mirror of
https://github.com/frappe/bench.git
synced 2025-01-24 23:48:24 +00:00
Merge pull request #586 from codingCoffee/clean_code
Restructured playbooks
This commit is contained in:
commit
16603ec8c9
@ -10,41 +10,39 @@ def install():
|
||||
|
||||
@click.command('prerequisites')
|
||||
def install_prerequisites():
|
||||
"Install prerequisites"
|
||||
run_playbook('prerequisites/install_prerequisites.yml')
|
||||
run_playbook('site.yml', tag='common, redis')
|
||||
|
||||
@click.command('mariadb')
|
||||
@click.option('--mysql_root_password')
|
||||
def install_maridb(mysql_root_password=''):
|
||||
"Install mariadb 10.1"
|
||||
if mysql_root_password:
|
||||
extra_vars.update({"mysql_root_password": mysql_root_password})
|
||||
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='mariadb')
|
||||
|
||||
@click.command('wkhtmltopdf')
|
||||
def install_wkhtmltopdf():
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
|
||||
|
||||
@click.command('nodejs')
|
||||
def install_nodejs():
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='nodejs')
|
||||
|
||||
@click.command('psutil')
|
||||
def install_psutil():
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='psutil')
|
||||
|
||||
@click.command('supervisor')
|
||||
@click.option('--user')
|
||||
def install_supervisor(user=None):
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='supervisor')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='supervisor')
|
||||
if user:
|
||||
setup_sudoers(user)
|
||||
|
||||
@click.command('nginx')
|
||||
@click.option('--user')
|
||||
def install_nginx(user=None):
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='nginx')
|
||||
if user:
|
||||
setup_sudoers(user)
|
||||
|
||||
@ -54,7 +52,7 @@ def install_nginx(user=None):
|
||||
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban.')
|
||||
def install_failtoban(**kwargs):
|
||||
extra_vars.update(kwargs)
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban')
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag='fail2ban')
|
||||
|
||||
install.add_command(install_prerequisites)
|
||||
install.add_command(install_maridb)
|
||||
|
@ -89,7 +89,7 @@ def setup_firewall(ssh_port=None, force=False):
|
||||
if not ssh_port:
|
||||
ssh_port = 22
|
||||
|
||||
run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port})
|
||||
run_playbook('roles/bench/tasks/setup_firewall.yml', {"ssh_port": ssh_port})
|
||||
|
||||
@click.command('ssh-port')
|
||||
@click.argument('port')
|
||||
@ -103,7 +103,7 @@ def set_ssh_port(port, force=False):
|
||||
'Do you want to continue?'.format(port),
|
||||
abort=True)
|
||||
|
||||
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
|
||||
run_playbook('roles/bench/tasks/change_ssh_port.yml', {"ssh_port": port})
|
||||
|
||||
@click.command('lets-encrypt')
|
||||
@click.argument('site')
|
||||
@ -214,9 +214,9 @@ def setup_roles(role, **kwargs):
|
||||
extra_vars.update(kwargs)
|
||||
|
||||
if role:
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role)
|
||||
run_playbook('site.yml', extra_vars=extra_vars, tag=role)
|
||||
else:
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars)
|
||||
run_playbook('site.yml', extra_vars=extra_vars)
|
||||
|
||||
@click.command('fail2ban')
|
||||
@click.option('--maxretry', default=6, help="Number of matches (i.e. value of the counter) which triggers ban action on the IP. Default is 6 seconds" )
|
||||
@ -224,7 +224,7 @@ def setup_roles(role, **kwargs):
|
||||
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban. Default is 600 seconds')
|
||||
def setup_nginx_proxy_jail(**kwargs):
|
||||
from bench.utils import run_playbook
|
||||
run_playbook('prerequisites/setup_nginx_proxy_jail.yml', extra_vars=kwargs)
|
||||
run_playbook('roles/fail2ban/tasks/configure_nginx_jail.yml', extra_vars=kwargs)
|
||||
|
||||
setup.add_command(setup_sudoers)
|
||||
setup.add_command(setup_nginx)
|
||||
|
20
playbooks/README.md
Normal file
20
playbooks/README.md
Normal file
@ -0,0 +1,20 @@
|
||||
# Deploying a, developer/production-ready ERPNext website with Ansible
|
||||
|
||||
## Supported Platforms
|
||||
- Debian 8, 9
|
||||
- Ubuntu 14.04, 16.04
|
||||
- CentOS 7
|
||||
|
||||
## Directory Structure
|
||||
TODO
|
||||
|
||||
## Notes for maintainers
|
||||
- For MariaDB playbooks refer https://github.com/PCextreme/ansible-role-mariadb
|
||||
- Any changes made in relation to a role should be dont inside the role and not outside it
|
||||
|
||||
# TODO:
|
||||
1. Planned Platform
|
||||
- Arch Linux
|
||||
- Fedora
|
||||
- RedHat
|
||||
2. Consider reffering to https://github.com/geerlingguy/ansible-role-mysql.git for MariaDB playbook
|
3
playbooks/develop/create_user.yml → playbooks/create_user.yml
Executable file → Normal file
3
playbooks/develop/create_user.yml → playbooks/create_user.yml
Executable file → Normal file
@ -1,4 +1,5 @@
|
||||
---
|
||||
|
||||
- hosts: localhost
|
||||
tasks:
|
||||
- name: Create user
|
||||
@ -31,3 +32,5 @@
|
||||
group: '{{ frappe_user }}'
|
||||
recurse: yes
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian'
|
||||
|
||||
...
