Browse Source

amélioration de l'install de CHexpire

master
Jérémy Lecour 2 years ago
parent
commit
6018d9b0b1
  1. 2
      Vagrantfile
  2. 14
      config.yml
  3. 3
      evolinux.yml
  4. 6
      roles/apache-vhost/handlers/main.yml
  5. 33
      roles/apache-vhost/tasks/main.yml
  6. 16
      roles/apache-vhost/templates/chexpire.conf.j2
  7. 49
      roles/chexpire-admin-init/tasks/main.yml
  8. 4
      roles/chexpire-user-init/defaults/main.yml
  9. 102
      roles/chexpire-user-init/tasks/main.yml
  10. 4
      roles/chexpire-user-init/templates/database.yml.j2
  11. 5
      roles/puma-systemd/handlers/main.yml
  12. 23
      roles/puma-systemd/tasks/main.yml
  13. 21
      roles/puma-systemd/templates/puma-chexpire.service.j2
  14. 11
      vars/main.yml

2
Vagrantfile

@ -25,7 +25,7 @@ Vagrant.configure("2") do |config|
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access

14
config.yml

@ -8,10 +8,11 @@
- vars/main.yml
roles:
# - { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "2.6.4" }
# - { role: nodejs, nodejs_install_yarn: yes }
# - apache-vhost
- { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "{{ ruby_version }}" }
- { role: nodejs, nodejs_install_yarn: yes }
- chexpire-admin-init
- apache-vhost
- puma-systemd
post_tasks:
- include_role:
@ -29,3 +30,10 @@
roles:
- { role: chexpire-user-init, username: "{{ ansible_user }}" }
tasks:
- name: Puma systemd unit is started
systemd:
name: puma-chexpire
state: started
become: yes

3
evolinux.yml

@ -1,3 +1,4 @@
# /vagrant-ansible-playbook evolinux.yml
---
- hosts: all
@ -8,7 +9,7 @@
- vars/main.yml
roles:
# - evolinux-base
- evolinux-base
- apache
- mysql

6
roles/apache-vhost/handlers/main.yml

@ -0,0 +1,6 @@
---
- name: reload apache2
systemd:
name: apache2
state: reloaded

33
roles/apache-vhost/tasks/main.yml

@ -1 +1,34 @@
---
- name: log directory is present
file:
dest: /home/vagrant/log
mode: "0750"
owner: vagrant
group: vagrant
state: directory
- name: Chexpire VHost is present
template:
src: chexpire.conf.j2
dest: /etc/apache2/sites-available/chexpire.conf
force: yes
notify: reload apache2
- name: Chexpire VHost is enabled
command: a2ensite chexpire
args:
creates: /etc/apache2/sites-enabled/chexpire.conf
notify: reload apache2
- name: Default VHost is disabled
command: a2dissite 000-default
args:
removes: /etc/apache2/sites-enabled/000-default.conf
notify: reload apache2
- name: Proxy modules are enabled
command: a2enmod proxy_http
args:
creates: /etc/apache2/mods-enabled/proxy_http.load
notify: reload apache2

16
roles/apache-vhost/files/chexpire.conf → roles/apache-vhost/templates/chexpire.conf.j2

@ -1,16 +1,16 @@
<VirtualHost *:80 *:443>
# FQDN principal
# ServerName chexpire.evolix.org
ServerName chexpire.evolix.org
#ServerAlias chexpire.evolix.org
# Repertoire principal
DocumentRoot /home/vagrant/www/current/public
DocumentRoot /home/vagrant/www/public
# Include /etc/apache2/ssl/chexpire.conf
# Propriete du repertoire
<Directory /home/vagrant/www/current/public/>
<Directory /home/vagrant/www/public/>
#Options +Indexes +SymLinksIfOwnerMatch
Options +SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo
@ -32,8 +32,8 @@
</Location>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPass / http://127.0.0.1:{{ puma_port }}/
ProxyPassReverse / http://127.0.0.1:{{ puma_port }}/
RequestHeader set X-Forwarded-Proto https
@ -63,8 +63,8 @@
# RewriteCond %{HTTP_HOST} !^chexpire.evolix.org$
# RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R]
# no PHP
php_admin_flag engine off
AddType text/html .html
# # no PHP
# php_admin_flag engine off
# AddType text/html .html
</VirtualHost>

