roles/security-tracker: Work on the security-tracker role almost complete.

b2c4b622 · Giancarlo Razzolini · 1bc0b279 · b2c4b622 · b2c4b622 · b2c4b622
Verified Commit b2c4b622 authored Dec 17, 2016 by Giancarlo Razzolini
--- a/group_vars/all/security_tracker.yml
+++ b/group_vars/all/security_tracker.yml
+$ANSIBLE_VAULT;1.1;AES256
+33636363346639663930653961373863633738393731383733613866663933343264306530343464
+6539346430383061636562623230373766396362383861300a373563653633636131656332343465
+33653863336639666664353963373066656639373666353032643839393264333739366463666531
+6466333030336438620a333538613564303335616266643539303630666365396565643232333939
+63643632623333356434636533656138626136333034393537646136323663306138613730383138
+63636565616639386334616532623233333131666564633933386232393963353066363938393432
+66303439373639636666356430363635343436363037623631386136336437343836353863383163
+39303931623637646131396331313835393161653465653131366434636465616537636565643261
+3330
--- a/roles/security_tracker/files/security-tracker-update.service
+++ b/roles/security_tracker/files/security-tracker-update.service
+[Unit]
+Description=Security Tracker update service
+
+[Service]
+Type=oneshot
+User=security
+Group=security
+WorkingDirectory=/srv/http/security-tracker
+ExecStart=/usr/bin/make update
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/security_tracker/files/security-tracker-update.timer
+++ b/roles/security_tracker/files/security-tracker-update.timer
+[Unit]
+Description=Security Tracker update timer
+
+[Timer]
+OnUnitActiveSec=1h
+OnBootSec=15min
+RandomizedDelaySec=10min
+
+[Install]
+WantedBy=timers.target
--- a/roles/security_tracker/handlers/main.yml
+++ b/roles/security_tracker/handlers/main.yml
+---
+
+- name: daemon reload
+  command: systemctl daemon-reload
--- a/roles/security-tracker/tasks/main.yml
+++ b/roles/security-tracker/tasks/main.yml
@@ -38,3 +38,23 @@

 - name: make nginx log dir
  file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=http group=log mode=755
+
+- name: copy security-tracker units
+  copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
+  with_items:
+    - security-tracker-update.timer
+    - security-tracker-update.service
+  notify:
+    - daemon reload
+
+- name: configure security-tracker
+  template: src=20-user.local.conf.j2 dest={{ security_tracker_dir }}/config/20-user.local.conf owner=security group=security mode=0640
+
+- name: deploy security-tracker
+  template: src=security-tracker.ini.j2 dest=/etc/uwsgi/vassals/security-tracker.ini owner=security group=http mode=0644
+
+- name: start and enable security-tracker units
+  service: name="{{ item }}" enabled=yes state=started
+  with_items:
+    - security-tracker-update.timer
+    - security-tracker-update.service
--- a/roles/security_tracker/templates/20-user.local.conf.j2
+++ b/roles/security_tracker/templates/20-user.local.conf.j2
+[flask]
+secret_key = '{{ security_tracker.secret_key }}'
--- a/roles/security-tracker/templates/nginx.d.conf.j2
+++ b/roles/security-tracker/templates/nginx.d.conf.j2
--- a/roles/security-tracker/templates/security-tracker.ini.j2
+++ b/roles/security-tracker/templates/security-tracker.ini.j2