|
@ -1,54 +0,0 @@
|
||||
---
|
||||
- name: Check if ERPNext App exists
|
||||
stat: path="{{ bench_path }}/apps/erpnext"
|
||||
register: app
|
||||
|
||||
- name: get erpnext
|
||||
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
|
||||
args:
|
||||
creates: "{{ bench_path }}/apps/erpnext"
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not app.stat.exists
|
||||
|
||||
- name: Check whether a site called site1.local exists
|
||||
stat: path="{{ bench_path }}/sites/site1.local"
|
||||
register: site_folder
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/conf.d/settings.cnf
|
||||
block: |
|
||||
# Import all .cnf files from configuration directory
|
||||
!includedir /etc/mysql/mariadb.conf.d/
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
|
||||
block: |
|
||||
[mysqld]
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
create: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: restart mysql
|
||||
service: name=mysql state=restarted
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: create a new default site
|
||||
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not site_folder.stat.exists
|
||||
|
||||
- name: install erpnext to default site
|
||||
command: bench --site site1.local install-app erpnext
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
|
@ -1,38 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
tasks:
|
||||
- name: Install SELinux for CentOS
|
||||
yum: name="{{item}}" state=present
|
||||
with_items:
|
||||
- policycoreutils-python
|
||||
- selinux-policy-devel
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- name: Install SELinux for Ubuntu
|
||||
apt: name={{ item }} state=present
|
||||
with_items:
|
||||
- selinux
|
||||
- selinux-policy-dev
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Check enabled SELinux modules
|
||||
shell: semanage module -l
|
||||
register: enabled_modules
|
||||
|
||||
- name: Copy frappe_selinux policy
|
||||
copy: src=templates/frappe_selinux.te dest=/root/frappe_selinux.te
|
||||
register: dest_frappe_selinux_te
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Compile frappe_selinux policy
|
||||
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
|
||||
args:
|
||||
chdir: /root/
|
||||
become: yes
|
||||
become_user: root
|
||||
when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
|
@ -1,25 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
|
||||
- include: ../prerequisites/install_prerequisites.yml
|
||||
when: ansible_distribution != 'MacOSX'
|
||||
|
||||
- include: ../prerequisites/install_roles.yml
|
||||
when: ansible_distribution != 'MacOSX'
|
||||
|
||||
- include: macosx.yml
|
||||
when: ansible_distribution == 'MacOSX'
|
||||
|
||||
- name: setup bench and dev environment
|
||||
hosts: localhost
|
||||
vars:
|
||||
bench_repo_path: "/home/{{ frappe_user }}/.bench"
|
||||
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
|
||||
tasks:
|
||||
# setup frappe-bench
|
||||
- include: includes/setup_bench.yml
|
||||
when: not run_travis and not without_bench_setup
|
||||
|
||||
# setup development environment
|
||||
- include: includes/setup_dev_env.yml
|
||||
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')
|
@ -1,7 +0,0 @@
|
||||
# MariaDB 10.1 CentOS repository list - created 2016-03-18 09:56 UTC
|
||||
# http://mariadb.org/mariadb/repositories/
|
||||
[mariadb]
|
||||
name = MariaDB
|
||||
baseurl = http://yum.mariadb.org/10.1/centos{{ ansible_lsb.major_release }}-{{ "amd64" if ansible_architecture == "x86_64" else "x86"}}
|
||||
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
|
||||
gpgcheck=1
|
19
playbooks/install.py
Executable file → Normal file
19
playbooks/install.py
Executable file → Normal file
@ -13,8 +13,8 @@ def install_bench(args):
|
||||
|
||||
success = run_os_command({
|
||||
'apt-get': [
|
||||
'sudo apt-get update',
|
||||
'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
|
||||
'sudo apt-get update'
|
||||
# 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
|
||||
],
|
||||
'yum': [
|
||||
'sudo yum groupinstall -y "Development tools"',
|
||||
@ -59,7 +59,7 @@ def install_bench(args):
|
||||
})
|
||||
|
||||
success = run_os_command({
|
||||
'pip': "sudo pip install ansible==2.3.1"
|
||||
'pip': "sudo pip install ansible==2.4.1"
|
||||
})
|
||||
|
||||
if not success:
|
||||
@ -93,7 +93,7 @@ def install_bench(args):
|
||||
repo_path = os.path.join(os.path.expanduser('~'), 'bench')
|
||||
|
||||
extra_vars.update(repo_path=repo_path)
|
||||
run_playbook('develop/create_user.yml', extra_vars=extra_vars)
|
||||
run_playbook('create_user.yml', extra_vars=extra_vars)
|
||||
|
||||
extra_vars.update(get_passwords(args))
|
||||
if args.production:
|
||||
@ -105,11 +105,12 @@ def install_bench(args):
|
||||
bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
|
||||
extra_vars.update(bench_name=bench_name)
|
||||
|
||||
if args.develop:
|
||||
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
|
||||
# Will install ERPNext production setup by default
|
||||
run_playbook('site.yml', sudo=True, extra_vars=extra_vars)
|
||||
|
||||
elif args.production:
|
||||
run_playbook('production/install.yml', sudo=True, extra_vars=extra_vars)
|
||||
# # Will do changes for production if --production flag is passed
|
||||
# if args.production:
|
||||
# run_playbook('production.yml', sudo=True, extra_vars=extra_vars)
|
||||
|
||||
if os.path.exists(tmp_bench_repo):
|
||||
shutil.rmtree(tmp_bench_repo)
|
||||
@ -147,7 +148,7 @@ def install_python27():
|
||||
|
||||
# install python 2.7
|
||||
success = run_os_command({
|
||||
'apt-get': 'sudo apt-get install -y python2.7',
|
||||
'apt-get': 'sudo apt-get install -y python-dev',
|
||||
'yum': 'sudo yum install -y python27',
|
||||
'brew': 'brew install python'
|
||||
})
|
||||
|
@ -22,9 +22,9 @@
|
||||
- wkhtmltopdf
|
||||
|
||||
- name: configure mariadb
|
||||
include: ../prerequisites/roles/mariadb/tasks/main.yml
|
||||
include: roles/mariadb/tasks/main.yml
|
||||
vars:
|
||||
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
|
||||
mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf
|
||||
|
||||
- name: Install MySQLdb in global env
|
||||
pip: name=mysql-python version=1.2.5
|
||||
@ -36,3 +36,4 @@
|
||||
- include: includes/setup_dev_env.yml
|
||||
when: not production
|
||||
|
||||
...
