2
0
mirror of https://github.com/frappe/bench.git synced 2025-01-24 23:48:24 +00:00

Merge pull request #586 from codingCoffee/clean_code

Restructured playbooks
This commit is contained in:
Ameya Shenoy 2018-03-03 21:22:53 +05:30 committed by GitHub
commit 16603ec8c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
98 changed files with 536 additions and 771 deletions

View File

@ -10,41 +10,39 @@ def install():
@click.command('prerequisites')
def install_prerequisites():
"Install prerequisites"
run_playbook('prerequisites/install_prerequisites.yml')
run_playbook('site.yml', tag='common, redis')
@click.command('mariadb')
@click.option('--mysql_root_password')
def install_maridb(mysql_root_password=''):
"Install mariadb 10.1"
if mysql_root_password:
extra_vars.update({"mysql_root_password": mysql_root_password})
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb')
run_playbook('site.yml', extra_vars=extra_vars, tag='mariadb')
@click.command('wkhtmltopdf')
def install_wkhtmltopdf():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
run_playbook('site.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
@click.command('nodejs')
def install_nodejs():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs')
run_playbook('site.yml', extra_vars=extra_vars, tag='nodejs')
@click.command('psutil')
def install_psutil():
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil')
run_playbook('site.yml', extra_vars=extra_vars, tag='psutil')
@click.command('supervisor')
@click.option('--user')
def install_supervisor(user=None):
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='supervisor')
run_playbook('site.yml', extra_vars=extra_vars, tag='supervisor')
if user:
setup_sudoers(user)
@click.command('nginx')
@click.option('--user')
def install_nginx(user=None):
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx')
run_playbook('site.yml', extra_vars=extra_vars, tag='nginx')
if user:
setup_sudoers(user)
@ -54,7 +52,7 @@ def install_nginx(user=None):
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban.')
def install_failtoban(**kwargs):
extra_vars.update(kwargs)
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban')
run_playbook('site.yml', extra_vars=extra_vars, tag='fail2ban')
install.add_command(install_prerequisites)
install.add_command(install_maridb)

View File

@ -89,7 +89,7 @@ def setup_firewall(ssh_port=None, force=False):
if not ssh_port:
ssh_port = 22
run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port})
run_playbook('roles/bench/tasks/setup_firewall.yml', {"ssh_port": ssh_port})
@click.command('ssh-port')
@click.argument('port')
@ -103,7 +103,7 @@ def set_ssh_port(port, force=False):
'Do you want to continue?'.format(port),
abort=True)
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
run_playbook('roles/bench/tasks/change_ssh_port.yml', {"ssh_port": port})
@click.command('lets-encrypt')
@click.argument('site')
@ -214,9 +214,9 @@ def setup_roles(role, **kwargs):
extra_vars.update(kwargs)
if role:
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role)
run_playbook('site.yml', extra_vars=extra_vars, tag=role)
else:
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars)
run_playbook('site.yml', extra_vars=extra_vars)
@click.command('fail2ban')
@click.option('--maxretry', default=6, help="Number of matches (i.e. value of the counter) which triggers ban action on the IP. Default is 6 seconds" )
@ -224,7 +224,7 @@ def setup_roles(role, **kwargs):
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban. Default is 600 seconds')
def setup_nginx_proxy_jail(**kwargs):
from bench.utils import run_playbook
run_playbook('prerequisites/setup_nginx_proxy_jail.yml', extra_vars=kwargs)
run_playbook('roles/fail2ban/tasks/configure_nginx_jail.yml', extra_vars=kwargs)
setup.add_command(setup_sudoers)
setup.add_command(setup_nginx)

20
playbooks/README.md Normal file
View File

@ -0,0 +1,20 @@
# Deploying a, developer/production-ready ERPNext website with Ansible
## Supported Platforms
- Debian 8, 9
- Ubuntu 14.04, 16.04
- CentOS 7
## Directory Structure
TODO
## Notes for maintainers
- For MariaDB playbooks refer https://github.com/PCextreme/ansible-role-mariadb
- Any changes made in relation to a role should be dont inside the role and not outside it
# TODO:
1. Planned Platform
- Arch Linux
- Fedora
- RedHat
2. Consider reffering to https://github.com/geerlingguy/ansible-role-mysql.git for MariaDB playbook

View File

View File

@ -1,4 +1,5 @@
---
- hosts: localhost
tasks:
- name: Create user
@ -31,3 +32,5 @@
group: '{{ frappe_user }}'
recurse: yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian'
...

