diff --git a/Vagrantfile b/Vagrantfile index 25ce717..e79a7dd 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -25,7 +25,7 @@ Vagrant.configure("2") do |config| # within the machine from a port on the host machine. In the example below, # accessing "localhost:8080" will access port 80 on the guest machine. # NOTE: This will enable public access to the opened port - # config.vm.network "forwarded_port", guest: 80, host: 8080 + config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine and only allow access diff --git a/config.yml b/config.yml index db13927..6fa9a15 100644 --- a/config.yml +++ b/config.yml @@ -8,10 +8,11 @@ - vars/main.yml roles: - # - { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "2.6.4" } - # - { role: nodejs, nodejs_install_yarn: yes } - # - apache-vhost + - { role: rbenv, username: "{{ ansible_user }}", rbenv_ruby_version: "{{ ruby_version }}" } + - { role: nodejs, nodejs_install_yarn: yes } - chexpire-admin-init + - apache-vhost + - puma-systemd post_tasks: - include_role: @@ -29,3 +30,10 @@ roles: - { role: chexpire-user-init, username: "{{ ansible_user }}" } + + tasks: + - name: Puma systemd unit is started + systemd: + name: puma-chexpire + state: started + become: yes diff --git a/evolinux.yml b/evolinux.yml index 373f42b..a6c8271 100644 --- a/evolinux.yml +++ b/evolinux.yml @@ -1,3 +1,4 @@ +# /vagrant-ansible-playbook evolinux.yml --- - hosts: all @@ -8,7 +9,7 @@ - vars/main.yml roles: - # - evolinux-base + - evolinux-base - apache - mysql diff --git a/roles/apache-vhost/handlers/main.yml b/roles/apache-vhost/handlers/main.yml new file mode 100644 index 0000000..aecab04 --- /dev/null +++ b/roles/apache-vhost/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: reload apache2 + systemd: + name: apache2 + state: reloaded diff --git a/roles/apache-vhost/tasks/main.yml b/roles/apache-vhost/tasks/main.yml index ed97d53..91461c2 100644 --- a/roles/apache-vhost/tasks/main.yml +++ b/roles/apache-vhost/tasks/main.yml @@ -1 +1,34 @@ --- + +- name: log directory is present + file: + dest: /home/vagrant/log + mode: "0750" + owner: vagrant + group: vagrant + state: directory + +- name: Chexpire VHost is present + template: + src: chexpire.conf.j2 + dest: /etc/apache2/sites-available/chexpire.conf + force: yes + notify: reload apache2 + +- name: Chexpire VHost is enabled + command: a2ensite chexpire + args: + creates: /etc/apache2/sites-enabled/chexpire.conf + notify: reload apache2 + +- name: Default VHost is disabled + command: a2dissite 000-default + args: + removes: /etc/apache2/sites-enabled/000-default.conf + notify: reload apache2 + +- name: Proxy modules are enabled + command: a2enmod proxy_http + args: + creates: /etc/apache2/mods-enabled/proxy_http.load + notify: reload apache2 diff --git a/roles/apache-vhost/files/chexpire.conf b/roles/apache-vhost/templates/chexpire.conf.j2 similarity index 82% rename from roles/apache-vhost/files/chexpire.conf rename to roles/apache-vhost/templates/chexpire.conf.j2 index bbebaaf..bc6d000 100644 --- a/roles/apache-vhost/files/chexpire.conf +++ b/roles/apache-vhost/templates/chexpire.conf.j2 @@ -1,16 +1,16 @@ # FQDN principal - # ServerName chexpire.evolix.org + ServerName chexpire.evolix.org #ServerAlias chexpire.evolix.org # Repertoire principal - DocumentRoot /home/vagrant/www/current/public + DocumentRoot /home/vagrant/www/public # Include /etc/apache2/ssl/chexpire.conf # Propriete du repertoire - + #Options +Indexes +SymLinksIfOwnerMatch Options +SymLinksIfOwnerMatch AllowOverride AuthConfig Limit FileInfo @@ -32,8 +32,8 @@ ProxyPreserveHost On - ProxyPass / http://127.0.0.1:3000/ - ProxyPassReverse / http://127.0.0.1:3000/ + ProxyPass / http://127.0.0.1:{{ puma_port }}/ + ProxyPassReverse / http://127.0.0.1:{{ puma_port }}/ RequestHeader set X-Forwarded-Proto https @@ -63,8 +63,8 @@ # RewriteCond %{HTTP_HOST} !