|
@ -1,97 +0,0 @@
|
||||
---
|
||||
#- include: setup_essentials.yml
|
||||
|
||||
- name: "Setup prerequisites"
|
||||
hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
tasks:
|
||||
- name: Install yum packages
|
||||
yum: name={{ item }} state=present
|
||||
with_items:
|
||||
- bzip2-devel
|
||||
- cronie
|
||||
- dnsmasq
|
||||
- freetype-devel
|
||||
- git
|
||||
- htop
|
||||
- lcms2-devel
|
||||
- libjpeg-devel
|
||||
- libtiff-devel
|
||||
- libffi-devel
|
||||
- libwebp-devel
|
||||
- libXext
|
||||
- libXrender
|
||||
- libzip-devel
|
||||
- libffi-devel
|
||||
- ntp
|
||||
- openssl-devel
|
||||
- postfix
|
||||
- python-devel
|
||||
- python-setuptools
|
||||
- python-pip
|
||||
- redis
|
||||
- screen
|
||||
- sudo
|
||||
- tcl-devel
|
||||
- tk-devel
|
||||
- vim
|
||||
- which
|
||||
- xorg-x11-fonts-75dpi
|
||||
- xorg-x11-fonts-Type1
|
||||
- zlib-devel
|
||||
- openssl-devel
|
||||
- openldap-devel
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
# Prerequisite for Debian and Ubuntu
|
||||
- name: Install apt packages
|
||||
apt: pkg={{ item }} state=present force=yes
|
||||
with_items:
|
||||
- build-essential
|
||||
- software-properties-common
|
||||
- dnsmasq
|
||||
- fontconfig
|
||||
- git
|
||||
- htop
|
||||
- libcrypto++-dev
|
||||
- libfreetype6-dev
|
||||
- liblcms2-dev
|
||||
- libssl-dev
|
||||
- libwebp-dev
|
||||
- libxext6
|
||||
- libxrender1
|
||||
- libxslt1-dev
|
||||
- libxslt1.1
|
||||
- libffi-dev
|
||||
- ntp
|
||||
- postfix
|
||||
- python-dev
|
||||
- python-pip
|
||||
- python-tk
|
||||
- redis-server
|
||||
- screen
|
||||
- vim
|
||||
- xfonts-75dpi
|
||||
- xfonts-base
|
||||
- zlib1g-dev
|
||||
- apt-transport-https
|
||||
- libsasl2-dev
|
||||
- libldap2-dev
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include: debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
# Prerequisite for MACOS
|
||||
- name: install prequisites for macos
|
||||
homebrew: name={{ item }} state=present
|
||||
with_items:
|
||||
- cmake
|
||||
- redis
|
||||
- mariadb
|
||||
- nodejs
|
||||
when: ansible_distribution == 'MacOSX'
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
|
||||
hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
vars:
|
||||
- mysql_conf_tpl: files/mariadb_config.cnf
|
||||
- nginx_conf_file: files/nginx.conf
|
||||
- mysql_secure_installation: True
|
||||
roles:
|
||||
- { role: locale, tags: "locale" }
|
||||
- { role: swap, tags: "swap", when: production }
|
||||
- { role: logwatch, tags: "logwatch", when: production }
|
||||
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
|
||||
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
|
||||
- { role: dns_caching, tags: "dns_caching", when: production }
|
||||
- { role: ntpd, tags: "ntpd", when: production }
|
||||
- { role: mariadb, tags: "mariadb" }
|
||||
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
|
||||
- { role: nodejs, tags: "nodejs" }
|
||||
- { role: psutil, tags: "psutil" }
|
||||
- { role: supervisor, tags: "supervisor", when: production }
|
||||
- { role: nginx, tags: "nginx", when: production }
|
||||
- { role: fail2ban, tags: "fail2ban" , when: production }
|
||||
tasks:
|
||||
- name: Set hostname
|
||||
hostname: name='{{ hostname }}'
|
||||
when: hostname is defined and production
|
||||
|
||||
- name: Start NTPD
|
||||
service: name=ntpd state=started
|
||||
when: ansible_distribution == 'CentOS' and production
|
||||
|
||||
- name: Start NTPD
|
||||
service: name=ntp state=started
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
- name: Setup bash screen wall
|
||||
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
|
@ -1,2 +0,0 @@
|
||||
locale_keymap: us
|
||||
locale_lang: en_US.utf8
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: "Attila van der Velde"
|
||||
description: "Installs MariaDB"
|
||||
company: "PCextreme B.V."
|
||||
license: "license (MIT, BSD)"
|
||||
min_ansible_version: 1.8
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
categories:
|
||||
- database:sql
|
||||
|
||||
dependencies: []
|
@ -1,31 +0,0 @@
|
||||
---
|
||||
- include: centos.yml
|
||||
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
|
||||
|
||||
- include: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Add configuration
|
||||
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
|
||||
notify: restart mysql
|
||||
|
||||
- include: debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- name: Add configuration
|
||||
template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
|
||||
notify: restart mysql
|
||||
|
||||
- name: Start and enable service
|
||||
service: name=mysql state=started enabled=yes
|
||||
|
||||
- debug:
|
||||
msg: "{{ mysql_root_password }}"
|
||||
|
||||
- include: mysql_secure_installation.yml
|
||||
when: mysql_root_password is defined
|
||||
|
||||
- debug: var=mysql_secure_installation
|
||||
when: mysql_secure_installation and mysql_root_password is defined
|
@ -1,35 +0,0 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
env:
|
||||
- SITE=test.yml
|
||||
|
||||
before_install:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get install -y curl
|
||||
|
||||
install:
|
||||
# Install Ansible.
|
||||
- pip install ansible
|
||||
|
||||
# Add ansible.cfg to pick up roles path.
|
||||
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
|
||||
|
||||
script:
|
||||
# Check the role/playbook's syntax.
|
||||
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
|
||||
|
||||
# Run the role/playbook with ansible-playbook.
|
||||
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
|
||||
|
||||
# Run the role/playbook again, checking to make sure it's idempotent.
|
||||
- >
|
||||
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
|
||||
| grep -q 'changed=0.*failed=0'
|
||||
&& (echo 'Idempotence test: pass' && exit 0)
|
||||
|| (echo 'Idempotence test: fail' && exit 1)
