diff --git a/bench/commands/install.py b/bench/commands/install.py index 4c9459e8..46460dd0 100644 --- a/bench/commands/install.py +++ b/bench/commands/install.py @@ -10,41 +10,39 @@ def install(): @click.command('prerequisites') def install_prerequisites(): - "Install prerequisites" - run_playbook('prerequisites/install_prerequisites.yml') + run_playbook('site.yml', tag='common, redis') @click.command('mariadb') @click.option('--mysql_root_password') def install_maridb(mysql_root_password=''): - "Install mariadb 10.1" if mysql_root_password: extra_vars.update({"mysql_root_password": mysql_root_password}) - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb') + run_playbook('site.yml', extra_vars=extra_vars, tag='mariadb') @click.command('wkhtmltopdf') def install_wkhtmltopdf(): - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf') + run_playbook('site.yml', extra_vars=extra_vars, tag='wkhtmltopdf') @click.command('nodejs') def install_nodejs(): - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs') + run_playbook('site.yml', extra_vars=extra_vars, tag='nodejs') @click.command('psutil') def install_psutil(): - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil') + run_playbook('site.yml', extra_vars=extra_vars, tag='psutil') @click.command('supervisor') @click.option('--user') def install_supervisor(user=None): - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='supervisor') + run_playbook('site.yml', extra_vars=extra_vars, tag='supervisor') if user: setup_sudoers(user) @click.command('nginx') @click.option('--user') def install_nginx(user=None): - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx') + run_playbook('site.yml', extra_vars=extra_vars, tag='nginx') if user: setup_sudoers(user) @@ -54,7 +52,7 @@ def install_nginx(user=None): @click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban.') def install_failtoban(**kwargs): extra_vars.update(kwargs) - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban') + run_playbook('site.yml', extra_vars=extra_vars, tag='fail2ban') install.add_command(install_prerequisites) install.add_command(install_maridb) diff --git a/bench/commands/setup.py b/bench/commands/setup.py index 02110c21..622c6f74 100755 --- a/bench/commands/setup.py +++ b/bench/commands/setup.py @@ -89,7 +89,7 @@ def setup_firewall(ssh_port=None, force=False): if not ssh_port: ssh_port = 22 - run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port}) + run_playbook('roles/bench/tasks/setup_firewall.yml', {"ssh_port": ssh_port}) @click.command('ssh-port') @click.argument('port') @@ -103,7 +103,7 @@ def set_ssh_port(port, force=False): 'Do you want to continue?'.format(port), abort=True) - run_playbook('production/change_ssh_port.yml', {"ssh_port": port}) + run_playbook('roles/bench/tasks/change_ssh_port.yml', {"ssh_port": port}) @click.command('lets-encrypt') @click.argument('site') @@ -214,9 +214,9 @@ def setup_roles(role, **kwargs): extra_vars.update(kwargs) if role: - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role) + run_playbook('site.yml', extra_vars=extra_vars, tag=role) else: - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars) + run_playbook('site.yml', extra_vars=extra_vars) @click.command('fail2ban') @click.option('--maxretry', default=6, help="Number of matches (i.e. value of the counter) which triggers ban action on the IP. Default is 6 seconds" ) @@ -224,7 +224,7 @@ def setup_roles(role, **kwargs): @click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban. Default is 600 seconds') def setup_nginx_proxy_jail(**kwargs): from bench.utils import run_playbook - run_playbook('prerequisites/setup_nginx_proxy_jail.yml', extra_vars=kwargs) + run_playbook('roles/fail2ban/tasks/configure_nginx_jail.yml', extra_vars=kwargs) setup.add_command(setup_sudoers) setup.add_command(setup_nginx) diff --git a/playbooks/README.md b/playbooks/README.md new file mode 100644 index 00000000..d47a31b9 --- /dev/null +++ b/playbooks/README.md @@ -0,0 +1,20 @@ +# Deploying a, developer/production-ready ERPNext website with Ansible + +## Supported Platforms + - Debian 8, 9 + - Ubuntu 14.04, 16.04 + - CentOS 7 + +## Directory Structure + TODO + +## Notes for maintainers + - For MariaDB playbooks refer https://github.com/PCextreme/ansible-role-mariadb + - Any changes made in relation to a role should be dont inside the role and not outside it + +# TODO: +1. Planned Platform + - Arch Linux + - Fedora + - RedHat +2. Consider reffering to https://github.com/geerlingguy/ansible-role-mysql.git for MariaDB playbook \ No newline at end of file diff --git a/playbooks/__init__.py b/playbooks/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/playbooks/develop/create_user.yml b/playbooks/create_user.yml old mode 100755 new mode 100644 similarity index 94% rename from playbooks/develop/create_user.yml rename to playbooks/create_user.yml index 2980ed4e..38295f3f --- a/playbooks/develop/create_user.yml +++ b/playbooks/create_user.yml @@ -1,4 +1,5 @@ --- + - hosts: localhost tasks: - name: Create user @@ -30,4 +31,6 @@ owner: '{{ frappe_user }}' group: '{{ frappe_user }}' recurse: yes - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian' \ No newline at end of file + when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian' + +... \ No newline at end of file diff --git a/playbooks/develop/includes/setup_erpnext.yml b/playbooks/develop/includes/setup_erpnext.yml deleted file mode 100644 index 33bb227b..00000000 --- a/playbooks/develop/includes/setup_erpnext.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - - name: Check if ERPNext App exists - stat: path="{{ bench_path }}/apps/erpnext" - register: app - - - name: get erpnext - command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }} - args: - creates: "{{ bench_path }}/apps/erpnext" - chdir: "{{ bench_path }}" - when: not app.stat.exists - - - name: Check whether a site called site1.local exists - stat: path="{{ bench_path }}/sites/site1.local" - register: site_folder - - - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d - blockinfile: - path: /etc/mysql/conf.d/settings.cnf - block: | - # Import all .cnf files from configuration directory - !includedir /etc/mysql/mariadb.conf.d/ - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d - blockinfile: - path: /etc/mysql/mariadb.conf.d/erpnext.cnf - block: | - [mysqld] - pid-file = /var/run/mysqld/mysqld.pid - socket = /var/run/mysqld/mysqld.sock - create: yes - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - - name: restart mysql - service: name=mysql state=restarted - become: yes - become_user: root - - - name: create a new default site - command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }} - args: - chdir: "{{ bench_path }}" - when: not site_folder.stat.exists - - - name: install erpnext to default site - command: bench --site site1.local install-app erpnext - args: - chdir: "{{ bench_path }}" - diff --git a/playbooks/develop/includes/setup_selinux_policy.yml b/playbooks/develop/includes/setup_selinux_policy.yml deleted file mode 100644 index 98904e53..00000000 --- a/playbooks/develop/includes/setup_selinux_policy.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- hosts: localhost - tasks: - - name: Install SELinux for CentOS - yum: name="{{item}}" state=present - with_items: - - policycoreutils-python - - selinux-policy-devel - become: yes - become_user: root - when: ansible_distribution == 'CentOS' - - - name: Install SELinux for Ubuntu - apt: name={{ item }} state=present - with_items: - - selinux - - selinux-policy-dev - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' - - - name: Check enabled SELinux modules - shell: semanage module -l - register: enabled_modules - - - name: Copy frappe_selinux policy - copy: src=templates/frappe_selinux.te dest=/root/frappe_selinux.te - register: dest_frappe_selinux_te - become: yes - become_user: root - - - name: Compile frappe_selinux policy - shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp" - args: - chdir: /root/ - become: yes - become_user: root - when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml deleted file mode 100644 index bc67dbe8..00000000 --- a/playbooks/develop/install.