49
roles/chexpire-admin-init/tasks/main.yml

@ -6,3 +6,52 @@
with_items:
- libsodium-dev
- default-libmysqlclient-dev
- name: MySQL database is present
mysql_db:
name: "{{ mysql_chexpire_db }}"
state: present
- name: Is there a .my.cnf file
stat:
path: /home/vagrant/.my.cnf
register: my_cnf_file
- name: create a password for mysql
command: "apg -n 1 -m 16 -M lcN"
register: _result
changed_when: False
check_mode: no
when: not my_cnf_file.stat.exists
- name: Chexpire .my.cnf file is present
ini_file:
dest: /home/vagrant/.my.cnf
mode: "0600"
owner: vagrant
group: vagrant
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
- { option: 'user', value: '{{ mysql_chexpire_username }}' }
- { option: 'password', value: '{{ _result.stdout }}' }
when: not my_cnf_file.stat.exists
- name: read .my.cnf file for password
shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs
changed_when: False
register: _result
- set_fact:
mysql_chexpire_password: "{{ _result.stdout }}"
- name: MySQL user is present
mysql_user:
name: "{{ mysql_chexpire_username }}"
password: "{{ mysql_chexpire_password }}"
priv: '{{ mysql_chexpire_db }}.*:ALL'
host: localhost
state: present
register: mysql_chexpire_user

4
roles/chexpire-user-init/defaults/main.yml

@ -1,5 +1 @@
---
chexpire_app_directory: "www"
chexpire_config__mailer_default_from: "from@example.org"
chexpire_config__host: "chexpire.local"

102
roles/chexpire-user-init/tasks/main.yml

@ -1,22 +1,48 @@
---
# - name: Repository is checked-out
# git:
# repo: 'https://github.com/Evolix/chexpire.git'
# dest: "{{ chexpire_app_directory }}"
#
# - name: Bundle dependencies are installed
# bundler:
# executable: ~/.rbenv/shims/bundle
# chdir: "{{ chexpire_app_directory }}"
# state: present
# deployment_mode: yes
#
# - name: Yarn dependencies are installed
# command: "yarn install --check-files"
# args:
# chdir: "{{ chexpire_app_directory }}"
- name: Repository is checked-out
git:
repo: 'https://github.com/Evolix/chexpire.git'
dest: "{{ chexpire_app_directory }}"
update: no
- name: Bundle dependencies are installed
bundler:
executable: ~/.rbenv/shims/bundle
chdir: "{{ chexpire_app_directory }}"
state: present
deployment_mode: yes
- name: Yarn dependencies are installed
command: "yarn install --check-files"
args:
chdir: "{{ chexpire_app_directory }}"
- name: read .my.cnf file for password
shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs
changed_when: False
register: _result
- set_fact:
mysql_chexpire_password: "{{ _result.stdout }}"
- name: .rbenv-vars file is initialized
lineinfile:
dest: "{{ chexpire_app_directory }}/.rbenv-vars"
line: "{{ item.key }}={{ item.value }}"
regexp: "^{{ item.key }}="
create: True
with_items:
- { key: "WEB_CONCURRENCY", value: "1" }
- { key: "DATABASE_URL", value: "mysql2://{{ mysql_chexpire_username }}:{{ mysql_chexpire_password }}@127.0.0.1/{{ mysql_chexpire_db }}" }
- { key: "PORT", value: "{{ puma_port }}" }
- name: .ruby-version file is initialized
copy:
dest: "{{ chexpire_app_directory }}/.ruby-version"
content: "{{ ruby_version }}"
force: yes
- name: Chexpire config file is present
template:
@ -24,20 +50,50 @@
src: chexpire.yml.j2
force: no
- name: Database config file is copied
command: "cp {{ chexpire_app_directory }}/config/database.example.yml {{ chexpire_app_directory }}/config/database.yml"
args:
creates: "{{ chexpire_app_directory }}/config/database.yml"
- name: Database config file is present
template:
dest: "{{ chexpire_app_directory }}/config/database.yml"
src: database.yml.j2
force: yes
- name: Secret key base is generated
command: ~/.rbenv/shims/bundle exec rails secret
register: secret_key_base
command: "~/.rbenv/shims/bundle exec rails secret"
args:
chdir: "{{ chexpire_app_directory }}"
creates: "{{ chexpire_app_directory }}/config/secrets.yml"
creates: "config/secrets.yml"
register: secret_key_base
- name: Secret key is in the secrets file
template:
dest: "{{ chexpire_app_directory }}/config/secrets.yml"
src: secrets.yml.j2
force: no
# - name: Check migrations status
# command: "~/.rbenv/shims/bundle exec rails db:migrate:status"
# failed_when: False
# changed_when: False
# args:
# chdir: "{{ chexpire_app_directory }}"
# register: db_migrate_status
- name: Migration are applied
command: "~/.rbenv/shims/bundle exec rails db:migrate"
args:
chdir: "{{ chexpire_app_directory }}"
register: db_migrate
# when: db_migrate_status.rc != 0
- debug:
var: db_migrate
verbosity: 3
#
# - name: DB is prepared
# command: "~/.rbenv/shims/bundle exec rails db:prepare"
# args:
# chdir: "{{ chexpire_app_directory }}"
# register: db_prepare
#
# - debug:
# var: db_prepare
# verbosity: 3