|
||||
|
||||
# TODO - get the test working. Probably need to add a virtual host.
|
||||
# Request a page via Nginx, to make sure Nginx is running and responds.
|
||||
# - "curl http://localhost/"
|
@ -1,51 +0,0 @@
|
||||
user {{ nginx_user }};
|
||||
|
||||
error_log {{ nginx_error_log }};
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
worker_processes {{ nginx_worker_processes }};
|
||||
|
||||
events {
|
||||
worker_connections {{ nginx_worker_connections }};
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
client_max_body_size {{ nginx_client_max_body_size }};
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log {{ nginx_access_log }};
|
||||
|
||||
sendfile {{ nginx_sendfile }};
|
||||
tcp_nopush {{ nginx_tcp_nopush }};
|
||||
tcp_nodelay {{ nginx_tcp_nodelay }};
|
||||
|
||||
keepalive_timeout {{ nginx_keepalive_timeout }};
|
||||
keepalive_requests {{ nginx_keepalive_requests }};
|
||||
|
||||
#gzip on;
|
||||
|
||||
{% if nginx_proxy_cache_path %}
|
||||
proxy_cache_path {{ nginx_proxy_cache_path }};
|
||||
{% endif %}
|
||||
|
||||
{% for upstream in nginx_upstreams %}
|
||||
upstream {{ upstream.name }} {
|
||||
{% if upstream.strategy is defined %}
|
||||
{{ upstream.strategy }};
|
||||
{% endif %}
|
||||
{% for server in upstream.servers %}
|
||||
server {{ server }};
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor %}
|
||||
|
||||
include {{ nginx_vhost_path }}/*;
|
||||
}
|
@ -1 +0,0 @@
|
||||
swap_size_mb: 1024
|
@ -1,48 +0,0 @@
|
||||
---
|
||||
- name: Setup Essentials
|
||||
hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
tasks:
|
||||
- name: Install the 'Development tools' package group (Redhat)
|
||||
yum: name="@Development tools" state=present
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Install EPEL
|
||||
yum: name='epel-release' state=present
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Install libselinux-python
|
||||
yum: name={{ item }} state=present
|
||||
with_items:
|
||||
- python-devel
|
||||
- python-setuptools
|
||||
- python-pip
|
||||
- libselinux-python
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Add dotdeb apt repository key for Debian < 8
|
||||
apt_key:
|
||||
url: http://www.dotdeb.org/dotdeb.gpg
|
||||
state: present
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||
|
||||
- name: Add dotdeb apt repository for redis-server for Debian < 8
|
||||
apt_repository:
|
||||
repo: 'deb http://packages.dotdeb.org wheezy all'
|
||||
state: present
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||
|
||||
- name: Install python selinux
|
||||
apt: pkg={{ item }} state=present force=yes
|
||||
with_items:
|
||||
- build-essential
|
||||
- python-dev
|
||||
- python-pip
|
||||
- python-selinux
|
||||
when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'
|
@ -1,2 +0,0 @@
|
||||
---
|
||||
- include: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml
|
@ -1,90 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
vars:
|
||||
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
|
||||
|
||||
tasks:
|
||||
|
||||
# In case we are re-running the script, we would like to skip the site creation
|
||||
- name: Check whether a site exists
|
||||
stat: path="{{ bench_path }}/sites/{{ site }}"
|
||||
register: site_folder
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/conf.d/settings.cnf
|
||||
block: |
|
||||
# Import all .cnf files from configuration directory
|
||||
!includedir /etc/mysql/mariadb.conf.d/
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
|
||||
block: |
|
||||
[mysqld]
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
create: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: restart mysql
|
||||
service: name=mysql state=restarted
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Create new site
|
||||
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not site_folder.stat.exists
|
||||
|
||||
- name: Check ERPNext App exists
|
||||
stat: path="{{ bench_path }}/apps/erpnext"
|
||||
register: app
|
||||
|
||||
# In case we are re-running the script, we would like to skip getting ERPNext App
|
||||
- name: Get-app erpnext app
|
||||
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
when: not app.stat.exists
|
||||
|
||||
- name: Install erpnext app
|
||||
command: bench --site {{ site }} install-app erpnext
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Change permissions for frappe home folder
|
||||
become: yes
|
||||
become_user: root
|
||||
file:
|
||||
dest: '/home/{{ frappe_user }}'
|
||||
owner: '{{ frappe_user }}'
|
||||
group: '{{ frappe_user }}'
|
||||
mode: 0755
|
||||
recurse: yes
|
||||
state: directory
|
||||
|
||||
- name: Setup production
|
||||
become: yes
|
||||
become_user: root
|
||||
command: bench setup production {{ frappe_user }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Setup Sudoers
|
||||
become: yes
|
||||
become_user: root
|
||||
command: bench setup sudoers {{ frappe_user }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Restart the bench
|
||||
command: bench restart
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
tasks:
|
||||
- name: insert/update inputrc for history
|
||||
blockinfile:
|
||||
dest: "/home/{{ frappe_user }}/.inputrc"
|
||||
create: yes
|
||||
block: |
|
||||
## arrow up
|
||||
"\e[A":history-search-backward
|
||||
## arrow down
|
||||
"\e[B":history-search-forward
|
@ -1,94 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
|
||||
tasks:
|
||||
|
||||
####################################################
|
||||
# Replace default nginx config with nginx template
|
||||
- name: Rename default nginx.conf to nginx.conf.old
|
||||
command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Copy the nginx_config template
|
||||
template:
|
||||
src: ../templates/default_nginx.j2
|
||||
dest: /etc/nginx/nginx.conf
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Reload the nginx service
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
######################################################
|
||||
# Set InnoDB Buffer Pool size to half of total RAM
|
||||
- name: Set InnoDB buffer pool
|
||||
lineinfile: >
|
||||
dest=/etc/my.cnf.d/frappe.cnf
|
||||
regexp="^\[mysqld\]$"
|
||||
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
|
||||
state=present
|
||||
when: ansible_distribution == 'CentOS'
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Set InnoDB buffer pool
|
||||
lineinfile: >
|
||||
dest=/etc/mysql/conf.d/frappe.cnf
|
||||
regexp="^\[mysqld\]$"
|
||||
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
|
||||
state=present
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
####################################################
|
||||
# Enable nginx, mysql, redis and supevisord services
|
||||
- name: Enable nginx, mysql, and redis
|
||||
service:
|
||||
name: '{{ item }}'
|
||||
enabled: yes
|
||||
with_items:
|
||||
- nginx
|
||||
- mysql
|
||||
become: yes
|
||||
become_user: root
|
||||
|
||||
- name: Enable redis.service on centos
|
||||
service:
|
||||
name: redis
|
||||
enabled: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- name: Enable redis-server.service on ubuntu
|
||||
service:
|
||||
name: redis-server
|
||||
enabled: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: Check whether default supervisor.conf exists
|
||||
service:
|
||||
name: supervisord
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- name: Check whether default supervisor.conf exists
|
||||
service:
|
||||
name: supervisor
|
||||
state: started
|
||||
enabled: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
# Install the common pre-requisites for the setting up bench
|
||||
- include: ../develop/install.yml
|
||||
|
||||
- include: includes/setup_inputrc.yml
|
||||
|
||||
# Setup Bench for production environment
|
||||
- include: includes/setup_bench_production.yml
|
||||
when: not run_travis
|
4
playbooks/roles/bash_screen_wall/tasks/main.yml
Normal file
4
playbooks/roles/bash_screen_wall/tasks/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: Setup bash screen wall
|
||||
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
|
||||
...