View File

@ -1,54 +0,0 @@
---
- name: Check if ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
- name: get erpnext
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
args:
creates: "{{ bench_path }}/apps/erpnext"
chdir: "{{ bench_path }}"
when: not app.stat.exists
- name: Check whether a site called site1.local exists
stat: path="{{ bench_path }}/sites/site1.local"
register: site_folder
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: restart mysql
service: name=mysql state=restarted
become: yes
become_user: root
- name: create a new default site
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: install erpnext to default site
command: bench --site site1.local install-app erpnext
args:
chdir: "{{ bench_path }}"

View File

@ -1,38 +0,0 @@
---
- hosts: localhost
tasks:
- name: Install SELinux for CentOS
yum: name="{{item}}" state=present
with_items:
- policycoreutils-python
- selinux-policy-devel
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Install SELinux for Ubuntu
apt: name={{ item }} state=present
with_items:
- selinux
- selinux-policy-dev
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu'
- name: Check enabled SELinux modules
shell: semanage module -l
register: enabled_modules
- name: Copy frappe_selinux policy
copy: src=templates/frappe_selinux.te dest=/root/frappe_selinux.te
register: dest_frappe_selinux_te
become: yes
become_user: root
- name: Compile frappe_selinux policy
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
args:
chdir: /root/
become: yes
become_user: root
when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"

View File

@ -1,25 +0,0 @@
---
- hosts: localhost
- include: ../prerequisites/install_prerequisites.yml
when: ansible_distribution != 'MacOSX'
- include: ../prerequisites/install_roles.yml
when: ansible_distribution != 'MacOSX'
- include: macosx.yml
when: ansible_distribution == 'MacOSX'
- name: setup bench and dev environment
hosts: localhost
vars:
bench_repo_path: "/home/{{ frappe_user }}/.bench"
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
tasks:
# setup frappe-bench
- include: includes/setup_bench.yml
when: not run_travis and not without_bench_setup
# setup development environment
- include: includes/setup_dev_env.yml
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')

View File

@ -1,7 +0,0 @@
# MariaDB 10.1 CentOS repository list - created 2016-03-18 09:56 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos{{ ansible_lsb.major_release }}-{{ "amd64" if ansible_architecture == "x86_64" else "x86"}}
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

19
playbooks/install.py Executable file → Normal file
View File

@ -13,8 +13,8 @@ def install_bench(args):
success = run_os_command({
'apt-get': [
'sudo apt-get update',
'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
'sudo apt-get update'
# 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
],
'yum': [
'sudo yum groupinstall -y "Development tools"',
@ -59,7 +59,7 @@ def install_bench(args):
})
success = run_os_command({
'pip': "sudo pip install ansible==2.3.1"
'pip': "sudo pip install ansible==2.4.1"
})
if not success:
@ -93,7 +93,7 @@ def install_bench(args):
repo_path = os.path.join(os.path.expanduser('~'), 'bench')
extra_vars.update(repo_path=repo_path)
run_playbook('develop/create_user.yml', extra_vars=extra_vars)
run_playbook('create_user.yml', extra_vars=extra_vars)
extra_vars.update(get_passwords(args))
if args.production:
@ -105,11 +105,12 @@ def install_bench(args):
bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
extra_vars.update(bench_name=bench_name)
if args.develop:
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
# Will install ERPNext production setup by default
run_playbook('site.yml', sudo=True, extra_vars=extra_vars)
elif args.production:
run_playbook('production/install.yml', sudo=True, extra_vars=extra_vars)
# # Will do changes for production if --production flag is passed
# if args.production:
# run_playbook('production.yml', sudo=True, extra_vars=extra_vars)
if os.path.exists(tmp_bench_repo):
shutil.rmtree(tmp_bench_repo)
@ -147,7 +148,7 @@ def install_python27():
# install python 2.7
success = run_os_command({
'apt-get': 'sudo apt-get install -y python2.7',
'apt-get': 'sudo apt-get install -y python-dev',
'yum': 'sudo yum install -y python27',
'brew': 'brew install python'
})