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- hosts: localhost - -- include: ../prerequisites/install_prerequisites.yml - when: ansible_distribution != 'MacOSX' - -- include: ../prerequisites/install_roles.yml - when: ansible_distribution != 'MacOSX' - -- include: macosx.yml - when: ansible_distribution == 'MacOSX' - -- name: setup bench and dev environment - hosts: localhost - vars: - bench_repo_path: "/home/{{ frappe_user }}/.bench" - bench_path: "/home/{{ frappe_user }}/{{ bench_name }}" - tasks: - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis and not without_bench_setup - - # setup development environment - - include: includes/setup_dev_env.yml - when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu') diff --git a/playbooks/develop/templates/mariadb_centos.repo b/playbooks/develop/templates/mariadb_centos.repo deleted file mode 100644 index b0d7c819..00000000 --- a/playbooks/develop/templates/mariadb_centos.repo +++ /dev/null @@ -1,7 +0,0 @@ -# MariaDB 10.1 CentOS repository list - created 2016-03-18 09:56 UTC -# http://mariadb.org/mariadb/repositories/ -[mariadb] -name = MariaDB -baseurl = http://yum.mariadb.org/10.1/centos{{ ansible_lsb.major_release }}-{{ "amd64" if ansible_architecture == "x86_64" else "x86"}} -gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1 diff --git a/playbooks/install.py b/playbooks/install.py old mode 100755 new mode 100644 index b65ed1b0..90f16218 --- a/playbooks/install.py +++ b/playbooks/install.py @@ -13,8 +13,8 @@ def install_bench(args): success = run_os_command({ 'apt-get': [ - 'sudo apt-get update', - 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev' + 'sudo apt-get update' + # 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev' ], 'yum': [ 'sudo yum groupinstall -y "Development tools"', @@ -59,7 +59,7 @@ def install_bench(args): }) success = run_os_command({ - 'pip': "sudo pip install ansible==2.3.1" + 'pip': "sudo pip install ansible==2.4.1" }) if not success: @@ -93,7 +93,7 @@ def install_bench(args): repo_path = os.path.join(os.path.expanduser('~'), 'bench') extra_vars.update(repo_path=repo_path) - run_playbook('develop/create_user.yml', extra_vars=extra_vars) + run_playbook('create_user.yml', extra_vars=extra_vars) extra_vars.update(get_passwords(args)) if args.production: @@ -105,11 +105,12 @@ def install_bench(args): bench_name = 'frappe-bench' if not args.bench_name else args.bench_name extra_vars.update(bench_name=bench_name) - if args.develop: - run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars) + # Will install ERPNext production setup by default + run_playbook('site.yml', sudo=True, extra_vars=extra_vars) - elif args.production: - run_playbook('production/install.yml', sudo=True, extra_vars=extra_vars) + # # Will do changes for production if --production flag is passed + # if args.production: + # run_playbook('production.yml', sudo=True, extra_vars=extra_vars) if os.path.exists(tmp_bench_repo): shutil.rmtree(tmp_bench_repo) @@ -147,7 +148,7 @@ def install_python27(): # install python 2.7 success = run_os_command({ - 'apt-get': 'sudo apt-get install -y python2.7', + 'apt-get': 'sudo apt-get install -y python-dev', 'yum': 'sudo yum install -y python27', 'brew': 'brew install python' }) diff --git a/playbooks/develop/macosx.yml b/playbooks/macosx.yml similarity index 86% rename from playbooks/develop/macosx.yml rename to playbooks/macosx.yml index 05b8c947..2ca0e174 100644 --- a/playbooks/develop/macosx.yml +++ b/playbooks/macosx.yml @@ -22,9 +22,9 @@ - wkhtmltopdf - name: configure mariadb - include: ../prerequisites/roles/mariadb/tasks/main.yml + include: roles/mariadb/tasks/main.yml vars: - mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf + mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf - name: Install MySQLdb in global env pip: name=mysql-python version=1.2.5 @@ -36,3 +36,4 @@ - include: includes/setup_dev_env.yml when: not production +... \ No newline at end of file diff --git a/playbooks/prerequisites/install_prerequisites.yml b/playbooks/prerequisites/install_prerequisites.yml deleted file mode 100644 index 93350a0f..00000000 --- a/playbooks/prerequisites/install_prerequisites.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -#- include: setup_essentials.yml - -- name: "Setup prerequisites" - hosts: localhost - become: yes - become_user: root - tasks: - - name: Install yum packages - yum: name={{ item }} state=present - with_items: - - bzip2-devel - - cronie - - dnsmasq - - freetype-devel - - git - - htop - - lcms2-devel - - libjpeg-devel - - libtiff-devel - - libffi-devel - - libwebp-devel - - libXext - - libXrender - - libzip-devel - - libffi-devel - - ntp - - openssl-devel - - postfix - - python-devel - - python-setuptools - - python-pip - - redis - - screen - - sudo - - tcl-devel - - tk-devel - - vim - - which - - xorg-x11-fonts-75dpi - - xorg-x11-fonts-Type1 - - zlib-devel - - openssl-devel - - openldap-devel - when: ansible_os_family == 'RedHat' - - # Prerequisite for Debian and Ubuntu - - name: Install apt packages - apt: pkg={{ item }} state=present force=yes - with_items: - - build-essential - - software-properties-common - - dnsmasq - - fontconfig - - git - - htop - - libcrypto++-dev - - libfreetype6-dev - - liblcms2-dev - - libssl-dev - - libwebp-dev - - libxext6 - - libxrender1 - - libxslt1-dev - - libxslt1.1 - - libffi-dev - - ntp - - postfix - - python-dev - - python-pip - - python-tk - - redis-server - - screen - - vim - - xfonts-75dpi - - xfonts-base - - zlib1g-dev - - apt-transport-https - - libsasl2-dev - - libldap2-dev - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - - - include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' - - - include: debian.yml - when: ansible_distribution == 'Debian' - - # Prerequisite for MACOS - - name: install prequisites for macos - homebrew: name={{ item }} state=present - with_items: - - cmake - - redis - - mariadb - - nodejs - when: ansible_distribution == 'MacOSX' diff --git a/playbooks/prerequisites/install_roles.yml b/playbooks/prerequisites/install_roles.yml deleted file mode 100644 index c66b829d..00000000 --- a/playbooks/prerequisites/install_roles.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil - hosts: localhost - become: yes - become_user: root - vars: - - mysql_conf_tpl: files/mariadb_config.cnf - - nginx_conf_file: files/nginx.conf - - mysql_secure_installation: True - roles: - - { role: locale, tags: "locale" } - - { role: swap, tags: "swap", when: production } - - { role: logwatch, tags: "logwatch", when: production } - - { role: bash_screen_wall, tags: "bash_screen_wall", when: production } - - { role: frappe_selinux, tags: "frappe_selinux", when: production } - - { role: dns_caching, tags: "dns_caching", when: production } - - { role: ntpd, tags: "ntpd", when: production } - - { role: mariadb, tags: "mariadb" } - - { role: wkhtmltopdf, tags: "wkhtmltopdf" } - - { role: nodejs, tags: "nodejs" } - - { role: psutil, tags: "psutil" } - - { role: supervisor, tags: "supervisor", when: production } - - { role: nginx, tags: "nginx", when: production } - - { role: fail2ban, tags: "fail2ban" , when: production } - tasks: - - name: Set hostname - hostname: name='{{ hostname }}' - when: hostname is defined and production - - - name: Start NTPD - service: name=ntpd state=started - when: ansible_distribution == 'CentOS' and production - - - name: Start NTPD - service: name=ntp state=started - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production \ No newline at end of file diff --git a/playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml b/playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml deleted file mode 100644 index 338b6fbc..00000000 --- a/playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Setup bash screen wall - copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh \ No newline at end of file diff --git a/playbooks/prerequisites/roles/locale/defaults/main.yml b/playbooks/prerequisites/roles/locale/defaults/main.yml deleted file mode 100644 index 3b713b45..00000000 --- a/playbooks/prerequisites/roles/locale/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -locale_keymap: us -locale_lang: en_US.utf8 \ No newline at end of file diff --git a/playbooks/prerequisites/roles/mariadb/meta/main.yml b/playbooks/prerequisites/roles/mariadb/meta/main.yml deleted file mode 100644 index b2beef2c..00000000 --- a/playbooks/prerequisites/roles/mariadb/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: "Attila van der Velde" - description: "Installs MariaDB" - company: "PCextreme B.V." - license: "license (MIT, BSD)" - min_ansible_version: 1.8 - platforms: - - name: EL - versions: - - 6 - - 7 - - name: Ubuntu - versions: - - trusty - categories: - - database:sql - -dependencies: [] diff --git