|
3
playbooks/production/change_ssh_port.yml → playbooks/roles/bench/tasks/change_ssh_port.yml
Executable file → Normal file
3
playbooks/production/change_ssh_port.yml → playbooks/roles/bench/tasks/change_ssh_port.yml
Executable file → Normal file
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: Change ssh port
|
||||
gather_facts: false
|
||||
hosts: localhost
|
||||
@ -16,4 +17,4 @@
|
||||
- name: Change ansible ssh port to 2332
|
||||
set_fact:
|
||||
ansible_ssh_port: '{{ ssh_port }}'
|
||||
|
||||
...
|
@ -28,11 +28,17 @@
|
||||
stat: path="{{ bench_path }}"
|
||||
register: bench_stat
|
||||
|
||||
- name: init bench
|
||||
- name: python3 bench init for develop
|
||||
command: bench init {{ bench_path }} --frappe-branch {{ branch }} --python python3
|
||||
args:
|
||||
creates: "{{ bench_path }}"
|
||||
when: not bench_stat.stat.exists and develop
|
||||
|
||||
- name: python2 bench init for develop
|
||||
command: bench init {{ bench_path }} --frappe-branch {{ branch }}
|
||||
args:
|
||||
creates: "{{ bench_path }}"
|
||||
when: not bench_stat.stat.exists
|
||||
when: not bench_stat.stat.exists and production
|
||||
|
||||
# setup common_site_config
|
||||
- name: setup config
|
||||
@ -46,3 +52,15 @@
|
||||
args:
|
||||
creates: "{{ bench_path }}/apps/frappe"
|
||||
chdir: "{{ bench_path }}"
|
||||
|
||||
- include_tasks: setup_dev_env.yml
|
||||
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')
|
||||
|
||||
- include_tasks: setup_inputrc.yml
|
||||
|
||||
# Setup Bench for production environment
|
||||
- include_tasks: setup_bench_production.yml
|
||||
vars:
|
||||
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
|
||||
when: not run_travis and production
|
||||
...
|
58
playbooks/roles/bench/tasks/setup_bench_production.yml
Normal file
58
playbooks/roles/bench/tasks/setup_bench_production.yml
Normal file
@ -0,0 +1,58 @@
|
||||
---
|
||||
# In case we are re-running the script, we would like to skip the site creation
|
||||
- name: Check whether a site exists
|
||||
stat: path="{{ bench_path }}/sites/{{ site }}"
|
||||
register: site_folder
|
||||
|
||||
- name: Create new site
|
||||
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not site_folder.stat.exists
|
||||
|
||||
- name: Check ERPNext App exists
|
||||
stat: path="{{ bench_path }}/apps/erpnext"
|
||||
register: app
|
||||
|
||||
# In case we are re-running the script, we would like to skip getting ERPNext App
|
||||
- name: Get-app erpnext app
|
||||
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
when: not app.stat.exists
|
||||
|
||||
- name: Install erpnext app
|
||||
command: bench --site {{ site }} install-app erpnext
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Change permissions for frappe home folder
|
||||
become: yes
|
||||
become_user: root
|
||||
file:
|
||||
dest: '/home/{{ frappe_user }}'
|
||||
owner: '{{ frappe_user }}'
|
||||
group: '{{ frappe_user }}'
|
||||
mode: 0755
|
||||
recurse: yes
|
||||
state: directory
|
||||
|
||||
- name: Setup production
|
||||
become: yes
|
||||
become_user: root
|
||||
command: bench setup production {{ frappe_user }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Setup Sudoers
|
||||
become: yes
|
||||
become_user: root
|
||||
command: bench setup sudoers {{ frappe_user }}
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
|
||||
- name: Restart the bench
|
||||
command: bench restart
|
||||
args:
|
||||
chdir: '{{ bench_path }}'
|
||||
...
|
@ -1,5 +1,4 @@
|
||||
---
|
||||
|
||||
# Setup Procfile
|
||||
- name: setup procfile
|
||||
command: bench setup procfile
|
||||
@ -17,4 +16,6 @@
|
||||
|
||||
|
||||
# Setup an ERPNext site called site1.local
|
||||
- include: includes/setup_erpnext.yml
|
||||
- include_tasks: setup_erpnext.yml
|
||||
hosts: localhost
|
||||
...
|
28
playbooks/roles/bench/tasks/setup_erpnext.yml
Normal file
28
playbooks/roles/bench/tasks/setup_erpnext.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Check if ERPNext App exists
|
||||
stat: path="{{ bench_path }}/apps/erpnext"
|
||||
register: app
|
||||
|
||||
- name: get erpnext
|
||||
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
|
||||
args:
|
||||
creates: "{{ bench_path }}/apps/erpnext"
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not app.stat.exists
|
||||
|
||||
- name: Check whether a site called site1.local exists
|
||||
stat: path="{{ bench_path }}/sites/site1.local"
|
||||
register: site_folder
|
||||
|
||||
- name: create a new default site
|
||||
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
when: not site_folder.stat.exists
|
||||
|
||||
- name: install erpnext to default site
|
||||
command: bench --site site1.local install-app erpnext
|
||||
args:
|
||||
chdir: "{{ bench_path }}"
|
||||
|
||||
...