View File

@ -22,9 +22,9 @@
- wkhtmltopdf
- name: configure mariadb
include: ../prerequisites/roles/mariadb/tasks/main.yml
include: roles/mariadb/tasks/main.yml
vars:
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf
- name: Install MySQLdb in global env
pip: name=mysql-python version=1.2.5
@ -36,3 +36,4 @@
- include: includes/setup_dev_env.yml
when: not production
...

View File

@ -1,97 +0,0 @@
---
#- include: setup_essentials.yml
- name: "Setup prerequisites"
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- bzip2-devel
- cronie
- dnsmasq
- freetype-devel
- git
- htop
- lcms2-devel
- libjpeg-devel
- libtiff-devel
- libffi-devel
- libwebp-devel
- libXext
- libXrender
- libzip-devel
- libffi-devel
- ntp
- openssl-devel
- postfix
- python-devel
- python-setuptools
- python-pip
- redis
- screen
- sudo
- tcl-devel
- tk-devel
- vim
- which
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
- zlib-devel
- openssl-devel
- openldap-devel
when: ansible_os_family == 'RedHat'
# Prerequisite for Debian and Ubuntu
- name: Install apt packages
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- software-properties-common
- dnsmasq
- fontconfig
- git
- htop
- libcrypto++-dev
- libfreetype6-dev
- liblcms2-dev
- libssl-dev
- libwebp-dev
- libxext6
- libxrender1
- libxslt1-dev
- libxslt1.1
- libffi-dev
- ntp
- postfix
- python-dev
- python-pip
- python-tk
- redis-server
- screen
- vim
- xfonts-75dpi
- xfonts-base
- zlib1g-dev
- apt-transport-https
- libsasl2-dev
- libldap2-dev
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: debian.yml
when: ansible_distribution == 'Debian'
# Prerequisite for MACOS
- name: install prequisites for macos
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
when: ansible_distribution == 'MacOSX'

View File

@ -1,36 +0,0 @@
---
- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
hosts: localhost
become: yes
become_user: root
vars:
- mysql_conf_tpl: files/mariadb_config.cnf
- nginx_conf_file: files/nginx.conf
- mysql_secure_installation: True
roles:
- { role: locale, tags: "locale" }
- { role: swap, tags: "swap", when: production }
- { role: logwatch, tags: "logwatch", when: production }
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
- { role: dns_caching, tags: "dns_caching", when: production }
- { role: ntpd, tags: "ntpd", when: production }
- { role: mariadb, tags: "mariadb" }
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
- { role: nodejs, tags: "nodejs" }
- { role: psutil, tags: "psutil" }
- { role: supervisor, tags: "supervisor", when: production }
- { role: nginx, tags: "nginx", when: production }
- { role: fail2ban, tags: "fail2ban" , when: production }
tasks:
- name: Set hostname
hostname: name='{{ hostname }}'
when: hostname is defined and production
- name: Start NTPD
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' and production
- name: Start NTPD
service: name=ntp state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production

View File

@ -1,3 +0,0 @@
---
- name: Setup bash screen wall
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh

View File

@ -1,2 +0,0 @@
locale_keymap: us
locale_lang: en_US.utf8

View File

@ -1,19 +0,0 @@
---
galaxy_info:
author: "Attila van der Velde"
description: "Installs MariaDB"
company: "PCextreme B.V."
license: "license (MIT, BSD)"
min_ansible_version: 1.8
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- trusty
categories:
- database:sql
dependencies: []