a/playbooks/prerequisites/roles/mariadb/tasks/main.yml b/playbooks/prerequisites/roles/mariadb/tasks/main.yml deleted file mode 100644 index bbcc7e77..00000000 --- a/playbooks/prerequisites/roles/mariadb/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- include: centos.yml - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6 - -- include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' - -- name: Add configuration - template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 - when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian' - notify: restart mysql - -- include: debian.yml - when: ansible_distribution == 'Debian' - -- name: Add configuration - template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 - when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian' - notify: restart mysql - -- name: Start and enable service - service: name=mysql state=started enabled=yes - -- debug: - msg: "{{ mysql_root_password }}" - -- include: mysql_secure_installation.yml - when: mysql_root_password is defined - -- debug: var=mysql_secure_installation - when: mysql_secure_installation and mysql_root_password is defined diff --git a/playbooks/prerequisites/roles/nginx/.travis.yml b/playbooks/prerequisites/roles/nginx/.travis.yml deleted file mode 100644 index 24648b13..00000000 --- a/playbooks/prerequisites/roles/nginx/.travis.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -language: python -python: "2.7" - -env: - - SITE=test.yml - -before_install: - - sudo apt-get update -qq - - sudo apt-get install -y curl - -install: - # Install Ansible. - - pip install ansible - - # Add ansible.cfg to pick up roles path. - - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" - -script: - # Check the role/playbook's syntax. - - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" - - # Run the role/playbook with ansible-playbook. - - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" - - # Run the role/playbook again, checking to make sure it's idempotent. - - > - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # TODO - get the test working. Probably need to add a virtual host. - # Request a page via Nginx, to make sure Nginx is running and responds. - # - "curl http://localhost/" diff --git a/playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 b/playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 deleted file mode 100644 index a43202ce..00000000 --- a/playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 +++ /dev/null @@ -1,51 +0,0 @@ -user {{ nginx_user }}; - -error_log {{ nginx_error_log }}; -pid /var/run/nginx.pid; - -worker_processes {{ nginx_worker_processes }}; - -events { - worker_connections {{ nginx_worker_connections }}; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server_names_hash_bucket_size 64; - - client_max_body_size {{ nginx_client_max_body_size }}; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log {{ nginx_access_log }}; - - sendfile {{ nginx_sendfile }}; - tcp_nopush {{ nginx_tcp_nopush }}; - tcp_nodelay {{ nginx_tcp_nodelay }}; - - keepalive_timeout {{ nginx_keepalive_timeout }}; - keepalive_requests {{ nginx_keepalive_requests }}; - - #gzip on; - -{% if nginx_proxy_cache_path %} - proxy_cache_path {{ nginx_proxy_cache_path }}; -{% endif %} - -{% for upstream in nginx_upstreams %} - upstream {{ upstream.name }} { -{% if upstream.strategy is defined %} - {{ upstream.strategy }}; -{% endif %} -{% for server in upstream.servers %} - server {{ server }}; -{% endfor %} - } -{% endfor %} - - include {{ nginx_vhost_path }}/*; -} diff --git a/playbooks/prerequisites/roles/swap/defaults/main.yml b/playbooks/prerequisites/roles/swap/defaults/main.yml deleted file mode 100644 index 3eac0ae0..00000000 --- a/playbooks/prerequisites/roles/swap/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -swap_size_mb: 1024 \ No newline at end of file diff --git a/playbooks/prerequisites/setup_essentials.yml b/playbooks/prerequisites/setup_essentials.yml deleted file mode 100644 index ed9cef0f..00000000 --- a/playbooks/prerequisites/setup_essentials.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - - name: Setup Essentials - hosts: localhost - become: yes - become_user: root - - tasks: - - name: Install the 'Development tools' package group (Redhat) - yum: name="@Development tools" state=present - when: ansible_os_family == 'RedHat' - - - name: Install EPEL - yum: name='epel-release' state=present - when: ansible_os_family == 'RedHat' - - - name: Install libselinux-python - yum: name={{ item }} state=present - with_items: - - python-devel - - python-setuptools - - python-pip - - libselinux-python - when: ansible_os_family == 'RedHat' - - - name: Add dotdeb apt repository key for Debian < 8 - apt_key: - url: http://www.dotdeb.org/dotdeb.gpg - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - - name: Add dotdeb apt repository for redis-server for Debian < 8 - apt_repository: - repo: 'deb http://packages.dotdeb.org wheezy all' - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - - name: Install python selinux - apt: pkg={{ item }} state=present force=yes - with_items: - - build-essential - - python-dev - - python-pip - - python-selinux - when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu' diff --git a/playbooks/prerequisites/setup_nginx_proxy_jail.yml b/playbooks/prerequisites/setup_nginx_proxy_jail.yml deleted file mode 100644 index 05263f87..00000000 --- a/playbooks/prerequisites/setup_nginx_proxy_jail.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml \ No newline at end of file diff --git a/playbooks/production/includes/setup_bench_production.yml b/playbooks/production/includes/setup_bench_production.yml deleted file mode 100644 index 3563082d..00000000 --- a/playbooks/production/includes/setup_bench_production.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- - - hosts: localhost - vars: - bench_path: "/home/{{ frappe_user }}/{{ bench_name }}" - - tasks: - - # In case we are re-running the script, we would like to skip the site creation - - name: Check whether a site exists - stat: path="{{ bench_path }}/sites/{{ site }}" - register: site_folder - - - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d - blockinfile: - path: /etc/mysql/conf.d/settings.cnf - block: | - # Import all .cnf files from configuration directory - !includedir /etc/mysql/mariadb.conf.d/ - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d - blockinfile: - path: /etc/mysql/mariadb.conf.d/erpnext.cnf - block: | - [mysqld] - pid-file = /var/run/mysqld/mysqld.pid - socket = /var/run/mysqld/mysqld.sock - create: yes - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - - name: restart mysql - service: name=mysql state=restarted - become: yes - become_user: root - - - name: Create new site - command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }} - args: - chdir: "{{ bench_path }}" - when: not site_folder.stat.exists - - - name: Check ERPNext App exists - stat: path="{{ bench_path }}/apps/erpnext" - register: app - - # In case we are re-running the script, we would like to skip getting ERPNext App - - name: Get-app erpnext app - command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }} - args: - chdir: '{{ bench_path }}' - when: not app.stat.exists - - - name: Install erpnext app - command: bench --site {{ site }} install-app erpnext - args: - chdir: '{{ bench_path }}' - - - name: Change permissions for frappe home folder - become: yes - become_user: root - file: - dest: '/home/{{ frappe_user }}' - owner: '{{ frappe_user }}' - group: '{{ frappe_user }}' - mode: 0755 - recurse: yes - state: directory - - - name: Setup production - become: yes - become_user: root - command: bench setup production {{ frappe_user }} - args: - chdir: '{{ bench_path }}' - - - name: Setup Sudoers - become: yes - become_user: root - command: bench setup sudoers {{ frappe_user }} - args: - chdir: '{{ bench_path }}' - - - name: Restart the bench - command: bench restart - args: - chdir: '{{ bench_path }}' diff --git a/playbooks/production/includes/setup_inputrc.yml b/playbooks/production/includes/setup_inputrc.yml deleted file mode 100644 index d5981945..00000000 --- a/playbooks/production/includes/setup_inputrc.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: localhost - tasks: - - name: insert/update inputrc for history - blockinfile: - dest: "/home/{{ frappe_user }}/.inputrc" - create: yes - block: | - ## arrow up - "\e[A":history-search-backward - ## arrow down - "\e[B":history-search-forward \ No newline at end of file diff --git a/playbooks/production/includes/setup_prod_env.yml b/playbooks/production/includes/setup_prod_env.yml deleted file mode 100755 index 9a003618..00000000 --- a/playbooks/production/includes/setup_prod_env.