|
3
playbooks/production/setup_firewall.yml → playbooks/roles/bench/tasks/setup_firewall.yml
Executable file → Normal file
3
playbooks/production/setup_firewall.yml → playbooks/roles/bench/tasks/setup_firewall.yml
Executable file → Normal file
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: Setup Firewall
|
||||
user: root
|
||||
hosts: localhost
|
||||
@ -47,4 +48,4 @@
|
||||
- 443
|
||||
- "{{ ssh_port }}"
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
...
|
11
playbooks/roles/bench/tasks/setup_inputrc.yml
Normal file
11
playbooks/roles/bench/tasks/setup_inputrc.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: insert/update inputrc for history
|
||||
blockinfile:
|
||||
dest: "/home/{{ frappe_user }}/.inputrc"
|
||||
create: yes
|
||||
block: |
|
||||
## arrow up
|
||||
"\e[A":history-search-backward
|
||||
## arrow down
|
||||
"\e[B":history-search-forward
|
||||
...
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Setup OpenSSL dependancy
|
||||
pip: name=pyOpenSSL version=16.2.0
|
||||
|
||||
@ -19,3 +20,5 @@
|
||||
- tcl8.5-dev
|
||||
- tk8.5-dev
|
||||
when: ansible_distribution_version | version_compare('8', 'ge')
|
||||
|
||||
...
|
42
playbooks/roles/common/tasks/debian_family.yml
Normal file
42
playbooks/roles/common/tasks/debian_family.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
|
||||
- name: Install prerequisites using apt-get
|
||||
become: yes
|
||||
become_user: root
|
||||
apt: pkg={{ item }} state=present force=yes
|
||||
with_items:
|
||||
- dnsmasq
|
||||
- fontconfig
|
||||
- git # Version control
|
||||
- htop # Server stats
|
||||
- libcrypto++-dev
|
||||
- libfreetype6-dev
|
||||
- liblcms2-dev
|
||||
- libssl-dev
|
||||
- libwebp-dev
|
||||
- libxext6
|
||||
- libxrender1
|
||||
- libxslt1-dev
|
||||
- libxslt1.1
|
||||
- libffi-dev
|
||||
- ntp # Clock synchronization
|
||||
- postfix # Mail Server
|
||||
- python-dev # Installing python developer suite
|
||||
- python3-dev # For python3 compatibility
|
||||
- python-tk
|
||||
- screen # To aid ssh sessions with connectivity problems
|
||||
- vim # Is that supposed to be a question!?
|
||||
- xfonts-75dpi
|
||||
- xfonts-base
|
||||
- zlib1g-dev
|
||||
- apt-transport-https
|
||||
- libsasl2-dev
|
||||
- libldap2-dev
|
||||
|
||||
- include_tasks: debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
...
|
37
playbooks/roles/common/tasks/macos.yml
Normal file
37
playbooks/roles/common/tasks/macos.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
vars:
|
||||
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
|
||||
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
|
||||
tasks:
|
||||
# install pre-requisites
|
||||
- name: install prequisites
|
||||
homebrew: name={{ item }} state=present
|
||||
with_items:
|
||||
- cmake
|
||||
- redis
|
||||
- mariadb
|
||||
- nodejs
|
||||
|
||||
# install wkhtmltopdf
|
||||
- name: cask installs
|
||||
homebrew_cask: name={{ item }} state=present
|
||||
with_items:
|
||||
- wkhtmltopdf
|
||||
|
||||
- name: configure mariadb
|
||||
include_tasks: roles/mariadb/tasks/main.yml
|
||||
vars:
|
||||
mysql_conf_tpl: roles/mariadb/files/mariadb_config.cnf
|
||||
|
||||
# setup frappe-bench
|
||||
- include_tasks: includes/setup_bench.yml
|
||||
|
||||
# setup development environment
|
||||
- include_tasks: includes/setup_dev_env.yml
|
||||
when: not production
|
||||
|
||||
...
|
9
playbooks/roles/common/tasks/main.yml
Normal file
9
playbooks/roles/common/tasks/main.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
# Install's prerequisites, like fonts, image libraries, vim, screen, python-dev and gcc
|
||||
|
||||
- include_tasks: debian_family.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- include_tasks: redhat_family.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
...
|
42
playbooks/roles/common/tasks/redhat_family.yml
Normal file
42
playbooks/roles/common/tasks/redhat_family.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
|
||||
- name: "Setup prerequisites using yum"
|
||||
become: yes
|
||||
become_user: root
|
||||
yum: name={{ item }} state=present
|
||||
with_items:
|
||||
- bzip2-devel
|
||||
- cronie
|
||||
- dnsmasq
|
||||
- freetype-devel
|
||||
- git
|
||||
- htop
|
||||
- lcms2-devel
|
||||
- libjpeg-devel
|
||||
- libtiff-devel
|
||||
- libffi-devel
|
||||
- libwebp-devel
|
||||
- libXext
|
||||
- libXrender
|
||||
- libzip-devel
|
||||
- libffi-devel
|
||||
- ntp
|
||||
- openssl-devel
|
||||
- postfix
|
||||
- python-devel
|
||||
- python-setuptools
|
||||
- python-pip
|
||||
- redis
|
||||
- screen
|
||||
- sudo
|
||||
- tcl-devel
|
||||
- tk-devel
|
||||
- vim
|
||||
- which
|
||||
- xorg-x11-fonts-75dpi
|
||||
- xorg-x11-fonts-Type1
|
||||
- zlib-devel
|
||||
- openssl-devel
|
||||
- openldap-devel
|
||||
|
||||
...
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
|
||||
- name: install pillow prerequisites for Ubuntu < 14.04
|
||||
apt: pkg={{ item }} state=present force=yes
|
||||
with_items:
|
||||
@ -16,3 +17,5 @@
|
||||
- tcl8.6-dev
|
||||
- tk8.6-dev
|
||||
when: ansible_distribution_version | version_compare('14.04', 'ge')
|
||||
|
||||
...