View File

@ -1,31 +0,0 @@
---
- include: centos.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
notify: restart mysql
- include: debian.yml
when: ansible_distribution == 'Debian'
- name: Add configuration
template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
notify: restart mysql
- name: Start and enable service
service: name=mysql state=started enabled=yes
- debug:
msg: "{{ mysql_root_password }}"
- include: mysql_secure_installation.yml
when: mysql_root_password is defined
- debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined

View File

@ -1,35 +0,0 @@
---
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# TODO - get the test working. Probably need to add a virtual host.
# Request a page via Nginx, to make sure Nginx is running and responds.
# - "curl http://localhost/"

View File

@ -1,51 +0,0 @@
user {{ nginx_user }};
error_log {{ nginx_error_log }};
pid /var/run/nginx.pid;
worker_processes {{ nginx_worker_processes }};
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
client_max_body_size {{ nginx_client_max_body_size }};
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }};
sendfile {{ nginx_sendfile }};
tcp_nopush {{ nginx_tcp_nopush }};
tcp_nodelay {{ nginx_tcp_nodelay }};
keepalive_timeout {{ nginx_keepalive_timeout }};
keepalive_requests {{ nginx_keepalive_requests }};
#gzip on;
{% if nginx_proxy_cache_path %}
proxy_cache_path {{ nginx_proxy_cache_path }};
{% endif %}
{% for upstream in nginx_upstreams %}
upstream {{ upstream.name }} {
{% if upstream.strategy is defined %}
{{ upstream.strategy }};
{% endif %}
{% for server in upstream.servers %}
server {{ server }};
{% endfor %}
}
{% endfor %}
include {{ nginx_vhost_path }}/*;
}

View File

@ -1 +0,0 @@
swap_size_mb: 1024

View File

@ -1,48 +0,0 @@
---
- name: Setup Essentials
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install the 'Development tools' package group (Redhat)
yum: name="@Development tools" state=present
when: ansible_os_family == 'RedHat'
- name: Install EPEL
yum: name='epel-release' state=present
when: ansible_os_family == 'RedHat'
- name: Install libselinux-python
yum: name={{ item }} state=present
with_items:
- python-devel
- python-setuptools
- python-pip
- libselinux-python
when: ansible_os_family == 'RedHat'
- name: Add dotdeb apt repository key for Debian < 8
apt_key:
url: http://www.dotdeb.org/dotdeb.gpg
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add dotdeb apt repository for redis-server for Debian < 8
apt_repository:
repo: 'deb http://packages.dotdeb.org wheezy all'
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Install python selinux
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- python-dev
- python-pip
- python-selinux
when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'

View File

@ -1,2 +0,0 @@
---
- include: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml

View File

@ -1,90 +0,0 @@
---
- hosts: localhost
vars:
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
tasks:
# In case we are re-running the script, we would like to skip the site creation
- name: Check whether a site exists
stat: path="{{ bench_path }}/sites/{{ site }}"
register: site_folder
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: restart mysql
service: name=mysql state=restarted
become: yes
become_user: root
- name: Create new site
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: Check ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
# In case we are re-running the script, we would like to skip getting ERPNext App
- name: Get-app erpnext app
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
args:
chdir: '{{ bench_path }}'
when: not app.stat.exists
- name: Install erpnext app
command: bench --site {{ site }} install-app erpnext
args:
chdir: '{{ bench_path }}'
- name: Change permissions for frappe home folder
become: yes
become_user: root
file:
dest: '/home/{{ frappe_user }}'
owner: '{{ frappe_user }}'
group: '{{ frappe_user }}'
mode: 0755
recurse: yes
state: directory
- name: Setup production
become: yes
become_user: root
command: bench setup production {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Setup Sudoers
become: yes
become_user: root
command: bench setup sudoers {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Restart the bench
command: bench restart
args:
chdir: '{{ bench_path }}'

View File

@ -1,12 +0,0 @@
---
- hosts: localhost
tasks:
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ frappe_user }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward

View File

@ -1,94 +0,0 @@
---
- hosts: localhost
tasks:
####################################################
# Replace default nginx config with nginx template
- name: Rename default nginx.conf to nginx.conf.old
command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
become: yes
become_user: root
- name: Copy the nginx_config template
template:
src: ../templates/default_nginx.j2
dest: /etc/nginx/nginx.conf
become: yes
become_user: root
- name: Reload the nginx service
service:
name: nginx
state: restarted
become: yes
become_user: root
######################################################
# Set InnoDB Buffer Pool size to half of total RAM
- name: Set InnoDB buffer pool
lineinfile: >
dest=/etc/my.cnf.d/frappe.cnf
regexp="^\[mysqld\]$"
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
state=present
when: ansible_distribution == 'CentOS'
become: yes
become_user: root
- name: Set InnoDB buffer pool
lineinfile: >
dest=/etc/mysql/conf.d/frappe.cnf
regexp="^\[mysqld\]$"
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
state=present
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
become: yes
become_user: root
####################################################
# Enable nginx, mysql, redis and supevisord services
- name: Enable nginx, mysql, and redis
service:
name: '{{ item }}'
enabled: yes
with_items:
- nginx
- mysql
become: yes
become_user: root
- name: Enable redis.service on centos
service:
name: redis
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Enable redis-server.service on ubuntu
service:
name: redis-server
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Check whether default supervisor.conf exists
service:
name: supervisord
state: started
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Check whether default supervisor.conf exists
service:
name: supervisor
state: started
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

View File

@ -1,9 +0,0 @@
---
# Install the common pre-requisites for the setting up bench
- include: ../develop/install.yml
- include: includes/setup_inputrc.yml
# Setup Bench for production environment
- include: includes/setup_bench_production.yml
when: not run_travis

View File

@ -0,0 +1,4 @@
---
- name: Setup bash screen wall
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
...

View File

@ -1,3 +1,4 @@
---
- name: Change ssh port
gather_facts: false
hosts: localhost
@ -16,4 +17,4 @@
- name: Change ansible ssh port to 2332
set_fact:
ansible_ssh_port: '{{ ssh_port }}'
...

View File

@ -28,11 +28,17 @@
stat: path="{{ bench_path }}"
register: bench_stat
- name: init bench
- name: python3 bench init for develop
command: bench init {{ bench_path }} --frappe-branch {{ branch }} --python python3
args:
creates: "{{ bench_path }}"
when: not bench_stat.stat.exists and develop
- name: python2 bench init for develop
command: bench init {{ bench_path }} --frappe-branch {{ branch }}
args:
creates: "{{ bench_path }}"
when: not bench_stat.stat.exists
when: not bench_stat.stat.exists and production
# setup common_site_config
- name: setup config
@ -46,3 +52,15 @@
args:
creates: "{{ bench_path }}/apps/frappe"
chdir: "{{ bench_path }}"
- include_tasks: setup_dev_env.yml
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')
- include_tasks: setup_inputrc.yml
# Setup Bench for production environment
- include_tasks: setup_bench_production.yml
vars:
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
when: not run_travis and production
...

View File

@ -0,0 +1,58 @@
---
# In case we are re-running the script, we would like to skip the site creation
- name: Check whether a site exists
stat: path="{{ bench_path }}/sites/{{ site }}"
register: site_folder
- name: Create new site
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: Check ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
# In case we are re-running the script, we would like to skip getting ERPNext App
- name: Get-app erpnext app
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
args:
chdir: '{{ bench_path }}'
when: not app.stat.exists
- name: Install erpnext app
command: bench --site {{ site }} install-app erpnext
args:
chdir: '{{ bench_path }}'
- name: Change permissions for frappe home folder
become: yes
become_user: root
file:
dest: '/home/{{ frappe_user }}'
owner: '{{ frappe_user }}'
group: '{{ frappe_user }}'
mode: 0755
recurse: yes
state: directory
- name: Setup production
become: yes
become_user: root
command: bench setup production {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Setup Sudoers
become: yes
become_user: root
command: bench setup sudoers {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Restart the bench
command: bench restart
args:
chdir: '{{ bench_path }}'
...

