml {{ chexpire_app_directory }}/config/database.yml"
-  args:
-    creates: "{{ chexpire_app_directory }}/config/database.yml"
+- name: Database config file is present
+  template:
+    dest: "{{ chexpire_app_directory }}/config/database.yml"
+    src: database.yml.j2
+    force: yes

 - name: Secret key base is generated
-  command: ~/.rbenv/shims/bundle exec rails secret
-  register: secret_key_base
+  command: "~/.rbenv/shims/bundle exec rails secret"
  args:
    chdir: "{{ chexpire_app_directory }}"
-    creates: "{{ chexpire_app_directory }}/config/secrets.yml"
+    creates: "config/secrets.yml"
+  register: secret_key_base

 - name: Secret key is in the secrets file
  template:
    dest: "{{ chexpire_app_directory }}/config/secrets.yml"
    src: secrets.yml.j2
    force: no
+
+# - name: Check migrations status
+#   command: "~/.rbenv/shims/bundle exec rails db:migrate:status"
+#   failed_when: False
+#   changed_when: False
+#   args:
+#     chdir: "{{ chexpire_app_directory }}"
+#   register: db_migrate_status
+
+- name: Migration are applied
+  command: "~/.rbenv/shims/bundle exec rails db:migrate"
+  args:
+    chdir: "{{ chexpire_app_directory }}"
+  register: db_migrate
+  # when: db_migrate_status.rc != 0
+
+- debug:
+    var: db_migrate
+    verbosity: 3
+#
+# - name: DB is prepared
+#   command: "~/.rbenv/shims/bundle exec rails db:prepare"
+#   args:
+#     chdir: "{{ chexpire_app_directory }}"
+#   register: db_prepare
+#
+# - debug:
+#     var: db_prepare
+#     verbosity: 3
--- a/roles/chexpire-user-init/templates/database.yml.j2
+++ b/roles/chexpire-user-init/templates/database.yml.j2
@ -0,0 +1,4 @@
+production:
+  url: <%= ENV.fetch('DATABASE_URL') %>
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  encoding: utf8
--- a/roles/puma-systemd/handlers/main.yml
+++ b/roles/puma-systemd/handlers/main.yml
@ -0,0 +1,5 @@
+---
+
+- name: systemctl daemon-reload
+  systemd:
+    daemon_reload: True
--- a/roles/puma-systemd/tasks/main.yml
+++ b/roles/puma-systemd/tasks/main.yml
@ -0,0 +1,23 @@
+---
+
+- name: Puma systemd unit is present
+  template:
+    src: puma-chexpire.service.j2
+    dest: /etc/systemd/system/puma-chexpire.service
+  notify: systemctl daemon-reload
+
+- name: Puma systemd unit is enabled
+  systemd:
+    name: puma-chexpire
+    enabled: True
+
+- name: log directory is present
+  file:
+    dest: "/home/vagrant/www/tmp/{{ item }}"
+    mode: "0750"
+    owner: vagrant
+    group: vagrant
+    state: directory
+  with_items:
+    - sockets
+    - pids
--- a/roles/puma-systemd/templates/puma-chexpire.service.j2
+++ b/roles/puma-systemd/templates/puma-chexpire.service.j2
@ -0,0 +1,21 @@
+[Unit]
+Description=Puma Server for Chexpire
+After=network.target
+
+[Service]
+Type=forking
+User=vagrant
+EnvironmentFile=/home/vagrant/{{ chexpire_app_directory }}/.rbenv-vars
+Environment=RAILS_ENV=production
+WorkingDirectory=/home/vagrant/{{ chexpire_app_directory }}/
+PIDFile=/home/vagrant/{{ chexpire_app_directory }}/tmp/pids/puma.pid
+
+ExecStart=/home/vagrant/.rbenv/bin/rbenv exec bundle exec puma -C /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb --daemon
+ExecStop=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb stop
+ExecReload=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb phased-restart
+
+Restart=no
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
--- a/vars/main.yml
+++ b/vars/main.yml
@ -9,3 +9,14 @@ evolinux_fail2ban_include: False
 mysql_custom_datadir: '/home/mysql'
 mysql_custom_tmpdir: '/home/tmpmysql'
 mysql_custom_logdir: '/home/mysql-logs'
+
+mysql_chexpire_username: chexpire_production
+mysql_chexpire_db: chexpire_production
+
+ruby_version: "2.6.4"
+
+chexpire_app_directory: "www"
+chexpire_config__mailer_default_from: "from@example.org"
+chexpire_config__host: "chexpire.local"
+
+puma_port: 3000