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: restart network manager
|
||||
- name: Restart network manager
|
||||
service: name=NetworkManager state=restarted
|
||||
...
|
@ -1,14 +1,14 @@
|
||||
---
|
||||
- name: check NetworkManager.conf exists
|
||||
- name: Check NetworkManager.conf exists
|
||||
stat:
|
||||
path: /etc/NetworkManager/NetworkManager.conf
|
||||
register: result
|
||||
|
||||
- name: unmask NetworkManager service
|
||||
- name: Unmask NetworkManager service
|
||||
command: systemctl unmask NetworkManager
|
||||
when: result.stat.exists
|
||||
|
||||
- name: add dnsmasq to network config
|
||||
- name: Add dnsmasq to network config
|
||||
lineinfile: >
|
||||
dest=/etc/NetworkManager/NetworkManager.conf
|
||||
regexp="dns="
|
||||
@ -17,4 +17,4 @@
|
||||
when: result.stat.exists
|
||||
notify:
|
||||
- restart network manager
|
||||
|
||||
...
|
@ -6,13 +6,6 @@
|
||||
- selinux-policy-devel
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
# - name: Install SELinux for Ubuntu
|
||||
# apt: name={{ item }} state=present
|
||||
# with_items:
|
||||
# - selinux
|
||||
# - selinux-policy-dev
|
||||
# when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Check enabled SELinux modules
|
||||
shell: semanage module -l
|
||||
register: enabled_modules
|
||||
@ -28,4 +21,4 @@
|
||||
args:
|
||||
chdir: /root/
|
||||
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
|
||||
|
||||
...
|
4
playbooks/roles/locale/defaults/main.yml
Normal file
4
playbooks/roles/locale/defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
locale_keymap: us
|
||||
locale_lang: en_US.utf8
|
||||
...
|
@ -6,11 +6,11 @@
|
||||
|
||||
- name: Set Locale
|
||||
command: "localectl set-locale LANG={{ locale_lang }}"
|
||||
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
|
||||
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG=locale_lang') == -1
|
||||
|
||||
- name: Set keymap
|
||||
command: "localectl set-keymap {{ locale_keymap }}"
|
||||
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
|
||||
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap:locale_keymap') == -1"
|
||||
|
||||
- name: Set Locale as en_US
|
||||
lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
|
||||
@ -18,3 +18,4 @@
|
||||
- "LC_ALL=en_US.UTF-8"
|
||||
- "LC_CTYPE=en_US.UTF-8"
|
||||
- "LANG=en_US.UTF-8"
|
||||
...
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
logwatch_emails: "{{ admin_emails }}"
|
||||
logwatch_detail: High
|
||||
...
|
@ -10,3 +10,4 @@
|
||||
- name: Copy logwatch config
|
||||
template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
|
||||
when: admin_emails is defined
|
||||
...
|
@ -5,3 +5,4 @@ mysql_conf_tpl: change_me
|
||||
mysql_conf_file: settings.cnf
|
||||
|
||||
mysql_secure_installation: false
|
||||
...
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: restart mysql
|
||||
service: name=mysql state=restarted
|
||||
...
|
@ -6,7 +6,5 @@
|
||||
yum: name={{ item }} enablerepo=mariadb state=present
|
||||
with_items:
|
||||
- MariaDB-server
|
||||
- MariaDB-client
|
||||
- MySQL-python
|
||||
- MariaDB-devel
|
||||
|
||||
- MySQL-python # required for secure_install
|
||||
...
|
@ -28,3 +28,4 @@
|
||||
- mariadb-common
|
||||
- libmariadbclient18
|
||||
- python-mysqldb
|
||||
...
|
56
playbooks/roles/mariadb/tasks/main.yml
Normal file
56
playbooks/roles/mariadb/tasks/main.yml
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
|
||||
- include_tasks: centos.yml
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Add configuration
|
||||
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
|
||||
notify: restart mysql
|
||||
|
||||
- include_tasks: debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- name: Add configuration
|
||||
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
|
||||
notify: restart mysql
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/conf.d/settings.cnf
|
||||
block: |
|
||||
# Import all .cnf files from configuration directory
|
||||
!includedir /etc/mysql/mariadb.conf.d/
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
|
||||
blockinfile:
|
||||
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
|
||||
block: |
|
||||
[mysqld]
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
create: yes
|
||||
become: yes
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||
|
||||
- name: Start and enable service
|
||||
service: name=mysql state=started enabled=yes
|
||||
|
||||
- debug:
|
||||
msg: "{{ mysql_root_password }}"
|
||||
|
||||
- include_tasks: mysql_secure_installation.yml
|
||||
when: mysql_root_password is defined
|
||||
|
||||
- debug: var=mysql_secure_installation
|
||||
when: mysql_secure_installation and mysql_root_password is defined
|
||||
|
||||
...
|
@ -80,3 +80,4 @@
|
||||
- name: start mysql mac
|
||||
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
|
||||
when: ansible_distribution == 'MacOSX'
|
||||
...
|
@ -25,7 +25,5 @@
|
||||
apt: pkg={{ item }} state=present
|
||||
with_items:
|
||||
- mariadb-server
|
||||
- mariadb-client
|
||||
- mariadb-common
|
||||
- libmariadbclient18
|
||||
- python-mysqldb
|
||||
- python-mysqldb # required to set the MySQL password using ansible
|
||||
...
|
4
playbooks/roles/mariadb/templates/mariadb_debian.list.j2
Normal file
4
playbooks/roles/mariadb/templates/mariadb_debian.list.j2
Normal file
@ -0,0 +1,4 @@
|
||||
# MariaDB {{ mariadb_version }} Debian {{ ansible_distribution_release | title }} repository list
|
||||
# http://mariadb.org/mariadb/repositories/
|
||||
deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main
|
||||
deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/debian {{ ansible_distribution_release | lower }} main
|
@ -4,3 +4,6 @@ mysql_conf_dir:
|
||||
"Ubuntu": /etc/mysql/conf.d
|
||||
"Debian": /etc/mysql/conf.d
|
||||
"MacOSX": /usr/local/etc/my.cnf.d
|
||||
mysql_conf_tpl: files/mariadb_config.cnf
|
||||
mysql_secure_installation: True
|
||||
...