View File

@ -1,5 +1,4 @@
---
# Setup Procfile
- name: setup procfile
command: bench setup procfile
@ -17,4 +16,6 @@
# Setup an ERPNext site called site1.local
- include: includes/setup_erpnext.yml
- include_tasks: setup_erpnext.yml
hosts: localhost
...

View File

@ -0,0 +1,28 @@
---
- name: Check if ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
- name: get erpnext
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
args:
creates: "{{ bench_path }}/apps/erpnext"
chdir: "{{ bench_path }}"
when: not app.stat.exists
- name: Check whether a site called site1.local exists
stat: path="{{ bench_path }}/sites/site1.local"
register: site_folder
- name: create a new default site
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: install erpnext to default site
command: bench --site site1.local install-app erpnext
args:
chdir: "{{ bench_path }}"
...

View File

@ -1,3 +1,4 @@
---
- name: Setup Firewall
user: root
hosts: localhost
@ -47,4 +48,4 @@
- 443
- "{{ ssh_port }}"
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
...

View File

@ -0,0 +1,11 @@
---
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ frappe_user }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward
...

View File

@ -1,4 +1,5 @@
---
- name: Setup OpenSSL dependancy
pip: name=pyOpenSSL version=16.2.0
@ -19,3 +20,5 @@
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'ge')
...

View File

@ -0,0 +1,42 @@
---
- name: Install prerequisites using apt-get
become: yes
become_user: root
apt: pkg={{ item }} state=present force=yes
with_items:
- dnsmasq
- fontconfig
- git # Version control
- htop # Server stats
- libcrypto++-dev
- libfreetype6-dev
- liblcms2-dev
- libssl-dev
- libwebp-dev
- libxext6
- libxrender1
- libxslt1-dev
- libxslt1.1
- libffi-dev
- ntp # Clock synchronization
- postfix # Mail Server
- python-dev # Installing python developer suite
- python3-dev # For python3 compatibility
- python-tk
- screen # To aid ssh sessions with connectivity problems
- vim # Is that supposed to be a question!?
- xfonts-75dpi
- xfonts-base
- zlib1g-dev
- apt-transport-https
- libsasl2-dev
- libldap2-dev
- include_tasks: debian.yml
when: ansible_distribution == 'Debian'
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
...

View File

@ -0,0 +1,37 @@
---
- hosts: localhost
become: yes
become_user: root
vars:
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
tasks:
# install pre-requisites
- name: install prequisites
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
# install wkhtmltopdf
- name: cask installs
homebrew_cask: name={{ item }} state=present
with_items:
- wkhtmltopdf
- name: configure mariadb
include_tasks: roles/mariadb/tasks/main.yml
vars:
mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf
# setup frappe-bench
- include_tasks: includes/setup_bench.yml
# setup development environment
- include_tasks: includes/setup_dev_env.yml
when: not production
...

View File

@ -0,0 +1,9 @@
---
# Install's prerequisites, like fonts, image libraries, vim, screen, python-dev and gcc
- include_tasks: debian_family.yml
when: ansible_os_family == 'Debian'
- include_tasks: redhat_family.yml
when: ansible_os_family == "RedHat"
...

View File

@ -0,0 +1,42 @@
---
- name: "Setup prerequisites using yum"
become: yes
become_user: root
yum: name={{ item }} state=present
with_items:
- bzip2-devel
- cronie
- dnsmasq
- freetype-devel
- git
- htop
- lcms2-devel
- libjpeg-devel
- libtiff-devel
- libffi-devel
- libwebp-devel
- libXext
- libXrender
- libzip-devel
- libffi-devel
- ntp
- openssl-devel
- postfix
- python-devel
- python-setuptools
- python-pip
- redis
- screen
- sudo
- tcl-devel
- tk-devel
- vim
- which
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
- zlib-devel
- openssl-devel
- openldap-devel
...