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -- hosts: localhost - - tasks: - - #################################################### - # Replace default nginx config with nginx template - - name: Rename default nginx.conf to nginx.conf.old - command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old - become: yes - become_user: root - - - name: Copy the nginx_config template - template: - src: ../templates/default_nginx.j2 - dest: /etc/nginx/nginx.conf - become: yes - become_user: root - - - name: Reload the nginx service - service: - name: nginx - state: restarted - become: yes - become_user: root - - ###################################################### - # Set InnoDB Buffer Pool size to half of total RAM - - name: Set InnoDB buffer pool - lineinfile: > - dest=/etc/my.cnf.d/frappe.cnf - regexp="^\[mysqld\]$" - line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M" - state=present - when: ansible_distribution == 'CentOS' - become: yes - become_user: root - - - name: Set InnoDB buffer pool - lineinfile: > - dest=/etc/mysql/conf.d/frappe.cnf - regexp="^\[mysqld\]$" - line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M" - state=present - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - become: yes - become_user: root - - #################################################### - # Enable nginx, mysql, redis and supevisord services - - name: Enable nginx, mysql, and redis - service: - name: '{{ item }}' - enabled: yes - with_items: - - nginx - - mysql - become: yes - become_user: root - - - name: Enable redis.service on centos - service: - name: redis - enabled: yes - become: yes - become_user: root - when: ansible_distribution == 'CentOS' - - - name: Enable redis-server.service on ubuntu - service: - name: redis-server - enabled: yes - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - - name: Check whether default supervisor.conf exists - service: - name: supervisord - state: started - enabled: yes - become: yes - become_user: root - when: ansible_distribution == 'CentOS' - - - name: Check whether default supervisor.conf exists - service: - name: supervisor - state: started - enabled: yes - become: yes - become_user: root - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml deleted file mode 100644 index 17c5b6ca..00000000 --- a/playbooks/production/install.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - # Install the common pre-requisites for the setting up bench - - include: ../develop/install.yml - - - include: includes/setup_inputrc.yml - - # Setup Bench for production environment - - include: includes/setup_bench_production.yml - when: not run_travis diff --git a/playbooks/prerequisites/roles/bash_screen_wall/files/screen_wall.sh b/playbooks/roles/bash_screen_wall/files/screen_wall.sh similarity index 100% rename from playbooks/prerequisites/roles/bash_screen_wall/files/screen_wall.sh rename to playbooks/roles/bash_screen_wall/files/screen_wall.sh diff --git a/playbooks/roles/bash_screen_wall/tasks/main.yml b/playbooks/roles/bash_screen_wall/tasks/main.yml new file mode 100644 index 00000000..452b7a49 --- /dev/null +++ b/playbooks/roles/bash_screen_wall/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup bash screen wall + copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh +... \ No newline at end of file diff --git a/playbooks/production/change_ssh_port.yml b/playbooks/roles/bench/tasks/change_ssh_port.yml old mode 100755 new mode 100644 similarity index 95% rename from playbooks/production/change_ssh_port.yml rename to playbooks/roles/bench/tasks/change_ssh_port.yml index 715a98d0..5e850ed5 --- a/playbooks/production/change_ssh_port.yml +++ b/playbooks/roles/bench/tasks/change_ssh_port.yml @@ -1,19 +1,20 @@ -- name: Change ssh port - gather_facts: false - hosts: localhost - user: root - tasks: - - name: change sshd config - lineinfile: > - dest=/etc/ssh/sshd_config - regexp="^Port" - line="Port {{ ssh_port }}" - state=present - - - name: restart ssh - service: name=sshd state=reloaded - - - name: Change ansible ssh port to 2332 - set_fact: - ansible_ssh_port: '{{ ssh_port }}' - +--- +- name: Change ssh port + gather_facts: false + hosts: localhost + user: root + tasks: + - name: change sshd config + lineinfile: > + dest=/etc/ssh/sshd_config + regexp="^Port" + line="Port {{ ssh_port }}" + state=present + + - name: restart ssh + service: name=sshd state=reloaded + + - name: Change ansible ssh port to 2332 + set_fact: + ansible_ssh_port: '{{ ssh_port }}' +... \ No newline at end of file diff --git a/playbooks/develop/includes/setup_bench.yml b/playbooks/roles/bench/tasks/main.yml similarity index 63% rename from playbooks/develop/includes/setup_bench.yml rename to playbooks/roles/bench/tasks/main.yml index 7b768c4c..1ed5dafb 100644 --- a/playbooks/develop/includes/setup_bench.yml +++ b/playbooks/roles/bench/tasks/main.yml @@ -28,11 +28,17 @@ stat: path="{{ bench_path }}" register: bench_stat - - name: init bench + - name: python3 bench init for develop + command: bench init {{ bench_path }} --frappe-branch {{ branch }} --python python3 + args: + creates: "{{ bench_path }}" + when: not bench_stat.stat.exists and develop + + - name: python2 bench init for develop command: bench init {{ bench_path }} --frappe-branch {{ branch }} args: creates: "{{ bench_path }}" - when: not bench_stat.stat.exists + when: not bench_stat.stat.exists and production # setup common_site_config - name: setup config @@ -46,3 +52,15 @@ args: creates: "{{ bench_path }}/apps/frappe" chdir: "{{ bench_path }}" + + - include_tasks: setup_dev_env.yml + when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu') + + - include_tasks: setup_inputrc.yml + + # Setup Bench for production environment + - include_tasks: setup_bench_production.yml + vars: + bench_path: "/home/{{ frappe_user }}/{{ bench_name }}" + when: not run_travis and production +... diff --git a/playbooks/roles/bench/tasks/setup_bench_production.yml b/playbooks/roles/bench/tasks/setup_bench_production.yml new file mode 100644 index 00000000..75206be4 --- /dev/null +++ b/playbooks/roles/bench/tasks/setup_bench_production.yml @@ -0,0 +1,58 @@ +--- +# In case we are re-running the script, we would like to skip the site creation +- name: Check whether a site exists + stat: path="{{ bench_path }}/sites/{{ site }}" + register: site_folder + +- name: Create new site + command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }} + args: + chdir: "{{ bench_path }}" + when: not site_folder.stat.exists + +- name: Check ERPNext App exists + stat: path="{{ bench_path }}/apps/erpnext" + register: app + +# In case we are re-running the script, we would like to skip getting ERPNext App +- name: Get-app erpnext app + command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }} + args: + chdir: '{{ bench_path }}' + when: not app.stat.exists + +- name: Install erpnext app + command: bench --site {{ site }} install-app erpnext + args: + chdir: '{{ bench_path }}' + +- name: Change permissions for frappe home folder + become: yes + become_user: root + file: + dest: '/home/{{ frappe_user }}' + owner: '{{ frappe_user }}' + group: '{{ frappe_user }}' + mode: 0755 + recurse: yes + state: directory + +- name: Setup production + become: yes + become_user: root + command: bench setup production {{ frappe_user }} + args: + chdir: '{{ bench_path }}' + +- name: Setup Sudoers + become: yes + become_user: root + command: bench setup sudoers {{ frappe_user }} + args: + chdir: '{{ bench_path }}' + +- name: Restart the bench + command: bench restart + args: + chdir: '{{ bench_path }}' +... \ No newline at end of file diff --git a/playbooks/develop/includes/setup_dev_env.yml b/playbooks/roles/bench/tasks/setup_dev_env.yml similarity index 86% rename from playbooks/develop/includes/setup_dev_env.yml rename to playbooks/roles/bench/tasks/setup_dev_env.yml index 31e38de2..843ca0c4 100644 --- a/playbooks/develop/includes/setup_dev_env.yml +++ b/playbooks/roles/bench/tasks/setup_dev_env.yml @@ -1,5 +1,4 @@ --- - # Setup Procfile - name: setup procfile command: bench setup procfile @@ -17,4 +16,6 @@ # Setup an ERPNext site called site1.local - - include: includes/setup_erpnext.yml \ No newline at end of file + - include_tasks: setup_erpnext.yml + hosts: localhost +... diff --git a/playbooks/roles/bench/tasks/setup_erpnext.yml b/playbooks/roles/bench/tasks/setup_erpnext.yml new file mode 100644 index 00000000..02b439c9 --- /dev/null +++ b/playbooks/roles/bench/tasks/setup_erpnext.yml @@ -0,0 +1,28 @@ +--- + - name: Check if ERPNext App exists + stat: path="{{ bench_path }}/apps/erpnext" + register: app + + - name: get erpnext + command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }} + args: + creates: "{{ bench_path }}/apps/erpnext" + chdir: "{{ bench_path }}" + when: not app.stat.exists + + - name: Check whether a site called site1.local exists + stat: path="{{ bench_path }}/sites/site1.local" + register: site_folder + + - name: create a new default site + command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }} + args: + chdir: "{{ bench_path }}" + when: not site_folder.stat.exists + + - name: install erpnext to default site + command: bench --site site1.local install-app erpnext + args: + chdir: "{{ bench_path }}" + +... \ No newline at end of file diff --git a/playbooks/production/setup_firewall.yml b/playbooks/roles/bench/tasks/setup_firewall.yml old mode 100755 new mode 100644 similarity index 99% rename from playbooks/production/setup_firewall.yml rename to playbooks/roles/bench/tasks/setup_firewall.yml index 2cb59cd4..f1fc9fa8 --- a/playbooks/production/setup_firewall.yml +++ b/playbooks/roles/bench/tasks/setup_firewall.yml @@ -1,3 +1,4 @@ +--- - name: Setup Firewall user: root hosts: localhost @@ -47,4 +48,4 @@ - 443 - "{{ ssh_port }}" when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - +... \ No newline at end of file diff --git a/playbooks/roles/bench/tasks/setup_inputrc.yml b/playbooks/roles/bench/tasks/setup_inputrc.yml new file mode 100644 index 00000000..9c88b933 --- /dev/null +++ b/playbooks/roles/bench/tasks/setup_inputrc.yml @@ -0,0 +1,11 @@ +--- +- name: insert/update inputrc for history + blockinfile: + dest: "/home/{{ frappe_user }}/.inputrc" + create: yes + block: | + ## arrow up + "\e[A":history-search-backward + ## arrow down + "\e[B":history-search-forward +... \ No newline at end of file diff --git a/playbooks/prerequisites/debian.yml b/playbooks/roles/common/tasks/debian.yml similarity index 98% rename from playbooks/prerequisites/debian.yml rename to playbooks/roles/common/tasks/debian.yml index b7e3259b..29372a7c 100644 --- a/playbooks/prerequisites/debian.yml +++ b/playbooks/roles/common/tasks/debian.yml @@ -1,4 +1,5 @@ --- + - name: Setup OpenSSL dependancy pip: name=pyOpenSSL version=16.2.0 @@ -18,4 +19,6 @@ - libtiff5-dev - tcl8.5-dev - tk8.5-dev - when: ansible_distribution_version | version_compare('8', 'ge') \ No newline at end of file + when: ansible_distribution_version | version_compare('8', 'ge') + +... \ No newline at end of file diff --git a/playbooks/roles/common/tasks/debian_family.yml b/playbooks/roles/common/tasks/debian_family.yml new file mode 100644 index 00000000..77671fcd --- /dev/null +++ b/playbooks/roles/common/tasks/debian_family.yml @@ -0,0 +1,42 @@ +--- + +- name: Install prerequisites using apt-get + become: yes + become_user: root + apt: pkg={{ item }} state=present force=yes + with_items: + - dnsmasq + - fontconfig + - git # Version control + - htop # Server stats + - libcrypto++-dev + - libfreetype6-dev + - liblcms2-dev + - libssl-dev + - libwebp-dev + - libxext6 + - libxrender1 + - libxslt1-dev + - libxslt1.1 + - libffi-dev + - ntp # Clock synchronization + - postfix # Mail Server + - python-dev # Installing python developer suite + - python3-dev # For python3 compatibility + - python-tk + - screen # To aid ssh sessions with connectivity problems + - vim # Is that supposed to be a question!? + - xfonts-75dpi + - xfonts-base + - zlib1g-dev + - apt-transport-https + - libsasl2-dev + - libldap2-dev + +- include_tasks: debian.yml + when: ansible_distribution == 'Debian' + +- include_tasks: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +... \ No newline at end of file diff --git a/playbooks/roles/common/tasks/macos.yml b/playbooks/roles/common/tasks/macos.yml new file mode 100644 index 00000000..a5fbd0bf --- /dev/null +++ b/playbooks/roles/common/tasks/macos.yml @@ -0,0 +1,37 @@ +--- + +- hosts: localhost + become: yes + become_user: root + vars: + bench_repo_path: "/Users/{{ ansible_user_id }}/.bench" + bench_path: "/Users/{{ ansible_user_id }}/frappe-bench" + tasks: + # install pre-requisites + - name: install prequisites + homebrew: name={{ item }} state=present + with_items: + - cmake + - redis + - mariadb + - nodejs + + # install wkhtmltopdf + - name: cask installs + homebrew_cask: name={{ item }} state=present + with_items: + - wkhtmltopdf + + - name: configure mariadb + include_tasks: roles/mariadb/tasks/main.yml + vars: + mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf + + # setup frappe-bench + - include_tasks: includes/setup_bench.yml + + # setup development environment + - include_tasks: includes/setup_dev_env.yml + when: not production + +... \ No newline at end of file diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml new file mode 100644 index 00000000..952926fd --- /dev/null +++ b/playbooks/roles/common/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# Install's prerequisites, like fonts, image libraries, vim, screen, python-dev and gcc + +- include_tasks: debian_family.yml + when: ansible_os_family == 'Debian' + +- include_tasks: redhat_family.yml + when: ansible_os_family == "RedHat" +... \ No newline at end of file diff --git a/playbooks/roles/common/tasks/redhat_family.yml b/playbooks/roles/common/tasks/redhat_family.yml new file mode 100644 index 00000000..dfde2433 --- /dev/null +++ b/playbooks/roles/common/tasks/redhat_family.yml @@ -0,0 +1,42 @@ +--- + +- name: "Setup prerequisites using yum" + become: yes + become_user: root + yum: name={{ item }} state=present + with_items: + - bzip2-devel + - cronie + - dnsmasq + - freetype-devel + - git + - htop + - lcms2-devel + - libjpeg-devel + - libtiff-devel + - libffi-devel + - libwebp-devel + - libXext + - libXrender + - libzip-devel + - libffi-devel + - ntp + - openssl-devel + - postfix + - python-devel + - python-setuptools + - python-pip + - redis + - screen + - sudo + - tcl-devel + - tk-devel + - vim + - which + - xorg-x11-fonts-75dpi + - xorg-x11-fonts-Type1 + - zlib-devel + - openssl-devel + - openldap-devel + +... \ No newline at end of file diff --git a/playbooks/prerequisites/ubuntu.yml b/playbooks/roles/common/tasks/ubuntu.yml similarity index 97% rename from playbooks/prerequisites/ubuntu.yml rename to playbooks/roles/common/tasks/ubuntu.yml index 3e0918cd..13fb7450 100644 --- a/playbooks/prerequisites/ubuntu.yml +++ b/playbooks/roles/common/tasks/ubuntu.yml @@ -1,4 +1,5 @@ --- + - name: install pillow prerequisites for Ubuntu < 14.04 apt: pkg={{ item }} state=present force=yes with_items: @@ -15,4 +16,6 @@ - libtiff5-dev - tcl8.6-dev - tk8.6-dev - when: ansible_distribution_version | version_compare('14.04', 'ge') \ No newline at end of file + when: ansible_distribution_version | version_compare('14.04', 'ge') + +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/dns_caching/handlers/main.yml b/playbooks/roles/dns_caching/handlers/main.yml similarity index 59% rename from playbooks/prerequisites/roles/dns_caching/handlers/main.yml rename to playbooks/roles/dns_caching/handlers/main.yml index 5f7cb344..afe7ac3e 100644 --- a/playbooks/prerequisites/roles/dns_caching/handlers/main.yml +++ b/playbooks/roles/dns_caching/handlers/main.yml @@ -1,3 +1,4 @@ --- -- name: restart network manager +- name: Restart network manager service: name=NetworkManager state=restarted +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/dns_caching/tasks/main.yml b/playbooks/roles/dns_caching/tasks/main.yml similarity index 73% rename from playbooks/prerequisites/roles/dns_caching/tasks/main.yml rename to playbooks/roles/dns_caching/tasks/main.yml index 334e6e26..7c34f0fa 100644 --- a/playbooks/prerequisites/roles/dns_caching/tasks/main.yml +++ b/playbooks/roles/dns_caching/tasks/main.yml @@ -1,14 +1,14 @@ --- -- name: check NetworkManager.conf exists +- name: Check NetworkManager.conf exists stat: path: /etc/NetworkManager/NetworkManager.conf register: result -- name: unmask NetworkManager service +- name: Unmask NetworkManager service command: systemctl unmask NetworkManager when: result.stat.exists -- name: add dnsmasq to network config +- name: Add dnsmasq to network config lineinfile: > dest=/etc/NetworkManager/NetworkManager.conf regexp="dns=" @@ -17,4 +17,4 @@ when: result.stat.exists notify: - restart network manager - +... diff --git a/playbooks/prerequisites/roles/fail2ban/defaults/main.yml b/playbooks/roles/fail2ban/defaults/main.yml similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/defaults/main.yml rename to playbooks/roles/fail2ban/defaults/main.yml diff --git a/playbooks/prerequisites/roles/fail2ban/handlers/main.yml b/playbooks/roles/fail2ban/handlers/main.yml similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/handlers/main.yml rename to playbooks/roles/fail2ban/handlers/main.yml diff --git a/playbooks/prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml b/playbooks/roles/fail2ban/tasks/configure_nginx_jail.yml similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml rename to playbooks/roles/fail2ban/tasks/configure_nginx_jail.yml diff --git a/playbooks/prerequisites/roles/fail2ban/tasks/main.yml b/playbooks/roles/fail2ban/tasks/main.yml similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/tasks/main.yml rename to playbooks/roles/fail2ban/tasks/main.yml diff --git a/playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 b/playbooks/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 rename to playbooks/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 diff --git a/playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 b/playbooks/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 similarity index 100% rename from playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 rename to playbooks/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 diff --git a/playbooks/prerequisites/roles/frappe_selinux/files/frappe_selinux.te b/playbooks/roles/frappe_selinux/files/frappe_selinux.te similarity index 100% rename from playbooks/prerequisites/roles/frappe_selinux/files/frappe_selinux.te rename to playbooks/roles/frappe_selinux/files/frappe_selinux.te diff --git a/playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml b/playbooks/roles/frappe_selinux/tasks/main.yml similarity index 81% rename from playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml rename to playbooks/roles/frappe_selinux/tasks/main.yml index d2ef05f7..43602163 100644 --- a/playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml +++ b/playbooks/roles/frappe_selinux/tasks/main.yml @@ -6,13 +6,6 @@ - selinux-policy-devel when: ansible_distribution == 'CentOS' -# - name: Install SELinux for Ubuntu -# apt: name={{ item }} state=present -# with_items: -# - selinux -# - selinux-policy-dev -# when: ansible_distribution == 'Ubuntu' - - name: Check enabled SELinux modules shell: semanage module -l register: enabled_modules @@ -28,4 +21,4 @@ args: chdir: /root/ when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" - +... \ No newline at end of file diff --git a/playbooks/roles/locale/defaults/main.yml b/playbooks/roles/locale/defaults/main.yml new file mode 100644 index 00000000..82343e32 --- /dev/null +++ b/playbooks/roles/locale/defaults/main.yml @@ -0,0 +1,4 @@ +--- +locale_keymap: us +locale_lang: en_US.utf8 +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/locale/tasks/main.yml b/playbooks/roles/locale/tasks/main.yml similarity index 76% rename from playbooks/prerequisites/roles/locale/tasks/main.yml rename to playbooks/roles/locale/tasks/main.yml index 3168f70b..8551f690 100644 --- a/playbooks/prerequisites/roles/locale/tasks/main.yml +++ b/playbooks/roles/locale/tasks/main.yml @@ -6,15 +6,16 @@ - name: Set Locale command: "localectl set-locale LANG={{ locale_lang }}" - when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1 + when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG=locale_lang') == -1 - name: Set keymap command: "localectl set-keymap {{ locale_keymap }}" - when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1" + when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap:locale_keymap') == -1" - name: Set Locale as en_US lineinfile: dest=/etc/environment backup=yes line="{{ item }}" with_items: - "LC_ALL=en_US.UTF-8" - "LC_CTYPE=en_US.UTF-8" - - "LANG=en_US.UTF-8" \ No newline at end of file + - "LANG=en_US.UTF-8" +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/logwatch/defaults/main.yml b/playbooks/roles/logwatch/defaults/main.yml similarity index 95% rename from playbooks/prerequisites/roles/logwatch/defaults/main.yml rename to playbooks/roles/logwatch/defaults/main.yml index 7c82c654..fd3675e0 100644 --- a/playbooks/prerequisites/roles/logwatch/defaults/main.yml +++ b/playbooks/roles/logwatch/defaults/main.yml @@ -1,3 +1,4 @@ --- logwatch_emails: "{{ admin_emails }}" logwatch_detail: High +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/logwatch/tasks/main.yml b/playbooks/roles/logwatch/tasks/main.yml similarity index 91% rename from playbooks/prerequisites/roles/logwatch/tasks/main.yml rename to playbooks/roles/logwatch/tasks/main.yml index 7d44e2bb..2450ac75 100644 --- a/playbooks/prerequisites/roles/logwatch/tasks/main.yml +++ b/playbooks/roles/logwatch/tasks/main.yml @@ -9,4 +9,5 @@ - name: Copy logwatch config template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes - when: admin_emails is defined \ No newline at end of file + when: admin_emails is defined +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/logwatch/templates/logwatch.conf.j2 b/playbooks/roles/logwatch/templates/logwatch.conf.j2 similarity index 100% rename from playbooks/prerequisites/roles/logwatch/templates/logwatch.conf.j2 rename to playbooks/roles/logwatch/templates/logwatch.conf.j2 diff --git a/playbooks/prerequisites/roles/mariadb/README.md b/playbooks/roles/mariadb/README.md similarity index 100% rename from playbooks/prerequisites/roles/mariadb/README.md rename to playbooks/roles/mariadb/README.md diff --git a/playbooks/prerequisites/roles/mariadb/defaults/main.yml b/playbooks/roles/mariadb/defaults/main.yml similarity index 97% rename from playbooks/prerequisites/roles/mariadb/defaults/main.yml rename to playbooks/roles/mariadb/defaults/main.yml index 78831c10..fce5bc00 100644 --- a/playbooks/prerequisites/roles/mariadb/defaults/main.yml +++ b/playbooks/roles/mariadb/defaults/main.yml @@ -5,3 +5,4 @@ mysql_conf_tpl: change_me mysql_conf_file: settings.cnf mysql_secure_installation: false +... \ No newline at end of file diff --git a/playbooks/prerequisites/files/debian_mariadb_config.cnf b/playbooks/roles/mariadb/files/debian_mariadb_config.cnf similarity index 100% rename from playbooks/prerequisites/files/debian_mariadb_config.cnf rename to playbooks/roles/mariadb/files/debian_mariadb_config.cnf diff --git a/playbooks/prerequisites/files/mariadb_config.cnf b/playbooks/roles/mariadb/files/mariadb_config.cnf similarity index 100% rename from playbooks/prerequisites/files/mariadb_config.cnf rename to playbooks/roles/mariadb/files/mariadb_config.cnf diff --git a/playbooks/prerequisites/roles/mariadb/handlers/main.yml b/playbooks/roles/mariadb/handlers/main.yml similarity index 95% rename from playbooks/prerequisites/roles/mariadb/handlers/main.yml rename to playbooks/roles/mariadb/handlers/main.yml index 3755d8ce..7072dbd9 100644 --- a/playbooks/prerequisites/roles/mariadb/handlers/main.yml +++ b/playbooks/roles/mariadb/handlers/main.yml @@ -1,3 +1,4 @@ --- - name: restart mysql service: name=mysql state=restarted +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/mariadb/tasks/centos.yml b/playbooks/roles/mariadb/tasks/centos.yml similarity index 80% rename from playbooks/prerequisites/roles/mariadb/tasks/centos.yml rename to playbooks/roles/mariadb/tasks/centos.yml index 84b49c55..2b5ced27 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/centos.yml +++ b/playbooks/roles/mariadb/tasks/centos.yml @@ -6,7 +6,5 @@ yum: name={{ item }} enablerepo=mariadb state=present with_items: - MariaDB-server - - MariaDB-client - - MySQL-python - - MariaDB-devel - + - MySQL-python # required for secure_install +... diff --git a/playbooks/prerequisites/roles/mariadb/tasks/debian.yml b/playbooks/roles/mariadb/tasks/debian.yml similarity index 99% rename from playbooks/prerequisites/roles/mariadb/tasks/debian.yml rename to playbooks/roles/mariadb/tasks/debian.yml index af606157..6cfe4b2e 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/debian.yml +++ b/playbooks/roles/mariadb/tasks/debian.yml @@ -28,3 +28,4 @@ - mariadb-common - libmariadbclient18 - python-mysqldb +... \ No newline at end of file diff --git a/playbooks/roles/mariadb/tasks/main.yml