|
@ -9,10 +9,10 @@
|
||||
when: nginx_user is not defined
|
||||
|
||||
# Setup/install tasks.
|
||||
- include: setup-RedHat.yml
|
||||
- include_tasks: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- include: setup-Debian.yml
|
||||
- include_tasks: setup-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
# Replace default nginx config with nginx template
|
||||
@ -47,4 +47,5 @@
|
||||
- name: Ensure nginx is started and enabled to start at boot.
|
||||
service: name=nginx state=started enabled=yes
|
||||
|
||||
- include: vhosts.yml
|
||||
- include_tasks: vhosts.yml
|
||||
...
|
@ -30,31 +30,31 @@ http {
|
||||
# keepalive_timeout 10;
|
||||
# keepalive_requests 10;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 5;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 5;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/font-woff
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
;
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/font-woff
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
;
|
||||
|
||||
server_names_hash_max_size 4096;
|
||||
|
||||
@ -67,8 +67,8 @@ http {
|
||||
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
client_max_body_size 50m;
|
||||
large_client_header_buffers 4 32k;
|
||||
client_max_body_size 50m;
|
||||
large_client_header_buffers 4 32k;
|
||||
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m;
|
||||
|
@ -6,7 +6,7 @@
|
||||
- ntpdate
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- name: enable ntpd
|
||||
- name: Enable ntpd
|
||||
service: name=ntpd enabled=yes state=started
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
- ntpdate
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: enable ntpd
|
||||
- name: Enable ntpd
|
||||
service: name=ntp enabled=yes state=started
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
...
|
21
playbooks/roles/redis/tasks/main.yml
Normal file
21
playbooks/roles/redis/tasks/main.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Install yum packages
|
||||
yum: name={{ item }} state=present
|
||||
with_items:
|
||||
- redis
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
# Prerequisite for Debian and Ubuntu
|
||||
- name: Install apt packages
|
||||
apt: pkg={{ item }} state=present force=yes
|
||||
with_items:
|
||||
- redis-server
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
# Prerequisite for MACOS
|
||||
- name: install prequisites for macos
|
||||
homebrew: name={{ item }} state=present
|
||||
with_items:
|
||||
- redis
|
||||
when: ansible_distribution == 'MacOSX'
|
||||
...
|
3
playbooks/roles/swap/defaults/main.yml
Normal file
3
playbooks/roles/swap/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
swap_size_mb: 1024
|
||||
...
|
@ -35,3 +35,4 @@
|
||||
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
|
||||
become: true
|
||||
become_user: root
|
||||
...
|
48
playbooks/site.yml
Normal file
48
playbooks/site.yml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
# This is the master playbook that deploys the whole Frappe and ERPNext stack
|
||||
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
roles:
|
||||
- { role: common, tags: "common" }
|
||||
- { role: locale, tags: "locale" }
|
||||
- { role: swap, tags: "swap", when: production }
|
||||
- { role: logwatch, tags: "logwatch", when: production }
|
||||
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
|
||||
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
|
||||
- { role: dns_caching, tags: "dns_caching", when: production }
|
||||
- { role: ntpd, tags: "ntpd", when: production }
|
||||
- { role: mariadb, tags: "mariadb" }
|
||||
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
|
||||
- { role: nodejs, tags: "nodejs" }
|
||||
- { role: psutil, tags: "psutil" }
|
||||
- { role: redis, tags: "redis" }
|
||||
- { role: supervisor, tags: "supervisor", when: production }
|
||||
- { role: nginx, tags: "nginx", when: production }
|
||||
- { role: fail2ban, tags: "fail2ban", when: production }
|
||||
tasks:
|
||||
- name: Set hostname
|
||||
hostname: name='{{ hostname }}'
|
||||
when: hostname is defined and production
|
||||
|
||||
- name: Start NTPD
|
||||
service: name=ntpd state=started
|
||||
when: ansible_distribution == 'CentOS' and production
|
||||
|
||||
- name: Start NTPD
|
||||
service: name=ntp state=started
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
|
||||
|
||||
- include_tasks: macosx.yml
|
||||
when: ansible_distribution == 'MacOSX'
|
||||
|
||||
- name: setup bench and dev environment
|
||||
hosts: localhost
|
||||
vars:
|
||||
bench_repo_path: "/home/{{ frappe_user }}/.bench"
|
||||
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
|
||||
roles:
|
||||
# setup frappe-bench
|
||||
- { role: bench, tags: "bench", when: not run_travis and not without_bench_setup }
|
||||
...
|
@ -1,8 +1,8 @@
|
||||
---
|
||||
- include: centos.yml
|
||||
- include_tasks: centos.yml
|
||||
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
|
||||
|
||||
- include: ubuntu.yml
|
||||
- include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '14.04'
|
||||
|
||||
- name: Add configuration
|
||||
@ -13,6 +13,6 @@
|
||||
- name: Start and enable service
|
||||
service: name=mysql state=started enabled=yes
|
||||
|
||||
- include: mysql_secure_installation.yml
|
||||
- include_tasks: mysql_secure_installation.yml
|
||||
debug: var=mysql_secure_installation
|
||||
when: mysql_secure_installation and mysql_root_password is defined
|
||||
|
@ -9,10 +9,10 @@
|
||||
when: nginx_user is not defined
|
||||
|
||||
# Setup/install tasks.
|
||||
- include: setup-RedHat.yml
|
||||
- include_tasks: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- include: setup-Debian.yml
|
||||
- include_tasks: setup-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
# Nginx setup.
|
||||
@ -28,4 +28,4 @@
|
||||
- name: Ensure nginx is started and enabled to start at boot.
|
||||
service: name=nginx state=started enabled=yes
|
||||
|
||||
- include: vhosts.yml
|
||||
- include_tasks: vhosts.yml
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- include: base.yml
|
||||
- include_tasks: base.yml
|
||||
- name: Clone bench
|
||||
hosts: all
|
||||
user: "{{ frappe_user }}"
|
||||
|
Loading…
x
Reference in New Issue
Block a user