main.yml 9.62 KB
Newer Older
1
---
2
3
- name: install required packages
  pacman: name=git,python2-setuptools,python2-psycopg2,python2-virtualenv,uwsgi-plugin-python2,gcc state=present
4

Florian Pritz's avatar
Florian Pritz committed
5
- name: make archweb user
6
  user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no
7
8

- name: fix home permissions
9
10
  file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}"

11
12
13
14
- name: set archweb groups
  user: name=archweb groups=uwsgi
  when: archweb_site

15
16
- name: set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/archweb.conf owner=root group=root mode=644
17
  notify: reload nginx
18
  when: archweb_site
19
20

- name: make nginx log dir
21
  file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
22
  when: archweb_site
23

24
25
26
27
- name: make rsync iso dir
  file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb
  when: archweb_site

28
- name: clone archweb repo
29
  git: >
30
    repo={{ archweb_repository }}
31
32
    dest="{{ archweb_dir }}"
    version={{ archweb_version }}
33
34
  become: true
  become_user: archweb
35
  register: release
36
37

- name: make virtualenv
38
  command: virtualenv2 "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
39
40
41
42
  become: true
  become_user: archweb

- name: install stuff into virtualenv
43
  pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
44
45
  become: true
  become_user: archweb
46
  register: virtualenv
47

48
49
- name: create media dir
  file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}/media"
50
  when: archweb_site
51

52
- name: fix home permissions
53
  file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}"
54

55
56
- name: configure archweb
  template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660
57
  register: config
58
59
  no_log: true

60
61
62
- name: create archweb db users
  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" encrypted=yes
  no_log: true
63
  when: archweb_site or archweb_services
64
65
66
67
68
69
70
71
  with_items:
    - { user: "{{ archweb_db_site_user }}", password: "{{ archweb_db_site_password }}" }
    - { user: "{{ archweb_db_services_user }}", password: "{{ archweb_db_services_password }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", password: "{{ archweb_db_dbscripts_password }}" }
    - { user: "{{ archweb_db_backup_user }}", password: "{{ archweb_db_backup_password }}" }

- name: create archweb db
  postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
72
  when: archweb_site or archweb_services
73
74
75
76
77
78
  register: db_created

- name: django syncdb
  django_manage: app_path="{{ archweb_dir }}" command=syncdb virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
79
  when: (archweb_site or archweb_services) and db_created.changed
80
81
82
83
84

- name: django migrate
  django_manage: app_path="{{ archweb_dir }}" command=migrate virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
85
  when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
86

87
88
89
- name: db privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
                    privs=CONNECT roles="{{ item }}" type=database
90
  when: archweb_site or archweb_services
91
92
93
94
95
96
97
98
  with_items:
    - "{{ archweb_db_services_user }}"
    - "{{ archweb_db_dbscripts_user }}"
    - "{{ archweb_db_backup_user }}"

- name: table privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
99
  when: archweb_site or archweb_services
100
101
102
103
104
105
106
107
  with_items:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }

- name: sequence privileges for archweb users
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
108
  when: archweb_site or archweb_services
109
110
111
112
  with_items:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }

113
114
115
116
- name: django collectstatic
  django_manage: app_path="{{ archweb_dir }}" command=collectstatic virtualenv="{{ archweb_dir }}/env"
  become: true
  become_user: archweb
117
  when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
118

119
120
121
122
- name: install reporead service
  template: src="archweb-reporead.service.j2" dest="/etc/systemd/system/archweb-reporead.service" owner=root group=root mode=0644
  notify:
    - daemon reload
123
  when: archweb_services or archweb_reporead
124

125
- name: install mirrorcheck service
126
127
128
  template: src="archweb-mirrorcheck.service.j2" dest="/etc/systemd/system/archweb-mirrorcheck.service" owner=root group=root mode=0644
  notify:
    - daemon reload
129
  when: archweb_services or archweb_mirrorcheck
130
131
132

- name: install mirrorcheck timer
  template: src="archweb-mirrorcheck.timer.j2" dest="/etc/systemd/system/archweb-mirrorcheck.timer" owner=root group=root mode=0644
133
134
  notify:
    - daemon reload
135
  when: archweb_services or archweb_mirrorcheck
136

137
138
139
140
141
142
143
144
145
146
147
148
- name: install mirrorresolv service
  template: src="archweb-mirrorresolv.service.j2" dest="/etc/systemd/system/archweb-mirrorresolv.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorresolv

- name: install mirrorresolv timer
  template: src="archweb-mirrorresolv.timer.j2" dest="/etc/systemd/system/archweb-mirrorresolv.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_mirrorresolv

149
150
151
152
153
154
155
156
157
158
159
160
- name: install populate_signoffs service
  template: src="archweb-populate_signoffs.service.j2" dest="/etc/systemd/system/archweb-populate_signoffs.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_populate_signoffs

- name: install populate_signoffs timer
  template: src="archweb-populate_signoffs.timer.j2" dest="/etc/systemd/system/archweb-populate_signoffs.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_populate_signoffs

161
162
163
164
165
166
167
168
169
170
171
172
173
174
- name: install pgp_import service
  template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_services or archweb_pgp_import

- name: create pacman.d hooks dir
  file: state=directory owner=root group=root path="/etc/pacman.d/hooks"
  when: archweb_services or archweb_pgp_import

- name: install pgp_import hook
  template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
  when: archweb_services or archweb_pgp_import

175
176
- name: install archweb memcached service
  template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
177
178
  notify:
    - daemon reload
179
  when: archweb_site
180

181
182
183
184
185
186
187
188
189
190
191
192
- name: install archweb rsync iso service
  template: src="archweb-rsync_iso.service.j2" dest="/etc/systemd/system/archweb-rsync_iso.service" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site

- name: install archweb rsync iso timer
  template: src="archweb-rsync_iso.timer.j2" dest="/etc/systemd/system/archweb-rsync_iso.timer" owner=root group=root mode=0644
  notify:
    - daemon reload
  when: archweb_site

193
194
- name: deploy archweb
  template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0644
195
  when: archweb_site
196

197
198
199
200
- name: deploy new release
  become: true
  become_user: archweb
  file: path=/etc/uwsgi/vassals/archweb.ini state=touch
201
202
  when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
  notify: restart archweb memcached
203

204
205
- name: start and enable archweb memcached service
  service: name="archweb-memcached.service" enabled=yes state=started
206
  when: archweb_site
207

208
209
210
211
- name: start and enable archweb rsync iso timer
  service: name="archweb-rsync_iso.timer" enabled=yes state=started
  when: archweb_site

212
213
214
215
- name: start and enable archweb reporead service
  service: name="archweb-reporead.service" enabled=yes state=started
  when: archweb_services or archweb_reporead

216
217
218
219
- name: restart archweb reporead service
  service: name="archweb-reporead.service" state=restarted
  when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)

220
221
222
- name: start and enable archweb mirrorcheck timer
  service: name="archweb-mirrorcheck.timer" enabled=yes state=started
  when: archweb_services or archweb_mirrorcheck
223
224
225
226

- name: start and enable archweb mirrorresolv timer
  service: name="archweb-mirrorresolv.timer" enabled=yes state=started
  when: archweb_services or archweb_mirrorresolv
227
228
229
230

- name: start and enable archweb populate_signoffs timer
  service: name="archweb-populate_signoffs.timer" enabled=yes state=started
  when: archweb_services or archweb_populate_signoffs