b/playbooks/roles/mariadb/tasks/main.yml new file mode 100644 index 00000000..8d3e6ea0 --- /dev/null +++ b/playbooks/roles/mariadb/tasks/main.yml @@ -0,0 +1,56 @@ +--- + +- include_tasks: centos.yml + when: ansible_distribution == 'CentOS' + +- include_tasks: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +- name: Add configuration + template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian' + notify: restart mysql + +- include_tasks: debian.yml + when: ansible_distribution == 'Debian' + +- name: Add configuration + template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian' + notify: restart mysql + +- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d + blockinfile: + path: /etc/mysql/conf.d/settings.cnf + block: | + # Import all .cnf files from configuration directory + !includedir /etc/mysql/mariadb.conf.d/ + become: yes + become_user: root + when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' + +- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d + blockinfile: + path: /etc/mysql/mariadb.conf.d/erpnext.cnf + block: | + [mysqld] + pid-file = /var/run/mysqld/mysqld.pid + socket = /var/run/mysqld/mysqld.sock + create: yes + become: yes + become_user: root + when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' + +- name: Start and enable service + service: name=mysql state=started enabled=yes + +- debug: + msg: "{{ mysql_root_password }}" + +- include_tasks: mysql_secure_installation.yml + when: mysql_root_password is defined + +- debug: var=mysql_secure_installation + when: mysql_secure_installation and mysql_root_password is defined + +... diff --git a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/roles/mariadb/tasks/mysql_secure_installation.yml similarity index 99% rename from playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml rename to playbooks/roles/mariadb/tasks/mysql_secure_installation.yml index df1e5d83..621ab4b0 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml +++ b/playbooks/roles/mariadb/tasks/mysql_secure_installation.yml @@ -80,3 +80,4 @@ - name: start mysql mac command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist when: ansible_distribution == 'MacOSX' +... diff --git a/playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml b/playbooks/roles/mariadb/tasks/ubuntu.yml similarity index 94% rename from playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml rename to playbooks/roles/mariadb/tasks/ubuntu.yml index 9ff98142..5abec54b 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml +++ b/playbooks/roles/mariadb/tasks/ubuntu.yml @@ -25,7 +25,5 @@ apt: pkg={{ item }} state=present with_items: - mariadb-server - - mariadb-client - - mariadb-common - - libmariadbclient18 - - python-mysqldb + - python-mysqldb # required to set the MySQL password using ansible +... diff --git a/playbooks/prerequisites/roles/mariadb/templates/mariadb_centos.repo.j2 b/playbooks/roles/mariadb/templates/mariadb_centos.repo.j2 similarity index 100% rename from playbooks/prerequisites/roles/mariadb/templates/mariadb_centos.repo.j2 rename to playbooks/roles/mariadb/templates/mariadb_centos.repo.j2 diff --git a/playbooks/roles/mariadb/templates/mariadb_debian.list.j2 b/playbooks/roles/mariadb/templates/mariadb_debian.list.j2 new file mode 100644 index 00000000..710566f8 --- /dev/null +++ b/playbooks/roles/mariadb/templates/mariadb_debian.list.j2 @@ -0,0 +1,4 @@ +# MariaDB {{ mariadb_version }} Debian {{ ansible_distribution_release | title }} repository list +# http://mariadb.org/mariadb/repositories/ +deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main +deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main diff --git a/playbooks/prerequisites/roles/mariadb/templates/mariadb_ubuntu.list.j2 b/playbooks/roles/mariadb/templates/mariadb_ubuntu.list.j2 similarity index 100% rename from playbooks/prerequisites/roles/mariadb/templates/mariadb_ubuntu.list.j2 rename to playbooks/roles/mariadb/templates/mariadb_ubuntu.list.j2 diff --git a/playbooks/prerequisites/roles/mariadb/templates/my.cnf.j2 b/playbooks/roles/mariadb/templates/my.cnf.j2 similarity index 100% rename from playbooks/prerequisites/roles/mariadb/templates/my.cnf.j2 rename to playbooks/roles/mariadb/templates/my.cnf.j2 diff --git a/playbooks/prerequisites/roles/mariadb/vars/main.yml b/playbooks/roles/mariadb/vars/main.yml similarity index 65% rename from playbooks/prerequisites/roles/mariadb/vars/main.yml rename to playbooks/roles/mariadb/vars/main.yml index 63ba35b0..b7bf4bcf 100644 --- a/playbooks/prerequisites/roles/mariadb/vars/main.yml +++ b/playbooks/roles/mariadb/vars/main.yml @@ -4,3 +4,6 @@ mysql_conf_dir: "Ubuntu": /etc/mysql/conf.d "Debian": /etc/mysql/conf.d "MacOSX": /usr/local/etc/my.cnf.d +mysql_conf_tpl: files/mariadb_config.cnf +mysql_secure_installation: True +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/nginx/README.md b/playbooks/roles/nginx/README.md similarity index 100% rename from playbooks/prerequisites/roles/nginx/README.md rename to playbooks/roles/nginx/README.md diff --git a/playbooks/prerequisites/roles/nginx/defaults/main.yml b/playbooks/roles/nginx/defaults/main.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/defaults/main.yml rename to playbooks/roles/nginx/defaults/main.yml diff --git a/playbooks/prerequisites/roles/nginx/handlers/main.yml b/playbooks/roles/nginx/handlers/main.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/handlers/main.yml rename to playbooks/roles/nginx/handlers/main.yml diff --git a/playbooks/prerequisites/roles/nginx/meta/main.yml b/playbooks/roles/nginx/meta/main.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/meta/main.yml rename to playbooks/roles/nginx/meta/main.yml diff --git a/playbooks/prerequisites/roles/nginx/tasks/main.yml b/playbooks/roles/nginx/tasks/main.yml similarity index 92% rename from playbooks/prerequisites/roles/nginx/tasks/main.yml rename to playbooks/roles/nginx/tasks/main.yml index e2e9c279..8786b345 100644 --- a/playbooks/prerequisites/roles/nginx/tasks/main.yml +++ b/playbooks/roles/nginx/tasks/main.yml @@ -9,10 +9,10 @@ when: nginx_user is not defined # Setup/install tasks. -- include: setup-RedHat.yml +- include_tasks: setup-RedHat.yml when: ansible_os_family == 'RedHat' -- include: setup-Debian.yml +- include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' # Replace default nginx config with nginx template @@ -47,4 +47,5 @@ - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes -- include: vhosts.yml +- include_tasks: vhosts.yml +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml b/playbooks/roles/nginx/tasks/setup-Debian.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml rename to playbooks/roles/nginx/tasks/setup-Debian.yml diff --git a/playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml b/playbooks/roles/nginx/tasks/setup-RedHat.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml rename to playbooks/roles/nginx/tasks/setup-RedHat.yml diff --git a/playbooks/prerequisites/roles/nginx/tasks/vhosts.yml b/playbooks/roles/nginx/tasks/vhosts.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/tasks/vhosts.yml rename to playbooks/roles/nginx/tasks/vhosts.yml diff --git a/playbooks/prerequisites/files/nginx.conf b/playbooks/roles/nginx/templates/nginx.conf.j2 similarity index 65% rename from playbooks/prerequisites/files/nginx.conf rename to playbooks/roles/nginx/templates/nginx.conf.j2 index 477b9904..573e3ed2 100644 --- a/playbooks/prerequisites/files/nginx.conf +++ b/playbooks/roles/nginx/templates/nginx.conf.j2 @@ -30,31 +30,31 @@ http { # keepalive_timeout 10; # keepalive_requests 10; - gzip on; - gzip_disable "msie6"; - gzip_http_version 1.1; - gzip_comp_level 5; - gzip_min_length 256; - gzip_proxied any; - gzip_vary on; + gzip on; + gzip_disable "msie6"; + gzip_http_version 1.1; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; gzip_types - application/atom+xml - application/javascript - application/json - application/rss+xml - application/vnd.ms-fontobject - application/x-font-ttf - application/font-woff - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/svg+xml - image/x-icon - text/css - text/plain - text/x-component - ; + application/atom+xml + application/javascript + application/json + application/rss+xml + application/vnd.ms-fontobject + application/x-font-ttf + application/font-woff + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/svg+xml + image/x-icon + text/css + text/plain + text/x-component + ; server_names_hash_max_size 4096; @@ -67,8 +67,8 @@ http { ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; ssl_prefer_server_ciphers on; - client_max_body_size 50m; - large_client_header_buffers 4 32k; + client_max_body_size 50m; + large_client_header_buffers 4 32k; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m; diff --git a/playbooks/prerequisites/roles/nginx/templates/nginx.repo.j2 b/playbooks/roles/nginx/templates/nginx.repo.j2 similarity index 100% rename from playbooks/prerequisites/roles/nginx/templates/nginx.repo.j2 rename to playbooks/roles/nginx/templates/nginx.repo.j2 diff --git a/playbooks/prerequisites/roles/nginx/templates/vhosts.j2 b/playbooks/roles/nginx/templates/vhosts.j2 similarity index 100% rename from playbooks/prerequisites/roles/nginx/templates/vhosts.j2 rename to playbooks/roles/nginx/templates/vhosts.j2 diff --git a/playbooks/prerequisites/roles/nginx/tests/inventory b/playbooks/roles/nginx/tests/inventory similarity index 100% rename from playbooks/prerequisites/roles/nginx/tests/inventory rename to playbooks/roles/nginx/tests/inventory diff --git a/playbooks/prerequisites/roles/nginx/tests/test.yml b/playbooks/roles/nginx/tests/test.