From e821ba5e3b76aefa94a15b7af87160d83bcc7676 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 10 Oct 2017 12:40:56 +0530 Subject: [PATCH 1/4] [fix] install ansible 2.3.1 --- playbooks/install.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/install.py b/playbooks/install.py index 3986c70a..03bfb8ed 100755 --- a/playbooks/install.py +++ b/playbooks/install.py @@ -61,7 +61,7 @@ def install_bench(args): # Restricting ansible version due to following bug in ansible 2.1 # https://github.com/ansible/ansible-modules-core/issues/3752 success = run_os_command({ - 'pip': "sudo pip install ansible" + 'pip': "sudo pip install ansible==2.3.1" }) if not success: From 0233a4170e353596db3ba06cb8e423f815882d14 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 10 Oct 2017 12:48:39 +0530 Subject: [PATCH 2/4] [fix] install supervisor via role --- bench/commands/install.py | 5 +++++ playbooks/prerequisites/install_prerequisites.yml | 2 -- playbooks/prerequisites/install_roles.yml | 1 + playbooks/prerequisites/roles/supervisor/tasks/main.yml | 8 ++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 playbooks/prerequisites/roles/supervisor/tasks/main.yml diff --git a/bench/commands/install.py b/bench/commands/install.py index e8c031ab..715078ac 100644 --- a/bench/commands/install.py +++ b/bench/commands/install.py @@ -34,6 +34,10 @@ def install_nodejs(): def install_psutil(): run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil') +@click.command('supervisor') +def install_supervisor(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='supervisor') + @click.command('nginx') def install_nginx(): run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx') @@ -47,5 +51,6 @@ install.add_command(install_maridb) install.add_command(install_wkhtmltopdf) install.add_command(install_nodejs) install.add_command(install_psutil) +install.add_command(install_supervisor) install.add_command(install_nginx) install.add_command(install_failtoban) \ No newline at end of file diff --git a/playbooks/prerequisites/install_prerequisites.yml b/playbooks/prerequisites/install_prerequisites.yml index 6fb0a066..93350a0f 100644 --- a/playbooks/prerequisites/install_prerequisites.yml +++ b/playbooks/prerequisites/install_prerequisites.yml @@ -33,7 +33,6 @@ - redis - screen - sudo - - supervisor - tcl-devel - tk-devel - vim @@ -72,7 +71,6 @@ - python-tk - redis-server - screen - - supervisor - vim - xfonts-75dpi - xfonts-base diff --git a/playbooks/prerequisites/install_roles.yml b/playbooks/prerequisites/install_roles.yml index b1d8fa6b..c66b829d 100644 --- a/playbooks/prerequisites/install_roles.yml +++ b/playbooks/prerequisites/install_roles.yml @@ -19,6 +19,7 @@ - { role: wkhtmltopdf, tags: "wkhtmltopdf" } - { role: nodejs, tags: "nodejs" } - { role: psutil, tags: "psutil" } + - { role: supervisor, tags: "supervisor", when: production } - { role: nginx, tags: "nginx", when: production } - { role: fail2ban, tags: "fail2ban" , when: production } tasks: diff --git a/playbooks/prerequisites/roles/supervisor/tasks/main.yml b/playbooks/prerequisites/roles/supervisor/tasks/main.yml new file mode 100644 index 00000000..5926f27d --- /dev/null +++ b/playbooks/prerequisites/roles/supervisor/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Install supervisor on centos + yum: name=supervisor state=present + when: ansible_os_family == 'RedHat' + +- name: Install supervisor on debian + apt: pkg=supervisor state=present force=yes + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' From fc3d1c78c78b97413d63432e59613e590c2103b8 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 10 Oct 2017 13:28:15 +0530 Subject: [PATCH 3/4] [fix] add sudoer permissions after instating nginx and supervisor --- bench/commands/install.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bench/commands/install.py b/bench/commands/install.py index 715078ac..4a9168a8 100644 --- a/bench/commands/install.py +++ b/bench/commands/install.py @@ -1,5 +1,5 @@ import os, sys, json, click -from bench.utils import run_playbook +from bench.utils import run_playbook, setup_sudoers extra_vars = {"production": True} @@ -35,12 +35,18 @@ def install_psutil(): run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil') @click.command('supervisor') -def install_supervisor(): +@click.option('--user') +def install_supervisor(user=None): run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='supervisor') + if user: + setup_sudoers(user) @click.command('nginx') -def install_nginx(): +@click.option('--user') +def install_nginx(user=None): run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx') + if user: + setup_sudoers(user) @click.command('fail2ban') def install_failtoban(): From 2fa3b213f1f7758f6c3b6e5277109544c2f2c9db Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 10 Oct 2017 14:03:30 +0530 Subject: [PATCH 4/4] [fix] setup firewall --- playbooks/production/setup_firewall.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/playbooks/production/setup_firewall.yml b/playbooks/production/setup_firewall.yml index 9b400bdf..2cb59cd4 100755 --- a/playbooks/production/setup_firewall.yml +++ b/playbooks/production/setup_firewall.yml @@ -6,6 +6,7 @@ # For CentOS - name: Enable SELinux selinux: policy=targeted state=permissive + when: ansible_distribution == 'CentOS' - name: Install firewalld yum: name=firewalld state=present @@ -29,7 +30,10 @@ # For Ubuntu / Debian - name: Install ufw - apt: name=ufw state=present + apt: name={{ item }} state=present force=yes + with_items: + - python-selinux + - ufw when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Enable Firewall