View File

@ -1,4 +1,5 @@
---
- name: install pillow prerequisites for Ubuntu < 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
@ -16,3 +17,5 @@
- tcl8.6-dev
- tk8.6-dev
when: ansible_distribution_version | version_compare('14.04', 'ge')
...

View File

@ -1,3 +1,4 @@
---
- name: restart network manager
- name: Restart network manager
service: name=NetworkManager state=restarted
...

View File

@ -1,14 +1,14 @@
---
- name: check NetworkManager.conf exists
- name: Check NetworkManager.conf exists
stat:
path: /etc/NetworkManager/NetworkManager.conf
register: result
- name: unmask NetworkManager service
- name: Unmask NetworkManager service
command: systemctl unmask NetworkManager
when: result.stat.exists
- name: add dnsmasq to network config
- name: Add dnsmasq to network config
lineinfile: >
dest=/etc/NetworkManager/NetworkManager.conf
regexp="dns="
@ -17,4 +17,4 @@
when: result.stat.exists
notify:
- restart network manager
...

View File

@ -6,13 +6,6 @@
- selinux-policy-devel
when: ansible_distribution == 'CentOS'
# - name: Install SELinux for Ubuntu
# apt: name={{ item }} state=present
# with_items:
# - selinux
# - selinux-policy-dev
# when: ansible_distribution == 'Ubuntu'
- name: Check enabled SELinux modules
shell: semanage module -l
register: enabled_modules
@ -28,4 +21,4 @@
args:
chdir: /root/
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
...

View File

@ -0,0 +1,4 @@
---
locale_keymap: us
locale_lang: en_US.utf8
...

View File

@ -6,11 +6,11 @@
- name: Set Locale
command: "localectl set-locale LANG={{ locale_lang }}"
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG=locale_lang') == -1
- name: Set keymap
command: "localectl set-keymap {{ locale_keymap }}"
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap:locale_keymap') == -1"
- name: Set Locale as en_US
lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
@ -18,3 +18,4 @@
- "LC_ALL=en_US.UTF-8"
- "LC_CTYPE=en_US.UTF-8"
- "LANG=en_US.UTF-8"
...

View File

@ -1,3 +1,4 @@
---
logwatch_emails: "{{ admin_emails }}"
logwatch_detail: High
...

View File

@ -10,3 +10,4 @@
- name: Copy logwatch config
template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
when: admin_emails is defined
...

View File

@ -5,3 +5,4 @@ mysql_conf_tpl: change_me
mysql_conf_file: settings.cnf
mysql_secure_installation: false
...

View File

@ -1,3 +1,4 @@
---
- name: restart mysql
service: name=mysql state=restarted
...

View File

@ -6,7 +6,5 @@
yum: name={{ item }} enablerepo=mariadb state=present
with_items:
- MariaDB-server
- MariaDB-client
- MySQL-python
- MariaDB-devel
- MySQL-python # required for secure_install
...

View File

@ -28,3 +28,4 @@
- mariadb-common
- libmariadbclient18
- python-mysqldb
...

View File

@ -0,0 +1,56 @@
---
- include_tasks: centos.yml
when: ansible_distribution == 'CentOS'
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
notify: restart mysql
- include_tasks: debian.yml
when: ansible_distribution == 'Debian'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
notify: restart mysql
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Start and enable service
service: name=mysql state=started enabled=yes
- debug:
msg: "{{ mysql_root_password }}"
- include_tasks: mysql_secure_installation.yml
when: mysql_root_password is defined
- debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined
...

View File

@ -80,3 +80,4 @@
- name: start mysql mac
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'
...

View File

@ -25,7 +25,5 @@
apt: pkg={{ item }} state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient18
- python-mysqldb
- python-mysqldb # required to set the MySQL password using ansible
...