^chexpire.evolix.org$ # RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R] - # no PHP - php_admin_flag engine off - AddType text/html .html + # # no PHP + # php_admin_flag engine off + # AddType text/html .html diff --git a/roles/chexpire-admin-init/tasks/main.yml b/roles/chexpire-admin-init/tasks/main.yml index 85d1e12..ae19d86 100644 --- a/roles/chexpire-admin-init/tasks/main.yml +++ b/roles/chexpire-admin-init/tasks/main.yml @@ -6,3 +6,52 @@ with_items: - libsodium-dev - default-libmysqlclient-dev + +- name: MySQL database is present + mysql_db: + name: "{{ mysql_chexpire_db }}" + state: present + +- name: Is there a .my.cnf file + stat: + path: /home/vagrant/.my.cnf + register: my_cnf_file + +- name: create a password for mysql + command: "apg -n 1 -m 16 -M lcN" + register: _result + changed_when: False + check_mode: no + when: not my_cnf_file.stat.exists + +- name: Chexpire .my.cnf file is present + ini_file: + dest: /home/vagrant/.my.cnf + mode: "0600" + owner: vagrant + group: vagrant + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + create: yes + with_items: + - { option: 'user', value: '{{ mysql_chexpire_username }}' } + - { option: 'password', value: '{{ _result.stdout }}' } + when: not my_cnf_file.stat.exists + +- name: read .my.cnf file for password + shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs + changed_when: False + register: _result + +- set_fact: + mysql_chexpire_password: "{{ _result.stdout }}" + +- name: MySQL user is present + mysql_user: + name: "{{ mysql_chexpire_username }}" + password: "{{ mysql_chexpire_password }}" + priv: '{{ mysql_chexpire_db }}.*:ALL' + host: localhost + state: present + register: mysql_chexpire_user diff --git a/roles/chexpire-user-init/defaults/main.yml b/roles/chexpire-user-init/defaults/main.yml index 30f07eb..ed97d53 100644 --- a/roles/chexpire-user-init/defaults/main.yml +++ b/roles/chexpire-user-init/defaults/main.yml @@ -1,5 +1 @@ --- - -chexpire_app_directory: "www" -chexpire_config__mailer_default_from: "from@example.org" -chexpire_config__host: "chexpire.local" diff --git a/roles/chexpire-user-init/tasks/main.yml b/roles/chexpire-user-init/tasks/main.yml index ebef4db..cf107c5 100644 --- a/roles/chexpire-user-init/tasks/main.yml +++ b/roles/chexpire-user-init/tasks/main.yml @@ -1,22 +1,48 @@ --- -# - name: Repository is checked-out -# git: -# repo: 'https://github.com/Evolix/chexpire.git' -# dest: "{{ chexpire_app_directory }}" -# -# - name: Bundle dependencies are installed -# bundler: -# executable: ~/.rbenv/shims/bundle -# chdir: "{{ chexpire_app_directory }}" -# state: present -# deployment_mode: yes -# -# - name: Yarn dependencies are installed -# command: "yarn install --check-files" -# args: -# chdir: "{{ chexpire_app_directory }}" +- name: Repository is checked-out + git: + repo: 'https://github.com/Evolix/chexpire.git' + dest: "{{ chexpire_app_directory }}" + update: no + +- name: Bundle dependencies are installed + bundler: + executable: ~/.rbenv/shims/bundle + chdir: "{{ chexpire_app_directory }}" + state: present + deployment_mode: yes + +- name: Yarn dependencies are installed + command: "yarn install --check-files" + args: + chdir: "{{ chexpire_app_directory }}" + +- name: read .my.cnf file for password + shell: cat /home/vagrant/.my.cnf | grep password | cut -d '=' -f2 | xargs + changed_when: False + register: _result + +- set_fact: + mysql_chexpire_password: "{{ _result.stdout }}" + +- name: .rbenv-vars file is initialized + lineinfile: + dest: "{{ chexpire_app_directory }}/.rbenv-vars" + line: "{{ item.key }}={{ item.value }}" + regexp: "^{{ item.key }}=" + create: True + with_items: + - { key: "WEB_CONCURRENCY", value: "1" } + - { key: "DATABASE_URL", value: "mysql2://{{ mysql_chexpire_username }}:{{ mysql_chexpire_password }}@127.0.0.1/{{ mysql_chexpire_db }}" } + - { key: "PORT", value: "{{ puma_port }}" } + +- name: .ruby-version file is initialized + copy: + dest: "{{ chexpire_app_directory }}/.ruby-version" + content: "{{ ruby_version }}" + force: yes - name: Chexpire config file is present template: @@ -24,20 +50,50 @@ src: chexpire.yml.j2 force: no -- name: Database config file is copied - command: "cp {{ chexpire_app_directory }}/config/database.example.yml {{ chexpire_app_directory }}/config/database.yml" - args: - creates: "{{ chexpire_app_directory }}/config/database.yml" +- name: Database config file is present + template: + dest: "{{ chexpire_app_directory }}/config/database.yml" + src: database.yml.j2 + force: yes - name: Secret key base is generated - command: ~/.rbenv/shims/bundle exec rails secret - register: secret_key_base + command: "~/.rbenv/shims/bundle exec rails secret" args: chdir: "{{ chexpire_app_directory }}" - creates: "{{ chexpire_app_directory }}/config/secrets.yml" + creates: "config/secrets.yml" + register: secret_key_base - name: Secret key is in the secrets file template: dest: "{{ chexpire_app_directory }}/config/secrets.yml" src: secrets.yml.j2 force: no + +# - name: Check migrations status +# command: "~/.rbenv/shims/bundle exec rails db:migrate:status" +# failed_when: False +# changed_when: False +# args: +# chdir: "{{ chexpire_app_directory }}" +# register: db_migrate_status + +- name: Migration are applied + command: "~/.rbenv/shims/bundle exec rails db:migrate" + args: + chdir: "{{ chexpire_app_directory }}" + register: db_migrate + # when: db_migrate_status.rc != 0 + +- debug: + var: db_migrate + verbosity: 3 +# +# - name: DB is prepared +# command: "~/.rbenv/shims/bundle exec rails db:prepare" +# args: +# chdir: "{{ chexpire_app_directory }}" +# register: db_prepare +# +# - debug: +# var: db_prepare +# verbosity: 3 diff --git a/roles/chexpire-user-init/templates/database.yml.j2 b/roles/chexpire-user-init/templates/database.yml.j2 new file mode 100644 index 0000000..88e2df8 --- /dev/null +++ b/roles/chexpire-user-init/templates/database.yml.j2 @@ -0,0 +1,4 @@ +production: + url: <%= ENV.fetch('DATABASE_URL') %> + pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> + encoding: utf8 diff --git a/roles/puma-systemd/handlers/main.yml b/roles/puma-systemd/handlers/main.yml new file mode 100644 index 0000000..dbf1c23 --- /dev/null +++ b/roles/puma-systemd/handlers/main.yml @@ -0,0 +1,5 @@ +--- + +- name: systemctl daemon-reload + systemd: + daemon_reload: True diff --git a/roles/puma-systemd/tasks/main.yml b/roles/puma-systemd/tasks/main.yml new file mode 100644 index 0000000..5c47f82 --- /dev/null +++ b/roles/puma-systemd/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- name: Puma systemd unit is present + template: + src: puma-chexpire.service.j2 + dest: /etc/systemd/system/puma-chexpire.service + notify: systemctl daemon-reload + +- name: Puma systemd unit is enabled + systemd: + name: puma-chexpire + enabled: True + +- name: log directory is present + file: + dest: "/home/vagrant/www/tmp/{{ item }}" + mode: "0750" + owner: vagrant + group: vagrant + state: directory + with_items: + - sockets + - pids diff --git a/roles/puma-systemd/templates/puma-chexpire.service.j2 b/roles/puma-systemd/templates/puma-chexpire.service.j2 new file mode 100644 index 0000000..cc1eb88 --- /dev/null +++ b/roles/puma-systemd/templates/puma-chexpire.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Puma Server for Chexpire +After=network.target + +[Service] +Type=forking +User=vagrant +EnvironmentFile=/home/vagrant/{{ chexpire_app_directory }}/.rbenv-vars +Environment=RAILS_ENV=production +WorkingDirectory=/home/vagrant/{{ chexpire_app_directory }}/ +PIDFile=/home/vagrant/{{ chexpire_app_directory }}/tmp/pids/puma.pid + +ExecStart=/home/vagrant/.rbenv/bin/rbenv exec bundle exec puma -C /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb --daemon +ExecStop=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb stop +ExecReload=/home/vagrant/.rbenv/bin/rbenv exec bundle exec pumactl -F /home/vagrant/{{ chexpire_app_directory }}/config/puma.rb phased-restart + +Restart=no +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/vars/main.yml b/vars/main.yml index df6dfb6..89b3eab 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -9,3 +9,14 @@ evolinux_fail2ban_include: False mysql_custom_datadir: '/home/mysql' mysql_custom_tmpdir: '/home/tmpmysql' mysql_custom_logdir: '/home/mysql-logs' + +mysql_chexpire_username: chexpire_production +mysql_chexpire_db: chexpire_production + +ruby_version: "2.6.4" + +chexpire_app_directory: "www" +chexpire_config__mailer_default_from: "from@example.org" +chexpire_config__host: "chexpire.local" + +puma_port: 3000