4
roles/chexpire-user-init/templates/database.yml.j2

@ -0,0 +1,4 @@
production:
url: <%= ENV.fetch('DATABASE_URL') %>
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
encoding: utf8

5
roles/puma-systemd/handlers/main.yml

@ -0,0 +1,5 @@
---
- name: systemctl daemon-reload
systemd:
daemon_reload: True

23
roles/puma-systemd/tasks/main.yml

@ -0,0 +1,23 @@
---
- name: Puma systemd unit is present
template:
src: puma-chexpire.service.j2
dest: /etc/systemd/system/puma-chexpire.service
notify: systemctl daemon-reload
- name: Puma systemd unit is enabled
systemd:
name: puma-chexpire
enabled: True
- name: log directory is present
file:
dest: "/home/vagrant/www/tmp/{{ item }}"
mode: "0750"
owner: vagrant
group: vagrant
state: directory
with_items:
- sockets
- pids

21
roles/puma-systemd/templates/puma-chexpire.service.j2

@ -0,0 +1,21 @@
[Unit]
Description=Puma Server for Chexpire
After=network.target
[Service]
Type=forking
User=vagrant
EnvironmentFile=/home/vagrant/{{ chexpire_app_directory }}/.rbenv-vars
Environment=RAILS_ENV=production
WorkingDirectory=/home/vagrant/{{ chexpire_app_directory }}/
PIDFile=/home/vagrant/{{ chexpire_app_directory }}/tmp/pids/puma.pid
ExecStart=/home/vagrant/.rbenv/bin/rbenv exec bundle exec puma -C /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb --daemon
ExecStop=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb stop
ExecReload=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb phased-restart
Restart=no
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

11
vars/main.yml

@ -9,3 +9,14 @@ evolinux_fail2ban_include: False
mysql_custom_datadir: '/home/mysql'
mysql_custom_tmpdir: '/home/tmpmysql'
mysql_custom_logdir: '/home/mysql-logs'
mysql_chexpire_username: chexpire_production
mysql_chexpire_db: chexpire_production
ruby_version: "2.6.4"
chexpire_app_directory: "www"
chexpire_config__mailer_default_from: "from@example.org"
chexpire_config__host: "chexpire.local"
puma_port: 3000
Loading…
Cancel
Save