View File

@ -0,0 +1,4 @@
# MariaDB {{ mariadb_version }} Debian {{ ansible_distribution_release | title }} repository list
# http://mariadb.org/mariadb/repositories/
deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main
deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main

View File

@ -4,3 +4,6 @@ mysql_conf_dir:
"Ubuntu": /etc/mysql/conf.d
"Debian": /etc/mysql/conf.d
"MacOSX": /usr/local/etc/my.cnf.d
mysql_conf_tpl: files/mariadb_config.cnf
mysql_secure_installation: True
...

View File

@ -9,10 +9,10 @@
when: nginx_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Debian.yml
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Replace default nginx config with nginx template
@ -47,4 +47,5 @@
- name: Ensure nginx is started and enabled to start at boot.
service: name=nginx state=started enabled=yes
- include: vhosts.yml
- include_tasks: vhosts.yml
...

View File

@ -6,7 +6,7 @@
- ntpdate
when: ansible_distribution == 'CentOS'
- name: enable ntpd
- name: Enable ntpd
service: name=ntpd enabled=yes state=started
when: ansible_distribution == 'CentOS'
@ -17,7 +17,7 @@
- ntpdate
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: enable ntpd
- name: Enable ntpd
service: name=ntp enabled=yes state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
...

View File

@ -0,0 +1,21 @@
---
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- redis
when: ansible_os_family == 'RedHat'
# Prerequisite for Debian and Ubuntu
- name: Install apt packages
apt: pkg={{ item }} state=present force=yes
with_items:
- redis-server
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
# Prerequisite for MACOS
- name: install prequisites for macos
homebrew: name={{ item }} state=present
with_items:
- redis
when: ansible_distribution == 'MacOSX'
...

View File

@ -0,0 +1,3 @@
---
swap_size_mb: 1024
...

View File

@ -35,3 +35,4 @@
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
become: true
become_user: root
...

48
playbooks/site.yml Normal file
View File

@ -0,0 +1,48 @@
---
# This is the master playbook that deploys the whole Frappe and ERPNext stack
- hosts: localhost
become: yes
become_user: root
roles:
- { role: common, tags: "common" }
- { role: locale, tags: "locale" }
- { role: swap, tags: "swap", when: production }
- { role: logwatch, tags: "logwatch", when: production }
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
- { role: dns_caching, tags: "dns_caching", when: production }
- { role: ntpd, tags: "ntpd", when: production }
- { role: mariadb, tags: "mariadb" }
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
- { role: nodejs, tags: "nodejs" }
- { role: psutil, tags: "psutil" }
- { role: redis, tags: "redis" }
- { role: supervisor, tags: "supervisor", when: production }
- { role: nginx, tags: "nginx", when: production }
- { role: fail2ban, tags: "fail2ban", when: production }
tasks:
- name: Set hostname
hostname: name='{{ hostname }}'
when: hostname is defined and production
- name: Start NTPD
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' and production
- name: Start NTPD
service: name=ntp state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
- include_tasks: macosx.yml
when: ansible_distribution == 'MacOSX'
- name: setup bench and dev environment
hosts: localhost
vars:
bench_repo_path: "/home/{{ frappe_user }}/.bench"
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
roles:
# setup frappe-bench
- { role: bench, tags: "bench", when: not run_travis and not without_bench_setup }
...

View File

@ -1,8 +1,8 @@
---
- include: centos.yml
- include_tasks: centos.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
- include: ubuntu.yml
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '14.04'
- name: Add configuration
@ -13,6 +13,6 @@
- name: Start and enable service
service: name=mysql state=started enabled=yes
- include: mysql_secure_installation.yml
- include_tasks: mysql_secure_installation.yml
debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined

View File

@ -9,10 +9,10 @@
when: nginx_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Debian.yml
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Nginx setup.
@ -28,4 +28,4 @@
- name: Ensure nginx is started and enabled to start at boot.
service: name=nginx state=started enabled=yes
- include: vhosts.yml
- include_tasks: vhosts.yml

View File

@ -1,5 +1,5 @@
---
- include: base.yml
- include_tasks: base.yml
- name: Clone bench
hosts: all
user: "{{ frappe_user }}"