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/tests/test.yml rename to playbooks/roles/nginx/tests/test.yml diff --git a/playbooks/prerequisites/roles/nginx/vars/Debian.yml b/playbooks/roles/nginx/vars/Debian.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/vars/Debian.yml rename to playbooks/roles/nginx/vars/Debian.yml diff --git a/playbooks/prerequisites/roles/nginx/vars/RedHat.yml b/playbooks/roles/nginx/vars/RedHat.yml similarity index 100% rename from playbooks/prerequisites/roles/nginx/vars/RedHat.yml rename to playbooks/roles/nginx/vars/RedHat.yml diff --git a/playbooks/prerequisites/roles/nodejs/tasks/main.yml b/playbooks/roles/nodejs/tasks/main.yml similarity index 100% rename from playbooks/prerequisites/roles/nodejs/tasks/main.yml rename to playbooks/roles/nodejs/tasks/main.yml diff --git a/playbooks/prerequisites/roles/ntpd/tasks/main.yml b/playbooks/roles/ntpd/tasks/main.yml similarity index 92% rename from playbooks/prerequisites/roles/ntpd/tasks/main.yml rename to playbooks/roles/ntpd/tasks/main.yml index 9babcb45..b2cfb190 100644 --- a/playbooks/prerequisites/roles/ntpd/tasks/main.yml +++ b/playbooks/roles/ntpd/tasks/main.yml @@ -6,7 +6,7 @@ - ntpdate when: ansible_distribution == 'CentOS' -- name: enable ntpd +- name: Enable ntpd service: name=ntpd enabled=yes state=started when: ansible_distribution == 'CentOS' @@ -17,7 +17,7 @@ - ntpdate when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' -- name: enable ntpd +- name: Enable ntpd service: name=ntp enabled=yes state=started when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/psutil/tasks/main.yml b/playbooks/roles/psutil/tasks/main.yml similarity index 100% rename from playbooks/prerequisites/roles/psutil/tasks/main.yml rename to playbooks/roles/psutil/tasks/main.yml diff --git a/playbooks/roles/redis/tasks/main.yml b/playbooks/roles/redis/tasks/main.yml new file mode 100644 index 00000000..472c65c4 --- /dev/null +++ b/playbooks/roles/redis/tasks/main.yml @@ -0,0 +1,21 @@ +--- + - name: Install yum packages + yum: name={{ item }} state=present + with_items: + - redis + when: ansible_os_family == 'RedHat' + + # Prerequisite for Debian and Ubuntu + - name: Install apt packages + apt: pkg={{ item }} state=present force=yes + with_items: + - redis-server + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + + # Prerequisite for MACOS + - name: install prequisites for macos + homebrew: name={{ item }} state=present + with_items: + - redis + when: ansible_distribution == 'MacOSX' +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/supervisor/tasks/main.yml b/playbooks/roles/supervisor/tasks/main.yml similarity index 100% rename from playbooks/prerequisites/roles/supervisor/tasks/main.yml rename to playbooks/roles/supervisor/tasks/main.yml diff --git a/playbooks/roles/swap/defaults/main.yml b/playbooks/roles/swap/defaults/main.yml new file mode 100644 index 00000000..cf25d056 --- /dev/null +++ b/playbooks/roles/swap/defaults/main.yml @@ -0,0 +1,3 @@ +--- +swap_size_mb: 1024 +... \ No newline at end of file diff --git a/playbooks/prerequisites/roles/swap/tasks/main.yml b/playbooks/roles/swap/tasks/main.yml similarity index 100% rename from playbooks/prerequisites/roles/swap/tasks/main.yml rename to playbooks/roles/swap/tasks/main.yml diff --git a/playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml b/playbooks/roles/wkhtmltopdf/tasks/main.yml similarity index 99% rename from playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml rename to playbooks/roles/wkhtmltopdf/tasks/main.yml index 9e048a83..ba5ee81f 100644 --- a/playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml +++ b/playbooks/roles/wkhtmltopdf/tasks/main.yml @@ -35,3 +35,4 @@ file: path=/usr/local/bin/wkhtmltopdf mode="o+x" become: true become_user: root +... \ No newline at end of file diff --git a/playbooks/site.yml b/playbooks/site.yml new file mode 100644 index 00000000..f3f4d7cf --- /dev/null +++ b/playbooks/site.yml @@ -0,0 +1,48 @@ +--- +# This is the master playbook that deploys the whole Frappe and ERPNext stack + +- hosts: localhost + become: yes + become_user: root + roles: + - { role: common, tags: "common" } + - { role: locale, tags: "locale" } + - { role: swap, tags: "swap", when: production } + - { role: logwatch, tags: "logwatch", when: production } + - { role: bash_screen_wall, tags: "bash_screen_wall", when: production } + - { role: frappe_selinux, tags: "frappe_selinux", when: production } + - { role: dns_caching, tags: "dns_caching", when: production } + - { role: ntpd, tags: "ntpd", when: production } + - { role: mariadb, tags: "mariadb" } + - { role: wkhtmltopdf, tags: "wkhtmltopdf" } + - { role: nodejs, tags: "nodejs" } + - { role: psutil, tags: "psutil" } + - { role: redis, tags: "redis" } + - { role: supervisor, tags: "supervisor", when: production } + - { role: nginx, tags: "nginx", when: production } + - { role: fail2ban, tags: "fail2ban", when: production } + tasks: + - name: Set hostname + hostname: name='{{ hostname }}' + when: hostname is defined and production + + - name: Start NTPD + service: name=ntpd state=started + when: ansible_distribution == 'CentOS' and production + + - name: Start NTPD + service: name=ntp state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production + + - include_tasks: macosx.yml + when: ansible_distribution == 'MacOSX' + +- name: setup bench and dev environment + hosts: localhost + vars: + bench_repo_path: "/home/{{ frappe_user }}/.bench" + bench_path: "/home/{{ frappe_user }}/{{ bench_name }}" + roles: + # setup frappe-bench + - { role: bench, tags: "bench", when: not run_travis and not without_bench_setup } +... diff --git a/vm/ansible/roles/mariadb/tasks/main.yml b/vm/ansible/roles/mariadb/tasks/main.yml index 16f09151..225d89c6 100644 --- a/vm/ansible/roles/mariadb/tasks/main.yml +++ b/vm/ansible/roles/mariadb/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: centos.yml +- include_tasks: centos.yml when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6 -- include: ubuntu.yml +- include_tasks: ubuntu.yml when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '14.04' - name: Add configuration @@ -13,6 +13,6 @@ - name: Start and enable service service: name=mysql state=started enabled=yes -- include: mysql_secure_installation.yml +- include_tasks: mysql_secure_installation.yml debug: var=mysql_secure_installation when: mysql_secure_installation and mysql_root_password is defined diff --git a/vm/ansible/roles/nginx/tasks/main.yml b/vm/ansible/roles/nginx/tasks/main.yml index da4be94d..f45501a9 100644 --- a/vm/ansible/roles/nginx/tasks/main.yml +++ b/vm/ansible/roles/nginx/tasks/main.yml @@ -9,10 +9,10 @@ when: nginx_user is not defined # Setup/install tasks. -- include: setup-RedHat.yml +- include_tasks: setup-RedHat.yml when: ansible_os_family == 'RedHat' -- include: setup-Debian.yml +- include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' # Nginx setup. @@ -28,4 +28,4 @@ - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes -- include: vhosts.yml +- include_tasks: vhosts.yml diff --git a/vm/ansible/vm.yml b/vm/ansible/vm.yml index 18357509..cd3890a1 100644 --- a/vm/ansible/vm.yml +++ b/vm/ansible/vm.yml @@ -1,5 +1,5 @@ --- -- include: base.yml +- include_tasks: base.yml - name: Clone bench hosts: all user: "{{ frappe_user }}"